[Owasp-leaders] CPE credits for OWASP training and meetings

Josh Sokol josh.sokol at owasp.org
Mon Aug 11 04:02:53 UTC 2014


In Austin, we maintain a sign-in sheet for meeting attendees.  Attendees
are responsible for self-reporting, but if they get audited (rare, but does
happen), then we can check the sheet to verify attendance and provide a
statement to that effect.  We've never had any issues with this process.
Just thought I'd throw another option out there.

~josh


On Wed, Aug 6, 2014 at 4:28 PM, Tobias <tobias.gondrom at owasp.org> wrote:

>  Thanks. That's what I meant.
> Simple, easy, straight forward.
> Thanks, Tobias
>
>
>
> On 06/08/14 23:14, Fabio Cerullo wrote:
>
> guys
>
>  please find below the template I used for chapter meetings.
>
>  https://www.owasp.org/index.php/File:Certificate_of_participation.ppt
>
>  regards
> Fabio
>
>
> On Wed, Aug 6, 2014 at 8:02 PM, Robert Shullich <robert.shullich at owasp.org
> > wrote:
>
>>  I disagree. And you are only thinking ISC2 here, but they are not the
>> only player in Town.
>>
>>  I can tell you the some of the other associations, especially EC
>> council (how many CEH out there) won't award the CPE unless the documents
>> are in Oder and presented with the CPE request.
>>
>>  This response of "no need" is a dis service to the OWASP community and
>> membership.
>>
>>  As far as the work, the easiest and least work I have seen, used at
>> ISSA Exec Forum and at the NYC ASIS conference is printing a bunch of blank
>> certificates, with the date/time of the meeting, CPE awarded, titles of
>> presentations, etc, with the name blank, the form is given out at the
>> meeting towards the end, you can leave it at the sign in table, the
>> attendee if they want one then takes it, writes in their own name, and they
>> have a COA.
>>
>>
>>
>> Sent from my iPhone
>> Robert Shullich, CPP, CISSP, CISM, GSEC, CIPP/US
>> Enterprise Security Architect
>> Tower Group Companies
>> Pro Box 026156
>>  Brooklyn NY 11202
>> (201) 291-7432 (Direct)
>> (201) 221-8767 (Fax)
>> (908) 419-5417 (Mobile)
>>
>>
>> On Aug 6, 2014, at 1:13 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>>
>>   Hi Andrew,
>>
>> there is no need for a certificate.
>> For ISC2 people just file the CPE activity and hours in their system and
>> that's it. Randomly they may ask for documentation, in which case, I
>> suggest for trainings and meetings you sent them a link to the chapter
>> meeting or the registration confirmation PDF from AppSec or the training.
>>
>> No need for us to do any additional certificate bureaucracy.
>>
>> Cheers, Tobias
>>
>>
>> On 06/08/14 09:55, Andrew Muller wrote:
>>
>> Thanks Fabio,
>>   This is completely foreign to me so I need to know as much detail as
>> possible :)
>>
>>  Can you please share the certificate format with us? Perhaps we can
>> standardise across all chapter meetings and events.
>>
>>  Andrew
>>
>> On Wednesday, 6 August 2014, Fabio Cerullo <fcerullo at owasp.org> wrote:
>>
>>> Guys
>>>
>>>  Each hour of training delivery, etc qualifies for a CPE credit. So in
>>> case you organized a 1 hour webcast or in-person delivery, each participant
>>> obtains 1 CPE.
>>>
>>>  The way we organised this for chapter meetings is by providing each
>>> attendee a certificate of attendance and then they are responsible for
>>> submitting them to ISC2.
>>>
>>>  Regards
>>> Fabio
>>>
>>> On Wednesday, August 6, 2014, Robert Shullich <robert.shullich at owasp.org>
