[Global_conference_committee] GCC VOTE: GCC 2011 Plan

Cassio Goldschmidt cassio at owasp.org
Tue Dec 14 16:36:37 EST 2010


Thanks Mark. I agree with all your comments. The total number of OWASP talks
at a conference might need some tuning to maintain a high quality conference
but I heartly agree we need them.

Approved.

Cassio

On Tue, Dec 14, 2010 at 7:47 AM, Mark Bristow <mark.bristow at owasp.org>wrote:

> Cassio... some inline comments
>
>  On Tue, Dec 14, 2010 at 3:20 AM, Cassio Goldschmidt <cassio at owasp.org>wrote:
>
>> Very nice plan Mark! Here are a couple of suggestions:
>>
>> each out to non-members (have 70% of attendees at cons non-members) -> I
>> think the goal should be that *everyone* becomes a member. We
>> should make the price of conference + membership < price of conference for
>> all conference.
>>
>
> This is actually problematic.  For example, some companies (and
> governments) will gladly pay for conference admission, but can not sponsor
> professional organization memberships due to regulations.
>
>
>>  Require all OWASP Regional and AppSec events to have an “OWASP Track” of
>> at least 6 presentations from this pool, managed, selected, and funded by
>> the GCC and the GPC -> Make it a minumum percentage of the total number
>> of talks. 6 presentations is a huge hit for a 1 day, 1 track conference. I'd
>> say the percentage should be something around 15% or 18%. A 1 day 3 track
>> conference would have 1/2 day dedicated to OWASP (4 talks). A 2 day 3 tracks
>> conference would have an entire track for 1 day. We must be able to ensure
>> conference organizers can meet these targets without sacrifying quality.
>>
>
> My new thinking on this, drop the Require on Regional, Require it for
> Global Appsecs, and make it available to regional, this way, we can work
> with the mid tier conferences on what works for them.  Global AppSecs should
> all just plan it in.
>
>
>>  Themes for regional conferences: I agree with Ralph we should drop the
>> theme idea. Application + Security + Web is a very restrictive theme on
>> itself.
>>
>
> I think we should encourage a theme, but not require it.  It helps drive
> focus of events.
>
>
>> Cassio
>>
>> On Mon, Dec 13, 2010 at 10:43 AM, Mark Bristow <mark.bristow at owasp.org>wrote:
>>
>>> On second thought.  I'll wait 24 hrs from now for you all to respond
>>> before setting up re-vote.  In case there is any additional discussion.
>>>
>>>
>>> On Mon, Dec 13, 2010 at 1:26 PM, Mark Bristow <mark.bristow at owasp.org>wrote:
>>>
>>>> Sorry, I missed all the stuff on encouraging themes, your right.  I will
>>>> submit for re-vote
>>>>
>>>> RE:
>>>>
>>>>
>>>>     - Requires Board Vote (*This sweems a little out of place, I would
>>>>       assume the whole goverance would go to the board)*
>>>>
>>>> Only the Board can provide this authority per the By-Laws
>>>>
>>>> RE:
>>>>
>>>>
>>>>    - All OWASP Branded events MUST use conference mgmt system to use
>>>>    brand (must be enforced) Local chapter events use the brand, I don't
>>>>    think we can or should state this so broadly)
>>>>       - See initiatives *( I think we want to hold out on the MUST for
>>>>       this until we have shown we have a good process)*
>>>>
>>>> Local events should also have to do this.  It enforces brand control and
>>>> gives us visibility into what's going on.  The idea is that local events
>>>> will not require our approval, simply give us oppertunity to not-concurr
>>>>
>>>> I agree we need this system in place ASAP.  But remember, this is the
>>>> plan, not all is immediate.
>>>>
>>>>    -
>>>>
>>>>
>>>> On Mon, Dec 13, 2010 at 7:34 AM, Ralph Durkee <ralph.durkee at owasp.org>wrote:
>>>>
>>>>> I added some edits and comments in blue , most of it was along the
>>>>> lines of what has been discussed.
>>>>>
>>>>> -- Ralph
>>>>>
>>>>>
>>>>> On 12/12/2010 4:24 PM, Mark Bristow wrote:
>>>>>
>>>>> GCC Members,
>>>>>
>>>>> Based on friday's meeting, I've slightly modified the plan (mainly
>>>>> around the travel initiative).  I'd like for us to vote on and approve this
>>>>> plan.  We will go with 50% + 1 Voting model.
>>>>>
>>>>> If approved, I will parse out the changes we need to take to the board,
>>>>> and provide to them (via Kate) these items (such as budget and signature
>>>>> authority).
>>>>>
>>>>>  Mark Bristow: Approve
>>>>> John Wilander:
>>>>> Lucas Ferreira:
>>>>> Richard Greenberg:
>>>>> Ralph Durkee:
>>>>> Neil Matatall:
>>>>> Cassio Goldschmidt:
>>>>>
>>>>> ==========
>>>>>  Goals
>>>>>
>>>>>    1. Have a Global Appsec in NA, SA, EU, Asia in 2011
>>>>>    2. Promote OWASP Projects/Initiatives at OWASP Conferences
>>>>>    3. Enhance Services for Conference Planners
