[Owasp-board] Update on 2016 AppSec Conference & 'Call to Host'

Michael Coates michael.coates at owasp.org
Thu Feb 26 22:24:15 UTC 2015


Seems like there is lots of support for hybrid that puts much stronger
foundation role for global events and leaves all regional and local events
to local teams to lead (as they currently are).

For global events (at least AppSecUSA) I'd float they idea of alternating
NYC and San Francisco. Two huge markets where we'll have established
location and partners. But I'd push back on our planning for local support
- I think we should map out all the activities for an established location
and see how many could be accomplished by foundation (with necessary
staffing) and how many would need feet on the ground in the location. I bet
we could find a model that worked pretty well. Plus, combine that with a
task force of previous AppSecUSA advisors (i.e. previous planners) and
you've got a great mix of skills.


--
Michael Coates | @_mwc <https://twitter.com/intent/user?screen_name=_mwc>
OWASP Global Board
Join me at AppSecUSA <http://AppSecUSA.org> 2015 in San Francisco!




On Thu, Feb 26, 2015 at 2:18 PM, Noreen Whysel <noreen.whysel at owasp.org>
wrote:

> Josh,
>
> At my old job,the IA Institute relied on a tiered combination of global
> and local sponsors. It is a model that works best for regional events, but
> for international level events, gives local companies potential exposure to
> a global market if they have the interest and means to expand globally. We
> tended to see global sponsors signing on for exhibitor tables, donating
> software, and writing big checks to cover operational expenses, while local
> sponsors who know the lay of the land would play host by doing networking
> events or speaker dinners at local taverns and restaurants, or cover food
> (local caterers) and venue (if held at a corporate office).
>
> Noreen Whysel
> Community Manager
> OWASP Foundation
>
> On Feb 26, 2015, at 3:57 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>
> Having been the Chair of AppSecUSA 2012, I can say that hosting an AppSec
> Conference is a lot for a local team of volunteers to handle.  We did it
> with minimal assistance from the Foundation for everything from
> Sponsorships (had to find our own) to Sessions (had to solicit our own
> speakers).  There was no Laura (or equivalent) at the time and Sarah's
> feedback was about all we had in terms of guidance from the Foundation.
> I'm pretty sure we've come a long ways since then, but I believe that we
> still have a very heavy focus on the local boots on the ground doing the
> majority of the work.  It's extremely tiresome and I literally told people
> afterward that I would never do it again.  This situation was actually a
> large part of my rationale for the Foundation to stop trying to take money
> from the chapters who decide to put on conferences.  Every dollar taken
> away from them is one less reason for them to want to host one of these.
> We should be trying to incentivize as many chapters as possible to attempt
> local conferences because it gives leaders the skills necessary to tackle
> the big show.
>
> My suggestion here, based on my experience, is to find a chapter with
> strong project planning skills and a solid location.  When we move the
> event year after year we lose every bit of experience with the venue and
> processes and have to renegotiate everything from scratch.  Conference
> planning is easiest when it's a formula, like LASCON.  Same location, very
> few unknowns, solid performance YOY.  When you know what to expect, you can
> focus more time and energy on improving the formula, rather than
> re-inventing it.  If NYC or San Francisco fits that bill, and the local
> planning team is willing to take it on, then I say we go all in and commit
> to it.  Simultaneously, we need to commit to the local chapter leaders that
> they will be rewarded handsomely for their efforts.  OWASP Austin got
> exactly $0 from AppSecUSA 2012.  I believe that the profit sharing policy
