[Owasp-board] O'Reilly

Tom Brennan - OWASP tomb at owasp.org
Sat Mar 19 12:20:02 UTC 2016

Great stuff outreach is good and O'Reilly has been good to OWASP chapters
with free books for those that ask and the plan around that global effort

Will be interesting to also review the results of the conference survey
Kelly did from the general mailing lists and rank them

On Saturday, March 19, 2016, Matt Konda <matt.konda at owasp.org> wrote:

> Hi.
> As you may know, O'Reilly announced this week that they are running a new
> Security conference.
> My initial take is that the emergence of a new security conference out of
> O'Reilly is "a good thing"™. I believe there is some risk but also some
> opportunity here since O'Reilly also hosts many key developer conferences
> and is a substantial communication platform with developers with their
> books and video training content.
> The approach I would generally recommend and advocate for would be a "make
> people look and feel good by association with OWASP" and basically try to
> help and collaborate in a purely altruistic way aligned with OWASP's
> mission.  But I wanted to toss this by the broader board for input because
> there are obviously some risks and philosophical questions we want to be
> clear about if we do engage.
> I know some people at O'Reilly so I navigated and talked with O'Reilly's
> VP of Conferences Friday to explore what they are doing.  The conference is
> definitely a general security conference not focused on AppSec - but it
> will likely include some AppSec content.  They are *very* interested in
> co-marketing possibilities.  They would be super interested in sponsors.
> Obviously, their business model is to make profit from the conference, book
> and other content that they license.
> Undoubtedly they are responding to market opportunity.  One outcome would
> be to take this as a signal to run more AppSecs or really push more mid
> size regional events.  That could mean hiring more staff to help.  They are
> also expanding into Asia with local organizations on the ground to do that.
> As we are, they are passionate about the editorial and commercial
> independence of their content. Within that constraint, there may be
> opportunities to assist as a resource to their conference chairs looking to
> inject some security talks into their events.  We already have a goal to
> get OWASP related content into their conferences such as Velocity, OSCON,
> Software Architecture, Strata etc. as a conscious and first class item.
> Maybe we could suggest invited speakers and topics and help with talk
> selection.  Maybe we could even get our name on a track if we help their
> conference chairs?  Definitely idealistic and open ended at this point, but
> maybe interesting?  Probably depends a lot conference chair to conference
> chair.  This would require a sustained and organized effort specifically
> for this by a group of OWASP volunteers.
> Just to be clear, I framed the discussion with O'Reilly as:  I'm gathering
> information and looking at ideas, there are operational processes and a
> bigger decision making process behind me at OWASP that would have to happen
> for any of these things, I just wanted to understand where O'Reilly were
> coming from and what the possible collaboration paths might be.
> I think at the very least we should explore co-marketing possibilities -
> and as we do so, I would encourage us to value our brand and experience and
> also to think outside the box about what the most ambitious possibilities
> are for OWASP and make sure to push for deeper and meaningful commitments
> from them.  There may be ways that we can support them that dramatically
> change our communication strategy with developers - let's talk about those.
> In any case, I think this raises some interesting possibilities and issues
> so I wanted to share the information I had gathered and give you all the
> opportunity to weigh in.
> Best,
> Matt


Tom Brennan
Global Board of Directors
NYC/NJ Metro Chapter Leader
(d) 973-506-9304

OWASP Foundation | www.owasp.org

The information contained in this message and any attachments may be 
privileged, confidential, proprietary or otherwise protected from 
disclosure. If you, the reader of this message, are not the intended 
recipient, you are hereby notified that any dissemination, distribution, 
copying or use of this message and any attachment is strictly prohibited. 
If you have received this message in error, please notify the sender 
immediately by replying to the message, permanently delete it from your 
computer and destroy any printout.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20160319/3de44947/attachment.html>

More information about the Owasp-board mailing list