[Global_conference_committee] GCC VOTE: GCC 2011 Plan
Cassio Goldschmidt
cassio at owasp.org
Tue Dec 14 16:36:37 EST 2010
Thanks Mark. I agree with all your comments. The total number of OWASP talks
at a conference might need some tuning to maintain a high quality conference
but I heartly agree we need them.
Approved.
Cassio
On Tue, Dec 14, 2010 at 7:47 AM, Mark Bristow <mark.bristow at owasp.org>wrote:
> Cassio... some inline comments
>
> On Tue, Dec 14, 2010 at 3:20 AM, Cassio Goldschmidt <cassio at owasp.org>wrote:
>
>> Very nice plan Mark! Here are a couple of suggestions:
>>
>> each out to non-members (have 70% of attendees at cons non-members) -> I
>> think the goal should be that *everyone* becomes a member. We
>> should make the price of conference + membership < price of conference for
>> all conference.
>>
>
> This is actually problematic. For example, some companies (and
> governments) will gladly pay for conference admission, but can not sponsor
> professional organization memberships due to regulations.
>
>
>> Require all OWASP Regional and AppSec events to have an “OWASP Track” of
>> at least 6 presentations from this pool, managed, selected, and funded by
>> the GCC and the GPC -> Make it a minumum percentage of the total number
>> of talks. 6 presentations is a huge hit for a 1 day, 1 track conference. I'd
>> say the percentage should be something around 15% or 18%. A 1 day 3 track
>> conference would have 1/2 day dedicated to OWASP (4 talks). A 2 day 3 tracks
>> conference would have an entire track for 1 day. We must be able to ensure
>> conference organizers can meet these targets without sacrifying quality.
>>
>
> My new thinking on this, drop the Require on Regional, Require it for
> Global Appsecs, and make it available to regional, this way, we can work
> with the mid tier conferences on what works for them. Global AppSecs should
> all just plan it in.
>
>
>> Themes for regional conferences: I agree with Ralph we should drop the
>> theme idea. Application + Security + Web is a very restrictive theme on
>> itself.
>>
>
> I think we should encourage a theme, but not require it. It helps drive
> focus of events.
>
>
>> Cassio
>>
>> On Mon, Dec 13, 2010 at 10:43 AM, Mark Bristow <mark.bristow at owasp.org>wrote:
>>
>>> On second thought. I'll wait 24 hrs from now for you all to respond
>>> before setting up re-vote. In case there is any additional discussion.
>>>
>>>
>>> On Mon, Dec 13, 2010 at 1:26 PM, Mark Bristow <mark.bristow at owasp.org>wrote:
>>>
>>>> Sorry, I missed all the stuff on encouraging themes, your right. I will
>>>> submit for re-vote
>>>>
>>>> RE:
>>>>
>>>>
>>>> - Requires Board Vote (*This sweems a little out of place, I would
>>>> assume the whole goverance would go to the board)*
>>>>
>>>> Only the Board can provide this authority per the By-Laws
>>>>
>>>> RE:
>>>>
>>>>
>>>> - All OWASP Branded events MUST use conference mgmt system to use
>>>> brand (must be enforced) Local chapter events use the brand, I don't
>>>> think we can or should state this so broadly)
>>>> - See initiatives *( I think we want to hold out on the MUST for
>>>> this until we have shown we have a good process)*
>>>>
>>>> Local events should also have to do this. It enforces brand control and
>>>> gives us visibility into what's going on. The idea is that local events
>>>> will not require our approval, simply give us oppertunity to not-concurr
>>>>
>>>> I agree we need this system in place ASAP. But remember, this is the
>>>> plan, not all is immediate.
>>>>
>>>> -
>>>>
>>>>
>>>> On Mon, Dec 13, 2010 at 7:34 AM, Ralph Durkee <ralph.durkee at owasp.org>wrote:
>>>>
>>>>> I added some edits and comments in blue , most of it was along the
>>>>> lines of what has been discussed.
>>>>>
>>>>> -- Ralph
>>>>>
>>>>>
>>>>> On 12/12/2010 4:24 PM, Mark Bristow wrote:
>>>>>
>>>>> GCC Members,
>>>>>
>>>>> Based on friday's meeting, I've slightly modified the plan (mainly
>>>>> around the travel initiative). I'd like for us to vote on and approve this
>>>>> plan. We will go with 50% + 1 Voting model.
>>>>>
>>>>> If approved, I will parse out the changes we need to take to the board,
>>>>> and provide to them (via Kate) these items (such as budget and signature
>>>>> authority).
