Riscure Training Academy

Expert knowledge of security in Embedded Systems

Browse training courses

Learn to spot security vulnerabilities

Why would you want or need security training from an attacker’s perspective?  Sun Tzu’s Art of War describes it well “If you know yourself but not the enemy, for every victory gained you will also suffer a defeat.”

During our courses, you will improve your understanding of security from an attackers mindset… with methods, approaches and tools which include the latest attack techniques.  This approach will enable you and/or your team to more effectively guard for and avoid typical vulnerabilities in hardware/software design as well as in code during development.  It helps you ensure your defenses work well and you implement relevant countermeasures which stand up to relevant attack techniques.

Become a certified expert

You get to use open source tools as well as Riscure’s own test tools.  In our tool specific courses, you will develop your skills in using the tools effectively to help you succeed better in your security related role at your company.  You can become a certified expert in the market leading Side Channel and Fault Injection tools, which are often used as part of many major security certification standards.


Find out about our complete course offering in the course catalog.

We also offer customized or on-site (at your company) training on request, see the bookings paragraph for details.

HCE Security Certification Master Class

We are proud to present our first online training that focuses specifically on security of mobile payment applications. The result of 50+ security evaluation projects related to HCE and TEE based payment solutions and certification brings you the essential knowledge about HCE security challenges and solutions.

Learn more and sign up

Booking details

You can book your open training directly online by visiting the course catalog and the relevant training page. Click “get this course” to sign up. We accept payment via Paypal or major creditcards.

After booking you receive a registration confirmation from us. Invoices will be sent to the registered email separately. Please note that private persons and Dutch companies will receive an invoice adjusted with Dutch VAT included.

Once registered you will have access to the training academy portal, allowing access to all courses you are signed up for, as well as further details regarding the course as the course date gets nearer.

For on-site, custom or larger group training, please contact your Riscure sales person, your reseller, or email us, We often get requests for on-site training in a customer’s location, which we are happy to accommodate. Note however, that we then do need to charge travel and accommodation costs for our trainer(s). On-site training also requires a minimum seat attendance per course to ensure the training is effective.

Included in the training

Riscure provides lunch, coffee/tea and beverages and training material. Equipment will be provided for the hands-on sessions, including a training computer, training cards/devices and equipment.

Relevant documentation (video, presentations, documentation) may be made available to learners on the training academy portal or during the course at our training venue.

After completing the course, the learner will receive a Riscure certificate of completion.

Our trainers

Eloi Sanfelix Gonzalez

Eloi Sanfelix works as a Principal Security Analyst at Riscure, where he’s been since 2008. At Riscure, he performs security evaluations on different products ranging from software-based solutions to embedded systems. Most of his working time is currently spent reverse engineering and analyzing protected software such as DRM systems and mobile payment applications, as well as the security of the software and hardware side of Trusted Execution Environments. In the last few years, he has also been involved in evaluating the security of embedded systems and smart card technology, mostly for the PayTV and the payment industries. In his spare time, Eloi enjoys participating in CTF competitions with the int3pids team.

Training courses: Reverse Engineering, Software Exploitation

Rafael Boix Carpi 

“Breaking stuff is fun, but helping people to understand what to fix and enabling them to plan how to start fixing stuff is better. That’s exactly what we do in our training courses.”

Senior Security Analyst & Trainer, working with Riscure BV since 2013. He graduated as a M. Sc. in Computer Science Engineering, Universitat Politecnica de Valencia, Spain. Additionally he followed a M.Sc in Telecommunications Engineering, as well as a a Networking & Operating System specialization track.

His fields of expertise include Side Channel Analysis and Fault Injection in embedded devices and smartcards, as well as low-level Embedded Systems protocols. Among his contributions, Rafael has presented talks and workshops in several conferences worldwide (CCC camp 2015, PANDA 2016, ChinaCrypt 2015, SPACE 2015, Crypto Summerschool 2017, 2015 and 2014, …), as well as authored and collaborated in several research papers especially on the topic of Fault Injection (more here).

Rafael is interested in information security, software development, hardware hacking and embedded devices. Basically tearing apart any device with chips on it until its secrets are revealed, and share how to do it.

Training courses: Side Channel Analysis, Fault Injection, Advanced SCA and FI, Embedded Systems Security, Smart Card Security.

Ana Mafalda Monteiro Oliveira Cortez

“Prevention is better than needing to find a cure!”

Ana Mafalda Monteiro Oliveira Cortez is a Security Analyst working with Riscure since 2015. She received a M.Sc. degree in Microelectronics and Embedded Systems from the Faculdade de Engenharia da Universidade do Porto (FEUP) and a Ph.D. degree in Hardware Security from Technische Universiteit Delft (TU Delft). Her fields of expertise include Hardware Chip Security and Fault Injection and Side-Channel Analysis in Integrated Circuits, Smartcards and System-on-Chips. In addition, she is an experienced CC evaluator.

Training courses: Embedded Systems Security

Krzysztof Okupski

Krzysztof works as a Security Analyst at Riscure since 2015. He received a M.Sc. degree in Information Security Technology at the Technical University of Eindhoven (TU/e). During his daily work, he performs security evaluations of TEE-based solutions for the payment and content protection market. In his free time, Krzysztof enjoys solving CTF challenges.

Training courses: Software ExploitationEmbedded System Vulnerability Identification and Code Hardening

Maurice Aarts

“(Even-) if it ain’t broken, try harder…”

Maurice Aarts is a Security Analyst at Riscure since 2013, and he has been active in the Host Card Emulation (HCE) market since the end of 2014. Maurice has a MSc. degree in Information Security Technology from the Technische Universiteit Eindhoven (TU/e) in The Netherlands. As a security analyst, he has worked extensively on projects related to the payment market, EMV, HCE and Trusted Execution Environments (TEE). Along with knowledge of fault-injection, code-reviewing, reverse-engineering, and exploitation, Maurice also has experience with the Android ecosystem, smartcards, NFC/RFID, and EMVCo- and CC-evaluations.

Training courses: HCE Security Certification Master Class

By continuing to browse this website, you agree to our use of cookies. Close