[Owasp-leaders] Free training at major OWASP AppSec conferences
Sarah Baso
sarah.baso at owasp.org
Tue Mar 25 17:10:57 UTC 2014
Thanks Simon -
Here are my thoughts:
I definitely agree that we should do and need to do free training as part
of spreading our mission and educating the community. The critical piece
of this is setting some basic ground rules (operational framework) to make
this scalable and sustainable.
The staff discussed this at our recent staff summit and here are the
proposed ground rules:
1. *Basic principals:* use local and free when possible, non
proprietary training materials, open call for training, try not to compete
with paid training at global appsecs
2. Free training outside of global appsec conferences - not too many
restrictions, but best to find a way to do these as a low overhead cost to
OWASP. Venues cost money, flying in trainers costs money... but if we try
to find free venues and local (or at least regional trainers) that are
using open source training slides (so not necessarily developed by them),
THIS is a scalable model. We could even find sponsorship opportunities for
these the way we do for local chapter meetings.
3. Free training at global appsec conferences - ok, but should not run
in direct competition to paid training. We don't need a case study to say
if there is a free training and a paid training, people will sign up for
the free training instead of the paid (wouldn't you)? What I proposed is
that free training at conference be in the evening of the training days or
during the conference days (or the day after as fine) but NOT indirect
parallel to the paid training. Also, I suggest looking at a comparison
between topics and time frame of the paid courses vs the free course(s). A
free training that is for beginners/intro that lasts 4 hours likely will
not complete with a 2 day hands-on, advanced security course.
4. I strongly advise (and when it is a global event this should be
policy) that free training is done through a call for training like we do
paid training, this opens up the opportunity to anyone that is willing to
do the training and not just those who we know might be willing. I think
this will also encourage more people to be engaged in OWASP free training.
Finally, this will avoid giving preference to board members or any one
vendor (no criticism here, just think that this open policy is preferred).
I don't know that we need a survey as much as setting a basic framework for
this and then seeing how it goes. That said, i am good with a straw poll,
but am interested to see how it would be phrased without vastly
oversimplifying the issues and variables.
Best,
Sarah
On Tue, Mar 25, 2014 at 10:05 AM, psiinon <psiinon at gmail.com> wrote:
> Leaders,
>
> There has been a discussion on the AppSec EU 2014 list regarding the pros
> and cons of giving free training at major OWASP AppSec conferences.
>
> A _very_ quick summary: Free training is a great way to get our message
> across, but can (and it is claimed does) eat into our revenue, which will
> therefore limit what else we can achieve.
>
> A poll was suggested, but it has been pointed out that this might be
> counterproductive without a more detailed discussion regarding the full
> impact this sort of free training could have.
> I can understand that, but I would really like to hear the communities
> views on this.
>
> I hope thats not too biased an introduction (I'm sure my views will become
> apparent soon;) and that it is enough to get the discussion started...
>
> Cheers,
>
> Simon
>
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
--
Executive Director
OWASP Foundation
sarah.baso at owasp.org
+1.312.869.2779
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140325/65c60b38/attachment.html>
More information about the OWASP-Leaders
mailing list