[Owasp-board] OWASP Training Resources

dinis cruz dinis.cruz at owasp.org
Sat Jun 5 18:41:05 UTC 2010

Hi Mark

Great news,

See my comments below

On 5 Jun 2010, at 17:30, Mark Bristow <mark.bristow at owasp.org> wrote:


The Department of Homeland Security's Software Assurance Forum has
generously provided us with a full day with which to present OWASP projects
and initiatives and we thought this training would be perfect for the
audience at the SwA forum.

This is a great opportunity and we should really make it happen

We did have some questions about the event logistics.  It's my understanding
that the costs are covered out of local chapter funds,

Yes that is the starting point

however what was not clear was the speaker lineup.  Are we supposed to use
your speaker lineup (many of which are intl and would likely exceed our
chapter funds) or can we cover the topics with local resources?

I would say that you should try to find as many local OWASP leaders as

Start with the actual project leaders (Jeff on Top 10, Bruce on WebGoat,
Dave on Top 10, etc..) and then go for the most experienced and reputable
OWASP leaders (i.e. ones have done successful presentations at our

I don't think you need to bring anybody from Europe (you should have enough
talent over there :) ). You should also adjust the schedule to give local
OWASP leaders (at least) a 20m slot to present his project (this is what we
did in London for tools like DirBuster)

On the funding question, here are a couple pointers:

 * Yes you should start with the funds available to the local chapter they
are the easiest to use (and make decisions on). The local chapter has full
decision making power on where to spend these funds  (as long as they are
not paying any OWASP leaders)

 * Note that in London, after taking into account the revenue received from
the 19 new OWASP members that we got, the final cost of theses events for
the London chapter was not that high (and this is not taking into account
that (due to the training) we have a couple strong Corporate memberships on
the way)

 * The SwA events seem to me to be quite a critical and important event for
OWASP, so I would propose that we should try to present the strongest
possible line-up of OWASP leaders, and if there is a need for an extra top
up, as a board member I can give you cover for 2,500 USD, and if more is
needed I'll take it to the Board for decision/approval.

Additionally, we would have to make our event free for all SwA attendees (US
Govt or their guests) in order to make this sucessful, therefore dropping
the Membership requirement (at least this time around).

That is exactly what we did in London, The first event was hosted by British
Airways and the 2nd by Lloyds. Both are NOT current OWASP corporate members,
and the deal was that they would provide the venue (and some coffees) and
bring in up to 15 attendees.

So, yes you can make a model where US Govt + guest don't have to be members
(with the other attendees having to be an OWASP member or part of a company
that is an OWASP Educational Supporter or Corporate member)

Since this has quite a high profile, I think you should email the
owasp-leaders list with the RFP (Request for Presenters (Paulo has an email
template you can use)) and see which OWASP Leaders are available to attend.

But the first step is a date, when do you want to do it?




On Sat, Jun 5, 2010 at 4:41 AM, dinis cruz <dinis.cruz at owasp.org> wrote:

> Ok,
> Can we set some dates for the DC courses? :)
> Dinis Cruz
> On 3 Jun 2010, at 18:50, Mark Bristow <mark.bristow at owasp.org> wrote:
> > Heh Dinis,
> >
> > I'm not on the planning committee for the CN con.  I'm one of the DC
> > guys ;)  Was really just providing the introductions.
> >
> > Although we are planning on doing one of these a couple months out
> > from AppSec DC to help drive interest.
> >
> > -Mark
> >
> > On Thu, Jun 3, 2010 at 1:47 PM, dinis cruz <dinis.cruz at owasp.org>
> > wrote:
> >> Hi Mark,
> >> You can find more details about the London event
> >> here
> http://www.owasp.org/index.php/London/Training/OWASP_projects_and_resources_you_can_use_TODAY
> >>  including
> >> links to all presentations, a series of videos and a number of
> >> supporting
> >> documents (note that those pages are all based on MediaWiki
> >> templates (i.e.
> >> easy to reuse))
> >> Paulo Coimbra (CCed) was one of the key organizers of these events
> >> (he works
> >> for OWASP ) and although he is currently on holiday, when he
> >> returns, he
> >> will be able to help you with the set-up of similar event(s).
> >> AYesterday at the conference call of the OWASP Global Education
> >> Committee
> >> (CCed) it was agreed that this committee would be now taking a
> >> leading role
> >> in the delivery of these type of OWASP Training courses (free for
> >> OWASP
> >> members, funded by the Local Chapter, focused on presenting OWASP
> >> materials,
> >> etc...), for example the Education Committee will soon start
> >> working on the
> >> translation of the existing training materials into French
> >> (followed by
> >> German and Portuguese (not sure which Asian language would be
> >> better for
> >> your community Mark, but we should also support it (with your
> >> help))).
> >> The next step is for you to set up a couple dates (two is better)
> >> so that we
> >> can get the ball rolling.
> >> If I may suggest, what about the 2nd week of July and the last week
> >> of
> >> August?
> >> The reasons why is good to book the dates, is that it really helps
> >> to focus
> >> the efforts, and it doesn't matter if in the end the actual
> >> delivery dates
> >> are different :)
> >> Let us know if you need additional details or help
> >> Dinis Cruz
> >>
> >>
> >> On 3 June 2010 18:11, Mark Bristow <mark.bristow at owasp.org> wrote:
> >>>
> >>> Dinis,
> >>>
> >>> Allow me to introduce Rip Torn, Wellin Zhong and Helen Gao the
> >>> organizers for the China Regional Conference being held in October
> >>> of
> >>> this year.  They were interested in potentially leveraging some of
> >>> the
> >>> success you had with the London training event for their conference.
> >>> Any guidance you could provide them would be greatly appriciated.
> >>>
> >>> Thanks,
> >>> --
> >>> Mark Bristow
> >>>
> >>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> >>> AppSec DC 2010 Organizer - https://www.appsecdc.org
> >>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> >>
> >>
> >
> >
> >
> > --
> > Mark Bristow
> >
> > OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> > AppSec DC 2010 Organizer - https://www.appsecdc.org
> > OWASP DC Chapter Co-Chair - http://is.gd/5MTwu

Mark Bristow

OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
AppSec DC 2010 Organizer - https://www.appsecdc.org
OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100605/2b2f8c50/attachment-0002.html>

More information about the Owasp-board mailing list