[Global_conference_committee] GCC VOTE: GCC 2011 Plan

Mark Bristow mark.bristow at owasp.org
Tue Dec 14 10:47:02 EST 2010


Cassio... some inline comments

On Tue, Dec 14, 2010 at 3:20 AM, Cassio Goldschmidt <cassio at owasp.org>wrote:

> Very nice plan Mark! Here are a couple of suggestions:
>
> each out to non-members (have 70% of attendees at cons non-members) -> I
> think the goal should be that *everyone* becomes a member. We
> should make the price of conference + membership < price of conference for
> all conference.
>

This is actually problematic.  For example, some companies (and governments)
will gladly pay for conference admission, but can not sponsor professional
organization memberships due to regulations.


>  Require all OWASP Regional and AppSec events to have an “OWASP Track” of
> at least 6 presentations from this pool, managed, selected, and funded by
> the GCC and the GPC -> Make it a minumum percentage of the total number of
> talks. 6 presentations is a huge hit for a 1 day, 1 track conference. I'd
> say the percentage should be something around 15% or 18%. A 1 day 3 track
> conference would have 1/2 day dedicated to OWASP (4 talks). A 2 day 3 tracks
> conference would have an entire track for 1 day. We must be able to ensure
> conference organizers can meet these targets without sacrifying quality.
>

My new thinking on this, drop the Require on Regional, Require it for Global
Appsecs, and make it available to regional, this way, we can work with the
mid tier conferences on what works for them.  Global AppSecs should all just
plan it in.


>  Themes for regional conferences: I agree with Ralph we should drop the
> theme idea. Application + Security + Web is a very restrictive theme on
> itself.
>

I think we should encourage a theme, but not require it.  It helps drive
focus of events.


