Global Education Committee
- 1 About the Global Education Committee
- 2 Agenda / Timeline (DRAFT)
- 3 Proposal (DRAFT)
- 3.1 Categorize (Organization) of educational materials
- 3.2 Train the trainers (Teach the teachers)
- 3.3 Create an online assessment and training portal
- 3.4 OWASP Boot Camp Project
- 3.5 OWASP CTF event
- 3.6 Speakers Bureau Project
- 3.7 Marketing efforts
- 3.8 Internationalization of the training materials
- 3.9 Education material
- 3.10 Academic Educational Services
About the Global Education Committee
The Global Education Committee was created during the OWASP EU Summit in Portugal 2008. The primary purpose of the Global Education Committee is: to work with the OWASP Education Project to provide educational materials for both internal and external users, develop liaisons with educational institutions worldwide.
Provide awareness, training and educational services to corporate, government and educational institutions on application security.
Make OWASP educational material globally available as a well known resource in easily consumable form mapped to a framework tied specifically to user roles and responsibilities
Education Committee (Board Member Rep: Seba)
• Martin Knobloch (Netherlands)
• Mano Paul (U.S.)
• Eduardo Neves (Brazil)
• Kuai Hinjosa (U.S.)
• Cecil Su (Singapore)
• Fabio Cerullo (Ireland)
• Andrzej Targosz (Poland)
The Global Education Committee Meetings take place via Skype, see below for the local time: 3:30 p.m. @ Austin, Texas 4:30 p.m. @ New York 7:30 p.m. @ Brasil 22:30 a.m. @ Netherlands 5:30 a.m. @ Singapore (following day)
Next meeting(s) scheduled for:
- January 29th 2009
- Februari 12th 2009
Agenda / Timeline (DRAFT)
Deadline wednesday, 4th Februari
60 days to make a proposal
- December 20th - first draft of the proposal
- January 16th - submit
Below you can find the timeline, what has to be achieved by when. All tasks must be SMART!
|Categorize (Organization) of educational materials||TBD||Message||Status||Categorize / Organization of the educational materials for audience by roles and responsibilities/technologies and use the summit workshop notes.||Martin|
|Train the trainers (Teach the teachers)||Q1/Q2/Q3/Q4 2009||Delivery||Planning||Develop a train the trainer program that will train trainers to deliver training on OWASP related material.||Mano|
|Create an online assessment and training portal||Q2/Q3/Q4 2009||Delivery||Planning||Develop an OWASP assessment and training portal that end users can use to gauge their knowledge on OWASP concepts and training providers can use to promote their training offerings.||Mano|
|OWASP Boot Camp Project||Proposal: February 2009 Final: Oktober 2009 at OWASP AppSec US 2009||Delivery||started||OWASP Boot Camp about the OWASP projects, to deliver a Boot Camp presentation should be one of the criteria to get an alpha status as project||Martin|
|OWASP CTF event||OWASP AppSec Denver 2009||Delivery||Status||Description||Martin|
|Speakers Bureau Project||TBD||Delivery||started|| List of speakers, Name, Bio, Topics, History
Speakers in conferences (OOTM ask for funds on this)/summit
|Marketing efforts||TBD (discussion with other members)||Awareness Services||Status||Flyers or Brochures of OWASP Top 10, Testing Guide.||Eduardo|
|Internationalization of the training materials||TBD (discussion with Juan)||Awareness Services||Status||Liaise with Juan Calderon for translation services for highly spoken languages||Eduardo|
|Education material||TBD||Training & Educational Services||Status|| All projects should be summoned to create educational material (training service)
1) Each Projects --> Documents (help), Tool, Training; Live CD (Portable)
|Educational Academic Services||TBD||Training & Educational Services||
3 Universities already in contact with and planning OWASP events to participate in.
| Incorporate OWASP into the following top 5 Universities, within the next 12 months by introducing OWASP training and education resources at University's events.
