Call for Trainings
CfT Opens: Friday February 9th
Review committee Announced: TBA
CfT Closes: Friday April 30th
Notification of submitters: May 14th
Program announced: Beginning of June
Web applications leaders, software engineers, and researchers from all over the world gather at AppSec USA to drive visibility and evolution in the safety and security of the world’s software. This year we will offer 3 days of training Oct 8-10 prior to our 2 days of conference activities October 11&12 in San Jose, the heart of Silicon Valley.
This year AppSec USA will be allowing Trainers to apply to give half day trainings as well as 1, 2, or 3 day classes. Trainers are allowed to make multiple applications; one application per class.
We are also expanding our training audience and will be reaching out to developers interested in security as well as security professionals.
Theme: Security Through Enablement
Too often security conferences get caught up in looking for the newest vulnerability or hottest hack. This mindset means that as security professionals we have barely moved the needle when it comes to securing the world’s software. Training at AppSec USA is intended to enable participants to immediately improve security at their organizations. Training should be of a practical nature and hands on training is preferred.
Examples of classes include, but are not limited to:
- Secure development: frameworks, best practices, secure coding, methods, processes, SDLC
- Vulnerability analysis: code review, pentest, static analysis
- Threat modelling
- Mobile security
- Cloud security
- Browser security
- Web Security
- Intro to Application Security
- OWASP tools or projects in practice
- New technologies, paradigms, tools
- Operations and software security
- Management topics in Application Security: Business Risks, Outsourcing/Offshoring, Awareness Programs, Project Management, Managing SDLC
Review Committee and Policies
- Wendy Zenone– Committee Chair
- Other committee members TBA
The crux of security is the ability to think flexibly and creatively about multi-stakeholder problems. It is the goal of OWASP to accelerate the speed of change and enable serendipity by connecting the community. In our view, security can only be enhanced when practitioners approach problems with diverse critical thinking theories and practices.
To this end OWASP seeks to be an inclusive organization for practitioners from all cultural, gender, language, educational, ability, religious, and career backgrounds. OWASP actively encourages speakers, trainers, and leaders of all sexual orientations, ages, and ethnicity. Our formal efforts in this vein include blind evaluations of talk proposals for our Global AppSec Conferences and active recruiting of diverse invited speakers and trainers.
The program committee will review your submission based on a descriptive abstract and detailed outline of your class. Including additional classroom materials will be helpful in our evaluation. Please review your proposal thoroughly as accepted abstracts and bios will be published on our site as submitted.
Successful applications will:
- OWASP has a diverse audience that consists of novice to advanced level practitioners. Your content should be developed to clearly connect with a specific audience.
- Be well written. Your Abstract is the only long-form marketing for your specific talk to our audience. It should be written so that attendees can clearly understand what you will be discussing and what they will get out of your talk. Your detailed outline is your chance to sway our judges. Write this as thoroughly as possible so that the committee understands all you bring to the table.
- Be Applicable. Classes which prioritize content that attendees will be able to immediately implement preferred.
- Hands on labs which allow attendees to connect meaningfully with content are preferred.
- Submissions which double as marketing talks or including sales pitches within the training will not be successful.
All trainers will be required to submit a Training Instructor Agreement.
The following conditions apply for those that want to provide training at the OWASP AppSec USA conference. The trainer provides:
- Should provide class syllabus / training materials.
- Will cover travel and accommodations for the instructor(s) and all course materials for students.
- Can brand training materials to increase their exposure.
- Should promote training on all available media eg. Twitter, Linkedin
OWASP will provide the venue, marketing, registration logistics and basic wireless internet access. If you need additional technical arrangements, it is important to let us know.
OWASP will reserve up to two training slots at no cost and the trainer may reserve up to one slot at no cost. Please note that for data privacy reasons OWASP can’t provide trainers with contact information of the attendees.
Price per attendee: 3- Day Class $2,100 USD/ 2-Day Class €1,400 / 1-Day Class €750
Earnings will be split 60/40 (OWASP/Trainer) for the training class.