OWASP Education and Training Committee

Background

Part of OWASP’s main purpose is to “Be the thriving global community that drives visibility and evolution in the safety and security of the world’s software”. A key part of that mission is to educate not just the current generation of developers or information security professionals, but also the next generation, particularly in the context of the acknowledged skills shortage in the security sector. A common problem with many security education programmes (whether cyber or InfoSec) or even traditional computer science programmes is that they do not address application security adequately, if at all.

This is our community’s domain, so we should be goto community in this field

Scope

To provide a support mechanism for OWASP education activities to foster collaborations and supporting relationships with the Application Security, Developer and Training communities both academic and industry based.

Helps to advise the Foundation & Board of an educational strategy for OWASP. We should be leading the world in the sector.

Benefits to the community

Chapters

Providing a mechanism for chapters to feedback what members need in training materials for delivery at local chapter levels and what resources they’ve come across are using to develop industry skills et al. Provide an opportunity to demonstrate new training “projects” to the community

Projects

Using gap analysis to identify where new projects could plug the gaps in knowledge and skills. Providing roadmaps to project resources for those seeking training solutions for application security (part of the solution to the old”wiki” problem. From an academic perspective also provides an opportunity to get student resource towards both short term projects for dissertations or longer term contributions through volunteering or GSoC type activities.

Conferences

Promoting “training” & professional development to the community, getting students actively involved in AppSec events whether as technical writers, demonstrating OWASP projects/dissertation ideas. Capture the Flag and University Challenge.

Outreach

Chapter/members/projects can develop national, regional & local relationships with training organisations, universities and colleges to assist other communities developing AppSec programs, materials, guest speakers, student chapter etc.

Proposed initial Project

Open Application Security Curriculum Project

The initial set of aims/goals for achieving impact in the project are

  1. Establish a core set of Learning Objectives for an application security curriculum, that defines the educational requirements necessitated by industry (from an established Application Security Body of Knowledge)
    1. Undertake a gap analysis of existing and missing curricula learning to meet the requirements outlined by industry;
    2. This will be achieved through liaison with industry, professional bodies and existing state of the art literature.
  2. Appraise the state-of-the-art application security teaching resources and determine areas of non-coverage
    1. Undertake a gap analysis of existing and missing teaching resources;
    2. This will be achieved through discovery workshops and industry links.
  3. Recommend an application security open curricula for industry
    1. Produce and disseminate a learning skills framework, to empower education & training providers to support industry in the problems they face in developing the next generation of graduate software developers, computer scientists and security analysts in DevSecOps. This open framework would be expected to address teaching requirements at undergraduate, postgraduate, apprentice and industry certification level training requirements as well as CPD.
    2. Obtain the approval of key influencers, led by OWASP with professional bodies such as CIISec, ICS2, CREST, ACM