[Owasp-leaders] TRAINING

Tom Brennan tomb at proactiverisk.com
Tue Apr 12 09:35:49 UTC 2016


Login to the chapter.leader at owasp.org gotomeeting account and you would have had it a week ago





> On Apr 12, 2016, at 5:19 AM, johanna curiel curiel <johanna.curiel at owasp.org> wrote:
> 
> >>Since OWASP is AGILE the minimum viable product (MVP) is now LIVE.
> 
> Tom, AGILE <http://www.dummies.com/how-to/content/agile-project-management-for-dummies-cheat-sheet.html> doesn't mean that there no execution plan behind.
> 
> Right now all there is 1 shared account in the GoToTraining 'available' (I have not yet received any credentials to log in). This is by no definition a 'sprint.'I have been a developer for 16 years, my major work right now is about patching insecure applications for the dutch gov, and I have been working with agile/scrum for about 5 years.
> 
> It means the execution plan is cut down through sprints. Right now there are no 'sprints' , there is no plan on what will be produced.
> 
> Thats ok, as long access can be provided to the platform which I still do not have.
> 
> And I need is access to create the tests and the interactive materials. IF, it is expected that I give a training same format as GoToWebinaar, I do not need GoToTraining, then I use Google Hangouts. What interest me in this platform is the interactive tests, but this need to be created before providing the training.
> 
> You mentioned 2 requirements, I filled them all
> a)I I have been a major contributor of the Coe Review project for the .NET section
> b)All the materials I'm planning to create are for free
> 
> STEP 1: provide access to the project leaders, like me, asking for it ;-P
> 
> 18 emails later, + more than 1 week later, my question is and keeps on being: Can I get access?
> 
> On Mon, Apr 11, 2016 at 10:16 PM, Tom Brennan - OWASP <tomb at owasp.org <mailto:tomb at owasp.org>> wrote:
> Since OWASP is AGILE the minimum viable product (MVP) is now LIVE.
> 
> https://www.owasp.org/index.php/Education/Free_Training <https://www.owasp.org/index.php/Education/Free_Training>  note the update and link to the new page
> 
> With a desire, materials and delivery tool now in place and operational, next is a small team who want to experiment
> 
> I might suggest that the requirements are
> 
> a) OWASP Project
> b) OWASP Training that is with open-materials only
> 
> If you can meet those requirements you can unlock and use the tool
> 
> On this thread we touched on APPSEC Events and charging for training.... well here is my 2 cents on that.  At Global AppSec events, local events and even chapter trainings we have seen people deliver training with a 60/40 split. So for those that are looking at the elephant in the room (money) and asking how can this scale...   That same could be TRUE for training at OWASP in the FUTURE as a FREE value to members delivered by live instructors OR a cost as example $50usd (annual membership) to others. Another item would be to have project leaders provide project training for their project if we are collecting the metrics from visitors of who would like a training class.
> 
> For now, we just need to put a few OWASP'ers together that really desire to raise visibility for software security and sprint on it... sprint 2 and 3 would refine it and implement a workflow to manage it and if wildly successful and we need an administrator to administrate all the extra work it creates, then OWASP can hire that person... and make a more useful OWASP Foundation to the WORLD outside the forest.
> 
> Brennan
> 
> 
> 
> 
> On Sun, Apr 10, 2016 at 12:30 PM, johanna curiel curiel <johanna.curiel at owasp.org <mailto:johanna.curiel at owasp.org>> wrote:
> >
> > >>First, do we want to do a training platform as we do at the conferences? This would be easier, as OWASP would be facilitator, less overhead.
> >
> > Agree. It's about providing a platform to educate about security. We do not need to provide certificates or scores, but I think some automated tests for people to evaluate their knowledge is a nice to have.
> >
> > >>Another though,  do we want to risk becoming a competitor with sponsoring  organisations?
> > Definitely not and given the actual resources, we cannot even aspire to compete, but we can provide some free training materials on subjects such as how to secure applications in a given language for example. Think of a format like 'coursera' without the certificate but with the ability to provide tests and interactive materials. This is possible in the GoToTraining platform.That is the cool aspect of this platform.
> >
> > >> it is OWASP provided trainings‎, this is more complicated and I doubt is OWASP is ready / mature enough doing so. More overhead and dedicated resources needed.
> >
