[Owasp-leaders] Free training at major OWASP AppSec conferences

Sastry Tumuluri sastry.tumuluri at owasp.org
Thu Mar 27 09:39:24 UTC 2014

In the Chandigarh Chapter, we've been wrestling with this as well. No clear
direction has emerged yet, but broadly, we are in agreement with the "staff
summit ground rules" mentioned by Sarah. i.e.,
- Yes, to free training and open source training material
- No, to direct competition with paid training programs
- We didn't discuss "open call method for training", but I agree with the

ATM, we are too small and fragmented to think in terms of conferences,
sponsorships, impact on revenues / recovery of costs. We are also not setup
properly(?) to handle funds. So I guess we'll need to get to that bridge
first before we talk about crossing it.



On Thu, Mar 27, 2014 at 2:42 AM, Ludovic Petit <ludovic.petit at owasp.org>wrote:

> Thanks Jim for your prompt proposal, much appreciated.
> I'll discuss this with fellows here and give you a feedback, as all is
> also part of a company's strategy when wondering to join OWASP ...
> according the incentive and ROI.
> Say, this is typical of EU Corporate's mindset: the "ROI" they most of the
> time have in mind is about "Support" and value-added for their tech staff
> etc, in the same way a Consulting company will do. As far as I saw
> personally in the past 10 years, they are more (if not solely) focused on
> what I just mentioned rather than a philantropic way to "endorse" an
> approach of any Fondation, including
> This mindset and approach is most of the time different in Anglo-Saxon
> countries, where people, as individuals, and Corporate are more encline to
> engage and join a cause, especially a charitable one, for instance such as
> the OWASP Foundation. This cultural difference rules lots of things in term
> of approach, so strategy ;-)
> In clear and from a pragmatic point of view, a French or EU Corporate will
> triple-check the fact to give USD 5000 to OWASP -even with a perspective of
> 60% tax deductible- AND will ensure to have all garantee of "support",
> rather than an Anglo-Saxon Corporate will be more encline to engage a USD
> 20K or 50K to foster a brand image part of a business strategy (which is
> good and cool as well), in a win-win perspective for all.
> This is the main difference I'm talking about, and there is no real
> solution to that but for Local Chapter to evangelize... and OWASP to try
> thinking out-of the box: how to apply, if possible, a business-related
> approach into an open an charitable ecosystem... to foster and enhance
> Corporate memberships?
> I'm quite long in my post so apologies for this guys, but I kindly remind
> that, as far as we can see in the OWASP financial status, the  Corporate
> memberships amount rules  the existing of the Foundation. That's why.
> Nevertheless, imho, this has to be taken into account in the global
> equation of the OWASP Foundation as well.
> Thanks again Jim!
> Best,
> Ludo
>  Le 26 mars 2014 15:45, "Jim Manico" <jim.manico at owasp.org> a écrit :
>  Ludo,
>> We added two other level of corporate membership that hopefully adds more
>> value for higher levels of sponsorship.
>> https://www.owasp.org/index.php/Corporate_Membership
>> Does this help?
>> Aloha,
>> Jim
>> On 3/26/14, 12:47 AM, Ludovic Petit wrote:
>> Well, I do think that free training at major OWASP AppSec conferences is
>> a good think... for official Corporate Members and official Supporters of
>> local Chapters, as these members are awaiting some good reasons and "ROI"
>> for them to join officially OWASP.
>> To date, the current 'model' is not in that sense, this is why imho this
>> have to evolve accordingly (although I confess this is not so easy as it
>> seems to be).
>> OWASP is a Foundation, yes indeed, but AppSec Conferences and events are
>> a huge responsibility and a hard work for OWASP and volunteers. This is why
>> I think training during AppSec have to be paid by attendees (except for
>> Corporate & Supporters members), because volunteering from OWASP speakers
>> means also lots of work and value-added to do a talk/training.
>> My 2 cents, you can now start to shoot the pianist ;-)
>> Ludo
>>  Ludovic Petit
>> Chapter Leader OWASP France
>> Global Connections Committee Member
>> Skype: lp3tit
>> +33 (0) 6 01 28 20 08
>> ludovic.petit at owasp.org
>> http://www.linkedin.com/in/lpetit
>> -------
>> https://lists.owasp.org/mailman/listinfo/owasp-france
>> https://www.owasp.org/index.php/France
>>  Le 25 mars 2014 18:07, "psiinon" <psiinon at gmail.com> a écrit :
>>>  Leaders,
>>>  There has been a discussion on the AppSec EU 2014 list regarding the
>>> pros and cons of giving free training at major OWASP AppSec conferences.
>>>  A _very_ quick summary: Free training is a great way to get our
>>> message across, but can (and it is claimed does) eat into our revenue,
>>> which will therefore limit what else we can achieve.
>>>  A poll was suggested, but it has been pointed out that this might be
>>> counterproductive without a more detailed discussion regarding the full
>>> impact this sort of free training could have.
>>>  I can understand that, but I would really like to hear the communities
>>> views on this.
>>>  I hope thats not too biased an introduction (I'm sure my views will
>>> become apparent soon;) and that it is enough to get the discussion
>>> started...
>>>  Cheers,
>>>  Simon
>>> --
>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> _______________________________________________
>> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140327/17bd5da7/attachment.html>

More information about the OWASP-Leaders mailing list