[Owasp-board] FW: OWASP Con Tutorials

Dinis Cruz dinis at ddplus.net
Thu Dec 27 23:23:42 UTC 2007


I always read the students comments to understand how they view it and
how much they got out of it.

In some ways to there was some room for confusion since I the course
was more a 'Guide tour to OWASP and all it has' than 'How to use OWASP
on the enterprise'

Michelle, if you have more feedback form the one given on those
feedback sheets, please let me know since I am always ready to receive
constructive criticism.

Dinis

On 12/27/07, Jeff Williams <jeff.williams at owasp.org> wrote:
> Yes this was your class. You should touch base with Michelle for the
> specific feedback.  I didn't realize that you hadn't gotten it directly.
> Apparently, several students let her know that the course didn't meet their
> expectations.
>
> It's no big deal, but going forward I think we should be sure to only offer
> professional grade classes.
>
> --Jeff
>
> -----Original Message-----
> From: Dinis Cruz [mailto:dinis at ddplus.net]
> Sent: Thursday, December 27, 2007 11:33 AM
> To: jeff.williams at owasp.org
> Subject: Re: [Owasp-board] FW: OWASP Con Tutorials
>
> What that my class? I know there was a couple things with that course
> but the comments on the feedback on that course were not that bad :(
>
> I did get the feeling that most (if not all) attendees got quite a bit
> from the course (the lowest point was when I left one of the students
> present some of the material for too long)
>
> Dinis
>
> On 12/27/07, Jeff Williams <jeff.williams at owasp.org> wrote:
> > I agree this is a good model to shoot for. But I never want to see an
> > "ad-libbed" course at OWASP ever again. Michelle informed me that many of
> > the attendees were extremely disappointed in the class, and suggested we
> > refund their money based on their feedback.  Therefore, I'd like to add
> that
> > we must receive the course materials along with the proposal.
> >
> > --Jeff
> >
> > -----Original Message-----
> > From: owasp-board-bounces at lists.owasp.org
> > [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Dinis Cruz
> > Sent: Wednesday, December 26, 2007 12:30 PM
> > To: OWASP Board
> > Subject: Re: [Owasp-board] FW: OWASP Con Tutorials
> >
> > Something that I really would like to see at the next OWASP
> > conferences is the 'opening' up of our training.
> >
> > Basically what we need to have is the BlackHat model were there are a
> > bunch of courses being offered (see for example
> > http://www.blackhat.com/html/bh-usa-07/train-bh-usa-07-index.html)
> > that work in the following format:
> >
> >  - Company X or individual contacts OWASP that they want to provide 1
> > or 2 courses at the next conference (& submits proposal)
> >  - OWASP conference comity analyses the proposal (for quality, past
> > delivery experiences, relevance to OWASP and conflict with other
> > courses) and says YES or NO (I would expect most answers to be YES)
> > - If YES, course is added to registration page and registration for
> > them is open.
> > - 1 month (or two weeks) before conference, courses that have less
> > than 5 students are dropped (unless the OWASP board or Conference
> > comity decides that they are strategic for OWASP and want to go ahead
> > with it)
> >  - course is delivered & students fill evaluation forms
> > - the courses with positive evaluation are invited for the next OWASP
> > conference, and the ones with 'not so good feedback' are dropped (note
> > that here there is some room for maneuver since the Conference comity
> > could decide to replace a 'not very popular' course with a new one)
> >
> > Everybody should be able to submit a course proposal and we should
> > give preference to OWASP contributors. The financial model is the one
> > described by Dave (2,000 USD per training day + Expenses (with extra
> > 1,000 USD if the course has more than 20 students)
> >
> > Regarding my (Dinis) course for delivery at the next OWASP conferences
> > I will want to continue to deliver the course on OWASP since I think
> > it is a very important course for OWASP (and with a couple more
> > deliveries I will get it into a good shape). So for .NET I will see if
> > I can get a couple guys I know to propose one (note: The .NET course I
> > delivered was 100% add-libed so I could easily do it independently (I
> > could break these two courses into 1 day each, but that might be too
> > short for the materials to cover))
> >
> > Dinis
> >
> > On 12/22/07, Dave Wichers <dave.wichers at aspectsecurity.com> wrote:
> > > Have you two started working on this at all to figure out how to roll it
> > out?
> > >
> > > -Dave
> > >
> > > -----Original Message-----
> > > From: Tom Brennan - OWASP [mailto:tomb at owasp.org]
> > > Sent: Saturday, December 22, 2007 9:03 AM
> > > To: Dave Wichers; Sebastien Deleersnyder
> > > Cc: Alison McNamee
> > > Subject: Re: OWASP Con Tutorials
> > >
> > > Its a great oppertunity for a independant trainer or a commercial firm
> > that wants to donate the training offering to OWASP turn-key.