1) New York University 2) Cornell University 3) Princeton University 4) University of Minnesota 5) Columbia University
As a result of these initiative we would hope to see:
1) Confirming participation at arranged events 2) Asking Universities to recognize they are using our resources by allowing us to place their names in wiki pages such as http://www.owasp.org/index.php/OWASP_Top_Ten_Project 3) University faculty, staff and students participate in local and international events/meetings 4) University faculty, staff and students contribute to OWASP projects
Categorize (Organization) of educational materials
Objective: Categorize / Organize educational material, estyle the Education Project website.
- Categorize education material according to the CLASP roles
- Group material into management-ish, student-ish, technical-ish
Target specific demographic (managers, students...) Provide easy access to education material. Efficient categorization of education materials.
Train the trainers (Teach the teachers)
Objective: Develop a train the trainer program that will train trainers to deliver training on OWASP related material.
- Develop a criteria to identify and approve trainers / Q1 2009
- Identify pertinent OWASP related material that will be included in the training kit / Q2 2009. This is dependent on the education project organizing material.
- Create a training toolkit with pre-built presentation and training materials, assessments etc. / Q3 2009
- Conduct train the trainer sessions (remote or in-person) / Q4 2009
Benefits: The training kit and trained trainers will be available resources promoting OWASP in local events worldwide.
Create an online assessment and training portal
Objective: Develop an OWASP assessment and training portal that end users can use to gauge their knowledge on OWASP concepts and training providers can use to promote their training offerings.
- Generate OWASP assessment items (can use the testing guide and other sources) / Q2-Q3 2009
- Develop an assessment portal to deliver taking of assessments with robust reporting by knowledge area / Q4 2009
- Develop a training portal to allow training providers to publish and promote their training offerings / Q4 2009
This can be developed as a summer of code project but is not a requirement.
Benefits: Assessments that can be offered in OWASP events and other conferences to users will increase OWASP awareness. The portal can become the link between trainers and trainees and will eventually help in increasing the awareness and knowledge of application security in the industry.
OWASP Boot Camp Project
To deliver a Boot Camp session which would lead to be one of the main criteria to produce alpha status projects Activities/Deadline:
OWASP CTF event
Objective Generate a Capture The Flag framework to be offered at OWASP events
- Andrzej will contact the organizers of the CTF from the Denver OWASP Conference and work in using same model
Benefits Capture The Flag events are very popular in conferences, creating and OWASP specific CTF will offer entertainment at events, generate attendants participation etc.
Speakers Bureau Project
OWASP Boot Camp about the OWASP projects, to deliver a Boot Camp presentation should be one of the criteria to get an alpha status as project
List of speakers, Name, Bio, Topics, History Speakers in conferences (OOTM ask for funds on this)/summit
Speakers Agreement - https://www.owasp.org/index.php/Speaker_Agreement
Objective: To promote OWASP projects, events, education material and OWASP mission.
- Gather flyers, Brochures of OWASP Top 10, Testing Guide
Group promotional material which can be hand out at events
Internationalization of the training materials
Translate training materials
Identify point of contacts places for translation efforts and setup a deadline Translate material in French, Portuguese, Spanish, Malay, Italian, Indonesian, Chinese
To reach international audiences
Flyers or Brochures of OWASP Top 10, Testing Guide.
Academic Educational Services
Promote and encourage OWASP resources at accredited Universities around the world within the next 12 months by introducing OWASP training and education material at University's events.
- Build a list of at least 5 Universities with computer science or risk management programs that can be targeted /Q1 2009
- Establish communication with targeted universities, generate key contacts and establish relationships /Q1 - Q4 2009
- Develop a list of possible academic events in which to participate /Q1 - Q2 2009
- Participate in at least 1 Academic event, present case studies or OWASP education materials /Q1 - Q4
OWASP will gain exposure in the academic industry, starting with accredited universities around the world. Universities will become members of OWASP, provide meeting space, students will apply to OWASP grants, and provide support and structure