> was changed the next year though so that may already be addressed.
> Regardless, if you are asking these leaders to spend a year of their lives
> to make the conference a success, then they should be rewarded with a year
> of chapter funding.  I also think that we need to significantly bump up the
> level of support from the Foundation.  Perhaps it's changed since we ran
> it, but conference planners should handle venue, schedule, speaker
> selection, volunteers, etc.  They should not be responsible for finding
> sponsors.  That should be handled entirely by the Foundation as it takes a
> huge weight off their shoulders.  I'm sure there's more that's not coming
> to mind right now, but hopefully that's helpful for this conversation.
>
> ~josh
>
> On Thu, Feb 26, 2015 at 2:32 PM, Michael Coates <michael.coates at owasp.org>
> wrote:
>
>> One other note: I do think the path forward is likely a hybrid model. But
>> to be far, the announcement for 2016 went out on Dec 26 and I haven't seen
>> another email since. I wouldn't be surprised if everyone missed it. That
>> said, we'd still likely only get 1 or 2 submissions and it's unknown if
>> we'd want to go to that location.
>>
>>
>> --
>> Michael Coates | @_mwc <https://twitter.com/intent/user?screen_name=_mwc>
>> OWASP Global Board
>> Join me at AppSecUSA <http://AppSecUSA.org> 2015 in San Francisco!
>>
>>
>>
>>
>> On Thu, Feb 26, 2015 at 12:30 PM, Jim Manico <jim.manico at owasp.org>
>> wrote:
>>
>>> Michael,
>>>
>>> I'm a fan of that as well. A stable location has a better potential for
>>> growth. These events are so crucial to our fiscal health I like the idea of
>>> additional professional support to run a stable event. We sure do run these
>>> major events with minimal staff...
>>>
>>> NYC seems to have huge potential. Perhaps SF too, lets see how we do
>>> this year.
>>>
>>> Details aside, I agree with your general vision here.
>>>
>>> Cheers,
>>> --
>>> Jim Manico
>>> @Manicode
>>> (808) 652-3805
>>>
>>> On Feb 26, 2015, at 9:25 PM, Michael Coates <michael.coates at owasp.org>
>>> wrote:
>>>
>>> I'm not surprised and was prepared that this day would come. It is a
>>> tall order to host and lots of risk for our org to nearly start from
>>> scratch each event.
>>>
>>> I'd like to discuss a hybrid model that is led by foundation in preset
>>> locations where we can leverage known resources for repeatability and
>>> scale. We can still rotate to some degree but it's between known locations.
>>> This combined with a community effort for some aspects and dedicated new
>>> staff resources would work well. We gain stability and still leverage
>>> community for some aspects while driving from the foundation.
>>>
>>>
>>>
>>>
>>>
>>> On Feb 26, 2015, at 12:13 PM, Paul Ritchie <paul.ritchie at owasp.org>
>>> wrote:
>>>
>>> Hello OWASP Board members:
>>>
>>> Issue: During our OWASP staff meeting today we discussed that we have
>>> not received any proposals to host an AppSec Conference in 2016.
>>> Laura put out the call for proposals back in late December, and it was
>>> followed up in our Connector newsletter. The Deadline for submissions was
>>> February 27. Although several people looked seriously at the prospect of
>>> hosting, none have submitted a formal proposal to host the 2016 AppSec.
>>>
>>> Next Steps: I plan to extend the 'Call for Proposals' period another 3
>>> weeks to see if we can stimulate some additional interest for our AppSec
>>> conferences in Europe & US. To accomplish that, I have streamlined Laura's
>>> original email and plan to resend no later than Monday, March 2 to our
>>> Leaders & Community email group lists.
>>>
>>> During our Staff meeting today we discussed several good options in case
>>> we don't receive a proposal, but first, lets give the Community another
>>> opportunity to 'step up' and 'take the lead' for our 2016 events.
>>>
>>> Just FYI for now since several of you were asking about progress in this
>>> area.
>>> Paul
>>>
>>> ========== TEXT OF APPSEC2016 CALL FOR PROPOSALS =============
>>>
>>> Hello All,
>>>
