OWASP Global Education Committee (GEC)

Copyright 2007 © The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.

The OWASP Foundationhttp://www.owasp.org

OWASP Global EducationCommittee (GEC)

WorkshopNovember 11, 2009

OWASP

To cover

• GEC activities• Discussions• Improve Academic buy-in• OWASP ‘endorsed’ speakers /trainers• OWASP ‘Certification’

OWASP 3

Global Education Committee

The primary purpose of the Global Education Committee is: to work with the OWASP Education Project to provide educational materials for both internal and external users, develop liaisons with educational institutions worldwide.

•Martin Knobloch - P (Netherlands),•Mano Paul (U.S.), •Eduardo Neves (Brazil), •Kuai Hinjosa (U.S.), •Cecil Su (Singapore), •Fabio Cerullo - P (Ireland), •Andrzej Targosz (Poland)Board Member Rep: Seba – Sebastien Deleersnyder (Belgium) - P - P: present

OWASP

Challenge: Get everybody on the same Skype Call?

Meeting monthly on last Thursday at 10 PM GMT

OWASP

Categorization

OWASP

Activities

Internationalization of training materialsOWASP boot camp projectAcademic educational servicesOWASP CTF (Andres Riancho – Poland)OWASP certificationOWASP speakers bureau

OWASP

Academic supporters

OWASP

Improve Academic ties

Question: How can we improve academic ‘buy-in’Discussion:

• Increase # academic members• Get OWASP material into curriculae?• Appsec research grants? Parallel to SOC because of

academic year schedules?• Organise events at universities?• Participation in research programs (e.g. advisory boards)?• Target Academic events such as eduCause, JaSig and other

university IT related conference or events where we will NOT preach to the choir

• OWASP U educative video podcasts series created to teach webappsec, interviews with professors

• Export AppSec Research Europe worldwide!

OWASP

OWASP ‘endorsed’ speakers /trainers

Questions we get regularly:• Who do you recommend for webappsec training?• Can you perform training at our company?

Possible solution (discussion?):• List individuals who have delivered training at an

OWASP event?• Collect and publish individual evaluations?• Publish aggregated metric on the trainer – how?• Extend with OWASP related presentations and

make available on Owasp on the Move?

OWASP

OWASP ‘Certification’

Current status:• Summit 08 outcome: we won’t do it ourselves• The question keeps popping up• (ISC)² concrete partnership question

Discussion:• Do we ‘endorse’ 3rd parties to set up OWASP

certifications?• Can we set up a framework of rules for this?• Do we control the ‘body of knowledge’?• Need to become OWASP member?• If name & logo used for certification: special membership?• Extend to OWASP ‘training’

OWASP

Call for ACTION

• Volunteers / SOC proposals• Intake donated material from Andrew and

Matt• Rework in ‘modules’ and push into Education

categories and tracks• Input OWASP Boot Camp!

OWASP

2010 Goals

• BootCamp!• Reachout program to academic partners• OWASP Trainer accreditation & drive

OWASP revenue• Directly: conferences & chapter training• Indirectly: memberships