>>> wrote:
>>>
>>>>
>>>>
>>>> Sent from my iPhone
>>>> Robert Shullich, CPP, CISSP, CISM, GSEC, CIPP/US
>>>> Enterprise Security Architect
>>>> Tower Group Companies
>>>> Pro Box 026156
>>>> Brooklyn NY 11202
>>>> (201) 291-7432 (Direct)
>>>> (201) 221-8767 (Fax)
>>>> (908) 419-5417 (Mobile)
>>>>
>>>>
>>>> > On Aug 6, 2014, at 12:12 AM, Robert Shullich <rshullic at mindspring.com>
>>>> wrote:
>>>> >
>>>> > Last year ISC2 ran a booth at AppSecUSA 2013 and gave automatic
>>>> conference credits if you went by the booth and got scanned.
>>>> >
>>>> > That being be different, there is three ways to go:
>>>> >
>>>> > Do nothing
>>>> > Get a relationship with ISC2 where we report the CPE for the person
>>>> > Provide a certificate of attendance and let the person then self
>>>> report
>>>> >
>>>> > I'd go with the last one ax a personal preference although 2&3
>>>> together would be even better. The certificate of attendance is audit proof
>>>> and can be used for multiple assoc. I have certs with ACCEI, ICCP, IAPP,
>>>> ISC2, EC Council, ASIS and ISACA and maybe some more I can't recall. A
>>>> certificate and self report works for me.
>>>> >
>>>> > Now in the case of 1 - do nothing - the person can still self report
>>>> but getting audited could be a challenge.
>>>> >
>>>> > Sent from my iPhone
>>>> > Robert Shullich, CPP, CISSP, CISM, GSEC, CIPP/US
>>>> > Enterprise Security Architect
>>>> > Tower Group Companies
>>>> > Pro Box 026156
>>>> > Brooklyn NY 11202
>>>> > (201) 291-7432 (Direct)
>>>> > (201) 221-8767 (Fax)
>>>> > (908) 419-5417 (Mobile)
>>>> >
>>>> >
>>>> >>> On Aug 5, 2014, at 11:29 PM, "Kevin W. Wall" <
>>>> kevin.w.wall at gmail.com> wrote:
>>>> >>>
>>>> >>> On Tue, Aug 5, 2014 at 10:00 PM, Andrew Muller <
>>>> andrew.muller at owasp.org> wrote:
>>>> >>> Hi folks,
>>>> >>> I'm currently running some free ZAP training with Simon
>>>> telepresenting the
>>>> >>> content. Someone asked about CPE credits and I answered with an
>>>> emphatic I
>>>> >>> don't know.
>>>> >>>
>>>> >>> I've read https://www.owasp.org/images/c/c1/Cpe_guidelines.pdf but
>>>> I'm
>>>> >>> wondering if folks have sought to have their training and meetings
>>>> >>> recognised by ISC^2. I spoke to a director of ISC^2 and he seemed
>>>> >>> supportive.
>>>> >>>
>>>> >>> Offering CPE credits would be yet another draw card for those
>>>> running ailing
>>>> >>> chapters. However I'm keen to understand the recognition process
>>>> and gotchas
>>>> >>> from someone who has done it already.
>>>> >>>
>>>> >>> Thoughts?
>>>> >> Andrew,
>>>> >>
>>>> >> Can you elaborate? I've used OWASP activities for CPEs
>>>> >> for ISC^2 for years, including my development contributions
>>>> >> to ESAPI. Are you talking about some formal program that
>>>> >> we designate being worth so many CPE credits ahead of time
>>>> >> and then have a formal sign-off for ISC^2, SANS, etc.?
>>>> >> As far as how many CPE credits you get for a specific
>>>> >> activity, I think that varies by which organization you are
>>>> >> submitting them to.
>>>> >>
>>>> >> -kevin
>>>> >> --
>>>> >> Blog: http://off-the-wall-security.blogspot.com/
>>>> >> NSA: All your crypto bit are belong to us.
>>>> >> _______________________________________________
>>>> >> OWASP-Leaders mailing list
>>>> >> OWASP-Leaders at lists.owasp.org
>>>> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140810/6792ce04/attachment.html>


More information about the OWASP-Leaders mailing list