[Owasp-board] [Global_conference_committee] Fwd: OWASP Speaker Selection Committee

Josh Sokol josh.sokol at owasp.org
Wed Oct 3 14:33:17 UTC 2012


No issues with tracking speaker performance.  This assumes that the
Foundation is providing an easy to use method to capture and maintain this
data.

No issues with providing data back to the regional teams.

Assistance should be at the local/regional teams option as long as they
aren't doing anything that violates OWASP policies and guidelines.

Breaking voting ties should be at the local/regional teams option.

I am all for the Foundation providing optional resources to assist local
and regional teams with event planning.  It's something that I've stressed
several times to the GConfC as the best way to justify the "OWASP cut" of
conference revenue as it's something that is of tangible value.  What I
don't like is mandating these things as they have the potential impact of
stifling the local teams ability to be creative and innovate.

~josh

On Sun, Sep 30, 2012 at 11:59 AM, Jim Manico <jim.manico at owasp.org> wrote:

> Josh,
>
> I see where you are coming from.
>
> But please note my suggestion below is not about forcing regional teams to
> give up power to central planning teams.
>
> I'm again suggesting that the OWASP foundation should track speakers
> performance, provide data and assistance to regional teams, and *break
> voting ties* if the regional teams are having trouble choosing a speaker.
> This seems very much in line with your philosophy.
>
> And Josh, I know you are spending countless hours prepping for AppSec USA.
> Thanks for your hard work and dedication to OWASP.
>
> Aloha,
> Jim
> OWASP Volunteer
> @manicode
>
>
>
>  Let me ask you a better question.
>>
>> What indicator are you using to determine that the quality of our
>> conferences and speakers are lacking?
>>
>> To answer your question:
>>
>> 1) Create guidelines on speaker selection and provide proper tools to do
>> so.
>>
>> 2) If you feel it necessary to create some sort of elite speaker selection
>> team, make it an option for planning teams to use them if they feel that
>> they are not otherwise capable.
>>
>> ~josh
>>
>> On Tue, Sep 25, 2012 at 4:12 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>
>>  Josh,
>>>
>>> I think LASCON and Minneapolis national were two of the best run
>>> conferences and I respect your process and organization.
>>>
>>> Let me ask a better question.
>>>
>>> How can the OWASP foundation assist with increasing the quality of our
>>> conferences and speakers without dis-empowering local teams?
>>>
>>> - Jim
>>>
>>>   I think you're trying to fix something that isn't broken with a
>>> solution
>>>
>>>> that takes control away from the event planners.  I can't support that.
>>>> It's fine to provide guidance and it's fine to provide an external
>>>> review
>>>> team for planners to utilize should they desire to, but it should not be
>>>> anything other than an option for local or regional events.  I still
>>>> think
>>>> it's crappy for AppSec events, but those are the Foundation's to run
>>>> however they see fit.  I wish you all the best of luck in trying to find
>>>> teams to run these large events when you take away the ability for the
>>>> local leaders to be anything other than logistical monkeys to them.
>>>>
>>>> ~josh
>>>>
>>>> On Mon, Sep 24, 2012 at 9:51 AM, Jim Manico <jim.manico at owasp.org>
>>>> wrote:
>>>>
>>>>   Josh,
>>>>
>>>>> I think for regional events, the central team should (1) provide
>>>>> guidance,
>>>>> (2) provide data, and (3) break voting ties. Seems a reasonable balance
>>>>> of
>>>>> power. For the rare national events, I think we want more scrutiny
>>>>> towards
>>>>> our speakers.
>>>>>
>>>>> Fair? Or still no go in your mind?
>>>>>
>>>>> --
>>>>> Jim Manico
>>>>> (808) 652-3805