> > >
> > > Any news on the membership packs/credit to attend events etc?
> > >
> > > Tom Brennan
> > > OWASP Foundation Board Member
> > > Tel: 973-202-0122 | Url: www.owasp.org
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: "Dave Wichers" <dave.wichers at aspectsecurity.com>
> > >
> > > Date: Sat, 22 Dec 2007 08:44:57
> > > To:"Sebastien Deleersnyder" <seba at deleersnyder.eu>,<tomb at owasp.org>
> > > Cc:"Alison McNamee" <alison.mcnamee at owasp.org>
> > > Subject: RE: OWASP Con Tutorials
> > >
> > >
> > > Are you asking about the revenue share model for people delivering the
> > courses? For people delivering classes, its $2K / day plus travel. And for
> > every 10 students above 20 they get in their class, it's another $1K/day.
> > >
> > > The pricing for the courses should be similar to last year in Milan.
> Could
> > be the same, or slightly higher. That's up to you.
> > >
> > > -Dave
> > >
> > >
> > >
> > > From: Sebastien Deleersnyder [mailto:seba at deleersnyder.eu]
> > >  Sent: Friday, December 21, 2007 11:57 PM
> > >  To: Dave Wichers; tomb at owasp.org
> > >  Cc: 'Alison McNamee'
> > >  Subject: RE: OWASP Con Tutorials
> > >
> > > Dave,
> > >
> > > I'll include your recommendation for Europe
> > > Aspect: 2-day general Web App Sec, AND 1-day Leader/Mgr followed by
> 1-day
> > Rich Internet Applications course.
> > > And will contact Gunnar & Dinis.
> > >
> > > How is the pricing model? Fixed for teachers?
> > >
> > > Regards
> > >
> > > Seab
> > >
> > >
> > > ----------------
> > >
> > > From: Dave Wichers [mailto:dave.wichers at aspectsecurity.com]
> > >  Sent: maandag 17 december 2007 23:03
> > >  To: tomb at owasp.org; Sebastien Deleersnyder
> > >  Cc: Alison McNamee
> > >  Subject: OWASP Con Tutorials
> > >
> > > Guys,
> > >
> > > Aspect is interested in being a tutorial provider at both conferences of
> > course.
> > >
> > > What tutorials were you trying to get at your respective conferences in
> > terms of topics?
> > >
> > > I think a basic class, and language and topic specific classes are a
> good
> > idea. At the OWASP San Jose event we had these tutorials with the
> following
> > # of attendees:
> > >
> > > General two day Web Application Security (Aspect Security): abt 30 -
> We've
> > had 1 or 2 day versions of this at every conference
> > > Two-Day Java/J2EE Web Application Security (Aspect Security): About 17
> > attendees
> > > Two-Day .NET Web Application Security (Aspect Security): 5 Attendees
> > > Two-Day Web Services Security (Gunnar Peterson): abt 30 - We've had 1 or
> 2
> > day versions of this at every conference
> > > Two-Day OWASP Projects/Tools Class (Dinis Cruz): 5 attendees -
> > > Two-Day Mod Security Tutorial (Breach Security): 2 attendees
> > >
> > > The standard and web services classes are staples that should in every
> > conference. You can contact Gunnar at: gunnar at arctecgroup.net
> > >
> > > I'd recommend some language specific classes as well. Dinis does a great
> > .NET class, but he'd need to build it again from scratch. He previously
> used
> > IOActive's content and doesn't have access to that any more.
> > >
> > > Aspect has a 1-day class for managers that I would recommend for both
> > conferences. We've taught this class at least 40 times already. Aspect
> also
> > has a 1-day Rich Internet Applications/AJAX class that we could pair with
> it
> > to take up the 2-days.
> > >
> > > I'd also like to get other providers teaching there as well so I'd
> suggest
> > you solicit, find other vendors. Historically its been 1 class from
> Aspect,
> > 1 from Gunnar, and 1 from Dinis. I'd like to get more providers and Aspect
> > would like to teach 2 different classes if we can. More if you want us to
> J.
> > >
> > > For Europe, I think we can only commit to 2, but for NY we could do as
> > many as you'd like us to teach, but I don't think its appropriate to be
> the
> > 'Aspect' show, so 2 or at the most 3 from Aspect would probably be best.
> > >
> > > In summary: I'd recommend the following:
> > >
> > > Europe: 2-day general Web App Sec, AND 1-day Leader/Mgr followed by
> 1-day
> > Rich Internet Applications course.
> > > U.S. The above, plus the 2-day Java course.
> > >
> > > For both conferences I'd also recommend Gunnar's 2-day web services
> > security course. [Gunnar is also willing to help both of you organize a
> web
> > services security track. Please contact him about that.]
> > >
> > > I'd also encourage Dinis to build his own 2-day .NET class so he can
> offer
> > that class at both conferences as well. When Dinis offered a .NET class at
> > OWASP, he frequently got 15-20 attendees because people know he is REALLY
> > good at .NET stuff.
> > >
> > > -Dave
> > >
> > >
> > >
> > >
> > >
> > _______________________________________________
> > Owasp-board mailing list
> > Owasp-board at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-board
> >
> >
> >
>
>
>


-- 
Dinis Cruz
Chief OWASP Evangelist
http://www.owasp.org



More information about the Owasp-board mailing list