Skip to main content
Image coming soon

Influence in SLSA Framework Decisions Across Engineering Teams

$199.00
Adding to cart… The item has been added

A tailored course, built for your situation

Influence in SLSA Framework Decisions Across Engineering Teams

Establish authority in software supply chain governance through structured SLSA implementation

$199 one-time
24-hour access provisioning 30-day money-back guarantee Hand-built implementation playbook
12 modules. 12 chapters per module. 144 chapters total.
12 modules, each with 12 chapters (144 chapters total), text-based, plus downloadable templates and a hand-built implementation playbook delivered alongside course access.

Who this is for

Senior IC in engineering or platform governance at a tech-first organisation, involved in secure software delivery and cross-team alignment on standards.

Who this is not for

This course is not for entry-level engineers, auditors focused solely on checkbox compliance, or managers seeking high-level overviews without technical depth.

What you walk away with

  • Lead internal SLSA adoption with documented implementation playbooks
  • Shape vendor selection criteria based on SLSA tier alignment
  • Earn peer recognition as the go-to practitioner in supply chain integrity
  • Drive consensus on SLSA tier assignments across engineering pods
  • Navigate trade-offs between delivery speed and compliance rigor with framework-backed reasoning

The 12 modules (with all 144 chapters)

Module 1. SLSA Foundations in Modern Software Delivery
Understand the evolution of software supply chain security and how SLSA addresses specific gaps in provenance and integrity verification.
12 chapters in this module
  1. Origins of SLSA
  2. Key stakeholders in adoption
  3. From CI/CD logs to attestations
  4. Core principles of tiered security
  5. Provenance definition and scope
  6. Build vs buy considerations
  7. Mapping SLSA to internal workflows
  8. Tier 0 realities in practice
  9. Common misinterpretations
  10. Vendor claims vs framework truth
  11. Audit readiness signals
  12. First artefact to validate
Module 2. Tier 1 Implementation Pathways
Deploy verifiable builds with basic integrity guarantees, focusing on toolchain integration and minimal process lift.
12 chapters in this module
  1. Defining a repeatable build
  2. Source repository tagging
  3. Build platform requirements
  4. Logging and retention
  5. Attestation format basics
  6. Signing key management
  7. Verification pipeline setup
  8. Common toolchain conflicts
  9. Team onboarding strategy
  10. Measuring Tier 1 completion
  11. Handling exceptions
  12. Documentation standards
Module 3. Achieving Tier 2 with Isolated Builds
Implement isolated, reproducible builds that resist tampering and support cross-team verification.
12 chapters in this module
  1. Build isolation requirements
  2. Container security basics
  3. Reproducibility thresholds
  4. Time window constraints
  5. Worker node hardening
  6. Network controls
  7. Artifact signing automation
  8. Verification at scale
  9. Cloud provider considerations
  10. Cost vs security balance
  11. Rollback safety
  12. Peer review checklist
Module 4. Tier 3 High Integrity Builds
Secure build processes against insider threats and ensure long-term verifiability across organisational changes.
12 chapters in this module
  1. Long-term key rotation
  2. Multi-party approval workflows
  3. Build entry point protection
  4. Threat model assumptions
  5. Immutable logs integration
  6. Timestamp authority use
  7. Build reproducibility audits
  8. Access control depth
  9. Monitoring for drift
  10. Vendor input validation
  11. Incident response linkage
  12. Cross-team escalation paths
Module 5. Tier 4 Fully Reproducible Builds
Achieve the highest level of assurance through deterministic builds and distributed verification.
12 chapters in this module
  1. Deterministic build design
  2. Source code normalisation
  3. Toolchain version pinning
  4. Environment standardisation
  5. Distributed rebuild networks
  6. Verification threshold settings
  7. Dispute resolution process
  8. Long-term preservation
  9. Legal evidentiary weight
  10. Public verification options
  11. Organisational readiness
  12. Roadmap to Tier 4
Module 6. SLSA in Vendor Evaluation
Use SLSA tiers as a lens to assess third-party software and managed service providers.
12 chapters in this module
  1. Vendor attestation requirements
  2. Tier alignment assessment
  3. Gap identification methodology
  4. Negotiation leverage points
  5. Minimum viable attestation
  6. Third-party audit rights
  7. Contractual integration
  8. Risk rating integration
  9. Shadow IT detection
  10. Procurement workflow hooks
  11. Compliance cost allocation
  12. Exit strategy considerations
Module 7. Cross-Functional Alignment
Secure buy-in from engineering, security, and product teams on SLSA implementation priorities.
12 chapters in this module
  1. Stakeholder mapping
  2. Language translation between roles
  3. Timeline negotiation
  4. Risk communication framework
  5. Incentive alignment
  6. Pilot team selection
  7. Feedback loop design
  8. Escalation protocols
  9. Metrics that matter
  10. Progress reporting rhythm
  11. Conflict resolution templates
  12. Celebrating milestones
Module 8. Policy Mapping to SLSA Controls
Align internal security policies and compliance requirements with SLSA framework objectives.
12 chapters in this module
  1. SOC 2 control mapping
  2. ISO 27001 alignment
  3. NIST CSF intersections
  4. Internal audit integration
  5. Policy exception handling
  6. Evidence collection automation
  7. Control ownership assignment
  8. Review cycle synchronisation
  9. Regulatory correspondence
  10. Gap remediation tracking
  11. Framework substitution logic
  12. Executive summary templates
Module 9. Automation and Tooling Integration
Embed SLSA verification into CI/CD pipelines and monitoring systems.
12 chapters in this module
  1. CI/CD gate design
  2. Attestation generation tools
  3. Signing infrastructure
  4. Verification as a service
  5. Pipeline break conditions
  6. Error handling patterns
  7. Toolchain compatibility
  8. Open source vs commercial
  9. Integration testing
  10. Performance impact
  11. Alerting on non-compliance
  12. Version upgrade planning
Module 10. Incident Response and SLSA
Leverage attestation data during security incidents to accelerate root cause analysis.
12 chapters in this module
  1. Attestation in forensic analysis
  2. Build integrity checks
  3. Time window verification
  4. Reproducibility for validation
  5. Threat actor detection
  6. Compromise assessment
  7. Recovery playbook integration
  8. Legal chain of custody
  9. Third-party review access
  10. Disclosure coordination
  11. Lessons learned update
  12. Framework adaptation
Module 11. SLSA and Regulatory Expectations
Anticipate how regulators may use SLSA as a benchmark for software integrity in future audits.
12 chapters in this module
  1. DORA implications
  2. NIS2 alignment
  3. GDPR software provenance
  4. CCPA data handling
  5. Financial services mandates
  6. Healthcare software rules
  7. Government procurement
  8. Regulator familiarity trends
  9. Voluntary disclosure value
  10. Public trust signals
  11. Future-proofing strategy
  12. Industry benchmarking
Module 12. Leading SLSA Maturity in Your Organisation
Drive long-term adoption and cultural ownership of supply chain security practices.
12 chapters in this module
  1. Maturity assessment model
  2. Internal champion network
  3. Training program design
  4. Success story collection
  5. Executive communication
  6. Budget justification
  7. Tooling investment cases
  8. External recognition
  9. Conference participation
  10. Open source contribution
  11. Roadmap ownership
  12. Legacy system transition

How this maps to your situation

  • When defining internal SLSA adoption roadmap
  • During vendor security assessments
  • Prior to compliance audit cycles
  • After incident requiring build verification

Before vs. after

Before
SLSA is discussed in abstract terms, with unclear ownership and inconsistent implementation across teams.
After
You lead structured adoption with peer-recognised expertise, shaping decisions on tooling, vendor selection, and compliance alignment.

What's included with your purchase

  • 12 modules with 12 chapters each (144 chapters)
  • Downloadable templates and worked examples for every module
  • Hand-built implementation playbook delivered alongside course access
  • 30-day money-back guarantee

Delivery and format

  • Course and learning environment access provisioned within 24 hours of purchase
  • Hand-built implementation playbook delivered alongside course access

Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.

Time investment: Approximately 45, 60 minutes per module, designed for just-in-time learning during active projects.

If nothing changes
Without structured grounding in SLSA, influence in software supply chain decisions defaults to those with loudest voices, not deepest understanding.

How this compares to the alternatives

Unlike generic security courses, this program focuses specifically on SLSA implementation in real engineering environments, with templates and playbooks you can apply immediately.

Frequently asked

Who is this course for?
Senior engineers, platform leads, and security practitioners involved in software supply chain governance and cross-team standards adoption.
How is the course structured?
12 modules, each containing 12 chapters (144 chapters total).
Does the course cover SBOM and NIST SSDF?
While focused on SLSA, the course shows how it integrates with SBOM practices and aligns with NIST SSDF objectives.
$199 one-time. Approximately 45, 60 minutes per module, designed for just-in-time learning during active projects..

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

30-day money-back guarantee· 144 chapters· Hand-built playbook included· Account access within 24 hours