OWASP Training Manager Report

I have assumed, in October 2010, the position of OWASP Training Manager with the responsibility of managing the OWASP ‘Chapter-lead’ Training activities and operationalising the concept of 'OWASP Academies'. Throughout this process, I have been managed by Dinis Cruz and reported directly to the OWASP Board.

Report of Activities for the period between 15 October 2010 and 15 January 2011
Previous note: I would like to thank Paulo Coimbra for his endless patience and support and for all he taught me about the OWASP community and wiki. Having him around has definitely made my job a lot easier that it would have been otherwise.

OWASP Training


 * Systematization of the OWASP Training Concept and collation of all related info on a dedicated wiki page;


 * Consolidation of the methodology in what relates to the concept and tools;


 * Call for Trainers with the objective of building a pool of potential OWASP Trainers to be involved on these initiatives worldwide with the information on their profile, projects they wished to present, projects presented and location;


 * Direct contact with Local Chapters to challenge them to replicate Training events according to the OWASP Training model;


 * Organization and support of training events driven by local chapters:
 * London Training Day, May, 28th, 2010, London, UK
 * BeNeLux Training Day, December, 1st, 2010, Leuven, Belgium &#124; Part of the BeNeLux OWASP Day 2010
 * IBWAS'10 Training Day, December, 16th, 2010, Lisbon, Portugal &#124; Part of the 2nd OWASP Ibero-American Web Application Security Conference (IBWAS'10)
 * Ireland Training Day, March, 11, 2011, Dublin, Ireland
 * France Training Day, 1st Semester 2011 (date tbc), Paris, France
 * NYNJ Training Day, 1st Semester 2011 (date tbc), NY, US


 * Collation of existing Training Modules and creation of new ones according to the needs of initiatives being organized, namely:
 * OWASP AppSensor Project
 * OWASP Code Crawler Project
 * OWASP Secure Coding Practices - Quick Reference Guide
 * Threat Risk Modeling
 * OWASP Webslayer Project
 * Implementation of Enigform for Wordpress


 * Preparation of the OWASP Free Training templates and their publishing on the OWASP Training page so that they can be used by the Local Chapters at will.

OWASP Academies


 * Collation of the necessary information to present the idea to the wider OWASP community and creation of a dedicated wiki page;


 * Launching of the discussion among the OWASP Leaders and establishment of contact with representatives of Academic institutions and industry players inviting them to participate in the discussion and challenging them to contribute to the definition of what the OWASP Academies model would be;


 * Collation and organization of all the materials and contributions added to the OWASP Academies mailing list;


 * Organization of a wide meeting in ISCTE - Instituto Universitário with representatives from several Universities (Oklahoma State University, Royal Holloway, University of Athens, University of Piraeus, Technological Educational Institute of Larissa, ISCTE), local chapters and industry players (Security Innovation, Syntax, DRI - IT Consultants Ltd, Lusolabs). The meeting has been recorded through a live blog that is now online on the OWASP Academies page.


 * Drafting of the conclusions that derived from the OWASP Academies meeting, publishing on the respective wiki page, and communication to the OWASP Leaders.

To see my wiki contributions click here.

[mailto:sandra.paiva@owasp.org Email and Google Talk address].