[Global_education_committee] OWASP Training Resources

Mark Bristow mark.bristow at owasp.org
Mon Jun 7 09:25:59 EDT 2010


Dinis,

Pretty sure it's Monday, September 27.  We're still working out the details
with SwA.

Once we get the dates locked in, we'll put an announcement to the OWASP
Washington and VA lists to see what local resources are available (as well
as reaching out to the project leaders) to get the ball rolling and see
where we are at with funding needs.  We may also couple this into the AppSec
DC budget as another option but we still need to do more sponsorship work
there (but we have a verbal on a diamond so far).

I agree that interfacing with Governments is a strategic imitative for
OWASP.  If we can get the purchasing power of governments behind application
security I think we have an opportunity to really drive security into
software (web and rich client alike) and make significant progress in this
area.  I'm glad we have your support on this.

-Mark

On Sat, Jun 5, 2010 at 2:41 PM, dinis cruz <dinis.cruz at owasp.org> wrote:

> Hi Mark
>
> Great news,
>
> See my comments below
>
>
> On 5 Jun 2010, at 17:30, Mark Bristow <mark.bristow at owasp.org> wrote:
>
> Dinis,
>
> The Department of Homeland Security's Software Assurance Forum has
> generously provided us with a full day with which to present OWASP projects
> and initiatives and we thought this training would be perfect for the
> audience at the SwA forum.
>
>
> This is a great opportunity and we should really make it happen
>
> We did have some questions about the event logistics.  It's my
> understanding that the costs are covered out of local chapter funds,
>
>
> Yes that is the starting point
>
> however what was not clear was the speaker lineup.  Are we supposed to use
> your speaker lineup (many of which are intl and would likely exceed our
> chapter funds) or can we cover the topics with local resources?
>
>
> I would say that you should try to find as many local OWASP leaders as
> possible.
>
> Start with the actual project leaders (Jeff on Top 10, Bruce on WebGoat,
> Dave on Top 10, etc..) and then go for the most experienced and reputable
> OWASP leaders (i.e. ones have done successful presentations at our
> conferences).
>
> I don't think you need to bring anybody from Europe (you should have enough
> talent over there :) ). You should also adjust the schedule to give local
> OWASP leaders (at least) a 20m slot to present his project (this is what we
> did in London for tools like DirBuster)
>
> On the funding question, here are a couple pointers:
>
>  * Yes you should start with the funds available to the local chapter they
> are the easiest to use (and make decisions on). The local chapter has full
> decision making power on where to spend these funds  (as long as they are
> not paying any OWASP leaders)
>
>  * Note that in London, after taking into account the revenue received from
> the 19 new OWASP members that we got, the final cost of theses events for
> the London chapter was not that high (and this is not taking into account
> that (due to the training) we have a couple strong Corporate memberships on
> the way)
>
>  * The SwA events seem to me to be quite a critical and important event for
> OWASP, so I would propose that we should try to present the strongest
> possible line-up of OWASP leaders, and if there is a need for an extra top
> up, as a board member I can give you cover for 2,500 USD, and if more is
> needed I'll take it to the Board for decision/approval.
>
>
> Additionally, we would have to make our event free for all SwA attendees
> (US Govt or their guests) in order to make this sucessful, therefore
> dropping the Membership requirement (at least this time around).
>
>
> That is exactly what we did in London, The first event was hosted by
> British Airways and the 2nd by Lloyds. Both are NOT current OWASP corporate
> members, and the deal was that they would provide the venue (and some
> coffees) and bring in up to 15 attendees.
>
> So, yes you can make a model where US Govt + guest don't have to be members
> (with the other attendees having to be an OWASP member or part of a company
> that is an OWASP Educational Supporter or Corporate member)
>
> Since this has quite a high profile, I think you should email the
> owasp-leaders list with the RFP (Request for Presenters (Paulo has an email
> template you can use)) and see which OWASP Leaders are available to attend.
>
