[Owasp-leaders] How2play Community Engagement OWASP Edition

Avi Douglen douglen at hotmail.com
Sun Jul 6 10:00:00 UTC 2014

While bringing your security stuff to developer meetups, as both Jim and Bill suggested, is great, and probably would give the quickest wins – another way is to have just really amazing talks that pertain directly to developers. It does often take a change in language, to give devs what they are interested in, and not focus on security folks. I.e. not just another kind of XSS, or another way of findings vulnerabilities, or whatever, but more on the coding side, or even dev processes. E.g. “How to use unit testing for security (STDD)”, or “Agile SDL” (both of those are talks we had, among others, at OWASP Israel that drew a large developer audience). 


You would still need to publicize these talks to developer groups, but local LinkedIn groups, mailing lists, even Twitter could help get the word out. But the key is not just a one-time thing, but consistently high quality of talks over time – and make sure to deliver awesomeness! You want them to keep coming back – and bring their friends next time! 



Avi D 



From: owasp-leaders-bounces at lists.owasp.org [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Norman Yue
Sent: Tuesday, July 1, 2014 6:17 PM
To: OWASP Leaders
Subject: [Owasp-leaders] How2play Community Engagement OWASP Edition


Hey folks,


Greetings from sunny (okay, it's not really sunny, but I digress) Sydney, and I hope this email finds you all well.


Over the last 6 months, we have successfully set up what is effectively a little security club in Sydney, and this has worked out amazingly well. Every week, we bring together a small but diverse group of people from various walks of life to get together and work on security projects and wargames, followed by security chit-chat over dinner.


That said, I'd like to expand OWASP Sydney a bit more, and reach out to a wider audience once a month - but I'm not sure how to best engage with developer communities here, so I turn to you for advice.


What have you guys tried that's worked in terms of reaching out to non-security audiences (developers, etc)?


Have a grand and glorious day,




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140706/5aacda18/attachment.html>

More information about the OWASP-Leaders mailing list