[Owasp-leaders] TRAINING

johanna curiel curiel johanna.curiel at owasp.org
Tue Apr 12 09:19:38 UTC 2016


>>Since OWASP is AGILE the minimum viable product (MVP) is now LIVE.

Tom, AGILE
<http://www.dummies.com/how-to/content/agile-project-management-for-dummies-cheat-sheet.html>
doesn't mean that there no execution plan behind.

Right now all there is 1 shared account in the GoToTraining 'available' (I
have not yet received any credentials to log in). This is by no definition
a 'sprint.'I have been a developer for 16 years, my major work right now is
about patching insecure applications for the dutch gov, and I have been
working with agile/scrum for about 5 years.

It means the execution plan is cut down through sprints. Right now there
are no 'sprints' , there is no plan on what will be produced.

Thats ok, as long access can be provided to the platform which I still do
not have.

And I need is access to create the tests and the interactive materials. IF,
it is expected that I give a training same format as GoToWebinaar, I do not
need GoToTraining, then I use Google Hangouts. What interest me in this
platform is the interactive tests, but this need to be created before
providing the training.

You mentioned 2 requirements, I filled them all
a)I I have been a major contributor of the Coe Review project for the .NET
section
b)All the materials I'm planning to create are for free

STEP 1: provide access to the project leaders, like me, asking for it ;-P

*18 emails later, + more than 1 week later, my question is and keeps on
being: Can I get access?*

On Mon, Apr 11, 2016 at 10:16 PM, Tom Brennan - OWASP <tomb at owasp.org>
wrote:

