[Owasp-leaders] Chapter Leader Update

Rex Booth rex.booth at owasp.org
Wed Aug 17 11:40:12 EDT 2011

My attire comment was somewhat tongue-in-cheek, though I think that if 
you're going to talk about professional image, personal appearance needs 
to be considered.

The greater and more important question is: how does OWASP measure ROI?  
I don't think we have an answer for that, but we should.  We should 
strive to measure our impact and success - or at least have clearly 
defined goals to which we can align our activities and expenditures.  
That would allow us to 1) promote our impact among our supporters to 
show them a return on THEIR investment, hopefully increasing sponsorship 
dollars and 2) more easily determine if spending money on banners is a 
better idea than flying somebody to an AppSec conference (for example).

Perhaps this is new project? ;)


On 8/17/2011 11:20 AM, Tom Brennan wrote:
> Intended audience of OWASP Foundation materials is developers, 
> industry to standards bodies.
> Hardcopies of the OWASP Top 10 is a  great example when a .PDF will 
> not do the trick.... 
> http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf 
> awareness for this (1) project effort however we have over 200 hence 
> need to spread the love around in raising the visibility of Stable and 
> Beta efforts (https://www.owasp.org/index.php/Category:OWASP_Project)
> re: "If the audience is industry"  at times it is -- and as example if 
> the individuals are so inclined to wear a monkey suit that is image. 
>  As a example at Blackhat we (Sara,Lorna, Myself) all were Business 
> attire -- not that this fact made a difference -- however i would 
> agree that perception is key to any awareness campaign.  I am aware 
> that many chapters including my own are business attire, hell the 
> meetings are after work -- hence the local region drives that.  If 
> shorts and t-shirts are appropriate so be it.. but seriously that is a 
> stretch to worry about attire.
> Yes there is 100k in the chapter buckets. Not to spend on banners and 
> the such... rather raising awareness to the chapters that there is 
> monies in the bucket that should be reinvested into the chapters and 
> efforts that are core to the mission.  What chapter do you run Rex? 
>  DC, VA? Hence a balance of:  Virginia (Northern 
> Virginia)$2,770.60$160.00$277.06$2,653.50 / Washington 
> DC$4,990.00$140.00$3,542.97$1,587.03 running a chapter has 
> expenditures -- I know my chapter does.
> seeing the ROI  -  How is this:  In 2004 you might agree that OWASP 
> was a smaller group,  2007 we had a growth spurt, 2008, 2009, 2010, 
> 2011 are measurable years of visibility not only on the mission but on 
> the industry and on the core contributors as referenced 
> https://www.owasp.org/index.php/Industry:Citations   As a non-profit 
> we have the upside business model of commercial for profit efforts and 
> collectively a great platform and voice.  Good reference information 
> is here: http://en.wikipedia.org/wiki/Nonprofit_organization updated 
> recently.   The future is quite bright for this professional 
> association with committees focused on implementation of our core 
> values and purpose.
> Is this your measurement of ROI http://xssed.com/archive/special=1   
> -- then yes there is work to be done on awareness from frameworks, 
> developer tools and easy to leverage risk models -- personally I am 
> fan of the efforts happening here: 
> http://cwe.mitre.org/about/images/lg_consensus.jpg and we (OWASP) has 
> a seat at the table in both the working groups and the ISO standards 
> bodies.
> Brennan
> 973-202-0122
> On Aug 17, 2011, at 10:53 AM, Rex Booth wrote:
>> Who is the intended audience of this enhanced professional image for 
>> OWASP and what is the expected ROI?
>> If it's fellow security consultants, I think hard-copy printouts of 
>> the top 10, etc, would have the most impact.  It would allow us to 
>> use them as force multipliers, too, and have them spread the word of 
>> OWASP for us.
>> If the audience is industry (and it should be, IMO), I think the 
>> funds would probably be better spent on a shirt and tie for each of 
>> our leaders. I know many of us don't require business attire for our 
>> daily lives, but many of our target industries do, and they respond 
>> to people that "look professional."  Is it fair?  No, but that's the 
>> reality.
>> On the whole, however, I'm surprised we have $100k to spend on 
>> banners, etc to be used at the local chapter level given our current 
>> budget situation.  Especially since most chapter meetings are 
>> probably 1) fewer than 20 people and 2) are repeat attendees that 
>> don't need to be wowed by banners and image.
>> I don't see the ROI - perhaps somebody can explain it to me.
>> Rex
>> On 8/17/2011 10:28 AM, Tom Brennan wrote:
>>> As a result of repeated discussions at the OWASP booth at Blackhat 
>>> this year, the following items are worth pointing out globally;
>>> *_Chapter Leaders: _*
>>> *
>>> *