>>>>>
>>>>> On Sep 24, 2012, at 9:51 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>>>>
>>>>> Whatever is decided here should have no impact on local or regional
>>>>> events
>>>>> as they will be under the rules of the Chapter Committee once the new
>>>>> policy is approved and I think the idea of taking the ability to choose
>>>>> their own speakers away from the conference planning team is pretty
>>>>> crappy.  At the very most, you should provide them with guidance on how
>>>>> to
>>>>> select speakers.  I'm extremely concerned that this centralized
>>>>> planning
>>>>> team is going to turn into an avenue for the same people to get
>>>>> selected
>>>>> over and over again.  It also removes the ability for the local teams
>>>>> to
>>>>> put on more unique events.
>>>>>
>>>>> ~josh -1
>>>>>
>>>>> On Sun, Sep 23, 2012 at 9:30 PM, Jim Manico <jim.manico at owasp.org>
>>>>> wrote:
>>>>>
>>>>>     I think that the smaller the conference, the less scrutiny is
>>>>> needed
>>>>>
>>>>>> on
>>>>>> speakers.
>>>>>>
>>>>>> Think of chapter meetings as practice, regional conferences as
>>>>>> semi-pro
>>>>>> league, and national conferences as the pro league.
>>>>>>
>>>>>> So let chapters pick their own speakers (but provide scores if asked),
>>>>>> let regional conferences have "most of the vote" for speakers, and
>>>>>> enforce
>>>>>> more rigor on candidates at the national level?
>>>>>>
>>>>>> - Jim
>>>>>>
>>>>>>    All -
>>>>>>
>>>>>> We discussed the Global Speaker Selection Committee (Task Force)
>>>>>> Proposal very
>>>>>> briefly on the call today and determined that there are three
>>>>>> different
>>>>>> models for doing the Call for Papers
>>>>>>
>>>>>> 1. Central Speaker Selection Committee/Task Force - does the CFP for
>>>>>> all
>>>>>> global conferences (or one selection committee for each of the events,
>>>>>> that
>>>>>> would maintain continuity from one year to the next)
>>>>>>
>>>>>> 2. Have a Speaker Selection Committee/Group that augments the local
>>>>>> CFP
>>>>>> process/team
>>>>>>
>>>>>> 3. Continue having the CFP process left up to the local planning
>>>>>> teams -
>>>>>> the local team decides on the process and provides volunteers to
>>>>>> review.
>>>>>>
>>>>>>
>>>>>> *The discussion on our call today involved finding an appropriate
>>>>>> balance
>>>>>> between the local planners (allow for local planning team's
>>>>>> individuality),
>>>>>> any regional needs (as is the case in the Research focus for the
>>>>>> European
>>>>>> event) and conveying a consistent and professional image/expectation
>>>>>> at
>>>>>> the
>>>>>> global level.
>>>>>>
>>>>>> What do others think about how we achieve this balance?
>>>>>>
>>>>>> Regards,
>>>>>> Sarah Baso
>>>>>>
>>>>>>
>>>>>> On Fri, Sep 14, 2012 at 10:21 AM, Tom Brennan <tomb at owasp.org> <
>>>>>> tomb at owasp.org> wrote:
>>>>>>
>>>>>>
>>>>>>    Personally all conferences that are interesting to attend are
>>>>>> research
>>>>>> focused... Ok maybe a few case studies and demos or die rocks!
>>>>>> How is that not the same standard globally or are we talking about a
>>>>>> vocabulary / translation issue?
>>>>>>
>>>>>> OWASP Research APAC
>>>>>> OWASP Research USA
>>>>>> etc...
>>>>>>
>>>>>> OWASP USA 2013 NYC
>>>>>> OWASP EMEA 2013 Germany
>>>>>>
>>>>>> OWASP Über....
>>>>>>
>>>>>> The "name" to me IS important to marketing  (gui) consistent
>>>>>> organizational branding. The meat is the real question (it's in the
>>>>>> code)
>>>>>>
>>>>>> High quality, speaker / training selection criteria is the area is
>>>>>> were
>>>>>> the volunteers of the GCC should invest the brain power set up a
>>>>>> agreed
>>>>>> procedure and hand it off to employees for task execution. In the case
>>>>>> of
>>>>>> speaker committee as example that is a noble group of volunteers
>>>>>> focused on
>>>>>> quality.
>>>>>>
