[Owasp-leaders] Follow-up >> FW: OWASP Academies.

Arkadiy Goykhberg arkadiy at owasp.org
Wed Dec 1 15:44:42 EST 2010


Great ideas!

I have been pondering on incentives to universities that would help adoption
of app sec curriculum.
One idea that came to my mind is to bring industry into the mix and create
an internship program.
Internship program will bring benefits to both industry and academia.
Industry can offer part time positions during school year and full time
positions during summer and winter breaks to qualified candidates who are
looking for a career in the field of information security.
A number of corporations participate in OWASP and are looking for talent in
this filed. Universities will benefit from offering first hand
industry experience to it's students with a good outlook toward full time
employment after graduation.
It's a win-win situation for all parties involved,
universities, corporations and students

Internship program will define the following:
For universities:
1. Minimum skill requirements ( list of app sec courses completed with an
"acceptable grade").
2. Proficiency tests.
3. TBD

For students:
1. Guides with links to wiki pages that cover concepts that will be tested
in proficiency tests.
2. TBD

For corporations:
1. Proficiency tests.
2. Project selections criteria for an intern (not mission critical, can be
completed within semester, etc)
3. List of tasks that can be assigned to an intern depending
on proficiency (documentation, drafting viso diagrams, report preparation,
running scans, etc).
4. TBD

Local chapters can play a role in creating a bridge between participating *
local* universities and *local* corporations.

I am planing to pilot this in my corp starting next semester.



On Wed, Dec 1, 2010 at 11:11 AM, Nam Nguyen <namn at bluemoon.com.vn> wrote:

