Skip to main content
Image coming soon

Reference of choice on cross-functional SLSA reviews

$199.00
Adding to cart… The item has been added

A tailored course, built for your situation

Reference of choice on cross-functional SLSA reviews

Become the practitioner your peers turn to when secure software supply chains demand clarity.

$199 one-time
24-hour access provisioning 30-day money-back guarantee Hand-built implementation playbook
12 modules. 12 chapters per module. 144 chapters total.
12 modules, each with 12 chapters (144 chapters total), text-based, plus downloadable templates and a hand-built implementation playbook delivered alongside course access.
Being seen as just another reviewer instead of the go-to expert on secure software artifacts.

The situation this course is for

Technical contributors often deliver strong work that stays under the radar. Without recognition as a definitive voice on frameworks like SLSA, their input gets diluted in cross-functional discussions, even when they hold the deepest understanding.

Who this is for

Senior individual contributor in a software or platform engineering role focused on security, compliance, or systems architecture within a large tech environment.

Who this is not for

Entry-level engineers, product managers without technical depth, or leaders looking for high-level governance overviews.

What you walk away with

  • Lead SLSA tier assessments with confidence and consistency
  • Build reusable attestation templates aligned to real-world pipeline designs
  • Anticipate pushback on SLSA Level 3+ requirements and respond with precedent
  • Guide cross-functional teams through SLSA gap analysis without deferring to external consultants
  • Establish personal authority as the internal reference on SLSA implementation

The 12 modules (with all 144 chapters)

Module 1. SLSA fundamentals and tier progression
Ground your understanding in the core principles of SLSA, how tiers map to real infrastructure maturity, and where most implementations fail to progress beyond Level 2.
12 chapters in this module
  1. What SLSA solves that other frameworks don’t
  2. The role of provenance in software integrity
  3. Key differences between SLSA Level 1 and 2
  4. Common misconceptions about SLSA signing
  5. How SLSA integrates with CI/CD pipelines
  6. Real-world examples of SLSA Level 1 adoption
  7. Barriers to automated provenance generation
  8. The dependency on reproducible builds
  9. Signing policies across environments
  10. Verifiable build definitions explained
  11. Understanding metadata completeness
  12. Common tooling gaps in early SLSA
Module 2. Attestation design patterns
Develop templates for generating consistent, verifiable attestations across services, with attention to signing authority and metadata structure.
12 chapters in this module
  1. Purpose of attestation objects
  2. Creating DSSE envelopes correctly
  3. Signing keys lifecycle management
  4. Key discovery mechanisms
  5. Timestamping with trusted services
  6. When to chain multiple attestations
  7. Attestation scope definition
  8. Handling multi-team contributions
  9. Signing thresholds and policies
  10. Metadata integrity checks
  11. Schema version control
  12. Tooling support for attestation
Module 3. Provenance generation in practice
Learn how to implement reliable, automated provenance for builds, including toolchain integration and metadata accuracy.
12 chapters in this module
  1. Build configuration traceability
  2. Source integrity verification
  3. Reproducible build requirements
  4. Container image provenance capture
  5. Provenance file structure
  6. Linking source to build platform
  7. Build environment sandboxing
  8. Provenance signing triggers
  9. Integrating with GitOps workflows
  10. Handling third-party dependencies
  11. Provenance validation pre-deploy
  12. Automated remediation paths
Module 4. SLSA Level 3 implementation
Navigate the shift from basic signing to full isolation and reproducibility, including infrastructure and process requirements.
12 chapters in this module
  1. Criteria for SLSA Level 3
  2. Build isolation requirements
  3. Reproducibility across systems
  4. Dedicated build service setup
  5. Code review enforcement
  6. Separation of duties in builds
  7. Verification before signing
  8. Immutable build logs
  9. Access controls for build systems
  10. Audit trail completeness
  11. Toolchain integrity checks
  12. Documentation for Level 3 claims
Module 5. Verification workflows
Design end-to-end verification processes that validate provenance and attestations before deployment or reuse.
12 chapters in this module
  1. Verification policy creation
  2. Trusted timestamp validation
  3. Signature chain validation
  4. Metadata completeness checks
  5. Policy engine integration
  6. Verification in staging environments
  7. Handling failed verifications
  8. Automated rollback triggers
  9. Manual override governance
  10. Cross-team verification teams
  11. Logging verified status
  12. Reporting on verification gaps
Module 6. SLSA and dependency management
Apply SLSA principles to third-party and open-source components, ensuring supply chain confidence across the stack.
12 chapters in this module
  1. SBOM integration with SLSA
  2. Validating upstream attestations
  3. Trusted source registries
  4. Pin-based dependency verification
  5. Vulnerability scanning linkage
  6. Automated SBOM generation
  7. Dependency provenance review
  8. Allowlist enforcement rules
  9. License compliance checks
  10. Transitive dependency risks
  11. Fallback verification paths
  12. Vendor attestation requirements
Module 7. Cross-team SLSA adoption
Lead organizational rollout by aligning engineering, security, and platform teams around phased implementation.
12 chapters in this module
  1. Phased rollout planning
  2. Team-specific SLSA goals
  3. Onboarding template distribution
  4. Internal training materials
  5. SLOs for SLSA compliance
  6. Feedback loops from teams
  7. Common objections and rebuttals
  8. Documentation standardization
  9. Internal audit coordination
  10. Progress reporting dashboards
  11. Leadership update frameworks
  12. Celebrating early wins
Module 8. SLSA in regulated environments
Adapt SLSA practices to meet compliance mandates including auditability and reporting requirements.
12 chapters in this module
  1. Mapping SLSA to SOC 2
  2. NIST CSF alignment points
  3. Evidence for ISO 27001 controls
  4. GDPR software provenance needs
  5. Audit trail retention policies
  6. Regulator-facing documentation
  7. SLSA in financial services
  8. Healthcare software validation
  9. Government software standards
  10. Third-party assessment readiness
  11. Internal control assertions
  12. Compliance automation strategies
Module 9. Tooling ecosystem integration
Select and configure tooling to support full SLSA coverage without creating workflow friction.
12 chapters in this module
  1. Build system compatibility
  2. Sigstore integration options
  3. TUF and Rekor use cases
  4. In-toto with SLSA
  5. CI pipeline modifications
  6. Policy engines: Kyverno and Gatekeeper
  7. Logging and observability setup
  8. Key management solutions
  9. Secrets handling in builds
  10. Automated attestation triggers
  11. Tool interoperability testing
  12. Vendor tool evaluation
Module 10. SLSA gap analysis and remediation
Conduct assessments of existing pipelines and deliver actionable roadmaps for SLSA compliance.
12 chapters in this module
  1. Assessment scope definition
  2. Tier gap identification
  3. Provenance completeness scoring
  4. Signing process audit
  5. Build environment inspection
  6. Dependency validation check
  7. Attestation coverage review
  8. Verification mechanism test
  9. Policy enforcement evaluation
  10. Remediation prioritization
  11. Stakeholder reporting format
  12. Post-remediation validation
Module 11. Advanced SLSA Level 4 strategies
Design for full hermetic, reproducible builds with independent verification.
12 chapters in this module
  1. Hermetic build environments
  2. Reproducibility guarantees
  3. Trusted hardware roots
  4. Independent build verification
  5. Multi-party build consensus
  6. Time-based verification windows
  7. Tamper-proof logs
  8. Hardware-backed key storage
  9. Formal verification integration
  10. Zero-trust build pipelines
  11. Cross-organization validation
  12. Long-term retention planning
Module 12. Establishing personal authority on SLSA
Turn technical mastery into recognized influence through documentation, mentorship, and leadership visibility.
12 chapters in this module
  1. Creating internal playbooks
  2. Presenting at tech forums
  3. Mentoring junior engineers
  4. Publishing internal memos
  5. Leading design reviews
  6. Responding to escalations
  7. Building credibility preemptively
  8. Handling peer challenges
  9. Documenting precedent cases
  10. Influencing architecture boards
  11. Shaping internal policy
  12. Becoming the reference point

