Security Architect, Hacker, Trainer

20+ years turning security risks into solved problems

01. My Mission

Let security fully blend into development and team culture.

02. My Approach

Seek simple solutions for complex problems, for their power lies in easy application.

03. My Philosophy

Empower customers, teams, and the community by sharing knowledge and tools.

shape shape
Christian Schneider

Security Architect by Trade

Attacker by Mindset

I’m a security architect, ethical hacker, and trainer with over 20 years of experience in software engineering and cybersecurity. Based in Cologne, Germany, I help companies worldwide improve the security of real-world systems.

A growing focus of my work is AI security: securing LLM-based applications, agentic AI systems, and GenAI integrations.

I conduct in-depth penetration tests of applications, APIs, cloud environments, and container platforms—combining automated scanning with deep manual testing to find vulnerabilities that tools miss.

To cover the full security lifecycle, I also help organizations integrate security into their development practices through DevSecOps coaching and agile threat modeling, supporting engineering teams with clear, actionable recommendations.

Through my web security bootcamp and review & reflect workshop, I’ve trained numerous developers and software engineers, emphasizing hands-on exercises from both attacker and defender perspectives.

To support the next generation of security professionals, I give an annual guest lecture on Security Architecture and Threat Modeling in the Business Informatics program at the University of Cologne, featuring an interactive threat modeling exercise with students.

I regularly speak at national and international conferences and write about security topics. I’m a member of OWASP, the Allianz für Cybersicherheit, and the Chaos Computer Club.

My goal is simple: make security understandable, actionable, and effective.


Let's talk

Tool Development

Creator of Security Tools

Attack Tree

A web-based tool for creating and analyzing attack trees, using a scenario-driven approach for top-down threat modeling.

Try it out

Threagile

An open-source, agile threat modeling toolkit that creates risk reports from YAML-based architecture definitions.

Try it out

Workshop Board

A real-time collaboration platform I built to enhance interactivity in my security trainings and workshops.

Try it out

Testimonials

What Customers Are Saying

A great seminar. Please keep the content and methodology unchanged!

Training Participant

Very strong expertise — responded very well to follow-up questions.

Workshop Participant

Thank you very much for your training! It was very interesting and packed with knowledge. People on the team learned a lot and speak about it positively.

Training Participant

From my side, thanks again for running the training. Participant feedback was positive across the board, always with the note that the training fits our company well.

Training Organizer

Thank you so much for such an interactive session — really enjoyed it and learned a lot.

Training Participant

Very strong on content — excellent presentation.

Training Participant

Thank you so much for the valuable input. Especially the insights about agentic AI security were very helpful.

Training Participant

Just wanted to share feedback on the past three days: the training matched my expectations exactly. The topics covered and the mix of practical and theoretical parts were perfect. Your years of experience really show.

Training Participant

Time well spent! Thanks a lot, I thoroughly enjoyed the training and depth of content.

Training Participant

Your passion for security is contagious :)

Training Participant

Thank you for the great training — it was exactly what I had in mind for my team! I expect we’ll repeat it with other employees soon.

Product Security Manager

Super exciting and varied! Thank you!

Training Participant

Thanks for the training! It was varied and the different interactive elements kept it engaging. We took away a lot! Looking forward to possible future collaboration.

Training Participant

This was my second time with you, Christian. Very interesting again and a lot of fun!

Training Participant

Thanks again for today’s session! I have to say, every time I’m impressed by how quickly you dive into complex topics, ask critical questions, and provide valuable input. Truly fascinating!

Threat Modeling Customer

Thanks a lot for sharing such great insights with us!

Training Participant

I found the training overall very informative and helpful. The explanations were clear and well structured. Important security concepts were covered with plenty of examples to illustrate them. I took away a lot. Thank you for the training :)

Training Participant

Thanks a lot, I liked the format and the workshop as a whole very much, very engaging, great job, learned quite a bit.

Training Participant

Thanks a lot! Also for the brilliant explanations and well-presented practical examples!

Training Participant

Very intensive seminar, presented very clearly and well!

Training Participant

Insider knowledge from pentesting came through clearly. Broad coverage, strong expertise, and you tailored the content to the technologies we actually use. Technically, pedagogically, and personally excellent — you handled questions well and the structure worked really well.

Training Participant

Excellent example applications — you explain things very clearly.

Training Participant

Very high level of expertise! Pedagogically excellent. Interesting with lots of practical exercises. A seemingly “dry” but very important topic was conveyed and communicated really well.

