[Owasp-board] Update on 2016 AppSec Conference & 'Call to Host'

Bil Corry bil.corry at owasp.org
Sun Mar 1 21:10:20 UTC 2015

For Europe, I read that Luxembourg offers an incentive for hosting conferences in the country.  "For example, a conference with over 100 registered participants and 100 hotel bookings can receive up to 18,000 euros in support, providing at least half of the attendees have travelled to Luxembourg from abroad."




I don't know anything more about it than what that article says, but it might be worth considering.


- Bil



From: owasp-board-bounces at lists.owasp.org [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Jim Manico
Sent: Thursday, February 26, 2015 11:49 PM
To: Michael Coates
Cc: OWASP Foundation Board List
Subject: Re: [Owasp-board] Update on 2016 AppSec Conference & 'Call to Host'


And how about instead of giving one chapter a huge chunk of $ for a big national conference, spread it around - especially to new chapters who are low on funding.


Jim Manico


(808) 652-3805

On Feb 26, 2015, at 11:24 PM, Michael Coates <michael.coates at owasp.org> wrote:

Seems like there is lots of support for hybrid that puts much stronger foundation role for global events and leaves all regional and local events to local teams to lead (as they currently are).


For global events (at least AppSecUSA) I'd float they idea of alternating NYC and San Francisco. Two huge markets where we'll have established location and partners. But I'd push back on our planning for local support - I think we should map out all the activities for an established location and see how many could be accomplished by foundation (with necessary staffing) and how many would need feet on the ground in the location. I bet we could find a model that worked pretty well. Plus, combine that with a task force of previous AppSecUSA advisors (i.e. previous planners) and you've got a great mix of skills.

Michael Coates | @_mwc <https://twitter.com/intent/user?screen_name=_mwc> 

OWASP Global Board

Join me at AppSecUSA <http://AppSecUSA.org>  2015 in San Francisco!




On Thu, Feb 26, 2015 at 2:18 PM, Noreen Whysel <noreen.whysel at owasp.org> wrote:



At my old job,the IA Institute relied on a tiered combination of global and local sponsors. It is a model that works best for regional events, but for international level events, gives local companies potential exposure to a global market if they have the interest and means to expand globally. We tended to see global sponsors signing on for exhibitor tables, donating software, and writing big checks to cover operational expenses, while local sponsors who know the lay of the land would play host by doing networking events or speaker dinners at local taverns and restaurants, or cover food (local caterers) and venue (if held at a corporate office).

Noreen Whysel
Community Manager

OWASP Foundation

On Feb 26, 2015, at 3:57 PM, Josh Sokol <josh.sokol at owasp.org> wrote:

Having been the Chair of AppSecUSA 2012, I can say that hosting an AppSec Conference is a lot for a local team of volunteers to handle.  We did it with minimal assistance from the Foundation for everything from Sponsorships (had to find our own) to Sessions (had to solicit our own speakers).  There was no Laura (or equivalent) at the time and Sarah's feedback was about all we had in terms of guidance from the Foundation.  I'm pretty sure we've come a long ways since then, but I believe that we still have a very heavy focus on the local boots on the ground doing the majority of the work.  It's extremely tiresome and I literally told people afterward that I would never do it again.  This situation was actually a large part of my rationale for the Foundation to stop trying to take money from the chapters who decide to put on conferences.  Every dollar taken away from them is one less reason for them to want to host one of these.  We should be trying to incentivize as many chapters as possible to attempt local conferences because it gives leaders the skills necessary to tackle the big show.  

My suggestion here, based on my experience, is to find a chapter with strong project planning skills and a solid location.  When we move the event year after year we lose every bit of experience with the venue and processes and have to renegotiate everything from scratch.  Conference planning is easiest when it's a formula, like LASCON.  Same location, very few unknowns, solid performance YOY.  When you know what to expect, you can focus more time and energy on improving the formula, rather than re-inventing it.  If NYC or San Francisco fits that bill, and the local planning team is willing to take it on, then I say we go all in and commit to it.  Simultaneously, we need to commit to the local chapter leaders that they will be rewarded handsomely for their efforts.  OWASP Austin got exactly $0 from AppSecUSA 2012.  I believe that the profit sharing policy was changed the next year though so that may already be addressed.  Regardless, if you are asking these leaders to spend a year of their lives to make the conference a success, then they should be rewarded with a year of chapter funding.  I also think that we need to significantly bump up the level of support from the Foundation.  Perhaps it's changed since we ran it, but conference planners should handle venue, schedule, speaker selection, volunteers, etc.  They should not be responsible for finding sponsors.  That should be handled entirely by the Foundation as it takes a huge weight off their shoulders.  I'm sure there's more that's not coming to mind right now, but hopefully that's helpful for this conversation.



On Thu, Feb 26, 2015 at 2:32 PM, Michael Coates <michael.coates at owasp.org> wrote:

One other note: I do think the path forward is likely a hybrid model. But to be far, the announcement for 2016 went out on Dec 26 and I haven't seen another email since. I wouldn't be surprised if everyone missed it. That said, we'd still likely only get 1 or 2 submissions and it's unknown if we'd want to go to that location.

Michael Coates | @_mwc <https://twitter.com/intent/user?screen_name=_mwc> 

OWASP Global Board

Join me at AppSecUSA <http://AppSecUSA.org>  2015 in San Francisco!