>>> Is your Chapter or Region interested in hosting our 2016 AppSec
>>> Conference for Europe or USA?  OWASP is actively seeking proposals and we
>>> encourage any community member interested in hosting a​n *OWASP**​ ​**Global
>>> **Conference* to submit a proposal.
>>>
>>>
>>>
>>> Hosting a conference requires commitment, responsibility and a lot of
>>> time, energy and effort to properly plan and implement a conference. For
>>> more information see the How to Host a Conference page.
>>> https://www.owasp.org/index.php/How_to_Host_a_Conference
>>>
>>>
>>>
>>> The dates of each OWASP Global AppSec conference vary somewhat each year
>>> but ideally the conference is held:
>>>
>>> ·        Europe ​- Q2​ 2016
>>>
>>> ·        North America​ - Q3​ 2016
>>>
>>> To bid for a 201​6 OWASP Global AppSec please complete the OCMS form
>>> http://www.tfaforms.com/301382 with the following information *by March
>>> 2**​**0th, 201**​**5**.**   Please include the following information.*
>>>
>>>
>>>
>>> 1. The proposed city and host chapter.
>>>
>>>
>>>
>>> 2. The name of the intended local organizer and his/her team committed
>>> to the task for 201​6​
>>>
>>> along with a brief explanation on why the conference committee wants to
>>> organize an OWASP Global AppSec.  Include anticipated help from volunteers
>>> before and at the conference.
>>>
>>>
>>>
>>> 3. Previous conferences or local/regional events experience of the
>>> conference committee.
>>>
>>>
>>>
>>> 4. The intended dates for the conference. (Typically includes 2 days of
>>> pre-conference training, followed by 2 days of conference talks).
>>>
>>>
>>>
>>> 5. Venue recommendations. If possible, assurance that the following will
>>> be available:
>>>
>>> - A large auditorium with multiple training / lecture rooms near the
>>> main auditorium.
>>>
>>> - Projection & internet facilities in all rooms up to modern standards.
>>>
>>> - A suitable networking space near the rooms for registration, breaks
>>> and other activities.
>>>
>>> - A hall near the rooms for sponsor exhibitions.
>>>
>>> - Green room, storage room, breakout room, capture the flag area, etc.
>>>
>>>  6. Budget. Please use the form on google docs
>>> https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AhOGWXgQrDnddE9nZnh1UEZzUHJ2cl85R2hVd2IxRGc&usp=drive_web#gid=0 (Since
>>> many of the categories of expenses are optional, consider this a check
>>> list. You can add as many items as you want and you do not need to fill in
>>> every box if you do not want it to be included in your event.)
>>>
>>>
>>>
>>> 7. Possible "big name" speakers in AppSec who might be plenary speakers
>>> with low travel costs.
>>>
>>>
>>>
>>> 8. Realistic prospects for obtaining sponsorship from outside bodies,
>>> e.g., companies, universities, scientific institutes, media, government,
>>> etc.
>>>
>>>
>>>
>>> By submitting an application, you are already demonstrating your
>>> commitment to OWASP. We really appreciate every proposal we receive,
>>> however not every proposal will be approved. The selection process that
>>> will be made by the OWASP operations team with input from previous AppSec
>>> organizing teams.
>>>
>>> · Preference will be given to the community that demonstrates more
>>> engagement.
>>>
>>> · Preference will be given to the team that has successful experience
>>> organizing local/regional events.
>>>
>>> · Preference will be given to a location that has not recently hosted a
>>> Global AppSec conference.
>>>
>>> · Geographic coverage will be considered when selecting conference sites.
>>>
>>>
>>>
>>> *The deadline for applications is March 20th. *
>>>
>>>
>>>
>>> Should you have any questions concerning the proposal process or need
>>> assistance with your application, please do not hesitate to contact me.  We
>>> are looking forward to your proposals!
>>>
>>>
>>>
>>> Paul Ritchie, OWASP Executive Director
>>>
>>> paul.ritchie at owasp.org
>>>
>>>  _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150226/794c6fc7/attachment-0001.html>


More information about the Owasp-board mailing list