[Owasp-leaders] CPE credits for OWASP training and meetings

Andrew Muller andrew.muller at owasp.org
Mon Aug 11 04:16:33 UTC 2014


Thanks josh.
  I'll go with the preprinted certs and sign as required. My objective
is to provide something useful to the infosec community with minimal
overhead. So your suggestion works well in that regard. I'll see how many
are looking to earn CPE credits before I decide which way to go :)

Regards,
  Andrew

On Monday, 11 August 2014, Josh Sokol <josh.sokol at owasp.org> wrote:

> In Austin, we maintain a sign-in sheet for meeting attendees.  Attendees
> are responsible for self-reporting, but if they get audited (rare, but does
> happen), then we can check the sheet to verify attendance and provide a
> statement to that effect.  We've never had any issues with this process.
> Just thought I'd throw another option out there.
>
> ~josh
>
>
> On Wed, Aug 6, 2014 at 4:28 PM, Tobias <tobias.gondrom at owasp.org
> <javascript:_e(%7B%7D,'cvml','tobias.gondrom at owasp.org');>> wrote:
>
>>  Thanks. That's what I meant.
>> Simple, easy, straight forward.
>> Thanks, Tobias
>>
>>
>>
>> On 06/08/14 23:14, Fabio Cerullo wrote:
>>
>> guys
>>
>>  please find below the template I used for chapter meetings.
>>
>>  https://www.owasp.org/index.php/File:Certificate_of_participation.ppt
>>
>>  regards
>> Fabio
>>
>>
>> On Wed, Aug 6, 2014 at 8:02 PM, Robert Shullich <
>> robert.shullich at owasp.org
>> <javascript:_e(%7B%7D,'cvml','robert.shullich at owasp.org');>> wrote:
>>
>>>  I disagree. And you are only thinking ISC2 here, but they are not the
>>> only player in Town.
>>>
>>>  I can tell you the some of the other associations, especially EC
>>> council (how many CEH out there) won't award the CPE unless the documents
>>> are in Oder and presented with the CPE request.
>>>
>>>  This response of "no need" is a dis service to the OWASP community and
>>> membership.
>>>
>>>  As far as the work, the easiest and least work I have seen, used at
>>> ISSA Exec Forum and at the NYC ASIS conference is printing a bunch of blank
>>> certificates, with the date/time of the meeting, CPE awarded, titles of
>>> presentations, etc, with the name blank, the form is given out at the
>>> meeting towards the end, you can leave it at the sign in table, the
>>> attendee if they want one then takes it, writes in their own name, and they
>>> have a COA.
>>>
>>>
>>>
>>> Sent from my iPhone
>>> Robert Shullich, CPP, CISSP, CISM, GSEC, CIPP/US
>>> Enterprise Security Architect
>>> Tower Group Companies
>>> Pro Box 026156
>>>  Brooklyn NY 11202
>>> (201) 291-7432 (Direct)
>>> (201) 221-8767 (Fax)
>>> (908) 419-5417 (Mobile)
>>>
>>>
>>> On Aug 6, 2014, at 1:13 PM, Tobias <tobias.gondrom at owasp.org
>>> <javascript:_e(%7B%7D,'cvml','tobias.gondrom at owasp.org');>> wrote:
>>>
>>>   Hi Andrew,
>>>
>>> there is no need for a certificate.
>>> For ISC2 people just file the CPE activity and hours in their system and
>>> that's it. Randomly they may ask for documentation, in which case, I
>>> suggest for trainings and meetings you sent them a link to the chapter
>>> meeting or the registration confirmation PDF from AppSec or the training.
>>>
>>> No need for us to do any additional certificate bureaucracy.
>>>
>>> Cheers, Tobias
>>>
>>>
>>> On 06/08/14 09:55, Andrew Muller wrote:
>>>
>>> Thanks Fabio,
>>>   This is completely foreign to me so I need to know as much detail as
>>> possible :)
>>>
>>>  Can you please share the certificate format with us? Perhaps we can
>>> standardise across all chapter meetings and events.
>>>
>>>  Andrew
>>>
>>> On Wednesday, 6 August 2014, Fabio Cerullo <fcerullo at owasp.org
>>> <javascript:_e(%7B%7D,'cvml','fcerullo at owasp.org');>> wrote:
>>>
>>>> Guys
>>>>
>>>>  Each hour of training delivery, etc qualifies for a CPE credit. So in
>>>> case you organized a 1 hour webcast or in-person delivery, each participant
>>>> obtains 1 CPE.
>>>>
>>>>  The way we organised this for chapter meetings is by providing each
>>>> attendee a certificate of attendance and then they are responsible for
>>>> submitting them to ISC2.
