[Owasp-leaders] ISSA Intl. @ Baltimore

Mark Bristow mark.bristow at owasp.org
Fri Oct 28 21:16:25 EDT 2011

Thans for the feedback Neil.

Re: "More books.  More books.  More books." we're working on a good
answer for this.  Right now sending large #s of books is prohibitively

On Thu, Oct 27, 2011 at 10:53 PM, Neil Matatall <neil at owasp.org> wrote:
> I too manned a booth at an ISSA and had some interesting feedback.
>  Although, a lot less precise than John.
> (forgive the candid assessment, it was a great conference overall)
> Mistakes they made:
> More than one vendor was not even aware of the bingo-style iPad drawing
> where you visit each vendor.  Fail.
> One person won 3 prizes, 5 people one two prizes, and a handful of others
> won prizes during the vendor raffle.  There was a lot of murmuring.  I
> brought this to the attention of the organizers early on.  They ensured me
> that the policy was "two prizes per person".  I feel that is a terrible
> policy.  One prize per attendee or else you get what just happened.  One guy
> one an Amazon Fire and an iPad 2.  Yeah, I'm jealous.
> I felt the quality of the exhibitors was poor-moderate.  Of course, I'd have
> the same issue if I had trouble getting vendors.
> Mistakes we (I) made
> Every single one of my books was taken within a few hours.  I made each
> attendee earn the book through discussion, but they went like hotcakes while
> I came back with a bunch of pens and notepads.  This crowd LOVED the books.
>  And as soon as I told the afternoon people that they were available online,
> they gave up.
> The OWASP booth was right next to the ISSA and ISACA booths.  Only ISSA got
> traffic because they had a wheel to win prizes.  Most would walk away
> without visiting my or ISACA's booth.
> I shipped everything to my personal address and for various reasons, I was
> an hour or two late.  The other two booth members were rightly hounding me
> and said we missed opportunities.
> Did not bring a signup sheet.  owasp.org scares this crowd and they would
> never think of joining such an organization.  (again, forgive the
> candidness, it's more terse than a detailed explanation)
> Things they did right:
> Some of the best conference food I've ever had along with brunch, lunch, ice
> cream social, and a cash bar.
> The venue is great for continuing the discussion at the local establishments
> (aka bars)
> Registation was dead simple, fast, and efficient.
> Vendor bingo.  I love that ish.  I'm going to talk to all of them anyways,
> and vendors are excited when they stamp someone's card who actually listened
> and participated in the product discussion.
> A real sense of "we are grateful you came" to both attendees and speakers.
>  It was a very warm crowd.
> Take aways:
> Don't screw your vendors or your attendees.
> More books.  More books.  More books.  Less schwag
> Fooooooood
> On Tue, Oct 25, 2011 at 8:36 AM, Michael Coates <michael.coates at owasp.org>
> wrote:
>> John,
>> Nice write-up and thanks for manning the booth at the ISSA conference.  As
>> OWASP continues to branch out from the "echo chamber" setting up at various
>> conferences will be increasingly important and valuable.
>> The feedback and actions items are great!
>> Others, if you are interested in setting up an OWASP table at a conference
>> then please reply. We've got lots of great progress with the "OWASP Pod"
>> Michael Coates
>> On Oct 25, 2011, at 5:30 AM, John Steven wrote:
>> > All,
>> >
>> > In my day job, we do "trip reports" on summits, conferences, and
>> > similar. Recently, on behalf of OWASP, I set up, manned, and tore down
>> > the OWASP booth at the ISSA Intl. conference @ Baltimore [IC1].  I
>> > apologize in advance, our "trip report" format follows an informal
>> > story-telling approach, inter-mixing actions.
>> >
>> > Several exhibitors complained that, from a logistic perspective, the
>> > conference wasn't well run. For instance, it took me about 25 minutes
>> > to arrive at the facility by car but I bailed out of the exhibitor
>> > registration line @ 35 minutes to conduct booth set up. The OWASP
>> > booth was positioned facing the back wall, furthest away from the main
>> > conference hall. Neighbors included phishme.com, Accuvant, and
>> > Microsoft.
>> >
>> > Sarah Baso and Mark Bristow arranged for the booth banners, branded
>> > handouts (foam darts and pens), and a select number of printed
>> > "Top-10" booklets left over from a previous conference to be sent.
>> > Everything they sent arrived early and though we had far too many pens
>> > (not so popular) we had *just enough* darts(*1). Next time, I'd print
>> > far more "Top-10 booklets". The booklets provided a great
>> > talking-point with booth visitors and one that drove us into
>> > content-based discussions of what OWASP can provide its guests and
>> > visitors.
>> >
>> > **ACTION: Produce and cache "Top-10" booklets, cheat-sheets, and
>> > "LiveCDs" for the next conference opportunity. Both resources will
>> > concretely demonstrate OWASP value and drive conversation to
>> > practical, technical benefit we as a community provide. Balance Top-10
>> > and Cheat Sheet production based on the expectations of the technical
>> > strength of conference attendees.
>> >
>> > Foot traffic to the booth was "moderate" and I don't know how much it
>> > would have improved given a better placement. About 75 people stopped
>> > by the booth and solid conversations results from about 25. Folk
>> > around the conference claimed "about 700" attendees but my gut tells
>> > me the number was closer to half that. By both volume and energy, the
>> > conference felt vastly smaller and sleepier than OWASP MSP. Most
>> > commonly, the attendee that stopped by ran a local ISSA chapters.
>> >
>> > **ACTION: those OWASPers in Denver, the NYC --> Boston, the NoVA, DC,
>> > Maryland, and San Diego should reach out because interest in
>> > collaborating exists.
>> >
>> > The second largest group was GovE (DHS, specific department folk) and
>> > these individuals often represented the longest average conversation @
>> > booth. After a small amount of conversation, it was easy to gauge
>> > where the GovE visitor's program was and suggest appropriate OWASP
>> > projects. Each avidly wrote down OWASP resources to follow up on. The
>> > third largest group was independent contractors, which yielded
>> > interesting but wide-ranging conversations.
>> >
>> > Less than a handful of booth visitors demonstrated discernible
>> > technical prowess. I'll save this list some of the gems I overheard in
>> > the interest of civility.
>> >
>> > When we planned attendance, we discussed two people manning the booth.
>> > This process somehow broke down and I manned the booth alone (this may
>> > very well have been my fault?). Because I had immovable conference
>> > calls, this left the booth manned but by some guy on the phone for
>> > times, which would have put me off as a visitor. Likewise, I had
>> > commitments Friday, so we had no booth coverage on "Day #2" of the
>> > conference.
>> >
>> > **ACTION: confirm two attendees to support the booth for future
>> > conferences.
>> >
>> > Without contest, the top two questions asked by booth visitors were:
>> >
>> > 1) What the heck do you guys [do||sell]?
>> > 2) I know what OWASP is--why are you here?
>> >
>> > If OWASPers intend to do booth swaps at conferences beyond ISSA's
>> > scope, it may make sense to upgrade the banners and booth set-up.
>> > OWASP does a great job with its own conferences but nothing about the
>> > set-up I had helped with out-reach. I have some ideas on this topic,
>> > but I'll save them for Mark, Sarah, or whomever else is appropriate.
>> >
>> > The main reason *I* agreed to support the booth was regionally driven.
>> > Having attended the OWASP/ISSA LA conference, I was pleasantly
>> > surprised by ISSA's organizational/conference machine, and their
>> > expanded audience/attendance. Likewise, in the DC-metro (Maryland,
>> > Virginia) area, ISSA attendance out-strips that of OWASP. Yet, more
>> > than one regional ISSA leader has reached out to local OWASP leaders
>> > for content, speakers, and to orchestrate joint functions.
>> > Facilitating this connection was in fact my main purpose--and I feel
>> > like it was a success. Expect to see more DC-Metro OWASP talks at
>> > local ISSA events, as well as more attendance (and hopefully)
>> > membership from its ISSA members at our events.
>> >
>> > ...and, finally: those of you who plan to support OWASP conferences in
>> > the future: prepare yourself for the 50 Lbs. "brick" that Sarah sends
>> > you. There aren't instructions for OWASP banner set up... ...and the
>> > OWASP-branded table cover has stains on it. The whole experience will
>> > definitely remind you of that time you filled in as a roadie for your
>> > college roommate's Ska band... Find some bit of solace in the fact
>> > that set-up for the two included banners doesn't particularly warrant
>> > instruction and that, if you can hoist it above your shoulder (*2),
>> > carrying the 50 lb case isn't as bad as lugging it by handle.
>> >
>> > -jOHN
>> >
>> > --
>> > Phone: 703.727.4034
>> > Rss: http://feeds.feedburner.com/M1splacedOnTheWeb
>> >
>> > * [IC1] -  https://www.issa.org/conf/?p=105
>> > * (1) -  The foam darts surprised me as the 'big hit' for our booth.
>> > They played well with both visitors and fellow booth operators. Take
>> > note of this folks, if... say... HP Enterprise or Oracle have some
>> > sweet booth schwag, the darts are _definitely_ weighty-enough currency
>> > for trade. While I didn't engage in any in-kind trade myself, I might
>> > not fault future booth operators for doing so.
>> > * (2) - It might even draw some interesting dinner offers from fellow
>> > booth operators.
>> > _______________________________________________
>> > OWASP-Leaders mailing list
>> > OWASP-Leaders at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

Mark Bristow
(703) 596-5175
mark.bristow at owasp.org

OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
AppSec DC Organizer - https://www.appsecdc.org

More information about the OWASP-Leaders mailing list