►
From YouTube: Education SIG (June 14, 2023)
Description
Agenda – https://docs.google.com/document/d/18GBwvQJNcPnwxKrnp43DhBZC7K1JM0xzGkDoKh5mu8U/edit#
Slack – https://openssf.slack.com/archives/C03FW3YGXH9
Mailing List – https://lists.openssf.org/g/openssf-sig-education
Git Repo - https://github.com/ossf/education
B
D
So
I'm
going
to
disappoint
you
krobe
and
not
disappoint.
You
I
do
have
the
breakfast
sandwich,
which
I
pretty
much
eat
every
day.
The
background
is
not
the
nice
one,
because
it's
supposed
to
rain
soon,
and
so
that
kind
of
makes
it
all
lame,
but
hopefully
I'll
get
out
there
later
today,
during
the
s-bombarama
of
that
this
is
putting
on.
A
C
C
A
A
B
C
Hello,
my
name
is
Andre
swerby,
a
recent
college
grad
not
working
under
the
Alpha
Omega
mentorship.
A
Okey-Doke,
a
few
short
things:
let's
hold
off
on
newbie
class.
We
haven't
had
any
updates,
we'll
talk
about
that.
Maybe
after
Cassidy
has
a
chance
to
chat
I
wanted
to
give
everyone.
An
update.
A
Talk
to
my
friends
inside
our
secure
training
center
of
excellence
within
my
company
and
the
Intel
developer
manager
class
is
almost
scrubbed
they're
doing
one
last
review.
They
were
looking
at
there's
a
bunch
of
images
they
have
in
the
slide
deck,
so
they
were
looking
to
see
what
the
copyright
on
those
were
in
either
remove
them
or
replace
them
with
open
source
images.
A
So
that's
the
final
leg:
once
that's
done,
they're
going
to
pass,
it
used
to
be
a
200
slide
deck,
so
pretty
I
got
I,
think
a
half
day
class
instructor-led.
So
they
will
be
passing
that
over
to
us
for
us
to
review
and
edit
and
incorporate
into
our
body
of
knowledge.
So
ideally,
July
I
would
expect.
A
We
will
get
that
and
the
person
mentioned
that
we
we
had
asked
to
review
several
other
of
the
Intel
classes
and
they
expect
that
the
review
and
scrubbing
process
will
be
much
more
accelerated
now
that
they
know
what
to
look
for
and
how
to
coach
the
legal
team
to
use
their
red
pens.
So,
hopefully,
future
donations
will
be
accelerated.
We
should
have
I
think
we
identified
a
couple
different
classes.
A
Well,
that
is
going
to
be
something
excellent
to
work
out
between
us.
The
Intel
authors
us
on
the
Intel
authors,
I,
think
it'll
be
jointly
maintained
between
the
Sig
and
the
Intel
folks.
Fair
patches
are
always
welcome
if
you
would
like
to
maintain
it.
A
D
Yeah,
no,
no,
but
that's
a
fair
question,
because
I
think
I
I
think
it's
a
great
I'm
presuming
that
Intel
is
going
to
want
to
continue
to
use
it
exactly
so.
I
want
to
make
sure
that
that
that
Contin
that's
continues
to
be
useful
for
Intel
too
make.
E
This
yeah,
it
has
to
be
right,
because
this
is
this-
is
an
IP
transfer
of
a
developing
domain.
So
you
would
expect
that
they're,
probably
going
to
do
either
an
annual
or
buy
it
like
biannual
review
of
that
when
they
do
what
we
need
to
provide
to
them.
If
we
can
are
traced,
statistics
so
I
would
love
what
they
need
or
not
just
like
who
finishes
the
course,
but,
like
literally
what
pages
get
seen
the
most
what's
getting
most
coverage
and
that
helps
us
a
lot.
A
A
I
had
talked
to
the
young
lady
that
actually
runs
our
program
internally
and
she
was
very
excited
again
to
get
that
collaboration
to
help
make
help
our
content
remain
fresh
and
get
those
additional
feedback,
but
also
the
just
the
opportunity
to
kind
of
learn
like
Sal
said
what
types
of
metrics
so
I
think
once
we
get
the
deck
we've
had
a
chance
to
kind
of
think
through
it,
I'll
schedule
a
call
to
talk
about
specifics
of
maintainership
and
what
type
of
statistics
and
how
we
want
to
maintain.