> Since OWASP is AGILE the minimum viable product (MVP) is now LIVE.
>
> https://www.owasp.org/index.php/Education/Free_Training  note the update
> and link to the new page
>
> With a desire, materials and delivery tool now in place and operational,
> next is a small team who want to experiment
>
> I might suggest that the requirements are
>
> a) OWASP Project
> b) OWASP Training that is with open-materials only
>
> If you can meet those requirements you can unlock and use the tool
>
> On this thread we touched on APPSEC Events and charging for training....
> well here is my 2 cents on that.  At Global AppSec events, local events and
> even chapter trainings we have seen people deliver training with a 60/40
> split. So for those that are looking at the elephant in the room (money)
> and asking how can this scale...   That same could be TRUE for training at
> OWASP in the FUTURE as a FREE value to members delivered by live
> instructors OR a cost as example $50usd (annual membership) to others.
> Another item would be to have project leaders provide project training for
> their project if we are collecting the metrics from visitors of who would
> like a training class.
>
> For now, we just need to put a few OWASP'ers together that really desire *to
> raise visibility for software security* and sprint on it... sprint 2 and
> 3 would refine it and implement a workflow to manage it and if wildly
> successful and we need an administrator to administrate all the extra work
> it creates, then OWASP can hire that person... and make a more useful OWASP
> Foundation to the WORLD outside the forest.
>
> Brennan
>
>
>
>
> On Sun, Apr 10, 2016 at 12:30 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
> >
> > >>First, do we want to do a training platform as we do at the
> conferences? This would be easier, as OWASP would be facilitator, less
> overhead.
> >
> > Agree. It's about providing a platform to educate about security. We do
> not need to provide certificates or scores, but I think some automated
> tests for people to evaluate their knowledge is a nice to have.
> >
> > >>Another though,  do we want to risk becoming a competitor with
> sponsoring  organisations?
> > Definitely not and given the actual resources, we cannot even aspire to
> compete, but we can provide some free training materials on subjects such
> as how to secure applications in a given language for example. Think of a
> format like 'coursera' without the certificate but with the ability to
> provide tests and interactive materials. This is possible in the
> GoToTraining platform.That is the cool aspect of this platform.
> >
> > >> it is OWASP provided trainings‎, this is more complicated and I doubt
> is OWASP is ready / mature enough doing so. More overhead and dedicated
> resources needed.
> >
> > This is a concerning point. So far I understood, the GoTraining platform
> was acquired as a 'pilot' project to experiment with trainings. It has no
> clear execution plan behind. To work without clear objectives to reach a
> goal , the chances are high that it wont succeed. I think we are trying to
> launch way too often initiatives without an execution plan, and this is , a
> waste of time and resources if we keep on doing this.
> >
> > @Eoin
> >
> > >>I'm Certainly happy to train new trainers..I'm sure others are also..
> This initiative shall require funding and coordination.
> >
> > Agree. If I set a plan to:
> >
> > Set a group of experienced trainers and group of rookie trainers willing
> to commit
> > Create a list of tasks on how can the experienced ones train rookies
> > Create a list of courses that rookies and experience trainers are
> willing to provide
> > Set a budget that will support these activities
> > Submit this for approval to the board
> >
> > End results goals:
> >
> > A series of training materials similar to coursera or khan academy,
> interactive and high quality into the GoTraining platform
> > A series of training materials that could be also be provided during
> appsec training but with our own team of trainers.
> > 100% owasp produced materials
> >
> > If you (Eoin and others experienced trainers) are willing to stand
> behind this plan, I"ll be very glad to help coordinate it and ask for a
> budget and approval.
> >
> > Cheers
> >
> > Johanna
> >
> >
> >
> >
> > On Sun, Apr 10, 2016 at 10:53 AM, Martin Knobloch <
> martin.knobloch at owasp.org> wrote:
> >>
> >> ‎All,
> >>
> >> In my life, the problem is bigger than that.
> >> First, do we want to do a training platform as we do at the
> conferences? This would be easier, as OWASP would be facilitator, less
> overhead.
> >> Kate has proposed this years ago. Problem is keeping scores and
> evaluations. Questions able what info to share publicly and what not.
> >>
> >> If it is OWASP provided trainings‎, this is more complicated and I
> doubt is OWASP is ready / mature enough doing so. More overhead and
> dedicated resources needed.
> >> Another though,  do we want to risk becoming a competitor with
> sponsoring  organisations?
> >>
> >> -martin
> >>
> >>
> >>
> >> From: Eoin Keary
> >> Sent: zondag 10 april 2016 15:51
> >> To: johanna curiel curiel
> >> Cc: owasp-leaders at lists.owasp.org
> >> Subject: Re: [Owasp-leaders] TRAINING
> >>
> >> I'm Certainly happy to train new trainers.
> >> I'm sure others are also.
> >> This initiative shall require funding and coordination.
> >>
> >> When we deliver free training a novice trainer also  delivers alongside
> the experienced instructor.  SANS for example do similar to this.  I did
> this also many years ago to develop internal champions for a global Corp.
