[Owasp-leaders] Chapter Leader Update
rex.booth at owasp.org
Wed Aug 17 11:40:12 EDT 2011
My attire comment was somewhat tongue-in-cheek, though I think that if
you're going to talk about professional image, personal appearance needs
to be considered.
The greater and more important question is: how does OWASP measure ROI?
I don't think we have an answer for that, but we should. We should
strive to measure our impact and success - or at least have clearly
defined goals to which we can align our activities and expenditures.
That would allow us to 1) promote our impact among our supporters to
show them a return on THEIR investment, hopefully increasing sponsorship
dollars and 2) more easily determine if spending money on banners is a
better idea than flying somebody to an AppSec conference (for example).
Perhaps this is new project? ;)
On 8/17/2011 11:20 AM, Tom Brennan wrote:
> Intended audience of OWASP Foundation materials is developers,
> industry to standards bodies.
> Hardcopies of the OWASP Top 10 is a great example when a .PDF will
> not do the trick....
> awareness for this (1) project effort however we have over 200 hence
> need to spread the love around in raising the visibility of Stable and
> Beta efforts (https://www.owasp.org/index.php/Category:OWASP_Project)
> re: "If the audience is industry" at times it is -- and as example if
> the individuals are so inclined to wear a monkey suit that is image.
> As a example at Blackhat we (Sara,Lorna, Myself) all were Business
> attire -- not that this fact made a difference -- however i would
> agree that perception is key to any awareness campaign. I am aware
> that many chapters including my own are business attire, hell the
> meetings are after work -- hence the local region drives that. If
> shorts and t-shirts are appropriate so be it.. but seriously that is a
> stretch to worry about attire.
> Yes there is 100k in the chapter buckets. Not to spend on banners and
> the such... rather raising awareness to the chapters that there is
> monies in the bucket that should be reinvested into the chapters and
> efforts that are core to the mission. What chapter do you run Rex?
> DC, VA? Hence a balance of: Virginia (Northern
> Virginia)$2,770.60$160.00$277.06$2,653.50 / Washington
> DC$4,990.00$140.00$3,542.97$1,587.03 running a chapter has
> expenditures -- I know my chapter does.
> seeing the ROI - How is this: In 2004 you might agree that OWASP
> was a smaller group, 2007 we had a growth spurt, 2008, 2009, 2010,
> 2011 are measurable years of visibility not only on the mission but on
> the industry and on the core contributors as referenced
> https://www.owasp.org/index.php/Industry:Citations As a non-profit
> we have the upside business model of commercial for profit efforts and
> collectively a great platform and voice. Good reference information
> is here: http://en.wikipedia.org/wiki/Nonprofit_organization updated
> recently. The future is quite bright for this professional
> association with committees focused on implementation of our core
> values and purpose.
> Is this your measurement of ROI http://xssed.com/archive/special=1
> -- then yes there is work to be done on awareness from frameworks,
> developer tools and easy to leverage risk models -- personally I am
> fan of the efforts happening here:
> http://cwe.mitre.org/about/images/lg_consensus.jpg and we (OWASP) has
> a seat at the table in both the working groups and the ISO standards
> On Aug 17, 2011, at 10:53 AM, Rex Booth wrote:
>> Who is the intended audience of this enhanced professional image for
>> OWASP and what is the expected ROI?
>> If it's fellow security consultants, I think hard-copy printouts of
>> the top 10, etc, would have the most impact. It would allow us to
>> use them as force multipliers, too, and have them spread the word of
>> OWASP for us.
>> If the audience is industry (and it should be, IMO), I think the
>> funds would probably be better spent on a shirt and tie for each of
>> our leaders. I know many of us don't require business attire for our
>> daily lives, but many of our target industries do, and they respond
>> to people that "look professional." Is it fair? No, but that's the
>> On the whole, however, I'm surprised we have $100k to spend on
>> banners, etc to be used at the local chapter level given our current
>> budget situation. Especially since most chapter meetings are
>> probably 1) fewer than 20 people and 2) are repeat attendees that
>> don't need to be wowed by banners and image.
>> I don't see the ROI - perhaps somebody can explain it to me.
>> On 8/17/2011 10:28 AM, Tom Brennan wrote:
>>> As a result of repeated discussions at the OWASP booth at Blackhat
>>> this year, the following items are worth pointing out globally;
>>> *_Chapter Leaders: _*
>>> When you host your next local meeting will you have a table throw, a
>>> pull up banner, swag to help raise the professional image and
>>> awareness of the mission of OWASP Foundation?
>>> *VISUAL Example:* https://www.owasp.org/images/a/a7/OWASP-BOOTH.jpg
>>> *FAQ: what can you REQUEST for your chapter to promote OWASP locally? *
>>> *Answer: https://www.owasp.org/index.php/Chapter_Supplies*
>>> For many chapters there IS money in the chapter bank for this
>>> purpose over 100k actually. Seeing that summer is almost over...
>>> its time to review your chapter budget and invest invest short term
>>> and long term in your local chapter before the end of the year. If
>>> you are without funds contact your nearby chapter with funds
>>> collaborate with them we are a single community and ask for a
>>> transfer of funds to help out its a community effort.
>>> Here is where the 100k+ in funds are currently allocated by the
>>> hard-work of volunteer chapter leaders:
>>> * NYC Chapter is offering *$1000* to any chapter that is *_less than
>>> 12 months old, has used OWASP On The Move and a membership balance
>>> is currently less than $100_* to help you get started (contact me
>>> for more details off list).
>>> **NOTE Many of the other chapter leaders that I have spoken with are
>>> also willing to help you out - you have to ASK them
>>> ***As a chapter leader you are coming to the Global AppSec USA 10
>>> Year Anniversary of OWASP right? There is NO CHARGE for chapter
>>> leaders, don't miss the chapter workshop - http://www.appsecusa.org
>>> <http://www.appsecusa.org/> in September
>>> *_Need Speakers for your Chapter? _*
>>> Have you looked at OWASP on the Move yet to bring in one of the 200+
>>> OWASP Project Leaders to your chapter?
>>> To see what has been used to date see:
>>> https://www.owasp.org/index.php/OWASP_on_the_Move_-_Payments we
>>> have a budget allocated USE IT!
>>> Also consider being a scout and coming to AppSecUSA and asking
>>> presenters of AppSecUSA to come to your local chapter see:
>>> *_FAQ where can we find the other OWASP Chapter guidance support
>>> * For the OWASP Chapter Leader Handbook which includes rules and
>>> regulations, click here
>>> * For OWASP Chapter resources, click here
>>> * For OWASP Chapter presentations, click here
>>> * For the OWASP news item template, click here
>>> * For OWASP Chapter promotion tips click here
>>> _*Finally, we need your help* _ If you are a CHAPTER LEADER, you
>>> have a chapter mailing list (this might be why your even getting
>>> this email....), we are counting "Chapter Leaders" by those that
>>> are listed on the administrative area of the chapter mailing list.
>>> If someones name is listed on the wiki, that is NOT how we are
>>> counting the active chapter leaders, add there @owasp.org email to
>>> the mailing list administrative area.
>>> Some chapters are announce only mailing lists and that is ok here is
>>> why; Larry Casey our volunteer has a simple script that scrapes
>>> the administrative names/emails and includes them in OWASP-LEADERS
>>> list. So this is how we get communication like the above out to
>>> those that are Chapter Leaders. It is important that you add all
>>> associated chapter "leaders" to your chapter mailing-list so that
>>> they can be included in OWASP-LEADERS list communication such as
>>> this. If you need your local chapter mailing list password reset
>>> click on the below or visit www.owasp.org <http://www.owasp.org/>
>>> and click on CONTACT US
>>> *OWASP ELECTION -
>>> https://www.owasp.org/index.php/Membership/2011Election *- This is
>>> in progress we are approx., at 50% of the eligible voters have
>>> already done so. If you have not voted today the window is closing
>>> - VOTE TODAY.
>>> Semper Fi,
>>> Tom Brennan
>>> Direct: 973-202-0122
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders