[Owasp-board] Code of conduct for OWASP events
helen.gao at owasp.org
Sun Mar 1 16:52:48 UTC 2015
I will convey your feedback to the organizers. I will do my best to improve
the environment this year.
I would really appreciate your continue support to the conference. I will
contact you in a separate email.
On Fri, Feb 27, 2015 at 4:16 PM, Noreen Whysel <noreen.whysel at owasp.org>
> I was at that panel at the joint cybersecurity conference in Brooklyn. In
> theory, it was a good idea. Highlight five women who were Chief Security
> Officers at their respective firms. In practice, it was not so great. It
> was held during lunch in a noisy gymnasium. The previous sessions had gone
> over time and food had not been set up so the panel had to start during a
> lot of clanging and ongoing conversation while people were on line. To top
> it off the person who introduced them said something to the effect of "We
> are going to see why women would want to go into cybersecurity..it isn't a
> vey glamorous career."
> The panel itself was very good. Quite impressive women with stellar
> backgrounds and a lot to say about strides they have made and the
> development of the industry itself. One of the women addressed the
> "glamour" question by stating that she felt it was indeed a glamorous field
> to be in, but I really took it as a calling out of the poor setup. By the
> end I feel that it had quieted enough to get something meaningful out of
> it, at least for me, but there were still many people who chatted with
> their lunch mates throughout the presentation. I blame the setting more
> than the introducer, btw.
> That said, quotas are really hard. In the end it all comes down to who
> submits. Best to strive toward encouraging as many talented women (and
> people of color) as possible to present. Speaker mentoring can be extremely
> helpful also. A lot of us, male and female, struggle with Imposter Syndrome
> so any support is always appreciated.
> Noreen Whysel
> Community Manager
> OWASP Foundation
> On Feb 27, 2015, at 10:16 AM, Helen Gao <helen.gao at owasp.org> wrote:
> Hi Andrew, Michael and the board.
> I don't know what made me to speak out twice in one day even though I am
> not a board member. But I admire Andrew's effort of bring this matter to
> the boardroom. The question of the desired percentage reminds me of the 30%
> Club <http://30percentclub.org/>. It's launched in the UK in 2010 with a
> goal of 30% women corporate boards by end 2015. We shouldn't set a hard
> percentage risking the quality of speakers, but the success of 30% Club did
> show the effectiveness of goal setting.
> BTW, 3 OWASP chapters in the New York metropolitan area are co-organizers
> of New York Metro Joint Cyber Security Conference 2015. There was a well
> received panel discussion of female CISOs in last year's conference. I
> expect to see more female participation this year.
> On Fri, Feb 27, 2015 at 1:12 AM, Michael Coates <michael.coates at owasp.org>
>> (To address the policies comments)
>> Here are the conference speaker policies. These policies address most of
>> your comments already.We just need to make sure the policies are visible on
>> the conference website and not just on the owasp wiki and also in our terms
>> and contracts.
>> I'll fix AppSecUSA in just a moment.
>> (Regarding diversity of speakers)
>> Agree that more diversity in submission is better than less.
>> * Require conference committees to send out invitations to as many women
>> speakers as possible there is diversity in submissions.
>> > I'm not sure what this means in practice. We're broadcasting out CFP
>> far and wide. Perhaps the community can create a google spreadsheet with
>> lists of ideas to advertise AppSec conferences. We can then make it
>> standard practice for conferences to advertise CFP to everything on the
>> * We should also help with helping folks create solid CFPs that are more
>> likely to succeed if submissions are to be chosen solely by merit.
>> > Certainly not against it. If a group wants to provide tips and
>> techniques to make better CFPs then that's great. I don't think this should
>> be a requirement or expectation of the conference organizers. They already
>> have plenty of items on their plate.
>> * what is the desired percentage of talks that should be given by women,
>> how we will achieve that goal, and when shall we achieve that goal?
>> > Discussion is good. We should always select the best talks for a
>> conference. We should also always encourage a wide range of people to
>> submit talks and help them submit good talks. In addition OWASP has such a
>> range of speaking opportunities from global conferences to regional and
>> local events there are numerous ways for people to build their speaking
>> skills This however is separate from target percentages which I don't
>> believe would have the net effect you're hoping for.
>> Michael Coates | @_mwc <https://twitter.com/intent/user?screen_name=_mwc>
>> OWASP Global Board
>> Join me at AppSecUSA <http://AppSecUSA.org> 2015 in San Francisco!
