Sabotage by Design: Detecting Espionage and Violations in Outsourced Supply Chains - Purdue University Global WiCyS Chapter Trainers / Wilson Key Computer Technology Trainer - DCTLV2026

Name of Training: Sabotage by Design: Detecting Espionage and Violations in Outsourced Supply Chains
Trainer(s): Purdue University Global WiCyS Chapter Trainers / Wilson Key Computer Technology Trainer
Dates: August 10-11, 2026
Time: 8:00 am to 5:00 pm 
Venue: Las Vegas Convention Center
Cost: $2,500 (USD)

Short Summary:

What if your vendor’s incompetence is actually tradecraft? This course teaches you how to detect when training is intentionally withheld, and workflows are sabotaged to force regulatory violations, exposing how actors compromise supply chains through "weaponized HR" and process gaps.

Course Description:

In the world of defense contracting and global supply chains, we often look for malware or network intrusions. But the quietest way to compromise data is to ensure the people handling it don't know what they are doing. This course explores the "Gray Zone" of corporate espionage, in which sabotage masquerades as poor management.

Drawing on real-world case studies from major technology and localization vendors, students will learn to identify the signatures of "Intentional Capability Degradation." We will cover how hostile actors within an organization can withhold training, manipulate access controls, and weaponize "learning curves" to create plausible deniability for data exfiltration. You will leave with a framework for auditing your vendors, not only for technical compliance but also for operational integrity and counterintelligence risks.

Course Outline: 

Day 1: The Landscape of Process Sabotage

• ITAR & EAR 101: The data they want and why they want it.
• The "Broken Worker" Theory: Distinguishing between laziness, incompetence, and malicious sabotage.
• Case Study: The "Lion's Share" of Leaks – analyzing a localization vendor workflow breakdown.
• Indicators of Compromise (IoC) in HR and Training: Detecting when training is systematically withheld to cause failure.
  

Day 2: Auditing & Counter-Measures

• Forensic Auditing of "Access Denied": Tracking who was denied tools/training and when.
• Simulation: The Mole Hunt. Students review a set of employee logs and training records to find the saboteur.
• Legal & Compliance Traps: Whistleblowing when the system is rigged (Navigating HR and Legal roadblocks).
• Building a "Sabotage-Resistant" Training Program: Governance frameworks that force competency verification.
  

Difficulty Level:

Intermediate - The student has education and some experience in the field and familiarity with the topic being presented. The student has foundational knowledge that the course will leverage to provide practical skills on the topic.

Suggested Prerequisites:

• Basic understanding of corporate IT structures.
• Familiarity with compliance concepts (GDPR, ITAR, HIPAA) is helpful but not required.
• An interest in "Human Intelligence" (HUMINT) and non-technical hacking.
  

What Students Should Bring:

• Laptop (Windows/Mac/Linux) capable of reading PDF case files and accessing web-based simulation tools.

What the Trainer Will Provide:

• Digital workbook containing anonymized case studies.
• "Red Flag" Audit Checklist for Vendor Management.
• Sample violation reporting templates.

Trainer(s) Bio:

Kathryn Wilson is a Senior Systems Analyst and Cybersecurity specialist with extensive experience in .NET integration and network security monitoring. Currently pursuing a Master’s in Cybersecurity Management, Kathryn has spent years on the front lines of corporate IT, witnessing firsthand how security policies fail when human processes are compromised. With a background analyzing complex systems for major manufacturers, Kathryn specializes in the intersection of technical compliance and human-vector threats, focusing specifically on how operational gaps are exploited for data exfiltration.

Registration Terms and Conditions: 

Trainings are refundable before July 11, 2026, minus a non-refundable processing fee of $250.

Between July 11, 2026 and August 5, 2026 partial refunds will be granted, equal to 50% of the course fee minus a processing fee of $250.

All trainings are non-refundable after August 5, 2026.

Training tickets may be transferred to another student. Please email us at training@defcon.org for specifics.

If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).

Failure to attend the training without prior written notification will be considered a no-show. No refund will be given.

DEF CON Training may share student contact information, including names and emails, with the course instructor(s) to facilitate sharing of pre-work and course instructions. Instructors are required to safeguard this information and provide appropriate protection so that it is kept private. Instructors may not use student information outside the delivery of this course without the permission of the student.

By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.

Several breaks will be included throughout the day. Please note that food is not included.

All courses come with a certificate of completion, contingent upon attendance at all course sessions. Some courses offer an option to upgrade to a certificate of proficiency, which requires an additional purchase and sufficient performance on an end-of-course evaluation.