Training | BSides Tampa 2026

$10–99per course

“The quality and pricing of your trainings is second to none!”
— 2025 Training Participant

Full Day Courses

9:00 AM - 5:00 PM

Introduction/EntryFull DayThreat HuntingSIEM

$10

Hunting Through The SIEM: Turning Logs Into Stories

Trey Bilbrey & Tyler Casey9:00 AM - 5:00 PMRoom 3704

Join our immersive full-day workshop where you'll dive deep into defensive cybersecurity by deploying a multi-staged threat via SCYTHE, and hunting for it across the SIEM! This hands-on experience will guide you through the intricacies of using enterprise tooling, such as Splunk (SIEM), to hunt for and identify malicious activity.

Sold out

View details

Join our immersive full-day workshop where you'll dive deep into defensive cybersecurity by deploying a multi-staged threat via SCYTHE, and hunting for it across the SIEM! This hands-on experience will guide you through the intricacies of using enterprise tooling, such as Splunk (SIEM), to hunt for and identify malicious activity.

You'll learn to map these activities to the MITRE ATT&CK matrix by using Sysmon and Windows logs to gather crucial endpoint data, gain practical skills in threat detection and incident response, and enhance your ability to protect against sophisticated cyber threats.

We will round out this workshop with a Custom CTF that will put your Threat hunting skills to the test!

What you will walk away with:

Techniques for correlating detected activities to specific ATT&CK techniques.
Hands-on skills in deploying multi-staged threats.
Ability to analyze endpoint logs in a SIEM to uncover malicious activities.
Creating and using custom dashboards and queries for thxqreat detection.
Ability to operationalize detection rules into alerts and queries.

What you'll need

Just a computer with a compatible web browser.
Your appetite to learn.

Sold out

Mid-RangeFull DayCloud Security

$10

Wrangling Identity and Access in AWS

Andrew Krug & Tara Schofield9:00 AM - 5:00 PMRoom 3705

In this full day training learners will navigate the world of identity and access management in the AWS. Sandbox environments will provided for every learner as we navigate policy grammar and becoming familiar with the PARC model (principal, action, resource, and condition), resource policies, permissions boundaries, and introduce guardrails like condition keys. Learners will be hands on in AWS and leveraging open source tools to simulate various identity misconfigurations.

Sold out

View details

In this full day training learners will navigate the world of identity and access management in the AWS. Sandbox environments will provided for every learner as we navigate policy grammar and becoming familiar with the PARC model (principal, action, resource, and condition), resource policies, permissions boundaries, and introduce guardrails like condition keys. Learners will be hands on in AWS and leveraging open source tools to simulate various identity misconfigurations.

What you'll need

A laptop with a modern web browser and no corporate controls like EDR or always-on VPN.

Sold out

Mid-RangeFull DayCertification Prep

$35

One‑Day CISSP Exam Review Course

Peter Bagley9:00 AM - 5:00 PMRoom 3711

A fast-paced, high-impact CISSP review designed to reinforce core concepts across all eight domains of the (ISC)² CISSP Common Body of Knowledge (CBK). This course focuses on exam-relevant topics, test-taking strategies, and memory techniques to maximize exam readiness.

Sold out

View details

A fast-paced, high-impact CISSP review designed to reinforce core concepts across all eight domains of the (ISC)² CISSP Common Body of Knowledge (CBK). This course focuses on exam-relevant topics, test-taking strategies, and memory techniques to maximize exam readiness.

Review the Domains

Security and Risk Management
Asset Security
Security Architecture and Engineering
Communication and Network Security
Identity and Access Management (IAM)
Security Assessment and Testing
Security Operations
Software Development Security

What you'll need

Must have a strong grasp of cybersecurity and be currently preparing for the CISSP Exam. This will be a high-level course, but it will be very informative.

