Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training
Can't find what you are looking for?

Let us help.

Contact us
Resources
SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

CISO Network

Engage, challenge, and network with fellow CISOs in this exclusive community of security leaders

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations
Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk with an expert
Talk with an expert

SEC547: Defending Product Supply Chains

SEC547Cyber Defense
  • 18 Hours (Self-Paced)
Course created by:
Tony Turner
Tony Turner
Register NowCourse Preview
SEC547: Defending Product Supply Chains
Course created by:
Tony Turner
Tony Turner
Register NowCourse Preview
  • 18 CPEs

    Apply your credits to renew your certifications

  • Virtual Live Instruction or Self-Paced

    Train from anywhere. Attend a live instructor-led course remotely or train on your time over 4 months.

  • Intermediate Skill Level

    Course material is geared for cyber security professionals with hands-on experience

  • 13 Hands-On Lab(s)

    Apply what you learn with hands-on exercises and labs

Jump to:

Earn the expertise necessary to mitigate supply chain risks through advanced security strategies and hands-on application of industry-leading assessment techniques.

Featured Quote

I love the level of detail! I value the examples, potential tools, and guidance provided for enhancing security reviews in this process. This information will be instrumental in boosting the productivity of my team and organization.
Liana TorresSavannah River Nuclaer Solutions

Course Overview

The supply chain represents a critical threat vector in today's cybersecurity landscape, with supply chain attacks bypassing traditional perimeter-based controls as organizations unknowingly invite adversaries inside through unvalidated "trusted" technologies. This supply chain risk management training course equips professionals with comprehensive strategies to minimize these risks. The course extensively covers the evolving threat landscape and provides essential defensive skills through 13 custom labs. Students work with industry tools including Dependency Track, CycloneDX, Syft, in-toto, and CSAF VEX standards, while learning to identify and mitigate risks in both hardware and software components. Using a purpose-built Linux environment, the course teaches practical application of supply chain security concepts through real-world scenarios, preparing professionals to implement robust protective measures for their organization's technology acquisitions.

What You'll Learn

  • Implement effective vendor risk assessment strategies
  • Create and analyze software bills of materials (SBOMs)
  • Identify and mitigate hardware supply chain threats
  • Apply software verification and attestation techniques
  • Develop supply chain vulnerability response protocols

Business Takeaways

  • Reduce third-party risk in technology acquisitions
  • Enhance transparency in software dependencies
  • Strengthen hardware verification procedures
  • Improve incident response for supply chain attacks
  • Enable regulatory compliance with emerging requirements
  • Protect organizational reputation and customer trust
  • Develop sustainable supply chain security programs

Meet Your Authors

Tony Turner
Tony Turner

Tony Turner

Certified Instructor Candidate

Tony Turner has reshaped critical infrastructure security by advancing SBOM maturity and Cyber-Informed Engineering, while pioneering adversarial AI simulations and digital twin technologies as VP at Frenos.

Read more about Tony Turner

Course Syllabus

Explore the course syllabus below to view the full range of topics covered in SEC547: Defending Product Supply Chains.

Section 1Vendors and Products

Initially we explore the key concepts of supply chain security and vendor risk assessment methodology. The section establishes a foundation for understanding supply chain attacks through case studies and demonstrates scalable approaches to conducting comprehensive vendor evaluations.

Topics covered

  • Supply chain threat landscape analysis
  • Vendor risk assessment frameworks
  • Risk prioritization methodologies
  • Procurement security requirements
  • Contract security clauses

Labs

  • Threat modeling for supply chain scenarios
  • Vendor documentation security analysis
  • Risk scoring methodology implementation
  • OSINT gathering for vendor assessment
  • Procurement document security review

Section 2HBOM and SBOM

This portion of the course focuses on practical application of software bill of materials (SBOM) management and hardware security verification. Students learn to create, validate, and leverage SBOMs for vulnerability management while developing techniques to identify counterfeit hardware and malicious firmware modifications.

Topics covered

  • SBOM creation and validation
  • Dependency vulnerability analysis
  • Hardware supply chain threats
  • Counterfeit component detection
  • Firmware security assessment

Labs

  • SBOM generation with industry tools
  • CycloneDX and SPDX format analysis
  • Dependency vulnerability assessment
  • Hardware validation techniques
  • Firmware verification methods

Section 3Attestation & Incident Response

Here we address supply chain attestation mechanisms and incident response procedures. The section teaches verification of supply chain artifacts, coordinated vulnerability management, and effective response to supply chain security incidents across hardware and software vectors.

Topics covered

  • Supply Chain Attestations
  • Vulnerability Management & Triage
  • Vulnerability Exchange & Reports
  • Responding to Threats
  • PSIRT

Labs

  • Supply Chain Attestations
  • Interpreting Vulnerability Reports
  • Vulnerability Assessment Simulation

Things You Need To Know

Relevant Job Roles

Infrastructure Support (OPM 521)

NICE: Protection and Defense

Responsible for testing, implementing, deploying, maintaining, and administering infrastructure hardware and software for cybersecurity.

Explore learning path

Incident Response (OPM 531)

NICE: Protection and Defense

Responsible for investigating, analyzing, and responding to network cybersecurity incidents.

Explore learning path

Course Schedule & Pricing

Looking for Group Purchasing Options?Contact Us

OnDemand Bundle

When purchasing a live, instructor-led course, add 4 months of online access. View price in the info icons below.

SANS Skills Quest by NetWars Core Edition

Add 6 months of hands-on skills practice.  Add to your cart when purchasing your course.

Filter by:
  • Location & instructor

    Virtual (OnDemand)

    Instructed by Tony Turner
    Date & Time
    OnDemand (Anytime)Self-Paced, 4 months access
    Course price
    $5,250 USD*Prices exclude applicable local taxes
    Enrollment options
    Self-Paced
  • Location & instructor

    Virtual (live)

    Instructed by Tony Turner
    Date & Time
    Fetching schedule..View event details
    Course price
    $5,250 USD*Prices exclude applicable local taxes
    Enrollment options
    Virtual
Showing 2 of 2

Learn Alongside Leading Cybersecurity Professionals From Around The World

Slide 1 of 0

Benefits of Learning with SANS

Instructor teaching class with code in the background

Get feedback from the world’s best cybersecurity experts and instructors

Learning via laptop

Choose how you want to learn - online, on demand, or at our live in-person training events

Learning via laptop

Get access to our range of industry-leading courses and resources