>>>>>    4. Reach out to developers (have 20% of attendees in a dev
>>>>>    position)
>>>>>    5. Reach out to non-members (have 70% of attendees at cons
>>>>>    non-members)
>>>>>    6. Bring more into the fold (Generate 300 new/renewed members at
>>>>>    conferences)
>>>>>    7. Streamline Sponsorships (Global Conference Sponsors, Targeted
>>>>>    Conference Sponsors)
>>>>>    8. Revise GCC Governance
>>>>>    9. Have a profit of $200k in 2011 across all conferences
>>>>>
>>>>>
>>>>>
>>>>> Policy Changes
>>>>>
>>>>>     - Change Conference Types to include:
>>>>>     - OWASP Global AppSec Conferences (Currently AppSec Conferences)
>>>>>       - OWASP AppSec Conferences (*Title* can only be used by global
>>>>>       cons, and by conferences who have already used this name twice by the end of
>>>>>       2011, moving forward, only new Global AppSecs can use this name)
>>>>>       - OWASP Regional/Theme Conference (currently Regional, *DROP *all
>>>>>       regional cons will now have to have a unique theme, development,
>>>>>       PHP, Government, Browsers …..)
>>>>>     - GCC Member attendance at conferences Global AppSec and
>>>>>    Regional/Theme level cons (as available by GCC members and budget)
>>>>>       - GCC Representative shall not be intimately involved with the
>>>>>       conference planning to provide an objective assessment.
>>>>>       - Members will have the opportunity to request travel to
>>>>>       scheduled events and travel will be assigned based on proximity to the
>>>>>       event, cost and member availability.
>>>>>       - Travel policy to be defined under new governance document
>>>>>       - GCC member shall interface with the local planning committee
>>>>>       at least 1 month before trip (attend planning call)
>>>>>       - Interact with planners/attendees while at conference
>>>>>       - At the next GCC meeting the traveling member will be expected
>>>>>       to provide an post trip report covering
>>>>>          - Assessment of facility
>>>>>          - Event Marketing Strategy
>>>>>          - Examination of Event Budget
>>>>>          - Estimation of Speaker Quality
>>>>>
>>>>>
>>>>>    - Talk to Sponsors, Is it a quality and cost-effective event from
>>>>>    their perspective?
>>>>>    - Talk to Attendees?
>>>>>
>>>>>
>>>>>      - Any notable comments from planners/attendees
>>>>>          - Any unique outstanding elements
>>>>>          - Any issues
>>>>>       - GCC Member signature authority for OWASP (Leverage By-Lawys
>>>>>    Article VI Section 1 - Designate as Agent)
>>>>>     - Alleviate need of OWASP Board to sign contracts (currently a
>>>>>       significant bottleneck)
>>>>>       - All conference related contracts will be required to go
>>>>>       through the GCC
>>>>>       - In general will be responsibility of Chair, however all
>>>>>       committee members shall be authorized to sign on conference business (no
>>>>>       single point of failure)
>>>>>       - GCC members will not be permitted to sign contracts for
>>>>>       conferences they organize (except when signature is required immediately)
>>>>>       - Requires Board Vote (*This sweems a little out of place, I
>>>>>       would assume the whole goverance would go to the board)*
>>>>>    - All OWASP Branded events MUST use conference mgmt system to use
>>>>>    brand (must be enforced) Local chapter events use the brand, I
>>>>>    don't think we can or should state this so broadly)
>>>>>       - See initiatives *( I think we want to hold out on the MUST for
>>>>>       this until we have shown we have a good process)*
>>>>>       - It’s important to manage the schedule and enforce brand
>>>>>       management
>>>>>       - Any conference not registered & approved will receive no funds
>>>>>       or support (This is only part that's do-able upfront.)
>>>>>    - All Global AppSec and Regional/Theme conferences must have OWASP
>>>>>    Track (Change to encourage for regional and themed comferemces)
>>>>>     - See Initiatives, joint venture with Projects Committee
>>>>>
>>>>>
>>>>>
>>>>> Initiatives
>>>>>
>>>>>     - OWASP Conference management system (Goal 1, 3)
>>>>>       - We need a system to take in applications for events, vett
>>>>>       them, approve them, and schedule them.  The current process of people
>>>>>       emailing Kate, Me or the board is not acceptable with the number of events
>>>>>       we have
>>>>>       - I see this as critical to establishing control over the OWASP
>>>>>       schedule and is a top priority
>>>>>    - OWASP AppSec Track (Goal 2)
>>>>>     - Partnership with projects committee
>>>>>       - Have a cadre of speakers, ready to go with presentations about
>>>>>       OWASP projects/activities
