[Owasp-leaders] Free training at major OWASP AppSec conferences
tobias.gondrom at owasp.org
Tue Mar 25 17:20:43 UTC 2014
+1, I fully support our ops teams and Sarah's analysis and
recommendation on this.
Best wishes, Tobias
OWASP Global Board Member
email: tobias.gondrom at owasp.org <mailto:tobias.gondrom at owasp.org>
On 26/03/14 02:10, Sarah Baso wrote:
> Thanks Simon -
> Here are my thoughts:
> I definitely agree that we should do and need to do free training as
> part of spreading our mission and educating the community. The
> critical piece of this is setting some basic ground rules (operational
> framework) to make this scalable and sustainable.
> The staff discussed this at our recent staff summit and here are the
> proposed ground rules:
> 1. *Basic principals:* use local and free when possible, non
> proprietary training materials, open call for training, try not to
> compete with paid training at global appsecs
> 2. Free training outside of global appsec conferences - not too many
> restrictions, but best to find a way to do these as a low overhead
> cost to OWASP. Venues cost money, flying in trainers costs
> money... but if we try to find free venues and local (or at least
> regional trainers) that are using open source training slides (so
> not necessarily developed by them), THIS is a scalable model. We
> could even find sponsorship opportunities for these the way we do
> for local chapter meetings.
> 3. Free training at global appsec conferences - ok, but should not
> run in direct competition to paid training. We don't need a case
> study to say if there is a free training and a paid training,
> people will sign up for the free training instead of the paid
> (wouldn't you)? What I proposed is that free training at
> conference be in the evening of the training days or during the
> conference days (or the day after as fine) but NOT indirect
> parallel to the paid training. Also, I suggest looking at a
> comparison between topics and time frame of the paid courses vs
> the free course(s). A free training that is for beginners/intro
> that lasts 4 hours likely will not complete with a 2 day hands-on,
> advanced security course.
> 4. I strongly advise (and when it is a global event this should be
> policy) that free training is done through a call for training
> like we do paid training, this opens up the opportunity to anyone
> that is willing to do the training and not just those who we know
> might be willing. I think this will also encourage more people to
> be engaged in OWASP free training. Finally, this will avoid
> giving preference to board members or any one vendor (no criticism
> here, just think that this open policy is preferred).
> I don't know that we need a survey as much as setting a basic
> framework for this and then seeing how it goes. That said, i am good
> with a straw poll, but am interested to see how it would be phrased
> without vastly oversimplifying the issues and variables.
> On Tue, Mar 25, 2014 at 10:05 AM, psiinon <psiinon at gmail.com
> <mailto:psiinon at gmail.com>> wrote:
> There has been a discussion on the AppSec EU 2014 list regarding
> the pros and cons of giving free training at major OWASP AppSec
> A _very_ quick summary: Free training is a great way to get our
> message across, but can (and it is claimed does) eat into our
> revenue, which will therefore limit what else we can achieve.
> A poll was suggested, but it has been pointed out that this might
> be counterproductive without a more detailed discussion regarding
> the full impact this sort of free training could have.
> I can understand that, but I would really like to hear the
> communities views on this.
> I hope thats not too biased an introduction (I'm sure my views
> will become apparent soon;) and that it is enough to get the
> discussion started...
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
> Executive Director
> OWASP Foundation
> sarah.baso at owasp.org <mailto:sarah.baso at owasp.org>
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders