[Global_conference_committee] GCC VOTE: GCC 2011 Plan

Sun Dec 12 16:24:42 EST 2010

GCC Members,

Based on friday's meeting, I've slightly modified the plan (mainly around
the travel initiative).  I'd like for us to vote on and approve this plan.
 We will go with 50% + 1 Voting model.

If approved, I will parse out the changes we need to take to the board, and
provide to them (via Kate) these items (such as budget and signature
authority).

Mark Bristow: Approve
John Wilander:
Lucas Ferreira:
Richard Greenberg:
Ralph Durkee:
Neil Matatall:
Cassio Goldschmidt:

==========
Goals

   1. Have a Global Appsec in NA, SA, EU, Asia in 2011
   2. Promote OWASP Projects/Initiatives at OWASP Conferences
   3. Enhance Services for Conference Planners
   4. Reach out to developers (have 20% of attendees in a dev position)
   5. Reach out to non-members (have 70% of attendees at cons non-members)
   6. Bring more into the fold (Generate 300 new/renewed members at
   conferences)
   7. Streamline Sponsorships (Global Conference Sponsors, Targeted
   Conference Sponsors)
   8. Revise GCC Governance
   9. Have a profit of $200k in 2011 across all conferences

Policy Changes

   - Change Conference Types to include:
      - OWASP Global AppSec Conferences (Currently AppSec Conferences)
      - OWASP AppSec Conferences (can only be used by global cons, and by
      conferences who have already used this name twice by the end of
2011, moving
      forward, only new Global AppSecs can use this name)
      - OWASP Regional/Theme Conference (currently Regional, all regional
      cons will now have to have a unique theme, development, PHP, Government,
      Browsers …..)
   - GCC Member attendance at conferences Global AppSec and Regional/Theme
   level cons (as available by GCC members and budget)
      - GCC Representative shall not be intimately involved with the
      conference planning to provide an objective assessment.
      - Members will have the opportunity to request travel to scheduled
      events and travel will be assigned based on proximity to the
event, cost and
      member availability.
      - Travel policy to be defined under new governance document
      - GCC member shall interface with the local planning committee at
      least 1 month before trip (attend planning call)
      - Interact with planners/attendees while at conference
      - At the next GCC meeting the traveling member will be expected to
      provide an post trip report covering
         - Assessment of facility
         - Event Marketing Strategy
         - Examination of Event Budget
         - Estimation of Speaker Quality
         - Any notable comments from planners/attendees
         - Any unique outstanding elements
         - Any issues
      - GCC Member signature authority for OWASP (Leverage By-Lawys Article
   VI Section 1 - Designate as Agent)
      - Alleviate need of OWASP Board to sign contracts (currently a
      significant bottleneck)
      - All conference related contracts will be required to go through the
      GCC
      - In general will be responsibility of Chair, however all committee
      members shall be authorized to sign on conference business (no
single point
      of failure)
      - GCC members will not be permitted to sign contracts for conferences
      they organize (except when signature is required immediately)
      - Requires Board Vote
   - All OWASP Branded events MUST use conference mgmt system to use brand
   (must be enforced)
      - See initiatives
      - It’s important to manage the schedule and enforce brand management
      - Any conference not registered & approved will receive no funds or
      support
   - All Global AppSec and Regional/Theme conferences must have OWASP Track
      - See Initiatives, joint venture with Projects Committee

Initiatives

   - OWASP Conference management system (Goal 1, 3)
      - We need a system to take in applications for events, vett them,
      approve them, and schedule them.  The current process of people emailing
      Kate, Me or the board is not acceptable with the number of events we have
      - I see this as critical to establishing control over the OWASP
      schedule and is a top priority
   - OWASP AppSec Track (Goal 2)
      - Partnership with projects committee
      - Have a cadre of speakers, ready to go with presentations about OWASP
      projects/activities
      - Require all OWASP Regional and AppSec events to have an “OWASP
      Track” of at least 6 presentations from this pool, managed, selected, and
      funded by the GCC and the GPC
   - OWASP Global Con Sponsors (Goal 3, 7)
      - Provide unified sponsorships for the Global AppSec Conferences
      - Split revenues among individual conferences budget
      - Streamlines our sponsorships
      - Does not interfere with existing conference sponsorships
   - Central conference support services  (Goal 3)
      - Investigate for-hire international conference support companies
      - Investigate costs for hiring conference organizer
      - Get board approval
   - Conference Marketing (Goal 3)
      - OWASP Conference Twitter accounts
      - OWASP Conference Domain Names
         - Register Names only
         - http://www.AppSecNA.org
         - http://www.AppSecUS.org
         - http://www.AppSecEU.org
         - http://www.AppSecAsia.org
         - http://www.AppSecSA.org <http://www.appsecsa.org/>
         - If already owned by a conference, buy them out/transfer to GCC
         Control
         - GCC will re-direct to any hosting service once the conference has
         been assigned
         - Conference can still register AppSecUS2011.org and we can just
         redirect as appropriate
         - Helps maintain consistency in URLs between years
      - Conference Twitter Accounts
         - Like domains, turned over to planners for their use as
         appropriate
         - @OWASPConfrences – held by the GCC for announcements
         - @OWASPAppSec – held by the GCC for announcements
         - @AppSecNA
         - @AppSecUS
         - @AppSecEU
         - @AppSecAsia
         - @AppSecSA
      - Use of Short URLS on the owasp.org website
         - ex https://owasp.org/AppSecBR points to the wiki page for this
         year’s conference
      - Regional Targeted Mailing Lists
         - To reduce OWASP All traffic
      - OWASP Merchandise Model(Goal 3, Goal9)
      - A shippable “OWASP Store” with OWASP branded items for sale at
      conferences
      - Already exists, just need to formalize
   - OWASP Conference Marketing (global, regional, electronic, print) (Goal
   4,5,6)
      - Procure Booth space at developer focused conferences
      - Provide budget for OWASP Schwag for use at OWASP Booths in other
      conferences
      - Evaluate other advertising mechanisms for conferences

Budget

   - $5000 for conference support (schwag/tables) targeting developer
   conferences
   - $500 OWASP GCC Technology Needs
      - Mainly Domain Names
   - $15,000, OWASP Track Travel expenses (cap, will try and get indv
   company sponsorships)
   - $10,000 GCC Member at all conferences (approx $1500/AppSec, $800
   Regional)

Technology Needs

   - conferences at owasp.org account (managed by chair, redirects to all GCC
   Members, for registration of domains, twitter et all)
   - Regional Mailing List solution
   - Short URLS (http://www,owasp.org/AppSecBR)
   - http://conferences.owasp.org<https://docs.google.com/a/owasp.org/document/d/1sOs9dY9zKLlLaaJMcOvz2nhM8T2OAWQlVciAGM5c5XA/edit?hl=en>
(redirect
   to conference wiki page)
   - Event Management Solution
   - Conference Twitter/Email Accounts/domain names
   -
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_conference_committee/attachments/20101212/746c9d55/attachment-0001.html 