[Owasp-leaders] On Summits

Chris Schmidt chris.schmidt at owasp.org
Mon Apr 9 19:05:03 UTC 2012

Hash: SHA1
All -

I have been uncharacteristically quiet over the last few weeks (as has
even been pointed out to me by a few people) on a couple subjects. I
don't want anyone to take this as me not having an opinion, as anyone
who knows me will tell you that I have an opinion about almost
everything :D - to be frank, I have just been too busy to really think
about these things and finally had some time to reflect over this last
weekend. Here are my thoughts.

*The Summit aka "Waste of Money or Worthwhile Expenditure"
I was not at the first OWASP Summit in 2008, I was at the second OWASP
Summit in 2011, I had planned to attend to the third OWASP Summit in
2013. That being said, while spending time on a cruise ship sounded like
it would be a really great time (I even eluded to bringing along my
Jolly Roger flag to adorn the ship) I have never really cared *where*
the summit happened nearly as much as caring that it indeed happens. I
think I am fair in stating that the vast majority of OWASP leaders care
much less about where it is held than is being implied. I like the idea
of complete isolation for Summits, the idea that all the leaders are in
one place and for the most part to go somewhere else is at least a
moderately difficult endeavor unless you team up with other leaders (at
which point you are still very likely going to be getting talk done

In 2012 when I attended the Summit, I was completely clueless as to what
I should expect for the event. I was blown away by how much actually got
done while I was there! I joined with Jason and Brad to become a part of
the GPC and in 3 days we accomplished more actual work than was
completed in several years - just because we were all in the same place.
Anyone who knows me in a professional capacity knows that I am a huge
proponent of online collaboration and leveraging online tools to enable
that collaboration wherever it makes sense - but I am also a huge
proponent that facetime is something that simply cannot be replaced by
tools.  This has been further proven by both GPC and ESAPI over the last
12 months from our additional GPC working sessions and the ESAPI summit
at AppSecUSA last year. When people get together, _*scheiße **gets done*_.

It seems like in principle, everyone agrees that the big problem with
the Summit is how much it costs, ie "Worthwhile Expenditure?" - I have
seen several great suggestions on how this could be mitigated.
Fundraising, sponsorships, grants, etc. are all very real ways to
overcome the funding issue with the Summit. I do agree with Dinis that
perhaps we should focus more energy on the "what" and a little less on
the "where". Part of what makes any event a success is putting
exponentially more time into planning the event than actually executing
it. I generally have a 10:1 rule - that is if I have a 1-day event, I
should spend no less than 10 days working on the plan for the event.
Where that event is taking place generally account for 2-4 hours of that
time while scheduling and logistics account for the rest of that
planning time.

Can the committee go back and address the theme and overall approach to
the summit then we can come back to location when we have more concrete
plans in place?
Version: GnuPG v2.0.14 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120409/934026b6/attachment.html>

More information about the OWASP-Leaders mailing list