> Cassio
>
> On Mon, Dec 13, 2010 at 10:43 AM, Mark Bristow <mark.bristow at owasp.org>wrote:
>
>> On second thought.  I'll wait 24 hrs from now for you all to respond
>> before setting up re-vote.  In case there is any additional discussion.
>>
>>
>> On Mon, Dec 13, 2010 at 1:26 PM, Mark Bristow <mark.bristow at owasp.org>wrote:
>>
>>> Sorry, I missed all the stuff on encouraging themes, your right.  I will
>>> submit for re-vote
>>>
>>> RE:
>>>
>>>
>>>     - Requires Board Vote (*This sweems a little out of place, I would
>>>       assume the whole goverance would go to the board)*
>>>
>>> Only the Board can provide this authority per the By-Laws
>>>
>>> RE:
>>>
>>>
>>>    - All OWASP Branded events MUST use conference mgmt system to use
>>>    brand (must be enforced) Local chapter events use the brand, I don't
>>>    think we can or should state this so broadly)
>>>       - See initiatives *( I think we want to hold out on the MUST for
>>>       this until we have shown we have a good process)*
>>>
>>> Local events should also have to do this.  It enforces brand control and
>>> gives us visibility into what's going on.  The idea is that local events
>>> will not require our approval, simply give us oppertunity to not-concurr
>>>
>>> I agree we need this system in place ASAP.  But remember, this is the
>>> plan, not all is immediate.
>>>
>>>    -
>>>
>>>
>>> On Mon, Dec 13, 2010 at 7:34 AM, Ralph Durkee <ralph.durkee at owasp.org>wrote:
>>>
>>>> I added some edits and comments in blue , most of it was along the
>>>> lines of what has been discussed.
>>>>
>>>> -- Ralph
>>>>
>>>>
>>>> On 12/12/2010 4:24 PM, Mark Bristow wrote:
>>>>
>>>> GCC Members,
>>>>
>>>> Based on friday's meeting, I've slightly modified the plan (mainly
>>>> around the travel initiative).  I'd like for us to vote on and approve this
>>>> plan.  We will go with 50% + 1 Voting model.
>>>>
>>>> If approved, I will parse out the changes we need to take to the board,
>>>> and provide to them (via Kate) these items (such as budget and signature
>>>> authority).
>>>>
>>>>  Mark Bristow: Approve
>>>> John Wilander:
>>>> Lucas Ferreira:
>>>> Richard Greenberg:
>>>> Ralph Durkee:
>>>> Neil Matatall:
>>>> Cassio Goldschmidt:
>>>>
>>>> ==========
>>>>  Goals
>>>>
>>>>    1. Have a Global Appsec in NA, SA, EU, Asia in 2011
>>>>    2. Promote OWASP Projects/Initiatives at OWASP Conferences
>>>>    3. Enhance Services for Conference Planners
>>>>    4. Reach out to developers (have 20% of attendees in a dev position)
>>>>    5. Reach out to non-members (have 70% of attendees at cons
>>>>    non-members)
>>>>    6. Bring more into the fold (Generate 300 new/renewed members at
>>>>    conferences)
>>>>    7. Streamline Sponsorships (Global Conference Sponsors, Targeted
>>>>    Conference Sponsors)
>>>>    8. Revise GCC Governance
>>>>    9. Have a profit of $200k in 2011 across all conferences
>>>>
>>>>
>>>>
>>>> Policy Changes
>>>>
>>>>     - Change Conference Types to include:
>>>>     - OWASP Global AppSec Conferences (Currently AppSec Conferences)
>>>>       - OWASP AppSec Conferences (*Title* can only be used by global
>>>>       cons, and by conferences who have already used this name twice by the end of
>>>>       2011, moving forward, only new Global AppSecs can use this name)
>>>>       - OWASP Regional/Theme Conference (currently Regional, *DROP *all
>>>>       regional cons will now have to have a unique theme, development,
>>>>       PHP, Government, Browsers …..)
>>>>     - GCC Member attendance at conferences Global AppSec and
>>>>    Regional/Theme level cons (as available by GCC members and budget)
>>>>       - GCC Representative shall not be intimately involved with the
>>>>       conference planning to provide an objective assessment.
>>>>       - Members will have the opportunity to request travel to
>>>>       scheduled events and travel will be assigned based on proximity to the
>>>>       event, cost and member availability.
>>>>       - Travel policy to be defined under new governance document
>>>>       - GCC member shall interface with the local planning committee at
>>>>       least 1 month before trip (attend planning call)
>>>>       - Interact with planners/attendees while at conference
>>>>       - At the next GCC meeting the traveling member will be expected
>>>>       to provide an post trip report covering
>>>>          - Assessment of facility
>>>>          - Event Marketing Strategy
>>>>          - Examination of Event Budget
>>>>          - Estimation of Speaker Quality
>>>>
>>>>
>>>>    - Talk to Sponsors, Is it a quality and cost-effective event from
>>>>    their perspective?
>>>>    - Talk to Attendees?
>>>>
>>>>
>>>>      - Any notable comments from planners/attendees
>>>>          - Any unique outstanding elements
>>>>          - Any issues
>>>>       - GCC Member signature authority for OWASP (Leverage By-Lawys
>>>>    Article VI Section 1 - Designate as Agent)
>>>>     - Alleviate need of OWASP Board to sign contracts (currently a
>>>>       significant bottleneck)
>>>>       - All conference related contracts will be required to go through
>>>>       the GCC
>>>>       - In general will be responsibility of Chair, however all
>>>>       committee members shall be authorized to sign on conference business (no
>>>>       single point of failure)
>>>>       - GCC members will not be permitted to sign contracts for
>>>>       conferences they organize (except when signature is required immediately)
>>>>       - Requires Board Vote (*This sweems a little out of place, I
>>>>       would assume the whole goverance would go to the board)*
>>>>    - All OWASP Branded events MUST use conference mgmt system to use
>>>>    brand (must be enforced) Local chapter events use the brand, I don't
