Practical TLS and PKI Training | Feisty Duck

Join us on this remote, tutor-led training that covers the theory and practice of SSL/TLS and Internet PKI. Four half-days, packed with information.

Taught by Scott Helme and designed by Ivan Ristić, this practical training course will take you through everything you need to know to deploy secure servers and design secure web applications. The training is based on our Bulletproof TLS and PKI book, with a series of lectures and exercises designed to give you a hands-on experience.

Join more than 2,000 satisfied students who have attended this tutor-led training.

Book US / Europe - 6-9 May 2025 (Remote)

Overview

Day 1: TLS
  • 1. Introduction
  • 2. Keys and certificates
  • 3. Protocols and cipher suites
  • 4. HTTPS topics
  • 5. Getting an A+ on SSL Labs
Day 2: PKI
  • 1. Introduction
  • 2. Standards
  • 3. Internet PKI
  • 4. Revocation
  • 5. Defenses
  • 6. Certificate Transparency
  • 7. PKI ecosystem monitoring
  • 8. Project: Building a private CA

Introduction

The course is taught in small classes. Currently delivered remotely, over four half-days.

  • Understand threats and attacks against encryption
  • Identify real risks that apply to your systems
  • Deploy servers with strong private keys and valid certificates
  • Deploy TLS configurations with strong encryption and forward secrecy
  • Understand higher-level attacks against web applications
  • Use the latest defence technologies, such as HSTS, CSP, and HPKP
  • Learn about key PKI standards and formats
  • Understand where practice differs from theory
  • Analyze certificate lifecycle in detail
  • Evaluate PKI weaknesses and how they affect you
  • Deploy robust protection using public key pinning
  • Learn about what's coming in the future

What's Included

Every student receives a comprehensive digital package that they can use before, during, and after the training. Real-world exercises to work on during the training and afterwards. The 500-page Bulletproof TLS and PKI is provided for use as a comprehensive reference. All in all, you get:

  • A trainer, to teach you and assist you for the duration of the training
  • A virtual server specially designed for the exercises (for 4 weeks)
  • A digital copy of Bulletproof TLS and PKI
  • Over 50 exercises in total
  • Slide handouts you can print and annotate

Testimonials

Scott really knows his stuff—inside, out and sideways.

Dario Ciccarone, CISCO

Excellent trainer. Excellent course.

Evans J. Jesse, SAP

Very insightful even if you have extensive experience with PKI & TLS.

Ramfis E.N. Adrichem, Security Analyst at Kamer van Koophandel

Great course. Lots of useful information and practical labs. Flawless lab setup. Great that we can continue to use VM post course to redo labs, play and learn.

Tom Griffiths, Infrasys Technology

Scott is excellent at delivering the material and is clearly very passionate about the subject. 100% recommend attending training with him if you have the chance!

Nathan Joyce, via Twitter

Web people—this is probably the best TLS training you can get.

Peter Chamberlin, via Twitter

Couldn’t recommend this course enough—brilliant content, nicely delivered in a good-sized class. Keep up the good work.

@dsh82, via Twitter

It was totally worth it to fly to a different country to hear Scott Helme drop some serious knowledge about TLS, PKI, and related treat models. I was looking forward to this class for about 6 months, and it was awesome!

@photo_chocolate, via Twitter

One of the best courses I’ve taken. Totally worth every cent. Scott Helme is a great teacher and Ivan's content is the best out there for this subject matter.

Brian Long, via Twitter

This course is brilliant—best I’ve done in at least 15 years.

Paul Weaver, via Twitter

Top Notch!

Lukasz Rak, Sharcs

Great explanations and easy to understand. Good overview, great course material.

Clare Lee, HSBC

Very thorough, whirlwind tour of TLS configuration and deployment. Impressed with trainers' expertise and passion for the subject.

Jack Hoy, Red Badger

Very knowledgeable. Well paced, good mix of theory and practical work.

Scott Oakley, HSBC

Vibrant, enthusiastic and knowledgeable. Covered all I needed and more.

Andrew Mallett, The Urban Penguin

Made the subject of TLS genuinely exciting to learn. The quality of the material, the exercises and the handouts were some of the best I've ever seen.

Chris Bell, Fujitsu

Awesome! Knowledgeable, enthusiastic and a great communicator. Excellent. "The Best TLS Training" is a bold claim. Having attended, I don't see any reason to argue!

Ian Lowrey, Fujitsu

Real world examples mixed with hands-on experience. An excellent speaker, engaging stories and kept my attention all four days, in the world of Zoom in 2020, that is amazing!

Steve Niemczyk, Salesforce

About the Trainer

Scott Helme

Scott Helme is a Microsoft MVP, Security Researcher, and International Speaker, often found in the press or blogging online about cyber security. He has delivered training on hacking and encryption for over 7 years and believes training courses should be fun and hands-on.

Founder of Report URI, Security Headers, and other popular projects, Scott has a tendency to always be heavily involved in something security focused!

About the Author

Ivan Ristic

Ivan Ristić writes computer security books and builds security products. His book Bulletproof TLS and PKI, the result of more than a decade of research and study, is widely recognised as the de facto SSL/TLS and PKI reference manual. His work on SSL Labs made millions of web sites more secure. Before that, he created ModSecurity, a leading open-source web application firewall.

More recently, Ivan founded Hardenize—now part of Red Sift—as a platform for continuous discovery and monitoring of network infrastructure. He now works as Chief Scientist at Red Sift.