[Global_education_committee] Idea for local chapters: providing locally delivered training sessions

dinis cruz dinis.cruz at owasp.org
Fri Mar 6 03:38:57 EST 2009

Yo, Chapter, Education and Project Committees

Before these committees were formed there was an idea that we talked about
which was for OWASP to organize regular training events (outside our
conferences) for example once a quarter in the USA, Europe, Asia.
For a number of reasons this never happened, but now that we have these
super-powerful and motivated committees, I think we should revise this idea
and create a model where it is very easy to organize and deliver OWASP
training sessions at our local chapter locations.

What we need are rules-of-engagement, so here is my first proposed set of

   - This training would be delivered OUTSIDE the scope and timing of OWASP
   conferences (since they have already their own organization model)
   - The training should be organized by local OWASP projects (and I would
   expect that it would be the bigger one and most organized to lead the way)
   - The student cost per day should be similar to what we do at our
   conferences. In the US that was (2-Days - $1350 1 day $675) and in Europe
   (910 Euros (2 days) - 455 Euros (1 day))
   - We need to clarify the payment rules for the trainer (individual or
   company). In the past this was either a flat 2000 USD per day of training or
   a percentage (15% to 30%) of the profits. I think we should propose a couple
   models and let the local chapter leaders negotiate this
   - The process of organizing the courses is actually quite simple:
      - Find the instructors and agree with them on the course
      topic, curriculum, duration and financial model
      - Find a venue (ideally one that has NO upfront costs and can easily
      scale). For example I have been organizing some courses in
London with the
      help of a UK developer group (see details here
      http://www.nxtgenug.net/Course.aspx?CourseID=5) and it very easy to do
      this using local 4+ Star hotels with minimum risk in case the number of
      students is not very high
      - Advertise the course to the local OWASP community
      - Set-up a CVENT payment page (or they could use the 'donation' button
      at each chapter page)
      - Sort out the logistics of the day (projector, who needs to be where
      and when, lunches, dinners, coffees,etc...)
      - Deliver the course (and collect feedback comments)
   - Only OWASP Members or active OWASP Project leaders can apply for
   - The revenue split for the profits is the same as the one used for
   locally driven memberships (60/40).
   - There should be NO costs for OWASP mothership in the cases where the
   course is not profitable (lets say there was not enough students or the
   costs (flight+accommodation) for the guest trainer were higher than
      - But, for the local chapters that have already some money accrued
      from local memberships, they could use this money to pay for those extra
      costs (i.e. run a course at a 'loss', if that adds value to the
local OWASP
      - In fact, I think it would be a great IDEA to provide 'free' training
      tickets to people/companies the local chapter thinks deserve one:
         - the local chapter leaders (nice perk for all the hard work)
         - local corporate members (who contributed to that chapter's
         - local media contacts
         - specific key individuals that the local chapter wishes should
         attract to OWASP (possible corporate sponsors, local
politicians, etc...)

         - The rules for being a trainer should be the same that we use for
   our conferences, and we should promote both AppSec courses and OWASP
   Specific courses
   - On the topic of OWASP-specific courses, we need to leverage the amazing
   OWASP resources we have at :
      - OWASP Projects
      - Some tools and Documents are perfect targets for 1/2 day, 1 day or 2
         day training (specially the ones have books now)
         - At the summit we experimented with the idea to have OWASP
         specific courses and we come up with a great list of courses:
         http://www.owasp.org/index.php/OWASP_EU_Summit_2008_Former_Agenda lets
         reuse that work and allow local chapters to deliver courses based on
         (and taught by) our project leaders hard work

         - OWASP Education Committee - check out these amazing resources
      that they are working on (from
      https://www.owasp.org/index.php/Global_Education_Committee )

               - 3.2 Train the trainers (Teach the
               - 3.3 Create an online assessment and training
               - 3.4 OWASP Boot Camp
               - 3.5 OWASP CTF
               - 3.6 Speakers Bureau
               - 3.7 Marketing
               - 3.8 Internationalization of the training
               - 3.9 Education
               - 3.10 Academic Educational
            - Finally we will need to have a central point of contact for
   this type of training activities. I think it would make sense to be the
   Global Chapter Committee since would be a chapter lead initiative

What do you guys think?

The good news of this type of model is that all the work will need to be
done by the local chapter, all we are doing is saying, hey, here is an idea,
go and implement it :)

Dinis Cruz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_education_committee/attachments/20090306/261f3507/attachment.html 

More information about the Global_education_committee mailing list