A
A
D
Yeah
so
I'm,
assuming
we
won't
be
able
to
get.
You
know
like
people,
look
at
a
particular
slide
slide
or
whatever,
but
we
can
certainly
get
things
like.
How
often
is
it
downloaded
or
stats
like
that,
although
you
know
frankly
that
may
be
a
challenge
in
particular
for
the
instructor-led,
because
one
person
downloads
it
once
they
may
present
it
to
a
thousand
people
and
a
hun
and
and
50
000
bucks,
May
download
and
never
to
be
seen
Again
by
the
Light
of
the
day.
So
I'm
not
sure
we
count
that,
but.
E
At
some
point,
I
mean
all
of
this
stuff.
There's
an
entire
field
around
this
and
there's
conferences
around
how
you
organize
this
information
and
I
go
to
them
because
they're
the
most
fun
conferences,
but
like
one
of
the
best
things
you
can
do
for
this
is
like,
let's
have
a
separate
like
ossf
or
Linux
email
subscription
that
goes
out
once
a
month
that
lets
them
know
any
updates,
and
that
also
does
a
month-to-month
survey.
That
says:
did
you
utilize
any
of
these
resources,
or
are
you
aware
of
these
new
resources?
E
So
it
does
your
exposure,
your
retention
and
your
statistics
in
a
way,
that's
non-intrusive
and
that
solves
the
problem
of
not
being
able
to
capture,
especially
because
a
non-zero
amount
of
the
people
are
going
to
be
using
vpns.
So
that's
why
it's
always
hard
for
me
to
get
stats
around
cyber
security.
It's
a
unique
user!
E
D
That's
fair:
that's
fair,
I
I
like
that,
and
also
I
like
the
combining
of
the
not
only
getting
stats
about
it,
but
getting
the
word
out
in
the
first
place
exactly.
E
D
A
You
know
and
I
don't
know
what
the
procedure
was,
but
how
we
chi
adjusted
the
secure
fundamentals
class
into
the
scorm
connect
system,
so
that
might
be
another
option
for
us
if
we're
looking
for
additional
metrics
and
tracking
and
integration
into
lms's.
So.
C
E
We
kind
of
have
to
it's
our
due
diligence,
because
one
of
the
like
the
premise
of
this
is
that
it's
extendable,
and
it
has
to
be
in
that.
If
we're
going
to
get
this
into
colleges
at
all
and.
F
And
I
can
also
bring
in
Flavia
from
LF
that
does
the
instructional
design
when
we're
ready
to
organize.
So
she
could
help
us
with
her
input.
Yeah.
D
C
D
Right
yeah
I'm
meeting
Cassidy
for
the
first
time,
but
I've
worked
with
Flavia
for
quite
some
time.
She's
awesome,
so
you
know
I'm
looking
forward
to
working
with
you
too
I.
B
D
E
Yeah
I
gotta
go
back
and
find
there
used
to
be
I'm
stealing
this
all
from
there
used
to
be
this
conference
in
Seattle,
and
it
was
all
about
this
and
as
soon
as
I
remember
what
it
is.
It
used
to
be
out
of,
like
Microsoft
like
experience
design
but
yeah.
No,
it's
really
it's
just
about
like
it's
cognitive
design
for
Education
right.
So
how
do
you
like
distill?
And
so
it's
not
just
like
individual?
This
is
more
about.
E
How
do
I
make
sure
that
things
have
retention
at
an
Institutional
level,
which
is
like
all
anyone
cares
about,
because
this
is
corporate,
so
yeah,
like
I,
can
do
more
on
that
I
do
have
to
drop
today
in
about
15
minutes,
I've
got
to
run
to
London,
but
I
do
have
one
quick
thing
that
I
want
to
put
out
there
just
to
seed
into
people's
minds,
so
everything
that
I've
done
in
security
is
part
of
a
one
in
three
part,
future
proofing
method
of
moving
us
forward
in
Tech.