>>>>>> IMHO all events i have personally attendee Greece, Sweden, China,
>>>>>> Mexico,
>>>>>> Brazil, USA, USA/DC, have all exceeded my expectations in quality so
>>>>>> far
>>>>>> and with the updated items at:
>>>>>> https://www.owasp.org/index.****php/How_to_Host_a_Conference<https://www.owasp.org/index.**php/How_to_Host_a_Conference>
>>>>>> <h**ttps://www.owasp.org/index.**php/How_to_Host_a_Conference<https://www.owasp.org/index.php/How_to_Host_a_Conference>
>>>>>> >
>>>>>>
>>>>>>
>>>>>> It is a template that works well.
>>>>>>
>>>>>> So are we talking about a name or something else?
>>>>>>
>>>>>> If you have any questions about this, please call me at 973-202-0122to
>>>>>> discuss.
>>>>>>
>>>>>> On Sep 14, 2012, at 10:32 AM, John Wilander <john.wilander at owasp.org>
>>>>>> <
>>>>>> john.wilander at owasp.org>
>>>>>>
>>>>>> wrote:
>>>>>>
>>>>>>
>>>>>>    Kostas is completely right in every point he makes. That's why we
>>>>>>
>>>>>>    brought up the name change with the OWASP board in 2009 and started
>>>>>> building an academic reputation for OWASP AppSec Research.
>>>>>>
>>>>>>    Belgium started it all in 2008 with a proper CFP and published
>>>>>> program
>>>>>>
>>>>>>    committee (https://www.owasp.org/index.****<https://www.owasp.org/index.**>
>>>>>> php/OWASP_AppSec_Europe_2008_-****_Belgium/CFP<https://www.**
>>>>>> owasp.org/index.php/OWASP_**AppSec_Europe_2008_-_Belgium/**CFP<https://www.owasp.org/index.php/OWASP_AppSec_Europe_2008_-_Belgium/CFP>
>>>>>> >
>>>>>>
>>>>>> ).
>>>>>>
>>>>>>
>>>>>>    Regards, John
>>>>>>
>>>>>> --
>>>>>> My music http://www.johnwilander.com
>>>>>> Twitter https://twitter.com/****johnwilander<https://twitter.com/**johnwilander>
>>>>>> <https://twitter.**com/johnwilander<https://twitter.com/johnwilander>
>>>>>> >
>>>>>>
>>>>>> CV or Résumé http://johnwilander.se
>>>>>>
>>>>>> 14 sep 2012 kl. 14:08 skrev Konstantinos Papapanagiotou <
>>>>>>
>>>>>>    Konstantinos at owasp.org>:
>>>>>>
>>>>>>     About a month ago I had a discussion with Tom Brennan about the
>>>>>> research/academic nature of the OWASP global conferences, where I
>>>>>> summarized the differences of a research/academic conference in
>>>>>> contrast to industry-oriented conferences. He kindly asked me to make
>>>>>> this public so that the GCC can continue the discussion, so here you
>>>>>> go.
>>>>>>
>>>>>> I intend to come back to this with more ideas/proposals based on the
>>>>>> recent experience with AppSec Research 2012. Also looking forward to
>>>>>> your comments, suggestions.
>>>>>>
>>>>>> Kostas
>>>>>>
>>>>>>
>>>>>> ---------- Forwarded message ----------
>>>>>> From: Konstantinos Papapanagiotou <Konstantinos at owasp.org> <
>>>>>> Konstantinos at owasp.org>
>>>>>> Date: Thu, Aug 16, 2012 at 10:25 PM
>>>>>> Subject: Re: [Global_conference_committee] OWASP Speaker Selection
>>>>>>
>>>>>>    Committee
>>>>>>
>>>>>>    To: Tom Brennan <tomb at owasp.org> <tomb at owasp.org>
>>>>>>
>>>>>>
>>>>>>
>>>>>> I'm afraid that I'll have to disagree, having seen both sides of the
>>>>>> conference "coin". An academic conference:
>>>>>> - has a CFP committee comprised of professors and researchers (PhD
>>>>>> holders), usually well respected in their field. The list of their
>>>>>> names always appears in the CFP.
>>>>>> - openly specifies the review procedure in the CFP (e.g. peer review
>>>>>> or double blind review, etc.)
>>>>>> - It publishes its proceedings in a book (ok in something that has
>>>>>> ISBN). And I mean proper research paper (usually 10-12 pages long),
>>>>>> not just slides from presos.
>>>>>> - Submitted work has to be original, ie you cannot present the same
>>>>>> work in two conferences (if you get caught doing this you can get in
>>>>>> trouble).
>>>>>> - there are some other minor differences (e.g. presenters need to pay
>>>>>> registration fees in order to present, etc.)
>>>>>>
>>>>>> On the other hand, industry-oriented conferences don't usually publish
>>>>>> their CFP committee, have more fuzzy CFP process, don't publish
>>>>>> proceedings and also about 25% of the speakers tour the entire world
>>>>>> delivering the same presentation in various conferences (examples in
>>>>>> the recent AppSec Research include Jaob West, Gary McGraw, etc.).
>>>>>> Unfortunately, academic researchers don't respect industry-focused
>>>>>> conferences as they think that they are not innovative enough and
>>>>>> usually include only sales pitches. Similarly, most industry players
>>>>>> think that scientific conferecens are too theoretical. As you
>>>>>> understand it's hard to balance things but not impossible. OOPSLA
>>>>>> (http://splashcon.org/2012/) and IEEE CCNC are trying to appeal to
>>>>>> both communities. My opinion is that at least one OWASP conference
>>>>>> (AppSec EU) should be in the same direction. We only have to attract
>>>>>> more research/academic papers.
>>>>>>
>>>>>> I hope that I've made this clearer to you. :)
>>>>>>
>>>>>> Kostas
>>>>>>
>>>>>>
>>>>>> On Wed, Aug 15, 2012 at 12:44 AM, Tom Brennan <tomb at owasp.org> <
>>>>>> tomb at owasp.org> wrote:
>>>>>>
>>>>>>    I would say that all global AppSec events have that focus
>>>>>>
>>>>>>     "research/academic community"
>>>>>>
>>>>>>     Would you disagree?
>>>>>>
>>>>>>
>>>>>> Tom Brennan973-202-0122
>>>>>>
>>>>>> On Aug 14, 2012, at 4:29 PM, Konstantinos Papapanagiotou <
>>>>>>
>>>>>>     Konstantinos at owasp.org> wrote:
>>>>>>
>>>>>>      research/academic community
>>>>>>
>>>>>>    ______________________________****_________________
>>>>>> Global_conference_committee mailing listGlobal_conference_**
>>>>>> committee at lists.owasp.****orghttps://lists.owasp.org/**
>>>>>> mailman/listinfo/global_****conference_committee<http://**
>>>>>> lists.owasp.org/mailman/**listinfo/global_conference_**committee<http://lists.owasp.org/mailman/listinfo/global_conference_committee>
>>>>>> >
>>>>>>
>>>>>>    ______________________________****_________________
>>>>>> Global_conference_committee mailing listGlobal_conference_**
>>>>>> committee at lists.owasp.****orghttps://lists.owasp.org/**
>>>>>> mailman/listinfo/global_****conference_committee<http://**
>>>>>> lists.owasp.org/mailman/**listinfo/global_conference_**committee<http://lists.owasp.org/mailman/listinfo/global_conference_committee>
>>>>>> >
>>>>>>
>>>>>>    ______________________________****_________________
>>>>>> Global_conference_committee mailing listGlobal_conference_**
>>>>>> committee at lists.owasp.****orghttps://lists.owasp.org/**
>>>>>> mailman/listinfo/global_****conference_committee<http://**
>>>>>> lists.owasp.org/mailman/**listinfo/global_conference_**committee<http://lists.owasp.org/mailman/listinfo/global_conference_committee>
>>>>>> >
>>>>>>
>>>>>>
>>>>>>
>>>>>> ______________________________****_________________
>>>>>> Owasp-board mailing listOwasp-board at lists.owasp.****orghttps://
>>>>>> lists.owasp.org/**mailman/**listinfo/owasp-board<http://lists.owasp.org/**mailman/listinfo/owasp-board>
>>>>>> <http://**lists.owasp.org/mailman/**listinfo/owasp-board<http://lists.owasp.org/mailman/listinfo/owasp-board>
>>>>>> >
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> ______________________________****_________________
>>>>>> Owasp-board mailing list
>>>>>> Owasp-board at lists.owasp.org
>>>>>> https://lists.owasp.org/****mailman/listinfo/owasp-board<https://lists.owasp.org/**mailman/listinfo/owasp-board>
>>>>>> <h**ttps://lists.owasp.org/**mailman/listinfo/owasp-board<https://lists.owasp.org/mailman/listinfo/owasp-board>
>>>>>> >
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20121003/9f7e2b36/attachment-0001.html>


More information about the Owasp-board mailing list