>>> When you host your next local meeting will you have a table throw, a 
>>> pull up banner, swag to help raise the professional image and 
>>> awareness of the mission of OWASP Foundation?
>>> *VISUAL Example:* https://www.owasp.org/images/a/a7/OWASP-BOOTH.jpg
>>> *FAQ: what can you REQUEST for your chapter to promote OWASP locally? *
>>> *
>>> *
>>> *Answer: https://www.owasp.org/index.php/Chapter_Supplies*
>>> *
>>> *
>>> *$$$*
>>> For many chapters there IS money in the chapter bank for this 
>>> purpose over 100k actually.    Seeing that summer is almost over... 
>>> its time to review your chapter budget and invest invest short term 
>>> and long term in your local chapter before the end of the year.  If 
>>> you are without funds contact your nearby chapter with funds 
>>> collaborate with them we are a single community and ask for a 
>>> transfer of funds to help out its a community effort.
>>> Here is where the 100k+ in funds are currently allocated by the 
>>> hard-work of volunteer chapter leaders:
>>> https://spreadsheets.google.com/pub?key=0Atu4kyR3ljftdF9aZkY0YjRFcmNBY21OaWo3djdkUXc&hl=en&output=html 
>>> <https://spreadsheets.google.com/pub?key=0Atu4kyR3ljftdF9aZkY0YjRFcmNBY21OaWo3djdkUXc&hl=en&output=html>
>>> * NYC Chapter is offering *$1000* to any chapter that is *_less than 
>>> 12 months old, has used OWASP On The Move and a membership balance 
>>> is currently less than $100_* to help you get started (contact me 
>>> for more details off list).
>>> **NOTE Many of the other chapter leaders that I have spoken with are 
>>> also willing to help you out - you have to ASK them
>>> ***As a chapter leader you are coming to the Global AppSec USA 10 
>>> Year Anniversary of OWASP right? There is NO CHARGE for chapter 
>>> leaders, don't miss the chapter workshop - http://www.appsecusa.org 
>>> <http://www.appsecusa.org/> in September
>>> ===
>>> *_Need Speakers for your Chapter? _*
>>> Have you looked at OWASP on the Move yet to bring in one of the 200+ 
>>> OWASP Project Leaders to your chapter?
>>> https://www.owasp.org/index.php/OWASP_on_the_Move
>>> To see what has been used to date see: 
>>> https://www.owasp.org/index.php/OWASP_on_the_Move_-_Payments  we 
>>> have a budget allocated USE IT!
>>> Also consider being a scout and coming to AppSecUSA and asking 
>>> presenters of AppSecUSA to come to your local chapter see: 
>>> http://www.appsecusa.org/schedule.html
>>> ===
>>> _
>>> _
>>> *_FAQ where can we find the other OWASP Chapter guidance support 
>>> information?_*
>>> Answer: 
>>> https://www.owasp.org/index.php/Category:OWASP_Chapter#Chapter_Support_Materials 
>>>   * For the OWASP Chapter Leader Handbook which includes rules and
>>>     regulations, click here
>>>     <https://www.owasp.org/index.php/Chapter_Leader_Handbook>.
>>>   * For OWASP Chapter resources, click here
>>>     <https://www.owasp.org/index.php/Category:Chapter_Resources>.
>>>   * For OWASP Chapter presentations, click here
>>>     <https://www.owasp.org/index.php/Chapter_Presentation_Bundles>.
>>>   * For the OWASP news item template, click here
>>>     <https://www.owasp.org/index.php/Template:News_Item>.
>>>   * For OWASP Chapter promotion tips click here
>>>     <https://www.owasp.org/index.php/Chapter_Promotion>.
>>> ===
>>> _*Finally, we need your help* _  If you are a CHAPTER LEADER, you 
>>> have a chapter mailing list (this might be why your even getting 
>>> this email....),   we are counting "Chapter Leaders" by those that 
>>> are listed on the administrative area of the chapter mailing list. 
>>>  If someones name is listed on the wiki, that is NOT how we are 
>>> counting the active chapter leaders, add there @owasp.org email to 
>>> the mailing list administrative area.
>>> Some chapters are announce only mailing lists and that is ok here is 
>>> why;   Larry Casey our volunteer has a simple script that scrapes 
>>> the administrative names/emails and includes them in OWASP-LEADERS 
>>> list.  So this is how we get communication like the above out to 
>>> those that are Chapter Leaders.  It is important that you add all 
>>> associated chapter "leaders" to your chapter mailing-list so that 
>>> they can be included in OWASP-LEADERS list communication such as 
>>> this.  If you need your local chapter mailing list password reset 
>>> click on the below or visit www.owasp.org <http://www.owasp.org/> 
>>> and click on CONTACT US
>>> https://spreadsheets.google.com/a/owasp.org/viewform?hl=en&formkey=dFN1R2NIMTNROXN3dml4ZEcxXzJQYXc6MQ#gid=0 
>>> <https://spreadsheets.google.com/a/owasp.org/viewform?hl=en&formkey=dFN1R2NIMTNROXN3dml4ZEcxXzJQYXc6MQ#gid=0>
>>> ===
>>> https://www.owasp.org/index.php/Membership/2011Election *-  This is 
>>> in progress we are approx., at 50% of the eligible voters have 
>>> already done so.  If you have not voted today the window is closing 
>>> Semper Fi,
>>> Tom Brennan
>>> Direct: 973-202-0122
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110817/7a6fce2b/attachment-0001.html 

More information about the OWASP-Leaders mailing list