[Global_industry_committee] Here is the latest list of registrants for AppSec EU
Rex Booth
rex.booth at owasp.org
Tue May 10 12:28:50 EDT 2011
Sarah,
Thanks for the information. This does help. My follow up questions are:
1) What is the list of invitees?
2) Do we have a critical mass to make it worth holding the session?
These questions are specifically targeted at Joe, David, Eoin and Fabio.
Sarah - to answer your question, I am certainly interested in continuing
the CISO session, but only if we have adequate quality and quantity of
attendance planned. If it's just a handful of folks who happen to work
in industry, then I'm not sure it's worth spending $2k each for Nishi
and I to travel to the conference.
Thanks,
Rex
On 5/10/2011 11:04 AM, Sarah Baso wrote:
> Rex -
> I understand your concern and also want to make sure we have clear
> communication. I do think we have covered most of the items you
> brought up via email or call in the last couple of weeks, but maybe
> the message has not been as consistent or clear as it should have
> been. Here are my thoughts about the issues/questions you brought up.
> (in red)
>
> Although there were some vague discussions about the possibility of
> doing a full day track, we have not had a GIC call that this was ever
> decided. On at least the last 2 GIC calls we have talked about one or
> a few more restricted sessions with a GIC focus.
>
> Here are my reservations/concerns that I'd like to solve before we set
> this in stone:
>
> 1) What is the structure in broader context of the conference? Is the
> GIC session the only break-out session or does it one of many
> break-outs?If you look at the Conference web page (www.appseceu.org/
> <http://www.appseceu.org/>) or wiki page
> (https://www.owasp.org/index.php/AppSecEU2011), it is easy to find
> the conference structure and the answer to your question. The
> conference is offering 3 tracks (3 breakout sessions at most of the
> times that there is not a key note speaker). I have set up our
> sessions to correspond to non-keynote times (10:15-11:00, 12:05-12:50,
> 3:00-3:45). Additionally, the chapter committee is having a chapter
> leader workshop from 2:30 to 6pm on Thursday afternoon.
>
>
> 2) What is our goal/mission?
> As also discussed on the last two calls is to overall work toward
> achieving the GIC's 2011 committee initiatives -- most importantly 1)
> Engage in discussion with the appsec community (and various industry
> verticals) to learn how GIC can become more relevant in the context of
> Industry. 2) Communicate with people not currently involved in OWASP
> about what OWASP and OWASP Tools can offer their organizations and
> determine what things are not currently being offered to them that
> would make them interested in sponsoring/supporting OWASP.
>
> The idea was to determine the best ways to meet these goals.
>
> * One of them was for Nishi to rollout the GIC outreach
> presentation she has been working on (which looks great).
> Nishi's presentation will hopefully communicate to various
> industry personnel some of the things OWASP has to offer. She
> should be able to get some feedback on the presentation at the
> session.Nishi has provided me with a description of her session
> as follows:
>
> /*The purpose for this session is to help organizations understand why
> application security is important and how OWASP can help in making
> their applications more secure. It will give them an opportunity to
> learn what documentation, training, architecture, tools and
> infrastructure is available. The best part is all these materials are
> free. OWSAP provides the solution for their application security
> needs. We are also looking to improve collaboration by helping get
> more organization participating in OWASP projects. This will help us
> ensure that we account for the various needs of industry and develop
> well vetted best practices.*/
>
> * Rex, you volunteered to attend AppSec EU and my understanding
> was that you wanted to go with the purpose of furthering your
> CISO survey. Although I have asked for particulars on the
> goal/mission of this particular activity, I haven't received
> much other than "I'd like to take 30-60 minutes to have a group
> discussion about what information they'd like to see in such a
> survey...basically using our target audience to help develop the
> nature and content of the survey." I would like to hear more on
> what you see as the goals/mission of your session.
