Choose your tickets
Wed 29 Oct Introduction to Hardware Hacking. 9am-6pm Training and Conference Oct 29-31 Combo ticket
Training and Conference ticket! An access code for your conference ticket will be sent to your email and you will be able to use that once tickets are on sale. Sam Shute is a Technical Director at Bastion Security and leads the Hardware Hacking practice. This class will walk through the standard process of hardware hacking, including Reconnaissance, Logic Analysis, Debug Access, Extracting Flash, and Reverse Engineering. Getting started with hardware hacking can be a daunting process. There are so many different technologies involved and so many things to buy that it can be become a blocker from ever actually hacking anything. This training will walk through some of the more common technologies you will see, what you will need to interact with them and hands-on testing to give it a go! This is a perfect course for learners, hobbyist hackers, or experienced hackers that haven't dived into hardware stuff yet. The topics covered include: * Device OSINT * Hardware examination and component identification * Threat mapping * Logic Analysis * Debug port access over UART * Extracting SPI Flash * Reverse Engineering All tooling will be provided. However please bring a laptop that you have administrator access to with either Ubuntu as the host OS or an Ubuntu Virtual Machine. If you are unable to bring a laptop then there will be ways to still give everything a go. At least limited electrical engineering and Linux experience would be beneficial. If you already understand the fundamentals of glitching or sidechannel attacks then you are probably too experienced for this training. About your instructor Sam has always been interested in the intersections of security and the physical world. In the past this has led to projects on backdooring RFID readers, 3D printing keys, and attacking payWave credit cards. As a day job Sam is a Director at Bastion Security Group.
Training and Conference ticket! An access code for your conference ticket will be sent to your email and you will be able to use that once tickets are on sale. Sam Shute is a Technical Director at Bastion Security and leads the Hardware Hacking practice. This class will walk through the standard process of hardware hacking, including Reconnaissance, Logic Analysis, Debug Access, Extracting Flash, and Reverse Engineering. Getting started with hardware hacking can be a daunting process. There are so many different technologies involved and so many things to buy that it can be become a blocker from ever actually hacking anything. This training will walk through some of the more common technologies you will see, what you will need to interact with them and hands-on testing to give it a go! This is a perfect course for learners, hobbyist hackers, or experienced hackers that haven't dived into hardware stuff yet. The topics covered include: * Device OSINT * Hardware examination and component identification * Threat mapping * Logic Analysis * Debug port access over UART * Extracting SPI Flash * Reverse Engineering All tooling will be provided. However please bring a laptop that you have administrator access to with either Ubuntu as the host OS or an Ubuntu Virtual Machine. If you are unable to bring a laptop then there will be ways to still give everything a go. At least limited electrical engineering and Linux experience would be beneficial. If you already understand the fundamentals of glitching or sidechannel attacks then you are probably too experienced for this training. About your instructor Sam has always been interested in the intersections of security and the physical world. In the past this has led to projects on backdooring RFID readers, 3D printing keys, and attacking payWave credit cards. As a day job Sam is a Director at Bastion Security Group.
14 ticket(s) left$264.99+ $15.80 feeWed 29 Oct Application Security Testing: Verifying the right things were done right. 9am-6pm Training and Conference Oct 29-31 Combo ticket
Training and Conference ticket! An access code for your conference ticket will be sent to your email and you will be able to use that once tickets are on sale. Application Security Testing is a key component of any organization’s software assurance program. The importance of these practices is reflected by their presence throughout OWASP's Software Assurance Maturity Model (SAMM), where they're represented primarily by two of the model's 15 core Practices (Requirement-driven Testing and Security Testing), and factor into numerous activities across the remaining Practices. This class covers recommended Application Security Testing (AST) practices, along with supporting AST tools and ways to better leverage penetration testing, to verify and validate an application’s security features: * Verify – How do we confirm our application’s security features were built right? * Validate – How do we confirm we built the right security features, to secure the application's functionality? Topic coverage will include establishing your overall AST strategy and aligning it with the OWASP ASVS (Application Security Verification Standard); defining and implementing security tests cases; leveraging AST tools; and using third-party penetration tests effectively within your testing strategy. Topics covered during this full-day interactive session will include: * Security Testing Strategy * Aligning Your Strategy with the ASVS * Designing Requirements-Driven Test Cases * Test Automation and Regression Test Suites * Assessing Impacts of Test Failures * Tracking Resolution of Test Failures * Creating and Managing Test Environments and Test Data * Automated Security Testing - SAST/DAST/SCA * Fuzz Testing * Penetration Testing and the Testing Strategy * Maximizing the value of your Pen Tests About your instructor Dr. John DiLeo leads the OWASP New Zealand Chapter. In his day job, John is the Application Security Lead at Gallagher Security in Hamilton. Before joining Gallagher, John led the Application Security Services team at Datacom, providing support and guidance to clients in launching, managing, and maturing their enterprise software assurance programs. Before turning to full-time roles in security, John was active as a Java enterprise architect and Web application developer. In earlier lives, John has been a full-time professor and had specialized in developing discrete-event simulations of large distributed systems.
Training and Conference ticket! An access code for your conference ticket will be sent to your email and you will be able to use that once tickets are on sale. Application Security Testing is a key component of any organization’s software assurance program. The importance of these practices is reflected by their presence throughout OWASP's Software Assurance Maturity Model (SAMM), where they're represented primarily by two of the model's 15 core Practices (Requirement-driven Testing and Security Testing), and factor into numerous activities across the remaining Practices. This class covers recommended Application Security Testing (AST) practices, along with supporting AST tools and ways to better leverage penetration testing, to verify and validate an application’s security features: * Verify – How do we confirm our application’s security features were built right? * Validate – How do we confirm we built the right security features, to secure the application's functionality? Topic coverage will include establishing your overall AST strategy and aligning it with the OWASP ASVS (Application Security Verification Standard); defining and implementing security tests cases; leveraging AST tools; and using third-party penetration tests effectively within your testing strategy. Topics covered during this full-day interactive session will include: * Security Testing Strategy * Aligning Your Strategy with the ASVS * Designing Requirements-Driven Test Cases * Test Automation and Regression Test Suites * Assessing Impacts of Test Failures * Tracking Resolution of Test Failures * Creating and Managing Test Environments and Test Data * Automated Security Testing - SAST/DAST/SCA * Fuzz Testing * Penetration Testing and the Testing Strategy * Maximizing the value of your Pen Tests About your instructor Dr. John DiLeo leads the OWASP New Zealand Chapter. In his day job, John is the Application Security Lead at Gallagher Security in Hamilton. Before joining Gallagher, John led the Application Security Services team at Datacom, providing support and guidance to clients in launching, managing, and maturing their enterprise software assurance programs. Before turning to full-time roles in security, John was active as a Java enterprise architect and Web application developer. In earlier lives, John has been a full-time professor and had specialized in developing discrete-event simulations of large distributed systems.
18 ticket(s) left$264.99+ $15.80 feeWed 29 Oct AI for hacking: demystify, deploy, dominate 9am-6pm Training and Conference Oct 29-31 Combo ticket
Training and Conference ticket! An access code for your conference ticket will be sent to your email and you will be able to use that once tickets are on sale. Explore the edge where AI meets cybersecurity. Start with the basics, then build and deploy AI-powered tools that you understand. Whether you're defending or testing systems, this workshop gives you full control of your AI arsenal. None of the hype, all hands-on know-how. This isn’t your average AI workshop. We’re diving into the unpredictable intersection of AI and cybersecurity, where defenders race to keep up, attackers get opportunistic, and we’re all trying to make sense of it. Don’t worry, we will start with all the basics, then move into hands-on aspects where you’ll deploy local models and build AI-powered cyber things. Whether you're defending the system or breaking into it, this session is guided by one key principle: full control and understanding of your AI arsenal. You will learn what AI is and why it matters, explore how it can be used in cybersecurity, uncover its possibilities, hype, false or real promise and limitations. This workshop has minimal prerequisites and will proceed step by step. Some knowledge of Linux and Python environments is advisable, but this training is meant to be accessible to everyone (the exact syllabus may be updated until the last minute due to rapid advancements in AI developments). Requirements: bring your laptop with at least 16GB of RAM (32GB preferred) + GPU (NVIDIA RTX) is ideal. Macs with M processors are more than welcome! Don’t have any high-end hardware? No worries! We’ll find a solution that works for you. About your instructor Dimitri is the Co-founder and Director of Consulting at Coresilium Ltd. He provides expert guidance in navigating the complex and uncertain landscape of cyber risks. His strength lies in deciphering threats and vulnerabilities, translating them into tangible risks and actionable plans tailored to each organisation. Based in Christchurch, Ōtautahi, Dimitri serves clients across Europe, America, and the Pacific. In addition, he dedicates one afternoon each week to running free coding and STEM sessions for kids through Code Club Aotearoa.
Training and Conference ticket! An access code for your conference ticket will be sent to your email and you will be able to use that once tickets are on sale. Explore the edge where AI meets cybersecurity. Start with the basics, then build and deploy AI-powered tools that you understand. Whether you're defending or testing systems, this workshop gives you full control of your AI arsenal. None of the hype, all hands-on know-how. This isn’t your average AI workshop. We’re diving into the unpredictable intersection of AI and cybersecurity, where defenders race to keep up, attackers get opportunistic, and we’re all trying to make sense of it. Don’t worry, we will start with all the basics, then move into hands-on aspects where you’ll deploy local models and build AI-powered cyber things. Whether you're defending the system or breaking into it, this session is guided by one key principle: full control and understanding of your AI arsenal. You will learn what AI is and why it matters, explore how it can be used in cybersecurity, uncover its possibilities, hype, false or real promise and limitations. This workshop has minimal prerequisites and will proceed step by step. Some knowledge of Linux and Python environments is advisable, but this training is meant to be accessible to everyone (the exact syllabus may be updated until the last minute due to rapid advancements in AI developments). Requirements: bring your laptop with at least 16GB of RAM (32GB preferred) + GPU (NVIDIA RTX) is ideal. Macs with M processors are more than welcome! Don’t have any high-end hardware? No worries! We’ll find a solution that works for you. About your instructor Dimitri is the Co-founder and Director of Consulting at Coresilium Ltd. He provides expert guidance in navigating the complex and uncertain landscape of cyber risks. His strength lies in deciphering threats and vulnerabilities, translating them into tangible risks and actionable plans tailored to each organisation. Based in Christchurch, Ōtautahi, Dimitri serves clients across Europe, America, and the Pacific. In addition, he dedicates one afternoon each week to running free coding and STEM sessions for kids through Code Club Aotearoa.
29 ticket(s) left$264.99+ $15.80 feeWed 29 Oct Mastering Risk Assessment: From Guesswork to Data-Driven Security Decisions 1pm-5pm Training and Conference Oct 29-31 Combo ticket
Training and Conference ticket! An access code for your conference ticket will be sent to your email and you will be able to use that once tickets are on sale. In security, poor risk assessment leads to wasted resources or catastrophic breaches. Traditional frameworks like NIST RMF and FAIR help—but often fail to address human biases, vague "High/Medium/Low" ratings, and misaligned priorities. This 3.5-hour workshop equips security specialists with calibrated estimation techniques to quantify risks more accurately. Through hands-on exercises, case studies, and probabilistic thinking, you’ll learn to move beyond guesswork, communicate risks effectively, and make data-driven security decisions. Leave with practical tools to answer critical questions: How likely is this threat? What’s the real impact? Where should we invest first? Key Takeaways: ✔️ Fix overconfidence and cognitive biases in risk assessment ✔️ Apply calibration methods for sharper estimates ✔️ Justify security decisions with clearer, evidence-based reasoning 1. Introduction - Why risk assessment is the backbone of security strategy - Common pitfalls: Overconfidence, vague estimates, and misaligned priorities - The cost of poor risk estimation: Wasted resources vs. catastrophic breaches 2. The State of Risk Assessment - Overview of existing approaches (ISO 27005, NIST RMF, FAIR, OCTAVE) - Key challenges: - Qualitative vs. quantitative—when each fails - "High/Medium/Low" risks—why they’re often meaningless - Cognitive biases in risk estimation (anchoring, over-optimism, groupthink) 3. A Better Way: Calibrated Risk Estimation - Introducing probabilistic thinking in security - The concept of calibration: Why some people are better estimators - Hands-on calibration exercises: - Estimating likelihoods of security events (breaches, insider threats) - Learning to express uncertainty with confidence intervals 4. Applying Calibration to Real Security Decisions - Case studies: - Prioritizing patches vs. investing in detection - Evaluating ROI on security controls - Group exercise: Assessing a fictional company’s risks with calibrated estimates 5. Making Better Security Decisions - How to communicate risks effectively to stakeholders - Moving from "gut feeling" to evidence-based decisions - Tools & techniques to improve risk assessment over time 6. Q&A + Wrap-Up - Key takeaways - Further learning resources Workshop Takeaways: ✅ Better Estimation Skills – Avoid common biases and quantify risks more accurately. ✅ Data-Driven Decisions – Justify security investments with clearer reasoning. ✅ Stronger Communication – Explain risks in a way executives and teams understand. Why Attend? Most risk frameworks fall short because they don’t address human judgment errors. This workshop gives you practical tools to assess risks more objectively and make smarter security choices. About your instructor Anna Lezhikova is a cyber security consultant based in Wellington, New Zealand. She combines her experience in sociology, business management, communications, and IT to help companies to run and grow their business securely in the digital age. Armed with a Master's degree in Sociology, an MBA, and a Diploma in Machine Learning and Artificial Intelligence, Anna's expertise is fortified by practical know-how as a full-stack and DevSecOps engineer. This unique blend equips her with the capability to see problems from different perspectives and come up with holistic solutions.