>>>>
>>>>  Regards
>>>> Fabio
>>>>
>>>> On Wednesday, August 6, 2014, Robert Shullich <
>>>> robert.shullich at owasp.org> wrote:
>>>>
>>>>>
>>>>>
>>>>> Sent from my iPhone
>>>>> Robert Shullich, CPP, CISSP, CISM, GSEC, CIPP/US
>>>>> Enterprise Security Architect
>>>>> Tower Group Companies
>>>>> Pro Box 026156
>>>>> Brooklyn NY 11202
>>>>> (201) 291-7432 (Direct)
>>>>> (201) 221-8767 (Fax)
>>>>> (908) 419-5417 (Mobile)
>>>>>
>>>>>
>>>>> > On Aug 6, 2014, at 12:12 AM, Robert Shullich <
>>>>> rshullic at mindspring.com> wrote:
>>>>> >
>>>>> > Last year ISC2 ran a booth at AppSecUSA 2013 and gave automatic
>>>>> conference credits if you went by the booth and got scanned.
>>>>> >
>>>>> > That being be different, there is three ways to go:
>>>>> >
>>>>> > Do nothing
>>>>> > Get a relationship with ISC2 where we report the CPE for the person
>>>>> > Provide a certificate of attendance and let the person then self
>>>>> report
>>>>> >
>>>>> > I'd go with the last one ax a personal preference although 2&3
>>>>> together would be even better. The certificate of attendance is audit proof
>>>>> and can be used for multiple assoc. I have certs with ACCEI, ICCP, IAPP,
>>>>> ISC2, EC Council, ASIS and ISACA and maybe some more I can't recall. A
>>>>> certificate and self report works for me.
>>>>> >
>>>>> > Now in the case of 1 - do nothing - the person can still self report
>>>>> but getting audited could be a challenge.
>>>>> >
>>>>> > Sent from my iPhone
>>>>> > Robert Shullich, CPP, CISSP, CISM, GSEC, CIPP/US
>>>>> > Enterprise Security Architect
>>>>> > Tower Group Companies
>>>>> > Pro Box 026156
>>>>> > Brooklyn NY 11202
>>>>> > (201) 291-7432 (Direct)
>>>>> > (201) 221-8767 (Fax)
>>>>> > (908) 419-5417 (Mobile)
>>>>> >
>>>>> >
>>>>> >>> On Aug 5, 2014, at 11:29 PM, "Kevin W. Wall" <
>>>>> kevin.w.wall at gmail.com> wrote:
>>>>> >>>
>>>>> >>> On Tue, Aug 5, 2014 at 10:00 PM, Andrew Muller <
>>>>> andrew.muller at owasp.org> wrote:
>>>>> >>> Hi folks,
>>>>> >>> I'm currently running some free ZAP training with Simon
>>>>> telepresenting the
>>>>> >>> content. Someone asked about CPE credits and I answered with an
>>>>> emphatic I
>>>>> >>> don't know.
>>>>> >>>
>>>>> >>> I've read https://www.owasp.org/images/c/c1/Cpe_guidelines.pdf
>>>>> but I'm
>>>>> >>> wondering if folks have sought to have their training and meetings
>>>>> >>> recognised by ISC^2. I spoke to a director of ISC^2 and he seemed
>>>>> >>> supportive.
>>>>> >>>
>>>>> >>> Offering CPE credits would be yet another draw card for those
>>>>> running ailing
>>>>> >>> chapters. However I'm keen to understand the recognition process
>>>>> and gotchas
>>>>> >>> from someone who has done it already.
>>>>> >>>
>>>>> >>> Thoughts?
>>>>> >> Andrew,
>>>>> >>
>>>>> >> Can you elaborate? I've used OWASP activities for CPEs
>>>>> >> for ISC^2 for years, including my development contributions
>>>>> >> to ESAPI. Are you talking about some formal program that
>>>>> >> we designate being worth so many CPE credits ahead of time
>>>>> >> and then have a formal sign-off for ISC^2, SANS, etc.?
>>>>> >> As far as how many CPE credits you get for a specific
>>>>> >> activity, I think that varies by which organization you are
>>>>> >> submitting them to.
>>>>> >>
>>>>> >> -kevin
>>>>> >> --
>>>>> >> Blog: http://off-the-wall-security.blogspot.com/
>>>>> >> NSA: All your crypto bit are belong to us.
>>>>> >> _______________________________________________
>>>>> >> OWASP-Leaders mailing list
>>>>> >> OWASP-Leaders at lists.owasp.org
>>>>> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.org <javascript:_e(%7B%7D,'cvml','OWASP-Leaders at lists.owasp.org');>https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> <javascript:_e(%7B%7D,'cvml','OWASP-Leaders at lists.owasp.org');>
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>

-- 
____________________
*Andrew Muller*
Canberra OWASP Chapter Leader
OWASP Testing Guide Co-Leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140811/07404f55/attachment-0001.html>


More information about the OWASP-Leaders mailing list