Monday, August 15, 2011

Feedback from Latest TCP/IP Weapons School 3.0 Class

At Black Hat in Las Vegas and USENIX Security in San Francisco I taught three TCP/IP Weapons School 3.0 classes. I think my weekday class at Black Hat set a personal record student count, and I was glad to have Steve Andres from Special Ops Security there to help students with questions and lab issues!

I wanted to share some feedback from the classes, in case any of you are considering attending an upcoming class. Currently I'm scheduled to teach at Black Hat Abu Dhabi on 12-13 December. The only other possibilities for training this year include a class in northern VA in either September or October, and a class the weekend before USENIX LISA in Boston on 3-4 December 2011. Next year I will likely return to Las Vegas again in the summer (21-24 July) and DC in the fall (30-31 Oct) but beyond that I am not sure how much training I might do in 2012.

Student feedback from TWS3 included:

  • I've been to a lot of training sessions and this was by far the best. The discussions were useful and practical. The labs were well done enough to repeat and follow them later.

  • Excellent speaker, well-prepared and extremely engaging. Perfect balance of real world scenarios and information.

  • Great course! More lab-based and little [i.e., fewer] PowerPoints is a recipe for success. Will recommend to others.

  • This is the best Black Hat Training class I've ever taken. The techniques and information Richard taught are instantly usable in my day-to-day security analyst work. Well worth the time and money.

  • Richard worked hard to answer our questions and tailor the class to our needs.

  • Discussion-based training without PowerPoint was a great experience -- much more rewarding than death by .ppt!

  • Richard does an excellent job presenting material in an engaging way.

  • Excellent job handling diverse student population with very different skill levels.

  • I would take another security course taught by Richard as well as recommend this course to others.


The students who attend to learn how to collect and analyze network- and log-centric artifacts and data in order to detect and respond to intrusions tend to like the class best.

Thank you to the students from all three classes for your participation!

No comments: