OWASP Strategic Goals

From OWASP
Jump to: navigation, search



2017 OWASP Foundation Strategic Goal




1. Host 4 Mass Training Events

Goal

Raise awareness of OWASP and spread application security knowledge through 1-day OWASP Application Security trainings that are free for members or non-members to attend.

OWASP Foundation Objective

  1. Delivery of 4 free AppSec trainings in multiple locations around the world
  2. AppSec trainings will be delivered by professional security trainers that have been selected from a public call for proposals process that is led by the OWASP foundation with a supporting team of OWASP volunteers for CFP evaluation
  3. Attendance for the OWASP AppSec Trainings will be free with OWASP members being given the first opportunity to RSVP. After the OWASP member registration window, then non-members will be able to register, space permitting, until capacity is reached
  4. To maximize attendance and minimize RSVP no-shows, a nominal registration fee will be required (~$25 USD) that will be refunded to all RSVP individuals that show up at the event
  5. The goal for each location is for 500 attendees at the 6-8 hour security training
  6. The training deck and all materials will be branded as OWASP and will be made available on the OWASP website with open source licensing. These terms will be added to the CFP as requirements.

Technical Depth

The AppSec training course will cover application security core topics and will be targeted towards developers and entry level application security professionals. The purpose is to have the most impact and attract the most number of attendees. While more advanced talks are desired by many in the community, that is not the focus of this objective.

Budget Expectation

The budget ask for this proposal is $80,000 USD. There is no anticipated revenue from these events.

Resource Expectation

  • This program will be driven and owned by the OWASP foundation staff including selection of training cities, arrangement of training location and coordinating the RSVP process
  • OWASP volunteers will be used for the CFP trainer review
  • A worldwide OWASP volunteer team will be assembled to assist in any tasks as requested by the OWASP foundation staff

Benefits

  • Increase in OWASP membership - the priority registration and the value of OWASP will be demonstrated through this program leading towards more OWASP members
  • Increase in OWASP Awareness - this program will be paired with a PR campaign to raise awareness of the organization and our mission
  • Serving the OWASP mission - training 2000 engineers across the world is a great step towards our mission of raising security awareness

Section 2 - Additional Operating Details

The following details are provided as part of the operational plan to execute on the objective. This section is not part of the board vote.

These details should be considered subject to change and is provided to give additional background on the intent of this program.

Event Locations

  1. The 2017 Goal is to hold 4 events worldwide
  2. The priority will be to hold events in large cities that have established OWASP chapters and a large technical presence. The purpose is to start strong and eventually expand this program to more locations.
    1. Boston
    2. Delhi
    3. Israel
    4. Tokyo
  3. A proposed 2018 goal is to expand to additional cities and repeat the successful model within existing 2017 cities.

Size

For each event we should plan and drive towards 500 attendees. The goal is to make a big impact and leverage this to drive OWASP membership growth and PR for OWASP awareness worldwide.

Cost

$80,000 requested for 4 events within 2017

Total cost per event $20,000
Space Rental $5,000
AV $5,000
Trainer Cost $10,000
Food Attendees own expense

2016 OWASP Foundation Strategic Goals

1. Education & Training

  • Objective: Continue to present existing OWASP training materials and content on global scale. Create new curriculum and content based on output from projects and key industry trends
  • Metric - Quantify & compare training activities & attendees in 2016 to past years.
  • Metric - Design new curriculum and produce series of video trainings.
  • Board & Community Sponsors: TBD - Seeking Volunteers with passion to participate. Outline needs, design high-level program plan.
  • Foundation Support: Foundation sponsored Events management, Foundation sponsored reimbursement for Speaker/Training travel expenses, Foundation supported tools including wiki documentation, webinar access and YouTube postings.


2. Expand Outreach, specifically to the Developer Community

  • Objective: Expand contact with Developer community to help educate developers on OWASP projects, tools and best practices.
  • Metric: ID key conference or Developer events in Q1, secure presentation space in minimum of 5 for 2016. Measure # of events attended and estimated number in audience for OWASP Presentations
  • Metric:
  • Board & Community Sponsors: Matt Konda, others TBD - Seeking Volunteers to Participate and design Developer outreach program.
  • Foundation Support: Financial support budget at $50K.


