[Owasp-board] Update - CFT Issue re:PCI training via OWASP

Josh Sokol josh.sokol at owasp.org
Fri May 8 12:21:56 UTC 2015


See my earlier e-mail about why this is very different from paid training
at events.

~josh

On Fri, May 8, 2015 at 4:28 AM, Eoin Keary <eoin.keary at owasp.org> wrote:

> We do this already for paid training at events.
> OWASP gets a fee etc etc
>
>
> Eoin Keary
> BCC Risk Advisory - edgescan
> CTO
>
>
> On 8 May 2015, at 03:10, Andrew van der Stock <vanderaj at owasp.org> wrote:
>
> Let's put it on the agenda for Amsterdam as I am concerned that the
> quality of the open materials we have is not high. If we do a  public
> private partnership, I am okay with this as long as it supports our open
> source mission.
>
> Andrew
>
> On Fri, May 8, 2015 at 11:08 AM, Jim Manico <jim.manico at owasp.org> wrote:
>
>> Well said Matt.
>>
>> And Paul, unless the board votes on something, this is just discussion. I
>> look forward to further discussion in Amsterdam.
>>
>> Aloha,
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805
>>
>> On May 7, 2015, at 2:39 PM, Matt Konda <matt.konda at owasp.org> wrote:
>>
>> I think we may need to have a meeting to handle this question properly.
>>
>> I need more context to understand how we got to the position we're in and
>> what our viable options are going forward.  I think everyone is making good
>> points but I'm having trouble coming to any cohesive conclusions.
>>
>> Can we agree not to do anything more than passive information collection
>> (gathering submitted RFPs say) on the current item and to put a review of
>> this specific instance of training on the agenda for Paul's next 1 on 1
>> call?  We might need to extend the time for that call so that we don't
>> monopolize it completely.
>>
>> I would further suggest that we make training strategy a major topic for
>> the board meeting at AppSecEU and work to have some sort of concrete
>> direction to vote on leading up to the meeting.
>>
>> I see lots of potential opportunities and pitfalls ...
>>
>> Matt
>>
>>
>> On Thu, May 7, 2015 at 4:04 PM, Paul Ritchie <paul.ritchie at owasp.org>
>> wrote:
>>
>>> Hi...I've worked with many organizations and I'm enjoying how passionate
>>> and engaged people are about OWASP.
>>>
>>> I see a missing link here in several of our recent email threads about
>>> Training, or Summer of Code, or Project Summit to name a few.
>>> How do we provide community oversight and consensus for various
>>> programs, specifically training?
>>>
>>> As an open community we strive to inform everyone about 'whats going on'
>>> and why.  And then many have strong opinions about "I love it, or I hate
>>> it" or "Go, or Stop".  My mandate is to use our people and resources to
>>> achieve the Goals & objectives of OWASP.  I cannot change direction because
>>> 1 or 2 or 4 people proclaim what "should be done" on an email thread.  I
>>> respect & listen to those opinions, and I may include that sage advice in
>>> our action plans, but I think we all know my objectives come from the
>>> Board, not from individuals.
>>>
>>> We need to move the healthy debate into a structured proposal for, or
>>> against something.  That proposal process from the community, coupled with
>>> the decision process by OWASP leadership is an effective way to reach
>>> community consensus on programs & policies (i.e. recent funding approvals
>>> for SoC and Project Summit).
>>>
>>> So....perhaps the community could use the Committee 2.0 process to set
>>> up a 'Training Steering Committee' much like the Project Review Committee
>>> to help us stay true to our core values.
>>> I really think this will help ensure Community knowledge, history and
>>> expertise are included as we evaluate various training programs going
>>> forward.  We have big goals this year, and our Operations staff could
>>> certainly benefit from your help & experience.
>>>
>>> I'll be in Amsterdam later this month and eager to brainstorm some of
>>> these ideas with others who are attending.
>>>
>>> Paul
>>>
>>>
>>> Best Regards, Paul Ritchie
>>> OWASP Executive Director
>>> paul.ritchie at owasp.org
>>>
>>>
>>> On Thu, May 7, 2015 at 1:10 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>>
>>>> Paul,
>>>>
>>>> I would like to shut this down because it makes us a security vendor.
>>>> We do not want to be that. We want to be an open source company where all
>>>> of our materials and projects are free. To support our strategic goal I
>>>> suggest we build free training materials for all to use.
>>>>
>>>> ••• I admit I am biased because I am a professional trainer and will
>>>> excuse myself from any vote on this or other training issues.
>>>>
>>>> Regards,
>>>> --
>>>> Jim Manico
>>>> @Manicode
>>>> (808) 652-3805
>>>>
>>>> On May 7, 2015, at 1:04 PM, Paul Ritchie <paul.ritchie at owasp.org>
>>>> wrote:
>>>>
>>>> To OWASP Board Group List:
>>>>
>>>> I'm pleased to see a healthy discussion and strong viewpoints about
>>>> Training since this is one of our continuing Strategic Goals for 2015.  Let
>>>> me provide some 'first hand' information about this CFT.
>>>>
>>>> Specifically, this opportunity came from a company who 'knows about
>>>> OWASP' and knows and respects our 'quality & style' of training.
>>>>
>>>> They wanted some PCI training for their developers and their "end user
>>>> service reps" and they wanted OWASP to provide the training, not one of the
>>>> other commercial entities.
>>>>
>>>> As we evaluating this, we determined it met several of our key goals
>>>> and objectives, so we decided to run it as a pilot or trial to see how it
>>>> worked out for the Community and OWASP.  Does it meet our Core valules?   Open?
>>>> - check, Innovative? - check, Global? - check, Done w/Integrity? - check.
>>>>
>>>> 1.  It meets the Training goal, and more specifically it provides
>>>> training to ~125 Developers as well as ~1,000 customer service reps.
>>>> 2.  To keep opportunities 'open' we decided to make a broad Call For
>>>> Trainer, like we do at our AppSec Conferences.
>>>> 3.  To ensure the content was not exclusive, we required the open
>>>> webinar training to be produced
>>>> 4.  We are not providing any sort of "certification" for the training
>>>> - it is knowledge sharing only.
>>>> 5.  We have 3 submissions already under the CFT, and more than half a
>>>> dozen community members who volunteered to be on the content review team.
>>>>
>>>> 6.  Background -- There has been discussion for many years about
>>>> leveraging a paid training program that was modeled after the successful
>>>> conference style training, as a possible revenue stream for the
>>>> Foundation.  Many leaders have supported this in the past.  The conference
>>>> style model was attempted in a couple of different places ( Denver and NY)
>>>> with mixed results.  This is a sort of hybrid - on a small scale - to see
>>>> how it works.
>>>>
>>>> Again, I'm encouraged by all the healthy discussion on Training, and I
>>>> acknowledge the strong opinions on this topic.  In summary, this
>>>> opportunity popped up, we were able to structure it to meet our goals,
>>>> objectives & policies, so we are investing time & resource to 'test' this
>>>> new and innovative approach.
>>>> You are welcome to reach out to me or Kate with questions.  Kate is
>>>> closest to this program and she can connect you with other leaders working
>>>> on this as needed.
>>>>
>>>> Best Regards, Paul Ritchie
>>>> OWASP Executive Director
>>>> paul.ritchie at owasp.org
>>>>
>>>>  _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150508/900df2c1/attachment.html>


More information about the Owasp-board mailing list