[Owasp-board] Update - CFT Issue re:PCI training via OWASP

Jim Manico jim.manico at owasp.org
Thu May 7 20:10:34 UTC 2015


I would like to shut this down because it makes us a security vendor. We do
not want to be that. We want to be an open source company where all of our
materials and projects are free. To support our strategic goal I suggest we
build free training materials for all to use.

••• I admit I am biased because I am a professional trainer and will excuse
myself from any vote on this or other training issues.

Jim Manico
(808) 652-3805

On May 7, 2015, at 1:04 PM, Paul Ritchie <paul.ritchie at owasp.org> wrote:

To OWASP Board Group List:

I'm pleased to see a healthy discussion and strong viewpoints about
Training since this is one of our continuing Strategic Goals for 2015.  Let
me provide some 'first hand' information about this CFT.

Specifically, this opportunity came from a company who 'knows about OWASP'
and knows and respects our 'quality & style' of training.

They wanted some PCI training for their developers and their "end user
service reps" and they wanted OWASP to provide the training, not one of the
other commercial entities.

As we evaluating this, we determined it met several of our key goals and
objectives, so we decided to run it as a pilot or trial to see how it
worked out for the Community and OWASP.  Does it meet our Core valules?   Open?
- check, Innovative? - check, Global? - check, Done w/Integrity? - check.

1.  It meets the Training goal, and more specifically it provides training
to ~125 Developers as well as ~1,000 customer service reps.
2.  To keep opportunities 'open' we decided to make a broad Call For
Trainer, like we do at our AppSec Conferences.
3.  To ensure the content was not exclusive, we required the open webinar
training to be produced
4.  We are not providing any sort of "certification" for the training - it
is knowledge sharing only.
5.  We have 3 submissions already under the CFT, and more than half a dozen
community members who volunteered to be on the content review team.

6.  Background -- There has been discussion for many years about leveraging
a paid training program that was modeled after the successful conference
style training, as a possible revenue stream for the Foundation.  Many
leaders have supported this in the past.  The conference style model was
attempted in a couple of different places ( Denver and NY) with mixed
results.  This is a sort of hybrid - on a small scale - to see how it

Again, I'm encouraged by all the healthy discussion on Training, and I
acknowledge the strong opinions on this topic.  In summary, this
opportunity popped up, we were able to structure it to meet our goals,
objectives & policies, so we are investing time & resource to 'test' this
new and innovative approach.
You are welcome to reach out to me or Kate with questions.  Kate is closest
to this program and she can connect you with other leaders working on this
as needed.

Best Regards, Paul Ritchie
OWASP Executive Director
paul.ritchie at owasp.org

Owasp-board mailing list
Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150507/e9a37e45/attachment.html>

More information about the Owasp-board mailing list