120 likes | 236 Views
OWASP Global Education Committee (GEC). Workshop November 11, 2009. To cover. GEC activities Discussions Improve Academic buy-in OWASP ‘endorsed’ speakers /trainers OWASP ‘Certification’. Global Education Committee.
E N D
OWASP Global EducationCommittee (GEC) WorkshopNovember 11, 2009
To cover • GEC activities • Discussions • Improve Academic buy-in • OWASP ‘endorsed’ speakers /trainers • OWASP ‘Certification’
Global Education Committee • The primary purpose of the Global Education Committee is: to work with the OWASP Education Project to provide educational materials for both internal and external users, develop liaisons with educational institutions worldwide. • Martin Knobloch - P (Netherlands), • Mano Paul(U.S.), • Eduardo Neves (Brazil), • Kuai Hinjosa (U.S.), • Cecil Su (Singapore), • Fabio Cerullo - P (Ireland), • Andrzej Targosz (Poland) • Board Member Rep: Seba – Sebastien Deleersnyder (Belgium) - P • - P: present 3
Challenge: Get everybody on the same Skype Call? Meeting monthly on last Thursday at 10 PM GMT
Activities • Internationalization of training materials • OWASP boot camp project • Academic educational services • OWASP CTF (Andres Riancho – Poland) • OWASP certification • OWASP speakers bureau
Improve Academic ties • Question: How can we improve academic ‘buy-in’ • Discussion: • Increase # academic members • Get OWASP material into curriculae? • Appsec research grants? Parallel to SOC because of academic year schedules? • Organise events at universities? • Participation in research programs (e.g. advisory boards)? • Target Academic events such as eduCause, JaSig and other university IT related conference or events where we will NOT preach to the choir • OWASP U educative video podcasts series created to teach webappsec, interviews with professors • Export AppSec Research Europe worldwide!
OWASP ‘endorsed’ speakers /trainers • Questions we get regularly: • Who do you recommend for webappsec training? • Can you perform training at our company? • Possible solution (discussion?): • List individuals who have delivered training at an OWASP event? • Collect and publish individual evaluations? • Publish aggregated metric on the trainer – how? • Extend with OWASP related presentations and make available on Owasp on the Move?
OWASP ‘Certification’ • Current status: • Summit 08 outcome: we won’t do it ourselves • The question keeps popping up • (ISC)² concrete partnership question • Discussion: • Do we ‘endorse’ 3rd parties to set up OWASP certifications? • Can we set up a framework of rules for this? • Do we control the ‘body of knowledge’? • Need to become OWASP member? • If name & logo used for certification: special membership? • Extend to OWASP ‘training’
Call for ACTION • Volunteers / SOC proposals • Intake donated material from Andrew and Matt • Rework in ‘modules’ and push into Education categories and tracks • Input OWASP Boot Camp!
2010 Goals • BootCamp! • Reachout program to academic partners • OWASP Trainer accreditation & drive OWASP revenue • Directly: conferences & chapter training • Indirectly: memberships