[Owasp-leaders] Free training at major OWASP AppSec conferences

Jerry Hoff jerry at owasp.org
Tue Mar 25 17:59:41 UTC 2014


I don’t think it’s just developers - I think we need outreach at 3 levels: developer, security tester & stakeholder.  It would be good to have a 4 hour “free training” session for each group.

BTW, OWASP also offers “free training” on youtube with the tutorial series and the other videos.  The tutorial series alone has about 234,000 views currently.  That’s about the same as offering “free training” at 4000 conferences! :) 



--
Jerry Hoff
@jerryhoff
jerry at owasp.org



On Mar 26, 2014, at 2:50 AM, psiinon <psiinon at gmail.com> wrote:

> And you never know, if this was actually _developer_ focused free training, it might even help us reach the people we really need to get to ... 
> 
> 
> On Tue, Mar 25, 2014 at 5:46 PM, psiinon <psiinon at gmail.com> wrote:
> Well, if one conference is prepared to try this out (AppSec EU, hint hint!) then we could just ask all of the delegates who attend the free training how many of them came as a direct result of the free training...
> 
> 
> On Tue, Mar 25, 2014 at 5:40 PM, Sarah Baso <sarah.baso at owasp.org> wrote:
> I think that is a great suggestion, anything we can do to give MORE value to attendees will undoubtably be better. I am not sure we can isolate the variables enough to say how many more registrations we will get since there are so many other factors that figure into conference registration.... 
> 
> As for the figures, it really depends on the conference location since the price of ticket and training varies based on region (  US, Europe, Latam, APAC).  
> 
> Sarah
> 
> 
> On Tue, Mar 25, 2014 at 10:31 AM, psiinon <psiinon at gmail.com> wrote:
> Do we have any figures as to how much revenue we typically expect from a conference attendee vs how much we raise from those attending (non free) training courses?
> One option would be to limit 'free' training places to those attending the conference.
> If that increased conference attendance (and I know it a big if) then that might offset any revenue lost by people choosing the free training over the paid for ones.
> 
> Cheers,
> 
> Simon
> 
> 
> On Tue, Mar 25, 2014 at 5:23 PM, Jerry Hoff <jerry at owasp.org> wrote:
> I think one major point is we should agree on an official OWASP curriculum and make the “free training” open to all.   The training materials should be free, open source and standardized - then all OWASP members we can do free training globally.
> 
> 
> --
> Jerry Hoff
> @jerryhoff
> jerry at owasp.org
> 
> 
> 
> On Mar 26, 2014, at 2:20 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
> 
>> I think this is a situation where it is a net positive either way and in situations like these I'd prefer to leave it to the leaders running the conference to make the decision as they have first-hand knowledge of budgets and expectation.  I will say that there is empirical data supporting free training as we did this at AppSecUSA 2012 in Austin.  There, Jim Manico did a free bootcamp for ~75 people one day and did a similar paid training with Eoin Keary for 14 attendees the next.  We still managed to raise almost $100k in revenue off training alone for the event.
>> 
>> ~josh
>> 
>> 
>> On Tue, Mar 25, 2014 at 12:05 PM, psiinon <psiinon at gmail.com> wrote:
>> Leaders,
>> 
>> There has been a discussion on the AppSec EU 2014 list regarding the pros and cons of giving free training at major OWASP AppSec conferences.
>> 
>> A _very_ quick summary: Free training is a great way to get our message across, but can (and it is claimed does) eat into our revenue, which will therefore limit what else we can achieve.
>> 
>> A poll was suggested, but it has been pointed out that this might be counterproductive without a more detailed discussion regarding the full impact this sort of free training could have.
>> I can understand that, but I would really like to hear the communities views on this.
>> 
>> I hope thats not too biased an introduction (I'm sure my views will become apparent soon;) and that it is enough to get the discussion started...
>> 
>> Cheers,
>> 
>> Simon
>> 
>> -- 
>> OWASP ZAP Project leader
>> 
>> 
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> 
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> 
> 
> 
> -- 
> OWASP ZAP Project leader
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> 
> 
> 
> -- 
> Executive Director
> OWASP Foundation
> 
> sarah.baso at owasp.org
> +1.312.869.2779
> 
> 
> 
> 
> 
> 
> 
> -- 
> OWASP ZAP Project leader
> 
> 
> 
> -- 
> OWASP ZAP Project leader

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140326/b2dedfe1/attachment.html>


More information about the OWASP-Leaders mailing list