Training and Conference ticket! An access code for your conference ticket will be sent to your email and you will be able to use that once tickets are on sale. In security, poor risk assessment leads to wasted resources or catastrophic breaches. Traditional frameworks like NIST RMF and FAIR help—but often fail to address human biases, vague "High/Medium/Low" ratings, and misaligned priorities. This 3.5-hour workshop equips security specialists with calibrated estimation techniques to quantify risks more accurately. Through hands-on exercises, case studies, and probabilistic thinking, you’ll learn to move beyond guesswork, communicate risks effectively, and make data-driven security decisions. Leave with practical tools to answer critical questions: How likely is this threat? What’s the real impact? Where should we invest first? Key Takeaways: ✔️ Fix overconfidence and cognitive biases in risk assessment ✔️ Apply calibration methods for sharper estimates ✔️ Justify security decisions with clearer, evidence-based reasoning 1. Introduction - Why risk assessment is the backbone of security strategy - Common pitfalls: Overconfidence, vague estimates, and misaligned priorities - The cost of poor risk estimation: Wasted resources vs. catastrophic breaches 2. The State of Risk Assessment - Overview of existing approaches (ISO 27005, NIST RMF, FAIR, OCTAVE) - Key challenges: - Qualitative vs. quantitative—when each fails - "High/Medium/Low" risks—why they’re often meaningless - Cognitive biases in risk estimation (anchoring, over-optimism, groupthink) 3. A Better Way: Calibrated Risk Estimation - Introducing probabilistic thinking in security - The concept of calibration: Why some people are better estimators - Hands-on calibration exercises: - Estimating likelihoods of security events (breaches, insider threats) - Learning to express uncertainty with confidence intervals 4. Applying Calibration to Real Security Decisions - Case studies: - Prioritizing patches vs. investing in detection - Evaluating ROI on security controls - Group exercise: Assessing a fictional company’s risks with calibrated estimates 5. Making Better Security Decisions - How to communicate risks effectively to stakeholders - Moving from "gut feeling" to evidence-based decisions - Tools & techniques to improve risk assessment over time 6. Q&A + Wrap-Up - Key takeaways - Further learning resources Workshop Takeaways: ✅ Better Estimation Skills – Avoid common biases and quantify risks more accurately. ✅ Data-Driven Decisions – Justify security investments with clearer reasoning. ✅ Stronger Communication – Explain risks in a way executives and teams understand. Why Attend? Most risk frameworks fall short because they don’t address human judgment errors. This workshop gives you practical tools to assess risks more objectively and make smarter security choices. About your instructor Anna Lezhikova is a cyber security consultant based in Wellington, New Zealand. She combines her experience in sociology, business management, communications, and IT to help companies to run and grow their business securely in the digital age. Armed with a Master's degree in Sociology, an MBA, and a Diploma in Machine Learning and Artificial Intelligence, Anna's expertise is fortified by practical know-how as a full-stack and DevSecOps engineer. This unique blend equips her with the capability to see problems from different perspectives and come up with holistic solutions.
24 ticket(s) left$190.00+ $11.49 feeWed 29 Oct WiFi - Novice to Professional 8am-12pm Training and Conference Oct 29-31 Combo ticket
Training and Conference ticket! An access code for your conference ticket will be sent to your email and you will be able to use that once tickets are on sale. Join our Live Offensive WiFi Masterclass, an immersive, hands-on training designed for everyone, from complete beginners to seasoned professionals seeking to sharpen their skills in wireless security. This course will empower attendees with the knowledge and confidence to independently conduct professional-grade WiFi penetration tests. Whether you're starting your journey or advancing your expertise, this masterclass will elevate your capabilities in the offensive WiFi domain. Dive into the world of wireless security with our instructor-led Offensive WiFi Training, designed to take you from foundational concepts to cutting-edge attack techniques. You'll start with the basics—including raw 802.11 frame structures—and build up to cracking WPA2-Personal, attacking WPA3-Enterprise, and exploring everything in between. Through a series of hands-on labs, you'll transform theory into practical skills using our custom virtual environments that simulate real-world scenarios. Each lab is uniquely configured with varying levels of security best practices, challenging you to apply what you've learned in realistic offensive WiFi situations. This intensive 4-hour session is packed with practical challenges that will test and solidify your understanding, leaving you confident and capable of executing professional WiFi penetration tests. About your Instructor Toby "TheXero" Reynolds is a dynamic security professional, with over a decade of experience, His career spans a diverse clientele in both commercial and non-commercial sectors. With a keen focus on enhancing cybersecurity, his expertise lies in vulnerability research, exploit development, and blackbox Penetration Testing. As a thought leader in the field, Toby not only identifies and addresses security gaps but also takes the lead as the primary trainer in courses that delve into the intricacies of attacker tools and methodologies. By combining practical experience with a passion for education, he empowers others to navigate the ever-evolving landscape of cybersecurity with confidence.
