[Owasp-leaders] CPE credits for OWASP training and meetings

Robert Shullich robert.shullich at owasp.org
Wed Aug 6 19:02:10 UTC 2014


I disagree. And you are only thinking ISC2 here, but they are not the only player in Town.

I can tell you the some of the other associations, especially EC council (how many CEH out there) won't award the CPE unless the documents are in Oder and presented with the CPE request.  

This response of "no need" is a dis service to the OWASP community and membership.

As far as the work, the easiest and least work I have seen, used at ISSA Exec Forum and at the NYC ASIS conference is printing a bunch of blank certificates, with the date/time of the meeting, CPE awarded, titles of presentations, etc, with the name blank, the form is given out at the meeting towards the end, you can leave it at the sign in table, the attendee if they want one then takes it, writes in their own name, and they have a COA.



Sent from my iPhone
Robert Shullich, CPP, CISSP, CISM, GSEC, CIPP/US
Enterprise Security Architect
Tower Group Companies
Pro Box 026156
Brooklyn NY 11202
(201) 291-7432 (Direct)
(201) 221-8767 (Fax)
(908) 419-5417 (Mobile)


> On Aug 6, 2014, at 1:13 PM, Tobias <tobias.gondrom at owasp.org> wrote:
> 
> Hi Andrew, 
> 
> there is no need for a certificate. 
> For ISC2 people just file the CPE activity and hours in their system and that's it. Randomly they may ask for documentation, in which case, I suggest for trainings and meetings you sent them a link to the chapter meeting or the registration confirmation PDF from AppSec or the training. 
> 
> No need for us to do any additional certificate bureaucracy. 
> 
> Cheers, Tobias
> 
> 
>> On 06/08/14 09:55, Andrew Muller wrote:
>> Thanks Fabio,
>>   This is completely foreign to me so I need to know as much detail as possible :)
>> 
>> Can you please share the certificate format with us? Perhaps we can standardise across all chapter meetings and events.
>> 
>> Andrew
>> 
>>> On Wednesday, 6 August 2014, Fabio Cerullo <fcerullo at owasp.org> wrote:
>>> Guys
>>> 
>>> Each hour of training delivery, etc qualifies for a CPE credit. So in case you organized a 1 hour webcast or in-person delivery, each participant obtains 1 CPE.
>>> 
>>> The way we organised this for chapter meetings is by providing each attendee a certificate of attendance and then they are responsible for submitting them to ISC2.
>>> 
>>> Regards
>>> Fabio
>>> 
>>>> On Wednesday, August 6, 2014, Robert Shullich <robert.shullich at owasp.org> wrote:
>>>> 
>>>> 
>>>> Sent from my iPhone
>>>> Robert Shullich, CPP, CISSP, CISM, GSEC, CIPP/US
>>>> Enterprise Security Architect
>>>> Tower Group Companies
>>>> Pro Box 026156
>>>> Brooklyn NY 11202
>>>> (201) 291-7432 (Direct)
>>>> (201) 221-8767 (Fax)
>>>> (908) 419-5417 (Mobile)
>>>> 
>>>> 
>>>> > On Aug 6, 2014, at 12:12 AM, Robert Shullich <rshullic at mindspring.com> wrote:
>>>> >
>>>> > Last year ISC2 ran a booth at AppSecUSA 2013 and gave automatic conference credits if you went by the booth and got scanned.
>>>> >
>>>> > That being be different, there is three ways to go:
>>>> >
>>>> > Do nothing
>>>> > Get a relationship with ISC2 where we report the CPE for the person
>>>> > Provide a certificate of attendance and let the person then self report
>>>> >
>>>> > I'd go with the last one ax a personal preference although 2&3 together would be even better. The certificate of attendance is audit proof and can be used for multiple assoc. I have certs with ACCEI, ICCP, IAPP, ISC2, EC Council, ASIS and ISACA and maybe some more I can't recall. A certificate and self report works for me.
>>>> >
>>>> > Now in the case of 1 - do nothing - the person can still self report but getting audited could be a challenge.
>>>> >
>>>> > Sent from my iPhone
>>>> > Robert Shullich, CPP, CISSP, CISM, GSEC, CIPP/US
>>>> > Enterprise Security Architect
>>>> > Tower Group Companies
>>>> > Pro Box 026156
>>>> > Brooklyn NY 11202
>>>> > (201) 291-7432 (Direct)
>>>> > (201) 221-8767 (Fax)
>>>> > (908) 419-5417 (Mobile)
>>>> >
>>>> >
>>>> >>> On Aug 5, 2014, at 11:29 PM, "Kevin W. Wall" <kevin.w.wall at gmail.com> wrote:
>>>> >>>
>>>> >>> On Tue, Aug 5, 2014 at 10:00 PM, Andrew Muller <andrew.muller at owasp.org> wrote:
>>>> >>> Hi folks,
>>>> >>> I'm currently running some free ZAP training with Simon telepresenting the
>>>> >>> content. Someone asked about CPE credits and I answered with an emphatic I
>>>> >>> don't know.
>>>> >>>
>>>> >>> I've read https://www.owasp.org/images/c/c1/Cpe_guidelines.pdf but I'm
>>>> >>> wondering if folks have sought to have their training and meetings
>>>> >>> recognised by ISC^2. I spoke to a director of ISC^2 and he seemed
>>>> >>> supportive.
>>>> >>>
>>>> >>> Offering CPE credits would be yet another draw card for those running ailing
>>>> >>> chapters. However I'm keen to understand the recognition process and gotchas
>>>> >>> from someone who has done it already.
>>>> >>>
>>>> >>> Thoughts?
>>>> >> Andrew,
>>>> >>
>>>> >> Can you elaborate? I've used OWASP activities for CPEs
>>>> >> for ISC^2 for years, including my development contributions
>>>> >> to ESAPI. Are you talking about some formal program that
>>>> >> we designate being worth so many CPE credits ahead of time
>>>> >> and then have a formal sign-off for ISC^2, SANS, etc.?
>>>> >> As far as how many CPE credits you get for a specific
>>>> >> activity, I think that varies by which organization you are
>>>> >> submitting them to.
>>>> >>
>>>> >> -kevin
>>>> >> --
>>>> >> Blog: http://off-the-wall-security.blogspot.com/
>>>> >> NSA: All your crypto bit are belong to us.
>>>> >> _______________________________________________
>>>> >> OWASP-Leaders mailing list
>>>> >> OWASP-Leaders at lists.owasp.org
>>>> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> 
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140806/6c000495/attachment.html>


More information about the OWASP-Leaders mailing list