Threatspotting
Cyber Risk & Security Services
"What cyber risks keep you awake at night?"
Craig Balding
Managing Director, Threatspotting Ltd
Priors: Group Security CTO of Barclays PLC, GE Red Team Director. Contact
Threatspotting Ltd provides cyber risk and security services to organisations around the globe from our office in Budapest, Hungary.Our services help you:
better understand and proactively manage your cyber risk
establish cyber hygiene across your IT environments
deploy targeted controls to protect your most valuable environments
Our philosophy is threat-centric and our approach is pragmatic. We start by learning your cyber concerns and how that has driven your handling of cyber risk to date. We learn about your business, plans, capabilities and constraints, and then we assess and prioritise the threats you face and help you manage them.Our advice is battle tested and fully independent.
Our Expertise
We have significant expertise and experience in directly addressing key cyber challenges:
Create or overhaul your cyber risk framework
Align your security strategy to your cyber risk appetite
Assess where your cyber capability is today, where it needs to be and how to develop it
Directly help improve specific areas to realise your cyber resilience ambitions.
Coach, develop and mentor your cyber talent
The scope of our engagement could be a specific high risk business process or your enterprise as a whole.
"Tactics is knowing what to do when there is something to do; strategy is knowing what to do when there is nothing to do."- Savielly Tartakower, International Chess Grandmaster
Our Services
We are flexible in how we deliver our services and will tailor them to meet your specific needs. Example services include:
Risk Management Review Improve or overhaul your risk management programme, policy and practice
Cyber Security Strategy Review Assess and calibrate your cyber security strategy in light of your risk appetite
Security Assurance Testing Perform hands-on penetration tests, improve vulnerability management & Red Team advisory
Security Engineering Design and implement key controls and/or security services
Cloud Security Review Accelerate safe adoption of cloud including regulatory compliance
Supply Chain Uplift Assess current risks, develop target capability and devise a practical plan of action
Mergers, Acquisitions & Divestitures Identify and quantify cyber risk, apply tactics and techniques to manage risk
Get in Touch
Threatspotting Kft. Company #01-09-384530. Registered office: 1112 Budapest, Brassó út 19, Hungary
Terms of Service & Privacy Policy © Threatspotting Kft. 2021-2025
Workshop: Pair Programming with Aider to Create High‑Performance Web Security Tools
AI coding tools aren’t self-driving cars—think Trabi, not Tesla. Learn how to stay in control, overcome hallucinations and outdated training data, and deliver secure, reliable code by taking a hands-on approach to pair-programming with Large Language Models (LLMs).Craig Balding
Workshop Creator & Managing Director, Threatspotting Ltd
Overview
This half-day workshop - originally given at BSides BUD 2025 - is designed to help attendees rapidly prototype and build practical security tools using Large Language Models (LLMs) as coding partners. The session demystifies how to harness LLMs - specifically via the open-source terminal-native tool Aider - to develop robust, production-ready Python APIs for real-world security use cases.Participants will build a Python FastAPI-based microservice that transforms raw security signals (such as HTTP response headers and open ports) into actionable intelligence, guided by LLM-powered analysis. The workshop is hands-on, with each segment focused on solving a specific technical challenge that security reseachers and practitioners face in tool development. It covers:LLM-Driven Development Workflow:
Attendees will learn a repeatable workflow for collaborating with LLMs, using Aider to structure ideas, generate and review code, and iterate safely under version control. This includes prompt engineering, managing LLM hallucinations, and overcoming knowledge cut-off issues.Building a Secure FastAPI Service:
The workshop walks through scaffolding a FastAPI application with endpoints for health checks and security analysis. Participants will implement logic to fetch and process HTTP headers from a target URL, optionally enrich results with port scan data, and compose structured prompts for the LLM to prioritise risks and recommend mitigations.Security Hardening and Testing:
We address common pitfalls in LLM-generated code, such as insecure defaults and missing validation. Attendees will add input validation (Pydantic models), API key authentication, and basic automated tests (pytest), ensuring the resulting tool is safe for enterprise environments.AI-Augmented Security Reasoning:
The workshop demonstrates how LLMs can add contextual judgement to otherwise basic scripts, turning raw scan results into prioritised, actionable findings for defenders. We discuss strategies for verifying LLM output, integrating static analysis (e.g., Semgrep), and keeping code and documentation in sync.Practical DevOps & Deployment:
The session concludes with a discussion on extending and operationalising the tool: async refactoring, Docker packaging, CI/CD integration, and ideas for enterprise features such as RBAC and alerting.By the end of the workshop, participants will have:
- A working FastAPI microservice that leverages LLMs for security analysis.
- A clear, practical workflow for pair programming with Aider and LLMs.
- Experience hardening and testing AI-generated code for real-world use.
- A foundation for extending the tool for their own environments and use cases.The workshop is suitable for anyone with basic scripting experience. All code and setup instructions are provided, with a focus on hands-on learning and immediate practical outcomes.
Agenda (3 hours)
| Segment | Format | Duration | Challenge Tackled | Deliverable |
|---|---|---|---|---|
| Welcome & What we’ll build | Motivation | 15 minutes | “What if Shodan had built‑in advice?” | Intro |
| Setup & Smoke Test | Guided | 45 minutes | Environment friction | Aider + FastAPI running locally |
| Exercise 1 – Hello‑World API | Pair‑prog | 30 minutes | Stale LLM knowledge | /health + skeleton /analyze |
| Exercise 2 – Add LLM Intelligence | Pair‑prog | 30 minutes | Prompt design, hallucinations | LLM‑powered analysis logic |
| Exercise 3 – Lock It Down for the Enterprise | Pair‑prog | 30 minutes | Insecure defaults | Validation + API‑key auth + tests |
| Ideation & Improvement Forum | Group discussion | 30 minutes | Future roadmap | Feature ideas + next‑step plan |
From Your Instructor
A chance reading of The Cuckoo’s Egg first sparked my interest in cybersecurity.Motivated by the story, I began testing the defences of the UNIX systems I managed (from a converted horse stable) - starting a journey with no finish line.Curiosity became a career as I explored every layer of enterprise security. Highlights include serving as Group Security CTO for Barclays PLC, leading the original GE Red Team, and driving technical security at GE Money.These roles gave me a front-row seat to the realities of defending large organisations, where theory collides with messy day-to-day challenges. I’ve tackled everything from persistent threats and digital banking fraud to insecure legacy infrastructure, learning what works - and what doesn’t.Today, through my consultancy Threatspotting I advise CISOs facing unique security challenges, guide tech startups to ISO 27001 and teach security pros how to leverage AI.
Logistics & Pricing
This workshop is delivered on-site and in person at your premises. You provide: a suitable room, Wi-Fi, projector (beamer), tables for attendees and instructor and a suitable number of power outlets.All presented workshop materials will be shared with attendees at the conclusion of the workshop.Standard Fee
€5,000 per session, payable upon booking confirmation, plus reasonable travel and (if required) lodging expenses.
Maximum class size: 20 attendees per session.If payment is not received within 7 working days of provisional booking, the reserved dates may be released and offered to other clients.Once a booking is confirmed, fees are non-refundable except in the rare event that I am unable to deliver the workshop as agreed (e.g., due to illness or emergency).No Workshop Fee for Hungarian Not-for-Profit Higher Education Institutions
This workshop is offered free of charge to not-for-profit higher education institutions within Hungary, with capacity for up to 50 accredited students per session. Please note that this offer is intended exclusively for bona fide students of these institutions; sponsoring companies or external organisations are asked to arrange paid sessions.I kindly request reimbursement for reasonable travel costs from Budapest, as well as provision of lunch and refreshments. Please ensure that the workshop schedule allows sufficient time for same-day travel to and from Budapest, so that overnight stays are not required.Attendee Requirements
No advanced programming skills required - this workshop is designed for casual coders and anyone keen to improve their confidence with code, regardless of experience level.
All participants are asked to bring a laptop with Python pre-installed (Aider compatible versions: 3.8-3.13).Contact me to ask questions, check availability and book your workshop.
