[Owasp-leaders] Free training at major OWASP AppSec conferences

Tobias tobias.gondrom at owasp.org
Tue Mar 25 17:20:43 UTC 2014

Hi all,
+1, I fully support our ops teams and Sarah's analysis and
recommendation on this.
Best wishes, Tobias

Tobias Gondrom
OWASP Global Board Member
email: tobias.gondrom at owasp.org <mailto:tobias.gondrom at owasp.org>
skype: tgondrom
twitter: @tgondrom

On 26/03/14 02:10, Sarah Baso wrote:
> Thanks Simon -
> Here are my thoughts:
> I definitely agree that we should do and need to do free training as
> part of spreading our mission and educating the community.  The
> critical piece of this is setting some basic ground rules (operational
> framework) to make this scalable and sustainable.
> The staff discussed this at our recent staff summit and here are the
> proposed ground rules:
>  1. *Basic principals:*  use local and free when possible, non
>     proprietary training materials, open call for training, try not to
>     compete with paid training at global appsecs 
>  2. Free training outside of global appsec conferences - not too many
>     restrictions, but best to find a way to do these as a low overhead
>     cost to OWASP.  Venues cost money, flying in trainers costs
>     money... but if we try to find free venues and local (or at least
>     regional trainers) that are using open source training slides (so
>     not necessarily developed by them), THIS is a scalable model.  We
>     could even find sponsorship opportunities for these the way we do
>     for local chapter meetings.
>  3. Free training at global appsec conferences - ok, but should not
>     run in direct competition to paid training.  We don't need a case
>     study to say if there is a free training and a paid training,
>     people will sign up for the free training instead of the paid
>     (wouldn't you)?  What I proposed is that free training at
>     conference be in the evening of the training days or during the
>     conference days (or the day after as fine) but NOT indirect
>     parallel to the paid training.  Also, I suggest looking at a
>     comparison between topics and time frame of the paid courses vs
>     the free course(s).  A free training that is for beginners/intro
>     that lasts 4 hours likely will not complete with a 2 day hands-on,
>     advanced security course.  
>  4. I strongly advise (and when it is a global event this should be
>     policy) that free training is done through a call for training
>     like we do paid training,  this opens up the opportunity to anyone
>     that is willing to do the training and not just those who we know
>     might be willing.  I think this will also encourage more people to
>     be engaged in OWASP free training.  Finally, this will avoid
>     giving preference to board members or any one vendor (no criticism
>     here, just think that this open policy is preferred).
> I don't know that we need a survey as much as setting a basic
> framework for this and then seeing how it goes.  That said, i am good
> with a straw poll, but am interested to see how it would be phrased
> without vastly oversimplifying the issues and variables.
> Best,
> Sarah
> On Tue, Mar 25, 2014 at 10:05 AM, psiinon <psiinon at gmail.com
> <mailto:psiinon at gmail.com>> wrote:
>     Leaders,
>     There has been a discussion on the AppSec EU 2014 list regarding
>     the pros and cons of giving free training at major OWASP AppSec
>     conferences.
>     A _very_ quick summary: Free training is a great way to get our
>     message across, but can (and it is claimed does) eat into our
>     revenue, which will therefore limit what else we can achieve.
>     A poll was suggested, but it has been pointed out that this might
>     be counterproductive without a more detailed discussion regarding
>     the full impact this sort of free training could have.
>     I can understand that, but I would really like to hear the
>     communities views on this.
>     I hope thats not too biased an introduction (I'm sure my views
>     will become apparent soon;) and that it is enough to get the
>     discussion started...
>     Cheers,
>     Simon
>     -- 
>     OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>     _______________________________________________
>     OWASP-Leaders mailing list
>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
> -- 
> Executive Director
> OWASP Foundation
> sarah.baso at owasp.org <mailto:sarah.baso at owasp.org>
> +1.312.869.2779
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140326/503da25d/attachment-0001.html>

More information about the OWASP-Leaders mailing list