[Owasp-leaders] Chapter Event Idea - Social Hour(s)

Josh Sokol josh.sokol at owasp.org
Mon Oct 7 16:17:39 UTC 2013

My apologies for not responding back sooner.  It was a very busy week for
me.  The OWASP Austin study groups originated when a bunch of us were
interested in getting our CISSPs several years ago.  We originally did them
on Thursday nights from like 6-9 PM.  We would designate a person to be "in
charge" of the topic each week.  Everybody was responsible for the reading
and the person "in charge" would lead the review discussion.  Sometimes
they'd bring a Powerpoint presentation, sometimes just some open notes, and
if we had time we'd go through sample questions at the end.  It was very
effective as a bunch of us ended up getting our CISSPs from that.  So
effective, in fact, that we've continued the study groups going forward.
Now, we do them on Wednesdays from 12-1 PM (over lunch).  Same style where
we have a leader assigned each week
and everyone is expected to have done the reading.  We try to stay flexible
and allow for discussions to go off on tangents if they are of value to the
group.  We pick one book/topic and stick with that through to completion
and usually take a short break (2 weeks to a month) before starting a new
book/topic.  The book/topic is based on feedback from the group on what
they want to study with a majority rule on what we end up selecting.  We
use the http://my.owasp.org groups to coordinate our activities and one of
our leaders has done a nice job of tracking discussions there and
documenting assignments for the upcoming sessions.  It seems to work out

Here's some of the books/topics that we've done:

   - CISSP
   - CEH
   - Web Application Hackers Handbook
   - Visible Ops Security
   - The OWASP Penetration Testing Guide
   - The OWASP Developers Guide
   - OWASP WebGoat
   - Wireshark
   - Metasploit

We are just starting "The Web Application Defender's Cookbook".  Our study
groups usually start out pretty large (15-20 people) and will dwindle to
8-10 typically within the first 2-4 weeks as people lose interest or run
out of time.  It helps if you have a location with a projector so that you
can do demos or presentations on the screen for everyone to see.  VM's are
your best friend for a lot of these topics, but it does take some effort in
getting people up and running so dedicate one session to that if you need
it.  Other than that, just assign someone who will be there most of the
weeks to take charge and keep the group moving forward, make and track
assignments, etc.  It's a fantastic opportunity to learn about new things

The other thing that I mentioned is our new book purchase program.  Due to
the fundraising efforts of our LASCON conference (http://www.lascon.org),
our chapter had some leftover funds to spend.  We decided that we wanted to
use some of this money to encourage people to participate in the study
groups.  To this end, we have begun tracking (roughly in our heads) who
attends the sessions.  If we (the chapter leaders) feel that a person has
made an effort to attend the majority of the sessions in one study group,
then we will offer to purchase their book for the next one.  It cost us
less than $300 to buy books for the 9 people who were active contributors
to our last study group to participate in this next one and this directly
supports OWASP's mission of educating people to enable them to make
informed decisions about true software security risks.  Keep in mind that
buying the books is a "nice thing", but is certainly not necessary and we
have run MANY study groups with individuals buying their own books.  Don't
let that keep you from doing it.

That's a bit long winded, but it should give you everything that you would
need to know to start something similar with your chapter.  If you have any
specific questions, I would be happy to answer them.  Best of luck!


Josh Sokol

On Mon, Sep 30, 2013 at 11:39 AM, ahmed.neil <ahmed.neil at owasp.org> wrote:

> Josh,
> Very interesting. I'd like to know more detsils about the program.
> Sent from my HTC
> -----Original Message-----
> From: Josh Sokol <josh.sokol at owasp.org>
> Sent: 30 سبتمبر, 2013 06:33 م
> To: Eoin Keary <eoin.keary at owasp.org>
> Cc: OWASP Leaders <owasp-leaders at lists.owasp.org>
> Subject: Re: [Owasp-leaders] Chapter Event Idea - Social Hour(s)
> It's a great idea and it's good to get it out on the leaders list (not sure
> if I've seen it posted here before), but indeed, happy hours have been done
> by many chapters in the past.  OWASP Austin has been doing vendor sponsored
> happy hours, dubbed "Austin Security Professionals Happy Hour", on a
> monthly basis since early 2009.
> On a semi-related note, we have also been doing weekly study groups on
> topics including the CISSP, CEH, OWASP WebGoat, OWASP Penetration Testers
> Guide, Web Application Defenders Handbook, and many more for several years
> now.  We do it once a week, over lunch, and they attract a steady group of
> 10 or so people each time.  We've even decided to encourage more people to
> participate by buying the book for people attending the next study group if
> they were at the majority of the meetings for the previous one.  If any of
> the leaders wants more details on how we run this program, let me know.
> ~josh
> On Mon, Sep 30, 2013 at 10:07 AM, Eoin Keary <eoin.keary at owasp.org> wrote:
> [The entire original message is not included]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20131007/87097387/attachment.html>

More information about the OWASP-Leaders mailing list