E
We've
got
to
do
that
because
we're
looking
down
the
barrel
of
in
about
five
years,
Quantum
security
issues
I,
have
put
together
a
proposal
that
would
combine
my
two
places
of
Love
Carnegie,
Mellon
and
MIT
into
starting
to
put
out
applied
category
Theory
and
software
design.
E
So
we
can
start
to
get
a
future-proofed
way
of
doing
security
so
that,
if
I
can
get,
that
moving
is
something
that
we'd
be
looking
at
in
about
a
year
into
starting
to
build
out
as
courseware,
because
what
we
need
there
are
competent
developers
and
corporations
using
this
as
their
design
principle.
E
So
over
the
next
year,
I
really
want
us
to
figure
out
what
does
like
exactly.
How
is
it
that
We're
translating
into
very
tractable
courseware?
If
we
do
that,
I
can
get
us
something
that
would
literally
like
we're
not.
We
would
no
longer
be
sort
of
like
chasing
the
coattails.
We
could
actually
be
building
robust
categorically
robust
systems,
so
I've
got
my
fingers
crossed
on
that,
and
we've
got
a
grant
that
will
be
going
out
for
that
and
if
we
get
that,
it's
absolutely
going
to
be
positioned
for
this.
E
A
That
any
questions
for
Sal
about
that
interesting
future
topic
for
us.
A
All
right
so
before
Sal
dips
out
on
us
I
wanted
to
mention
that
our
Deni
committee
has
put
together
a
monthly
office
hours
program
where
they
get
together
and
so
far
it's
been
kind
of
an
ask
us
anything
and
they've
had
some
students
show
up-
and
it's
been
some
good
engagements-
that's
where
the
idea
of
the
newbies
class
was
reinforced
to
us
as
something
that
was
would
be
nice
to
have
Jennifer
Bly
from
the
open,
ssf
marketing
I
guess
she
is
the
whole
marketing
team.
A
A
Particular
opinion
on
one
or
the
other,
then
we
can
start
to
get
together
the
actual
docket
of
what
they
plan
to
talk
about
during
the
future
office
hours
and
start
to
socialize
that
get
that
out
via
LinkedIn
and
Mastodon
and
the
tweeters
and
all
that
nonsense.
So
we
hopefully
can
get
some
more
folks
joining
us
on
that
kind
of
educational
session.
A
All
right,
so,
let's
talk
to
Cassidy.
She
I
met
her
last
year
at
the
Dublin
OSS
site
and
we
had
a
hallway
talk
outside
of
the
the
beautiful
Convention
Center
there
and
then
I
promptly
lost
her
business
card,
traveling,
home
and
but
she
reached
out
and
she's
here
and
she's
working
on
an
idea
of
some
not
necessarily
security,
education
training
but
training
around
the
open
ssf.
So
maybe
a
Cassie
you're
going
to
kind
of
talk
about
your
idea
a
little
bit
and
share
with
us
some
of
your
ideas.
B
With
the
last
year,
or
so
we
talked
about
doing
some
micro
courses,
but
we've
now
coined
the
term
Express
learning
courses,
we've
launched,
one
of
them
so
far
we
have
another
one
in
the
works,
but
these
are
just
small
bite-sized
courses
that
a
learner
can
take
in
about
an
hour
so
essentially
it'd
be
about
30
minutes
of
written
material,
video
and
then
30
minutes
of
Hands-On
exercise
or
lab
work.
B
B
The
course
development
should
not
take
too
long
for
these
courses.
That
is
only
about
30
minutes
of
material,
so
I,
don't
foresee
it
taking
too
long
to
do
these.
I
just
need
I
need
the
brains.
I
need
the
sneeze
to
help
execute
this,
so
we're
trying
to
do
them
under
the
different
umbrellas
and
open
ssf
idea
around
the
working
groups
is
one
of
the
ideas
that
I
had
so
I'm
open
to
questions
and
feedback.
E
Oh,
my
God.
Yes,
thank
you!
So
what
I've
been
trying
to
get
done
so
I've
been
like
trying
to
get
like
three
blogs
out,
but
as
a
volunteer
I
don't
want
to
do
this.
This
is
very
much
a
Linux
thing,
so
I'm
so
glad
you're
going
to
do
this.
What
we've
been
trying
to
get
so
basically
I
have
to
field
phone
calls
right
now,
like
Zoom
calls
from
ospo's
all
around
the
globe,
asking
me
how
they
can
get
involved
in
ossf
and
I,
say:
I,
don't
work
for
them.
Stop
making
me
take
these
calls.
E
So
there's
two
different
types
of
profiles
that
we
need
to
explicitly
create
a
journey
for
most
important
I
need
a
Blog
out
like
yesterday
that
talks
about
the
right
working
groups
for
an
ospo
specifically,
so
that
there
can
be
a
better
understanding
of
people
with
money
Pockets.
Where
do
they
need
to
go?
E
And
let's
not
put
them
into
the
working
groups,
where
they're
not
going
to
feel
valued
first
thing
right,
but
when
the
high-powered
ones
so
ospo
journey
and
then
hobbyist
or
volunteer
Journey
or
developer
Journey,
so
getting
them
to
know
which
are
the
like
hard
engineering,
Pathways
and
then
a
third
one
which
we
can
have
a
lower
priority,
but
is
clearly
very
important
and
the
need
for
tractability
of
contributors,
a
student
portal
or
student
Journey,
but
I
need
that
aspo
on
like
right
away.
We
all
need
it.
So
that'll
be
great.
So.
A
The
blog
we
can
work
with
Jennifer
Bly
on
and
we
can
do
that
at
any
time.
There's
no
blocker
there
at
all.
We
can
start
so
if
you
want
to
either
start
an
email
thread
or
open
an
issue
and
tag
me
on
it,
we
can
start
to
collaborate
and
work
on
that
back
and
forth,
and
I'll
get
Jennifer
looped
in
I.
Don't
know
if
Cassidy
has
any
other
ideas,
but
the
blog
is
simple
and
we
can
start
today.
B
Yeah
so
with
the
working
groups,
I
kind
of
saw
them
each
as
separate,
but
what
we
could
do
as
well
is
Target
those
areas
that
you
were
mentioning
and
just
kind
of
group
them
together.
The
only
thing
I
worry
about
is
the
vast
amount
of
information
it
just
being
a
small
course
having
one
for
each.
There
could
also
be
a
learning
path
that
would
take.
You
could
group
them
into
different
learning
paths
and
have
a
few
for
each.
E
Yeah
yeah
I,
think
I
mean
better
explanations
and
onboarding
for
each
little
working
groups,
but
it
very
much
is-
and
this
is
why
people
are
on
phone
calls
with
me
and
not
in
your
working
groups.
There
are
very
much
specific
clusters
that
specific
identities
need
to
be
involved
in,
and
you
have
a
really
high
loss
rate
right
now,
because
the
wrong
people
go
to
the
wrong
places
and
never
come
back.
E
So
that's
yeah
I.
We.
C
B
E
D
It
does
it
sounds
like
first
of
all,
before
you
drill
in
is
the
what
are
all
the
working
groups
yeah
instead
of
the
instead
of
drill
in
on
on
one
specific
one,
because
I
don't
know
that
I
mean,
if
you're
from
the
outside.
How
would
you
know
which
is
which
anyway,.
D
A
Again
to
Sal
we
have
a
group:
that's
trying
to
solve
this
particular
problem
already
the
diagram
of
society,
so
I
would
again
route
you
there.
If
you
have
issue
open
an
issue,
open
comments,
harass
us
and
slack
and
try,
let's
see
if
we
can
get
energized
the
group
to
help
enlist
them
as
well.
A
F
I
had
a
conversation
where
we
had
a
conversation
at
LF
about
the
quality
of
blog
posts,
so
I
decided
to
use
GPT
and
Mojo
and
build
my
own
live
blog
generator.
Just
so
you
know
it
works
really
really
well,
like
actually
kind
of
on
can't
like
it's
really
weird
but
yeah.
You
could
just
give
it
even
a
sentence
and
it'll
generate
like
5
000
words
on
you
for.
D
Yeah
FYI,
the
AIML
group,
is
meeting
in
about
two
hours.
Well,
one
and
a
half
hours,
I'm,
probably
gonna,
be
talking
about
that
about
security
event,
I
AIML
systems,
then
so.
C
D
D
We're
off
topic:
Let's:
okay:
let's
stop
go
back.
A
And
then
to
Circle
back
to
Cassidy's
idea
about
the
working
group.
Trainings
I'm
also
plugging
her
in
with
Catherine
druckman,
who
is
going
to
be
leading
the
new
devrel
committee
and
they
are
focused
on
how
to
get
developers
and
maintainers
engaged
and
that's
you
know,
kind
of
a
slightly
different
persona,
but
I
think
that
you'll
also
see
some
good
partnership
there
to
try
to
help
figure
out
the
messaging
and
who
we
are
and
they
can
get
you
connected
with
subject
matter.
Experts
to
provide
you
that
so
yeah.
E
E
And
bringing
you
can
bring
on
a
person
from
each
working
group
given
the
time
to
speak
about
it,
but
I,
just
in
terms
of
getting
this
implemented,
I
would
make
that
high
priority.
I
would
make
it
30
minute
training
that
is
verifiable
in
some
way,
because
as
a
manager
right,
if
I
hire
someone
in
hospital
I'm
gonna
say
day,
one
take
this
training.
Gotta
know
that
you
did
it.
E
So
it's
something
that
we
can
put
a
stamp
on.
That
says
they
have
their
intro
to
ossf.
That's
gonna,
I
think
really
really
help.
So
we.
B
Also
utilize,
the
credly
badges
for
the
express
learning
courses,
so
we
can
have
one
designed,
especially
for
these
two,
and
so
they
can
post
their
badge.
E
And
also
the
badge
for
Community
entry
is
a
really
nice
touch,
it's
something
that
they
do
in
some
other
developer
communities
and
it
gets
rid
of
imposter
syndrome
before
they
get
on
the
call
right.
So
just
cognitively,
that's
a
really
nice
way.
Low
effort,
High
return,
I,
think
that
would
help
a
lot.
B
D
E
D
Yeah,
so
so,
if
we
create
an
agent
more
a
slightly
more
generalized,
what
is
the
open
ssf?
How
do
you
get
involved
in
it
as
long
as
we
made
sure
that
work
for
I
suppose
it
could
probably
work
for
other
situations
too?.
E
Yeah
well,
I
suppose,
typically
on
board,
now
a
lot
of
their
developer
class,
so
they'll
jump
in
first
to
see
where
they're
going
to
engage,
see
where
they
want
to
pay
to
engage
and
then
have
them
strategically
jump
in
so
I
think
that
would
be
a
really
really
helpful
and
at
the
end
of
it
just
like
point
to
developer
resources,
all
the
stuff,
the
stuff
that
we're
already
creating.
So
it's
a
super
nice
Zone.
A
And
I
would
imagine
that
the
osbo
would
be
more
interested
in
consuming
our
output
than
potentially
writing
tools.
Yeah,
it
might
be,
but
they're
more
on
the
consumption
end
correct
exactly.
A
D
A
Excellent,
so
for
Cassidy's
task,
I
have
a
listing
of
all
the
working
group
leads
and
I
can
provide
you.
A
D
D
That's
a
very
broad,
I'm!
Sorry
issue!
169.
there
you
go
I
mean
there's
some
awesome
ideas
in
there.
I
have
drafted
a
starter
developer,
landing
page.
You
know
which
does
not
completely
resolve
that
issue,
but
at
least
I
I
basically
pulled
out
a
piece
of
it
and
tried
to
get
get
started
on
it.
So
there's
a
link
right
there
to
this
early
draft
landing
page.
You
know
I'm
going
to
include
in
there
a
link
to
the
current
drop.
D
So
you
can
see
what
it
looks
like
you
know
not
done,
but
just
so
you
can.
You
know
basically
trying
to
point
people
not
to
everything
the
openness
SF
does,
but
hey
hey
if
you're
trying
to
use
something
what's
available
right
now,
ready
to
use.
A
And
that
particular
issue
was
incredibly
well
written
observation
of
how
the
foundation
is
not
accessible
from
the
maintainer,
Persona
and
I
thought
I.
Think
the
ladies
handle
is
web.