3. Mature the OWASP Projects Platform

  • Objective: Provide the OWASP projects community a mature project platform to encourage senior developers to participate in the various and many OWASP projects.
  • Metric: Defined step by step work flow for how to start a project and move it across all stages including what requirements needs to be met to advance to next stage with self-assessment.
  • Metric: Have all projects reaffirm, Have all projects perform a self assessment level
  • Board & Community Sponsors: Tom Brennan
  • Foundation Support: Project Coordinator on staff, Foundation funds for project support via Community engagement, Foundation reimbursement for Speaker travel expenses, Foundation support for Project Summit events, Foundation support for IT support of systems used by Project teams.

4. Community & Chapter Support

  • Objective: Retain all existing active chapters, Stimulate inactive chapters to jump start a new local ‘active’ community, Support creation of new chapters by, continuing all Community engagement support by Community, Staff and Community Manager
  • Metric: Track & report on Chapter growth & activity levels on a year over year basis
  • Board & Community Sponsors: Michael Coates, others TBD - Seeking Volunteers to Participate
  • Foundation Support: Local/Regional Events management and sponsor support, Events registration & financial support, wiki documentation & support for continuing language translations, Updates to Chapter leader handbook and Branding Tools/Guidelines, Updates to ‘How to’ Guides and New Chapter training materials, Continuous posting of Chapter budgets & transaction details, Foundation Contract & Co-Marketing support, Foundation Community Manager.

5. Enhance the OWASP Infrastructure

  • Objective: Identify current infrastructure requirements as well as weaknesses in current state of our infrastructure. Determine where repair or upgrade is needed to support community and strategic goals. Implement fix-its to improve infrastructure.
  • Metric: Qualitative measure via Community satisfaction survey, 2016 vs. prior years. Quantitative metric, TBD.
  • Board & Community Sponsors: Seeking Volunteers to Participate. You can follow progress on these events on the Gdoc Tracker and get more detail on Trello.


2015 OWASP Foundation Strategic Goals

1. Build a scalable OWASP training program that spreads security training around the world

  • Metric - Quantity & Geographic Distribution: Hold at least 2 Global AppSec Training conferences (US & EU), include training in LATAM and AsiaPac Tours in 2015, and support over 50 Chapter training events (live or online) during 2015.
  • Metric – Charitable, Not for Profit Training: Organize, promote & implement ‘free to attend’ training events - live or online.
  • Metric: Track & report on new OWASP related curriculum, and translations of current curriculum.
  • Metric: Track OWASP presence at developer events and conferences. Example - Speaker or Developer Training sessions. (secondary benefit: leverage that presence with booth and information about OWASP)
  • Board & Community Sponsors: Andrew van der Stock, others TBD
  • Foundation Support: Foundation sponsored Events management, Foundation sponsored reimbursement for Speaker/Training travel expenses, Foundation supported tools including wiki documentation, webinar access and YouTube postings.


2. Strengthen OWASP chapters and increase Chapter’s abilities to spread message of OWASP through locally organized and run events.

  • Metric: Chapter participation in at least 60 local events (events hosted by chapter or chapter participation in a non-OWASP outreach/AppSec event) by the end of the year.
  • Metric: Hold at least 3 virtual chapter leader meetings in addition to in-person chapter meetings (at global AppSec conferences) to promote more collaboration and support between chapter leaders
  • Metric: All chapters with funds in excess of $5,000 to be engaged in annual budgeting by submitting high level summary of 2015 Chapter activities and how funds are projected to be used in support of Chapter & Foundation Goals.
  • Board & Community Sponsors: Matt Konda, Josh Sokol, others TBD
  • Foundation Support: Local/Regional Events management and sponsor support, Events registration & financial support, wiki documentation & support for continuing language translations, Updates to Chapter leader handbook and Branding Tools/Guidelines, Updates to ‘How to’ Guides and New Chapter training materials, Continuous posting of Chapter budgets & transaction details, Foundation Contract & Co-Marketing support, Foundation Community Manager.


