[Owasp-leaders] Chapters Leaders, get into AppSecDC FOR FREE!!!

dinis cruz dinis.cruz at owasp.org
Thu Sep 17 07:03:48 EDT 2009

Hey Rex, AppSec DC team and owasp leaders
First I just would like to second (i.e. agree with) Jeff's earlier email
(sent to Rex & AppSec DC team directly) saying that:
*"...**From my perspective, the planning of AppSec DC 2009 has been
conducted with an extraordinary amount of professionalism and diligence. The
Board is 100% behind your efforts.  Please let us know how we can help
promote the conference and make it an even bigger success.  Thank you for
all your great work on this..." **(Jeff Williams)*

That said :)  and on the topic of giving Free attendance to active
owasp-leaders, I would like to add a couple more points (which I'm doing
here on the owasp-leaders list since (I think) this is owasp community wide

1) From my (personal) point of view OWASP is about building a great
community of talented people which is focused on solving the ('small')
problem of application security
2) Although we have a great community with tons of great people across the
world, I don't think we (OWASP as an organization) do ENOUGH to thank our
most active contributors (who are, lets not forget, who make OWASP OWASP)
3) I am also very aware that although we are all quite individual
talented/knowledgeable (each with its own unique areas of expertise), there
is ONLY SO MUCH we can do as INDIVIDUALS, and is it only when two-or-more
OWASPers talk to each other and COLLABORATE that real MAGIC occurs
4) Taking the view that in order to increase OWASP productivity, quality and
'products' we need "OWASP to work better with OWASP" and "OWASP to work
better with the WORLD" (something we are not as good we should be), I view
(as a Board member) my responsibility to help making these CONNECTIONS and
help taking OWASP to the next level
5) So when I asked the question on *"...** 'owasp chapter leaders to have to
recruit other  two attendees to get a free ticket?.."* my objective was not
to undermine or put in question the GREAT WORK REX AND THE APPSEC DC ARE
DOING, but :)   , to 'gently' raise the issue and see if we can help the
'owasp chapter/project' leaders to attend this conference.
6) before, I describe why I don't agree with having the requirement for
owasp-leaders to 'find two ticket buyers', I just want to make clear that
this decision falls into the responsibility of the AppSec DC conference
since they are the ones that are managing the budget for this conference :)
. And remember that NOTHING in OWASP is set in stone, so if something make
sense, IS DOABLE and respects OWASP's values, then it is better to change it
sooner rater than later
7) one more point on owasp leaders. As a sign of recognition of their great
work and contributions, at the last OWASP board meeting we (finally!!!!!!)
decided to make OWASP members ALL active & past owasp project & chapter
leaders. There is currently a work thread at 3 Committees (Membership,
Chapters and Projects) to try to figure out the criteria to do this, but
basically the idea is to give all selected individuals (or companies) the
option to: a) receive a free 1 year membership or b) pay for it. The irony
is that I (Dinis) am not an OWASP member :)  , and the main reasons is
because I had no requirement to become one. Now with the forthcoming
elections and this offer, I will HAVE to become a member, and I will gladly
pay the 50 USD membership fee, since even adding the time I put in OWASP, I
still have enough value received from OWASP to justify the 'business
expense' of 50 USD :)  :)
8) finally, on the issue of owasp-leaders having to *'find two ticket buyers
to get a free ticket for the AppSec DC' *(and even other OWASP conferences)
   a) OWASP leaders are NOT paid for they contributions, so any successful
OWASP leader has stories of sweet,blood,tears, long-hours, etc....
   b) some OWASP leaders are able to 'work' on OWASP while on their
employers time (sometime that we still fail to recognize is most cases), but
I think it is fair to say that MOST of the work done is executed outside the
work environment and in exchange for family/leisure/relaxing/sport time or
(for independent contractors) in exchange for working on paid engagements
(i.e. there is a significant PERSONAL or (short term) FINANCIAL cost in
being an active OWASP leader)
   c) we can't underestimate the work and value created by these owasp
leaders (both chapters and projects) since they are the reason for our
success and for the fact that we have tons of exciting projects, conferences
and chapter meetings
   d) although OWASP is not a wealthy organization with Millions of Dollars
in funds (like Mozilla or Wikipedia), and there WAS a significant DROP in
INCOME of Corporate memberships in 2009 due to the (correct) decision to
simplify the corporate membership to 5k USD and allocate 40% of it to the
local chapter. That said OWASP DOES have (some available) funds, and it is
our (the Board and you all) responsibility to make sure we use those funds
*   e) so, on the question of** 'giving free conference tickets to OWASP
leaders'** the question that I would like to see an answer is 'How much does
that cost to OWASP?'*
   f) maybe the solution is to push this cost to the OWASP Board (or even
the local chapter if they have funds to support its chapter leader to
participate on OWASP AppSec conferences (tickets, travel and accommodation))
   g) back to the topic of the OWASP leader participating on OWASP AppSec
       - this is something we should actively encourage and promote (it even
has 'marketing value' : *"come to the OWASP AppSec XYZ conference where you
will be able to meet 15 OWASP Project and Chapter leaders!!" *
       - they (the leaders) should participate on the keynote OWASP
presentation (representing his chapter or project)
       - if it is a project leader he/she should be given a
5m/10m/15m/30m/45m' slot to present his work
       - if it is a chapter leader he/she should be given a
5m/10m/15m/30m/45m' slot to present what happens at his/hers chapter, and
give an 'quick' preview of the presentations that happened there on the last
6/12 months
       - we have to remember that in a lot of cases (take Matt Tesauro case)
in order to* participate on these conferences they have to use their
'Holiday/Vacation' day**s* (which can be quite a large personal sacrifice)
       - as OWASP grows and is more and more successful, we have to make
sure that we keep managing the expectations and views of the 'VERY
IMPORTANT' OWASP contributors that happen NOT to be involved in a particular
conference. I really worry when I hear comments like '*I work so HARD for
OWASP and I have to PAY!! to attend a conference that exists (in part) of my

Rex & Others, sorry for only sending these ideas and comments now (in an
ideal world I should have been more involved with this conference
organization), but as with everybody, I find it very challenging to find the
time to participate and contribute as much as I should.

Again, the AppSec DC team is doing a GREAT Job (in a tough climate) and they
deserve our maximum support!!!

Dinis Cruz

2009/9/16 Rex Booth, OWASP <rex.booth at owasp.org>

> Hi Dinis,
> The precedent for this arrangement was set in Poland.  Given the
> economic climate and the difficulty finding sponsorship dollars, we
> decided to follow this smart way of engaging our most valuable resource
> - chapter leaders - while saving some much-needed funds.
> Thanks for the opportunity to explain.  If anybody has further
> questions, please feel free to contact me, Mark or Doug directly - I
> don't see the need to clutter the list with such discussions.
> Thanks,
> Rex
> Dinis Cruz wrote:
> > Hi Rex, sorry if I missed it but can you forward me the thread that
> > decided about that condition for 'owasp chapter leaders to have to
> > recruit other  two attendees to get a free ticket?
> >
> > That was also discussed with the conferences committee, right?
> >
> > Thx
> >
> > Dinis Cruz
> >
> > On 16 Sep 2009, at 22:14, "Rex Booth, OWASP" <rex.booth at owasp.org>
> > wrote:
> >
> >
> >> We'd love to invite the world for free, but it's simply not
> >> realistic to
> >> do so - as you said, it's a sign of the times.  We feel that a free
> >> admission for two referrals is a low enough level of effort to make
> >> essentially a free ticket for an effective chapter lead.
> >>
> >> And even if you can't take advantage of the headhunting bonus, the low
> >> cost of a ticket combined with the extraordinary quality of the
> >> conference makes the event a nearly irresistible bargain.
> >>
> >> It will be well worth it and we hope to see you there.
> >>
> >> Thanks,
> >> Rex
> >>
> >> Stephen Carter wrote:
> >>
> >>> Interesting.  Last year chapter leaders got a free ticket without the
> >>> condition; it was a nice gesture...I guess this is a sign of the
> >>> times..
> >>>
> >>> - Steve
> >>>
> >>> On Wed, Sep 16, 2009 at 3:39 PM, Mark Bristow <mark.bristow at owasp.org
> >>> <mailto:mark.bristow at owasp.org>> wrote:
> >>>
> >>>    Chapter Leaders,
> >>>
> >>>    Are you an active leader of an OWASP chapter?
> >>>    Do you currently have a paid OWASP Membership?
> >>>    Want a FREE ticket to AppSec DC?
> >>>    Think you can convince two of your friends to come to AppSec DC?
> >>>
> >>>    The organizing committee of AppSec DC is offering a special
> >>>    headhunting bonus to OWASP Chapter Leaders.  If you are a chapter
> >>>    leader, have an OWASP membership and get 2 people to purchase
> >>>    tickets for AppSec DC
> >>>    (
> https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=26bc4c77-e1ef-4bad-be46-eb7b0124276c
> >>> )
> >>>    you get a ticket for yourself absolutely FREE!!!!!  Just make sure
> >>>    to have your registrants email Kate Hartmann
> >>>    (kate.hartmann at owasp.org <mailto:kate.hartmann at owasp.org>) to let
> >>>    us know you signed them up and we'll send you instructions to get
> >>>    your FREE admission for yourself!
> >>>
> >>>    Join us for one for the best AppSec yet!  FOR FREE!!!
> >>>
> >>>    Regards,
> >>>    The AppSecDC Organizing Committee
> >>>
> >>>    AppSec DC 09 - https://www.appsecdc.org <https://
> >>> www.appsecdc.org/>
> >>>    OWASP DC Chapter - http://www.owasp.org/index.php/Washington_DC
> >>>
> >>>    _______________________________________________
> >>>    OWASP-Leaders mailing list
> >>>    OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org
> >>>
> >>>    https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >>>
> >>>
> >>> ---
> >>> ---------------------------------------------------------------------
> >>>
> >>> _______________________________________________
> >>> OWASP-Leaders mailing list
> >>> OWASP-Leaders at lists.owasp.org
> >>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >>>
> >>>
> >> _______________________________________________
> >> OWASP-Leaders mailing list
> >> OWASP-Leaders at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >>
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090917/6250e317/attachment-0001.html 

More information about the OWASP-Leaders mailing list