>>>>    think we can or should state this so broadly)
>>>>       - See initiatives *( I think we want to hold out on the MUST for
>>>>       this until we have shown we have a good process)*
>>>>       - It’s important to manage the schedule and enforce brand
>>>>       management
>>>>       - Any conference not registered & approved will receive no funds
>>>>       or support (This is only part that's do-able upfront.)
>>>>    - All Global AppSec and Regional/Theme conferences must have OWASP
>>>>    Track (Change to encourage for regional and themed comferemces)
>>>>     - See Initiatives, joint venture with Projects Committee
>>>>
>>>>
>>>>
>>>> Initiatives
>>>>
>>>>     - OWASP Conference management system (Goal 1, 3)
>>>>       - We need a system to take in applications for events, vett them,
>>>>       approve them, and schedule them.  The current process of people emailing
>>>>       Kate, Me or the board is not acceptable with the number of events we have
>>>>       - I see this as critical to establishing control over the OWASP
>>>>       schedule and is a top priority
>>>>    - OWASP AppSec Track (Goal 2)
>>>>     - Partnership with projects committee
>>>>       - Have a cadre of speakers, ready to go with presentations about
>>>>       OWASP projects/activities
>>>>       - Encourage all OWASP Regional and AppSec events to have an
>>>>       “OWASP Track” of at least 6 presentations from this pool, managed, selected,
>>>>       and funded by the GCC and the GPC
>>>>      - OWASP Global Con Sponsors (Goal 3, 7)
>>>>       - Provide unified sponsorships for the Global AppSec Conferences
>>>>       - Split revenues among individual conferences budget
>>>>       - Streamlines our sponsorships
>>>>       - Does not interfere with existing conference sponsorships
>>>>    - Central conference support services  (Goal 3)
>>>>       - Investigate for-hire international conference support companies
>>>>       - Investigate costs for hiring conference organizer
>>>>       - Get board approval
>>>>    - Conference Marketing (Goal 3)
>>>>       - OWASP Conference Twitter accounts
>>>>       - OWASP Conference Domain Names
>>>>          - Register Names only
>>>>          - http://www.AppSecNA.org <http://www.appsecna.org/>
>>>>          - http://www.AppSecUS.org <http://www.appsecus.org/>
>>>>          - http://www.AppSecEU.org <http://www.appseceu.org/>
>>>>          - http://www.AppSecAsia.org <http://www.appsecasia.org/>
>>>>          - http://www.AppSecSA.org <http://www.appsecsa.org/>
>>>>          - If already owned by a conference, buy them out/transfer to
>>>>          GCC Control
>>>>          - GCC will re-direct to any hosting service once the
>>>>          conference has been assigned
>>>>          - Conference can still register AppSecUS2011.org and we can
>>>>          just redirect as appropriate
>>>>          - Helps maintain consistency in URLs between years
>>>>       - Conference Twitter Accounts
>>>>          - Like domains, turned over to planners for their use as
>>>>          appropriate
>>>>          - @OWASPConfrences – held by the GCC for announcements
>>>>          - @OWASPAppSec – held by the GCC for announcements
>>>>          - @AppSecNA
>>>>          - @AppSecUS
>>>>          - @AppSecEU
>>>>          - @AppSecAsia
>>>>          - @AppSecSA
>>>>       - Use of Short URLS on the owasp.org website
>>>>          - ex https://owasp.org/AppSecBR points to the wiki page for
>>>>          this year’s conference
>>>>       - Regional Targeted Mailing Lists
>>>>          - To reduce OWASP All traffic
>>>>       - OWASP Merchandise Model(Goal 3, Goal9)
>>>>       - A shippable “OWASP Store” with OWASP branded items for sale at
>>>>       conferences
>>>>       - Already exists, just need to formalize
>>>>    - OWASP Conference Marketing (global, regional, electronic, print)
>>>>    (Goal 4,5,6)
>>>>       - Procure Booth space at developer focused conferences
>>>>       - Provide budget for OWASP Schwag for use at OWASP Booths in
>>>>       other conferences
>>>>       - Evaluate other advertising mechanisms for conferences
>>>>
>>>>
>>>>
>>>> Budget
>>>>
>>>>    - $5000 for conference support (schwag/tables) targeting developer
>>>>    conferences
>>>>    - $500 OWASP GCC Technology Needs
>>>>       - Mainly Domain Names
>>>>    - $15,000, OWASP Track Travel expenses (cap, will try and get indv
>>>>    company sponsorships)
>>>>    - $10,000 GCC Member at all conferences (approx $1500/AppSec, $800
>>>>    Regional)
>>>>
>>>>
>>>>
>>>> Technology Needs
>>>>
>>>>    - conferences at owasp.org account (managed by chair, redirects to all
>>>>    GCC Members, for registration of domains, twitter et all)
>>>>    - Regional Mailing List solution
>>>>    - Short URLS (http://www,owasp.org/AppSecBR)
>>>>    - http://conferences.owasp.org<https://docs.google.com/a/owasp.org/document/d/1sOs9dY9zKLlLaaJMcOvz2nhM8T2OAWQlVciAGM5c5XA/edit?hl=en> (redirect
>>>>    to conference wiki page)
>>>>    - Event Management Solution
>>>>    - Conference Twitter/Email Accounts/domain names
>>>>    -
>>>>
>>>>
>>>
>>>
>>> --
>>> Mark Bristow
>>> (703) 596-5175
>>> mark.bristow at owasp.org
>>>
>>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>>> AppSec DC Organizer - https://www.appsecdc.org
>>>
>>>
>>
>>
>> --
>> Mark Bristow
>> (703) 596-5175
>> mark.bristow at owasp.org
>>
>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>> AppSec DC Organizer - https://www.appsecdc.org
>>
>>
>


-- 
Mark Bristow
(703) 596-5175
mark.bristow at owasp.org

OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
AppSec DC Organizer - https://www.appsecdc.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_conference_committee/attachments/20101214/8fc39e95/attachment-0001.html 


More information about the Global_conference_committee mailing list