[Owasp-leaders] Chapters Leaders, get into AppSecDC FOR FREE!!!

David Campbell dcampbell at owasp.org
Wed Sep 23 11:55:44 EDT 2009

Wow.  I take my eye of this list for a week or so and it goes supernova.

Per Dinis' request I'm making public some thoughts I shared privately
with him last night on this topic.

I can sympathize with both sides here.

One one hand as a small business owner I pay rather dearly for the time
and effort I put into OWASP as every hour that I'm working on OWASP is
an hour I'm not chargable.  For small biz owners and independent
contractors there is no such thing as holiday or vacation time and while
travel expenses and conference fees are a tax deduction, they are still
an entry in the 'wrong column' from a P&L point of view.

On the other hand as a veteran OWASP event organizer I know what it
feels like to be thousands of dollars in the red in the run-up to the
event and also dealing with a million details to try to ensure the con
goes smoothly.

Is there a capacity issue at OWASP DC which makes it financially
problematic to admit chapter leaders gratis?  Is there a food/catering
issue in play also?  The reason I ask is that as a chapter leader I'm
already going to be out of pocket for travel expenses, accomodation, and
lost revenue attending the con.  Paying to get in may be a dealbreaker
for chapter leaders who are overdrawn on the "emotional bank account"
that is OWASP.

This isn't my conference to run, but I think it would be in the best
interest of the con, and OWASP as a whole, to admit chapter leaders
gratis, *provided that event capacity and catering costs aren't
issues*.  At security cons (Defcon perhaps notwithstanding), the more
the merrier.  And there's nothing like an underattended con (EUsecwest
london this year?) to dampen the mood for everyone.  That said, if
nonpaying chapter leader attendees would be taking spots which would
otherwise be filled by paying attendees, then the decision becomes
purely financial.


dinis cruz wrote:
> Hey Rex, AppSec DC team and owasp leaders
> First I just would like to second (i.e. agree with) Jeff's earlier
> email (sent to Rex & AppSec DC team directly) saying that:
> /"...//From my perspective, the planning of AppSec DC 2009 has been
> conducted with an extraordinary amount of professionalism and
> diligence. The Board is 100% behind your efforts.  Please let us know
> how we can help promote the conference and make it an even bigger
> success.  Thank you for all your great work on this..." //(Jeff Williams)/
> That said :)  and on the topic of giving Free attendance to active
> owasp-leaders, I would like to add a couple more points (which I'm
> doing here on the owasp-leaders list since (I think) this is owasp
> community wide issue):
> 1) From my (personal) point of view OWASP is about building a great
> community of talented people which is focused on solving the ('small')
> problem of application security
> 2) Although we have a great community with tons of great people across
> the world, I don't think we (OWASP as an organization) do ENOUGH to
> thank our most active contributors (who are, lets not forget, who make
> 3) I am also very aware that although we are all quite individual
> talented/knowledgeable (each with its own unique areas of expertise),
> there is ONLY SO MUCH we can do as INDIVIDUALS, and is it only when
> two-or-more OWASPers talk to each other and COLLABORATE that real
> MAGIC occurs 
> 4) Taking the view that in order to increase OWASP productivity,
> quality and 'products' we need "OWASP to work better with OWASP" and
> "OWASP to work better with the WORLD" (something we are not as good we
> should be), I view (as a Board member) my responsibility to help
> making these CONNECTIONS and help taking OWASP to the next level
> 5) So when I asked the question on /"...// 'owasp chapter leaders to
> have to recruit other  two attendees to get a free ticket?.."/ my
> objective was not to undermine or put in question the GREAT WORK REX
> AND THE APPSEC DC ARE DOING, but :)   , to 'gently' raise the issue
> and see if we can help the 'owasp chapter/project' leaders to attend
> this conference.
> 6) before, I describe why I don't agree with having the requirement
> for owasp-leaders to 'find two ticket buyers', I just want to make
> clear that this decision falls into the responsibility of the AppSec
> DC conference since they are the ones that are managing the budget for
> this conference :) . And remember that NOTHING in OWASP is set in
> stone, so if something make sense, IS DOABLE and respects OWASP's
> values, then it is better to change it sooner rater than later
> 7) one more point on owasp leaders. As a sign of recognition of their
> great work and contributions, at the last OWASP board meeting we
> (finally!!!!!!) decided to make OWASP members ALL active & past owasp
> project & chapter leaders. There is currently a work thread at 3
> Committees (Membership, Chapters and Projects) to try to figure out
> the criteria to do this, but basically the idea is to give all
> selected individuals (or companies) the option to: a) receive a free 1
> year membership or b) pay for it. The irony is that I (Dinis) am not
> an OWASP member :)  , and the main reasons is because I had no
> requirement to become one. Now with the forthcoming elections and this
> offer, I will HAVE to become a member, and I will gladly pay the 50
> USD membership fee, since even adding the time I put in OWASP, I still
> have enough value received from OWASP to justify the 'business
> expense' of 50 USD :)  :)  
> 8) finally, on the issue of owasp-leaders having to /'find two ticket
> buyers to get a free ticket for the AppSec DC' /(and even other OWASP
> conferences)
>    a) OWASP leaders are NOT paid for they contributions, so any
> successful OWASP leader has stories of sweet,blood,tears, long-hours,
> etc....
>    b) some OWASP leaders are able to 'work' on OWASP while on their
> employers time (sometime that we still fail to recognize is most
> cases), but I think it is fair to say that MOST of the work done is
> executed outside the work environment and in exchange for
> family/leisure/relaxing/sport time or (for independent contractors) in
> exchange for working on paid engagements (i.e. there is a significant
> PERSONAL or (short term) FINANCIAL cost in being an active OWASP leader)
>    c) we can't underestimate the work and value created by these owasp
> leaders (both chapters and projects) since they are the reason for our
> success and for the fact that we have tons of exciting projects,
> conferences and chapter meetings
>    d) although OWASP is not a wealthy organization with Millions of
> Dollars in funds (like Mozilla or Wikipedia), and there WAS a
> significant DROP in INCOME of Corporate memberships in 2009 due to the
> (correct) decision to simplify the corporate membership to 5k USD and
> allocate 40% of it to the local chapter. That said OWASP DOES have
> (some available) funds, and it is our (the Board and you all)
> responsibility to make sure we use those funds wisely
> *   e) so, on the question of*/* 'giving free conference tickets to
> OWASP leaders'*/* the question that I would like to see an answer is
> 'How much does that cost to OWASP?'*
>    f) maybe the solution is to push this cost to the OWASP Board (or
> even the local chapter if they have funds to support its chapter
> leader to participate on OWASP AppSec conferences (tickets, travel and
> accommodation))
>    g) back to the topic of the OWASP leader participating on OWASP
> AppSec conferences:
>        - this is something we should actively encourage and promote
> (it even has 'marketing value' : /"come to the OWASP AppSec XYZ
> conference where you will be able to meet 15 OWASP Project and Chapter
> leaders!!" /
>        - they (the leaders) should participate on the keynote OWASP
> presentation (representing his chapter or project)
>        - if it is a project leader he/she should be given a
> 5m/10m/15m/30m/45m' slot to present his work
>        - if it is a chapter leader he/she should be given a
> 5m/10m/15m/30m/45m' slot to present what happens at his/hers chapter,
> and give an 'quick' preview of the presentations that happened there
> on the last 6/12 months
>        - we have to remember that in a lot of cases (take Matt Tesauro
