[Owasp-board] Update on 2016 AppSec Conference & 'Call to Host'

Andrew van der Stock vanderaj at owasp.org
Fri Feb 27 05:16:33 UTC 2015


+1

It's a lot of work to do an appsec conference. Having so much of our income
tied to folks who are starting from scratch every year is a lot to ask.

Considering I don't think we have an AppSec Asia Pac this year (or at least
I can't find it), having the hybrid model is a great idea.

In AsiaPac, Singapore is one of the best locations as it's almost
equi-distant to all parts of South East Asia. Japan is a bit expensive, and
Hong Kong a bit far for many when incomes in our region are not that high.
We only had 100 folks at the last AsiaPac conference held in Australia, so
I would support it being in Singapore or KL over us.

thanks
Andrew

On Fri, Feb 27, 2015 at 9:24 AM, Michael Coates <michael.coates at owasp.org>
wrote:

> Seems like there is lots of support for hybrid that puts much stronger
> foundation role for global events and leaves all regional and local events
> to local teams to lead (as they currently are).
>
> For global events (at least AppSecUSA) I'd float they idea of alternating
> NYC and San Francisco. Two huge markets where we'll have established
> location and partners. But I'd push back on our planning for local support
> - I think we should map out all the activities for an established location
> and see how many could be accomplished by foundation (with necessary
> staffing) and how many would need feet on the ground in the location. I bet
> we could find a model that worked pretty well. Plus, combine that with a
> task force of previous AppSecUSA advisors (i.e. previous planners) and
> you've got a great mix of skills.
>
>
> --
> Michael Coates | @_mwc <https://twitter.com/intent/user?screen_name=_mwc>
> OWASP Global Board
> Join me at AppSecUSA <http://AppSecUSA.org> 2015 in San Francisco!
>
>
>
>
> On Thu, Feb 26, 2015 at 2:18 PM, Noreen Whysel <noreen.whysel at owasp.org>
> wrote:
>
>> Josh,
>>
>> At my old job,the IA Institute relied on a tiered combination of global
>> and local sponsors. It is a model that works best for regional events, but
>> for international level events, gives local companies potential exposure to
>> a global market if they have the interest and means to expand globally. We
>> tended to see global sponsors signing on for exhibitor tables, donating
>> software, and writing big checks to cover operational expenses, while local
>> sponsors who know the lay of the land would play host by doing networking
>> events or speaker dinners at local taverns and restaurants, or cover food
>> (local caterers) and venue (if held at a corporate office).
>>
>> Noreen Whysel
>> Community Manager
>> OWASP Foundation
>>
>> On Feb 26, 2015, at 3:57 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>
>> Having been the Chair of AppSecUSA 2012, I can say that hosting an AppSec
>> Conference is a lot for a local team of volunteers to handle.  We did it
>> with minimal assistance from the Foundation for everything from
>> Sponsorships (had to find our own) to Sessions (had to solicit our own
>> speakers).  There was no Laura (or equivalent) at the time and Sarah's
>> feedback was about all we had in terms of guidance from the Foundation.
>> I'm pretty sure we've come a long ways since then, but I believe that we
>> still have a very heavy focus on the local boots on the ground doing the
>> majority of the work.  It's extremely tiresome and I literally told people
>> afterward that I would never do it again.  This situation was actually a
>> large part of my rationale for the Foundation to stop trying to take money
>> from the chapters who decide to put on conferences.  Every dollar taken
>> away from them is one less reason for them to want to host one of these.
>> We should be trying to incentivize as many chapters as possible to attempt
>> local conferences because it gives leaders the skills necessary to tackle
>> the big show.
>>
>> My suggestion here, based on my experience, is to find a chapter with
>> strong project planning skills and a solid location.  When we move the
>> event year after year we lose every bit of experience with the venue and
>> processes and have to renegotiate everything from scratch.  Conference
>> planning is easiest when it's a formula, like LASCON.  Same location, very
>> few unknowns, solid performance YOY.  When you know what to expect, you can