Chick
I
can't
recall
what
her
name
was,
but
she
had
an
incredibly
well
thought
through
issue
she
filed
and
actually
provided
some
suggested.
Solutions
and
again
it
cries
to
the
fact
the
need,
for
you
know
the
training
with
Cassie
is
trying
to
put
together
these
accelerated
learnings.
We
need
to
have
this
type
of
stuff
to
get
those
communities
involved
with
us.
A
A
All
right
do
we
want
to
jump
into
the
newbies
class
or
are
there
other
topics
we
want
to
talk
about.
A
Another
variation
on
the
developer,
maintainer
Persona
is
we've
had
a
lot
of
interactions
with
newcomers.
Recent
graduates,
people
looking
to
get
into
open
source,
Development
Career
changes.
So
to
speak.
So
we
started
the
idea
of
assembling
information
on
an
intro
to
working
with
open
source
OSS
for
newbies,
and
my
friend
Max
from
Major
League
hacking
went
through
and
added
a
couple
added.
A
D
I
I
think
it's
it's
value.
It's
certainly
valuable.
The
look!
Oh
and
I'm.
Sorry
Cassidy
had
to
go
right
when
I
was
gonna.
Ask
her
a
question
because
the
LF
actually
does
have
some
courses.
I,
don't
know
if
any
of
them
really
meet
this
particular
desire,
but
I
think
before
we
create
before
creating
new
course.
Let's
make
sure
that
one
doesn't
already
exist
and
in
particular,
if
one
almost
does
it,
but
it
has
some
weaknesses
we
might
be
able
to
take.
You
know:
okay,
it's
80.
D
A
Yeah
that,
yes,
obviously,
that
would
need
to
be
the
main
driving
purpose
behind
it.
For
us,
yeah.
F
And
David
I
already
told
Tim
and
our
there
there's
kind
of
an
effort
to
get
a
meeting
between
Chrome
and
Tim
together,
because
Tim
has
thoughts
on
this
as
well.
A
And
I
would
absolutely
agree.
We
don't
want
to
recreate
the
wheel
and
if
our
value
add,
is
federating
and
aggregating
all
the
existing
material
and
making
a
nice
presentation
layer
delivery
of
this
hey.
Here's
all
these
things
that
a
newbie
can
do
and
tick
off
the
box
so
to
speak.
That
would
be,
you
know
as
good,
but
if
there
are
gaps,
I
think
it's
great,
we
could
add.
Supplementary
training
contribute
back
to
those
classes.
A
Here's
some
additional
things
to
help
address
this
particular
Persona,
because
the
intention
might
not
of
those
I
imagine
those
classes
may
not
be
thinking
about
the
the
newcomer
Journey.
Potentially
you
know,
I'm
fresh
out
of
college
I,
don't
have
a
lot
of
actual
working
experience.
I
know
how
do
I
get
integrated
and
start
to
become
a
contributor.
D
I
will
add-
and
this
is
you
know,
unfortunately,
but
I
I'm
speaking
of
someone
who
is
who
teaches
actually
at
a
university.
You
know
it
is
remarkable.
Yeah
I
have
a
number
of
students
who
are
on
the
workforce
and
a
number
of
students
who
have
never
been
in
the
workforce,
and
it
is
remarkable,
even
after
years
of
going
through
school,
how
many
of
the
basics,
the
folks
who've
only
been
through
school.
Don't
know
you
know.
D
D
No,
we
we
no
I
mean
you
know
what
there
are
people
there
are.
Definitely
people
use
Delphi
if
Delphi
is
a
serious
use
in
the
financial
world.
We
don't
teach
Pascal
by
the
way,
but
you.
D
D
But
coming
back
to
this,
though
you
know
it
is
a
challenge
that
even
you
know
even
the
folks
who
go
to
university
and
learn
lots
of
stuff.
They
will
learn
lots
of
things,
but
it's
I.
It's
easy
to
forget
the
things
they
don't
know.
A
Well
and
I
imagine
that
it's
focusing
more
on
Theory
and
critical
thinking,
not
necessarily
current
state
of
the
art
tool,
how
things
are
done
in
the
real
world
right.
