Trainings

SAINTCON training classes run alongside the main conference. In-depth, hands-on, expert-led.

Training is the deep-end of SAINTCON. While the main conference floor runs talks, contests, and communities, the training rooms host multi-hour, hands-on classes from instructors across the industry.

Trainings can be purchased during registration. Add any class below to your order when you register, or add one to an existing registration (see below).

2026 catalog

Seven hands-on classes this year. Full day (8 hours) unless noted. Prices are per seat.

AI SOAR and Security Engineering with Elastic #

8 hours$450

Rapid SOAR and Software Development for Security Blue (and Red) teams. A hands-on workshop on discovering and interpreting data, creating security applications and becoming a force-multiplier in your organization. In this training, we’ll use Elastic Cloud and AI coding tools, however many of the principles apply to a variety of platforms.

Beat the Breach: Incident Response Bootcamp #

8 hours$450

While the Beat the Breach experience immerses participants in a live cyber incident, Incident Response Bootcamp takes a deeper dive into the skills, processes, and technologies that enable organizations to effectively detect, investigate, contain, and recover from real-world attacks.

Designed for SOC analysts, incident responders, detection engineers, threat hunters, security leaders, and IT professionals, this hands-on course combines practical instruction with real-world examples drawn from enterprise incident response operations. Participants will learn how modern security teams prepare for incidents, investigate malicious activity, coordinate response efforts, communicate with stakeholders, and make critical decisions under pressure.

The course is divided into two complementary sections. During the first half, participants receive instructor-led training covering incident response methodologies, investigation workflows, detection engineering, threat intelligence integration, log analysis, containment strategies, and recovery planning. The second half transitions from theory to practice as attendees participate in a Beat the Breach simulation, applying the concepts learned during training in a realistic, high-pressure incident response scenario.

Throughout the course, attendees will explore the tools, techniques, and processes used by mature security organizations to identify and respond to threats more effectively. Rather than simply discussing incident response concepts, participants will have the opportunity to put those concepts into action while working through realistic challenges that mirror the complexity of modern cyber incidents.

Whether you are looking to strengthen your incident response capabilities, improve your organization’s readiness, or gain practical insights from experienced practitioners, Beat the Breach: Incident Response Bootcamp provides the knowledge, experience, and confidence needed to respond effectively when a real incident occurs.

No slides-only theory. No canned examples. First learn the skills, then put them to the test in a live-fire Beat the Breach simulation.

Satellite Hacking: Going Beyond the Planet #

8 hours$450

Space, the final hacking frontier! Satellites are critical infrastructure, but are they critically vulnerable? In this hands-on class, you will use a compromised ground station terminal to compromise, control, and commandeer a virtualized satellite. We will cover the status of the industry, provide an understanding of the challenges inherent to cybersecurity in space, and cover the threats that our satellites face. You will execute attacks, exercise the unique kind of command and control required for satellite operations, and leverage data exfiltration techniques.

Complete Intro to Pentesting: Cloud, WebApp, Network and AD #

8 hours$450

Delve into the mechanics of the full breadth of penetration testing. This intensive course will equip you with the knowledge and skills to perform both external and internal network testing, as well as master web application attacks using Burpsuite. Crafted for anyone with a passion for cybersecurity, this hands-on training promises a practical approach to explore the multifaceted aspects of penetration testing and its potential to detect security vulnerabilities in networks and web applications.

In this course you will learn:

  • The ethical hacking process using the Penetration Testing Execution Standard (PTES) framework
  • Techniques for internal and external network penetration testing
  • Web application testing methodologies and tools
  • Mastering Burpsuite for effective web application security assessments
  • Utilizing additional tools like nuclei, nikto, openvas, and sqlmap
  • Real-world exploitation techniques and post-exploitation strategies

Hunting Through The SIEM: Turning Logs Into Stories #

8 hours$450

Join our immersive full-day workshop where you’ll dive deep into defensive cybersecurity by deploying a multi-staged threat via SCYTHE, and hunting for it across the SIEM! This hands-on experience will guide you through the intricacies of using enterprise tooling, such as Splunk (SIEM), to hunt for and identify malicious activity.

You’ll learn to map these activities to the MITRE ATT&CK matrix by using Sysmon and Windows logs to gather crucial endpoint data, gain practical skills in threat detection and incident response, and enhance your ability to protect against sophisticated cyber threats.

We will round out this workshop with a custom CTF that will put your threat hunting skills to the test!

Cyber Threat Intelligence 101 #

8 hours$450

This workshop will present an introduction to the basic concepts of threat analysis, leveraging open-source tools, and processing threat intelligence reports in support of computer network defense and incident response. This is a workshop for blue teamers (current and future!) that are interested in threat analysis. It will include discussing publicly available tools along with covering processes that are actionable today without additional training or paid accounts.

We will start the workshop in an academic segment to build a baseline of key terms and the distinction between Cyber Intelligence and Cyber Threat Analysis. Once we have a common foundation, we will move into a hands-on portion exploring open-source reports to enrich and pivot within our dataset. I will demonstrate the process that I use to read through the content of a threat report, process the IOCs and TTPs, and correlate the activity to previous reporting. This section of the workshop will work through Symantec’s Waterbug reporting along with ESET’s Turla reporting, as examples of the same activity being reported under different names and from different perspectives. Attendees will conduct passive lookups (e.g. VirusTotal, ThreatMiner, and PassiveTotal) on the IOCs included in the report. In the final portion of the class, we will discuss bringing our analysis back together into an intelligence product. We will discuss the best methods for clustering threat activity, categorizing capabilities, and visualizing threat activity.

Protecting Your Privacy in the Digital Age #

4 hours$225

This is a 4-hour training session covering various aspects of how to maintain your privacy during a time when businesses are financially driven to destroy it. In this training session, we will cover everything you need to know to slow and stop the leak of your personal information, from OS hardening and browser settings to masked payment cards and disinformation. And if we get extra time, we might even see what data your network traffic might be leaking about you! Prepare to take back the control of your personal data.

Format

  • Duration. Most classes are either full-day (Tuesday) or half-day (Thursday). Some run multiple days for deeper material.
  • Location. Dedicated training rooms inside the UVCC, separate from the main conference floor.
  • Class size. Capped so instructors can actually help each student. Seats are limited; popular classes sell out.

Who it’s for

Most classes assume working knowledge of security concepts. Some are introductory; some are squarely for practitioners with years of experience. Prerequisites are listed with each class in the catalog.

Add training to an existing registration

If you already registered for the main conference and want to add a training class, log into the registration site with your account email and add the class if seats are still available.

Past years

Training catalogs from prior SAINTCONs are browsable in the archives. Good way to get a sense for the tone and depth before 2026 topics drop.

Want to teach?

The Call for Trainings for 2026 has closed and this year’s instructors are confirmed. Watch that page for the next call.

Questions

Drop into Discord and ping Zonifer, our trainings manager (find him on the Planning Committee page).

Security Briefing

Join the mission log

Occasional emails with training announcements, CFP windows, and what's launching at SAINTCON. No spam, no selling your address. Ever.

By subscribing you agree to the Privacy Policy.