>> On Thu, Feb 26, 2015 at 7:13 PM, Andrew van der Stock <vanderaj at owasp.org
>> > wrote:
>>> Hi folks,
>>> It's way, way, way past time for discussions to start as we are running
>>> several global branded events in 2015 and NONE of them have a code of
>>> conduct or anti-harrassment policy and already two of our three or four
>>> events have either zero or only one woman speakers, despite AppSec EU
>>> having over 120 CFP submissions.
>>> If you believe things are fine or that is just how our industry is, that
>>> ship sailed back in 1950. Let's get to a consensus and work towards fixing
>>> this problem.
>>> We have almost certainly started to sign up sponsors, vendors, and CFPs
>>> are open, so we have to do something now before we can't until 2016.
>>> Inaction allows the status quo to thrive, and it's really unacceptable.
>>> LatAm Tour 2015: Speaker agreement: Nothing. No women speakers.
>>> LatAm Tour 2015: Instructor agreement: Nothing. No women instructors as
>>> far as I can tell
>>> LatAm Tour 2015: Sponsor opportunities. Nothing
>>> AppSec EU 2015: Nothing in our speaker, sponsor, or vendor information.
>>> Just one woman co-speaker selected from 120 submissions. Really? In 2015?
>>> AppSecUSA 2015 code of conduct: Nothing.
>>> AppSecUSA 2015 vendor form: Nothing.
>>> AppSecUSA 2015 speaker agreement form: Nothing
>>> Maybe now you can see the problem. It shouldn't be up to the organizers
>>> of each year to determine and include these policies, they should be
>>> overlays for all our events, like our Code of Ethics is.
>>> Despite all this doom and gloom, our anti-harassment policy for OWASP
>>> AppSec USA 2014 is okay. It's not surprising that there were women speakers
>>> at this event, but only just barely: five women speakers out of 78 (6%),
>>> including Kate who talked about starting a chapter. This is actually our
>>> best representation for all the events I looked at.
>>> AppSecUSA 2014 Code of conduct:
>>> It should be linked to in all speaker agreement, the vendor and
>>> sponsorship agreements. I am very disappointed that none of the events in
>>> 2015 seem to be using it.
>>> Other code of conducts you may be interested in:
>>> Linux.conf.au is the only global Linux conference Linus attends every
>>> Black Hat did not implode with this code of conduct:
>>> KiwiCon's Code of Conduct is antipodean direct:
>>> They kicked out speakers Ben Nagy and the Grugq last year, so it's not
>>> just ASCII art.
>>> I wanted to share with you BruCon's Code of Conduct as they started with
>>> the Ada Initiative in 2013, and then modified it after it was used against
>>> At the very least, I'm looking for the Board to discuss this issue at
>>> our next Board meeting, and I'd like for us to vote on the following as a
>>> * We make AppSec USA's 2014 Code of Conduct / Anti-harassment policy the
>>> de facto starting point for all our conferences, globally.
>>> * Adopt a reference in the standard OWASP Speaker's agreement form that
>>> points to this policy
>>> * Add in a reference to the standard OWASP vendor / sponsor agreement
>>> form that points to this policy, as well as prohibiting sexualized staff
>>> members (booth babes and the fictitious booth dudes).
>>> * Require the LatAm Tour, AppSec EU and AppSec US 2015 organisers to use
>>> these updated policies, which will almost certainly entail getting back to
>>> the already chosen speakers, sponsors and vendors and getting them to
>>> re-agree to it. As it was already policy in 2014, this shouldn't be too
>>> much of a stretch as it was most likely overlooked or forgotten.
>>> For AppSec USA 2015 and beyond, we really need to get them to encourage
>>> submissions from women. If a conference gets zero CFP submissions by women,
>>> you will have zero talks by women. I do not believe for a second there are
>>> zero women in our industry. We need to stop being passive about this, and
>>> start recruiting women to submit talks.
>>> * Require conference committees to send out invitations to as many women
>>> speakers as possible there is diversity in submissions.
>>> * We should also help with helping folks create solid CFPs that are more
>>> likely to succeed if submissions are to be chosen solely by merit. I don't
>>> think this should be restricted to just women, but should also include
>>> first time speakers, who often struggle to get their first speaking gig at
>>> a large conference.
>>> I would like to get us to talk about the best way to achieve a desired
>>> outcome - what is the desired percentage of talks that should be given by
>>> women, how we will achieve that goal, and when shall we achieve that goal?
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
> Helen Gao, CISSP
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
Helen Gao, CISSP
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board