[Owasp-board] Fw: Possible Help on leads for AppSecDC

Tom Brennan tomb at owasp.org
Fri Aug 27 20:08:48 UTC 2010

Fyi - I think we all should review this and play a active role in the end result.  Item for the next board meeting as this is not only a committee issue but a board issue to ensure is part of the operational plan.

Btw I support appsec dc as a annual owasp event. I was very impressed with the independent vendor agnostic approach of the team last year.   

Sent from my mobile device, call me for more information 973-506-9303 about this email.

-----Original Message-----
From: Doug Wilson <doug.wilson at owasp.org>
Date: Fri, 27 Aug 2010 15:39:02 
To: Tom Brennan<tomb at owasp.org>
Cc: Mark Bristow<mark.bristow at owasp.org>
Subject: Possible Help on leads for AppSecDC


I hope this finds you well.

With the unfortunate "division" that seems to have occured within some parts
of OWASP about doing two large events in the US this year, we're having to
change our tactics a little bit. I still have no doubt that we are going to
have a bang-up event, but a lot of the traditional OWASP sponsors (mostly
small, very app-sec-focused companies) have either committed AppSec US and
have no other money available, OR they didn't even know about our event, due
to it not being communicated as well or as widely by OWASP as the US event
has been.

I'd rather not focus on the negative, but let this be water under the
bridge, and focus on how we are going to pull off a world-class event again.
The issues this year are forcing us to evolve into what we wanted to become
a little faster than we'd hoped, but it may be all for the best in the long
run. We are aggressively targeting the fed this year, rather than just
having it be an ideal goal In the down time since last year, Mark and I have
built up our contacts in some parts of the government more, and are going to
have input from several of the heads of the software assurance forum this
year, so we have people from DoD, DHS, NIST, and (off the record NSA)
contributing this year, and helping to publicize the event. We're also
reaching out through other channels to talk to other government agencies who
are concerned with software assurance (which really should be all of them),
but are not directly involved in the SwA Forum.

The only downside with this is that government organizations will contribute
resources, but they can not (legally or ethically) contribute money. We've
already got about $40K of sponsors signed or near signed, but we need more.
So, we are moving our ideal sponsor vision beyond the traditional OWASP
"small appsec company" to entities that are more in line with the federal
application security space. However, these larger organizations are much
bigger, harder to get penetration on, and take a lot longer to get responses
out of. So we're having to do more work in less time on the sponsorship
front this year.

This is where (hopefully) you come in. Kate suggested that we reach out to
you, with your depth of contacts and knowledge, and see if you had
suggestions or wanted to chase down leads with any of the many traditional
contracting companies out there. We have a few where we have some inroads
(SAIC for one), but with most of them, we're starting out with only a few
contacts from past jobs, and you may have ideas on better approaches or
already have contacts with these entities.

Please let me know if you're interested in helping grow OWASP's relationship
with the federal sector here -- we'd appreciate any help that you can give,
be it from directing us to contacts versus running down leads yourself. If
you'd like to set up a call at some point with me and Mark to discuss,
please let me know.



Doug Wilson



OWASP DC Chapter Co-Chair


AppSec DC 2010 Organizer


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100827/92ef4d5d/attachment-0002.html>

More information about the Owasp-board mailing list