Since 2023, we’ve been exploring the field of software supply chain security. Having worked across Dev, Ops, and Sec, it was quickly apparent to me that this is not just a code problem.
The supply chain is not a vertical - it’s a horizontal field that cuts through multiple layers: from developer workstations to code repos, CI/CD, containers, and cloud. Each layer introduces risks that attackers can exploit with deceptively simple techniques, while defenders face challenges in detection and response.
We designed this defense-focused course for Dev, Ops, and Product Security teams. You’ll learn:
- How attacks play out in practice
- How to build detection and prevention logic
- Why there’s no one-size-fits-all defense, and how to create a framework tailored to your org
- Ways to handle organizational dynamics, secure buy-in from leadership, and demonstrate ROI
Join us in Bahrain this November to strengthen your defenses where it matters most.
https://training.defcon.org/collections/arab-cybersecurity-2025/products/cyfinoid-research-defending-against-software-supply-chain-attacks-dctac2025
cc: Cyfinoid Research Sunil Yadav DEF CON Training