On Thu, Feb 26, 2015 at 12:30 PM, Jim Manico <jim.manico at owasp.org> wrote:



I'm a fan of that as well. A stable location has a better potential for growth. These events are so crucial to our fiscal health I like the idea of additional professional support to run a stable event. We sure do run these major events with minimal staff...


NYC seems to have huge potential. Perhaps SF too, lets see how we do this year.


Details aside, I agree with your general vision here.




Jim Manico


(808) 652-3805 <tel:%28808%29%20652-3805> 

On Feb 26, 2015, at 9:25 PM, Michael Coates <michael.coates at owasp.org> wrote:

I'm not surprised and was prepared that this day would come. It is a tall order to host and lots of risk for our org to nearly start from scratch each event. 


I'd like to discuss a hybrid model that is led by foundation in preset locations where we can leverage known resources for repeatability and scale. We can still rotate to some degree but it's between known locations. This combined with a community effort for some aspects and dedicated new staff resources would work well. We gain stability and still leverage community for some aspects while driving from the foundation. 


On Feb 26, 2015, at 12:13 PM, Paul Ritchie <paul.ritchie at owasp.org> wrote:

Hello OWASP Board members:

Issue: During our OWASP staff meeting today we discussed that we have not received any proposals to host an AppSec Conference in 2016.

Laura put out the call for proposals back in late December, and it was followed up in our Connector newsletter. The Deadline for submissions was February 27. Although several people looked seriously at the prospect of hosting, none have submitted a formal proposal to host the 2016 AppSec.

Next Steps: I plan to extend the 'Call for Proposals' period another 3 weeks to see if we can stimulate some additional interest for our AppSec conferences in Europe & US. To accomplish that, I have streamlined Laura's original email and plan to resend no later than Monday, March 2 to our Leaders & Community email group lists.

During our Staff meeting today we discussed several good options in case we don't receive a proposal, but first, lets give the Community another opportunity to 'step up' and 'take the lead' for our 2016 events.

Just FYI for now since several of you were asking about progress in this area.


========== TEXT OF APPSEC2016 CALL FOR PROPOSALS =============

Hello All,

Is your Chapter or Region interested in hosting our 2016 AppSec Conference for Europe or USA?  OWASP is actively seeking proposals and we encourage any community member interested in hosting a​n OWASP​ ​Global Conference to submit a proposal.


Hosting a conference requires commitment, responsibility and a lot of time, energy and effort to properly plan and implement a conference. For more information see the How to Host a Conference page. https://www.owasp.org/index.php/How_to_Host_a_Conference


The dates of each OWASP Global AppSec conference vary somewhat each year but ideally the conference is held:

·        Europe ​- Q2​ 2016

·        North America​ - Q3​ 2016

To bid for a 201​6 OWASP Global AppSec please complete the OCMS form http://www.tfaforms.com/301382 with the following information by March 2​0th, 201​5.   Please include the following information.


1. The proposed city and host chapter.


2. The name of the intended local organizer and his/her team committed to the task for 201​6​

along with a brief explanation on why the conference committee wants to organize an OWASP Global AppSec.  Include anticipated help from volunteers before and at the conference.


3. Previous conferences or local/regional events experience of the conference committee.


4. The intended dates for the conference. (Typically includes 2 days of pre-conference training, followed by 2 days of conference talks).


5. Venue recommendations. If possible, assurance that the following will be available:

- A large auditorium with multiple training / lecture rooms near the main auditorium.

- Projection & internet facilities in all rooms up to modern standards.

- A suitable networking space near the rooms for registration, breaks and other activities.

- A hall near the rooms for sponsor exhibitions.

- Green room, storage room, breakout room, capture the flag area, etc.

6. Budget. Please use the form on google docs https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AhOGWXgQrDnddE9nZnh1UEZzUHJ2cl85R2hVd2IxRGc <https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AhOGWXgQrDnddE9nZnh1UEZzUHJ2cl85R2hVd2IxRGc&usp=drive_web#gid=0> &usp=drive_web#gid=0 (Since many of the categories of expenses are optional, consider this a check list. You can add as many items as you want and you do not need to fill in every box if you do not want it to be included in your event.)


7. Possible "big name" speakers in AppSec who might be plenary speakers with low travel costs.


8. Realistic prospects for obtaining sponsorship from outside bodies, e.g., companies, universities, scientific institutes, media, government, etc.


By submitting an application, you are already demonstrating your commitment to OWASP. We really appreciate every proposal we receive, however not every proposal will be approved. The selection process that will be made by the OWASP operations team with input from previous AppSec organizing teams. 

· Preference will be given to the community that demonstrates more engagement.

· Preference will be given to the team that has successful experience organizing local/regional events.

· Preference will be given to a location that has not recently hosted a Global AppSec conference.

· Geographic coverage will be considered when selecting conference sites.


The deadline for applications is March 20th. 


Should you have any questions concerning the proposal process or need assistance with your application, please do not hesitate to contact me.  We are looking forward to your proposals!


Paul Ritchie, OWASP Executive Director

paul.ritchie at owasp.org


Owasp-board mailing list
Owasp-board at lists.owasp.org

Owasp-board mailing list
Owasp-board at lists.owasp.org


Owasp-board mailing list
Owasp-board at lists.owasp.org


Owasp-board mailing list
Owasp-board at lists.owasp.org


Owasp-board mailing list
Owasp-board at lists.owasp.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150301/63cac7bf/attachment-0001.html>

More information about the Owasp-board mailing list