Zurück zur Startseite

Trainings & Workshops

IT Security Trainings & Workshops

Trainings and workshops on IT security: security awareness for the whole team or technical deep dives for developers. I adapt all content to your team, to their existing knowledge and the challenges they face. Current research feeds into the sessions alongside practical examples and exercises.

Training Formats

  • Security Awareness Training (half-day): Sensitizing all employees to IT security risks in daily work. Topics: recognizing phishing emails and social engineering attacks, secure handling of passwords and confidential data, secure communication and secure remote work. With interactive exercises and real-world examples.
  • Technical Deep Dives for Developers (full-day): In-depth workshops on secure coding, secret management, secure authentication, and cryptographic best practices. Content is based on my own research at CISPA Helmholtz Center on real-world security problems in software development — including my study of 109 developers on handling confidential credentials.
  • Executive Briefings (2–3 hours): Compact trainings on IT security risks, regulatory requirements (NIS2, GDPR, ISO 27001), and strategic security planning. Provides essential decision-making foundations without requiring technical expertise.
  • Hands-on Workshops (full-day): Interactive formats with practical exercises, case studies, and live demonstrations. Participants actively work on concrete security scenarios — such as setting up pre-commit hooks for detecting leaked secrets or analyzing phishing attacks.

Topics in Detail

  • Secure Software Development (Secure Development Lifecycle): Integrating security into the development process: requirements analysis, code reviews, deployment.
  • Secret Management: Securely managing API keys, passwords, and certificates. Practical strategies for preventing secret leakage in Git repositories, based on my research at USENIX Security 2023.
  • Authentication: Password policies, multi-factor authentication, passwordless methods. How security and usability fit together.
  • Cryptographic Fundamentals: Encryption, hashing, digital signatures, and their correct application. Common mistakes and how to avoid them — based on my research on cryptographic updates (USENIX Security 2025).
  • NIS2 Compliance and GDPR: Regulatory requirements explained clearly for technical teams. What needs to be implemented and how technical measures address regulatory requirements.
  • Incident Response: Preparing for and handling security incidents. Playbooks, communication strategies, and lessons-learned processes.

Engagement Process

  1. Free Preliminary Discussion (30 min): Needs assessment, clarification of target audience and desired depth.
  2. Concept Development: Creation of a training plan with coordinated content, exercises, and materials for your situation.
  3. Delivery: On-site or remote — half-day (3–4 hours) or full-day (6–7 hours). Hybrid formats also available.
  4. Training Materials: All participants receive comprehensive reference materials, including checklists and further resources.
  5. Follow-up Session (optional): After 4–6 weeks, a brief session (60 min) to address open questions and verify that the content has been adopted in daily work.

Availability

Trainings and workshops are available in Hannover, Braunschweig, Bremen, Hamburg, and across Germany — on-site, as remote sessions via video conference, or in hybrid format. Group size is flexible — from small teams of 5 to department trainings with 30+ participants.

Interested? Contact me for a training proposal that fits your team.