[Owasp-leaders] ISSA Intl. @ Baltimore

Neil Matatall neil at owasp.org
Thu Oct 27 22:53:55 EDT 2011

I too manned a booth at an ISSA and had some interesting feedback.
 Although, a lot less precise than John.

(forgive the candid assessment, it was a great conference overall)

Mistakes they made:

   1. More than one vendor was not even aware of the bingo-style iPad
   drawing where you visit each vendor.  Fail.
   2. One person won 3 prizes, 5 people one two prizes, and a handful of
   others won prizes during the vendor raffle.  There was a lot of murmuring.
    I brought this to the attention of the organizers early on.  They ensured
   me that the policy was "two prizes per person".  I feel that is a terrible
   policy.  One prize per attendee or else you get what just happened.  One guy
   one an Amazon Fire and an iPad 2.  Yeah, I'm jealous.
   3. I felt the quality of the exhibitors was poor-moderate.  Of course,
   I'd have the same issue if I had trouble getting vendors.

Mistakes we (I) made

   1. Every single one of my books was taken within a few hours.  I made
   each attendee earn the book through discussion, but they went like hotcakes
   while I came back with a bunch of pens and notepads.  This crowd LOVED the
   books.  And as soon as I told the afternoon people that they were available
   online, they gave up.
   2. The OWASP booth was right next to the ISSA and ISACA booths.  Only
   ISSA got traffic because they had a wheel to win prizes.  Most would walk
   away without visiting my or ISACA's booth.
   3. I shipped everything to my personal address and for various reasons, I
   was an hour or two late.  The other two booth members were rightly hounding
   me and said we missed opportunities.
   4. Did not bring a signup sheet.  owasp.org scares this crowd and they
   would never think of joining such an organization.  (again, forgive the
   candidness, it's more terse than a detailed explanation)

Things they did right:

   1. Some of the best conference food I've ever had along with brunch,
   lunch, ice cream social, and a cash bar.
   2. The venue is great for continuing the discussion at the local
   establishments (aka bars)
   3. Registation was dead simple, fast, and efficient.
   4. Vendor bingo.  I love that ish.  I'm going to talk to all of them
   anyways, and vendors are excited when they stamp someone's card who actually
   listened and participated in the product discussion.
   5. A real sense of "we are grateful you came" to both attendees and
   speakers.  It was a very warm crowd.

Take aways:
Don't screw your vendors or your attendees.
More books.  More books.  More books.  Less schwag

On Tue, Oct 25, 2011 at 8:36 AM, Michael Coates <michael.coates at owasp.org>wrote:

> John,
> Nice write-up and thanks for manning the booth at the ISSA conference.  As
> OWASP continues to branch out from the "echo chamber" setting up at various
> conferences will be increasingly important and valuable.
> The feedback and actions items are great!
> Others, if you are interested in setting up an OWASP table at a conference
> then please reply. We've got lots of great progress with the "OWASP Pod"
> Michael Coates
> On Oct 25, 2011, at 5:30 AM, John Steven wrote:
> > All,
> >
> > In my day job, we do "trip reports" on summits, conferences, and
> > similar. Recently, on behalf of OWASP, I set up, manned, and tore down
> > the OWASP booth at the ISSA Intl. conference @ Baltimore [IC1].  I
> > apologize in advance, our "trip report" format follows an informal
> > story-telling approach, inter-mixing actions.
> >
> > Several exhibitors complained that, from a logistic perspective, the
> > conference wasn't well run. For instance, it took me about 25 minutes
> > to arrive at the facility by car but I bailed out of the exhibitor
> > registration line @ 35 minutes to conduct booth set up. The OWASP
> > booth was positioned facing the back wall, furthest away from the main
> > conference hall. Neighbors included phishme.com, Accuvant, and
> > Microsoft.
> >
> > Sarah Baso and Mark Bristow arranged for the booth banners, branded
> > handouts (foam darts and pens), and a select number of printed
> > "Top-10" booklets left over from a previous conference to be sent.
> > Everything they sent arrived early and though we had far too many pens
> > (not so popular) we had *just enough* darts(*1). Next time, I'd print
> > far more "Top-10 booklets". The booklets provided a great
> > talking-point with booth visitors and one that drove us into
> > content-based discussions of what OWASP can provide its guests and
> > visitors.
> >
> > **ACTION: Produce and cache "Top-10" booklets, cheat-sheets, and
> > "LiveCDs" for the next conference opportunity. Both resources will
> > concretely demonstrate OWASP value and drive conversation to
> > practical, technical benefit we as a community provide. Balance Top-10
> > and Cheat Sheet production based on the expectations of the technical
> > strength of conference attendees.
> >
> > Foot traffic to the booth was "moderate" and I don't know how much it
> > would have improved given a better placement. About 75 people stopped
> > by the booth and solid conversations results from about 25. Folk
> > around the conference claimed "about 700" attendees but my gut tells
> > me the number was closer to half that. By both volume and energy, the
> > conference felt vastly smaller and sleepier than OWASP MSP. Most
> > commonly, the attendee that stopped by ran a local ISSA chapters.
> >
> > **ACTION: those OWASPers in Denver, the NYC --> Boston, the NoVA, DC,
> > Maryland, and San Diego should reach out because interest in
> > collaborating exists.
> >
> > The second largest group was GovE (DHS, specific department folk) and
> > these individuals often represented the longest average conversation @
> > booth. After a small amount of conversation, it was easy to gauge
> > where the GovE visitor's program was and suggest appropriate OWASP
> > projects. Each avidly wrote down OWASP resources to follow up on. The
> > third largest group was independent contractors, which yielded
> > interesting but wide-ranging conversations.
> >
> > Less than a handful of booth visitors demonstrated discernible
> > technical prowess. I'll save this list some of the gems I overheard in
> > the interest of civility.
> >
> > When we planned attendance, we discussed two people manning the booth.
> > This process somehow broke down and I manned the booth alone (this may
> > very well have been my fault?). Because I had immovable conference
> > calls, this left the booth manned but by some guy on the phone for
> > times, which would have put me off as a visitor. Likewise, I had
> > commitments Friday, so we had no booth coverage on "Day #2" of the
> > conference.
> >
> > **ACTION: confirm two attendees to support the booth for future
> conferences.
> >
> > Without contest, the top two questions asked by booth visitors were:
> >
> > 1) What the heck do you guys [do||sell]?
> > 2) I know what OWASP is--why are you here?
> >
> > If OWASPers intend to do booth swaps at conferences beyond ISSA's
> > scope, it may make sense to upgrade the banners and booth set-up.
> > OWASP does a great job with its own conferences but nothing about the
> > set-up I had helped with out-reach. I have some ideas on this topic,
> > but I'll save them for Mark, Sarah, or whomever else is appropriate.
> >
> > The main reason *I* agreed to support the booth was regionally driven.
> > Having attended the OWASP/ISSA LA conference, I was pleasantly
> > surprised by ISSA's organizational/conference machine, and their
> > expanded audience/attendance. Likewise, in the DC-metro (Maryland,
> > Virginia) area, ISSA attendance out-strips that of OWASP. Yet, more
> > than one regional ISSA leader has reached out to local OWASP leaders
> > for content, speakers, and to orchestrate joint functions.
> > Facilitating this connection was in fact my main purpose--and I feel
> > like it was a success. Expect to see more DC-Metro OWASP talks at
> > local ISSA events, as well as more attendance (and hopefully)
> > membership from its ISSA members at our events.
> >
> > ...and, finally: those of you who plan to support OWASP conferences in
> > the future: prepare yourself for the 50 Lbs. "brick" that Sarah sends
> > you. There aren't instructions for OWASP banner set up... ...and the
> > OWASP-branded table cover has stains on it. The whole experience will
> > definitely remind you of that time you filled in as a roadie for your
> > college roommate's Ska band... Find some bit of solace in the fact
> > that set-up for the two included banners doesn't particularly warrant
> > instruction and that, if you can hoist it above your shoulder (*2),
> > carrying the 50 lb case isn't as bad as lugging it by handle.
> >
> > -jOHN
> >
> > --
> > Phone: 703.727.4034
> > Rss: http://feeds.feedburner.com/M1splacedOnTheWeb
> >
> > * [IC1] -  https://www.issa.org/conf/?p=105
> > * (1) -  The foam darts surprised me as the 'big hit' for our booth.
> > They played well with both visitors and fellow booth operators. Take
> > note of this folks, if... say... HP Enterprise or Oracle have some
> > sweet booth schwag, the darts are _definitely_ weighty-enough currency
> > for trade. While I didn't engage in any in-kind trade myself, I might
> > not fault future booth operators for doing so.
> > * (2) - It might even draw some interesting dinner offers from fellow
> > booth operators.
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20111027/d4b98070/attachment.html 

More information about the OWASP-Leaders mailing list