BSides St Pete 2025 Trainings
Training sessions will be <4 hours in duration.
​
Schedule: The first round of sessions will start at 9 AM; 2nd round beginning at 1 PM.
​​
Be sure to register for a session below, there's a 25 person capacity per training experience!
There is a $1 donation fee required at time of registration.
To get the most out of the training, please remember to bring your laptop.
*PS: We recommend that you bring a lunch, as there will be no food trucks available.
Elastic Security: Advancing Capabilities
This training will teach participants how to set up an Elastic Stack complete with Detections as Code (DaC) practices, workflow and telemetry automation, and customized tooling. It will start with an end-to-end example of setting up a testing-to-production deployment pipeline for custom rules with locally hosted CI/CD (Gitlab). The initial setup uses traditional security use cases such as monitoring endpoints for threats and developing custom detection rules. With this foundation, the training then shifts to a more operational focus, exploring case management automation and leveraging rule telemetry to more effectively respond to threats. Finally, participants will learn how to create specialized, multi-domain detection rules for new data sources such as custom network protocols.
The training will support both local and hosted deployments for Elastic, with cloud environments being provided to all participants. While Gitlab is the primary CI/CD for the training, any Git-based version control system is supported. Equivalent guides for Github and Gitea will also be provided. Whether new to Elastic or a seasoned user, there are a variety of topics both beginner-friendly and advanced, all are welcome.
TCP/IP Black Ops Training
Dive into the deep end of the OSI model with this half-day, hands-on training that blends offensive and defensive tactics across Layers 1 through 4. We’ll start at the Physical Layer with signal analysis and interference, move up to switch-based attacks at Layer 2, hijack routing protocols at Layer 3, and dissect TCP/UDP behaviors and scan evasion at Layer 4. You’ll build an enterprise-grade network from scratch, then tear it down like a seasoned operator. This isn’t just a lecture—it’s a battlefield lab. You’ll work with both commercial gear and open-source tools, simulating the kinds of TTPs used by red and blue teams in real environments. From ARP cache poisoning and VLAN hopping to OSPF manipulation and creative Nmap scans, you’ll leave with the knowledge and muscle memory to navigate (or compromise) a network like a pro. Whether you’re early in your security career or want a better grasp of what’s happening under the hood of your firewall, this session will give you the practical foundation needed to think like both an attacker and defender.
Introduction to IoT Security: Hands-On CTF Style
Step into the world of ethical hacking and uncover the unseen vulnerabilities in everyday smart devices. This immersive, beginner-friendly lab introduces participants to IoT (Internet of Things) security through an exciting Capture The Flag (CTF) format. In just a few hours, attendees will explore hidden backdoors, decode digital signals, and experiment with real-world tools used by professional security researchers. No experience is necessary—just bring your curiosity. Whether you're a student, a tech enthusiast, or someone interested in cybersecurity careers, this lab makes learning accessible, engaging, and impactful.
RE:Boot – An Introduction to Reverse Engineering Training
Friday, Oct. 3, 2025 - 1:00 PM
Room 1
This hands-on workshop introduces participants to the fundamentals of reverse engineering using C++ and x86 assembly—no programming experience required. Attendees will learn how to examine simple C++ programs, generate the corresponding assembly code, and analyze how software behaves at the machine level. The session covers essential concepts like disassembly, control flow, and memory inspection using real tools and practical examples. Designed for curious minds new to reverse engineering, this session provides a solid foundation for exploring malware analysis, vulnerability research, and binary exploitation. Just bring your interest in how software works beneath the surface—no coding background needed.
When Should a Business Use SIEM & SOAR
What exactly are SIEM and SOAR, and why are they so critical to the cybersecurity landscape? In today’s session, we’ll explore the core functions, use cases, and real-world applications of SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) platforms. Whether you're working in a small business or part of a multi-billion-dollar security organization, these tools are essential for scaling detection, response, and overall security operations. We'll break down how these platforms are used to reduce alert fatigue, automate response actions, and drive operational efficiency across security teams. Just as importantly, we’ll discuss how soft skills such as cross-team communication and incident triage storytelling can differentiate professionals in this space and accelerate your path into the industry. To bring these concepts to life, I’ll walk through a live demo using Splunk and Splunk Security Essentials, showing how to hunt for threats in Windows event logs and AWS CloudTrail data. We’ll identify suspicious behaviors like privilege escalation, lateral movement, and unusual login activity. You’ll learn how to build detections, pivot through log sources, and map findings to MITRE ATT&CK techniques using Splunk’s free app. Whether you’re new to threat hunting or looking to sharpen your detection engineering skills, this hands-on portion will offer practical takeaways you can start using immediately. If you're interested in the blue side of cybersecurity, from detection to response to automation, this session is for you.
What’s my job again?
This will cover what security jobs there are to be done in an organization (about 73 of them spread across security, technology, and business teams). This talk is based on an upcoming standard from The Open Group that defines security roles, security accountabilities on business and technology teams, and what happens if any of those 'jobs to be done' isn't being done. These roles span the Board of Directors and CEO all the way through SOC analysts and threat hunters, IT/OT engineers and operations, CIOs, CISOs, lawyers, finance, business managers, and more.