>> focus more time and energy on improving the formula, rather than
>> re-inventing it.  If NYC or San Francisco fits that bill, and the local
>> planning team is willing to take it on, then I say we go all in and commit
>> to it.  Simultaneously, we need to commit to the local chapter leaders that
>> they will be rewarded handsomely for their efforts.  OWASP Austin got
>> exactly $0 from AppSecUSA 2012.  I believe that the profit sharing policy
>> was changed the next year though so that may already be addressed.
>> Regardless, if you are asking these leaders to spend a year of their lives
>> to make the conference a success, then they should be rewarded with a year
>> of chapter funding.  I also think that we need to significantly bump up the
>> level of support from the Foundation.  Perhaps it's changed since we ran
>> it, but conference planners should handle venue, schedule, speaker
>> selection, volunteers, etc.  They should not be responsible for finding
>> sponsors.  That should be handled entirely by the Foundation as it takes a
>> huge weight off their shoulders.  I'm sure there's more that's not coming
>> to mind right now, but hopefully that's helpful for this conversation.
>>
>> ~josh
>>
>> On Thu, Feb 26, 2015 at 2:32 PM, Michael Coates <michael.coates at owasp.org
>> > wrote:
>>
>>> One other note: I do think the path forward is likely a hybrid model.
>>> But to be far, the announcement for 2016 went out on Dec 26 and I haven't
>>> seen another email since. I wouldn't be surprised if everyone missed it.
>>> That said, we'd still likely only get 1 or 2 submissions and it's unknown
>>> if we'd want to go to that location.
>>>
>>>
>>> --
>>> Michael Coates | @_mwc
>>> <https://twitter.com/intent/user?screen_name=_mwc>
>>> OWASP Global Board
>>> Join me at AppSecUSA <http://AppSecUSA.org> 2015 in San Francisco!
>>>
>>>
>>>
>>>
>>> On Thu, Feb 26, 2015 at 12:30 PM, Jim Manico <jim.manico at owasp.org>
>>> wrote:
>>>
>>>> Michael,
>>>>
>>>> I'm a fan of that as well. A stable location has a better potential for
>>>> growth. These events are so crucial to our fiscal health I like the idea of
>>>> additional professional support to run a stable event. We sure do run these
>>>> major events with minimal staff...
>>>>
>>>> NYC seems to have huge potential. Perhaps SF too, lets see how we do
>>>> this year.
>>>>
>>>> Details aside, I agree with your general vision here.
>>>>
>>>> Cheers,
>>>> --
>>>> Jim Manico
>>>> @Manicode
>>>> (808) 652-3805
>>>>
>>>> On Feb 26, 2015, at 9:25 PM, Michael Coates <michael.coates at owasp.org>
>>>> wrote:
>>>>
>>>> I'm not surprised and was prepared that this day would come. It is a
>>>> tall order to host and lots of risk for our org to nearly start from
>>>> scratch each event.
>>>>
>>>> I'd like to discuss a hybrid model that is led by foundation in preset
>>>> locations where we can leverage known resources for repeatability and
>>>> scale. We can still rotate to some degree but it's between known locations.
>>>> This combined with a community effort for some aspects and dedicated new
>>>> staff resources would work well. We gain stability and still leverage
>>>> community for some aspects while driving from the foundation.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Feb 26, 2015, at 12:13 PM, Paul Ritchie <paul.ritchie at owasp.org>
>>>> wrote:
>>>>
>>>> Hello OWASP Board members:
>>>>
>>>> Issue: During our OWASP staff meeting today we discussed that we have
>>>> not received any proposals to host an AppSec Conference in 2016.
>>>> Laura put out the call for proposals back in late December, and it was
>>>> followed up in our Connector newsletter. The Deadline for submissions was
>>>> February 27. Although several people looked seriously at the prospect of
>>>> hosting, none have submitted a formal proposal to host the 2016 AppSec.
>>>>
>>>> Next Steps: I plan to extend the 'Call for Proposals' period another 3
>>>> weeks to see if we can stimulate some additional interest for our AppSec
>>>> conferences in Europe & US. To accomplish that, I have streamlined Laura's
>>>> original email and plan to resend no later than Monday, March 2 to our
>>>> Leaders & Community email group lists.
>>>>
>>>> During our Staff meeting today we discussed several good options in
>>>> case we don't receive a proposal, but first, lets give the Community
>>>> another opportunity to 'step up' and 'take the lead' for our 2016 events.