Training and Conference ticket! An access code for your conference ticket will be sent to your email and you will be able to use that once tickets are on sale. Join our Live Offensive WiFi Masterclass, an immersive, hands-on training designed for everyone, from complete beginners to seasoned professionals seeking to sharpen their skills in wireless security. This course will empower attendees with the knowledge and confidence to independently conduct professional-grade WiFi penetration tests. Whether you're starting your journey or advancing your expertise, this masterclass will elevate your capabilities in the offensive WiFi domain. Dive into the world of wireless security with our instructor-led Offensive WiFi Training, designed to take you from foundational concepts to cutting-edge attack techniques. You'll start with the basics—including raw 802.11 frame structures—and build up to cracking WPA2-Personal, attacking WPA3-Enterprise, and exploring everything in between. Through a series of hands-on labs, you'll transform theory into practical skills using our custom virtual environments that simulate real-world scenarios. Each lab is uniquely configured with varying levels of security best practices, challenging you to apply what you've learned in realistic offensive WiFi situations. This intensive 4-hour session is packed with practical challenges that will test and solidify your understanding, leaving you confident and capable of executing professional WiFi penetration tests. About your Instructor Toby "TheXero" Reynolds is a dynamic security professional, with over a decade of experience, His career spans a diverse clientele in both commercial and non-commercial sectors. With a keen focus on enhancing cybersecurity, his expertise lies in vulnerability research, exploit development, and blackbox Penetration Testing. As a thought leader in the field, Toby not only identifies and addresses security gaps but also takes the lead as the primary trainer in courses that delve into the intricacies of attacker tools and methodologies. By combining practical experience with a passion for education, he empowers others to navigate the ever-evolving landscape of cybersecurity with confidence.
25 ticket(s) left$190.00+ $11.49 feeWed 29 Oct Introduction to Hardware Hacking. 9am-6pm Training Only ticket
Training Only! Sam Shute is a Technical Director at Bastion Security and leads the Hardware Hacking practice. This class will walk through the standard process of hardware hacking, including Reconnaissance, Logic Analysis, Debug Access, Extracting Flash, and Reverse Engineering. Getting started with hardware hacking can be a daunting process. There are so many different technologies involved and so many things to buy that it can be become a blocker from ever actually hacking anything. This training will walk through some of the more common technologies you will see, what you will need to interact with them and hands-on testing to give it a go! This is a perfect course for learners, hobbyist hackers, or experienced hackers that haven't dived into hardware stuff yet. The topics covered include: * Device OSINT * Hardware examination and component identification * Threat mapping * Logic Analysis * Debug port access over UART * Extracting SPI Flash * Reverse Engineering All tooling will be provided. However please bring a laptop that you have administrator access to with either Ubuntu as the host OS or an Ubuntu Virtual Machine. If you are unable to bring a laptop then there will be ways to still give everything a go. At least limited electrical engineering and Linux experience would be beneficial. If you already understand the fundamentals of glitching or sidechannel attacks then you are probably too experienced for this training. About your instructor Sam has always been interested in the intersections of security and the physical world. In the past this has led to projects on backdooring RFID readers, 3D printing keys, and attacking payWave credit cards. As a day job Sam is a Director at Bastion Security Group.
Training Only! Sam Shute is a Technical Director at Bastion Security and leads the Hardware Hacking practice. This class will walk through the standard process of hardware hacking, including Reconnaissance, Logic Analysis, Debug Access, Extracting Flash, and Reverse Engineering. Getting started with hardware hacking can be a daunting process. There are so many different technologies involved and so many things to buy that it can be become a blocker from ever actually hacking anything. This training will walk through some of the more common technologies you will see, what you will need to interact with them and hands-on testing to give it a go! This is a perfect course for learners, hobbyist hackers, or experienced hackers that haven't dived into hardware stuff yet. The topics covered include: * Device OSINT * Hardware examination and component identification * Threat mapping * Logic Analysis * Debug port access over UART * Extracting SPI Flash * Reverse Engineering All tooling will be provided. However please bring a laptop that you have administrator access to with either Ubuntu as the host OS or an Ubuntu Virtual Machine. If you are unable to bring a laptop then there will be ways to still give everything a go. At least limited electrical engineering and Linux experience would be beneficial. If you already understand the fundamentals of glitching or sidechannel attacks then you are probably too experienced for this training. About your instructor Sam has always been interested in the intersections of security and the physical world. In the past this has led to projects on backdooring RFID readers, 3D printing keys, and attacking payWave credit cards. As a day job Sam is a Director at Bastion Security Group.
14 ticket(s) left$149.99+ $9.19 feeWed 29 Oct Application Security Testing: Verifying the right things were done right. 9am-6pm Training Only ticket
Training only ticket! Application Security Testing is a key component of any organization’s software assurance program. The importance of these practices is reflected by their presence throughout OWASP's Software Assurance Maturity Model (SAMM), where they're represented primarily by two of the model's 15 core Practices (Requirement-driven Testing and Security Testing), and factor into numerous activities across the remaining Practices. This class covers recommended Application Security Testing (AST) practices, along with supporting AST tools and ways to better leverage penetration testing, to verify and validate an application’s security features: * Verify – How do we confirm our application’s security features were built right? * Validate – How do we confirm we built the right security features, to secure the application's functionality? Topic coverage will include establishing your overall AST strategy and aligning it with the OWASP ASVS (Application Security Verification Standard); defining and implementing security tests cases; leveraging AST tools; and using third-party penetration tests effectively within your testing strategy. Topics covered during this full-day interactive session will include: * Security Testing Strategy * Aligning Your Strategy with the ASVS * Designing Requirements-Driven Test Cases * Test Automation and Regression Test Suites * Assessing Impacts of Test Failures * Tracking Resolution of Test Failures * Creating and Managing Test Environments and Test Data * Automated Security Testing - SAST/DAST/SCA * Fuzz Testing * Penetration Testing and the Testing Strategy * Maximizing the value of your Pen Tests About your instructor Dr. John DiLeo leads the OWASP New Zealand Chapter. In his day job, John is the Application Security Lead at Gallagher Security in Hamilton. Before joining Gallagher, John led the Application Security Services team at Datacom, providing support and guidance to clients in launching, managing, and maturing their enterprise software assurance programs. Before turning to full-time roles in security, John was active as a Java enterprise architect and Web application developer. In earlier lives, John has been a full-time professor and had specialized in developing discrete-event simulations of large distributed systems.
Training only ticket! Application Security Testing is a key component of any organization’s software assurance program. The importance of these practices is reflected by their presence throughout OWASP's Software Assurance Maturity Model (SAMM), where they're represented primarily by two of the model's 15 core Practices (Requirement-driven Testing and Security Testing), and factor into numerous activities across the remaining Practices. This class covers recommended Application Security Testing (AST) practices, along with supporting AST tools and ways to better leverage penetration testing, to verify and validate an application’s security features: * Verify – How do we confirm our application’s security features were built right? * Validate – How do we confirm we built the right security features, to secure the application's functionality? Topic coverage will include establishing your overall AST strategy and aligning it with the OWASP ASVS (Application Security Verification Standard); defining and implementing security tests cases; leveraging AST tools; and using third-party penetration tests effectively within your testing strategy. Topics covered during this full-day interactive session will include: * Security Testing Strategy * Aligning Your Strategy with the ASVS * Designing Requirements-Driven Test Cases * Test Automation and Regression Test Suites * Assessing Impacts of Test Failures * Tracking Resolution of Test Failures * Creating and Managing Test Environments and Test Data * Automated Security Testing - SAST/DAST/SCA * Fuzz Testing * Penetration Testing and the Testing Strategy * Maximizing the value of your Pen Tests About your instructor Dr. John DiLeo leads the OWASP New Zealand Chapter. In his day job, John is the Application Security Lead at Gallagher Security in Hamilton. Before joining Gallagher, John led the Application Security Services team at Datacom, providing support and guidance to clients in launching, managing, and maturing their enterprise software assurance programs. Before turning to full-time roles in security, John was active as a Java enterprise architect and Web application developer. In earlier lives, John has been a full-time professor and had specialized in developing discrete-event simulations of large distributed systems.
18 ticket(s) left$149.99+ $9.19 feeWed 29 Oct AI for hacking: demystify, deploy, dominate 9am-6pm Training Only ticket
Training only ticket! Explore the edge where AI meets cybersecurity. Start with the basics, then build and deploy AI-powered tools that you understand. Whether you're defending or testing systems, this workshop gives you full control of your AI arsenal. None of the hype, all hands-on know-how. This isn’t your average AI workshop. We’re diving into the unpredictable intersection of AI and cybersecurity, where defenders race to keep up, attackers get opportunistic, and we’re all trying to make sense of it. Don’t worry, we will start with all the basics, then move into hands-on aspects where you’ll deploy local models and build AI-powered cyber things. Whether you're defending the system or breaking into it, this session is guided by one key principle: full control and understanding of your AI arsenal. You will learn what AI is and why it matters, explore how it can be used in cybersecurity, uncover its possibilities, hype, false or real promise and limitations. This workshop has minimal prerequisites and will proceed step by step. Some knowledge of Linux and Python environments is advisable, but this training is meant to be accessible to everyone (the exact syllabus may be updated until the last minute due to rapid advancements in AI developments). Requirements: bring your laptop with at least 16GB of RAM (32GB preferred) + GPU (NVIDIA RTX) is ideal. Macs with M processors are more than welcome! Don’t have any high-end hardware? No worries! We’ll find a solution that works for you. About your instructor Dimitri is the Co-founder and Director of Consulting at Coresilium Ltd. He provides expert guidance in navigating the complex and uncertain landscape of cyber risks. His strength lies in deciphering threats and vulnerabilities, translating them into tangible risks and actionable plans tailored to each organisation. Based in Christchurch, Ōtautahi, Dimitri serves clients across Europe, America, and the Pacific. In addition, he dedicates one afternoon each week to running free coding and STEM sessions for kids through Code Club Aotearoa.