> > This is a concerning point. So far I understood, the GoTraining platform was acquired as a 'pilot' project to experiment with trainings. It has no clear execution plan behind. To work without clear objectives to reach a goal , the chances are high that it wont succeed. I think we are trying to launch way too often initiatives without an execution plan, and this is , a waste of time and resources if we keep on doing this.
> >
> > @Eoin
> >
> > >>I'm Certainly happy to train new trainers..I'm sure others are also.. This initiative shall require funding and coordination.
> >
> > Agree. If I set a plan to:
> >
> > Set a group of experienced trainers and group of rookie trainers willing to commit
> > Create a list of tasks on how can the experienced ones train rookies
> > Create a list of courses that rookies and experience trainers are willing to provide
> > Set a budget that will support these activities
> > Submit this for approval to the board
> >
> > End results goals:
> >
> > A series of training materials similar to coursera or khan academy, interactive and high quality into the GoTraining platform
> > A series of training materials that could be also be provided during appsec training but with our own team of trainers.
> > 100% owasp produced materials
> >
> > If you (Eoin and others experienced trainers) are willing to stand behind this plan, I"ll be very glad to help coordinate it and ask for a budget and approval.
> >
> > Cheers
> >
> > Johanna
> >
> >
> >
> >
> > On Sun, Apr 10, 2016 at 10:53 AM, Martin Knobloch <martin.knobloch at owasp.org <mailto:martin.knobloch at owasp.org>> wrote:
> >>
> >> ‎All,
> >>
> >> In my life, the problem is bigger than that.
> >> First, do we want to do a training platform as we do at the conferences? This would be easier, as OWASP would be facilitator, less overhead.
> >> Kate has proposed this years ago. Problem is keeping scores and evaluations. Questions able what info to share publicly and what not.
> >>
> >> If it is OWASP provided trainings‎, this is more complicated and I doubt is OWASP is ready / mature enough doing so. More overhead and dedicated resources needed.
> >> Another though,  do we want to risk becoming a competitor with sponsoring  organisations?
> >>
> >> -martin
> >>
> >>
> >>
> >> From: Eoin Keary
> >> Sent: zondag 10 april 2016 15:51
> >> To: johanna curiel curiel
> >> Cc: owasp-leaders at lists.owasp.org <mailto:owasp-leaders at lists.owasp.org>
> >> Subject: Re: [Owasp-leaders] TRAINING
> >>
> >> I'm Certainly happy to train new trainers.
> >> I'm sure others are also.
> >> This initiative shall require funding and coordination.
> >>
> >> When we deliver free training a novice trainer also  delivers alongside the experienced instructor.  SANS for example do similar to this.  I did this also many years ago to develop internal champions for a global Corp. it works.
> >>
> >>
> >> Eoin Keary
> >> OWASP Volunteer
> >> @eoinkeary
> >>
> >>
> >>
> >> On 9 Apr 2016, at 19:24, johanna curiel curiel <johanna.curiel at owasp.org <mailto:johanna.curiel at owasp.org>> wrote:
> >>
> >> Eoin
> >>
> >> So, the first step is to get those 'experience trainers' 'train' the 'rookie-trainers'
> >>
> >> If this is the case we will need:
> >>
> >> Experienced Trainers willing to provide training
> >> Create a format on how to deliver quality training
> >>
> >>
> >> Are you willing to help the rookies?
> >>
> >> If this is the case then the Experienced ones needs to provide training to the rookies
> >> Experienced ones can provide training through the GoTraining platform
> >>
> >> My questions to those experience ones:
> >> Who is willing to volunteer?
> >> If you are experience and want to help, please respond to this email with 'I do'.
> >>
> >> If we have no experienced trainers willing to help , then rookies will have to look for other alternatives
> >>
> >> Otherwise people, we `keep on suggesting  initiatives that leads to no where...
> >>
> >>
> >>
> >> On Sat, Apr 9, 2016 at 11:11 AM, Eoin Keary <eoin.keary at owasp.org <mailto:eoin.keary at owasp.org>> wrote:
> >>>
> >>> I suggested this before....but a train the trainer programme delivered by experienced trainers could grow the free training capability and quality of OWASP.
> >>>
> >>>
> >>> Eoin Keary
> >>> OWASP Volunteer
> >>> @eoinkeary
> >>>
> >>>
> >>>
> >>> On 9 Apr 2016, at 02:56, John Patrick Lita <john.patrick.lita at owasp.org <mailto:john.patrick.lita at owasp.org>> wrote:
> >>>
> >>> Hi Tom
> >>>
> >>> This is very useful for those who cannot attend the AppSec Conference, but creating an online training is a very challenging and need a lot of time :) if we can have a Practical Training and Management training that would be great! technical Track and management tracks.
> >>>
> >>> let try to make 5-10 training videos and lets see what is the feedback.
> >>>