D
A
In
the
Cleveland
area,
because
there
were
so
many
universities-
and
we
had
such
a
good
integration
with
our
academic
professorship-
that
we
tried
to
influence
the
security
curriculum
for
a
decade
and
made
very
small
impacts
on
the
dozen
or
so
colleges
and
universities
around
the
area.
C
Instead
of
focusing
on
colleges
or
universities,
is
it
possible
to
focus
on
like
potentially
putting
that
knowledge
and
like
knowledge
base
on
mlh,
because
I.
D
Know
this
is
what
we're
talking
about,
because
you're
saying,
even
if
you
go
to
university,
you
don't
know
this
so
so
yeah,
there's
a
need
for
for
this
regardless
and
I
haven't
seen
the
latest
stats
I.
Think
it's
about
half
and
half
about
half
of
the
current
developers
go
to
universities
and
colleges
to
learn
this
and
the
other
half.
Don't.
A
And
just
for
some
context
of
this
group
has
a
proposal
on
how
to
improve
security,
secure
development,
education
and
our
approach
was
very
multi-focused,
where
we
wanted
to
focus
in
on
primary
and
secondary
education.
University
College
trade
school
people
are
already
in
the
career
and
looking
to
upskill
or
change
careers.
So
we
have
a
couple
different
personas
we're
looking
at
addressing
and
many
different
paths
to
get
that
information
out
to
the
different
Learners
and
it
would
be
a
company.
A
There
would
be
some
traditional
classes,
there
might
be
boot
camps,
there
could
be.
We
have
a
training
tool
that
Randall
and
team
helped
manage
for
us.
The
SKF
security
knowledge
framework
that
actually
is
like
Hands-On
Labs.
So
we
have
a
lot
of
different
techniques
and
approaches
to
get
this
stuff
out.
J.
G
Yeah
I've
long
since
you
know
raised
the
argument.
It's
just
like
it's
just
like
well,
I
could
always
say
argument,
like
the
bachelor's
degree,
is
a
new
high
school
diploma.
I
I
I've
raised
that
argument,
but
I
say
the
same
thing
on
the
security
side.
You
know
we,
we
got
supply
chain
security,
you
know,
which
is
seems
to
be
a
subset
of
now.
Cyber
security-
and
you
know
I
I,
say
to
people
I
was
I,
was
studying
this
stuff
before
was
sexy
so
that
this
is
back
when
it
was
just.
G
You
know
straight
up
you,
software
engineering,
you
learn
something
about
Arrow
checking
and
error
handling,
and
then
you
merge
over
into
what
is
called
information.
Security
period
point
point
black
period,
information
security
of
my
firm
opinion.
There
needs
to
be
an
information
security
course.
That's
foundational
that
gives
you
a
basic
foundational
understanding
of
what
information
security
is
because,
if
I
sit
in
another
meeting
with
somebody
who
should
know
better
says,
what's
the
difference
between
a
security
framework
and
compliance
requirements,
I
I
might
lose
my
mind.
D
Yeah
we
already
do
have
a
course
on
how
to
develop,
secure
software
there
and
there's
a
and
it
does
actually
talk
about
things
like
the
CIA
Triad
and
that
sort
of
thing,
if,
if
it's
relative
I'm
pretty
sure
it
doesn't
cover
that
specific
point.
But
if
it's
a
couple
key
points,
it's
missing.
We
could
add
it
or
again,
but
but
you
know
the
developer
course.
Obviously
it's
drilling
down
into
eurosoft
for
developer.
It's
obviously
not
tuned
right.
It's
not
tuned
to
folks
who
aren't
developing
software.
D
A
G
You
know
we
got,
we
got
to
crawl
before
we
walk
and
walk
before
we
run,
I
mean
how
like
I
I,
don't
know
when
it
became
okay
to
just
jump
to
like
something
so
complex
as
supply
chain.
Security
today
expect
and
health.
We
didn't
even
finish
our
breakfast
on
that
before
now
we're
talking
about
secure
use
of
AIML
and
developing
software
and
Services
I
mean
we
didn't
even
finish
our
breakfast
on
supply
chain
and
we're
still
developing
stuff
that
nobody
understands
right
so
I
like
it,
but
but
to
go
back
and
say
well.