>
> * Since our committee really needs to learn more from certain
> members from industry about what ROI they are looking for when
> supporting/sponsoring OWASP... Joe and I determined that I could
> lead that session (with him dialing in/using webex) to share
> some our committee ideas on what we have to offer them and in
> turn hopefully get some honest feedback on whether that would be
> appreciated/utilized
>
>
> 3) If it's scheduled on the 10th, do we have a feeling for how many
> people will stay during the last day?
> While it is the "last day", since the conference is 2 days, i think
> there is a pretty good chance that most of the people will still be
> there. I don't know how else we can gauge this than to invite people
> and see what they respond.
>
> 4) How do we identify invitees and how do we invite them?
> As also noted on our last call and a few emails that you have been
> included on, both Joe and David have said they were willing to go
> through the list of current registrants to determine who we should
> send targeted invitations to (although this won't be a closed door
> session so anyone can attend). Also, Eoin said he has some people he
> wants to send targeted invites to and other GIC members are open to
> send their thoughts (Joe and David will be doing this too). The goal
> is to not have a session saturated with vendors, but instead target
> personnel from various industries that are more the client (for lack
> of a better term). So, individuals coming from financial institutions,
> government, education, retail, etc.
>
>
> I will invite them by sending a paperless post (Joe apparently has
> been getting other business related invitations through this form of
> media, and we both thought it would work well for this):
> http://www.paperlesspost.com/
>
> 5) Have we invited anybody thusfar? If so, who?
> I sent a preliminary invite to Rob Mann from google (one of David's
> contacts) to the GIC roundtable discussion, and told him I would
> follow up this week with other details. I also spoke with Charles
> Schmidt from The MITRE corp in person this morning (at Secure 360). He
> is speaking at AppSec EU and said he would be very interested in
> attending one (or more of our sessions). I told him I would follow up
> later this week with details.
>
>
> 6) What is the incentive for invitees to attend?
> That is part of what I was asking you to put together for your
> session. I have asked Nishi the same thing. As one of the GIC reps
> who volunteered to put things together for this event, I would expect
> you to be part of this planning process. Thoughts?
>
> 7) What is the opportunity cost for invitees to attend and how do we
> mitigate that?
> The opportunity cost would be that they would be missing other
> speakers/break out sessions that they had hoped to attend or would get
> informational benefit from. In order to mitigate that we can do a
> couple of things (my ideas off the top of my head):
>
> * Offer our sessions when there are not other sessions that the
> attendees we are targeting would be interested in attending
> * Offer just as much informational benefit (maybe not the same,
> but a comperable benfit) at our session(s)
> * Offer them some conference discount? Or some other financial
> benefit... a free OWASP membership or one for their
> organization? In order to make this fair to conference
> planners, GIC might have to make up this cost our of our budget.
>
>
> Does this help clarify things?
> I am going to keep moving forward with this committee initatives - for
> the sessions that Nishi and I will be running. Depending on where you
> are at in terms of your session, maybe you think it would be better
> for you to skip the CISO survey session at AppSec EU and just target
> AppSec USA for September?
>
> Regards,
> Sarah Baso
>
> - Show quoted text -
>
>
> On Mon, May 9, 2011 at 1:59 PM, Rex Booth <rex.booth at owasp.org
> <mailto:rex.booth at owasp.org>> wrote:
>
> Friends,
>
> I know the below may be a wall of text, but we have some important
> questions to answer. Eoin and Fabio - if you can weigh in
> (particularly on the industry outreach for attendees), I'd greatly
> appreciate it.
>
> Thanks,
> Rex
>
>
> On 5/8/2011 8:34 PM, Rex Booth wrote:
>
> This is where I'm not entirely comfortable with the GIC
> break-out. My initial understanding was that there would be a
> focused outreach to industry leaders to attend a GIC-sponsored
> track dedicated especially to their needs. What we have
> planned now is a far cry from that vision and, frankly, of
> questionable ROI given the expected travel expenses.
