Review & Reflect

Turn security knowledge into concrete improvements for your own systems

duration
1 or 2 Days
Kind
Workshop
where
Inhouse or Remote
language
German or English

Workshop info at a glance: Download the one-pager (PDF).

Applying security knowledge in practice

Prior to conducting the workshop with your team, we’ll have an initial scoping meeting. This session is designed to customize the workshop to your specific requirements, helping us decide on the most suitable focus areas and review targets.

Review & Reflect is a facilitated, team-based workshop that enables participants to review and reflect on their own architectures and codebases through a security lens. The focus is on practical application, collaborative analysis, and translating security knowledge into concrete, actionable improvements tailored to the participants’ real-world environments.

This workshop is designed for two distinct audiences:

  • Teams that have completed foundational security training and want to operationalize what they’ve learned by applying security concepts directly to their own systems
  • Security-mature teams looking to accelerate their security posture by conducting focused reviews of their own environment, software, and architecture

Workshop format

The workshop combines individual analysis with collaborative team discussions, guided by an experienced facilitator. Throughout the day, participants work on their actual systems rather than abstract examples:

  • Moderated group work to apply security concepts directly to the team’s own systems, architectures, and codebases
  • Individual and team-based reviews focused on secure software development principles and operational security
  • Structured exchange of experience between team members with discussion of proven security approaches and patterns
  • Direct, moderated support for individual questions, targeted feedback, and deep dives into specific areas of concern

Interactive engagement elements via Workshop Board keep the workshop dynamic and ensure active participation throughout the session, whether attending remotely or on-site.

Workshop outcomes

The concrete outcome of the workshop is a structured list of findings, organized into three categories:

  • Architecture: Design-level observations, structural risks, and recommendations for architectural improvements
  • Implementation: Code-level findings, patterns to address, and secure coding practices to adopt
  • Operations: Operational security considerations, configuration concerns, and deployment hardening opportunities

These findings are documented during the workshop and are intended to be addressed by the team after the workshop concludes. The structured format ensures that insights gained during the session translate into a clear, prioritized action plan.

Flexibility & customization

  • Scope and focus areas can be adapted flexibly to specific technologies, domains, or threat models
  • The workshop can be delivered remotely or on-site at your location

Whether you want to focus on a specific application, review your cloud architecture, examine your CI/CD pipeline security, or conduct a broader assessment across multiple systems, the workshop agenda is tailored to your priorities.

Interested in your organization’s individual quote? Let’s talk


Follow-up options

After the workshop, teams often benefit from additional support in addressing the identified findings. Depending on your needs, follow-up options include:

Ready to apply security knowledge to your own systems? Contact me to discuss your workshop requirements.

Testimonials

What Customers Are Saying

A great seminar. Please keep the content and methodology unchanged!

Training Participant

Very strong expertise — responded very well to follow-up questions.

Workshop Participant

Thank you very much for your training! It was very interesting and packed with knowledge. People on the team learned a lot and speak about it positively.

Training Participant

From my side, thanks again for running the training. Participant feedback was positive across the board, always with the note that the training fits our company well.

Training Organizer

Thank you so much for such an interactive session — really enjoyed it and learned a lot.

Training Participant

Very strong on content — excellent presentation.

Training Participant

Thank you so much for the valuable input. Especially the insights about agentic AI security were very helpful.

Training Participant

Just wanted to share feedback on the past three days: the training matched my expectations exactly. The topics covered and the mix of practical and theoretical parts were perfect. Your years of experience really show.

Training Participant

Time well spent! Thanks a lot, I thoroughly enjoyed the training and depth of content.

Training Participant

Your passion for security is contagious :)

Training Participant

Thank you for the great training — it was exactly what I had in mind for my team! I expect we’ll repeat it with other employees soon.

Product Security Manager

Super exciting and varied! Thank you!

Training Participant

Thanks for the training! It was varied and the different interactive elements kept it engaging. We took away a lot! Looking forward to possible future collaboration.

Training Participant

This was my second time with you, Christian. Very interesting again and a lot of fun!

Training Participant

Thanks again for today’s session! I have to say, every time I’m impressed by how quickly you dive into complex topics, ask critical questions, and provide valuable input. Truly fascinating!

