I run practical workshops that teach engineers new technology skills. This service is directed towards companies: invite me to teach a classroom of your engineers, and level up their dev|sec|ops skills.
The following workshops are available. Get in touch to discuss possibilities, if you need a custom workshop on a particular topic not yet listed.
This is a 4-hour practical technical workshop for engineers on using HTTP security headers to improve client side security on the web.
The training consists of ~90 minutes of theory and ~150 minutes of hands on lab work, where participants have to apply learnings to secure a real website.
Would you benefit from this workshop? Test your website to see how well you are doing with implementing HTTP Security Headers. Ideally, your site would get an “A” rating.
This workshop is still in development.
This is a 4-hour practical technical workshop that introduces engineers to the basics of TLS and HTTPS.
Engineers regularly need to work with web servers and encrypted TLS/HTTPS connections. Whether it be configuring a web server with a TLS certificate from scratch, or writing code that requests a resource over HTTPS, it is important that connection security is configured correctly.
Making sense of certificates and keys might be daunting at first. And so, too often, when an engineer encounters a certificate error, we see code commits that set CURLOPT_SSL_VERIFYPEER
to false
, with a commit message “Fix failing HTTP calls”.
From user-facing view, internal web assets and development environments are often misconfigured and throw HTTPS certificate security warnings, which the visitor is trained to bypass. That should not be the norm.
This workshop teaches participants basic terminology and concepts involved in making HTTPS work correctly and securely. Getting rid of certificate errors is easier than one might imagine - and you’ll be glad of a well-set-up TLS in the rare case when malicious actors start poking at your web site.
The training consists of 90 minutes of theory and 150 minutes of hands on lab work, where participants have to apply learnings to secure a real website.
The workshops are directed towards technology professionals: programmers, devops engineers, full-stack engineers, frontend engineers, system administrators, security engineers and testers.
All workshops are for in-person sessions only, ie no remote video participants. This is to facilitate effective communication and support from the trainer during practical labs.
Price of the workshop is for the full training session and isn’t affected by the number of participants (although workshops have minimum and maximum participant limits). The price of a single training is generally greatly smaller than sending the participants to a similar training individually.
Price can be affected by availability, special requests and travel expenses (if any). Participants get training materials (slides and any extra supporting material, if any) after the training and are welcome to use it internally.
Get in touch via e-mail - [email protected]
.