G
What
is
the
foundational
you
talk
about
the
CIA
trial?
Who
knows
today
now,
if
you
say
CIA
Triad,
if
I
was
to
say
okay?
Well,
then,
let's
talk
about
Dad.
Let's
talk
about
dad
who
the
hell,
you
know,
I
mean
nobody,
you
we
don't.
We
don't.
Even
you
know
so
so,
like
like
I,
said
dude,
we
need
to
have
a
come
to
come
to
the
Mountaintop
moment
and
just
say:
let's
take
a
step
back
and
teach
people
some
foundational
elements
of
this
stuff.
Exactly
you
know,
I
mean
you
know
it's
about.
Oh,
don't
hey!
G
G
So
you
see
you
see
what
I'm
saying
you
see,
you
see,
Chrome,
that's
why
you
and
I
we
just
you
know:
I
mean
I'll,
never
leave
you
Crow,
but
but
that
needs
to
happen,
because
these
are
foundational
items
that
will
take
somebody's
understanding
of
what's
going
on
today
and
say:
okay,
I
can
properly
apply
this
to
to
foundational
knowledge
and
then
expand
upon
it
to
expand
upon
it
towards
what's
emerging
right,
and
so
it
all
makes
sense.
G
So
I
mean
I'll
jump
off
my
soapbox,
but
that's,
but
that's
those
are
the
things
I
see
that
I
think
we
need
to.
We
need
to
you,
know:
I'm
off
my
soapbox.
D
Here's
the
thing
I'm
gonna,
try
to
share
this.
Your
soapbox
briefly
I'll
put
my
stick
my
toe
on
there.
So
once
Intel's
material
comes
over
first
of
all
for
for
instructor-led
I
think
you
know
that
I
mean
we
haven't
seen
the
material.
Yet
my
expectation
is
that
it's
going
to
be
great,
we're
gonna
have
some
oh.
What
about
this
is
we'll
propose
some
improvements
and
Intel
will
be
happier
their
course
will
be
better,
we'll
be
happier
I
mean
things
will
be
better.
D
My
hope
is
that
it
once
we've
kind
of
gone
through
that
process
of
of
review
and
refinement.
Maybe
we
could
extract
it
into
something.
That's
my
brain
is
off
self.
Something
doesn't
require
an
instructor.
F
D
Yeah
I
mean
universities
have
the
serious
advantage
that
people
actually
still
care
about
degrees
and
are
willing
to
show
up
for
courses
to
get
a
degree.
And
that
doesn't
always
happen.
And.
A
Again,
thinking
back
to
our
proposed
Triad
that
you
know
our
strategy
is,
we
have
instructor-led
classes,
we
have
computer-based
Hands-On
learning
like
SKF
and
then
we
have
that
other
third
area
right.
It's
boot
camps,
podcasts
blogs,
webinars
to
you,
know
it's
all
based
off
of
a
that
core
content
and
it's
just
adjusted
for
the
the
venue.
The
channel
I
can't
find
I
lost
all
my
awesome
bookmarks,
so
I
can't
find
our
spreadsheet
and
if
Dave
was
here,
you
could
point
me
to
the
damn
spreadsheet
but
yeah.
A
We
probably
need
to
sit
down
seriously
in
one
of
these
calls
and
do
the
assessment
of
what
content
we
have
what
we
want
to
present
and
what
gaps
do
we
have?
We
have?
We
have
not
done
that
kind
of
Gap
assessment.
We
did
the
log
if
we've
found
all
this
stuff,
but
we've
not
synthesized
that
into
useful
wisdom.
Yet.
A
Great,
thank
you
Randall,
no
problem
bye.
Well,
do
we
have
any
additional?
You
know
thoughts,
so
it
sounds
like
again.
This
is
A
New
Perspective.
We
need
to
address
this.
Newbie
sounds
like
this
will
be
good
effort
to
work
on
any
other
thoughts
or
conversation.
We
want
to
have
on
that
matter.
A
If
not,
I
will
adjourn
us
15
minutes.
Early
I
will
see
some
of
you
in
the
vulnerability
disclosure
call
later
today
and
the
rest
thanks
for
coming
and
looking
forward
to
collaborating
in
the
future
have
a
great
day.