Veterans Program Proposal

The Veterans Program would take a number of veterans into the OWASP community to work on participating projects. OWASP has projects in: code, tools and documentation. The goal would be for participants to pick which section they would like to work under. If none of the sections fit abilities or interests, participants may be able to create their own projects provided they have a coherent project roadmap and a limited budget. The program would be contingent upon project participation. It would be better to pull from the flagship projects during a new release cycle, rather than to throw participants into under developed projects in the pilot year. To keep the project participation from being a free-for-all, instead to pull one willing project from code, tools and documentation.

The program would consist of four(4) milestones. At the third milestone, it would be beneficial for the participants to take part in AppSec USA. Along with a panel, the program would have a booth at the career fair/vendors. This would draw more attention to the project, as well as allow participants to interact and mingle with potential employers. The panel would allow for participants to discuss their experience, as well as give them conference speaking experience.

Throughout the course of the program, it would be beneficial for participants to mark their experiences with weekly reports. As part of the marketing of the program, a wiki page should be set up in advance, which would explain the program as well as introduce the program participants. Each participant could have a wiki page of their own to provide their background and add their weekly reports. This would be beneficial for those tracking the project and for continued sponsorship of the program to see how participants are progressing.

Beyond project leads in the particular project the participants are working on, they should have a point person with which to direct any questions, concerns or problems they are having within the program. The point person would be good to have for any problems that the participant does not feel comfortable with bringing to the project lead, more as a safety net.

Milestone 1:

• Introduction to OWASP and the field of application security. This would include becoming familiar with the OWASP Code of Conduct and receiving an OWASP email, and wiki account.
• Familiarization with OWASP projects. At this stage it is important for participants to gain experience with projects such as the OWASP Top 10, which would be a good skill to have when entering the workforce. Employers in application security will look for familiarization with the OWASP Top 10.
• Picking a project to work with or creating a project with full roadmap. At this point, the participants would become familiar with the current projects within OWASP, as well as a more in-depth introduction to the project they choose to work on, such as previous releases, introduction to project leaders and volunteers.

Milestone 2:

• Integration into the chosen project. This would be up to the project lead to direct the participants. They should assign work to the participants skills. The goal then is to hit the 50% completion mark. The completion of this milestone is based around the entire project and not necessarily the participants.
• 50% project review. When the release comes up on it’s 50% milestone review, it would also include a review of the program and participants. This would allow participants to give their feedback about how the project is progress, as well as for project leads to comment on the work of the participants. This will be useful in shaping the second half of the program and how it will progress for the remainder of the year.

Milestone 3:

• AppSec USA - the conference is held in roughly the last quarter of the year. This would make it a good time to show off the progress of the project. The participants would be in charge of a vendor booth in the main area in which to showcase the Veterans Program, as well as their participation in various projects. Allowing for a booth would give more visibility to the program as well as give visibility of participants to potential employers. This would be especially important for future sponsors of the program.
• Participants should also take part in a panel to discuss their ongoing experience in the program. More general questions could be posed to the group as whole, and more specific questions could be followed up with at the booth. The goal of having the participants involved with AppSec is to gain as much visibility for program as possible. Participating in a panel would give participants conference speaking experience, which is something to boast about when entering the job market.
• Printed marketing materials would be needed for this milestone. The material would include program overview, participants and sponsorship options.

Milestone 4:

• Project wrap up and review. This would focus on the actually release of the version/project the participants are working with or the wrap if the version was released around AppSec. It would give the project leads a chance to weigh in on their participants and the work they contributed.
• Program review. This would be the wrap up of the pilot year of the program, the strengths, the weakness, and what participants thought overall, as well a review of their work within the projects. What would be especially promising towards the end of the project if participants had employment opportunities and could contribute this success to the program. Participants should be encouraged to remain within the OWASP community and to continue to work with projects and perhaps even start their own projects in the future.