Thursday, February 9, 2017

Should Your Chapter Start a Study Group?

Guest Post by Josh Sokol

Back in 2010, when I first took over as President of the OWASP Austin Chapter, I noticed that there were a number of chapter members who had an interest in getting their CISSP certification (myself included).  We knew that it would be a pretty large undertaking, spanning multiple months of effort, but also knew that we would all be more successful if we could work together and support each other through the process.  We found a test date that was far enough in the future to meet our goal of spending a week on each domain, plus a couple of weeks for review, and the first-ever OWASP Austin Study Group was born.  Each week, a different study group member was responsible for leading the discussion on a topic.  Usually it would be accompanied by a lightweight "review" slide deck and then the group would go over different sets of review questions for that week's domain together.  It worked out great with over half of the group taking their test on the goal date and almost everyone receiving a passing grade.

Once our CISSP Study Group had finished, we took a short break, but then decided that it would be fun to meet regularly on other topics.  We moved our meetings from several hours on Thursday evenings to an hour over lunch, once a week, and what began as a quest for a certification turned into a continuous pursuit of knowledge.  Over the past seven years, the OWASP Austin Study Group has covered dozens of topics ranging from the OWASP Developers Guide to WebGoat to the Web Application Hackers Handbook and beyond.  Today, we even offer to buy the next book for anyone who attends 75% or more of the study group sessions for the current book.  It is a fantastic way to keep participants engaged and ensure optimal participation each week.

So, how do you start a study group for your chapter?  The first step is to find a group of people who have a common interest.  This is super easy since your chapter meetings should be full of people interested in application security.  The next step is to find a place and time to meet.  Ideally, this should be someplace relatively easy for everyone to get to with free parking and enough space for everyone who wants to attend.  Having a projector or other audio-visual equipment available is a huge bonus.  Offices that allow outside visitors are ideal for this, but libraries, restaurants, or coffee houses could also make great meeting locations.  Lastly, you need to choose a topic.  Perhaps you want to start, like we did, with a goal of getting a certification like the CISSP, CEH, CSSLP, OSCP or similar?  Or, maybe you want to start easy with something like the OWASP WebGoat tutorials?  If you want some ideas, feel free to talk to me, but regardless of what topic you pick, you'll undoubtedly have a ton of fun learning new things while developing relationships with other security professionals in your area.  Have fun!

No comments: