Third party vendor supply-chain attacks have come to the forefront of cybersecurity conversations as the SolarWinds (and beyond?) breach has permeated our nation’s critical computing infrastructure, not to mention numerous trusted vendors that used SolarWinds. Hardening systems against well-funded advanced persistent threats (APTs) that are not only stealthy, but also craft their own zero-day exploits and embed trojans in trusted third-party software, is a daunting task. By taking a structured approach to layered controls, organizations can minimize the impact of trusted vendor supply-chain attacks. Join Josh Schmidt, lead penetration test assessor for BPM, as he outlines the problem and possible approaches to mitigate this ever-present threat.