Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training, Courses, and Resources
Can't find what you are looking for?

Let us help.

Contact us
Community Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely.

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk With an Expert
Talk With an Expert

From Dev to Deployment: Secure Your Supply Chain

Tailored for practitioners and team leaders, discover targeted resources to address the growing challenges of supply chain cybersecurity risks – find exactly what you need to strengthen your security posture against third-party risks.

Jump to:

Supply Chain Attacks Are Evolving – Are You?

245%

Increase in supply chain attacks from 2023-to 2024

79%

of organizations disrupted by third-party breaches last year

$4.7M

Average cost of a supply chain attack in 2024 (USD)

90%

of vendors must provide an SBOM by 2025

Improve Visibility of Supply Chain Risks

Limited visibility into your supply chain ecosystem increases the risk of costly disruptions, delays, and vulnerabilities. Explore related resources:

Building and Scaling SBOM Programs: Navigating the Challenges for Effective Risk Management

Watch

SEC547: Defending Product Supply Chains

Focuses on SBOM driven risk assessments and vendor monitoring to uncover blind spots in your supply chain

Learn More

Fortifying Resilience: An In-Depth Exploration of the Overall Product Security Assessment Poster

Download

SEC568: Product Security Penetration Testing - Safeguarding Supply Chains and Managing Third-Party Risk

Bridge the gap between security and procurement by learning how to test and validate third-party risks.

Learn More

Enhanced Vendor Risk Assessments: Maximizing Risk Reduction and Strengthening Vendor Relations

Watch

LDR553: Cyber Incident Management

Learn to identifying hidden vulnerabilities in software and hardware products.

Learn More

Vendor Risk Assessment Matrix Cheat Sheet

Download

SBOM Maturity and Process Flow Cheat Sheet

Download

Implement Fast and Efficient Supply Chain Attack Response

When your supply chain is under attack, every second matters. A slow or ineffective incident response can lead to costly disruptions and lasting damage. Explore related resources:

Supply Chain Compromises Pt. 1 | The Incident Commander Series Ep. 3

Watch

Supply Chain Compromises Pt. 2 | The Incident Commander Series Ep. 4

Watch

CIMTK: Third-Party/Supply Chain Incident Management Plan Cheat Sheet

Download

LDR553: Cyber Incident Management

Built for incident response — provides structured playbooks and cross-functional coordination for handling supply chain attacks.

Learn More

Supply Chain Security Incident Response: Strategies for Responding to Emerging Threats

Watch

Software Supply Chain Incident Response Cheat Sheet

Download

SEC547: Defending Product Supply Chains

Offers hands-on labs for detecting threats from third parties and mitigating supply chain-specific attacks.

Learn More

Advance Your Career with a Graduate Certificate in Software Supply Chain Security

SANS Technology Institute | Applications Accepted Monthly Protect your organization from emerging software supply chain threats. The SANS.edu Graduate Certificate in Software Supply Chain Security delivers real-world, expert-led training and four GIAC certifications. Available 100% online and designed for working professionals who want to upgrade their skills in this fast-evolving area of cybersecurity. 

Explore the SANS.edu Program

Strengthen Your Weakest Links: Optimize Vendor Risk Assessments

Your security is only as strong as your least secure vendor. Transform fragmented assessments into a systematic strategy that scales with your business. Explore related resources:

SEC547: Defending Product Supply Chains

Focuses on scalable vendor risk methodologies and continuous monitoring beyond onboarding.

Learn More

Vendor Risk Assessment Matrix Cheat Sheet

Download

SEC568: Product Security Penetration Testing - Safeguarding Supply Chains and Managing Third-Party Risk

Bridge the gap between security and procurement by learning how to test and validate third-party risks

Learn More

Building and Scaling SBOM Programs: Navigating the Challenges for Effective Risk Management

Watch

Enhanced Vendor Risk Assessments: Maximizing Risk Reduction and Strengthening Vendor Relations

Watch

Fortifying Resilience: An In-Depth Exploration of the Overall Product Security Assessment Poster

Download

Maximize Your Security Impact: Defend Supply Chains with Limited Resources

Even with constrained budgets and teams, you can reduce third-party risk. Explore practical tools and strategies to help you do more with what you have:

SEC568: Product Security Penetration Testing - Safeguarding Supply Chains and Managing Third-Party Risk

Learn processes and hands-on techniques to test supply chain software and hardware.

Learn More

Combating Supply Chain Attacks with Product Security Testing

Watch

SEC547: Defending Product Supply Chains

Offers hands-on labs for detecting threats from third parties and mitigating supply chain-specific attacks.

Learn More

SBOM Maturity and Process Flow Cheat Sheet

Download

LDR553: Cyber Incident Management

Helps security leaders build more coordinated and efficient response efforts, improving team capability despite staffing or budget constraints.

Learn More

What Hacking the Planet Taught Us About Defending Supply Chain Attacks

Watch

Seek Out New Protocols, and Boldly Hack Undetected

Watch

Fortifying Resilience: An In-Depth Exploration of the Overall Product Security Assessment Poster

Download

Navigate Compliance with Confidence: Meet Evolving Regulatory Demands

As standards evolve and regulatory demands increase, staying compliant can feel overwhelming. Explore related resources to help you navigate complexity, meet requirements with confidence, and protect your organization from compliance gaps.

SEC547: Defending Product Supply Chains

Explores how to meet SBOM-related regulatory requirements and build defensible compliance practices.

Learn More

Navigating DORA and NIS2 Compliance for Financial Sector Organizations in the EU

Watch

LDR553: Cyber Incident Management

Prepares leaders to respond effectively to overlapping mandates and lead compliant incident response efforts.

Learn More

Building and Scaling SBOM Programs: Navigating the Challenges for Effective Risk Management

Watch

SBOM Maturity and Process Flow Cheat Sheet

Download

Overall Product Security Assessment Poster

Download

Prepare for the Inevitable: Master Supply Chain Incident Response with Chain-Specific Playbooks

A supply chain breach is inevitable; your response doesn’t have to be improvised. Learn how to create chain-specific playbooks and explore other related resources:

SANS Emerging Threats Summit

Watch

SEC547: Defending Product Supply Chains

Learn how to detect and respond to threats originating from vendors or software dependencies.

Learn More

Software Supply Chain Incident Response Cheat Sheet

Supply Chain Security Incident Response: Strategies for Responding to Emerging Threats

Download

3CX Supply Chain Attack - What You Need to Know!

Watch

LDR553: Cyber Incident Management

Develop dedicated playbooks for third-party and supply chain compromise response.

Learn More

CIMTK: Third-Party/Supply Chain Incident Management Plan Cheat Sheet

Download