> it works.
> >>
> >>
> >> Eoin Keary
> >> OWASP Volunteer
> >> @eoinkeary
> >>
> >>
> >>
> >> On 9 Apr 2016, at 19:24, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
> >>
> >> Eoin
> >>
> >> So, the first step is to get those 'experience trainers' 'train' the
> 'rookie-trainers'
> >>
> >> If this is the case we will need:
> >>
> >> Experienced Trainers willing to provide training
> >> Create a format on how to deliver quality training
> >>
> >>
> >> Are you willing to help the rookies?
> >>
> >> If this is the case then the Experienced ones needs to provide training
> to the rookies
> >> Experienced ones can provide training through the GoTraining platform
> >>
> >> My questions to those experience ones:
> >> Who is willing to volunteer?
> >> If you are experience and want to help, please respond to this email
> with 'I do'.
> >>
> >> If we have no experienced trainers willing to help , then rookies will
> have to look for other alternatives
> >>
> >> Otherwise people, we `keep on suggesting  initiatives that leads to no
> where...
> >>
> >>
> >>
> >> On Sat, Apr 9, 2016 at 11:11 AM, Eoin Keary <eoin.keary at owasp.org>
> wrote:
> >>>
> >>> I suggested this before....but a train the trainer programme delivered
> by experienced trainers could grow the free training capability and quality
> of OWASP.
> >>>
> >>>
> >>> Eoin Keary
> >>> OWASP Volunteer
> >>> @eoinkeary
> >>>
> >>>
> >>>
> >>> On 9 Apr 2016, at 02:56, John Patrick Lita <
> john.patrick.lita at owasp.org> wrote:
> >>>
> >>> Hi Tom
> >>>
> >>> This is very useful for those who cannot attend the AppSec Conference,
> but creating an online training is a very challenging and need a lot of
> time :) if we can have a Practical Training and Management training that
> would be great! technical Track and management tracks.
> >>>
> >>> let try to make 5-10 training videos and lets see what is the feedback.
> >>>
> >>> On Fri, Apr 8, 2016 at 11:52 AM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
> >>>>
> >>>> Hi Tom
> >>>>
> >>>> A week ago I had contact with Kate regarding creating a training inn
> the OWASP GoTraining platform.
> >>>>
> >>>> We exchanged some emails, however I'm awaiting access to the Training
> platform since a week ago.
> >>>>
> >>>> How can we make sure that volunteers can actually make use of
> resources if available in order to move forward with these plans?
> >>>>
> >>>> Cheers
> >>>>
> >>>> Johanna
> >>>>
> >>>> On Fri, Apr 8, 2016 at 2:15 PM, Tom Brennan - OWASP <tomb at owasp.org>
> wrote:
> >>>>>
> >>>>> There's been discussion around training programs aligned with
> strategic goals https://www.owasp.org/index.php/OWASP_Strategic_Goals
> locally and globally.
> >>>>>
> >>>>> There are multiple data inputs that influence a investment in this
> area.
> >>>>>
> >>>>> Please take two minutes and answer the following short
> multiple-choice survey to capture anonymous metric data to assist further
> in this process
> >>>>>
> >>>>> Survey
> >>>>> http://goo.gl/forms/nPzqACi0e9 <--- Google survey link
> >>>>>
> >>>>> Thank you in advance.
> >>>>>
> >>>>> Additional training references
> >>>>> https://www.owasp.org/index.php/OWASP_Training
> >>>>>
> >>>>> https://www.owasp.org/index.php/Education/Free_Training
> >>>>>
> >>>>> https://www.owasp.org/index.php/Category:OWASP_Video
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> The information contained in this message and any attachments may be
> privileged, confidential, proprietary or otherwise protected from
> disclosure. If you, the reader of this message, are not the intended
> recipient, you are hereby notified that any dissemination, distribution,
> copying or use of this message and any attachment is strictly prohibited.
> If you have received this message in error, please notify the sender
> immediately by replying to the message, permanently delete it from your
> computer and destroy any printout.
> >>>>> _______________________________________________
> >>>>> OWASP-Leaders mailing list
> >>>>> OWASP-Leaders at lists.owasp.org
> >>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>> --
> >>>> Johanna Curiel
> >>>> OWASP Volunteer
> >>>>
> >>>> _______________________________________________
> >>>> OWASP-Leaders mailing list
> >>>> OWASP-Leaders at lists.owasp.org
> >>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >>>>
> >>>
> >>>
> >>>
> >>> --
> >>> Best Regrads
> >>> John Patrick Lita
> >>> InfoSec Consultant | Instructor | Chapter Leader OWASP Manila
> >>> FB Page @OwaspManila
> >>> https://www.owasp.org/index.php/Manila
> >>>
> >>> _______________________________________________
> >>> OWASP-Leaders mailing list
> >>> OWASP-Leaders at lists.owasp.org
> >>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >>
> >>
> >>
> >>
> >> --
> >> Johanna Curiel
> >> OWASP Volunteer
> >>
> >>
> >
> >
> >
> > --
> > Johanna Curiel
> > OWASP Volunteer
> >
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
>
> The information contained in this message and any attachments may be
> privileged, confidential, proprietary or otherwise protected from
> disclosure. If you, the reader of this message, are not the intended
> recipient, you are hereby notified that any dissemination, distribution,
> copying or use of this message and any attachment is strictly prohibited.
> If you have received this message in error, please notify the sender
> immediately by replying to the message, permanently delete it from your
> computer and destroy any printout.
>



-- 
Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160412/257760f4/attachment-0001.html>


More information about the OWASP-Leaders mailing list