[Owasp-board] Update on 2016 AppSec Conference & 'Call to Host'

Michael Coates michael.coates at owasp.org
Thu Feb 26 22:20:14 UTC 2015


"Another note about LASCON. About 1/2 the talks were on websec and the
other 1/2 were devops or similar. And I think this is a good thing. "

Same idea for AppSecUSA - focus is Application Security, but that is a
component of developer security, devops and cloud security. All play a role
in overall AppSec but different flavors and diverse audience.


--
Michael Coates | @_mwc <https://twitter.com/intent/user?screen_name=_mwc>
OWASP Global Board
Join me at AppSecUSA <http://AppSecUSA.org> 2015 in San Francisco!




On Thu, Feb 26, 2015 at 1:12 PM, Jim Manico <jim.manico at owasp.org> wrote:

> Another note about LASCON. About 1/2 the talks were on websec and the
> other 1/2 were devops or similar. And I think this is a good thing. As
> regional conferences mature they take on a specific style. AppSec Cali is
> very developer focused, for example. These sub-communities are important
> and helps drive regional conference growth.
>
> Josh, local teams are best suited to find (at least) sponsorship leads.
> One of my old bosses told me "everyone is responsible for sales in some
> way" and I agree. We may need additional sales support, but it takes the
> unity of local teams and foundation follow-up to get sponsors.
>
> My vote is that the foundation should take more of a leadership role for
> our main conferences and provide more support for regionals.
>
> Regards,
> --
> Jim Manico
> @Manicode
> (808) 652-3805
>
> On Feb 26, 2015, at 9:57 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>
> Having been the Chair of AppSecUSA 2012, I can say that hosting an AppSec
> Conference is a lot for a local team of volunteers to handle.  We did it
> with minimal assistance from the Foundation for everything from
> Sponsorships (had to find our own) to Sessions (had to solicit our own
> speakers).  There was no Laura (or equivalent) at the time and Sarah's
> feedback was about all we had in terms of guidance from the Foundation.
> I'm pretty sure we've come a long ways since then, but I believe that we
> still have a very heavy focus on the local boots on the ground doing the
> majority of the work.  It's extremely tiresome and I literally told people
> afterward that I would never do it again.  This situation was actually a
> large part of my rationale for the Foundation to stop trying to take money
> from the chapters who decide to put on conferences.  Every dollar taken
> away from them is one less reason for them to want to host one of these.
> We should be trying to incentivize as many chapters as possible to attempt
> local conferences because it gives leaders the skills necessary to tackle
> the big show.
>
> My suggestion here, based on my experience, is to find a chapter with
> strong project planning skills and a solid location.  When we move the
> event year after year we lose every bit of experience with the venue and
> processes and have to renegotiate everything from scratch.  Conference
> planning is easiest when it's a formula, like LASCON.  Same location, very
> few unknowns, solid performance YOY.  When you know what to expect, you can
> focus more time and energy on improving the formula, rather than
> re-inventing it.  If NYC or San Francisco fits that bill, and the local
> planning team is willing to take it on, then I say we go all in and commit
> to it.  Simultaneously, we need to commit to the local chapter leaders that
> they will be rewarded handsomely for their efforts.  OWASP Austin got
> exactly $0 from AppSecUSA 2012.  I believe that the profit sharing policy
> was changed the next year though so that may already be addressed.
> Regardless, if you are asking these leaders to spend a year of their lives
> to make the conference a success, then they should be rewarded with a year
> of chapter funding.  I also think that we need to significantly bump up the
> level of support from the Foundation.  Perhaps it's changed since we ran
> it, but conference planners should handle venue, schedule, speaker
> selection, volunteers, etc.  They should not be responsible for finding
> sponsors.  That should be handled entirely by the Foundation as it takes a
> huge weight off their shoulders.  I'm sure there's more that's not coming
> to mind right now, but hopefully that's helpful for this conversation.
>
> ~josh
>
> On Thu, Feb 26, 2015 at 2:32 PM, Michael Coates <michael.coates at owasp.org>
> wrote:
>
>> One other note: I do think the path forward is likely a hybrid model. But
>> to be far, the announcement for 2016 went out on Dec 26 and I haven't seen
>> another email since. I wouldn't be surprised if everyone missed it. That
>> said, we'd still likely only get 1 or 2 submissions and it's unknown if
>> we'd want to go to that location.
>>
>>
>> --
>> Michael Coates | @_mwc <https://twitter.com/intent/user?screen_name=_mwc>
>> OWASP Global Board
>> Join me at AppSecUSA <http://AppSecUSA.org> 2015 in San Francisco!
>>
>>
>>
>>
>> On Thu, Feb 26, 2015 at 12:30 PM, Jim Manico <jim.manico at owasp.org>
>> wrote:
>>
>>> Michael,
>>>
>>> I'm a fan of that as well. A stable location has a better potential for
>>> growth. These events are so crucial to our fiscal health I like the idea of
>>> additional professional support to run a stable event. We sure do run these
>>> major events with minimal staff...
>>>
>>> NYC seems to have huge potential. Perhaps SF too, lets see how we do
>>> this year.
>>>
>>> Details aside, I agree with your general vision here.
>>>
>>> Cheers,
>>> --
>>> Jim Manico
>>> @Manicode
>>> (808) 652-3805
>>>
>>> On Feb 26, 2015, at 9:25 PM, Michael Coates <michael.coates at owasp.org>
>>> wrote:
>>>
>>> I'm not surprised and was prepared that this day would come. It is a
>>> tall order to host and lots of risk for our org to nearly start from
>>> scratch each event.
>>>
>>> I'd like to discuss a hybrid model that is led by foundation in preset
>>> locations where we can leverage known resources for repeatability and
>>> scale. We can still rotate to some degree but it's between known locations.
>>> This combined with a community effort for some aspects and dedicated new
>>> staff resources would work well. We gain stability and still leverage
>>> community for some aspects while driving from the foundation.
>>>
>>>
>>>
>>>
>>>
>>> On Feb 26, 2015, at 12:13 PM, Paul Ritchie <paul.ritchie at owasp.org>
>>> wrote:
>>>
>>> Hello OWASP Board members:
>>>
>>> Issue: During our OWASP staff meeting today we discussed that we have
>>> not received any proposals to host an AppSec Conference in 2016.
>>> Laura put out the call for proposals back in late December, and it was
>>> followed up in our Connector newsletter. The Deadline for submissions was
>>> February 27. Although several people looked seriously at the prospect of
>>> hosting, none have submitted a formal proposal to host the 2016 AppSec.
>>>
>>> Next Steps: I plan to extend the 'Call for Proposals' period another 3
>>> weeks to see if we can stimulate some additional interest for our AppSec
>>> conferences in Europe & US. To accomplish that, I have streamlined Laura's
>>> original email and plan to resend no later than Monday, March 2 to our
>>> Leaders & Community email group lists.
>>>
>>> During our Staff meeting today we discussed several good options in case
>>> we don't receive a proposal, but first, lets give the Community another
>>> opportunity to 'step up' and 'take the lead' for our 2016 events.
>>>
>>> Just FYI for now since several of you were asking about progress in this
>>> area.
>>> Paul
>>>
>>> ========== TEXT OF APPSEC2016 CALL FOR PROPOSALS =============
>>>
>>> Hello All,
>>>
>>> Is your Chapter or Region interested in hosting our 2016 AppSec
>>> Conference for Europe or USA?  OWASP is actively seeking proposals and we
>>> encourage any community member interested in hosting a​n *OWASP**​ ​**Global
>>> **Conference* to submit a proposal.
>>>
>>>
>>>
>>> Hosting a conference requires commitment, responsibility and a lot of
>>> time, energy and effort to properly plan and implement a conference. For
>>> more information see the How to Host a Conference page.
>>> https://www.owasp.org/index.php/How_to_Host_a_Conference
>>>
>>>
>>>
>>> The dates of each OWASP Global AppSec conference vary somewhat each year
>>> but ideally the conference is held:
>>>
>>> ·        Europe ​- Q2​ 2016
>>>
>>> ·        North America​ - Q3​ 2016
>>>
>>> To bid for a 201​6 OWASP Global AppSec please complete the OCMS form
>>> http://www.tfaforms.com/301382 with the following information *by March
>>> 2**​**0th, 201**​**5**.**   Please include the following information.*
>>>
>>>
>>>
>>> 1. The proposed city and host chapter.
>>>
>>>
>>>
>>> 2. The name of the intended local organizer and his/her team committed
>>> to the task for 201​6​
>>>
>>> along with a brief explanation on why the conference committee wants to
>>> organize an OWASP Global AppSec.  Include anticipated help from volunteers
>>> before and at the conference.
>>>
>>>
>>>
>>> 3. Previous conferences or local/regional events experience of the
>>> conference committee.
>>>
>>>
>>>
>>> 4. The intended dates for the conference. (Typically includes 2 days of
>>> pre-conference training, followed by 2 days of conference talks).
>>>
>>>
>>>
>>> 5. Venue recommendations. If possible, assurance that the following will
>>> be available:
>>>
>>> - A large auditorium with multiple training / lecture rooms near the
>>> main auditorium.
>>>
>>> - Projection & internet facilities in all rooms up to modern standards.
>>>
>>> - A suitable networking space near the rooms for registration, breaks
>>> and other activities.
>>>
>>> - A hall near the rooms for sponsor exhibitions.
>>>
>>> - Green room, storage room, breakout room, capture the flag area, etc.
>>>
>>>  6. Budget. Please use the form on google docs
>>> https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AhOGWXgQrDnddE9nZnh1UEZzUHJ2cl85R2hVd2IxRGc&usp=drive_web#gid=0 (Since
>>> many of the categories of expenses are optional, consider this a check
>>> list. You can add as many items as you want and you do not need to fill in
>>> every box if you do not want it to be included in your event.)
>>>
>>>
>>>
>>> 7. Possible "big name" speakers in AppSec who might be plenary speakers
>>> with low travel costs.
>>>
>>>
>>>
>>> 8. Realistic prospects for obtaining sponsorship from outside bodies,
>>> e.g., companies, universities, scientific institutes, media, government,
>>> etc.
>>>
>>>
>>>
>>> By submitting an application, you are already demonstrating your
>>> commitment to OWASP. We really appreciate every proposal we receive,
>>> however not every proposal will be approved. The selection process that
>>> will be made by the OWASP operations team with input from previous AppSec
>>> organizing teams.
>>>
>>> · Preference will be given to the community that demonstrates more
>>> engagement.
>>>
>>> · Preference will be given to the team that has successful experience
>>> organizing local/regional events.
>>>
>>> · Preference will be given to a location that has not recently hosted a
>>> Global AppSec conference.
>>>
>>> · Geographic coverage will be considered when selecting conference sites.
>>>
>>>
>>>
>>> *The deadline for applications is March 20th. *
>>>
>>>
>>>
>>> Should you have any questions concerning the proposal process or need
>>> assistance with your application, please do not hesitate to contact me.  We
>>> are looking forward to your proposals!
>>>
>>>
>>>
>>> Paul Ritchie, OWASP Executive Director
>>>
>>> paul.ritchie at owasp.org
>>>
>>>  _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150226/e5fd9365/attachment-0001.html>


More information about the Owasp-board mailing list