Expand your security services: from web apps to complete cloud infrastructure
November 11th, 2025 | Bucharest
Are you or your team tired of the same repetitive web application penetration tests?
SQL injection, XSS, broken authentication day after day? You’re not alone. Many experienced penetration testers feel stuck in the web application testing cycle, craving more variety and technical challenges. Not only this, but they are missing opportunities in the dynamic and expanding cloud infrastructure market.
This workshop offers multiple escape routes. Whether you’re a pentester seeking more engaging work or a team manager looking to boost both team satisfaction and revenue, this session shows how to naturally complement web application testing with infrastructure security services.
Through real-world case studies and practical validation exercises, you’ll discover how to break the monotony by expanding into cloud configuration reviews (AWS, Azure, GCP), Kubernetes security assessments, CI/CD pipeline security, Infrastructure as Code (IaC) reviews, and security architecture evaluations. These services, apart from technical variety and intellectual stimulation, also command premium pricing.
You’ll learn exactly what prerequisites and access requirements are needed for each service type, and optionally get hands-on practice validating client environments so you can avoid awkward client conversations about missing permissions or incomplete access. You’ll leave with templates for requesting the access needed to conduct each type of engagement along with a playbook for validating initial access.
Why is this workshop relevant?
The cybersecurity landscape is shifting rapidly.
Cloud infrastructure security continues expanding while traditional web application testing faces increasing automation and commoditization.
AI-powered security tools are emerging that can handle routine web application assessments, potentially impacting the long-term viability of basic penetration testing services.
This workshop addresses the need to evolve beyond traditional web application testing into areas that require human expertise and on-the-spot thinking. You’ll learn from real client engagements and practical expansion strategies that have proven successful in the field.
The focus is on combining business understanding with technical validation. You’ll gain practical knowledge of infrastructure security requirements and learn to assess what’s feasible before committing to clients. The workshop covers the complete process, from recognizing opportunities to delivering these services.
As organizations adopt cloud technologies, containerization, and DevOps practices, they need security consultants who understand these complex environments.
Infrastructure security assessments require the kind of contextual understanding and strategic thinking that remains fundamentally human, making this a natural area for professional development and differentiation.
Workshop agenda
- Welcome and workshop overview
- The infrastructure security market opportunity
- Identifying upselling opportunities with existing clients
- Case studies: Successful client transitions from web to infrastructure
- Managing client expectations
- Pricing strategies for premium infrastructure services
- Cloud security configuration reviews (AWS, Azure, GCP)
- Kubernetes security assessments and its flavors
- CI/CD pipeline security and DevSecOps integration
- Infrastructure as Code (IaC) security reviews
- Security architecture evaluation services and others
- Understanding access requirements for each service type + custom configurations
- Hands-on: Validating AWS, Azure, and GCP connectivity (optional)
- Testing Kubernetes cluster access and CI/CD permissions (optional)
- Templates for requesting the proper access
- Q&A and networking
About the trainer
EDUARD AGAVRILOAE
Cybersecurity researcher with 9+ years experience specializing in AWS offensive security.
Author of three open source cloud exploitation tools, creator of four hacking workshops, and DEFCON speaker.
Currently Director of R&D at OFFENSAI, developing AI-powered automatic cloud pentesting platforms.
Who is it for?
- Independent security consultants wanting to increase project values
- Penetration testers seeking career advancement
- Security managers planning service line expansion
- Boutique security firms looking to differentiate their offerings
- Senior consultants ready to move into advisory roles
Key learning objectives:
✔ Identify infrastructure expansion opportunities: recognize when and how to propose additional security services to existing web application clients, including natural conversation transitions and project scoping advice
✔ Learn service positioning and pricing strategies: develop skills to scope, quote, and price infrastructure security reviews with appropriate premium pricing for specialized services across cloud, Kubernetes, CI/CD, and architecture domains
✔ Validate technical access requirements: gain hands-on experience verifying connectivity and permissions across AWS, Azure, GCP, Kubernetes clusters, and CI/CD systems to confidently assess client environments
✔ Build comprehensive security service portfolios: understand how to structure and deliver cloud configuration reviews, Kubernetes security assessments, IaC reviews, CI/CD pipeline security, and security architecture evaluations as cohesive service offerings
Other information & prerequisites
- Knowledgeable about how web application penetration testing methodologies
- Client-facing consulting or project delivery experience
- Basic understanding of business development and client relationship management
Technical requirements for attendees:
Basic terminal/command-line comfort preferred but not mandatory. Technical validation exercises are optional, making the workshop accessible to business-focused attendees.
For performing the hands-on segment of the workshop you should bring your laptop and have the next technical requirements installed:
- Laptop that supports the tools below. VM can also work and an UNIX based system is recommended
- AWS CLI version 2
- az CLI
- gcloud CLI
- kubectl
- Browser
- Network connectivity (internet access will be available)
Estimated Workshop Duration: 4 hours
Language of Instruction: English if non-Romanian speakers are present, otherwise Romanian.
Participation fee: EUR 250
FAQs
If we do not meet the minimum number of participants, you can either transfer to another workshop and pay or receive a refund for any difference in price, or opt for a full refund. You will be notified in advance and given options to choose what works best for you.
The workshop price covers food. However, accommodation is not included, but we can recommend nearby options for your convenience.
Yes, full refunds are available up to 15 days before the workshop start date. However, if you cancel after that, we can offer only 50% of the price.
You will receive an email with all the necessary details, including the workshop location, prerequisites, and schedule, at least one week before the event. If you have any immediate questions, feel free to reach out to us directly.