[Owasp-leaders] ISSA Intl. @ Baltimore

Michael Coates michael.coates at owasp.org
Tue Oct 25 11:36:04 EDT 2011


Nice write-up and thanks for manning the booth at the ISSA conference.  As OWASP continues to branch out from the "echo chamber" setting up at various conferences will be increasingly important and valuable.

The feedback and actions items are great!

Others, if you are interested in setting up an OWASP table at a conference then please reply. We've got lots of great progress with the "OWASP Pod"

Michael Coates

On Oct 25, 2011, at 5:30 AM, John Steven wrote:

> All,
> In my day job, we do "trip reports" on summits, conferences, and
> similar. Recently, on behalf of OWASP, I set up, manned, and tore down
> the OWASP booth at the ISSA Intl. conference @ Baltimore [IC1].  I
> apologize in advance, our "trip report" format follows an informal
> story-telling approach, inter-mixing actions.
> Several exhibitors complained that, from a logistic perspective, the
> conference wasn't well run. For instance, it took me about 25 minutes
> to arrive at the facility by car but I bailed out of the exhibitor
> registration line @ 35 minutes to conduct booth set up. The OWASP
> booth was positioned facing the back wall, furthest away from the main
> conference hall. Neighbors included phishme.com, Accuvant, and
> Microsoft.
> Sarah Baso and Mark Bristow arranged for the booth banners, branded
> handouts (foam darts and pens), and a select number of printed
> "Top-10" booklets left over from a previous conference to be sent.
> Everything they sent arrived early and though we had far too many pens
> (not so popular) we had *just enough* darts(*1). Next time, I'd print
> far more "Top-10 booklets". The booklets provided a great
> talking-point with booth visitors and one that drove us into
> content-based discussions of what OWASP can provide its guests and
> visitors.
> **ACTION: Produce and cache "Top-10" booklets, cheat-sheets, and
> "LiveCDs" for the next conference opportunity. Both resources will
> concretely demonstrate OWASP value and drive conversation to
> practical, technical benefit we as a community provide. Balance Top-10
> and Cheat Sheet production based on the expectations of the technical
> strength of conference attendees.
> Foot traffic to the booth was "moderate" and I don't know how much it
> would have improved given a better placement. About 75 people stopped
> by the booth and solid conversations results from about 25. Folk
> around the conference claimed "about 700" attendees but my gut tells
> me the number was closer to half that. By both volume and energy, the
> conference felt vastly smaller and sleepier than OWASP MSP. Most
> commonly, the attendee that stopped by ran a local ISSA chapters.
> **ACTION: those OWASPers in Denver, the NYC --> Boston, the NoVA, DC,
> Maryland, and San Diego should reach out because interest in
> collaborating exists.
> The second largest group was GovE (DHS, specific department folk) and
> these individuals often represented the longest average conversation @
> booth. After a small amount of conversation, it was easy to gauge
> where the GovE visitor's program was and suggest appropriate OWASP
> projects. Each avidly wrote down OWASP resources to follow up on. The
> third largest group was independent contractors, which yielded
> interesting but wide-ranging conversations.
> Less than a handful of booth visitors demonstrated discernible
> technical prowess. I'll save this list some of the gems I overheard in
> the interest of civility.
> When we planned attendance, we discussed two people manning the booth.
> This process somehow broke down and I manned the booth alone (this may
> very well have been my fault?). Because I had immovable conference
> calls, this left the booth manned but by some guy on the phone for
> times, which would have put me off as a visitor. Likewise, I had
> commitments Friday, so we had no booth coverage on "Day #2" of the
> conference.
> **ACTION: confirm two attendees to support the booth for future conferences.
> Without contest, the top two questions asked by booth visitors were:
> 1) What the heck do you guys [do||sell]?
> 2) I know what OWASP is--why are you here?
> If OWASPers intend to do booth swaps at conferences beyond ISSA's
> scope, it may make sense to upgrade the banners and booth set-up.
> OWASP does a great job with its own conferences but nothing about the
> set-up I had helped with out-reach. I have some ideas on this topic,
> but I'll save them for Mark, Sarah, or whomever else is appropriate.
> The main reason *I* agreed to support the booth was regionally driven.
> Having attended the OWASP/ISSA LA conference, I was pleasantly
> surprised by ISSA's organizational/conference machine, and their
> expanded audience/attendance. Likewise, in the DC-metro (Maryland,
> Virginia) area, ISSA attendance out-strips that of OWASP. Yet, more
> than one regional ISSA leader has reached out to local OWASP leaders
> for content, speakers, and to orchestrate joint functions.
> Facilitating this connection was in fact my main purpose--and I feel
> like it was a success. Expect to see more DC-Metro OWASP talks at
> local ISSA events, as well as more attendance (and hopefully)
> membership from its ISSA members at our events.
> ...and, finally: those of you who plan to support OWASP conferences in
> the future: prepare yourself for the 50 Lbs. "brick" that Sarah sends
> you. There aren't instructions for OWASP banner set up... ...and the
> OWASP-branded table cover has stains on it. The whole experience will
> definitely remind you of that time you filled in as a roadie for your
> college roommate's Ska band... Find some bit of solace in the fact
> that set-up for the two included banners doesn't particularly warrant
> instruction and that, if you can hoist it above your shoulder (*2),
> carrying the 50 lb case isn't as bad as lugging it by handle.
> -jOHN
> -- 
> Phone: 703.727.4034
> Rss: http://feeds.feedburner.com/M1splacedOnTheWeb
> * [IC1] -  https://www.issa.org/conf/?p=105
> * (1) -  The foam darts surprised me as the 'big hit' for our booth.
> They played well with both visitors and fellow booth operators. Take
> note of this folks, if... say... HP Enterprise or Oracle have some
> sweet booth schwag, the darts are _definitely_ weighty-enough currency
> for trade. While I didn't engage in any in-kind trade myself, I might
> not fault future booth operators for doing so.
> * (2) - It might even draw some interesting dinner offers from fellow
> booth operators.
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

More information about the OWASP-Leaders mailing list