>>>>>
>>>>> Mark Bristow: Approve
>>>>> John Wilander:
>>>>> Lucas Ferreira:
>>>>> Richard Greenberg:
>>>>> Ralph Durkee:
>>>>> Neil Matatall:
>>>>> Cassio Goldschmidt:
>>>>>
>>>>> ==========
>>>>> Goals
>>>>>
>>>>> 1. Have a Global Appsec in NA, SA, EU, Asia in 2011
>>>>> 2. Promote OWASP Projects/Initiatives at OWASP Conferences
>>>>> 3. Enhance Services for Conference Planners
>>>>> 4. Reach out to developers (have 20% of attendees in a dev
>>>>> position)
>>>>> 5. Reach out to non-members (have 70% of attendees at cons
>>>>> non-members)
>>>>> 6. Bring more into the fold (Generate 300 new/renewed members at
>>>>> conferences)
>>>>> 7. Streamline Sponsorships (Global Conference Sponsors, Targeted
>>>>> Conference Sponsors)
>>>>> 8. Revise GCC Governance
>>>>> 9. Have a profit of $200k in 2011 across all conferences
>>>>>
>>>>>
>>>>>
>>>>> Policy Changes
>>>>>
>>>>> - Change Conference Types to include:
>>>>> - OWASP Global AppSec Conferences (Currently AppSec Conferences)
>>>>> - OWASP AppSec Conferences (*Title* can only be used by global
>>>>> cons, and by conferences who have already used this name twice by the end of
>>>>> 2011, moving forward, only new Global AppSecs can use this name)
>>>>> - OWASP Regional/Theme Conference (currently Regional, *DROP *all
>>>>> regional cons will now have to have a unique theme, development,
>>>>> PHP, Government, Browsers …..)
>>>>> - GCC Member attendance at conferences Global AppSec and
>>>>> Regional/Theme level cons (as available by GCC members and budget)
>>>>> - GCC Representative shall not be intimately involved with the
>>>>> conference planning to provide an objective assessment.
>>>>> - Members will have the opportunity to request travel to
>>>>> scheduled events and travel will be assigned based on proximity to the
>>>>> event, cost and member availability.
>>>>> - Travel policy to be defined under new governance document
>>>>> - GCC member shall interface with the local planning committee
>>>>> at least 1 month before trip (attend planning call)
>>>>> - Interact with planners/attendees while at conference
>>>>> - At the next GCC meeting the traveling member will be expected
>>>>> to provide an post trip report covering
>>>>> - Assessment of facility
>>>>> - Event Marketing Strategy
>>>>> - Examination of Event Budget
>>>>> - Estimation of Speaker Quality
>>>>>
>>>>>
>>>>> - Talk to Sponsors, Is it a quality and cost-effective event from
>>>>> their perspective?
>>>>> - Talk to Attendees?
>>>>>
>>>>>
>>>>> - Any notable comments from planners/attendees
>>>>> - Any unique outstanding elements
>>>>> - Any issues
>>>>> - GCC Member signature authority for OWASP (Leverage By-Lawys
>>>>> Article VI Section 1 - Designate as Agent)
>>>>> - Alleviate need of OWASP Board to sign contracts (currently a
>>>>> significant bottleneck)
>>>>> - All conference related contracts will be required to go
>>>>> through the GCC
>>>>> - In general will be responsibility of Chair, however all
>>>>> committee members shall be authorized to sign on conference business (no
>>>>> single point of failure)
>>>>> - GCC members will not be permitted to sign contracts for
>>>>> conferences they organize (except when signature is required immediately)
>>>>> - Requires Board Vote (*This sweems a little out of place, I
>>>>> would assume the whole goverance would go to the board)*
>>>>> - All OWASP Branded events MUST use conference mgmt system to use
>>>>> brand (must be enforced) Local chapter events use the brand, I
>>>>> don't think we can or should state this so broadly)
>>>>> - See initiatives *( I think we want to hold out on the MUST for
>>>>> this until we have shown we have a good process)*
>>>>> - It’s important to manage the schedule and enforce brand
>>>>> management
>>>>> - Any conference not registered & approved will receive no funds
>>>>> or support (This is only part that's do-able upfront.)