Threat Modeling Customer

Thanks a lot for sharing such great insights with us!

Training Participant

I found the training overall very informative and helpful. The explanations were clear and well structured. Important security concepts were covered with plenty of examples to illustrate them. I took away a lot. Thank you for the training :)

Training Participant

Thanks a lot, I liked the format and the workshop as a whole very much, very engaging, great job, learned quite a bit.

Training Participant

Thanks a lot! Also for the brilliant explanations and well-presented practical examples!

Training Participant

Very intensive seminar, presented very clearly and well!

Training Participant

Insider knowledge from pentesting came through clearly. Broad coverage, strong expertise, and you tailored the content to the technologies we actually use. Technically, pedagogically, and personally excellent — you handled questions well and the structure worked really well.

Training Participant

Excellent example applications — you explain things very clearly.

Training Participant

Very high level of expertise! Pedagogically excellent. Interesting with lots of practical exercises. A seemingly “dry” but very important topic was conveyed and communicated really well.

Training Participant

Very interesting, very practical, engaging — and an answer to everything ;)

Training Participant

I really enjoyed the training thank you so much! 🙏 It was an interactive and insightful session. I became more aware of security tools and how to use them effectively. Thanks again for sharing such valuable insights with us. I really appreciate it!

Training Participant

Thank you Christian! Superb content and explanations, I learned a lot.

Workshop Participant

Participants were thrilled with the training — hardly any survey scores this well! We’re glad feedback was so positive and that participants got so excited about the topic! We really hope we’ll have the chance to work together again (and hopefully often) in the future!

Training Company

Very practical, instructive, and pedagogically excellent! Had a blast!

Workshop Participant

Many topics were covered that were new to me and important for my work.

Workshop Participant

Thank you so much Christian, very informative, substantial and useful.

Workshop Participant

The training was absolutely excellent. I now have over 10 years of professional experience, and over all those years this is one of the best trainings I’ve ever attended.

Training Participant

Thanks again for the very, very good workshop today. I wanted to give big praise for your talks and your workshop — really well done! You just want to get started and try it yourself. Simply excellent!

Workshop Participant

Every developer should take this training at least once.

Training Participant

Many thanks! Really detailed and exciting!

Training Participant

I took part in the web security training last week. It was great again. You make it so vivid, and combined with your real-world stories it’s genuinely gripping. The training was really fun and made me want to learn more about the topic.

Training Participant

An exciting and inspiring event with a speaker who fully masters his subject area.

Workshop Participant

Thanks a lot, it was a very interesting and entertaining training!!! 🙌

Training Participant

Really amazing and brilliant course. Happy to have chosen your training. Thanks for all the preparations and for accommodating lots of questions after the time ;).

Training Participant

As the organizer, I received consistently positive feedback from participants. The real-world examples landed especially well, and defense in depth felt well placed.

Training Organizer

I’d like to thank you again for the exciting training last week. The content was very well prepared and the training formed a cohesive package.

Training Participant

Your workshop at our company had real impact: many participants tried to find vulnerabilities in their projects — with success.

Workshop Organizer

This was a mind-boggling workshop and I’d like to recommend you to colleagues from other companies.

Training Participant

Very helpful training. Very clear description of the attacks and things we need to take care of. Now we have a list of tasks to check/improve in our codebase.

Training Participant

Thank you again for the excellent intensive training this week.

Training Participant

Thank you Christian! Even though I’m not a developer, I could follow almost everything and learned a lot. Absolutely recommended!

Training Participant

I enjoyed and can highly recommend this training. Christian is an awesome educator and teacher.

Training Participant

First of all, heartfelt thanks for the three very inspiring days. I found your talk excellent both pedagogically and in terms of content. The many workshop exercises also contributed a lot to a better basic understanding of the theory.

Workshop Participant

Thank you for the great training! Had a lot of fun and I’ve already recommended it. The mix of theory, practice, and vivid case studies was perfect. You definitely leave the training with a sharper security mindset.