How this maps to your situation

  • When onboarding new microservices to SLSA
  • During audit preparation cycles
  • Before third-party software integration
  • After security incident reviews

Before vs. after

Before
Contributing to SLSA discussions without being the default reference.
After
Peers proactively seek your input on SLSA design and compliance, and your frameworks get adopted org-wide.

What's included with your purchase

  • 12 modules with 12 chapters each (144 chapters)
  • Downloadable templates and worked examples for every module
  • Hand-built implementation playbook delivered alongside course access
  • 30-day money-back guarantee

Delivery and format

  • Course and learning environment access provisioned within 24 hours of purchase
  • Hand-built implementation playbook delivered alongside course access

Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.

Time investment: Approximately 2.5 hours per module, designed for technical practitioners balancing production work. Total course time: 30 hours.

If nothing changes
Without deliberate positioning, even strong technical work remains peer-level input rather than leadership influence, missing the opportunity to define standards and shape direction.

How this compares to the alternatives

Unlike generic compliance courses or vendor documentation, this course delivers field-tested implementation patterns, peer-tested rebuttals, and real-world templates designed for practitioners leading actual SLSA adoption, not just passing audits.

Frequently asked

Is this course focused on SLSA specifically?
Yes, every module is deeply grounded in SLSA frameworks, tiers, and implementation patterns.
How is the course structured?
12 modules, each containing 12 chapters (144 chapters total).
Can I use this if I’m not in security?
Absolutely. Platform engineers, build specialists, and senior ICs in regulated software delivery benefit most.
$199 one-time. Approximately 2.5 hours per module, designed for technical practitioners balancing production work. Total course time: 30 hours..

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

30-day money-back guarantee· 144 chapters· Hand-built playbook included· Account access within 24 hours