Threatspotting Ltd Terms of Service and Privacy Statement
1. TermsBy accessing the website at https://www.threatspotting.com, you agree to be bound by these terms of service, all applicable laws and regulations, and agree that you are responsible for compliance with any applicable local laws. If you do not agree with any of these terms, you are prohibited from using or accessing this site. The materials contained in this website are protected by applicable copyright and trademark law.www.threatspotting.com is the official website for Threatspotting Ltd, a Hungarian company limited by shares.2. Use License1. Permission is granted to temporarily download one copy of the materials (information or software) on Threatspotting Ltd's website for personal, non-commercial transitory viewing only. This is the grant of a license, not a transfer of title, and under this license you may not:
1. modify or copy the materials;
2. use the materials for any commercial purpose, or for any public display (commercial or non-commercial);
3. attempt to decompile or reverse engineer any software contained on Threatspotting Ltd's website;
4. remove any copyright or other proprietary notations from the materials; or
5. transfer the materials to another person or "mirror" the materials on any other server.
2. This license shall automatically terminate if you violate any of these restrictions and may be terminated by Threatspotting Ltd at any time. Upon terminating your viewing of these materials or upon the termination of this license, you must destroy any downloaded materials in your possession whether in electronic or printed format.3. Disclaimer1. The materials on Threatspotting Ltd's website are provided on an 'as is' basis. Threatspotting Ltd makes no warranties, expressed or implied, and hereby disclaims and negates all other warranties including, without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property or other violation of rights.
2. Further, Threatspotting Ltd does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on its website or otherwise relating to such materials or on any sites linked to this site.4. LimitationsIn no event shall Threatspotting Ltd or its suppliers be liable for any damages (including, without limitation, damages for loss of data or profit, or due to business interruption) arising out of the use or inability to use the materials on Threatspotting Ltd's website, even if Threatspotting Ltd or a Threatspotting Ltd authorized representative has been notified orally or in writing of the possibility of such damage. Because some jurisdictions do not allow limitations on implied warranties, or limitations of liability for consequential or incidental damages, these limitations may not apply to you.5. Accuracy of materialsThe materials appearing on Threatspotting Ltd's website could include technical, typographical, or photographic errors. Threatspotting Ltd does not warrant that any of the materials on its website are accurate, complete or current. Threatspotting Ltd may make changes to the materials contained on its website at any time without notice. However Threatspotting Ltd does not make any commitment to update the materials.6. LinksThreatspotting Ltd has not reviewed all of the sites linked to its website and is not responsible for the contents of any such linked site. The inclusion of any link does not imply endorsement by Threatspotting Ltd of the site. Use of any such linked website is at the user's own risk.7. ModificationsThreatspotting Ltd may revise these terms of service for its website at any time without notice. By using this website you are agreeing to be bound by the then current version of these terms of service.8. Governing LawThese terms and conditions are governed by and construed in accordance with the laws of Hungary and you irrevocably submit to the exclusive jurisdiction of the courts in that State or location.Privacy StatementGeneral statementThreatspotting Ltd. trading as Threatspotting fully respects your right to privacy, and will not collect any personal information about you on this website without your clear permission. We are not responsible for the content or privacy practices of other websites. Any external links to other websites are clearly identifiable as such. Any personal information which you volunteer to Threatspotting Ltd. trading as Threatspotting will be treated with the highest standards of security and confidentiality, strictly in accordance with the GDPR.Collection and use of personal informationApart from information that you volunteer to Threatspotting Ltd. trading as Threatspotting either by emailing us or by filling out a form, Threatspotting Ltd. trading as Threatspotting does not collect any personal data about you on this website. Threatspotting Ltd. trading as Threatspotting does not make available any personal data about you to any third parties, unless obliged to disclose such information by a rule of law. Any information that you provide is used by Threatspotting Ltd. trading as Threatspotting solely for the purposes for which it is provided. For example; if you send us an email, we will not spam you or sell your email address.Collection and use of technical informationThe website of Threatspotting Ltd. trading as Threatspotting does not use cookies, apart from temporary session cookies which enable a visitors web browser to remember which pages on this website have already been visited. Visitors can use this website with no loss of functionality if cookies are disabled from the web browser.Copyright Notice© 2021-25 Threatspotting Kft. trading as Threatspotting, All rights reservedMaterial on this website is protected by copyright. Any reproduction of material from this website must be requested and authorized in writing from Threatspotting Ltd. trading as Threatspotting. Authorized reproduction of material must include all copyright and proprietary notices in the same form and manner as the original, and must not be modified in any way. Acknowledgement of the source of the material must also be included in all references. Threatspotting Ltd. trading as Threatspotting reserves the right to revoke such authorization at any time, and any such use must be discontinued immediately upon notice from Threatspotting Ltd. trading as Threatspotting.