Training Participant

Very interesting, very practical, engaging — and an answer to everything ;)

Training Participant

I really enjoyed the training thank you so much! 🙏 It was an interactive and insightful session. I became more aware of security tools and how to use them effectively. Thanks again for sharing such valuable insights with us. I really appreciate it!

Training Participant

Thank you Christian! Superb content and explanations, I learned a lot.

Workshop Participant

Participants were thrilled with the training — hardly any survey scores this well! We’re glad feedback was so positive and that participants got so excited about the topic! We really hope we’ll have the chance to work together again (and hopefully often) in the future!

Training Company

Very practical, instructive, and pedagogically excellent! Had a blast!

Workshop Participant

Many topics were covered that were new to me and important for my work.

Workshop Participant

Thank you so much Christian, very informative, substantial and useful.

Workshop Participant

The training was absolutely excellent. I now have over 10 years of professional experience, and over all those years this is one of the best trainings I’ve ever attended.

Training Participant

Thanks again for the very, very good workshop today. I wanted to give big praise for your talks and your workshop — really well done! You just want to get started and try it yourself. Simply excellent!

Workshop Participant

Every developer should take this training at least once.

Training Participant

Many thanks! Really detailed and exciting!

Training Participant

I took part in the web security training last week. It was great again. You make it so vivid, and combined with your real-world stories it’s genuinely gripping. The training was really fun and made me want to learn more about the topic.

Training Participant

An exciting and inspiring event with a speaker who fully masters his subject area.

Workshop Participant

Thanks a lot, it was a very interesting and entertaining training!!! 🙌

Training Participant

Really amazing and brilliant course. Happy to have chosen your training. Thanks for all the preparations and for accommodating lots of questions after the time ;).

Training Participant

As the organizer, I received consistently positive feedback from participants. The real-world examples landed especially well, and defense in depth felt well placed.

Training Organizer

I’d like to thank you again for the exciting training last week. The content was very well prepared and the training formed a cohesive package.

Training Participant

Your workshop at our company had real impact: many participants tried to find vulnerabilities in their projects — with success.

Workshop Organizer

This was a mind-boggling workshop and I’d like to recommend you to colleagues from other companies.

Training Participant

Very helpful training. Very clear description of the attacks and things we need to take care of. Now we have a list of tasks to check/improve in our codebase.

Training Participant

Thank you again for the excellent intensive training this week.

Training Participant

Thank you Christian! Even though I’m not a developer, I could follow almost everything and learned a lot. Absolutely recommended!

Training Participant

I enjoyed and can highly recommend this training. Christian is an awesome educator and teacher.

Training Participant

First of all, heartfelt thanks for the three very inspiring days. I found your talk excellent both pedagogically and in terms of content. The many workshop exercises also contributed a lot to a better basic understanding of the theory.

Workshop Participant

Thank you for the great training! Had a lot of fun and I’ve already recommended it. The mix of theory, practice, and vivid case studies was perfect. You definitely leave the training with a sharper security mindset.

Workshop Participant

Mega great workshop! THANK YOU

Workshop Participant

Many heartfelt thanks. Excellently delivered and so many important pieces of information! I learned a lot of new things…

Workshop Participant

just one word: AWESOME! thank you!

Training Participant

Yes!! This should be mandatory for all software developers!

Training Participant

I would buy it again 5/5 stars :D

Training Participant

Great session Christian!!! Thanks a million!!!

Training Participant

It was great! Concrete examples, explained clearly — definitely left a lasting impression. Keep it up!!

Training Participant

The training made it tangible how hackers work in practice and which tools they have at their disposal. The concrete examples helped a lot.

Training Participant

I found the training comprehensive, VERY educational, highly interesting and exciting — and it really drives the point home. Remote participation was especially important for our team, and you mastered that format really well. The training had a clear narrative arc and clear business value. I’ll definitely recommend it. Thank you!

Training Organizer

Really, really well done pentesting lecture. It was very informative and fun to learn about this stuff again. Since becoming a developer I stopped coding in my free time, but seeing how to break systems — and how and why they work — was part of why I became a programmer in the first place. So the child in me was so happy to learn about XML bombs and all the other crazy things!

Training Participant

Much was new to me (even after years in corporate IT). With the flood of attack possibilities, the framework with “code/data” and “source-taint-sink” is helpful, as is the calm delivery and “let them discover” approach. I recommend the training!

Training Participant

First of all: thank you for an excellent workshop. Feedback on the second part of the workshop was consistently positive. I’ve already heard from several teams that they want to use threat modeling in practice going forward. From my perspective, a complete success.

