Security Training for Engineering Teams
I train engineering teams in building a security mindset for designing secure software.
Over 15 years in technology, I've been the developer shipping features under deadline pressure, the data engineer building pipelines with sensitive data, and the security lead responsible for protecting it all. Most recently, I led security and privacy posture management at Autodesk — threat modeling business-critical applications, integrating security tooling across the SDLC, and building Security Champions programs that turned developers into the first line of defense.
That path gave me something most security trainers don't have: empathy for the engineer on the other side of the security finding. I know what it's like to get a Jira ticket that says "fix the OWASP findings" with no context and no time. I build trainings that meets engineers where they are — with real code, real threats, and real workflows.
Engineers leave with skills they use the next sprint — not binders they forget by Monday. Every workshop, delivered through my AppSec Mindset program, is built around the mistakes I've made and the lessons I've learned — so your team doesn't have to learn them the hard way.
Developers • Security Champions • Architects • AppSec Teams
This workshop changes how you think about system security — permanently. You leave with a mental model that travels into every design conversation, not a checklist you'll forget by Friday. For developers, security champions, architects, and AppSec teams.
DevSecOps • AppSec Teams
A hands-on workshop that takes your container pipeline from "it works" to "it's hardened." Build, scan, and fix real container vulnerabilities — from Dockerfile misconfigurations to runtime escape vectors.
AppSec • Dev Teams
Securing AI-integrated applications — from prompt injection to model supply chain risks. Built for teams shipping LLM-powered features who need to understand the new threat surface.
Coming Soon“I really learned a lot during the threat modeling training, and I can't wait to apply it to my organization.”— BSides Tampa Attendee
“I thoroughly enjoyed your session, the labs and the stimulating conversation.”— BSides Tampa Attendee
“A great session and a good reminder of how to threat model — even after attending Shostack's workshop.”— BSides SF Attendee
“The template was great and I began using it immediately.”— BSides Chicago Attendee
“Wonderful for a beginner like myself to the space.”— BSides SF Attendee
Whether you're looking for a workshop, a conference speaker, or a conversation about your team's security posture — I'd like to hear from you.