Skip to main content
Image coming soon

GEN1600 Mastering OWASP for Project Managers Delivering Secure Digital Services

$199.00
Adding to cart… The item has been added

A tailored course, built for your situation

Mastering OWASP for Project Managers Delivering Secure Digital Services

Build trusted, audit-ready security outcomes into project execution from design to deployment

$199 one-time
24-hour access provisioning 30-day money-back guarantee Hand-built implementation playbook
12 modules. 12 chapters per module. 144 chapters total.
12 modules, each with 12 chapters (144 chapters total), text-based, plus downloadable templates and a hand-built implementation playbook delivered alongside course access.
Spending cycles reconciling security feedback after development is complete

The situation this course is for

Projects stall when security is an afterthought. Developers rebuild, budgets bleed, and trust erodes when compliance gaps surface late. The cost isn’t just time, it’s credibility.

Who this is for

Project Manager in public sector or regulated environment leading digital service delivery, accountable for on-time, audit-ready outcomes

Who this is not for

Developers seeking code-level OWASP implementation, or executives wanting strategic risk overviews

What you walk away with

  • Produce OWASP-aligned project documentation accepted without senior review
  • Lead cross-functional teams through security sign-off without external facilitation
  • Respond to regulator-facing review requests with pre-built, source-backed evidence packs
  • Own the end-to-end vendor security review track for SaaS and third-party integrations
  • Ship the first internal working proof of OWASP compliance within 30 days of deployment

The 12 modules (with all 144 chapters)

Module 1. Foundations of OWASP in Public Sector Delivery
Map OWASP Top 10 to project milestones common in municipal and regulated environments. Understand where security decisions impact delivery velocity.
12 chapters in this module
  1. Defining OWASP scope in non-technical project plans
  2. Linking project phases to OWASP risk categories
  3. Security milestones in public-facing digital services
  4. Regulator expectations for municipal IT delivery
  5. Common compliance gaps in city-led projects
  6. Documenting decisions for audit trails
  7. Integrating OWASP into project charters
  8. Stakeholder alignment on security thresholds
  9. Risk register integration with OWASP findings
  10. When to escalate OWASP concerns
  11. Balancing speed and security in agile builds
  12. Case: Calgary Transit digital ticketing review
Module 2. OWASP Integration in Project Initiation
Start right: bake security checks into kickoffs and vendor selection. Avoid rework by anchoring scope to known compliance benchmarks.
12 chapters in this module
  1. Security criteria in RFI responses
  2. Vendor pre-qualification using OWASP checklists
  3. Scope language that prevents downstream conflict
  4. Including OWASP in project charter sign-off
  5. Kickoff meeting security agenda
  6. Documenting third-party risk assumptions
  7. Baseline definitions for secure delivery
  8. Project manager’s role in OWASP scoping
  9. Aligning legal and security early
  10. Tracking security commitments in contracts
  11. Municipal procurement nuances
  12. Case: City of Edmonton portal rebuild
Module 3. Threat Modeling for Non-Technical Leads
Lead threat assessments without coding knowledge. Use structured frameworks to guide technical teams and document decisions.
12 chapters in this module
  1. Running threat workshops without technical depth
  2. Using STRIDE to frame discussions
  3. Documenting design decisions for auditors
  4. Mapping data flows to OWASP risks
  5. Creating visual threat maps for leadership
  6. Security decisions log template
  7. When to loop in internal security teams
  8. Preventing scope creep from security asks
  9. Timeboxing threat analysis phases
  10. Outputs expected from external vendors
  11. Common misalignment points
  12. Case: BC Housing tenant portal review
Module 4. Vendor Security Review Ownership
Take full control of third-party review cycles. Use OWASP to set expectations, track compliance, and close loops without escalation.
12 chapters in this module
  1. Receiving evidence from vendors
  2. Assessing SOC 2 reports through OWASP lens
  3. Using CAIQ questionnaires effectively
  4. Scoring vendor responses objectively
  5. Identifying red flags in documentation
  6. Follow-up question templates
  7. Managing review timelines
  8. Escalation paths for gaps
  9. Legal hold points for non-compliance
  10. Documenting decisions for later audits
  11. Building a vendor security history log
  12. Case: Alberta Health Services SaaS rollout
Module 5. Secure Development Milestones
Track progress using OWASP-aligned checkpoints. Ensure developers deliver compliance-ready outputs at each stage.
12 chapters in this module
  1. OWASP gates in sprint planning
  2. Code review expectations for project leads
  3. Security testing integration points
  4. Pen testing scheduling and scope
  5. Tracking findings to resolution
  6. Reporting progress without technical jargon
  7. Integrating DevSecOps outputs
  8. Managing retesting cycles
  9. Sign-off checklists for non-developers
  10. Handover documentation standards
  11. Avoiding last-minute fire drills
  12. Case: Toronto 311 service upgrade
Module 6. Documentation for Audit Readiness
Produce artefacts that satisfy internal and external reviewers. Focus on clarity, consistency, and source-backed claims.
12 chapters in this module
  1. Building the audit package proactively
  2. OWASP narrative for non-technical reviewers
  3. Version control for compliance docs
  4. Evidence collection templates
  5. Cross-referencing controls to findings
  6. Formatting for regulator clarity
  7. Internal review submission process
  8. Preparing for follow-up questions
  9. Maintaining documentation post-launch
  10. Archiving for future audits
  11. Common feedback loops from assessors
  12. Case: Vancouver Open Data Platform
Module 7. Stakeholder Communication on Security
Explain OWASP implications clearly to executives, legal, and non-technical teams. Keep momentum without oversimplifying.
12 chapters in this module
  1. Translating risks for leadership
  2. Framing delays due to security work
  3. Building trust through consistency
  4. Regular security status updates
  5. Handling media-sensitive findings
  6. Messaging during incident prep
  7. Aligning legal and communications teams
  8. When to disclose vulnerabilities
  9. Maintaining transparency without panic
  10. Building a reputation for integrity
  11. Owning the narrative under pressure
  12. Case: Ottawa Wi-Fi network rollout
Module 8. Regulator-Facing Review Execution
Lead responses to compliance inquiries. Deliver complete, confident packages that prevent follow-ups.
12 chapters in this module
  1. Understanding municipal regulator expectations
  2. Receiving and triaging requests
  3. Assigning response ownership
  4. Reviewing technical inputs for accuracy
  5. Compiling evidence packages
  6. Pre-submission quality checks
  7. Handling tight deadlines
  8. Documenting exceptions properly
  9. Building institutional memory
  10. Post-review closure steps
  11. Improving for next cycle
  12. Case: Alberta Auditor General review
Module 9. Post-Implementation Security Sustainment
Keep systems compliant after launch. Monitor, update, and prepare for renewal cycles.
12 chapters in this module
  1. Operating model handover to IT
  2. Defining ongoing testing schedules
  3. Monitoring for new OWASP risks
  4. Patch management coordination
  5. Annual review planning
  6. Budgeting for security upkeep
  7. Vendor contract renewals and OWASP
  8. Tracking changes impacting compliance
  9. Incident response integration
  10. Lessons learned documentation
  11. Updating playbooks for next project
  12. Case: Calgary Parking Pay App
Module 10. Cross-Functional Escalation Leadership
Become the go-to resolver for peer teams. Use OWASP as a shared standard to align conflicting priorities.
12 chapters in this module
  1. Receiving escalations from peer projects
  2. Assessing severity and impact
  3. Convening the right parties
  4. Facilitating resolution workshops
  5. Documenting cross-team decisions
  6. Owning the final recommendation
  7. Communicating outcomes broadly
  8. Building reciprocity loops
  9. Earning repeat referrals
  10. Scaling influence beyond your team
  11. Maintaining neutrality in conflicts
  12. Case: Inter-municipal data sharing initiative
Module 11. Building Reusable Compliance Artefacts
Create templates, playbooks, and checklists that compound value across projects and teams.
12 chapters in this module
  1. Identifying repeatable components
  2. Template design for clarity and reuse
  3. Naming conventions for discoverability
  4. Version control for shared assets
  5. Onboarding new teams to playbooks
  6. Tracking usage and impact
  7. Improving based on feedback
  8. Sharing across departments
  9. Protecting sensitive templates
  10. Building a compliance knowledge base
  11. Integrating with existing PMO tools
  12. Case: Provincial PMO adoption in BC
Module 12. Owning End-to-End Security Outcomes
Lead from initiation to audit with confidence. Deliver trusted, repeatable results that elevate your role.
12 chapters in this module
  1. From project start to sign-off
  2. Creating a personal delivery signature
  3. Demonstrating leadership beyond timelines
  4. Measuring security success quantitatively
  5. Building a track record of trust
  6. Positioning for complex assignments
  7. Mentoring junior project managers
  8. Sharing best practices externally
  9. Contributing to policy evolution
  10. Maintaining personal credibility
  11. Creating lasting institutional value
  12. Case: Mike Keizer’s multi-project legacy