>>>>
>>>> Just FYI for now since several of you were asking about progress in
>>>> this area.
>>>> Paul
>>>>
>>>> ========== TEXT OF APPSEC2016 CALL FOR PROPOSALS =============
>>>>
>>>> Hello All,
>>>>
>>>> Is your Chapter or Region interested in hosting our 2016 AppSec
>>>> Conference for Europe or USA?  OWASP is actively seeking proposals and we
>>>> encourage any community member interested in hosting a​n *OWASP**​ ​**Global
>>>> **Conference* to submit a proposal.
>>>>
>>>>
>>>>
>>>> Hosting a conference requires commitment, responsibility and a lot of
>>>> time, energy and effort to properly plan and implement a conference. For
>>>> more information see the How to Host a Conference page.
>>>> https://www.owasp.org/index.php/How_to_Host_a_Conference
>>>>
>>>>
>>>>
>>>> The dates of each OWASP Global AppSec conference vary somewhat each
>>>> year but ideally the conference is held:
>>>>
>>>> ·        Europe ​- Q2​ 2016
>>>>
>>>> ·        North America​ - Q3​ 2016
>>>>
>>>> To bid for a 201​6 OWASP Global AppSec please complete the OCMS form
>>>> http://www.tfaforms.com/301382 with the following information *by
>>>> March 2**​**0th, 201**​**5**.**   Please include the following
>>>> information.*
>>>>
>>>>
>>>>
>>>> 1. The proposed city and host chapter.
>>>>
>>>>
>>>>
>>>> 2. The name of the intended local organizer and his/her team committed
>>>> to the task for 201​6​
>>>>
>>>> along with a brief explanation on why the conference committee wants to
>>>> organize an OWASP Global AppSec.  Include anticipated help from volunteers
>>>> before and at the conference.
>>>>
>>>>
>>>>
>>>> 3. Previous conferences or local/regional events experience of the
>>>> conference committee.
>>>>
>>>>
>>>>
>>>> 4. The intended dates for the conference. (Typically includes 2 days of
>>>> pre-conference training, followed by 2 days of conference talks).
>>>>
>>>>
>>>>
>>>> 5. Venue recommendations. If possible, assurance that the following
>>>> will be available:
>>>>
>>>> - A large auditorium with multiple training / lecture rooms near the
>>>> main auditorium.
>>>>
>>>> - Projection & internet facilities in all rooms up to modern standards.
>>>>
>>>> - A suitable networking space near the rooms for registration, breaks
>>>> and other activities.
>>>>
>>>> - A hall near the rooms for sponsor exhibitions.
>>>>
>>>> - Green room, storage room, breakout room, capture the flag area, etc.
>>>>
>>>>  6. Budget. Please use the form on google docs
>>>> https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AhOGWXgQrDnddE9nZnh1UEZzUHJ2cl85R2hVd2IxRGc&usp=drive_web#gid=0 (Since
>>>> many of the categories of expenses are optional, consider this a check
>>>> list. You can add as many items as you want and you do not need to fill in
>>>> every box if you do not want it to be included in your event.)
>>>>
>>>>
>>>>
>>>> 7. Possible "big name" speakers in AppSec who might be plenary speakers
>>>> with low travel costs.
>>>>
>>>>
>>>>
>>>> 8. Realistic prospects for obtaining sponsorship from outside bodies,
>>>> e.g., companies, universities, scientific institutes, media, government,
>>>> etc.
>>>>
>>>>
>>>>
>>>> By submitting an application, you are already demonstrating your
>>>> commitment to OWASP. We really appreciate every proposal we receive,
>>>> however not every proposal will be approved. The selection process that
>>>> will be made by the OWASP operations team with input from previous AppSec
>>>> organizing teams.
>>>>
>>>> · Preference will be given to the community that demonstrates more
>>>> engagement.
>>>>
>>>> · Preference will be given to the team that has successful experience
>>>> organizing local/regional events.
>>>>
>>>> · Preference will be given to a location that has not recently hosted a
>>>> Global AppSec conference.
>>>>
>>>> · Geographic coverage will be considered when selecting conference
>>>> sites.
>>>>
>>>>
>>>>
>>>> *The deadline for applications is March 20th. *
>>>>
>>>>
>>>>
>>>> Should you have any questions concerning the proposal process or need
>>>> assistance with your application, please do not hesitate to contact me.  We
>>>> are looking forward to your proposals!
>>>>
>>>>
>>>>
>>>> Paul Ritchie, OWASP Executive Director
>>>>
>>>> paul.ritchie at owasp.org
>>>>
>>>>  _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150227/2510791b/attachment-0001.html>


More information about the Owasp-board mailing list