Users don't pay attention to your security guidance and they tune out during those training programs you bought because it's all just so boring. But learning "how to be a hack" is interesting, so I've turned cyber security education into an exercise in doing evil. This presentation will discuss why and how I've designed training classes that teach average users how to do some very bad things. I teach people ranging from software engineers to accountants how to carry out specific attacks, crack passwords, social engineer their way to fame and fortune, and so on. Furthermore, the talk discuss how you too can raise general security awareness in so doing. It will comprise a discussion of my general philosophy on teaching evil, instructional design, classes I teach regularly, and topics for classes that are still on the drawing board.