> Hi Paulo
>
> Sorry for the out-of-context discussion.
>
> Here're the links to ISACA models:
>
>
> http://www.isaca.org/Knowledge-Center/Academia/Pages/Model-Curriculum-for-IS-Audit-and-Control-2nd-Edition.aspx
>
>
> http://www.isaca.org/Knowledge-Center/Academia/Pages/Model-Curriculum-for-Information-Security-Management.aspx
>
> They are focusing more on high-level pictures rather than web application
> specifics, where I think OWASP could take reign!
>
> Cheers
> Nam
>
> On Wed, 1 Dec 2010 14:53:15 -0000
> "Paulo Coimbra" <paulo.coimbra at owasp.org> wrote:
>
> > Hello Nam,
> >
> >
> >
> > Do you happen to easily find a link to please send us off? I thank you in
> advance.
> >
> >
> >
> > Regards,
> >
> > - Paulo
> >
> >
> >
> >
> >
> > Paulo Coimbra,
> >
> >  <http://www.owasp.org/index.php/User:Paulo_Coimbra> OWASP Project
> Manager
> >
> >
> >
> > From: owasp-leaders-bounces at lists.owasp.org [mailto:
> owasp-leaders-bounces at lists.owasp.org] On Behalf Of Nam Nguyen
> > Sent: quarta-feira, 1 de Dezembro de 2010 04:13
> > To: owasp-leaders at lists.owasp.org
> > Subject: Re: [Owasp-leaders] Follow-up >> FW: OWASP Academies.
> >
> >
> >
> > Dear leaders
> >
> >
> >
> > I really like the ISACA cirriculum model. Perhaps OWASP, as one of the
> app-sec authoritives, could produce a similar model for undergraduate or
> master degree?
> >
> >
> >
> > Cheers
> >
> > Nam
> >
> >
> >
> > On Tue, 30 Nov 2010 15:21:26 -0800 (PST) "Eng. Talal Al-Basha" <
> talal_basha1982 at yahoo.com> wrote:
> >
> >
> >
> > > Dear Sandra,
> >
> > > I have suggestion regarding universities, we should prepare scoped
> >
> > > projects and ideas which could be done as students graduation
> >
> > > projects. in this case, students will have the chance to work on real
> >
> > > projects and we can develop our projects.
> >
> > >
> >
> > > regards,
> >
> > > Talal AlBasha
> >
> > > OWASP Syria chapter leader
> >
> > >
> >
> > >
> >
> > > ________________________________
> >
> > > From: Sandra Paiva <sandra.paiva at owasp.org>
> >
> > > To: owasp-leaders at lists.owasp.org
> >
> > > Cc: global_education_committee at lists.owasp.org
> >
> > > Sent: Mon, November 29, 2010 9:20:14 PM
> >
> > > Subject: [Owasp-leaders] Follow-up >> FW: OWASP Academies.
> >
> > >
> >
> > >
> >
> > > All,
> >
> > >
> >
> > > Following the email below, I am writing you just to say that if you
> >
> > > didn´t have the opportunity or the time to participate in this
> >
> > > discussion, you can still do it. We have received a lot of feedback
> >
> > > and interest and are organizing a meeting for January where we hope
> >
> > > some work can be done to be presented and discussed in the February
> Summit.
> >
> > >
> >
> > > If you feel that you would like to engage and give your contribute,
> >
> > > please fee free to contact me!
> >
> > >
> >
> > > Many thanks, best regards,
> >
> > > Sandra
> >
> > >
> >
> > >
> >
> > > Sandra Paiva
> >
> > > OWASP Training Manager
> >
> > >
> >
> > > De:Sandra Paiva [mailto:sandra.paiva at owasp.org]
> >
> > > Enviada: quinta-feira, 21 de Outubro de 2010 15:18
> >
> > > Para: 'owasp-leaders at lists.owasp.org'
> >
> > > Cc: 'global_education_committee at lists.owasp.org'; 'Paulo Coimbra';
> >
> > > Dave Wichers; Dinis Cruz (dinis.cruz at owasp.org); Eoin Keary; Jeff
> >
> > > Williams; Matt Tesauro; Sebastien Deleersnyder; Tom Brennan
> >
> > > Assunto: OWASP Academies.
> >
> > >
> >
> > > Dear all,
> >
> > >
> >
> > > I have been asked by the OWASP Board to start off the process of
> >
> > > designing and building a new concept that will be closely linked to
> >
> > > the training activities promoted by OWASP and that intends to take this
> area one step further.
> >
> > >
> >
> > > The idea is to create what we will call OWASP Academies –
> >
> > > http://www.owasp.org/index.php/OWASP_Academies.
> >
> > >
> >
> > >
> >
> > > The OWASP Academies will be a frame under which work should be done
> >
> > > with Universities, Polytechnic Institutes, IT Schools and other
> >
> > > Academic institutions with a view to establish solid relationships and
> >
> > > develop with these organisms ways to collaborate and participate in
> >
> > > the design of courses focused on web application security.
> >
> > >
> >
> > > OWASP has the knowledge and critical mass to give an invaluable input
> >
> > > to any Academy focusing on this area – both by contributing with its
> >
> > > expertise in the definition of curricula and course contents that
> >
> > > explore and study the web security field and by making available to
> >
> > > the Academy its pool of interested and willing security experts as
> trainers.
> >
> > >
> >
> > >
> >
> > > As mentioned above, this concept is just at its beginning and we do
> >
> > > not have, as of yet, a clear methodology or set of rules to implement
> >
> > > what hopefully will be a new area of work for OWASP. What is clear,
> >
> > > however, is that to make this happen we will need your input and ideas,
> your energy and your initiative.
> >
> > > Moreover, as we are planning to include this discussion in one of the
> >
> > > Working Sessions to be held in the upcoming OWASP Summit 2011, this
> >
> > > would be the perfect timing to gather your input and contributions.
> >
> > >
> >
> > > Being so, if you have contacts within your local academic communities
> >
> > > and would like to be involved in the design and development of this
> >
> > > concept, please do get back to me with your thoughts!
> >
> > >
> >
> > > I am looking forward to hearing from you!
> >
> > >
> >
> > > Regards,
> >
> > > Sandra
> >
> > >
> >
> > >
> >
> > > Sandra Paiva
> >
> > > OWASP Training Manager
> >
> > >
> >
> > >
> >
> > >
> >
> >
> >
> >
> >
> > --
> >
> > Nam Nguyen, CISA, CISSP, CSSLP
> >
> > Blue Moon Consulting Co., Ltd
> >
> > http://www.bluemoon.com.vn
> >
> > _______________________________________________
> >
> > OWASP-Leaders mailing list
> >
> > OWASP-Leaders at lists.owasp.org
> >
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
>
>
> --
> Nam Nguyen, CISA, CISSP, CSSLP
> Blue Moon Consulting Co., Ltd
> http://www.bluemoon.com.vn
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101201/d0211a96/attachment-0001.html 


More information about the OWASP-Leaders mailing list