>>>>>       - Encourage all OWASP Regional and AppSec events to have an
>>>>>       “OWASP Track” of at least 6 presentations from this pool, managed, selected,
>>>>>       and funded by the GCC and the GPC
>>>>>      - OWASP Global Con Sponsors (Goal 3, 7)
>>>>>       - Provide unified sponsorships for the Global AppSec Conferences
>>>>>       - Split revenues among individual conferences budget
>>>>>       - Streamlines our sponsorships
>>>>>       - Does not interfere with existing conference sponsorships
>>>>>    - Central conference support services  (Goal 3)
>>>>>       - Investigate for-hire international conference support
>>>>>       companies
>>>>>       - Investigate costs for hiring conference organizer
>>>>>       - Get board approval
>>>>>    - Conference Marketing (Goal 3)
>>>>>       - OWASP Conference Twitter accounts
>>>>>       - OWASP Conference Domain Names
>>>>>          - Register Names only
>>>>>          - http://www.AppSecNA.org <http://www.appsecna.org/>
>>>>>          - http://www.AppSecUS.org <http://www.appsecus.org/>
>>>>>          - http://www.AppSecEU.org <http://www.appseceu.org/>
>>>>>          - http://www.AppSecAsia.org <http://www.appsecasia.org/>
>>>>>          - http://www.AppSecSA.org <http://www.appsecsa.org/>
>>>>>          - If already owned by a conference, buy them out/transfer to
>>>>>          GCC Control
>>>>>          - GCC will re-direct to any hosting service once the
>>>>>          conference has been assigned
>>>>>          - Conference can still register AppSecUS2011.org and we can
>>>>>          just redirect as appropriate
>>>>>          - Helps maintain consistency in URLs between years
>>>>>       - Conference Twitter Accounts
>>>>>          - Like domains, turned over to planners for their use as
>>>>>          appropriate
>>>>>          - @OWASPConfrences – held by the GCC for announcements
>>>>>          - @OWASPAppSec – held by the GCC for announcements
>>>>>          - @AppSecNA
>>>>>          - @AppSecUS
>>>>>          - @AppSecEU
>>>>>          - @AppSecAsia
>>>>>          - @AppSecSA
>>>>>       - Use of Short URLS on the owasp.org website
>>>>>          - ex https://owasp.org/AppSecBR points to the wiki page for
>>>>>          this year’s conference
>>>>>       - Regional Targeted Mailing Lists
>>>>>          - To reduce OWASP All traffic
>>>>>       - OWASP Merchandise Model(Goal 3, Goal9)
>>>>>       - A shippable “OWASP Store” with OWASP branded items for sale at
>>>>>       conferences
>>>>>       - Already exists, just need to formalize
>>>>>    - OWASP Conference Marketing (global, regional, electronic, print)
>>>>>    (Goal 4,5,6)
>>>>>       - Procure Booth space at developer focused conferences
>>>>>       - Provide budget for OWASP Schwag for use at OWASP Booths in
>>>>>       other conferences
>>>>>       - Evaluate other advertising mechanisms for conferences
>>>>>
>>>>>
>>>>>
>>>>> Budget
>>>>>
>>>>>    - $5000 for conference support (schwag/tables) targeting developer
>>>>>    conferences
>>>>>    - $500 OWASP GCC Technology Needs
>>>>>       - Mainly Domain Names
>>>>>    - $15,000, OWASP Track Travel expenses (cap, will try and get indv
>>>>>    company sponsorships)
>>>>>    - $10,000 GCC Member at all conferences (approx $1500/AppSec, $800
>>>>>    Regional)
>>>>>
>>>>>
>>>>>
>>>>> Technology Needs
>>>>>
>>>>>    - conferences at owasp.org account (managed by chair, redirects to all
>>>>>    GCC Members, for registration of domains, twitter et all)
>>>>>    - Regional Mailing List solution
>>>>>    - Short URLS (http://www,owasp.org/AppSecBR)
>>>>>    - http://conferences.owasp.org<https://docs.google.com/a/owasp.org/document/d/1sOs9dY9zKLlLaaJMcOvz2nhM8T2OAWQlVciAGM5c5XA/edit?hl=en> (redirect
>>>>>    to conference wiki page)
>>>>>    - Event Management Solution
>>>>>    - Conference Twitter/Email Accounts/domain names
>>>>>    -
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Mark Bristow
>>>> (703) 596-5175
>>>> mark.bristow at owasp.org
>>>>
>>>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>>>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>>>> AppSec DC Organizer - https://www.appsecdc.org
>>>>
>>>>
>>>
>>>
>>> --
>>> Mark Bristow
>>> (703) 596-5175
>>> mark.bristow at owasp.org
>>>
>>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>>> AppSec DC Organizer - https://www.appsecdc.org
>>>
>>>
>>
>
>
> --
> Mark Bristow
> (703) 596-5175
> mark.bristow at owasp.org
>
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> AppSec DC Organizer - https://www.appsecdc.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_conference_committee/attachments/20101214/ab984b1f/attachment-0001.html 


More information about the Global_conference_committee mailing list