Tailor-made security training bites
Not every security problem calls for a full training program. Sometimes your team hits a specific gap: a vulnerability class that keeps showing up in code reviews, a new technology nobody on the team has secured before, or an architecture decision where the security implications aren’t clear. That’s what Custom Focus Sessions are for. I build a short, focused session around exactly the topic your team needs, based on a brief scoping call beforehand.
What kind of topics work well
Each engagement starts with a short call where we figure out what your team actually needs. No generic slides, no material recycled from other trainings. Here are some examples of what teams typically ask for:
Closing a specific knowledge gapMaybe your developers are solid on web security but haven’t dealt with API authorization patterns, or they’re moving to a new framework and want to understand its security model before writing production code. A focused session can get the whole team to the same level in an afternoon.
Going deep on a single technique or areaCustom deep dives I covered in the past include GraphQL, gRPC, WebSockets, Spring Boot, React Native, CORS, Content Security Policy, Kubernetes hardening, cryptographic pitfalls in a particular language, supply-chain risks, and even domain-specific formats such as HL7/FHIR in healthcare. If your topic isn’t on this list, that’s perfectly fine and expected. Most sessions focus on something specific to a team’s stack that doesn’t fit neatly into a standard catalog. — This highly tailored session is shaped around the topics that matter most to your team. Every session is individually prepared (including full slide decks and sometimes even live demos) to match your team’s needs.
Securing AI-powered systemsUnderstanding and mitigating risks around LLM integrations, RAG pipelines, MCP tool use, and agentic AI architectures. This area moves fast, and most teams I talk to have more questions than answers when it comes to securing their AI features.
Securing AI-based coding workflowsMore and more teams use AI coding assistants and agents that generate code, run shell commands, or interact with APIs on behalf of developers. That raises real questions: What can these agents access, what guardrails are in place, and how do you prevent them from introducing vulnerabilities or leaking secrets? This session covers the security boundaries around tools like Copilot, Codex, Claude Code, Cursor, and similar agents, so your team can use them confidently without opening up new attack surface or introducing new vulnerabilities in the codebase.
Reacting to something that came upA penetration test found issues your team doesn’t fully understand yet, a new dependency introduced unexpected attack surface, or a security incident raised questions that need proper answers. These sessions work well when there’s a concrete trigger and the team wants to learn from it.
How the sessions work
Sessions run between 2 and 4 hours, depending on the topic. That’s long enough to get into real depth for a focus topic, short enough to fit into a workday without losing people’s attention or binding the team for too long.
I prepare every session individually. There are no pre-built modules I pull from a shelf. The content matches what came out of our scoping call, down to the specific tech stack, language, and architecture your team works with. Where it makes sense, I include interactive elements using Workshop Board so participants stay engaged rather than passively watching slides. Sometimes I even include live demos to show how to exploit vulnerabilities or how to secure a particular feature.
Remote delivery with recording option
All sessions run remotely via video call, so there’s no travel overhead on either side. If you want, I can record the session so your team can revisit the material later. Over time, several of my clients have built up their own internal library of these recordings. New team members get instant access to focused, relevant security training from day one, without having to wait for some next scheduled session.
Get started
If you have a specific security topic on your mind, get in touch and we’ll set up a short scoping call to figure out the right session for your team.