Workshop Participant

Mega great workshop! THANK YOU

Workshop Participant

Many heartfelt thanks. Excellently delivered and so many important pieces of information! I learned a lot of new things…

Workshop Participant

just one word: AWESOME! thank you!

Training Participant

Yes!! This should be mandatory for all software developers!

Training Participant

I would buy it again 5/5 stars :D

Training Participant

Great session Christian!!! Thanks a million!!!

Training Participant

It was great! Concrete examples, explained clearly — definitely left a lasting impression. Keep it up!!

Training Participant

The training made it tangible how hackers work in practice and which tools they have at their disposal. The concrete examples helped a lot.

Training Participant

I found the training comprehensive, VERY educational, highly interesting and exciting — and it really drives the point home. Remote participation was especially important for our team, and you mastered that format really well. The training had a clear narrative arc and clear business value. I’ll definitely recommend it. Thank you!

Training Organizer

Really, really well done pentesting lecture. It was very informative and fun to learn about this stuff again. Since becoming a developer I stopped coding in my free time, but seeing how to break systems — and how and why they work — was part of why I became a programmer in the first place. So the child in me was so happy to learn about XML bombs and all the other crazy things!

Training Participant

Much was new to me (even after years in corporate IT). With the flood of attack possibilities, the framework with “code/data” and “source-taint-sink” is helpful, as is the calm delivery and “let them discover” approach. I recommend the training!

Training Participant

First of all: thank you for an excellent workshop. Feedback on the second part of the workshop was consistently positive. I’ve already heard from several teams that they want to use threat modeling in practice going forward. From my perspective, a complete success.

Workshop Organizer

Very entertaining, interesting and inspiring two days of security training. Enjoyed it a lot and got curious about analyzing our code for weaknesses. Long live the Swiss cheese model! :-)

Training Participant

Thanks for the training. It was an eye-opener, especially the live hacking demonstrations.

Training Participant

Yes, it was really fun, especially the vivid way knowledge was conveyed, the practical examples, addressing every question, the detailed handout, and not least the pleasant atmosphere. Thank you!

Training Participant

We would like to thank you once again for enriching our summit as a speaker with your excellent talks. We collected initial participant feedback right after the event, and it was consistently positive.

Conference Organizer

I took part in your web security training over the past two days — it was awesome. I like the practical approach with the marathon app to try out different cases. Your slides and presentation style are really good and I learned a lot. You definitely know what you’re talking about and convey that knowledge well.

Training Participant

Great training — I had to file a bug for an app right away :D.

Training Participant

Very interesting training. Pedagogically well structured. Especially the step-by-step escalation of the attack, followed by a demonstration of automated off-the-shelf attack tools.

Training Participant

Thank you for the exciting time at the Web Security Bootcamp. With a high level of competence and “escape-the-room” flair, it was fascinating to look at vulnerable doors and gates from the attacker’s point of view, and to learn the many ways to keep those paths closed and secure. A training I can recommend 100% to every developer.

Training Participant

Thank you. I was a complete security beginner and now definitely have a different view of my source code. For many things I used to think mainly about clean code and good style, but it clearly also makes sense from a security perspective to separate data and code.

Training Participant

I loved that you encouraged people to ask questions. Unusual at first how often you did it, but that’s how questions actually get asked :)

Training Participant

I also loved that you had everything prepared so you could always work hands-on if you wanted. You could tell you have routine. At the same time it never got boring.

Training Participant

Great training! Not just technically strong, but also excellently delivered. There genuinely weren’t any dull moments. And with the handout you feel equipped for upcoming challenges.

Training Participant

It was great to always see how far you can take exploiting vulnerabilities!

Training Participant

The training was amazing. I’m quite new to security, and I was speechless at how many everyday systems can be broken when you know what to look for. WOW. Also amazing job, Christian — talking for so many hours with this ease and answering every question. What I appreciated very much was that every question was treated seriously. You motivated people to ask questions! Thank you very much for the great training, but also for the great atmosphere!

Training Participant

Thank you again for the seminar. You could follow along well, and each topic still went quite deep. Injection and XSS in particular reminded me how important those fundamentals are — and how valuable it is to see them explained this clearly.

Training Participant

The training was extremely informative and so much fun! 10/10

Training Participant