Security Training for Engineering Teams

AI is writing code faster than ever.
Who's making sure it's secure?

I train engineering teams in building a security mindset for designing secure software.

$ |
Mudassir Syed — Security Trainer and AppSec Leader

From shipping software to securing it.

Over 15 years in technology, I've been the developer shipping features under deadline pressure, the data engineer building pipelines with sensitive data, and the security lead responsible for protecting it all. Most recently, I led security and privacy posture management at Autodesk — threat modeling business-critical applications, integrating security tooling across the SDLC, and building Security Champions programs that turned developers into the first line of defense.

That path gave me something most security trainers don't have: empathy for the engineer on the other side of the security finding. I know what it's like to get a Jira ticket that says "fix the OWASP findings" with no context and no time. I build trainings that meets engineers where they are — with real code, real threats, and real workflows.

15+ Years in Technology
100+ Engineers Trained

Hands-on security trainings for engineering teams.

Engineers leave with skills they use the next sprint — not binders they forget by Monday. Every workshop, delivered through my AppSec Mindset program, is built around the mistakes I've made and the lessons I've learned — so your team doesn't have to learn them the hard way.

Container Security: From Vulnerable to Production-Ready

DevSecOps • AppSec Teams

A hands-on workshop that takes your container pipeline from "it works" to "it's hardened." Build, scan, and fix real container vulnerabilities — from Dockerfile misconfigurations to runtime escape vectors.

  • Full-day workshop
  • Includes lab environments
  • Covers Docker, Kubernetes, and CI/CD integration
Available Now Talk Through Your Team's Needs
AI

AI & LLM Security

AppSec • Dev Teams

Securing AI-integrated applications — from prompt injection to model supply chain risks. Built for teams shipping LLM-powered features who need to understand the new threat surface.

Coming Soon

Trusted to train at security events across the country.

Where I've Delivered

BSides Chicago Workshop
BSides San Francisco Workshop
DeveloperWeek Workshop
BSides Tampa Workshop

What Attendees Say

“I really learned a lot during the threat modeling training, and I can't wait to apply it to my organization.”
— BSides Tampa Attendee
“I thoroughly enjoyed your session, the labs and the stimulating conversation.”
— BSides Tampa Attendee
“A great session and a good reminder of how to threat model — even after attending Shostack's workshop.”
— BSides SF Attendee
“The template was great and I began using it immediately.”
— BSides Chicago Attendee
“Wonderful for a beginner like myself to the space.”
— BSides SF Attendee
15+ years in technology
AppSec leadership at Autodesk
Developer → Security practitioner
Open-source security research

Benchmarks & Open Research

Benchmark

IR-Bench: LLM Reasoning in Incident Response

5 models fully evaluated across 42 IR scenarios. Latest: Claude Fable 5 partial run (21/42) scored 91.8% on completed scenarios — matching o3 and Sonnet — but 45.5% headline due to API failures. Full dashboard with charts and methodology.

Let's talk about training your team.

Whether you're looking for a workshop, a conference speaker, or a conversation about your team's security posture — I'd like to hear from you.