Our Blog

What to look for in a training provider

Reading time ~6 min
Posted by daniel on 05 September 2016
Categories: Blackhat, Training

In the last few years, the infosec training scene has exploded. Arguably, the largest training provider is Blackhat, and in the last 15 years we’ve seen it grow from a handful of courses to 106 at the last BlackHat USA. With many courses purportedly offering the same or similar content, it’s getting harder to choose as a student.

This blog entry will cover some of the stuff we think makes our courses pretty great, and why we’re so proud of them. It may also help you to evaluate whether our courses are what you’re looking for at at least how to spot the better courses (not just ours) in a list of 100+.
The Basics
It’s our belief that if you have a deep passion for the work you do, then not only will you work hard to be great at it, you’ll also enjoy sharing that passion by teaching others. It’s held true for us for many years, and we make a point of putting our best analysts, rather than specialised trainers, to run our courses.

However, just because you work in a field doesn’t automatically make you a good trainer. Getting training and educating right is hard work, just ask any good teacher. Being able to articulate your message, keeping students excited and engaged, and actually educating, is a skill not all infosec practitioners pick up.

To this end, we make sure our trainers:

    • Have been doing the actual work as their day job for a while. We want them to be a specialist on the subject they’re teaching you.
    • Have experience training. A bad trainer can ruin great content, and a great trainer can make even bad content useful. We work hard to give our trainers experience, and make sure the most experienced are the ones running the course.

Knowing and understanding your trainer is key. Sadly our industry is full of very intelligent people who struggle to communicate. You are spending a large sum of money on a course, so you expect the best communication skills.
The Course Title & Descriptions
With so many courses on offer today, the titles can be a bit misleading. One trick, to get to the top of BlackHat’s alphabetical sort list is to make your course title start with and “a”, like “Advanced”. One year we prepended 0xDF to our course titles to test the theory (https://twitter.com/mubix/status/571155718973333504) :). This means titles aren’t always as accurate as they should be, and reading the synopsis is key. For example, an advanced course would likely not include basics such as port scanning/brute-forcing.

Given this we’ve chosen to:

    • Make it clear what level the course is actually aimed at; beginner, journeyman or master.
    • Be clear about what the course is actually teaching, if it says “mobile” on the box, you’ll get mobile hacking in the box.
    • Make sure content flows both logically, and in a way appropriate to how people learn. We’ve also made sure that this flow continues across courses, so our journeyman courses build on our beginner courses and avoid repeating content for example.

Training Environment
One of the things we’re most proud of in our courses is the practical environment. Especially in our industry, at a minimum you should be testing, playing with and breaking most topics discussed in the course description. This is probably where we get most excited, we’ve built custom mobile apps, web apps, wifi in the cloud (this was fun), large corporate domains, large OSINT networks, bots that open office documents, live malware C2 environments and more, with all of it orchestrated smoothly via AWS.

Many only learn by doing, and with that in mind we make a point of:

    • Building real-world environments. We make sure it’s reflective of what is found on the Internet and corporate environments today, and have built everything from mobile apps to entire corporate domains.
    • Keeping the content and practicals up to date. For example, as much as we all love MS08-067, it’s a decade old and no infrastructure course should feature it today. Because our trainers are practitioners, they tend to update content and practicals with fresh info each time they give the course.
    • Giving each student their own unique environment. “The cloud” allows us to provision entire networks for each student. This means no interference from other students like Little Bobby Drop Tables, and much higher stability and performance.
    • Building a practical for each topic we cover. We don’t want you to come listen to something you could read in a book, rather we want each student to get hands on experience as well as the joy of pwning for themselves.
    • Supporting each practical with a clear description and guided set of questions to help students focus on the important aspects. This is all hosted on our easy to use training portal, much better than the numerous pieces of paper or on-screen text editors of the past.

SensePost Beginner Course
While we have many courses, ranging from beginner to master level, we find the beginner courses require the most work to get the teaching right, too hard and you lose people, too easy and you patronise people, and adaptive enough to meet people at the level they need.

We’ll be giving our Beginner course at this year’s Blackhat EU. In it, we cover a wide range of technical topics from infrastructure, to web apps to networks and wifi, as well as covering numerous meta-topics ranging from how to approach offensive thinking and work, finding vulnerabilities and using exploits.

For each of those topics, you learn and do. It’s a fundamental part of our training. We’ve put 8 months of research and effort into deploying our huge Amazon AWS environment for students, which means access to our training portal and your own virtual environment, as shown below.

Good luck in your search for continued education. We hope to see you in a class soon.