>
> Here are my reservations/concerns that I'd like to solve
> before we set this in stone:
>
> 1) What is the structure in broader context of the conference?
> Is the GIC session the only break-out session or does it one
> of many break-outs?
> 2) What is our goal/mission?
> 3) If it's scheduled on the 10th, do we have a feeling for how
> many people will stay during the last day?
> 4) How do we identify invitees and how do we invite them?
> 5) Have we invited anybody thusfar? If so, who?
> 6) What is the incentive for invitees to attend?
> 7) What is the opportunity cost for invitees to attend and how
> do we mitigate that?
>
> Most importantly, the reality is that we struggle to get
> industry representatives to attend any of our events, let
> alone cross the Atlantic to do so. Accordingly (and fair or
> not), the GIC is relying heavily on our European friends to
> find the right attendees for this. If this is an unrealistic
> expectation, we need to revisit our commitment to the break-out.
>
> I would very much enjoy attending AppSec EU and am grateful
> for Eoin and Fabio's hospitality, but without resolution on
> the above, I don't think it makes sense to spend the money to
> send representatives from the US (especially when Colin is
> already there and may be able to represent us - don't let me
> assume too much, Colin).
>
> Let's get some answers to the above before we start confirming
> logistics.
>
> Thanks,
> Rex
>
> On 5/8/2011 5:01 PM, Sarah Baso wrote:
>
> Eoin- I should be getting that from david, Joe, Rex and
> nishi so I can
> send out the invites in the next day or two. I will send
> it to you and
> if you have anyone to add I would be happy to include them.
>
> Sarah
>
>
> On 5/8/11, Eoin<eoinkeary at gmail.com
> <mailto:eoinkeary at gmail.com>> wrote:
>
> Do we have a list of invited delegates please?
>
> Sent from my HTC hero.
>
> owasp board member
>
> On 8 May 2011 20:30, "Colin
> Watson"<colin.watson at owasp.org
> <mailto:colin.watson at owasp.org>> wrote:
>
> Sarah
>
> Great, I just wanted a "sanity check", and didn't mean
> to put down any
> of the efforts on these initiatives. I missed a couple
> of GIC calls so
> wasn't entirely up to speed.
>
> Colin
>
>
> On Sunday, 8 May 2011, Sarah Baso<sarah.baso at owasp.org
> <mailto:sarah.baso at owasp.org>> wrote:
>
> Hi Colin,
> Thanks for your comme...
>
> I know you are busy with other
>
> effort_______________________________________________
>
> Global_industry_committee mailing list
> Global_industry_committee at lists.owasp.org
> <mailto:Global_industry_committee at lists.owasp.org>
> https://lists...
> www.appsecusa.org
> <http://www.appsecusa.org><http://www.appsecusa.org/>
> @appsecusa, @owaspmsp @OWASPSummit
>
> Dir: 312-869-2779 <tel:312-869-2779>
> skype: sarah.baso
> sarah.baso at owasp.org
> <mailto:sarah.baso at owasp.org><lorna.alamri at owasp.org
> <mailto:lorna.alamri at owasp.org>>
>
> _______________________________________________
> Global_industry_committee mailing list
> Global_indu...
>
>
>
>
>
>
> --
> OWASP Operational Support for Global Chapters, Conferences, and
> Industry Committees
>
> OWASP MSP: Host to OWASP AppSec USA 2011
> September 20-23 Training, Talks, CTF, Showroom, and More
> www.appsecusa.org <http://www.appsecusa.org/>
> @appsecusa, @owaspmsp @OWASPSummit
>
> Dir: 312-869-2779 <tel:312-869-2779>
> skype: sarah.baso
> sarah.baso at owasp.org <mailto:lorna.alamri at owasp.org>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_industry_committee/attachments/20110510/4492e5a1/attachment-0001.html
More information about the Global_industry_committee
mailing list