[Global_conference_committee] GCC 2011 Draft Plan

Mark Bristow mark.bristow at owasp.org
Wed Dec 1 14:08:14 EST 2010


Responses inline :)

On Tue, Nov 30, 2010 at 7:42 PM, Ralph Durkee <ralph.durkee at owasp.org>wrote:

>  Great stuff.  My comments are in-line.  Let me know how I can help.
>
>
> --Ralph
>
> On 11/19/2010 1:41 PM, Mark Bristow wrote:
>
> GCC,
>
> After the outcomes of our meetings, several conversations with some of you,
> the board, OWASP Members and my own thoughts, and with the Summit coming up,
> I’ve been putting together a straw man plan and goals for the GCC in 2011.
> This is a bit of a long document, and there are more questions than answers
> in many places, but I think it’s a good start and appreciate your inputs and
> comments.
>
>
>  I'd like to have a meeting in early December to discuss and vote on a
> plan to refine into Portugal.
>
>
>  Available in google doc form here:
> https://docs.google.com/a/owasp.org/document/d/1sOs9dY9zKLlLaaJMcOvz2nhM8T2OAWQlVciAGM5c5XA/edit?hl=en
>
>
>
> *General Thoughts*
>
> How do we better engage developers?  How do we provide significant value to
> them and encourage them to come to conferences?  We need to improve in
> this area to help further the OWASP mission.
>
> Having an OWASP track at the major software development conferences would
> be good approach.  For promoting the Rochester conference we get the
> information out to local development groups such as a Java user group, or
> Apple or Microsoft developers.
>
>
> *Goals*
>
>    1. Have a Global Appsec in NA, SA, EU, Asia in 2011
>    2. Promote OWASP Projects/Initiatives at OWASP Conferences
>    3. Enhance Services for Conference Planners
>
>  I'm new, but I'm under the impression the process for conference planners
> to work with the GCC needs more definition and streamlining as well.
>

Completely agree.

>
>    1. Reach out to developers (have 20% of attendees in a dev position)
>    2. Reach out to non-members (have 70% of attendees at cons non-members)
>    3. Bring more into the fold (Generate 300 new/renewed members at
>    conferences)
>    4. Streamline Sponsorships (Global Conference Sponsors, Targeted
>    Conference Sponsors)
>    5. Revise GCC Governance
>    6. Have a profit of $200k in 2011 across all conferences
>
>  Seem like the right goals, I'm not familiar with past numbers enough to
> know if the numbers are realistic.
>

These are initial targets, but should be attainable for next year.

>
>  *Policy Changes*
>
>    - Change Conference Types to include:
>       - OWASP Global AppSec Conferences (Currently AppSec Conferences)
>       - OWASP AppSec Conferences (can only be used by global cons, and by
>       conferences who have already used this name twice by the end of 2011, moving
>       forward, only new Global AppSecs can use this name)
>       - OWASP Regional/Theme Conference (currently Regional, all regional
>       cons will now have to have a unique theme, development, PHP, Government,
>       Browsers …..)
>
>  Are saying to eliminate regional conference and only have theme
> conferences?
>

The idea was that any conference that wasn't a "Global AppSec" conference
would have some sort of theme behind it.  I don't think this would be a hard
and fast rule however.


>
>
>     - GCC Member attendance at conferences Global AppSec and
>    Regional/Theme level cons (as available by GCC members and budget)
>    - GCC Member signature authority for OWASP (Leverage By-Lawys Article
>    VI Section 1 - Designate as Agent)
>       - Alleviate need of OWASP Board to sign contracts (currently a
>       significant bottleneck)
>       - All conference related contracts will be required to go through
>       the GCC
>       - In general will be responsibility of Chair, however all committee
>       members shall be authorized to sign on conference business (no single point
>       of failure)
>       - GCC members will not be permitted to sign contracts for
>       conferences they organize (except when signature is required immediately)
>       - Requires Board Vote
>
>  Makes sense.
>
>
>     - All OWASP Branded events MUST use conference mgmt system to use
>    brand (must be enforced)
>       - See initiatives
>       - It’s important to manage the schedule and enforce brand management
>       - Any conference not registered & approved will receive no funds or
>       support
>
>   We'd want to roll this out carefully and in phases, getting feedback as
> you go.  If they are required to use it, then we need to make sure it works
> very smoothly, and the people and processes around it are well defined.
>

I agree.  IMO top priority going into next year is to get a hold on all of
the OWASP conferences/events.  Getting this defined and in place would be
key to that.  I would recomend that it start out as a simple, basic form to
take in Conferences and events and move forward from there.


>
>     - All Global AppSec and Regional/Theme conferences must have OWASP
>    Track
>       - See Initiatives, joint venture with Projects Committee
>
>  Might need to be flexible on how we define this, especially for a small 1
> day conference with 1 track or even 2 tracks, it may not be practical to
> have 50 to 100% of the conference be the OWASP track.
>

Well if all of that content is delivered outside the CFP process i'm not
sure what the harm is in getting a second room (unless impossible at the
venue).  The only impact on the conference would be the additional
coordination of the room/av the rest would be handled by us.  I agree tho
that 1 track events, this would not be appropriate, hence the
Regional/Global AppSec distinction.


>
>
>
>
> *Initiatives*
>
>    - OWASP Conference management system (Goal 1, 3)
>    - We need a system to take in applications for events, vett them,
>       approve them, and schedule them.  The current process of people
>       emailing Kate, Me or the board is not acceptable with the number of events
>       we have
>       - I see this as critical to establishing control over (or preventing
>       conflicts in) the OWASP schedule and is a top priority
>
>  We could start really simple and build from there. Such as have a
> application form to fill out and an email address to submit the
> application.
>

Concurr, see above.  The work will be in designing requirements so there is
a master plan even if it's implemented in phases.


>
>     - OWASP AppSec Track (Goal 2)
>       - Partnership with projects committee
>
> o       Have a cadre of speakers, ready to go with presentations about
> OWASP projects/activities
>
> o       Require all OWASP Regional and AppSec events to have an “OWASP
> Track” of at least 6 presentations from this pool, managed, selected, and
> funded by the GCC and the GPC
>
> What's the state of the "OWASP on the Move", and are there any resources,
> information or lessons learned that we glean from it?
>

OOtM is not for conference activities, this would be a separate line item in
our budget.


>
>
>
>    - OWASP Global Con Sponsors (Goal 3, 7)
>       - Provide unified sponsorships for the Global AppSec Conferences
>       - Split revenues among individual conferences budget
>       - Streamlines our sponsorships
>       - Does not interfere with existing conference sponsorships
>    - Central conference support services  (Goal 3)
>       - Investigate for-hire international conference support companies
>       - Investigate costs for hiring conference organizer
>       - Get board approval
>    - Conference Marketing (Goal 3)
>       - OWASP Conference Twitter accounts
>       - OWASP Conference Domain Names
>          - Register Names only
>          - http://www.AppSecNA.org
>          - http://www.AppSecUS.org
>          - http://www.AppSecEU.org
>          - http://www.AppSecAsia.org
>          - http://www.AppSecSA.org <http://www.appsecsa.org/>
>          - If already owned by a conference, buy them out/transfer to GCC
>          Control
>          - GCC will re-direct to any hosting service once the conference
>          has been assigned
>          - Conference can still register AppSecUS2011.org and we can just
>          redirect as appropriate
>          - Helps maintain consistency in URLs between years
>       - Conference Twitter Accounts
>          - Like domains, turned over to planners for their use as
>          appropriate
>          - @OWASPConfrences – held by the GCC for announcements
>          - @OWASPAppSec – held by the GCC for announcements
>          - @AppSecNA
>          - @AppSecUS
>          - @AppSecEU
>          - @AppSecAsia
>          - @AppSecSA
>       - Use of Short URLS on the owasp.org website
>          - ex https://owasp.org/AppSecBR points to the wiki page for this
>          year’s conference
>       - Regional Targeted Mailing Lists
>          - To reduce OWASP All traffic
>
>  Is this going to make use of chapter lists?
>

TBD.  We need a solution here.  May leverage salesforce.


>
>
>      - OWASP Merchandise Model(Goal 3, Goal9)
>       - A shippable “OWASP Store” with OWASP branded items for sale at
>       conferences
>       - Already exists, just need to formalize
>    - OWASP Conference Marketing (global, regional, electronic, print)
>    (Goal 4,5,6)
>       - Procure Booth space at developer focused conferences
>       - Provide budget for OWASP Schwag for use at OWASP Booths in other
>       conferences
>       - Evaluate other advertising mechanisms for conferences
>
>
>
> *Budget*
>
>    - $200k 2011 target conference revenue (Goal 9)
>
>  When you put the 200k under a heading like Budget, makes it sound like
> it's the GCC budget, which I assume isn't what you are saying. The other
> bullets are the budget right?
>

Yes, sorry, the 200k should not be here it's a goal not a budget request as
the rest of the items are.


>
>
>    - $5000 for conference support (schwag/tables) targeting developer
>    conferences
>    - $15,000, OWASP Track Travel expenses (cap, will try and get indv
>    company sponsorships)
>    - $10,000 GCC Member at all conferences (approx $1500/AppSec, $800
>    Regional)
>
>  Funds for software or hosting services might be needed, right?
>

Possibly.  We need to define are requirements and look at options.  I've
started to look into it and there isn't anything out there that really looks
like a good fit for my vision of this, however, as we discuss that vision
may change.  Hopefully we could get hosting space on OWASP existing
infrastructure, if not, we can use my VPS for free to get us started.


>
>  *Governance *
>
>    - Using existing OWASP By-Laws as guide, establish rules for committee
>    - Define process for member election, evaluation and resignation
>    - Define process for chair election, evaluation and resignation
>    - Define GCC  Service Term (With or Without Term Limits)
>    - Committee member requirements
>
>
>
> *Technology Needs*
>
>    - Global_Conferences_Committee at owasp.org account (managed by chair,
>    redirects to all GCC Members, for registration of domains, twitter et all)
>    - Regional Mailing List solution
>    - Short URLS (http://www,owasp.org/AppSecBR)
>    - http://conferences.owasp.org (redirect to conference wiki page)
>    - Event Management Solution
>    - Conference Twitter/Email Accounts/domain names
>
>
>
> --
> Mark Bristow
>
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> AppSec DC 2010 Organizer - https://www.appsecdc.org
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>
>


-- 
Mark Bristow
(703) 596-5175
mark.bristow at owasp.org

OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
AppSec DC Organizer - https://www.appsecdc.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_conference_committee/attachments/20101201/6ecd1f81/attachment-0001.html 


More information about the Global_conference_committee mailing list