Friday, May 15, 2026
Hands-On Training Day
Learn from people who do this stuff every day. Whether you're just getting started or looking to go deeper, there's a course for you.
Training Day is the day before the main conference. A separate training ticket is required in addition to conference admission.
“The quality and pricing of your trainings is second to none!”
— 2025 Training Participant
Plan Your Day
Morning and afternoon courses don't overlap. Take a full-day course, or mix and match a morning and afternoon session.
Full Day Courses
9:00 AM - 4:30 PM
IntermediateFull Day$10Hunting Through The SIEM: Turning Logs Into Stories
with Trey Bilbrey & Tyler Casey|9:00 AM - 4:30 PM
Deploy a multi-staged threat via SCYTHE and hunt for it across Splunk. Map activity to MITRE ATT&CK using Sysmon and Windows logs, then test your skills in a custom CTF.
View details
Dive deep into defensive cybersecurity by deploying a multi-staged threat via SCYTHE and hunting for it in Splunk. You'll use Sysmon and Windows logs to gather endpoint data and map detected activities to the MITRE ATT&CK matrix.
The workshop covers creating custom dashboards and queries for threat detection, operationalizing detection rules into alerts, and building practical threat hunting skills. The day wraps up with a custom CTF that puts everything you've learned to the test.
What you'll need
A computer with a compatible web browser.
25 seats available
Tickets available soonIntermediateFull Day$10Wrangling Identity and Access in AWS
with Andrew Krug & Tara Schofield|9:00 AM - 4:30 PM
Navigate IAM in AWS with hands-on sandbox environments. Learn policy grammar, the PARC model, resource policies, permissions boundaries, and guardrails.
View details
Navigate the world of identity and access management in AWS with sandbox environments provided for every participant. You'll work through policy grammar, the PARC model (principal, action, resource, and condition), resource policies, permissions boundaries, and condition keys.
Work hands-on in AWS and leverage open source tools to simulate various identity misconfigurations.
What you'll need
A laptop with a modern web browser and no corporate controls like EDR.
75 seats available
Tickets available soonMorning Session
9:00 AM - 1:00 PM
Intermediate4 Hours$25Breaking AI: Prompt Injection, Data Exfiltration and Practical Defenses That Work
with Pavan Reddy|9:00 AM - 1:00 PM
Hands-on workshop exposing core AI vulnerabilities, from adversarial image attacks to LLM manipulation. Craft real exploits and learn defenses that actually work.
View details
AI systems don't break like software. They fail in silence, misclassify with confidence, and hallucinate under pressure. This workshop exposes core vulnerabilities of modern AI through hands-on exercises.
You'll attack a car dealership chatbot via prompt injection, extract hidden data from RAG workflows, reproduce tool-abuse failures in a sandbox, and craft adversarial examples to force vision model misclassification. Each module pairs attacks with practical defenses: defense prompts, tool schemas, input/output sanitization, injection classifiers, sandboxing, and human approval workflows.
The final session covers governance: threat modeling AI features, running repeatable red teaming, and building policies for tool permissions and data access boundaries.
What you'll need
Basic Python (helpful but not required). Docker is required for the Code Execution module. Laptop with sufficient RAM to run a lightweight container and a browser.
55 seats available
Tickets available soonAdvanced4 Hours$99From Datasheet to .data Section
with RJ Crandall|9:00 AM - 1:00 PM
Red team microcontroller code protection features. Analyze a real-world device, discover a flawed configuration, recover protected flash, and reverse engineer firmware.
View details
This fast-paced workshop teaches you how to red team microcontroller code protection features. You'll analyze a real-world consumer device microcontroller, review the datasheet, discover a flawed configuration, use custom tooling to recover the protected internal flash, and load it into a disassembler to reverse engineer the firmware.
Hardware kits are loaned to participants for the workshop and available for purchase for an additional $120.
What you'll need
A laptop capable of running a 64-bit Intel virtual machine. VM specs: 4GB RAM, 50GB virtual disk, 4 vCPUs, and 2 USB 3.0 (xHCI) ports available concurrently.
20 seats available
Tickets available soonIntermediate4 Hours$10Threat Hunting using MITRE ATT&CK TTPs to Identify Adversarial Behaviors
with Joel Sierra|9:00 AM - 1:00 PM
Assume the role of a security analyst hunting undetected threats on a corporate network using FortiEDR, FortiSIEM, and FortiDeceptor.
View details
Assume the role of a security analyst identifying undetected threats on AcmeCorp's network using the MITRE ATT&CK framework. The challenge is structured around ATT&CK Tactics: Initial Access, Persistence, Privilege Escalation, and Command and Control.
Gain hands-on experience with FortiEDR for threat hunting, FortiSIEM for behavioral analytics, and FortiDeceptor for identifying attacker activity and shortening dwell time.
What you'll need
BYOL (laptop required, second screen recommended). Must pre-register on the Fortinet training platform at training.fortinet.com before the event. Recommended self-paced courses: Introduction to the Threat Landscape, Getting Started in Cybersecurity, and Technical Introduction to Cybersecurity.
25 seats available
Tickets available soonAfternoon Session
1:30 PM - 5:00 PM
Intermediate2 Hours$10Kraken in the Clouds: A Hands-on FaaS Defense Workshop
with Shivam Dhar, Niveadita Razdan & Nimish Sharma|1:30 PM - 3:30 PM
Build a serverless cloud lab, tackle gamified security challenges, and map vulnerabilities to STRIDE and OWASP Serverless Top 10 categories.
View details
Serverless abstracts the infrastructure but not the responsibility. Build a cloud lab using serverless components to design and secure an AI pipeline with LynxLab.
Teams tackle gamified challenges where each Git branch represents a distinct misconfiguration or vulnerability pattern. Identify and validate issues, map them to STRIDE and OWASP Serverless Top 10 categories, and compete on a real-time scoring dashboard. Leave with actionable checklists, attack/defense matrices, and defensive strategies for securing serverless applications.
What you'll need
Laptop with internet connection.
30 seats available
Tickets available soonBeginner3.5 Hours$60Binary Jiu-jitsu: White Belt Fundamentals
with Joshua Connolly|1:30 PM - 5:00 PM
Learn binary exploitation fundamentals through hands-on challenges. Cover computer architecture, Ghidra, GDB, stack-based buffer overflows, and pwntools.
View details
Binary exploitation can feel overwhelming for beginners. This workshop guides you through the fundamentals using a skill-based, hands-on approach inspired by martial arts training.
Cover the essential building blocks for exploiting 64-bit Linux ELF binaries: computer architecture, reverse engineering with Ghidra, debugging with GDB, finding stack-based buffer overflows, and developing custom exploits with pwntools. Earn stripes by completing progressively harder challenges in a live CTFd environment. Top performers can earn a Blue Belt in Binary Jiu-jitsu.
What you'll need
Basic programming concepts.
30 seats available
Tickets available soonIntermediate1 Hour$10Branch of the Future
with Christa McHugh & Jason Czaplewski|4:00 PM - 5:00 PM
Vendor-agnostic walkthrough of network and cybersecurity best practices for branch office architecture, including zero trust, IoT, WiFi, cloud, and AI.
View details
A vendor-agnostic walkthrough of network and cybersecurity design best practices for the modern store or branch office. Learn how to implement and operationalize a zero trust network architecture covering network segmentation, IoT security, WiFi, cloud access, and how to safely leverage AI in a branch environment.
What you'll need
Intermediate understanding of network architecture and general cybersecurity literacy.
100 seats available
Tickets available soonTraining courses require separate registration
Each course has its own ticket. Conference admission is required in addition to your training ticket.