Workshop Organizer

Very entertaining, interesting and inspiring two days of security training. Enjoyed it a lot and got curious about analyzing our code for weaknesses. Long live the Swiss cheese model! :-)

Training Participant

Thanks for the training. It was an eye-opener, especially the live hacking demonstrations.

Training Participant

Yes, it was really fun, especially the vivid way knowledge was conveyed, the practical examples, addressing every question, the detailed handout, and not least the pleasant atmosphere. Thank you!

Training Participant

We would like to thank you once again for enriching our summit as a speaker with your excellent talks. We collected initial participant feedback right after the event, and it was consistently positive.

Conference Organizer

I took part in your web security training over the past two days — it was awesome. I like the practical approach with the marathon app to try out different cases. Your slides and presentation style are really good and I learned a lot. You definitely know what you’re talking about and convey that knowledge well.

Training Participant

Great training — I had to file a bug for an app right away :D.

Training Participant

Very interesting training. Pedagogically well structured. Especially the step-by-step escalation of the attack, followed by a demonstration of automated off-the-shelf attack tools.

Training Participant

Thank you for the exciting time at the Web Security Bootcamp. With a high level of competence and “escape-the-room” flair, it was fascinating to look at vulnerable doors and gates from the attacker’s point of view, and to learn the many ways to keep those paths closed and secure. A training I can recommend 100% to every developer.

Training Participant

Thank you. I was a complete security beginner and now definitely have a different view of my source code. For many things I used to think mainly about clean code and good style, but it clearly also makes sense from a security perspective to separate data and code.

Training Participant

I loved that you encouraged people to ask questions. Unusual at first how often you did it, but that’s how questions actually get asked :)

Training Participant

I also loved that you had everything prepared so you could always work hands-on if you wanted. You could tell you have routine. At the same time it never got boring.

Training Participant

Great training! Not just technically strong, but also excellently delivered. There genuinely weren’t any dull moments. And with the handout you feel equipped for upcoming challenges.

Training Participant

It was great to always see how far you can take exploiting vulnerabilities!

Training Participant

The training was amazing. I’m quite new to security, and I was speechless at how many everyday systems can be broken when you know what to look for. WOW. Also amazing job, Christian — talking for so many hours with this ease and answering every question. What I appreciated very much was that every question was treated seriously. You motivated people to ask questions! Thank you very much for the great training, but also for the great atmosphere!

Training Participant

Thank you again for the seminar. You could follow along well, and each topic still went quite deep. Injection and XSS in particular reminded me how important those fundamentals are — and how valuable it is to see them explained this clearly.

Training Participant

The training was extremely informative and so much fun! 10/10

Training Participant

Upcoming Conference Talks & Trainings

Setting The Stage

As a speaker with international conference experience (Black Hat Arsenal USA, DEF CON AppSec Village USA, RSA Conference USA, Oracle JavaOne, Black Hat Arsenal Europe, Black Hat Arsenal Asia, DeepSec, BruCON, TROOPERS, MCTTP, OWASP AppSecEU, OWASP AppSec Days, DevOpsCon, JAX, Heise devSec, Heise Sec-IT, Heise Herbstcampus, RuhrSec, JCon, JavaLand, Internet Security Days, IT-Tage Frankfurt, OOP, and others) I’m definitely enjoying to speak, present keynotes, and train about IT-Security topics.

Writing & Research

Published Articles

From time to time I write articles about topics like threat modeling, DevSecOps automation and vulnerability research. The most recent ones include:

  • Java Magazin
    • – Agile Threat Modeling
    • – Secure SDLC
    • – Java Deserialization Attacks
    • – Pentester's Toolbox
  • ObjektSpektrum
    • – DevSecOps Approaches
  • Heise iX
    • – Security Tests with Open-Source Tools
  • Entwickler Magazin
    • – Agile Threat Modeling
    • – Secure SDLC
    • – Java Deserialization Attacks
    • – Pentester's Toolbox
  • Security-Insider
    • – Building Security into Agile Projects

CVE

As part of my security research, I have discovered and responsibly disclosed multiple security vulnerabilities in products and frameworks, resulting in over 30 CVE assignments (including a Java one with a CVSS score of 10), as well as a bug bounty payout from Google for identifying a vulnerability in Google Chrome.

CWE

My research on WebSocket security discovered an entirely new vulnerability class, Cross-Site WebSocket Hijacking (CSWSH). This vulnerability class later received its own CWE entry: CWE-1385: Missing Origin Validation in WebSockets.

Keep up to date

Low-volume newsletter to announce new trainings, services, and conference talks