Sold out

Morning Session

9:00 AM - 1:00 PM

Introduction/Entry3.5 HoursBinary Exploitation

$60

Binary Jiu-jitsu: White Belt Fundamentals

Joshua Connolly9:00 AM - 12:30 PMRoom 3708

Binary exploitation can feel overwhelming for beginners. With so many tools, techniques, and architectures to learn, it’s easy to get lost without a structured path. Binary Jiu-Jitsu is designed to guide students through the fundamentals of binary exploitation using a skill-based, hands-on approach inspired by martial arts training.

Sold out

View details

Binary exploitation can feel overwhelming for beginners. With so many tools, techniques, and architectures to learn, it’s easy to get lost without a structured path. Binary Jiu-Jitsu is designed to guide students through the fundamentals of binary exploitation using a skill-based, hands-on approach inspired by martial arts training.

In this workshop, we’ll cover the essential building blocks for exploiting simple 64-bit Linux ELF binaries. Attendees will learn the fundamentals of computer architecture, reverse engineering with Ghidra, debugging with GDB, finding stack-based buffer overflows, and developing custom exploits using pwntools.

Throughout the session, participants earn “stripes” by completing progressively harder hands-on challenges in a live CTFd environment. By the end, students will have the knowledge — and practical skills — to identify vulnerabilities, write working exploits, and pop their first shell.

Students will earn belts to represent their skill level. The end of training CTF will test the student's newly acquired abilities, and if they do well enough, they can be awarded a Blue Belt in Binary Jiujitsu.

What you'll need

Basic programming concepts help

Sold out

Introduction/Entry4 HoursAI/ML Security

$10

Breaking AI: Prompt Injection, Data Exfiltration and Practical Defenses That Work

Pavan Reddy9:00 AM - 1:00 PMRoom 3707

AI systems don’t break like software, they fail in silence, misclassify with confidence, and hallucinate under pressure. This 4-hour hands-on workshop exposes the core vulnerabilities of modern AI, from adversarial image attacks to LLM manipulation. The focus is practical: how do these attacks work, how can you launch them, and what can actually stop them?

Sold out

View details

AI systems don’t break like software, they fail in silence, misclassify with confidence, and hallucinate under pressure. This 4-hour hands-on workshop exposes the core vulnerabilities of modern AI, from adversarial image attacks to LLM manipulation. The focus is practical: how do these attacks work, how can you launch them, and what can actually stop them?

OUTLINE: Introduction (20 minutes). We start by defining what “AI vulnerabilities” actually look like in deployed products: not model weights getting hacked, but authority boundaries getting blurred between prompts, tools, retrieval, and privileged actions. Participants learn a practical threat model for LLM apps, including the difference between direct prompt injection, indirect prompt injection via untrusted content, and tool/agent abuse. The goal is to set a shared language for the rest of the workshop and make it clear why accuracy and safety guardrails don’t equal security.

What AI vulnerabilities look like (55 minutes). Participants will be given a car dealership website with a chatbot connected to an internal database and a few business tools (inventory, pricing, lead notes) inside an isolated sandbox. Using only prompts, you’ll induce the assistant to perform unauthorized or unintended actions, showing how “friendly chat” becomes a control plane when the model has tool access. We then implement and test defenses side-by-side: stronger defense prompts, strict tool schemas, input/output sanitization, injection classifiers/policy gates, and confirmation workflows for high-impact operations.

AI Data Exfiltration (55 minutes). Participants will use prompt injection patterns to extract data the model should not reveal, across two scenarios: a professor’s assignment website with hidden instructions that you paste into the LLM, and a malicious document designed to poison the model’s behavior during summarization or retrieval. We show how these “indirect prompt injections” work in real RAG-like workflows and why naïve filtering fails. This module includes a short demo and case study of EchoLeak (CVE-2025-32711) to illustrate how production copilots can be driven into disclosing sensitive content when untrusted inputs are treated as instructions.