> case) in order to* participate on these conferences they have to use
> their 'Holiday/Vacation' day**s* (which can be quite a large personal
> sacrifice)
>        - as OWASP grows and is more and more successful, we have to
> make sure that we keep managing the expectations and views of the
> 'VERY IMPORTANT' OWASP contributors that happen NOT to be involved in
> a particular conference. I really worry when I hear comments like '/I
> work so HARD for OWASP and *I have to PAY!!* to attend a conference
> that exists (in part) of my contributions!'/
> Rex & Others, sorry for only sending these ideas and comments now (in
> an ideal world I should have been more involved with this conference
> organization), but as with everybody, I find it very challenging to
> find the time to participate and contribute as much as I should.
> Again, the AppSec DC team is doing a GREAT Job (in a tough climate)
> and they deserve our maximum support!!! 
> Dinis Cruz
> 2009/9/16 Rex Booth, OWASP <rex.booth at owasp.org
> <mailto:rex.booth at owasp.org>>
>     Hi Dinis,
>     The precedent for this arrangement was set in Poland.  Given the
>     economic climate and the difficulty finding sponsorship dollars, we
>     decided to follow this smart way of engaging our most valuable
>     resource
>     - chapter leaders - while saving some much-needed funds.
>     Thanks for the opportunity to explain.  If anybody has further
>     questions, please feel free to contact me, Mark or Doug directly - I
>     don't see the need to clutter the list with such discussions.
>     Thanks,
>     Rex
>     Dinis Cruz wrote:
>     > Hi Rex, sorry if I missed it but can you forward me the thread that
>     > decided about that condition for 'owasp chapter leaders to have to
>     > recruit other  two attendees to get a free ticket?
>     >
>     > That was also discussed with the conferences committee, right?
>     >
>     > Thx
>     >
>     > Dinis Cruz
>     >
>     > On 16 Sep 2009, at 22:14, "Rex Booth, OWASP"
>     <rex.booth at owasp.org <mailto:rex.booth at owasp.org>>
>     > wrote:
>     >
>     >
>     >> We'd love to invite the world for free, but it's simply not
>     >> realistic to
>     >> do so - as you said, it's a sign of the times.  We feel that a free
>     >> admission for two referrals is a low enough level of effort to make
>     >> essentially a free ticket for an effective chapter lead.
>     >>
>     >> And even if you can't take advantage of the headhunting bonus,
>     the low
>     >> cost of a ticket combined with the extraordinary quality of the
>     >> conference makes the event a nearly irresistible bargain.
>     >>
>     >> It will be well worth it and we hope to see you there.
>     >>
>     >> Thanks,
>     >> Rex
>     >>
>     >> Stephen Carter wrote:
>     >>
>     >>> Interesting.  Last year chapter leaders got a free ticket
>     without the
>     >>> condition; it was a nice gesture...I guess this is a sign of the
>     >>> times..
>     >>>
>     >>> - Steve
>     >>>
>     >>> On Wed, Sep 16, 2009 at 3:39 PM, Mark Bristow
>     <mark.bristow at owasp.org <mailto:mark.bristow at owasp.org>
>     >>> <mailto:mark.bristow at owasp.org
>     <mailto:mark.bristow at owasp.org>>> wrote:
>     >>>
>     >>>    Chapter Leaders,
>     >>>
>     >>>    Are you an active leader of an OWASP chapter?
>     >>>    Do you currently have a paid OWASP Membership?
>     >>>    Want a FREE ticket to AppSec DC?
>     >>>    Think you can convince two of your friends to come to
>     AppSec DC?
>     >>>
>     >>>    The organizing committee of AppSec DC is offering a special
>     >>>    headhunting bonus to OWASP Chapter Leaders.  If you are a
>     chapter
>     >>>    leader, have an OWASP membership and get 2 people to purchase
>     >>>    tickets for AppSec DC
>     >>>  
>      (https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=26bc4c77-e1ef-4bad-be46-eb7b0124276c
>     >>> )
>     >>>    you get a ticket for yourself absolutely FREE!!!!!  Just
>     make sure
>     >>>    to have your registrants email Kate Hartmann
>     >>>    (kate.hartmann at owasp.org <mailto:kate.hartmann at owasp.org>
>     <mailto:kate.hartmann at owasp.org <mailto:kate.hartmann at owasp.org>>)
>     to let
>     >>>    us know you signed them up and we'll send you instructions
>     to get
>     >>>    your FREE admission for yourself!
>     >>>
>     >>>    Join us for one for the best AppSec yet!  FOR FREE!!!
>     >>>
>     >>>    Regards,
>     >>>    The AppSecDC Organizing Committee
>     >>>
>     >>>    AppSec DC 09 - https://www.appsecdc.org <https://
>     >>> www.appsecdc.org/ <http://www.appsecdc.org/>>
>     >>>    OWASP DC Chapter - http://www.owasp.org/index.php/Washington_DC
>     >>>
>     >>>    _______________________________________________
>     >>>    OWASP-Leaders mailing list
>     >>>    OWASP-Leaders at lists.owasp.org
>     <mailto:OWASP-Leaders at lists.owasp.org>
>     <mailto:OWASP-Leaders at lists.owasp.org
>     <mailto:OWASP-Leaders at lists.owasp.org>
>     >>>
>     >>>    https://lists.owasp.org/mailman/listinfo/owasp-leaders
>     >>>
>     >>>
>     >>> ---
>     >>>
>     ---------------------------------------------------------------------
>     >>>
>     >>> _______________________________________________
>     >>> OWASP-Leaders mailing list
>     >>> OWASP-Leaders at lists.owasp.org
>     <mailto:OWASP-Leaders at lists.owasp.org>
>     >>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>     >>>
>     >>>
>     >> _______________________________________________
>     >> OWASP-Leaders mailing list
>     >> OWASP-Leaders at lists.owasp.org
>     <mailto:OWASP-Leaders at lists.owasp.org>
>     >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>     >>
>     > _______________________________________________
>     > OWASP-Leaders mailing list
>     > OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>     > https://lists.owasp.org/mailman/listinfo/owasp-leaders
>     >
>     _______________________________________________
>     OWASP-Leaders mailing list
>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
> ------------------------------------------------------------------------
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090923/e012c255/attachment-0001.html 

More information about the OWASP-Leaders mailing list