3. Mature the OWASP Projects Platform: Provide the OWASP projects community a mature project platform to encourage senior developers to participate in the various and many OWASP projects.

  • Metric: Identify and engage with at least 5 developer conferences to assist OWASP participation in developer conferences, with either free or paid training or speaker slots or track
  • Metric: OWASP presence at 100 developer events. Example - Speaker or Training sessions, booth presence, or other co-marketing
  • Metric: TBD re: definition and metrics in support of a ‘mature project platform.
  • Board & Community Sponsors: TBD
  • Foundation Support: Project Coordinator on staff, Foundation funds for project support via Community engagement, Foundation reimbursement for Speaker travel expenses, Foundation support for Project Summit events, Foundation support for IT support of systems used by Project teams.


2014 OWASP Foundation Strategic Goals


  • Mobilize OWASP volunteers to help address security issues in large software systems/applications/frameworks.
    • Metric: Build an OWASP program that incentivizes the security community to find and fix security problems in software.
    • Metric: By the end of the year we have at least two successful completed initiatives reviewing security issues in one or two of the major frameworks
    • Board Sponsor:
    • Operational Planning, Discussion, and Outcomes: https://www.owasp.org/index.php/OWASP_Strategic_Goals/2014/Address_Security_Issues


  • Strengthen OWASP chapters and increase Chapter’s abilities to spread message of OWASP through locally organized and run events.
    • Metric: Chapter participation in at least 60 local events (events hosted by chapter or chapter participation in a non-OWASP outreach/appsec event) by the end of the year.
    • Metric: Hold at least 4 (quarterly) virtual chapter leader meetings in addition to in person chapter meetings (at global appsec conferences) to incentivize more collaboration and support between chapter leaders
    • Metric: All chapters with funds in excess of $5000 and 10% of chapters with less than $5000 in funds engaged in annual budgeting.
    • Metric: Annual survey of all chapter leaders asking for their alignment to our mission and strategic goals.
    • Board Sponsor: Josh Sokol
    • Operational Planning, Discussion, and Outcomes: https://www.owasp.org/index.php/OWASP_Strategic_Goals/2014/Strengthen_Chapters


  • Build a scalable OWASP training program that spreads security training around the world
    • Metric: At least 6 total training events with at least 3 being free to attend by the end of the year (in addition to global appsec conferences) - live or online.
    • Metric: OWASP delivered training to 800 additional people (i.e. in addition to the number attending our AppSec training programs last year).
    • Board Sponsors: Fabio Cerullo, Tobias Gondrom, Eoin Keary
    • Operational Planning, Discussion, and Outcomes: https://www.owasp.org/index.php/OWASP_Strategic_Goals/2014/Build_Training_Program


2013 OWASP Foundation Strategic Goals

  • Volunteer Engagement - Define an engagement program that creates easy channel for volunteer involvement, expectation setting and recognition of individual efforts.
  • Expand Communication Channels - Establish effective communication channels into developer groups, universities, and industry groups
  • Financial Growth - Build plan for financial growth of foundation and create new sources of income for the organisation to achieve the goals of 2013 and future years.
  • Focus on OWASP Project Quality - Define processes, community involvement and structure to raise quality of key projects and easily identify experimental versus flagship projects.

2012 OWASP Foundation Strategic Goals

  • Build the OWASP Platform - Define the processes, resources, and tools to enable volunteers to quickly join and contribute to OWASP in the areas of projects, chapters, education, conferences and connections
  • Expand Communication Channels - Establish effective communication channels into developer groups, universities, and industry groups
  • Grow the OWASP Community - Build and grow the OWASP community throughout the world by focusing on the quality of projects, chapters, conferences, and social technologies
  • Financial Stability - Further build out a stable financial foundation and create new sources of income for the organisation to achieve the goals of 2012 and future years.