[Owasp-leaders] Appsec USA 2014 Proposals

Dirk Wetter dirk.wetter at owasp.org
Wed Jun 19 20:06:57 UTC 2013


Hi all,

I am European, so probably my opinion probably doesn't count
that much ;-)

What would have helped us as we applied for AppSecEU 2013 would have been
having budget sheets or insights from the previous years, i.e. not the proposals but
more realistic numbers. That kind of learning effect would have been helpful.

Is/Was there feedback loop in the US from previous years.?

Cheers Dirk



Am 06/19/2013 07:31 PM, schrieb Mark Major:
> Please take all of the below with a grain of salt. I am a member of the Denver planning committee
> and I want to be transparent about my bias. At the same time, I genuinely appreciate the
> enthusiasm, energy, and ambition coming out of Omaha. Keep it up!
>
> > Venue and catering are ~160k for Omaha, Denver 277k. BTW:
> > What's the venue for Denver?
>
> The Denver venue is under active negotiation with several locations. Catering costs used in the
> budget are projected from the downtown Denver Marriott where SnowFROC 2013 was held.. These costs
> are comparable to catering at similar venues in the area (notably the convention center). Also,
> the numbers are somewhat inflated because they include Entertainment costs. By hosting a speaker
> reception, VIP dinner, etc. at the conference venue, a good chunk of the expenditures apply toward
> the venue's minimum catering obligation. In order to track all venue catering in the same place we
> moved Entertainment catering costs into the Catering tab (see "Pre-conference").
>
> Conversely, the Omaha budget appears to feed 700 of the 1000 attendees and does not account for
> tax or service fees (7% and 19%, respectively). I would guess their conservative catering numbers
> should be around 258k (not including Entertainment catering). In fairness, they may have
> negotiated around the service fee, in which case the conservative catering costs should be around
> $217k (before Entertainment catering). It looks like a couple other expenditures in the Omaha
> budget may suffer from scale problems related to per-person costs. Swag, for example, is based on
> a conference with fewer attendees than projected for Omaha.
>
> Overall, I get the impression Omaha's convention center can provide a very cost-effective
> conference. The CenturyLink Convention Center's catering menu is rather inexpensive for a venue of
> its size, and catering is (by far) the largest cost in any AppSec budget. However, their overall
> budget needs a lot of work before we can really compare apples-to-apples. In my opinion, hosting a
> regional conference in 2014 would be a great way for Omaha to establish a baseline for a national
> conference bid.
>
>
> > Looking the the Denver proposal, a number of companies are mentioned. 
> > 
> > Are they going to sponsor the event?
>
> Each of the companies listed in the Denver proposal has sponsored SnowFROC in the past. Without
> getting into specifics, yes, I do expect several of those companies listed will sponsor a Denver
> AppSec.
>
>
>
> On Wed, Jun 19, 2013 at 5:59 AM, Eoin <eoin.keary at owasp.org <mailto:eoin.keary at owasp.org>> wrote:
>
>     Looking the the Denver proposal, a number of companies are mentioned. 
>
>     Are they going to sponsor the event?
>
>     Sponsorship is important IMHO.
>
>
>     Eoin Keary
>     Owasp Global Board
>     +353 87 977 2988
>
>
>     On 19 Jun 2013, at 12:24, Dirk Wetter <dirk.wetter at owasp.org <mailto:dirk.wetter at owasp.org>>
>     wrote:
>
>>
>>     Hi,
>>
>>     don't know about the US conferences but Omaha seems more optimistic as Denver, as
>>     far as training revenue is concerned (100k vs 79k/39k) and number of participants.
>>     Numbers for the latter:  1500/1000 vs  1000/750 (optimistic/conservative).
>>
>>     In the optimistic scenario the numbers for paid and total attendance are probably
>>     swapped.
>>
>>     Venue and catering are ~160k for Omaha, Denver 277k. BTW:
>>     What's the venue for Denver?
>>
>>     BR, Dirk
>>
>>     Am 06/18/2013 10:56 PM, schrieb Sarah Baso:
>>>     Checklist version 1 is available
>>>     here: https://www.owasp.org/index.php/Conference_Planning_Table  and overview of tasks
>>>     here: https://www.owasp.org/images/2/2a/Conference_Timeline_Overview.pdf
>>>
>>>     This definitely could use some work but it is a starting place for now ;-0
>>>
>>>
>>>     On Tue, Jun 18, 2013 at 1:55 PM, Fabio Cerullo <fcerullo at owasp.org
>>>     <mailto:fcerullo at owasp.org>> wrote:
>>>
>>>         Agree with Tom.
>>>
>>>         For an Appsec Conference there should be a track record of at least one regional event
>>>         being held by the soliciting chapter.
>>>
>>>         A scoring criteria for proposals will definitely help. Also, a checklist of "things to
>>>         be done" once the proposal has been selected with time frames, etc.
>>>
>>>         Fabio
>>>
>>>         Sent from my iPhone
>>>
>>>         On 18 Jun 2013, at 21:42, Tom Brennan <tomb at owasp.org <mailto:tomb at owasp.org>> wrote:
>>>
>>>>         Denver has been kicking ass and taking names at FROC proven team and experience.
>>>>
>>>>         I would love to see a Nebraska event however is there a track record?  I would like to
>>>>         see a active chapter, a active regional event that makes OCMS before the investment of
>>>>         time energy and effort.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>         On Tue, Jun 18, 2013 at 3:45 PM, Sarah Baso <sarah.baso at owasp.org
>>>>         <mailto:sarah.baso at owasp.org>> wrote:
>>>>
>>>>             All -
>>>>             We have received an additional proposal for AppSec USA 2014 from the Omaha,
>>>>             Nebraska Chapter.  So, now that we have 2 proposals to consider (Denver and Omaha)
>>>>              I think it is appropriate to have an open comment and vote on the about the two
>>>>             proposals.
>>>>
>>>>             In the future, as Eoin noted in his original email, we need to develop some scoring
>>>>             criteria for proposals.  Since time is of the essence though with the AppSec USA
>>>>             proposals and I don't think it is fair to set scoring criteria AFTER the
>>>>             submissions have been received, I think the best way to handle this is to have an
>>>>             open voting.  I have included some previous AppSec conference hosts on this thread
>>>>             hoping they will weigh in on any considerations or thoughts on the proposals, base
>>>>             on their past experiences. 
>>>>
>>>>             *I have set up this google moderator page for
>>>>             voting https://www.google.com/moderator/#15/e=20c908&t=20c908.41 *
>>>>             *
>>>>             *
>>>>             *We will be accepting votes until the end of the day FRIDAY, JUNE 21.*
>>>>
>>>>             *Information on the two proposals:*
>>>>
>>>>             *DENVER, CO*
>>>>             *Submission from Snofroc Team (Denver & Boulder Chapters) -
>>>>              *https://ocms.owasp.org/events/230/
>>>>
>>>>               * Team leads: Mark Major & Steve Kosten
>>>>               * Presentation (Why Denver?)
>>>>                 https://docs.google.com/a/owasp.org/file/d/0B5cq5xuMqNYSRWlUbUZSckhNMlk/edit?usp=sharing
>>>>               * Budget
>>>>                 - https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0Apcq5xuMqNYSdHMyUnAwaDBlQ1Nxa3AyWDEwN0Zya3c#gid=0
>>>>
>>>>
>>>>             *OMAHA, NE*
>>>>             Submission from Omaha Chapter -- https://ocms.owasp.org/events/231/
>>>>
>>>>               * Team leads: Fred Donovan and Rob Temple
>>>>               * Presentation (Why Omaha?)
>>>>                 https://docs.google.com/a/owasp.org/file/d/0B6ftS9CyBPmqYThQR1NPYko4Yjg/edit?usp=sharing
>>>>               * Budget
>>>>                 - https://docs.google.com/a/owasp.org/file/d/0B6ftS9CyBPmqaTgwdXdteWpzd2c/edit?usp=sharing
>>>>
>>>>
>>>>             Looking forward to hearing everyone's thoughts and feedback!
>>>>
>>>>             Regards,
>>>>             Sarah Baso
>>>>
>>>>             On Fri, Jun 7, 2013 at 5:54 PM, Sarah Baso <sarah.baso at owasp.org
>>>>             <mailto:sarah.baso at owasp.org>> wrote:
>>>>
>>>>                 Hi Eoin (and OWASP community members)
>>>>
>>>>                 Great questions ;-)
>>>>
>>>>                 First the specifics for next year's events:
>>>>
>>>>                 We have received one proposal for each AppSec USA 2014 (Denver CO) and AppSec
>>>>                 Europe (Cambridge UK) - so there is no selection as much as an open opportunity
>>>>                 for anyone to voice any objections before I approve these two great proposals
>>>>                 so they can get planning.
>>>>
>>>>                 AppSec EU/Research for 2014 is proposed for the end of June in Cambridge, UK --
>>>>                 details here: https://ocms.owasp.org/events/220/
>>>>
>>>>                 AppSec USA 2014 is proposed for Q3 (September ideally) for Denver, Colorado --
>>>>                 details here: https://ocms.owasp.org/events/230/
>>>>
>>>>                 So, please take this opportunity to voice any questions, objections, support
>>>>                 and barring no big issues, I will go forward with approving the events in OCMS
>>>>                 on next Friday, the 14th.
>>>>
>>>>
>>>>                 -----
>>>>                 In terms of a transparent and audit-able selection process - when there is only
>>>>                 one proposal received for the event (as has been the case for all the Global
>>>>                 appsecs last year and most of them the year before that, and so far for next
>>>>                 year) - there really is no "selection process" as much as an opportunity to
>>>>                 review the budget, discuss expectations with the local team proposing to host,
>>>>                 and barring no issues "approve".  The Global Conference Committee previously
>>>>                 conducted this process and there was not a scoring, but they just voted on the
>>>>                 location  if there was more than one submitted.
>>>>
>>>>                 If you would like to put together a process or outline for what you would like
>>>>                 to see, I think that would be great. Otherwise, we will put it on the wish list
>>>>                 and when we get someone new hired for the conferences position the staff,
>>>>                 community, and that person can work on putting something together.
>>>>
>>>>                 Open to other feedback you have!
>>>>
>>>>                 Best,
>>>>                 Sarah Baso
>>>>
>>>>
>>>>
>>>>
>>>>                 On Fri, Jun 7, 2013 at 6:14 AM, Eoin <eoin.keary at owasp.org
>>>>                 <mailto:eoin.keary at owasp.org>> wrote:
>>>>
>>>>                     May I ask when venues for 2014 shall be selected and also how is the
>>>>                     selection process conducted.
>>>>
>>>>                     Who makes the choice, how is the panel made up?
>>>>
>>>>                     I really want a transparent an auditable selection process.  What scoring
>>>>                     mechanism is being used?
>>>>
>>>>                     For me this is a staff decision coupled with our (to be hired) conference
>>>>                     manager.
>>>>
>>>>
>>>>
>>>>                     Eoin Keary
>>>>                     Owasp Global Board
>>>>                     +353 87 977 2988 <tel:%2B353%2087%20977%202988>
>>>>
>>>>                     _______________________________________________
>>>>                     Owasp-board mailing list
>>>>                     Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>>>                     https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>>
>>>>
>>>>                 -- 
>>>>                 Executive Director
>>>>                 OWASP Foundation
>>>>
>>>>                 sarah.baso at owasp.org <mailto:sarah.baso at owasp.org>
>>>>                 +1.312.869.2779 <tel:%2B1.312.869.2779>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>             -- 
>>>>             Executive Director
>>>>             OWASP Foundation
>>>>
>>>>             sarah.baso at owasp.org <mailto:sarah.baso at owasp.org>
>>>>             +1.312.869.2779 <tel:%2B1.312.869.2779>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>>     -- 
>>>     Executive Director
>>>     OWASP Foundation
>>>
>>>     sarah.baso at owasp.org <mailto:sarah.baso at owasp.org>
>>>     +1.312.869.2779
>>>
>>>
>>>
>>>
>>
>>
>>     -- 
>>     German OWASP Board, Conference Chair AppSec EU 2013 
>>     http://appsec.eu/       |                 @appseceu
>>     skype://drwetter.de     |      tel:+49-40-2442035-1
>
>
> -- 
> Mark
> OWASP Boulder


-- 
German OWASP Board, Conference Chair AppSec EU 2013 
http://appsec.eu/       |                 @appseceu
skype://drwetter.de     |      tel:+49-40-2442035-1



More information about the OWASP-Leaders mailing list