Online Training Best Practices

Dmitry Nedospasov
May 01, 2020

TL;DR Advanced Security Training offers trainings created for online, not trainings converted to online. Our virtual classrooms make it possible to individually interact and support participants, our equipment allows live demonstrations in professional quality, and embrace the advantages we get through providing the training from a lab and not a hotel conference room. We keep our online class size substantially smaller than most conferences, and have co-trainers to assist and support the participants in addition to the instructor. We are trainers at heart, and online allows us to show things we were not able to do before. We are currently piloting a subscription program, offering 10 unique courses on advanced security topics, including reverse-engineering and firmware analysis, hardware hacking and security, embedded and IoT, cloud security, fuzzing, and low level hardware attacks such as power analysis and glitching. If you’re interested in hearing more about our subscription program, you can sign up here.

Our thoughts on Online Trainings

With many of our favorite security conferences moving to an online format, we wanted to share some of our experiences with offering talks and courses online. Most importantly, we wanted to make sure participants deciding on how to spend their training budget during this moment of uncertainty know what to look for and what makes a good online venue.

Online should embrace the format, not fight against it

Simply taking a two or four day class laden with hundreds of slides and presenting them through a web conferencing solution is not equivalent to the experience of a conference. Trainers need to compensate for the lack of natural engagement with their students, have backups when things fail and they need to account for the fact that not every participant can give their full attention 100% of the time when working from home. Ideally the course material should be entirely different or adapted for online. But this is just the bare minimum.

With online classes, we finally have the opportunity to share things we’ve never been able to share before. Our Hardware Hacking, Intro to FPGA and Advanced FPGA Courses are taught by the trainer from their respective labs, while respecting social distancing and ensuring everyone stays safe. This means we can stream a live video feed from our oscilloscopes and microscopes. A table top camera shows you how to disassemble a device, solder a connection or extract the firmware, which you could then analyze with the techniques you’ll learn from our Ghidra Firmware Analysis class. None of this can be offered in the same depth at a conference or in a meeting room.

Online is not always synchronous

A simple, real-time conferencing solution is not sufficient for an online class. Participants shouldn’t have to worry about interruptions whether it’s an interrupted connection, a device that runs out of power, the Amazon delivery, or a bathroom break. Participants should instead be able to jump back in time and rewatch whatever they missed. This is not something most standard conferencing solutions provide and just one of the reasons Advanced Security Training utilizes its own platform.

Moreover, with online classes, a better formula is a mix of non-interactive presentations and coordinate times in which participants and instructors can sync up. All of our classes offer a high-quality, high-fidelity stream that can be watched on any device. The courses are structured as a mix of presentation, interactive sessions, one on one support sessions and discussion sessions. For this we use widely supported codecs that allow you to stream the video to any device ranging from a smartphone to a TV. Our streams allow participants to pause or rewind parts of the stream. Our courses are structured to take into account that many are working from home and may need a minute or two to attend to a child or receive a package. All of our courses utilize professional video equipment including video mixers and professional lighting and are recorded with professional-grade cameras and not integrated webcams. Moreover, participants to our courses immediately get access to the raw recorded video of the stream and a professionally edited version a few days later.

Data Privacy

At Advanced Security Training we spin up a new host machine for every class. We delete all information including chat logs to protect the data privacy of our participants. Our conferencing solution allows us to engage with our participants through voice or text chat, offer polls and share the instructor’s screen. We make sure to repeat any questions or polls from the chat to the stream for those that are not engaging with the chat. Our conferencing solution also supports one-on-one support sessions with instructors for participants stuck on an assignment, no additional software required, just a web browser. We also know that some participants just don’t want to share a screen, we respect that. For this reason we also offer interactive solutions for all of our assignments and include detailed solutions with the recordings.

Community

One of the biggest advantages to conferences is the interaction with others. In my experience I think I answer at least as many questions regarding my classes during coffee during the coffee breaks as I do during the course itself. Seeing people regularly at the same venue every year is a big part of the community feeling. This is true both for the instructor seeing, one or more of his former students, as well as students who recognize each other from a previous course. Much of this engagement is completely absent in an online format.

One of the biggest advantages to taking any of our courses is that you get the option of joining our private Discord community. Here we have chats on topics related to the course material. You’ll have access to the instructors as well as training alumni, which means you can get help with any assignments you choose to repeat at a later date. We also stream bonus content to our discord, including new hardware purchases, additional assignments that we didn’t do as part of the training and offer Q&A with trainers and speakers of our upcoming talk series (stay tuned).

Pricing

Finally, the topic of pricing. The two biggest expenses when organizing a class are the travel expenses of the trainer and the cost of the venue. As the conference organizer, this also presents risk because you’re on the hook for the venue, even if no one signs up. Moreover, for large conferences at large venues there often is a recurring contract or at least a lease that goes several years out to ensure that the venue is available several years ahead of time.

At Advanced Security Training we’re all trainers. We’re grateful that during these trying times we can stay home with our families (and our pets). Traveling to and from conferences is always exhausting and expensive. Online allows us to offer our classes in multiple timezones and offer additional sessions on-demand if there’s sufficient people interested in the course. For us this format is both more flexible, less risky for us and has significantly fewer expenses and we chose to pass these savings on to our participants. Our courses are approximately 50% cheaper than competing courses, and on top of that we offer early-bird, group and discounts via social media (you can always DM me or Thomas on Twitter for a discount).

Subscription

Since we haven’t been traveling as much this year, we’ve been investing the extra time into new classes. We’re currently working on 10-15 new classes, all from world renowned trainers. Our goal is to offer at least 10 unique courses on unique advanced security topics within a given 12 month period. We’ve had quite a few customers ask for flat rate subscription pricing on all of our courses and so we’ll be launching it soon. As part of the subscription you’ll get access to all the courses that we offer including our live courses (remote, online, live stream + live conferencing), live session recordings and fully self-paced recorded online (not-live) trainings. In addition we’re offering bonus content through our discord and we’ll soon be launching a unique talk series in a format that no one has ever done before (more on that soon).

Our courses will cover topics including, but not limited to, reverse-engineering and firmware analysis, hardware hacking and hardware security, embedded and IoT, cloud security and secure cloud storage, low level hardware attacks including power analysis and glitching. But we’re also developing self-paced online classes with recorded instructional material on topics such as penetration testing, web security and even an interactive phishing awareness course that can be deployed on site to train employees. All of these materials will be available as part a subscription that we will be launching this summer.

If you’re interested in subscribing and being part of our pilot program, you can be added to the waiting list using this link. Anyone who is already registered for one of our courses can request a subscription and we’ll credit their registrations towards a subscription. We’re offering discounted rates for individuals, students and those that have been furloughed or lost their jobs due to the current economic climate. For business we’re offering discounted named seats, which are license seats for a single engineer, as well as shared seats, that allow companies to send different engineers to different courses.

You can request to be part of subscription pilot program here.

About the Author

Dmitry Nedospasov

Dmitry is a hardware hacker, hardware design engineer, security researcher, speaker, and reverse-engineerer. Dmitry did his PhD in the field of IC security.