Model Theft (50 minutes). This module shows how diffusion models can be copied in practice without retraining them from scratch. Participants will see how model cloning works, why it matters, and how output watermarking affects the quality and usefulness of cloned systems in real time. In the lab, they will generate images and compare behavior across protected and unprotected setups, but they will not train a model themselves, since full diffusion training is too costly for the workshop. The goal is to make model theft concrete and to show which defenses meaningfully raise the cost of copying.

Governance (30 minutes). The final section zooms out to the organizational system: how to threat model AI features, define security requirements for LLM/RAG/agent integrations, and run repeatable red teaming without chaos. We cover disclosure and incident response considerations unique to AI apps (prompt logs, tool audit trails, sensitive retrieval traces) and how to measure resilience over time with benchmarks instead of anecdotes. Participants leave with a governance blueprint: policies for tool permissions, data access boundaries, evaluation gates before release, and a practical checklist for third-party model risk.

What you'll need

Basic Python (not required but helps) Docker (Is required for the Code Execution Module) Laptop with sufficient RAM that can run a lightweight container and a browser without lags. Their curiosity (this tutorial will be very interesting)

Sold out

Mid-Range4 HoursThreat Hunting

$10

Threat Hunting using MITRE ATT&CK™ TTPs to Identify Adversarial Behaviors

Joel Sierra9:00 AM - 1:00 PMRoom 3709

Participants will assume the role of a security analyst and be asked to identify any undetected threats on AcmeCorp's network.

Sold out

View details

Participants will assume the role of a security analyst and be asked to identify any undetected threats on AcmeCorp's network.

To do this they will make use of MITRE ATT&CK™, which is a knowledge base of adversary behavior based on real-world observations.

The challenge is set up with several exercises set around the technical goals the adversary is trying to achieve (ATT&CK™ Tactics), for example:

Initial Access
Persistence
Privilege Escalation
Command and Control

Participants will be asked to detect any techniques being used by an adversary to achieve these goals.

Participants will gain hands-on experience developing and understanding the analytics needed to discover the techniques used by adversaries during a cyber security breach.

Participants who attend this workshop will learn how to:

What is the MITRE ATT&CK framework and how it can be used
What are the TTPs that threat Actor’s use to carry out a breach
Use FortiEDR Threat Hunting capabilities to uncover threats on the network
Use FortiSIEM analytics to discovery attacker behavior based on attack techniques
Use FortiDecepter to find attacker activity and shorten attacker dwell time

What you'll need

Must bring your own laptop (BYOL). This is a hands-on lab -- a laptop is required. A second screen is recommended.
Must pre-register on the Fortinet training & hands-on lab platform in advance: training.fortinet.com
Highly recommended -- complete these self-paced courses before the event:

Sold out

Afternoon Session

1:30 PM - 5:00 PM

Mid-Range4 HoursHardware Security

$99

From Datasheet to .data Section

RJ Crandall1:00 PM - 5:00 PMRoom 3708

This fast-paced workshop teaches you how to red team microcontroller code protection features. You will analyze a real-world consumer device microcontroller, review the datasheet, discover a flawed configuration, use custom tooling to recover the protected internal flash, and load it into a disassembler to reverse engineer.

Sold out

View details

This fast-paced workshop teaches you how to red team microcontroller code protection features. You will analyze a real-world consumer device microcontroller, review the datasheet, discover a flawed configuration, use custom tooling to recover the protected internal flash, and load it into a disassembler to reverse engineer.

Hardware kits will be loaned to participants for the workshop. They will be available for purchase for an additional fee of $120.

Full Workshop Description: https://www.assemblytechsecurity.com/trainings/from-datasheet-to-data-section

What you'll need

A laptop capable of running a 64-bit Intel virtual machine. VM specs: 4GB RAM, 50GB virtual disk, 4 vCPUs, and 2 USB 3.0 (xHCI) ports available concurrently. An Apple Silicon laptop is also a supported solution, but requires manual setup of tools on the host. Please come to the training with the lab environment already set up to maximize your learning experience.

System Requirements and Prerequisites: Google Drive Link

Sold out

Introduction/Entry2 HoursCloud SecurityServerless

$10

Kraken in the Clouds: A Hands on FaaS Defense Workshop

Shivam Dhar, Nimish Sharma & Niveadita Razdan1:30 PM - 3:30 PMRoom 3707

While serverless abstracts the underlying infrastructure, it doesn’t reduce responsibility. In highly dynamic, event-driven cloud environments, security teams face fast-moving threats that traditional models weren’t designed to handle. Misconfigurations, fuzzy trust boundaries, and insecure integrations create new attack surfaces, including vulnerable libraries, leaky secrets, wildcard IAM roles, and misconfigured triggers.

Sold out

View details

While serverless abstracts the underlying infrastructure, it doesn’t reduce responsibility. In highly dynamic, event-driven cloud environments, security teams face fast-moving threats that traditional models weren’t designed to handle. Misconfigurations, fuzzy trust boundaries, and insecure integrations create new attack surfaces, including vulnerable libraries, leaky secrets, wildcard IAM roles, and misconfigured triggers. In this immersive 2-hour workshop, participants will build a cloud lab using serverless components to design and secure an end-to-end AI pipeline with LynxLab. Teams will tackle gamified, challenge-based scenarios, identifying vulnerabilities in each Git branch, mapping them to STRIDE and OWASP serverless categories, and exploring real-world attack paths. This session emphasizes practical skills over theory. Attendees will learn how ephemeral execution, event-driven chains, and implicit trust boundaries can be exploited, and leave with actionable patterns, checklists, and defensive strategies to secure modern serverless applications without slowing delivery.

Module 1| Building Your Home Cloud Lab (LynxLab Setup) : 40 mins

Objective: Equip participants with a fully functional cloud-based environment to safely explore serverless attacks and defenses.

Topics Covered:

Quick primer: why serverless ≠ “less responsibility”
Overview of LynxLab architecture (serverless components, event triggers, IAM wiring)
Guided installation and configuration

Hands-On Deliverables:

Fully deployed personal cloud lab

Module 2| Gamified Challenges - Hunt the Vulnerability in LynxLab : 30 mins

Objective: Engage teams in interactive, challenge-based discovery of common serverless weaknesses.

Format: Participants are split into teams. Each Git branch represents a distinct misconfiguration or vulnerability pattern. Teams must identify, validate, and document the issue.

Gamification: Points are awarded for identifying vulnerability and we will display a real-time dashboard of scores for each team

Hands-On Deliverables:

Documented findings per challenge

Module 3| Deep Dive - Attack & Defense Breakdown (STRIDE + OWASP Serverless Top 10) : 30 mins

Objective: Walk through each challenge in detail, explaining real-world exploitation paths and corresponding defensive strategies.

Discussion Framework: Each challenge is analyzed through -

Tactics, Techniques, Procedures (TTPs) used by adversaries
STRIDE categories (Spoofing, Tampering, Repudiation, Information Disclosure, DoS, Elevation of Privilege)
Relevant OWASP Top 10 categories (e.g., Serverless A6: Function Permission Misuse, A3: Event Injection)

Deep-Dive Examples:

Privilege escalation via wildcard IAM → Elevation of Privilege / STRIDE
Secret leakage in environment variables → Information Disclosure
Insecure event trigger chaining → Event Injection / Tampering

Defense Patterns:

IAM least privilege scaffolding
Event schema validation
Secret rotation & parameter store usage
Secure dependency management practices

Hands-On Deliverables:

Completed attack/defense matrix
Mapped security controls to each misconfiguration
Templates and best-practice patterns to reapply at work

Module 4| Key Takeaways & Ship to Monday Insights : 20 mins

Objective: Synthesize lessons learned into actionable guidance for practitioners, architects, and leaders.

Topics:

How serverless risks fundamentally differ from traditional application models
Why ephemeral compute = persistent security concerns
Understanding invisible trust boundaries and event-driven exploit chains
Common pitfalls executives and architects overlook
Operationalizing secure serverless pipelines without slowing delivery

Takeaway Materials:

Serverless attack/defense cheat sheet
STRIDE + OWASP serverless mapping guide
Secure serverless deployment checklist

What you'll need

Bring your laptop. Wifi/internet access (venue has wifi).

