What is my motivation? What should your motivation be?

Part 2, providing some info on how I got into training and the motivation needed.


Article Series: So you want to train at Black Hat (or other conferences)?

This is a series of articles about our experiences submitting, preparing and delivering training at Black Hat (and other conferences as well).

It has been quite the journey and it feels like we learnt a lot of things which were not obvious to us at the beginning or were just not documented.

In this series, we will try to set this information out in an organized way to hopefully help people in the future who are interested in going through a similar journey.

This series is ongoing with new posts released every few weeks. If you want to keep up with new posts, follow us on Twitter or LinkedIn.

Posts in this series:



What is my motivation? What should your motivation be?

Published on 24 February 2025 by  Josh Grossman

image

Introduction

In this post, I’ll share some personal background about how I started delivering public training courses and why I pursued this path. My aim is to provide context for the later chapters and help you reflect on the motivation required for such an undertaking.

Admittedly, this chapter focuses more on my experiences than actionable advice, so if you’re confident in your motivation, feel free to jump to the bottom line: what to expect from this journey.

Some Background

At my previous employer, I had always looked admiringly at the posters on the wall of the office from when my previous boss (AppSec legend, Erez Metula) had delivered some of the early mobile security training courses at Black Hat USA. (I have my own poster up on the wall as an homage to that, as you can see in some of my videos).

While the company had moved away from training by the time I joined, the prestige of Black Hat training always stood out to me as a mark of excellence.

Separately, I had the opportunity to review training course submissions for Global AppSec Tel Aviv 2019, as well as for local conferences.

A blurry photo of Dhruv Shah delivering some hands-on hacking training at Global AppSec Tel Aviv 2019

These experiences, combined with my background in developing and delivering training, gave me a solid understanding of the application security training landscape.

Starting at Bounce Security

However, I’m not sure that my new boss (AppSec legend, AviD) had any of that in mind when he asked me, shortly after I had started working with him, if I was interested in developing any training courses. Avi is well known for his threat modeling training which he has been delivering for many years now and working with him, it was a natural thing for him to ask.

Little did we know the journey this simple question would take us on…

Scratching an Itch

As I considered Avi’s question, I reflected on a common challenge I had observed at several client organizations. Many had adopted tools like SAST, DAST, and SCA, only to become overwhelmed by excessive findings, technical hurdles, and conflicts over who was responsible for addressing issues. Instead of improving security, these tools often created frustration, reduced morale, and, paradoxically, worsened overall security outcomes.

Getting stabbed by AppSec tools...

The more I thought about it, the more it seemed like a gap in a crowded market for AppSec training courses. Most courses focused on the technical aspects of tools—installation, configuration, and automation. Having seen these tools in real-life, it seemed like no one wanted to talk about the people and process aspects of using these tools. (Hindsight has shown how much of a problem this is in AppSec in general, not just related to tools which provided the inspiration for the next evolution of this course.)

My Motivation

With Avi’s encouragement, I began drafting an outline for a 2-day course to address this gap. I poured my experiences and observations into a detailed structure, focusing on practical, actionable content.

And this is a critical point. I don’t love designing training courses, I don’t love writing slides. Maybe some people do, I don’t know…

But that's none of my business...

However, I felt strongly enough about this and was passionate enough to push through and pull all of this together. And then stick with it when things got harder later on. I was determined that this was valuable content and that I wanted to do the work to get this released.

Your Motivation

The key takeaway here is that creating, marketing, and delivering a training course is a demanding and time-intensive journey. If you’re new to teaching or presenting, it may push you out of your comfort zone, requiring you to build skills like public speaking and effective communication.

Before starting, ensure you are genuinely passionate about the subject. Passion will sustain you through the challenges and keep you motivated to deliver valuable content.

Next Post: The Financial Aspect

For me, the motivation to create this course wasn’t financial. Much of the work occurred during downtime between projects, and while course revenue has offset some of the investment, it hasn’t fully covered the effort. However, the experiences and opportunities it created have been invaluable.

In the next post, I’ll discuss the financial realities of creating and delivering training courses in detail.



This post is part of a series: So you want to train at Black Hat (or other conferences)?

Other posts in this series: