A tailored course, built for your situation
Mastering OWASP for Project Managers Delivering Secure Digital Services
Build trusted, audit-ready security outcomes into project execution from design to deployment
The situation this course is for
Projects stall when security is an afterthought. Developers rebuild, budgets bleed, and trust erodes when compliance gaps surface late. The cost isn’t just time, it’s credibility.
Who this is for
Project Manager in public sector or regulated environment leading digital service delivery, accountable for on-time, audit-ready outcomes
Who this is not for
Developers seeking code-level OWASP implementation, or executives wanting strategic risk overviews
What you walk away with
- Produce OWASP-aligned project documentation accepted without senior review
- Lead cross-functional teams through security sign-off without external facilitation
- Respond to regulator-facing review requests with pre-built, source-backed evidence packs
- Own the end-to-end vendor security review track for SaaS and third-party integrations
- Ship the first internal working proof of OWASP compliance within 30 days of deployment
The 12 modules (with all 144 chapters)
- Defining OWASP scope in non-technical project plans
- Linking project phases to OWASP risk categories
- Security milestones in public-facing digital services
- Regulator expectations for municipal IT delivery
- Common compliance gaps in city-led projects
- Documenting decisions for audit trails
- Integrating OWASP into project charters
- Stakeholder alignment on security thresholds
- Risk register integration with OWASP findings
- When to escalate OWASP concerns
- Balancing speed and security in agile builds
- Case: Calgary Transit digital ticketing review
- Security criteria in RFI responses
- Vendor pre-qualification using OWASP checklists
- Scope language that prevents downstream conflict
- Including OWASP in project charter sign-off
- Kickoff meeting security agenda
- Documenting third-party risk assumptions
- Baseline definitions for secure delivery
- Project manager’s role in OWASP scoping
- Aligning legal and security early
- Tracking security commitments in contracts
- Municipal procurement nuances
- Case: City of Edmonton portal rebuild
- Running threat workshops without technical depth
- Using STRIDE to frame discussions
- Documenting design decisions for auditors
- Mapping data flows to OWASP risks
- Creating visual threat maps for leadership
- Security decisions log template
- When to loop in internal security teams
- Preventing scope creep from security asks
- Timeboxing threat analysis phases
- Outputs expected from external vendors
- Common misalignment points
- Case: BC Housing tenant portal review
- Receiving evidence from vendors
- Assessing SOC 2 reports through OWASP lens
- Using CAIQ questionnaires effectively
- Scoring vendor responses objectively
- Identifying red flags in documentation
- Follow-up question templates
- Managing review timelines
- Escalation paths for gaps
- Legal hold points for non-compliance
- Documenting decisions for later audits
- Building a vendor security history log
- Case: Alberta Health Services SaaS rollout
- OWASP gates in sprint planning
- Code review expectations for project leads
- Security testing integration points
- Pen testing scheduling and scope
- Tracking findings to resolution
- Reporting progress without technical jargon
- Integrating DevSecOps outputs
- Managing retesting cycles
- Sign-off checklists for non-developers
- Handover documentation standards
- Avoiding last-minute fire drills
- Case: Toronto 311 service upgrade
- Building the audit package proactively
- OWASP narrative for non-technical reviewers
- Version control for compliance docs
- Evidence collection templates
- Cross-referencing controls to findings
- Formatting for regulator clarity
- Internal review submission process
- Preparing for follow-up questions
- Maintaining documentation post-launch
- Archiving for future audits
- Common feedback loops from assessors
- Case: Vancouver Open Data Platform
- Translating risks for leadership
- Framing delays due to security work
- Building trust through consistency
- Regular security status updates
- Handling media-sensitive findings
- Messaging during incident prep
- Aligning legal and communications teams
- When to disclose vulnerabilities
- Maintaining transparency without panic
- Building a reputation for integrity
- Owning the narrative under pressure
- Case: Ottawa Wi-Fi network rollout
- Understanding municipal regulator expectations
- Receiving and triaging requests
- Assigning response ownership
- Reviewing technical inputs for accuracy
- Compiling evidence packages
- Pre-submission quality checks
- Handling tight deadlines
- Documenting exceptions properly
- Building institutional memory
- Post-review closure steps
- Improving for next cycle
- Case: Alberta Auditor General review
- Operating model handover to IT
- Defining ongoing testing schedules
- Monitoring for new OWASP risks
- Patch management coordination
- Annual review planning
- Budgeting for security upkeep
- Vendor contract renewals and OWASP
- Tracking changes impacting compliance
- Incident response integration
- Lessons learned documentation
- Updating playbooks for next project
- Case: Calgary Parking Pay App
- Receiving escalations from peer projects
- Assessing severity and impact
- Convening the right parties
- Facilitating resolution workshops
- Documenting cross-team decisions
- Owning the final recommendation
- Communicating outcomes broadly
- Building reciprocity loops
- Earning repeat referrals
- Scaling influence beyond your team
- Maintaining neutrality in conflicts
- Case: Inter-municipal data sharing initiative
- Identifying repeatable components
- Template design for clarity and reuse
- Naming conventions for discoverability
- Version control for shared assets
- Onboarding new teams to playbooks
- Tracking usage and impact
- Improving based on feedback
- Sharing across departments
- Protecting sensitive templates
- Building a compliance knowledge base
- Integrating with existing PMO tools
- Case: Provincial PMO adoption in BC
- From project start to sign-off
- Creating a personal delivery signature
- Demonstrating leadership beyond timelines
- Measuring security success quantitatively
- Building a track record of trust
- Positioning for complex assignments
- Mentoring junior project managers
- Sharing best practices externally
- Contributing to policy evolution
- Maintaining personal credibility
- Creating lasting institutional value
- Case: Mike Keizer’s multi-project legacy
How this maps to your situation
- Leading a municipal digital service rebuild
- Managing third-party vendor security reviews
- Responding to regulator compliance request
- Resolving cross-team security escalations
Before vs. after
What's included with your purchase
- 12 modules with 12 chapters each (144 chapters)
- Downloadable templates and worked examples for every module
- Hand-built implementation playbook delivered alongside course access
- 30-day money-back guarantee
Delivery and format
- Course and learning environment access provisioned within 24 hours of purchase
- Hand-built implementation playbook delivered alongside course access
Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.
Time investment: 60-90 minutes per week over 8 weeks to complete all modules and implement core templates.
How this compares to the alternatives
Unlike generic OWASP training for developers, this course is tailored for project leaders , focusing on documentation, decision-making, and stakeholder management. No coding required, no theory without application.
Frequently asked
Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.