Sold out

Mid-Range3 HoursThreat Modeling

$35

Stop Reacting, Start Predicting: Practical Threat Modeling

Mudassir Syed1:30 PM - 4:30 PMRoom 3709

Threat Modeling is the most underrated skill, yes its a skill, that can be honed. We will explore how threat modeling helps teams move from a reactive security mindset to a proactive, design-first approach. You will learn how to identify vulnerabilities before they become incidents, map out potential attack paths, and make risk-informed decisions.

Sold out

View details

Threat Modeling is the most underrated skill, yes its a skill, that can be honed. We will explore how threat modeling helps teams move from a reactive security mindset to a proactive, design-first approach. You will learn how to identify vulnerabilities before they become incidents, map out potential attack paths, and make risk-informed decisions.

We will cover below aspects by applying them in real time:

What threat modeling is (and what it’s not)
How to identify assets, actors, and attack surfaces
How to think like a Hacker?
Apply frameworks like STRIDE and DFDs
Real-world examples where threat modeling saved the day (or could have)

This workshop will give attendees the confidence to identify threats, risks and vulnerabilities before they become part of the systems.

What you'll need

Bring your own laptop.

Students are encouraged to review the OWASP Top 10 - https://owasp.org/Top10/2025/

Sold out

Mid-Range1 HourNetwork Security

$10

Branch of the Future

Christa McHugh & Jason Czaplewski4:00 PM - 5:00 PMRoom 3707

Vendor agnostic walk through of network and cybersecurity design best practices of the store or branch office architecture. Includes how to implement and operationalize a zero trust network architecture, including network segmentation, IoT, WiFi, Cloud access and AI safely and securely in a branch environment.

Sold out

View details

Vendor agnostic walk through of network and cybersecurity design best practices of the store or branch office architecture. Includes how to implement and operationalize a zero trust network architecture, including network segmentation, IoT, WiFi, Cloud access and AI safely and securely in a branch environment.

What you'll need

Prerequisites: Intermediate understanding of network architecture and general cybersecurity literacy

Sold out

Hands-On Training Day

Hunting Through The SIEM: Turning Logs Into Stories

What you will walk away with:

What you'll need

Wrangling Identity and Access in AWS

What you'll need

One‑Day CISSP Exam Review Course

Review the Domains

What you'll need

Binary Jiu-jitsu: White Belt Fundamentals

What you'll need

Breaking AI: Prompt Injection, Data Exfiltration and Practical Defenses That Work

What you'll need

Threat Hunting using MITRE ATT&CK™ TTPs to Identify Adversarial Behaviors

Participants who attend this workshop will learn how to:

What you'll need

From Datasheet to .data Section

What you'll need

Kraken in the Clouds: A Hands on FaaS Defense Workshop

Module 1| Building Your Home Cloud Lab (LynxLab Setup) : 40 mins

Module 2| Gamified Challenges - Hunt the Vulnerability in LynxLab : 30 mins

Module 3| Deep Dive - Attack & Defense Breakdown (STRIDE + OWASP Serverless Top 10) : 30 mins

Module 4| Key Takeaways & Ship to Monday Insights : 20 mins

What you'll need

Stop Reacting, Start Predicting: Practical Threat Modeling

What you'll need

Branch of the Future

What you'll need

What you will walk away with:

Review the Domains

Participants who attend this workshop will learn how to:

Module 1| Building Your Home Cloud Lab (LynxLab Setup) : 40 mins

Module 2| Gamified Challenges - Hunt the Vulnerability in LynxLab : 30 mins

Module 3| Deep Dive - Attack & Defense Breakdown (STRIDE + OWASP Serverless Top 10) : 30 mins

Module 4| Key Takeaways & Ship to Monday Insights : 20 mins