Breaking the Chain: Threat Modelling Supply Chain Risks and Vulnerabilities
Understand hidden risks, anticipate real-world attacks, and strengthen your organization’s resilience through practical, hands-on supply-chain threat modelling. This workshop equips you with the insight and confidence to stop cascading failures before they disrupt your business.
Step into the dojo and master the art of defending what truly matters. Your senseis are Susanne Bitter and Chris Clarkson. Breaking the Chain is a high-impact cybersecurity workshop that uses powerful Japanese martial arts analogies to make supply-chain threat modelling practical, memorable, and engaging. We begin with KIHON, building strong fundamentals by understanding internal and external supply-chain risks and common threat categories. Through KATA, learners map suppliers, systems, data flows, trust boundaries, and critical assets with precision and discipline. With ZANSHIN, you sharpen continuous awareness—identifying threat actors, attack vectors, hidden assumptions, and dangerous dependencies. In BUNKAI, theory comes alive as real-world supply-chain attacks are broken down and applied to your own organization. Finally, KUMITE brings collaborative attack-tree sparring, revealing how one weakness can domino across the chain, before closing with GRADING—clear lessons learned you can take back to work immediately. This workshop equips you with the mindset, skills, and clarity to protect modern, interconnected businesses where supply-chain security is no longer optional, but essential.
AGENDA:
Breaking the Chain: Threat Modelling Supply Chain Risks and Vulnerabilities
Supply Chain Threat Modelling Overview (KIHON)
- Internal vs external supply chain risks
- Common threat categories and examples
Supply Chain Mapping Exercise (KATA)
- Identify key suppliers, systems, and data flows
- Define trust boundaries and critical assets
Threat & Vulnerability Identification (ZANSHIN)
- Threat actors and attack vectors
- Weaknesses, assumptions, and dependencies
Supply Chain Attack Applications (BUNKAI)
- Mapping the Org
Group attack trees breakouts (KUMITE)
- Links and loops, aka How one flaw dominoes…