[Owasp-board] Update on 2016 AppSec Conference & 'Call to Host'

Michael Coates michael.coates at owasp.org
Fri Feb 27 15:23:40 UTC 2015


Regarding US I think the two permanent locations is a good idea. I proposed NYC on the east coast and San Francisco on the west coast. We just alternate between the two each year. 



> On Feb 27, 2015, at 6:54 AM, Helen Gao <helen.gao at owasp.org> wrote:
> 
> Hi Andrew and the board.
> 
> Based on my experience with Asia Pacific since 2008, it makes sense to have a different strategy for that area.  I am not a board member but I care about OWASP deeply. So here are my two cents.
> 
> It's quite difficult to travel to another country to attend a conference. Many don't have passports, a credit card to pay for the registration in foreign currency, or the fund to apply for a visa. It's understandable that AppSec in one country will have less attendees from other countries. But if we continue to let each country get a chance to host then nobody will feel left out. I think the foundation has been doing an excellent job so far being sensitive to the diversity of the area.
> 
> Coming back to US, is it possible to have 2 permanent cities, one on east  and the other on the west coast?
> 
> Helen Gao, CISSP
> Organizer of AppSec APAC 2010 and 2011
> Founder and leader of OWASP Long Island Chapter
> Leader of OWASP Chinese Project
> Former Chair of Global Membership Committee
> Women for AppSec in AppSecUSA 2012
> 
> 
>> On Fri, Feb 27, 2015 at 12:16 AM, Andrew van der Stock <vanderaj at owasp.org> wrote:
>> +1 
>> 
>> It's a lot of work to do an appsec conference. Having so much of our income tied to folks who are starting from scratch every year is a lot to ask.
>> 
>> Considering I don't think we have an AppSec Asia Pac this year (or at least I can't find it), having the hybrid model is a great idea. 
>> 
>> In AsiaPac, Singapore is one of the best locations as it's almost equi-distant to all parts of South East Asia. Japan is a bit expensive, and Hong Kong a bit far for many when incomes in our region are not that high. We only had 100 folks at the last AsiaPac conference held in Australia, so I would support it being in Singapore or KL over us. 
>> 
>> thanks
>> Andrew
>> 
>>> On Fri, Feb 27, 2015 at 9:24 AM, Michael Coates <michael.coates at owasp.org> wrote:
>>> Seems like there is lots of support for hybrid that puts much stronger foundation role for global events and leaves all regional and local events to local teams to lead (as they currently are).
>>> 
>>> For global events (at least AppSecUSA) I'd float they idea of alternating NYC and San Francisco. Two huge markets where we'll have established location and partners. But I'd push back on our planning for local support - I think we should map out all the activities for an established location and see how many could be accomplished by foundation (with necessary staffing) and how many would need feet on the ground in the location. I bet we could find a model that worked pretty well. Plus, combine that with a task force of previous AppSecUSA advisors (i.e. previous planners) and you've got a great mix of skills.
>>> 
>>> 
>>> --
>>> Michael Coates | @_mwc
>>> OWASP Global Board
>>> Join me at AppSecUSA 2015 in San Francisco!
>>> 
>>> 
>>> 
>>> 
>>>> On Thu, Feb 26, 2015 at 2:18 PM, Noreen Whysel <noreen.whysel at owasp.org> wrote:
>>>> Josh,
>>>> 
>>>> At my old job,the IA Institute relied on a tiered combination of global and local sponsors. It is a model that works best for regional events, but for international level events, gives local companies potential exposure to a global market if they have the interest and means to expand globally. We tended to see global sponsors signing on for exhibitor tables, donating software, and writing big checks to cover operational expenses, while local sponsors who know the lay of the land would play host by doing networking events or speaker dinners at local taverns and restaurants, or cover food (local caterers) and venue (if held at a corporate office).
>>>> 
>>>> Noreen Whysel
>>>> Community Manager
>>>> OWASP Foundation
>>>> 
>>>>> On Feb 26, 2015, at 3:57 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>>>> 
>>>> 
>>>>> Having been the Chair of AppSecUSA 2012, I can say that hosting an AppSec Conference is a lot for a local team of volunteers to handle.  We did it with minimal assistance from the Foundation for everything from Sponsorships (had to find our own) to Sessions (had to solicit our own speakers).  There was no Laura (or equivalent) at the time and Sarah's feedback was about all we had in terms of guidance from the Foundation.  I'm pretty sure we've come a long ways since then, but I believe that we still have a very heavy focus on the local boots on the ground doing the majority of the work.  It's extremely tiresome and I literally told people afterward that I would never do it again.  This situation was actually a large part of my rationale for the Foundation to stop trying to take money from the chapters who decide to put on conferences.  Every dollar taken away from them is one less reason for them to want to host one of these.  We should be trying to incentivize as many chapters as possible to attempt local conferences because it gives leaders the skills necessary to tackle the big show.  