> But the first step is a date, when do you want to do it?
>
> :)
>
> Dinis
>
>
> -Mark
>
>
> On Sat, Jun 5, 2010 at 4:41 AM, dinis cruz < <dinis.cruz at owasp.org>
> dinis.cruz at owasp.org> wrote:
>
>> Ok,
>>
>> Can we set some dates for the DC courses? :)
>>
>> Dinis Cruz
>>
>> On 3 Jun 2010, at 18:50, Mark Bristow < <mark.bristow at owasp.org>
>> mark.bristow at owasp.org> wrote:
>>
>> > Heh Dinis,
>> >
>> > I'm not on the planning committee for the CN con.  I'm one of the DC
>> > guys ;)  Was really just providing the introductions.
>> >
>> > Although we are planning on doing one of these a couple months out
>> > from AppSec DC to help drive interest.
>> >
>> > -Mark
>> >
>> > On Thu, Jun 3, 2010 at 1:47 PM, dinis cruz < <dinis.cruz at owasp.org>
>> dinis.cruz at owasp.org>
>> > wrote:
>> >> Hi Mark,
>> >> You can find more details about the London event
>> >> here
>> <http://www.owasp.org/index.php/London/Training/OWASP_projects_and_resources_you_can_use_TODAY>
>> http://www.owasp.org/index.php/London/Training/OWASP_projects_and_resources_you_can_use_TODAY
>> >>  including
>> >> links to all presentations, a series of videos and a number of
>> >> supporting
>> >> documents (note that those pages are all based on MediaWiki
>> >> templates (i.e.
>> >> easy to reuse))
>> >> Paulo Coimbra (CCed) was one of the key organizers of these events
>> >> (he works
>> >> for OWASP ) and although he is currently on holiday, when he
>> >> returns, he
>> >> will be able to help you with the set-up of similar event(s).
>> >> AYesterday at the conference call of the OWASP Global Education
>> >> Committee
>> >> (CCed) it was agreed that this committee would be now taking a
>> >> leading role
>> >> in the delivery of these type of OWASP Training courses (free for
>> >> OWASP
>> >> members, funded by the Local Chapter, focused on presenting OWASP
>> >> materials,
>> >> etc...), for example the Education Committee will soon start
>> >> working on the
>> >> translation of the existing training materials into French
>> >> (followed by
>> >> German and Portuguese (not sure which Asian language would be
>> >> better for
>> >> your community Mark, but we should also support it (with your
>> >> help))).
>> >> The next step is for you to set up a couple dates (two is better)
>> >> so that we
>> >> can get the ball rolling.
>> >> If I may suggest, what about the 2nd week of July and the last week
>> >> of
>> >> August?
>> >> The reasons why is good to book the dates, is that it really helps
>> >> to focus
>> >> the efforts, and it doesn't matter if in the end the actual
>> >> delivery dates
>> >> are different :)
>> >> Let us know if you need additional details or help
>> >> Dinis Cruz
>> >>
>> >>
>> >> On 3 June 2010 18:11, Mark Bristow < <mark.bristow at owasp.org>
>> mark.bristow at owasp.org> wrote:
>> >>>
>> >>> Dinis,
>> >>>
>> >>> Allow me to introduce Rip Torn, Wellin Zhong and Helen Gao the
>> >>> organizers for the China Regional Conference being held in October
>> >>> of
>> >>> this year.  They were interested in potentially leveraging some of
>> >>> the
>> >>> success you had with the London training event for their conference.
>> >>> Any guidance you could provide them would be greatly appriciated.
>> >>>
>> >>> Thanks,
>> >>> --
>> >>> Mark Bristow
>> >>>
>> >>> OWASP Global Conferences Committee Chair - <http://is.gd/5MTvF>
>> http://is.gd/5MTvF
>> >>> AppSec DC 2010 Organizer - <https://www.appsecdc.org>
>> https://www.appsecdc.org
>> >>> OWASP DC Chapter Co-Chair - <http://is.gd/5MTwu>http://is.gd/5MTwu
>> >>
>> >>
>> >
>> >
>> >
>> > --
>> > Mark Bristow
>> >
>> > OWASP Global Conferences Committee Chair - <http://is.gd/5MTvF>
>> http://is.gd/5MTvF
>> > AppSec DC 2010 Organizer - <https://www.appsecdc.org>
>> https://www.appsecdc.org
>> > OWASP DC Chapter Co-Chair - <http://is.gd/5MTwu>http://is.gd/5MTwu
>>
>
>
>
> --
> Mark Bristow
>
> OWASP Global Conferences Committee Chair - <http://is.gd/5MTvF>
> http://is.gd/5MTvF
> AppSec DC 2010 Organizer - <https://www.appsecdc.org>
> https://www.appsecdc.org
> OWASP DC Chapter Co-Chair - <http://is.gd/5MTwu>http://is.gd/5MTwu
>
>


-- 
Mark Bristow

OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
AppSec DC 2010 Organizer - https://www.appsecdc.org
OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_education_committee/attachments/20100607/e94aac30/attachment.html 


More information about the Global_education_committee mailing list