Top-tier Training Classes for your team from the industry's best

Our instructors have over two decades of experience in the technology and education industries, ranging from Penetration Testing and Software Development to Open Source Coding and AD Infrastructure.

 

We are excited to partner with Antisyphon, which hosts our Secure Ideas Training courses.

 

Looking to have Secure Ideas work privately with your organization?  Check out our Corporate Training Catalog and schedule some time with us.  We are here to help you stay ahead of the competition!

Sasta_3-01-01

Upcoming Classes

Whether you're looking for a new certification and are in need of CPEs or just looking for ways to improve your organization's security posture, we offer a training solution that fits your needs. Our training options currently consist of both live and recorded courses, including tailored training for organizations and both virtual and in-person training.

July 9, 2024 · 12:00 PM · 4 Hours per Class Professionally Evil API Testing: A Practical Course for Beginners

If you want to learn how to perform security testing on web applications that use application programming interfaces (APIs), this course is for you. ...

July 10, 2024 · 12:00 PM · 4 Hours per Class Professionally Evil API Testing: AAA and Keys are Not Just for Cars

This course will teach you how to test web APIs for authorization and access control related security flaws. You will learn how to map API ...

July 11, 2024 · 12:00 PM · 4 Hours per Class Professionally Evil API Testing: GraphQL, SOAP, and REST Fundamentals and Techniques

Are you interested in learning how to test different types of APIs for quality and security? Do you want to dive into the essential skills and ...

August 6, 2024 · 12:00 PM · 4 Hours Introduction to PCI (PCI 101)

This will be a high level exploration of the Payment Card Industry Security Standards Council. Students will receive a strong understanding of the ...

August 20, 2024 · 12:00 PM · 4 Hours per Class Foundational Application Security Training (FAST) w/ Bill McCauley

The Foundational Application Security Training (FAST) course is a 4-hour Pay What You Can class focused on explaining the fundamentals of ...

September 10, 2024 · 2:00 PM · 2 Hours per Class Professionally Evil CISSP Mentorship Program

ISC2 describes the CISSP as a way to prove “you have what it takes to effectively design, implement and manage a best-in-class cybersecurity ...

Pricing and Discounts

At the end of the day, Secure Ideas wants to give you the tools to help your business succeed. The more you know about your organization's needs, the more we can do to make sure your systems are well-protected against whatever threats are out there. 

 

As one of the fastest-growing industries in the world, Cybersecurity suffers from a considerable skills gap in employable and skilled candidates. The old models of expensive training reserved for top performers no longer fits the needs of the industry, and the economic difficulties of the past few years have demonstrated that affordable training is mandatory to match candidates with employment opportunities. Secure Ideas is proud to offer the "Pay What You Can" model for our Professionally Evil CISSP Mentorship Program.*

Corporate Training Catalog

Professionally Evil Application Security

The Professionally Evil Application Security (PEAS) course is designed to teach developers, IT professionals, and penetration testers of all skill levels.  This course focuses on the techniques used to assess and exploit applications; including web and mobile applications, APIs, and HTTP-based systems.  We combine these techniques with explanations of the risks exposed and defenses required to improve the security of your organization.  The course uses a large number of hands-on exercises to reinforce the techniques and understanding an attendee will gain so that they benefit on the very first day back to work.  The course focuses on manual techniques for discovery and exploitation while teaching an industry-standard methodology of reconnaissance, mapping, discovery, and exploitation.  This methodology provides a comprehensive standard for assessing applications and APIs.

 

 

Check Upcoming Public Dates

Request a Quote
PEAS_final_draft_02-1

Foundational Data Protection Training

This foundational course is designed to provide the basic tools needed to protect the data that is most valuable to your business.  Since data is an integral part of an organization’s core operations, it’s important to build a solid foundation for understanding the considerations and mechanisms related to data protection.


The protection of sensitive data is paramount for information security professionals.  The course is intended to help provide the techniques and tools needed to conduct a self-assessment of your data protection program.  This helps ensure that your limited resources are being dedicated to the places within your security program needing the most attention, and based on corporate goals, needs, and regulatory compliance requirements.

 

 

Check Upcoming Public Dates

Request a Quote
FDPT_Final_03

OWASP Top 10

Since 2003, OWASP has released the Top 10 Most Critical Web Application Security Risks list.  It has been the basis of much development and consternation, but do you really understand what each of these issues and their corresponding controls mean?  As a developer, do you know how to prevent these issues?  As a security professional, do you truly know what they are and how to evaluate their effectiveness?

In this course, Secure Ideas will walk attendees through the various items in the latest OWASP Top 10 and corresponding controls.  Students will leverage modern applications to explore how the vulnerabilities work and how to find them in their own applications.

 

 

Check Upcoming Public Dates

Request a Quote
OWASP_Top_Ten_final_

Red Team Fundamentals for Active Directory

The Red Team Fundamentals for Active Directory course is an 8-hour class focused on explaining the fundamentals of Active Directory and how different aspects can be exploited when performing penetration tests.  The goal is not only to cover different attacks but also explain the details of why they work and how an environment can be made resilient to them and potentially detect malicious activity.  This combination opens the course to those looking to hone their offensive skills as well as those who are protecting an enterprise network.

The course mixes lecture with a number of hands-on exercises to reinforce the information and techniques.  The activities will cover ways to examine an Active Directory environment, looking for a variety of misconfigurations that are commonly seen in Active Directory implementations (even by some security conscious entities), and then exploit these issues to pivot and escalate our access. Ultimately, the students will gain full control of an AD Forest.

While in class, students will be provided access to a lab containing realistic targets and tools to learn both the attacks and defenses of Active Directory.  This environment enables the attendees to understand how the covered techniques are used in the real world.

 

 

Check Upcoming Public Dates

Request a Quote
Red_Team_draft_Final_Draft_01

Professionally Evil Network Testing

This hands-on course will teach students a basic methodology for network penetration testing and an introduction to the processes used.  Students will walk through the phases of Reconnaissance, Mapping, Discovery, Exploitation, and Post-Exploitation with demonstrations of various tools and tactics used in each phase.  The course is heavily focused on hands-on labs so that students have the opportunity to actually use common tools and techniques.  By the end of training, students will understand the structure of a network penetration test and have the experience necessary to begin practicing the demonstrated toolsets.

 

 

Check Upcoming Public Dates

Request a Quote
PENT_Final_draft_01

Introduction to PCI

This course is designed to introduce IT professionals to the Payment Card Industry collection of standards as defined and enforced by the Payment Card Industry Security Standards Council.  The first half of the course summarizes the structure and history of PCI, the primary standards documents, and the various certification programs for professionals.  The second half of the course dives into a summary of the components of the PCI Data Security Standard (PCI DSS).  This is a high-level, introductory summary designed to provide a general understanding of the requirements in the PCI DSS.

 

 

Check Upcoming Public Dates

Request a Quote
Introduction_to_PCI_PCI_101_Final_Draft_02-1

Foundational Application Security Training

The Foundational Application Security Training (FAST) course is an 8-hour class focused on explaining the fundamentals of applications and their security.  This lecture-focused class is designed to allow managers, product owners, support staff and non-developers understand application security.  This lecture includes what makes up the various modern application technologies, the application development process, what vulnerabilities and risk are exposed via applications and how the attacks happen.  This course will enable organizations to improve how they focus on application security while continuing to increase the coordination between the various teams including development, project management, product owners, IT, and security.  Attendees will be able to understand and explain the various risks and controls within a secure modern application environment.

 

 

Check Upcoming Public Dates

Request a Quote
FAST_Draft_01 (1)

Professionally Evil Container Security

This course is designed to cover the core fundamentals of container and container orchestration security.  We’ll explore container security concerns, configuration issues, and how to abuse them as an attacker.  Then we’ll switch gears and explore the ways that we can prevent the attacks we just carried out.  This will all be done in a hands-on lab driven manner.  This class is focused primarily on Docker and Kubernetes but many of the core concepts can be applied to other container technologies.

 

 

Check Upcoming Public Dates

Request a Quote
PECSEC_Final_draft_02-1

Professionally Evil API Testing

This workshop-style intermediate course is designed to complement a student’s understanding of traditional Web Application Security.  It focuses on modern application and API security features and tactics to protect APIs and microservices from attacks.  Because the material in this course leans on standard HTTP and browser features, and standard web and API security best practices, the lessons and labs are applicable across programming languages and platform implementations.  This material in this course is approached both from the perspective of an adversary and that of a defender.

 

 

Check Upcoming Public Dates

Request a Quote
Professionallyevil_ApI_Testing_Final_Draft_01-1

Do you have questions about our training courses?