owasp global education committee (gec)
DESCRIPTION
OWASP Global Education Committee (GEC). Workshop November 11, 2009. To cover. GEC activities Discussions Improve Academic buy-in OWASP ‘endorsed’ speakers/trainers OWASP ‘Certification’. Global Education Committee. - PowerPoint PPT PresentationTRANSCRIPT
Copyright 2007 © The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.
The OWASP Foundationhttp://www.owasp.org
OWASP Global EducationCommittee (GEC)
WorkshopNovember 11, 2009
OWASP
To cover
• GEC activities• Discussions• Improve Academic buy-in• OWASP ‘endorsed’ speakers /trainers• OWASP ‘Certification’
OWASP 3
Global Education Committee
The primary purpose of the Global Education Committee is: to work with the OWASP Education Project to provide educational materials for both internal and external users, develop liaisons with educational institutions worldwide.
•Martin Knobloch - P (Netherlands),•Mano Paul (U.S.), •Eduardo Neves (Brazil), •Kuai Hinjosa (U.S.), •Cecil Su (Singapore), •Fabio Cerullo - P (Ireland), •Andrzej Targosz (Poland)Board Member Rep: Seba – Sebastien Deleersnyder (Belgium) - P - P: present
OWASP
Challenge: Get everybody on the same Skype Call?
Meeting monthly on last Thursday at 10 PM GMT
OWASP
Categorization
OWASP
Activities
Internationalization of training materialsOWASP boot camp projectAcademic educational servicesOWASP CTF (Andres Riancho – Poland)OWASP certificationOWASP speakers bureau
OWASP
Academic supporters
OWASP
Improve Academic ties
Question: How can we improve academic ‘buy-in’Discussion:
• Increase # academic members• Get OWASP material into curriculae?• Appsec research grants? Parallel to SOC because of
academic year schedules?• Organise events at universities?• Participation in research programs (e.g. advisory boards)?• Target Academic events such as eduCause, JaSig and other
university IT related conference or events where we will NOT preach to the choir
• OWASP U educative video podcasts series created to teach webappsec, interviews with professors
• Export AppSec Research Europe worldwide!
OWASP
OWASP ‘endorsed’ speakers /trainers
Questions we get regularly:• Who do you recommend for webappsec training?• Can you perform training at our company?
Possible solution (discussion?):• List individuals who have delivered training at an
OWASP event?• Collect and publish individual evaluations?• Publish aggregated metric on the trainer – how?• Extend with OWASP related presentations and
make available on Owasp on the Move?
OWASP
OWASP ‘Certification’
Current status:• Summit 08 outcome: we won’t do it ourselves• The question keeps popping up• (ISC)² concrete partnership question
Discussion:• Do we ‘endorse’ 3rd parties to set up OWASP
certifications?• Can we set up a framework of rules for this?• Do we control the ‘body of knowledge’?• Need to become OWASP member?• If name & logo used for certification: special membership?• Extend to OWASP ‘training’
OWASP
Call for ACTION
• Volunteers / SOC proposals• Intake donated material from Andrew and
Matt• Rework in ‘modules’ and push into Education
categories and tracks• Input OWASP Boot Camp!
OWASP
2010 Goals
• BootCamp!• Reachout program to academic partners• OWASP Trainer accreditation & drive
OWASP revenue• Directly: conferences & chapter training• Indirectly: memberships