Training only ticket! Explore the edge where AI meets cybersecurity. Start with the basics, then build and deploy AI-powered tools that you understand. Whether you're defending or testing systems, this workshop gives you full control of your AI arsenal. None of the hype, all hands-on know-how. This isn’t your average AI workshop. We’re diving into the unpredictable intersection of AI and cybersecurity, where defenders race to keep up, attackers get opportunistic, and we’re all trying to make sense of it. Don’t worry, we will start with all the basics, then move into hands-on aspects where you’ll deploy local models and build AI-powered cyber things. Whether you're defending the system or breaking into it, this session is guided by one key principle: full control and understanding of your AI arsenal. You will learn what AI is and why it matters, explore how it can be used in cybersecurity, uncover its possibilities, hype, false or real promise and limitations. This workshop has minimal prerequisites and will proceed step by step. Some knowledge of Linux and Python environments is advisable, but this training is meant to be accessible to everyone (the exact syllabus may be updated until the last minute due to rapid advancements in AI developments). Requirements: bring your laptop with at least 16GB of RAM (32GB preferred) + GPU (NVIDIA RTX) is ideal. Macs with M processors are more than welcome! Don’t have any high-end hardware? No worries! We’ll find a solution that works for you. About your instructor Dimitri is the Co-founder and Director of Consulting at Coresilium Ltd. He provides expert guidance in navigating the complex and uncertain landscape of cyber risks. His strength lies in deciphering threats and vulnerabilities, translating them into tangible risks and actionable plans tailored to each organisation. Based in Christchurch, Ōtautahi, Dimitri serves clients across Europe, America, and the Pacific. In addition, he dedicates one afternoon each week to running free coding and STEM sessions for kids through Code Club Aotearoa.
29 ticket(s) left$149.99+ $9.19 feeWed 29 Oct Mastering Risk Assessment: From Guesswork to Data-Driven Security Decisions 1pm-5pm Training Only ticket
Training only ticket! In security, poor risk assessment leads to wasted resources or catastrophic breaches. Traditional frameworks like NIST RMF and FAIR help—but often fail to address human biases, vague "High/Medium/Low" ratings, and misaligned priorities. This 3.5-hour workshop equips security specialists with calibrated estimation techniques to quantify risks more accurately. Through hands-on exercises, case studies, and probabilistic thinking, you’ll learn to move beyond guesswork, communicate risks effectively, and make data-driven security decisions. Leave with practical tools to answer critical questions: How likely is this threat? What’s the real impact? Where should we invest first? Key Takeaways: ✔️ Fix overconfidence and cognitive biases in risk assessment ✔️ Apply calibration methods for sharper estimates ✔️ Justify security decisions with clearer, evidence-based reasoning 1. Introduction - Why risk assessment is the backbone of security strategy - Common pitfalls: Overconfidence, vague estimates, and misaligned priorities - The cost of poor risk estimation: Wasted resources vs. catastrophic breaches 2. The State of Risk Assessment - Overview of existing approaches (ISO 27005, NIST RMF, FAIR, OCTAVE) - Key challenges: - Qualitative vs. quantitative—when each fails - "High/Medium/Low" risks—why they’re often meaningless - Cognitive biases in risk estimation (anchoring, over-optimism, groupthink) 3. A Better Way: Calibrated Risk Estimation - Introducing probabilistic thinking in security - The concept of calibration: Why some people are better estimators - Hands-on calibration exercises: - Estimating likelihoods of security events (breaches, insider threats) - Learning to express uncertainty with confidence intervals 4. Applying Calibration to Real Security Decisions - Case studies: - Prioritizing patches vs. investing in detection - Evaluating ROI on security controls - Group exercise: Assessing a fictional company’s risks with calibrated estimates 5. Making Better Security Decisions - How to communicate risks effectively to stakeholders - Moving from "gut feeling" to evidence-based decisions - Tools & techniques to improve risk assessment over time 6. Q&A + Wrap-Up - Key takeaways - Further learning resources Workshop Takeaways: ✅ Better Estimation Skills – Avoid common biases and quantify risks more accurately. ✅ Data-Driven Decisions – Justify security investments with clearer reasoning. ✅ Stronger Communication – Explain risks in a way executives and teams understand. Why Attend? Most risk frameworks fall short because they don’t address human judgment errors. This workshop gives you practical tools to assess risks more objectively and make smarter security choices. About your instructor Anna Lezhikova is a cyber security consultant based in Wellington, New Zealand. She combines her experience in sociology, business management, communications, and IT to help companies to run and grow their business securely in the digital age. Armed with a Master's degree in Sociology, an MBA, and a Diploma in Machine Learning and Artificial Intelligence, Anna's expertise is fortified by practical know-how as a full-stack and DevSecOps engineer. This unique blend equips her with the capability to see problems from different perspectives and come up with holistic solutions.
Training only ticket! In security, poor risk assessment leads to wasted resources or catastrophic breaches. Traditional frameworks like NIST RMF and FAIR help—but often fail to address human biases, vague "High/Medium/Low" ratings, and misaligned priorities. This 3.5-hour workshop equips security specialists with calibrated estimation techniques to quantify risks more accurately. Through hands-on exercises, case studies, and probabilistic thinking, you’ll learn to move beyond guesswork, communicate risks effectively, and make data-driven security decisions. Leave with practical tools to answer critical questions: How likely is this threat? What’s the real impact? Where should we invest first? Key Takeaways: ✔️ Fix overconfidence and cognitive biases in risk assessment ✔️ Apply calibration methods for sharper estimates ✔️ Justify security decisions with clearer, evidence-based reasoning 1. Introduction - Why risk assessment is the backbone of security strategy - Common pitfalls: Overconfidence, vague estimates, and misaligned priorities - The cost of poor risk estimation: Wasted resources vs. catastrophic breaches 2. The State of Risk Assessment - Overview of existing approaches (ISO 27005, NIST RMF, FAIR, OCTAVE) - Key challenges: - Qualitative vs. quantitative—when each fails - "High/Medium/Low" risks—why they’re often meaningless - Cognitive biases in risk estimation (anchoring, over-optimism, groupthink) 3. A Better Way: Calibrated Risk Estimation - Introducing probabilistic thinking in security - The concept of calibration: Why some people are better estimators - Hands-on calibration exercises: - Estimating likelihoods of security events (breaches, insider threats) - Learning to express uncertainty with confidence intervals 4. Applying Calibration to Real Security Decisions - Case studies: - Prioritizing patches vs. investing in detection - Evaluating ROI on security controls - Group exercise: Assessing a fictional company’s risks with calibrated estimates 5. Making Better Security Decisions - How to communicate risks effectively to stakeholders - Moving from "gut feeling" to evidence-based decisions - Tools & techniques to improve risk assessment over time 6. Q&A + Wrap-Up - Key takeaways - Further learning resources Workshop Takeaways: ✅ Better Estimation Skills – Avoid common biases and quantify risks more accurately. ✅ Data-Driven Decisions – Justify security investments with clearer reasoning. ✅ Stronger Communication – Explain risks in a way executives and teams understand. Why Attend? Most risk frameworks fall short because they don’t address human judgment errors. This workshop gives you practical tools to assess risks more objectively and make smarter security choices. About your instructor Anna Lezhikova is a cyber security consultant based in Wellington, New Zealand. She combines her experience in sociology, business management, communications, and IT to help companies to run and grow their business securely in the digital age. Armed with a Master's degree in Sociology, an MBA, and a Diploma in Machine Learning and Artificial Intelligence, Anna's expertise is fortified by practical know-how as a full-stack and DevSecOps engineer. This unique blend equips her with the capability to see problems from different perspectives and come up with holistic solutions.
24 ticket(s) left$75.00+ $4.88 feeWed 29 Oct WiFi - Novice to Professional 8am-12pm Training Only ticket
Training ticket only! Embark on a journey into the heart of WiFi technology with our dynamic training program. Delve into the core principles while keeping pace with the latest advancements in the field. This immersive experience isn't just about theory; it's about hands-on learning. Navigate through virtual wireless arenas, applying newfound skills in real-world exercises. From tackling personal networks to infiltrating enterprise setups, this training equips you to handle diverse challenges. Explore both fortified and vulnerable configurations, honing your expertise in thwarting attacks. And with a focus on the cutting-edge WPA3 standard, you'll be prepared for the newest frontiers of WiFi security. About your instructor Toby "TheXero" Reynolds is a dynamic security professional, with over a decade of experience, His career spans a diverse clientele in both commercial and non-commercial sectors. With a keen focus on enhancing cybersecurity, his expertise lies in vulnerability research, exploit development, and blackbox Penetration Testing. As a thought leader in the field, Toby not only identifies and addresses security gaps but also takes the lead as the primary trainer in courses that delve into the intricacies of attacker tools and methodologies. By combining practical experience with a passion for education, he empowers others to navigate the ever-evolving landscape of cybersecurity with confidence.
Training ticket only! Embark on a journey into the heart of WiFi technology with our dynamic training program. Delve into the core principles while keeping pace with the latest advancements in the field. This immersive experience isn't just about theory; it's about hands-on learning. Navigate through virtual wireless arenas, applying newfound skills in real-world exercises. From tackling personal networks to infiltrating enterprise setups, this training equips you to handle diverse challenges. Explore both fortified and vulnerable configurations, honing your expertise in thwarting attacks. And with a focus on the cutting-edge WPA3 standard, you'll be prepared for the newest frontiers of WiFi security. About your instructor Toby "TheXero" Reynolds is a dynamic security professional, with over a decade of experience, His career spans a diverse clientele in both commercial and non-commercial sectors. With a keen focus on enhancing cybersecurity, his expertise lies in vulnerability research, exploit development, and blackbox Penetration Testing. As a thought leader in the field, Toby not only identifies and addresses security gaps but also takes the lead as the primary trainer in courses that delve into the intricacies of attacker tools and methodologies. By combining practical experience with a passion for education, he empowers others to navigate the ever-evolving landscape of cybersecurity with confidence.
25 ticket(s) left$75.00+ $4.88 fee