>>>>> 
>>>>> My suggestion here, based on my experience, is to find a chapter with strong project planning skills and a solid location.  When we move the event year after year we lose every bit of experience with the venue and processes and have to renegotiate everything from scratch.  Conference planning is easiest when it's a formula, like LASCON.  Same location, very few unknowns, solid performance YOY.  When you know what to expect, you can focus more time and energy on improving the formula, rather than re-inventing it.  If NYC or San Francisco fits that bill, and the local planning team is willing to take it on, then I say we go all in and commit to it.  Simultaneously, we need to commit to the local chapter leaders that they will be rewarded handsomely for their efforts.  OWASP Austin got exactly $0 from AppSecUSA 2012.  I believe that the profit sharing policy was changed the next year though so that may already be addressed.  Regardless, if you are asking these leaders to spend a year of their lives to make the conference a success, then they should be rewarded with a year of chapter funding.  I also think that we need to significantly bump up the level of support from the Foundation.  Perhaps it's changed since we ran it, but conference planners should handle venue, schedule, speaker selection, volunteers, etc.  They should not be responsible for finding sponsors.  That should be handled entirely by the Foundation as it takes a huge weight off their shoulders.  I'm sure there's more that's not coming to mind right now, but hopefully that's helpful for this conversation.
>>>>> 
>>>>> ~josh
>>>>> 
>>>>>> On Thu, Feb 26, 2015 at 2:32 PM, Michael Coates <michael.coates at owasp.org> wrote:
>>>>>> One other note: I do think the path forward is likely a hybrid model. But to be far, the announcement for 2016 went out on Dec 26 and I haven't seen another email since. I wouldn't be surprised if everyone missed it. That said, we'd still likely only get 1 or 2 submissions and it's unknown if we'd want to go to that location.
>>>>>> 
>>>>>> 
>>>>>> --
>>>>>> Michael Coates | @_mwc
>>>>>> OWASP Global Board
>>>>>> Join me at AppSecUSA 2015 in San Francisco!
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>>> On Thu, Feb 26, 2015 at 12:30 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>>>>>> Michael,
>>>>>>> 
>>>>>>> I'm a fan of that as well. A stable location has a better potential for growth. These events are so crucial to our fiscal health I like the idea of additional professional support to run a stable event. We sure do run these major events with minimal staff...
>>>>>>> 
>>>>>>> NYC seems to have huge potential. Perhaps SF too, lets see how we do this year.
>>>>>>> 
>>>>>>> Details aside, I agree with your general vision here.
>>>>>>> 
>>>>>>> Cheers,
>>>>>>> --
>>>>>>> Jim Manico
>>>>>>> @Manicode
>>>>>>> (808) 652-3805
>>>>>>> 
>>>>>>>> On Feb 26, 2015, at 9:25 PM, Michael Coates <michael.coates at owasp.org> wrote:
>>>>>>>> 
>>>>>>>> I'm not surprised and was prepared that this day would come. It is a tall order to host and lots of risk for our org to nearly start from scratch each event. 
>>>>>>>> 
>>>>>>>> I'd like to discuss a hybrid model that is led by foundation in preset locations where we can leverage known resources for repeatability and scale. We can still rotate to some degree but it's between known locations. This combined with a community effort for some aspects and dedicated new staff resources would work well. We gain stability and still leverage community for some aspects while driving from the foundation. 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>>> On Feb 26, 2015, at 12:13 PM, Paul Ritchie <paul.ritchie at owasp.org> wrote:
>>>>>>>>> 
>>>>>>>>> Hello OWASP Board members:
>>>>>>>>> 
>>>>>>>>> Issue:  During our OWASP staff meeting today we discussed that we have not received any proposals to host an AppSec Conference in 2016.
>>>>>>>>> Laura put out the call for proposals back in late December, and it was followed up in our Connector newsletter.  The Deadline for submissions was February 27.  Although several people looked seriously at the prospect of hosting, none have submitted a formal proposal to host the 2016 AppSec.
>>>>>>>>> 
>>>>>>>>> Next Steps:  I plan to extend the 'Call for Proposals' period another 3 weeks to see if we can stimulate some additional interest for our AppSec conferences in Europe & US.   To accomplish that, I have streamlined Laura's original email and plan to resend no later than Monday, March 2 to our Leaders & Community email group lists.
>>>>>>>>> 
>>>>>>>>> During our Staff meeting today we discussed several good options in case we don't receive a proposal, but first, lets give the Community another opportunity to 'step up' and 'take the lead' for our 2016 events.
>>>>>>>>> 
>>>>>>>>> Just FYI for now since several of you were asking about progress in this area.
