3-Day Instructor-Led Programme
A practitioner programme covering the detection, assessment, and management of nation-state supply chain threats targeting software, hardware, and trusted vendor access channels. Develop the skills to build a vendor security assessment programme, generate and analyse Software Bills of Materials, apply NIS2 supply chain obligations, and respond to a supply chain compromise without disrupting operations.
Duration
3 Days
Price
$3,492
State-aligned actors pre-position inside software supply chains during periods of relative geopolitical calm, waiting for the strategic moment to activate embedded capabilities. SolarWinds, XZ Utils, and dozens of smaller incidents have demonstrated that trusted software and legitimate vendor access are now primary attack vectors for nation-state actors. Healthcare, manufacturing, defence supply chains, and financial services face the highest exposure. Over three mentor-led days, participants assess and score third-party cyber risk in a nation-state threat context, identify supply chain implant indicators in software and hardware, design a vendor security assessment programme aligned to NIS2 and NCSC CAF, apply software composition analysis tooling to identify supply chain vulnerabilities, generate and interpret Software Bills of Materials, and develop response procedures for supply chain compromise situations. The programme concludes with a capstone supply chain compromise investigation: participants receive a simulated compromise scenario, identify the scope, execute containment without disrupting operations, and produce a NIS2-compliant regulatory notification. This course is aligned with NIS2 ICT third-party risk obligations, NCSC supply chain guidance, SBOM standards including SPDX and CycloneDX, and software composition analysis industry practice.
Software composition analysis tool practical, SBOM generation and analysis exercise, vendor risk scoring workshop, and a full supply chain compromise investigation and regulatory notification capstone
Practitioner-led analysis of SolarWinds and XZ Utils attack anatomy, NIS2 supply chain compliance mapping, and vendor security questionnaire design with live commentary on current supply chain threat intelligence
Third-party risk assessment methodology, SBOM generation and analysis, NIS2 supply chain compliance, software composition analysis, and supply chain compromise investigation and response.
Assess and score third-party cyber risk in the context of nation-state supply chain targeting methodologies.
Identify supply chain implant indicators in software, hardware, and vendor access telemetry.
Design a vendor security assessment programme aligned to NIS2 and NCSC CAF requirements.
Generate and analyse a Software Bill of Materials for an application or dependency set.
Integrate software composition analysis into CI/CD pipelines for continuous supply chain security.
Respond to a supply chain compromise: scope identification, containment, and regulatory notification production.
Implement NIS2 ICT third-party risk obligations within a practical vendor security programme.
Professional experience in procurement, vendor management, software security, or third-party risk management.
Basic understanding of software development lifecycle concepts and network security fundamentals.
Familiarity with regulatory compliance concepts in a technology or business risk management context.
Step-by-step learning journey from basics to professional practice
Master these in-demand skills through hands-on practice
A clear view of the roles this programme supports, what typically comes next, and where learners progress over time
Choose the learning format that works best for you and your team
Instructor-Led Training
Join live instructor-led sessions from anywhere. Interactive, engaging, and flexible.
Price per person
Group enrolments and early planning options available.
All prices are exclusive of VAT where applicable. Group enrolments and custom packages available on request.
Not everyone learns best in a group. If you want focused guidance, faster clarity, and confidence you can use on the job, our 1-to-1 Fast-Track Training gives you private, mentor-led support tailored to your experience and goals.
"Many learners choose 1-to-1 when they want understanding, not memorisation."
Everything you need to know about the certification exams
You will receive an Xcademia certificate of completion based on participation and successful completion of labs and scenario simulations.
Everything you need to know about this course
Procurement leads, third-party risk managers, vendor security teams, software security engineers, and IT directors responsible for supply chain security and ICT vendor risk management.
Take the next step in your professional development