How this maps to your situation

  • Leading a municipal digital service rebuild
  • Managing third-party vendor security reviews
  • Responding to regulator compliance request
  • Resolving cross-team security escalations

Before vs. after

Before
Waiting for security teams to validate designs, reacting to audit findings, rebuilding deliverables after review
After
Shipping OWASP-aligned documentation on time, leading reviews without escalation, owning sign-off decisions

What's included with your purchase

  • 12 modules with 12 chapters each (144 chapters)
  • Downloadable templates and worked examples for every module
  • Hand-built implementation playbook delivered alongside course access
  • 30-day money-back guarantee

Delivery and format

  • Course and learning environment access provisioned within 24 hours of purchase
  • Hand-built implementation playbook delivered alongside course access

Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.

Time investment: 60-90 minutes per week over 8 weeks to complete all modules and implement core templates.

If nothing changes
Projects will keep facing last-minute rework, stakeholders will lose trust in delivery timelines, and high-visibility security work will go to teams seen as more reliable.

How this compares to the alternatives

Unlike generic OWASP training for developers, this course is tailored for project leaders , focusing on documentation, decision-making, and stakeholder management. No coding required, no theory without application.

Frequently asked

Do I need technical development experience to benefit from this course?
No. This course is designed for project leaders who need to manage security outcomes, not write code. All concepts are taught through project management lenses.
How is the course structured?
12 modules, each containing 12 chapters (144 chapters total).
Will this help me in municipal or public sector compliance reviews?
Yes. The course includes municipal-specific examples, regulator expectations, and documentation standards used in Canadian public sector audits.
$199 one-time. 60-90 minutes per week over 8 weeks to complete all modules and implement core templates..

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

30-day money-back guarantee· 144 chapters· Hand-built playbook included· Account access within 24 hours