>>>>>>>>> Paul
>>>>>>>>> 
>>>>>>>>> ========== TEXT OF APPSEC2016 CALL FOR PROPOSALS =============
>>>>>>>>> Hello All,
>>>>>>>>> Is your Chapter or Region interested in hosting our 2016 AppSec Conference for Europe or USA?  OWASP is actively seeking proposals and we encourage any community member interested in hosting a​n OWASP​ ​Global Conference to submit a proposal.
>>>>>>>>>  
>>>>>>>>> Hosting a conference requires commitment, responsibility and a lot of time, energy and effort to properly plan and implement a conference. For more information see the How to Host a Conference page. https://www.owasp.org/index.php/How_to_Host_a_Conference
>>>>>>>>>  
>>>>>>>>> The dates of each OWASP Global AppSec conference vary somewhat each year but ideally the conference is held:
>>>>>>>>> ·        Europe ​- Q2​ 2016
>>>>>>>>> 
>>>>>>>>> ·        North America​ - Q3​ 2016
>>>>>>>>> 
>>>>>>>>> To bid for a 201​6 OWASP Global AppSec please complete the OCMS form http://www.tfaforms.com/301382 with the following information by March 2​0th, 201​5.   Please include the following information.
>>>>>>>>>  
>>>>>>>>> 1. The proposed city and host chapter.
>>>>>>>>>  
>>>>>>>>> 2. The name of the intended local organizer and his/her team committed to the task for 201​6​
>>>>>>>>> along with a brief explanation on why the conference committee wants to organize an OWASP Global AppSec.  Include anticipated help from volunteers before and at the conference.
>>>>>>>>>  
>>>>>>>>> 3. Previous conferences or local/regional events experience of the conference committee.
>>>>>>>>>  
>>>>>>>>> 4. The intended dates for the conference. (Typically includes 2 days of pre-conference training, followed by 2 days of conference talks).
>>>>>>>>>  
>>>>>>>>> 5. Venue recommendations. If possible, assurance that the following will be available:
>>>>>>>>> - A large auditorium with multiple training / lecture rooms near the main auditorium.
>>>>>>>>> - Projection & internet facilities in all rooms up to modern standards.
>>>>>>>>> - A suitable networking space near the rooms for registration, breaks and other activities.
>>>>>>>>> - A hall near the rooms for sponsor exhibitions.
>>>>>>>>> - Green room, storage room, breakout room, capture the flag area, etc.
>>>>>>>>> 
>>>>>>>>> 6. Budget. Please use the form on google docs https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AhOGWXgQrDnddE9nZnh1UEZzUHJ2cl85R2hVd2IxRGc&usp=drive_web#gid=0 (Since many of the categories of expenses are optional, consider this a check list. You can add as many items as you want and you do not need to fill in every box if you do not want it to be included in your event.)
>>>>>>>>>  
>>>>>>>>> 7. Possible "big name" speakers in AppSec who might be plenary speakers with low travel costs.
>>>>>>>>>  
>>>>>>>>> 8. Realistic prospects for obtaining sponsorship from outside bodies, e.g., companies, universities, scientific institutes, media, government, etc.
>>>>>>>>>  
>>>>>>>>> By submitting an application, you are already demonstrating your commitment to OWASP. We really appreciate every proposal we receive, however not every proposal will be approved. The selection process that will be made by the OWASP operations team with input from previous AppSec organizing teams.
>>>>>>>>> · Preference will be given to the community that demonstrates more engagement.
>>>>>>>>> · Preference will be given to the team that has successful experience organizing local/regional events.
>>>>>>>>> · Preference will be given to a location that has not recently hosted a Global AppSec conference.
>>>>>>>>> · Geographic coverage will be considered when selecting conference sites.
>>>>>>>>>  
>>>>>>>>> The deadline for applications is March 20th.
>>>>>>>>>  
>>>>>>>>> Should you have any questions concerning the proposal process or need assistance with your application, please do not hesitate to contact me.  We are looking forward to your proposals!
>>>>>>>>>  
>>>>>>>>> Paul Ritchie, OWASP Executive Director
>>>>>>>>> paul.ritchie at owasp.org
>>>>>>>>> 
>>>>>>>>> _______________________________________________
>>>>>>>>> Owasp-board mailing list
>>>>>>>>> Owasp-board at lists.owasp.org
>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>>> _______________________________________________
>>>>>>>> Owasp-board mailing list
>>>>>>>> Owasp-board at lists.owasp.org
>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>> 
>>>>>> 
>>>>>> _______________________________________________
>>>>>> Owasp-board mailing list
>>>>>> Owasp-board at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>> 
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>> 
>>> 
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>> 
>> 
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
> 
> 
> 
> -- 
> Helen Gao, CISSP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150227/a934cb66/attachment-0001.html>


More information about the Owasp-board mailing list