>>>>> - All Global AppSec and Regional/Theme conferences must have OWASP
>>>>> Track (Change to encourage for regional and themed comferemces)
>>>>> - See Initiatives, joint venture with Projects Committee
>>>>>
>>>>>
>>>>>
>>>>> Initiatives
>>>>>
>>>>> - OWASP Conference management system (Goal 1, 3)
>>>>> - We need a system to take in applications for events, vett
>>>>> them, approve them, and schedule them. The current process of people
>>>>> emailing Kate, Me or the board is not acceptable with the number of events
>>>>> we have
>>>>> - I see this as critical to establishing control over the OWASP
>>>>> schedule and is a top priority
>>>>> - OWASP AppSec Track (Goal 2)
>>>>> - Partnership with projects committee
>>>>> - Have a cadre of speakers, ready to go with presentations about
>>>>> OWASP projects/activities
>>>>> - Encourage all OWASP Regional and AppSec events to have an
>>>>> “OWASP Track” of at least 6 presentations from this pool, managed, selected,
>>>>> and funded by the GCC and the GPC
>>>>> - OWASP Global Con Sponsors (Goal 3, 7)
>>>>> - Provide unified sponsorships for the Global AppSec Conferences
>>>>> - Split revenues among individual conferences budget
>>>>> - Streamlines our sponsorships
>>>>> - Does not interfere with existing conference sponsorships
>>>>> - Central conference support services (Goal 3)
>>>>> - Investigate for-hire international conference support
>>>>> companies
>>>>> - Investigate costs for hiring conference organizer
>>>>> - Get board approval
>>>>> - Conference Marketing (Goal 3)
>>>>> - OWASP Conference Twitter accounts
>>>>> - OWASP Conference Domain Names
>>>>> - Register Names only
>>>>> - http://www.AppSecNA.org <http://www.appsecna.org/>
>>>>> - http://www.AppSecUS.org <http://www.appsecus.org/>
>>>>> - http://www.AppSecEU.org <http://www.appseceu.org/>
>>>>> - http://www.AppSecAsia.org <http://www.appsecasia.org/>
>>>>> - http://www.AppSecSA.org <http://www.appsecsa.org/>
>>>>> - If already owned by a conference, buy them out/transfer to
>>>>> GCC Control
>>>>> - GCC will re-direct to any hosting service once the
>>>>> conference has been assigned
>>>>> - Conference can still register AppSecUS2011.org and we can
>>>>> just redirect as appropriate
>>>>> - Helps maintain consistency in URLs between years
>>>>> - Conference Twitter Accounts
>>>>> - Like domains, turned over to planners for their use as
>>>>> appropriate
>>>>> - @OWASPConfrences – held by the GCC for announcements
>>>>> - @OWASPAppSec – held by the GCC for announcements
>>>>> - @AppSecNA
>>>>> - @AppSecUS
>>>>> - @AppSecEU
>>>>> - @AppSecAsia
>>>>> - @AppSecSA
>>>>> - Use of Short URLS on the owasp.org website
>>>>> - ex https://owasp.org/AppSecBR points to the wiki page for
>>>>> this year’s conference
>>>>> - Regional Targeted Mailing Lists
>>>>> - To reduce OWASP All traffic
>>>>> - OWASP Merchandise Model(Goal 3, Goal9)
>>>>> - A shippable “OWASP Store” with OWASP branded items for sale at
>>>>> conferences
>>>>> - Already exists, just need to formalize
>>>>> - OWASP Conference Marketing (global, regional, electronic, print)
>>>>> (Goal 4,5,6)
>>>>> - Procure Booth space at developer focused conferences
>>>>> - Provide budget for OWASP Schwag for use at OWASP Booths in
>>>>> other conferences
>>>>> - Evaluate other advertising mechanisms for conferences
>>>>>
>>>>>
>>>>>
>>>>> Budget
>>>>>
>>>>> - $5000 for conference support (schwag/tables) targeting developer
>>>>> conferences
>>>>> - $500 OWASP GCC Technology Needs
>>>>> - Mainly Domain Names
>>>>> - $15,000, OWASP Track Travel expenses (cap, will try and get indv
>>>>> company sponsorships)
>>>>> - $10,000 GCC Member at all conferences (approx $1500/AppSec, $800
>>>>> Regional)
>>>>>
>>>>>
>>>>>
>>>>> Technology Needs
>>>>>
>>>>> - conferences at owasp.org account (managed by chair, redirects to all
>>>>> GCC Members, for registration of domains, twitter et all)
>>>>> - Regional Mailing List solution
>>>>> - Short URLS (http://www,owasp.org/AppSecBR)
>>>>> - http://conferences.owasp.org<https://docs.google.com/a/owasp.org/document/d/1sOs9dY9zKLlLaaJMcOvz2nhM8T2OAWQlVciAGM5c5XA/edit?hl=en> (redirect
>>>>> to conference wiki page)
>>>>> - Event Management Solution
>>>>> - Conference Twitter/Email Accounts/domain names
>>>>> -
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Mark Bristow
>>>> (703) 596-5175
>>>> mark.bristow at owasp.org
>>>>
>>>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>>>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>>>> AppSec DC Organizer - https://www.appsecdc.org
>>>>
>>>>
>>>
>>>
>>> --
>>> Mark Bristow
>>> (703) 596-5175
>>> mark.bristow at owasp.org
>>>
>>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>>> AppSec DC Organizer - https://www.appsecdc.org
>>>
>>>
>>
>
>
> --
> Mark Bristow
> (703) 596-5175
> mark.bristow at owasp.org
>
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> AppSec DC Organizer - https://www.appsecdc.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_conference_committee/attachments/20101214/ab984b1f/attachment-0001.html
More information about the Global_conference_committee
mailing list