Blog | June 4, 2026

Design Your Training Program at Black Hat USA

Heather Lewis, Head of Training @ Black Hat

Black Hat USA is almost here: in just a few short weeks, Black Hat Trainings kicks off with over one hundred 1-, 2-, and 4-day courses to choose from. However, it’s impossible to be everywhere at once, so we have tools to help you through this process. Our training catalog is a resource, but it can be overwhelming at first; and, with budget and time constraints, it can be tricky to decide on which courses to attend. This guide is a framework to help you cut through the noise and determine what is most relevant to you.

Read on to overcome decision paralysis and get started designing your own training program at Black Hat USA.

At Black Hat USA 2025, three rows of students sit in front of an instructor, who is standing in front of a presentation. The presentation screen shows a technical training slide.

Before browsing the catalog, ask yourself:

  1. What skill gap am I trying to close?
    This is more than just what sounds interesting. Think about the specific capability or capabilities you'll need to deploy within the next six months and look for Trainings that support your needs. Use the Black Hat self-assessment tool to determine if you're lacking in a specific area.
  2. What's my current technical level in this domain?
    Remember that training courses are for you, so be honest about your current level of knowledge. You'll get more value from training that is geared towards your foundational understanding.
  3. What will I actually use in the next six months?
    Training that doesn't get deployed gets forgotten. No matter how interesting a course seems, make sure you prioritize options that solve problems you're facing now, or problems you anticipate soon, rather than problems you might face someday.
Two instructors with laptops sit at a table before rows of students, also seated at tables with laptops in front of them. One instructor is gesturing as he talks to his students.

Review these common scenarios below to get a better idea of how to design your training program.

Pathway 1: "I'm building cloud security capability from scratch."

Your situation: Your organization is migrating to cloud infrastructure (AWS, Azure, GCP), and you're responsible for securing it. You understand traditional network security, but cloud architecture is new territory.

Recommendation: Start with Cloud track fundamentals, especially at the beginner or beginner/intermediate levels. Training courses such as Pivoting in the Sky: AWS Offensive Security Techniques (AWS) or Attacking Cloud Environments (AWS, Azure, GCP, Digitalocean, Aliyun) can help you understand cloud-native architecture, identity and access management (IAM), and shared responsibility models before you can secure them. If you need to learn about detection and response, look into the Defense track for hands-on exposure to cloud defense, such as the Certified Azure Penetration Tester course. If you handle sensitive data, consider the Crypto track with courses like Black Hat Cryptography: Attacks, Tools, and Techniques, since cloud encryption and key management are different from on-premises implementations. Black Hat Trainings offer a multitude of courses over four days that relate to a variety of cloud vendors. Think about who your organization partners with most frequently and make your selections from there.

What to skip: ICS, IoT, and Hardware tracks (unless your cloud deployment includes these). Focus on what you'll deploy first to narrow your options.

Pathway 2: "I'm moving from blue team to red team."

Your situation: You've been doing defensive security (SOC analyst, incident response, threat hunting) and want to build offensive skills. You understand how attacks work from the defender's perspective, and now you want to execute them.

Recommendation: Start with PenTesting track fundamentals, including Red Team Essentials: Foundations for Command and Control. This track helps you learn offensive methodology and mindset, not just individual techniques, which will better prepare you for real-world situations. Since many enterprise environments are still network-heavy, consider the Network track for infrastructure attacks, like Altered Security – Cloud Red Team Tactics for Azure – Beginner Edition. For additional depth, you can explore the Malware (Android Application Hacking) or Crypto tracks (Hackable.Sol – Introduction to Smart Contract Hacking), to understand how malware works and how crypto fails can make you a better red teamer.

What to skip: Risk and Human tracks (you already understand the defensive and organizational context). Focus primarily on technical execution.

Pathway 3: "I'm embedding security into our development pipeline."

Your situation: You're a DevSecOps engineer, AppSec lead, or security-minded developer. Your job is to build security into CI/CD, not bolt it on after deployment.

Recommendation: Start with the AppSec track. You can become a Certified AI Security Champion or consider longer training courses like AI-Enhanced Secure Code Review: Black Hat Edition. If this is your core domain, search for training that will enhance your mastery of secure coding. Add the Supply Chain track with courses like Mastering Third-Party Risk Management: Vendor and Software Supply Chain to learn more about dependency vulnerabilities and pipeline attacks as your threat model. If you're planning to deploy to cloud, you'll be introduced to new attack surfaces; trainings like Offensive Container Security: A Masterclass in Breaking the Boundaries can help keep you agile.

What to skip: Forensics, ICS, Hardware tracks (unless your application domain requires them). Stay focused on the development and deployment pipeline.

Pathway 4: "I'm securing operational technology (OT) or industrial control systems (ICS)."

Your situation: You work in critical infrastructure, manufacturing, or energy. Your threat model includes physical safety, not just data confidentiality.

Recommendation: Start with ICS track fundamentals, like From PLC to the Cloud: Legacy and Modern ICS Security. This domain has unique protocols, architectures, and constraints that IT security practitioners don't typically encounter. Include the Network track for OT network segmentation, since air-gapped networks and protocol-specific monitoring require specialized knowledge, with training such as Agentic AI for Modern Security Operations: Automation, Detection, and Response. You can also consider the Hardware track (Applied Hardware Defenses: Secure Boot and Encrypted Firmware) if you're working with embedded systems: many ICS components are embedded systems with firmware-level vulnerabilities.

What to skip: Mobile, Wireless tracks (unless your OT environment includes these). ICS security is a specialized domain, so do your best to stay focused.

Pathway 5: "I'm leading a security team and need strategic perspective."

Your situation: You're a CISO, security director, or team lead. You need to understand emerging threats and how to structure your security program, but you don't necessarily execute techniques yourself.

Recommendations: Start with Risk track. Trainings like C-Level: AI Cyber Security for Executives focus on strategic decision-making rather than tactical execution. The Human track may be useful for you as well: people are your largest attack surface and your most important defense layer. Courses like Observe and Defend: Using Situational Awareness and Adversary Mindset to Counter Social Engineering can help you prepare to defend against some elements of human risk. Another idea: sample Defense and AI, ML, & Data Science tracks (AI Agent Security Masterclass: 2026 Edition) to understand what your team is defending against and how emerging technologies (AI/ML) change the threat landscape.

What to skip: Deep technical tracks (Malware, Crypto, Hardware) unless you're maintaining hands-on skills. Your job is to enable your team, not execute every technique yourself.

One instructor stands between two presentation screens and gestures as he speaks to his students. The students are seated in rows facing the instructor with their laptops open.

The full Black Hat Trainings agenda is live. Use this framework as you filter what matters for your role, your team, and your next six months.

Black Hat Trainings are about more than collecting certifications. Our programs focus on building actual capabilities you can deploy in the real world, under pressure. Pick courses that close the gap between where you are and where you need to be to stay one step ahead.

If you're still unsure after applying this framework, don't forget to complete the Black Hat self-assessment and start with foundational courses in your primary domain. Remember: advanced techniques build on solid fundamentals, not the other way around.

Black Hat Trainings. Sharpen Your Edge.

Upcoming Events

Blog

Stay Connected

Sign up to receive information about upcoming Black Hat events including Briefings, Trainings, speakers, and important event updates.

Review Board

Training Review Board