I wasn’t exactly building in silence. Back in August 2025 when traveling home from running my first DEFCON workshop, I openly announced that I was working on a brand new training. Apparently that confidence paid off, because the preview I submitted convinced the review board.
What I definitely did not expect: both of my submissions were accepted as official Black Hat trainings.
That created a rather nice problem to have. Instead of worrying whether I be able to share my content, I suddenly had to figure out how to schedule two different trainings across the four training days from 1–4 August 2026.
A new 1-day workshop concept at Black Hat and Elective / Core Trainings
Black Hat recently introduced a new format with dedicated 1-day workshops alongside the traditional trainings, and they now distinguish between Core and Elective trainings.
Core trainings represent the flagship knowledge of a topic area. They focus on the essential skills practitioners should know and usually attract a broad audience. These courses are designed to be repeatable across events, evolving over time as techniques and tooling change.
Elective trainings are more specialized. They are designed for attendees who want to go deeper into a particular area, explore emerging techniques, or focus on more niche topics. Rather than replacing the core material, they complement it and allow practitioners to expand their expertise beyond the fundamentals.
Details for both Trainings
- Proactive Security Engineering: Building Secure-by-Design Architectures That Scale
- 2-day Training (one session only) – Core Training
- Dates:
- Advanced Web Security: Scaling CSP & Cutting-Edge Browser Defences for Bug Class Elimination
- 1-day Training (2 dates, choose one) – Elective Training
- Dates:
Registration is now open.
Creating an optimized schedule for black hat USA and BSidesLV
You can attend both trainings because they complement each other well. You can also choose to attend only one. The 1-day training is not a shortened version of the 2-day training. They cover different material.
At Black Hat, most 2-day trainings are offered twice: once on Saturday–Sunday and again on Monday–Tuesday. My 2-day training will only run once because I am also running the 1-day workshop. If you want to attend my 2-day training, you would book the Saturday–Sunday session.
This schedule also leaves Monday–Wednesday free, which allows you to attend BSidesLV at the Tuscany for the full Hacker Summer Camp 2026 experience. BSidesLV runs on August 3rd, 4th, and 5th.
If you have any questions, feel free to email me, or DM me via LinkedIn.
What led me to creating those courses
The feedback from my Workshop at DEF CON 33 left me incredibly motivated. My 4-hour workshop didn’t cover everything I wanted, which made me decide to built a 2-day training course.
In recent years, I’ve invested a lot of time in secure design patterns – even attending a fantastic custom training on secure design patterns – and I also teach the Proactive Controls during hackathon-style classes at DHBW University. Pulling all of that together, I realised I could create something new: hands-on, proactive training focused on scale and eliminating entire bug classes, covering the most modern security concepts.
Working in a large-scale environment for the past six years has shaped this perspective. At one point I nearly hit a wall, which forced me to refocus on what truly matters: platform-based security engineering and impact at scale. I’ve helped write secure coding standards before, but standards alone don’t change behaviour – they don’t scale, and they aren’t proactive.
That’s why I believe 2025 is the year of scale (see my article here). Professionals with 5+ years of experience in product security are eager to level up – yet most training out there still caters to beginners. Where’s the training for those who already know the fundamentals, who’ve been coding, pentesting, or building security engineering practices, and want the next level?
That’s exactly what we’re building: a fully hands-on, lab-driven training, shaped by the same energy as my DEFCON workshop, but with the depth that experienced practitioners have been waiting for.