[Owasp-leaders] What happened at the last Summit...

dinis cruz dinis.cruz at owasp.org
Thu Dec 30 04:39:34 EST 2010

Since the focus is now turning to the OWASP Summit
2011<http://www.owasp.org/index.php/Summit_2011> ,
I think this is a good time to revisit what actually happened last
time<http://www.owasp.org/index.php/OWASP_EU_Summit_2008> (since
I think most of the participants are not aware of some of these details).

My aim of this email is to:

   - show how much 'attention to detail' the last Summit
had<http://www.owasp.org/index.php/OWASP_EU_Summit_2008> (and
   the fact that a lot of the great outcomes did not happen by accident)
   - what was going on under the hood,
   - identify the type of activities/efforts that we are also going to do at
   the next Summit, and
   - give you ideas for areas that we will need help and you could be
   involved in :)

This is what we did:

   - The original aim of the Summit was 'just' to present the projects
   developed during the OWASP Summer of Code
2008<http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008> ,
   this later changed when we realized the amount of OWASP talent and
   leadership that we would have in the same place.
   - Detailed guidelines and selection
created to define which OWASP leaders (and Summit attendees) would
   qualify for having their expenses covered (this was wide enough to cover at
   least any OWASP leader that delivered major contributions to OWASP in the
   - A local travel agency was used to book and track all participants. This
   solved a number of logistical problems, AND allowed us to have complete
   visibility on the attendees arrival and departure dates
   - The original agenda (which you can see here
   http://www.owasp.org/index.php/OWASP_EU_Summit_2008_Former_Agenda) was
   very heavy on presentations and had a very 'OWASP conference' feel to it
   (note the training sessions on Mon/Tue, the Working sessions on Tue/Wed, the
   Technical+Business Tracks on Thu/Fri)
   - Now if you look at what actually happened (see
   http://www.owasp.org/index.php/OWASP_EU_Summit_2008#EVENT_AGENDA) you
   will see a complete different structure:
      - Monday was quite light with only a coulpe training sessions (this
      was due to the attendees arrival dates)
      - Tuesday, Wednesday and Thursday all had the same structure:
         - Number of 15m presentations from OWASP project leaders (based on
         their OWASP Summer of Code
         - Working sessions
         - Lunch
         - Training Sessions
         - Working Sessions
         - Night events
      - Friday was setup so that each Working session had some time to
      present what they did and what where their deliverables/action-plan.
         - The original plan was to have a vote on each of the items, but
         what happened what that we spend a couple hours on saturday afternoon
         preparing the Summit Conclusions
         the logistics on how to announce the new Committees and its
new members (we
         ended up doing an official ceremony for it, which was quite nice)
      - I hope you will agree with me that the revised agenda was much
   better than the first one, and (my view is) that the Summit's productivity
   (and 'energy boast') was in big part due to how this new agenda was set up.
   - But how was it done?
      - The focus in the creation of the agenda was to make sure that there
      were none (or very view) conflicting schedules (i.e. an OWASP
leader needed
      to be in two Working Sessions at the same time) and that there
was maximum
      productivity/synergies between the attendees.
      - To be able to do this, (the Summit Team) in the days before the
      event, collated ALL information available to us (who are the Summit
      attendees, what projects are their leading, what projects are
      they interested in, what working sessions they need to be in,
when do they
      arrive/leave, etc...) and used the following criteria:
         - Make sure the OWASP leaders are there when they are needed (note
         that some left and arrived during the Summit)
         - Have the project's presentation to happen just before a relevant
         Working Session is going to take place (note how in the Summit's
         are presentations about the *'OWASP Testing Guide, OWASP Code
         Review Project , OWASP Application Security Desk Reference
and OWASP Spanish
         Project'* just before the Working Session on *'Documentation
         Projects/Guides Integration and Unified 4.0 Version'*)
         - When Working Sessions and Training happened in Parallel, tried to
         make it so that there were very little overlap between its
         (note how the *'Documentation Projects/Guides Integration and
         Unified 4.0 Version' *happened at the same time as the *'Tools
         Projects'* Working session)
         - Group the Presentations by topic:
            - Tuesday was 'Documents' and 'Tools',
            - Wednesday was 'Standards and Education' and 'Tools' and
            - Thursday was 'Technology' and 'Tools'
         - Leave enough flexibility in the Schedule so that we could react
         to Attendee's desires and more important to new ideas/topics
for Working
         Sessions (there were a couple Working Sessions that were only
         during the Summit)
         - Be able to create a daily schedule with the latests updates and
         changes (I know this was a pain point for some, BUT, this
         'dynamic' schedule really helped to make the Summit more
productive since we
         were able to adapt to what was going on (and new Working Sessions))
      - In addition to the efforts that went into making a schedule that
      worked, there was also a lot of effort put in to the actual working
         - All major working sessions (the ones hosted in one of he main
         rooms) had a dedicated WIKI page that was used to consolidate
(before and
         after) all relevant information about that session. Here are couple
         - Most working session had briefing papers with (for example) the
         relevant supporting documents printed and made available to
the Working
         Session attendees.
         - Every working session was expected to create a number of
         'Deliverables and Action items' which were captured and
placed on the walls
         for all attendees to see
      - The allocation of the vila's (i.e. who stayed with who) was also
      strategically implemented, so that the attendees stayed with liked-minded
      OWASP leaders (with the objective to maximize synergies and serendipity
      - After we realized that we would also need to provide dinner+beer to
      all attendees (in a buffet type), everyday we would pick on a
different set
      of Vilas who would host the 'dinner party' and 'night sessions'

Also related to the Summit where the following activities

   - We organized a 1-day training event at a local University
   http://www.owasp.org/index.php/OWASP_Summit_UALG_1_Day_Conference (good
   example of what can be easily organized when there are so many OWASP leaders
   around :)  )
   - Social
      - There were a number of activities for the leader Wife's that were
      also attending (for example a 'Orange Picking party' to a local farm)
      - There was OWASP band performance
      - There was an football match organized
      - There was a 'Capture the University' chalenge (where we got
      permission from a local university to perform during the Summit
a number of
      'Ethical Hacking' tests to their websites which was performed by
the Summit
      attendees during the 'night sessions' (the results were delivered to them
      after the summit))
      - Couple 'extra' non 'Summit team' organized events (night outs in
      local bars and trip to north Africa)
      - To get a picture of the environment and energy level at the summit
      check out these photos from the Summit: as
       or all images<http://picasaweb.google.com/paulocoimbra7/OWASPSummitEUPortugal2008>

   - Marketing
      - Specially created briefing documents for the press (including
      translations in 7 languages):
      - Number of short videos created, for example
      http://www.youtube.com/watch?gl=US&hl=uk&v=GsRbpshqqII (note that most
      sessions where recorded (but we never had the cycles to put them live))
      - Created two brochures for the event: 6 page
       and 33 page
      - There was a big focus on design with a Summit specific Logo and
   - Sponsorships
      - We only had 3 sponsors (art of defence, mnemonic and softtek) which
      where companies that paid for their attendee's travel expenses (note that
      the last Summit happened in the middle of the financial
meltdown, so travel
      budgets where VERY tight)
      - Logistics:
      - There was a dedicated Summit Team area with a large number of OWASP
      leaders helping with Summit Logistics
      - There as a printing station that was able to 'print on demand' a
      considerable amount of materials, for example:
         - Documents for Working Sessions
         - Committee Application forms
         - Personalized schedule created for all attendees (delivered to
         them as they arrived at the venue)
         - Daily schedules

Finally, what I'm mostly proud from the Summit, where the large number of
new/re-energised OWASP leaders/contributors that come out the summit (I will
not try to name them since I don't wont to miss anybody, but there were a
number of attendees that really 'GOT OWASP' after the Summit and went on to
create amazing projects or organize great OWASP conferences)

Hopefully this (long) email, will give a better picture of what happened at
the last Summit and the type of environment/initiatives we are trying to do
at the next Summit.

Note that a lot of what happened at the last Summit (most of the list above)
was done in the last couple weeks (or even on site) since that was the first
ever Summit that we had at OWASP and there was a lot to figure out.

The good news is that this time around, there is much less to 'figure out'
and time-wise we are very ahead in the Summit's preparations and logistics.
This means that if we keep the focus and energy, this can be an ever more
amazing and productive event :)

Dinis Cruz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101230/1ff491a3/attachment-0001.html 

More information about the OWASP-Leaders mailing list