> >>> On Fri, Apr 8, 2016 at 11:52 AM, johanna curiel curiel <johanna.curiel at owasp.org <mailto:johanna.curiel at owasp.org>> wrote:
> >>>>
> >>>> Hi Tom
> >>>>
> >>>> A week ago I had contact with Kate regarding creating a training inn the OWASP GoTraining platform.
> >>>>
> >>>> We exchanged some emails, however I'm awaiting access to the Training platform since a week ago.
> >>>>
> >>>> How can we make sure that volunteers can actually make use of resources if available in order to move forward with these plans?
> >>>>
> >>>> Cheers
> >>>>
> >>>> Johanna
> >>>>
> >>>> On Fri, Apr 8, 2016 at 2:15 PM, Tom Brennan - OWASP <tomb at owasp.org <mailto:tomb at owasp.org>> wrote:
> >>>>>
> >>>>> There's been discussion around training programs aligned with strategic goals https://www.owasp.org/index.php/OWASP_Strategic_Goals <https://www.owasp.org/index.php/OWASP_Strategic_Goals> locally and globally.
> >>>>>
> >>>>> There are multiple data inputs that influence a investment in this area.
> >>>>>
> >>>>> Please take two minutes and answer the following short multiple-choice survey to capture anonymous metric data to assist further in this process
> >>>>>
> >>>>> Survey
> >>>>> http://goo.gl/forms/nPzqACi0e9 <http://goo.gl/forms/nPzqACi0e9> <--- Google survey link
> >>>>>
> >>>>> Thank you in advance.
> >>>>>
> >>>>> Additional training references
> >>>>> https://www.owasp.org/index.php/OWASP_Training <https://www.owasp.org/index.php/OWASP_Training>
> >>>>>
> >>>>> https://www.owasp.org/index.php/Education/Free_Training <https://www.owasp.org/index.php/Education/Free_Training>
> >>>>>
> >>>>> https://www.owasp.org/index.php/Category:OWASP_Video <https://www.owasp.org/index.php/Category:OWASP_Video>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> The information contained in this message and any attachments may be privileged, confidential, proprietary or otherwise protected from disclosure. If you, the reader of this message, are not the intended recipient, you are hereby notified that any dissemination, distribution, copying or use of this message and any attachment is strictly prohibited. If you have received this message in error, please notify the sender immediately by replying to the message, permanently delete it from your computer and destroy any printout.
> >>>>> _______________________________________________
> >>>>> OWASP-Leaders mailing list
> >>>>> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
> >>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>> --
> >>>> Johanna Curiel
> >>>> OWASP Volunteer
> >>>>
> >>>> _______________________________________________
> >>>> OWASP-Leaders mailing list
> >>>> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
> >>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
> >>>>
> >>>
> >>>
> >>>
> >>> --
> >>> Best Regrads
> >>> John Patrick Lita
> >>> InfoSec Consultant | Instructor | Chapter Leader OWASP Manila
> >>> FB Page @OwaspManila
> >>> https://www.owasp.org/index.php/Manila <https://www.owasp.org/index.php/Manila>
> >>>
> >>> _______________________________________________
> >>> OWASP-Leaders mailing list
> >>> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
> >>> https://lists.owasp.org/mailman/listinfo/owasp-leaders <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
> >>
> >>
> >>
> >>
> >> --
> >> Johanna Curiel
> >> OWASP Volunteer
> >>
> >>
> >
> >
> >
> > --
> > Johanna Curiel
> > OWASP Volunteer
> >
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
> >
> 
> The information contained in this message and any attachments may be privileged, confidential, proprietary or otherwise protected from disclosure. If you, the reader of this message, are not the intended recipient, you are hereby notified that any dissemination, distribution, copying or use of this message and any attachment is strictly prohibited. If you have received this message in error, please notify the sender immediately by replying to the message, permanently delete it from your computer and destroy any printout.
> 
> 
> 
> --
> Johanna Curiel
> OWASP Volunteer


-- 
The information contained in this message and any attachments may be 
privileged, confidential, proprietary or otherwise protected from 
disclosure. If you, the reader of this message, are not the intended 
recipient, you are hereby notified that any dissemination, distribution, 
copying or use of this message and any attachment is strictly prohibited. 
If you have received this message in error, please notify the sender 
immediately by replying to the message, permanently delete it from your 
computer and destroy any printout.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160412/d721524b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160412/d721524b/attachment-0001.pgp>


More information about the OWASP-Leaders mailing list