[Owasp-leaders] Appsec USA 2014 Proposals

Sarah Baso sarah.baso at owasp.org
Wed Jun 19 20:13:54 UTC 2013


Yes- both submitters were provided the budget actuals from last year
and projections for this year as a point of reference in putting their
proposals together.

Sarah

On Jun 19, 2013, at 1:06 PM, Dirk Wetter <dirk.wetter at owasp.org> wrote:

>
> Hi all,
>
> I am European, so probably my opinion probably doesn't count
> that much ;-)
>
> What would have helped us as we applied for AppSecEU 2013 would have been
> having budget sheets or insights from the previous years, i.e. not the proposals but
> more realistic numbers. That kind of learning effect would have been helpful.
>
> Is/Was there feedback loop in the US from previous years.?
>
> Cheers Dirk
>
>
>
> Am 06/19/2013 07:31 PM, schrieb Mark Major:
>> Please take all of the below with a grain of salt. I am a member of the Denver planning committee
>> and I want to be transparent about my bias. At the same time, I genuinely appreciate the
>> enthusiasm, energy, and ambition coming out of Omaha. Keep it up!
>>
>>> Venue and catering are ~160k for Omaha, Denver 277k. BTW:
>>> What's the venue for Denver?
>>
>> The Denver venue is under active negotiation with several locations. Catering costs used in the
>> budget are projected from the downtown Denver Marriott where SnowFROC 2013 was held.. These costs
>> are comparable to catering at similar venues in the area (notably the convention center). Also,
>> the numbers are somewhat inflated because they include Entertainment costs. By hosting a speaker
>> reception, VIP dinner, etc. at the conference venue, a good chunk of the expenditures apply toward
>> the venue's minimum catering obligation. In order to track all venue catering in the same place we
>> moved Entertainment catering costs into the Catering tab (see "Pre-conference").
>>
>> Conversely, the Omaha budget appears to feed 700 of the 1000 attendees and does not account for
>> tax or service fees (7% and 19%, respectively). I would guess their conservative catering numbers
>> should be around 258k (not including Entertainment catering). In fairness, they may have
>> negotiated around the service fee, in which case the conservative catering costs should be around
>> $217k (before Entertainment catering). It looks like a couple other expenditures in the Omaha
>> budget may suffer from scale problems related to per-person costs. Swag, for example, is based on
>> a conference with fewer attendees than projected for Omaha.
>>
>> Overall, I get the impression Omaha's convention center can provide a very cost-effective
>> conference. The CenturyLink Convention Center's catering menu is rather inexpensive for a venue of
>> its size, and catering is (by far) the largest cost in any AppSec budget. However, their overall
>> budget needs a lot of work before we can really compare apples-to-apples. In my opinion, hosting a
>> regional conference in 2014 would be a great way for Omaha to establish a baseline for a national
>> conference bid.
>>
>>
>>> Looking the the Denver proposal, a number of companies are mentioned.
>>>
>>> Are they going to sponsor the event?
>>
>> Each of the companies listed in the Denver proposal has sponsored SnowFROC in the past. Without
>> getting into specifics, yes, I do expect several of those companies listed will sponsor a Denver
>> AppSec.
>>
>>
>>
>> On Wed, Jun 19, 2013 at 5:59 AM, Eoin <eoin.keary at owasp.org <mailto:eoin.keary at owasp.org>> wrote:
>>
>>    Looking the the Denver proposal, a number of companies are mentioned.
>>
>>    Are they going to sponsor the event?
>>
>>    Sponsorship is important IMHO.
>>
>>
>>    Eoin Keary
>>    Owasp Global Board
>>    +353 87 977 2988
>>
>>
>>    On 19 Jun 2013, at 12:24, Dirk Wetter <dirk.wetter at owasp.org <mailto:dirk.wetter at owasp.org>>
>>    wrote:
>>
>>>
>>>    Hi,
>>>
>>>    don't know about the US conferences but Omaha seems more optimistic as Denver, as
>>>    far as training revenue is concerned (100k vs 79k/39k) and number of participants.
>>>    Numbers for the latter:  1500/1000 vs  1000/750 (optimistic/conservative).
>>>
>>>    In the optimistic scenario the numbers for paid and total attendance are probably
>>>    swapped.
>>>
>>>    Venue and catering are ~160k for Omaha, Denver 277k. BTW:
>>>    What's the venue for Denver?
>>>
>>>    BR, Dirk
>>>
>>>    Am 06/18/2013 10:56 PM, schrieb Sarah Baso:
>>>>    Checklist version 1 is available
>>>>    here: https://www.owasp.org/index.php/Conference_Planning_Table  and overview of tasks
>>>>    here: https://www.owasp.org/images/2/2a/Conference_Timeline_Overview.pdf
>>>>
>>>>    This definitely could use some work but it is a starting place for now ;-0
>>>>
>>>>
>>>>    On Tue, Jun 18, 2013 at 1:55 PM, Fabio Cerullo <fcerullo at owasp.org
>>>>    <mailto:fcerullo at owasp.org>> wrote:
>>>>
>>>>        Agree with Tom.
>>>>
>>>>        For an Appsec Conference there should be a track record of at least one regional event
>>>>        being held by the soliciting chapter.
>>>>
>>>>        A scoring criteria for proposals will definitely help. Also, a checklist of "things to
>>>>        be done" once the proposal has been selected with time frames, etc.
>>>>
>>>>        Fabio
>>>>
>>>>        Sent from my iPhone
>>>>
>>>>        On 18 Jun 2013, at 21:42, Tom Brennan <tomb at owasp.org <mailto:tomb at owasp.org>> wrote:
>>>>
>>>>>        Denver has been kicking ass and taking names at FROC proven team and experience.
>>>>>
>>>>>        I would love to see a Nebraska event however is there a track record?  I would like to
>>>>>        see a active chapter, a active regional event that makes OCMS before the investment of
>>>>>        time energy and effort.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>        On Tue, Jun 18, 2013 at 3:45 PM, Sarah Baso <sarah.baso at owasp.org
>>>>>        <mailto:sarah.baso at owasp.org>> wrote:
>>>>>
>>>>>            All -
>>>>>            We have received an additional proposal for AppSec USA 2014 from the Omaha,
>>>>>            Nebraska Chapter.  So, now that we have 2 proposals to consider (Denver and Omaha)
>>>>>             I think it is appropriate to have an open comment and vote on the about the two
>>>>>            proposals.
>>>>>
>>>>>            In the future, as Eoin noted in his original email, we need to develop some scoring
>>>>>            criteria for proposals.  Since time is of the essence though with the AppSec USA
>>>>>            proposals and I don't think it is fair to set scoring criteria AFTER the
>>>>>            submissions have been received, I think the best way to handle this is to have an
>>>>>            open voting.  I have included some previous AppSec conference hosts on this thread
>>>>>            hoping they will weigh in on any considerations or thoughts on the proposals, base
>>>>>            on their past experiences.
>>>>>
>>>>>            *I have set up this google moderator page for
>>>>>            voting https://www.google.com/moderator/#15/e=20c908&t=20c908.41 *
>>>>>            *
>>>>>            *
>>>>>            *We will be accepting votes until the end of the day FRIDAY, JUNE 21.*
>>>>>
>>>>>            *Information on the two proposals:*
>>>>>
>>>>>            *DENVER, CO*
>>>>>            *Submission from Snofroc Team (Denver & Boulder Chapters) -
>>>>>             *https://ocms.owasp.org/events/230/
>>>>>
>>>>>              * Team leads: Mark Major & Steve Kosten
>>>>>              * Presentation (Why Denver?)
>>>>>                https://docs.google.com/a/owasp.org/file/d/0B5cq5xuMqNYSRWlUbUZSckhNMlk/edit?usp=sharing
>>>>>              * Budget
>>>>>                - https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0Apcq5xuMqNYSdHMyUnAwaDBlQ1Nxa3AyWDEwN0Zya3c#gid=0
>>>>>
>>>>>
>>>>>            *OMAHA, NE*
>>>>>            Submission from Omaha Chapter -- https://ocms.owasp.org/events/231/
>>>>>
>>>>>              * Team leads: Fred Donovan and Rob Temple
>>>>>              * Presentation (Why Omaha?)
>>>>>                https://docs.google.com/a/owasp.org/file/d/0B6ftS9CyBPmqYThQR1NPYko4Yjg/edit?usp=sharing
>>>>>              * Budget
>>>>>                - https://docs.google.com/a/owasp.org/file/d/0B6ftS9CyBPmqaTgwdXdteWpzd2c/edit?usp=sharing
>>>>>
>>>>>
>>>>>            Looking forward to hearing everyone's thoughts and feedback!
>>>>>
>>>>>            Regards,
>>>>>            Sarah Baso
>>>>>
>>>>>            On Fri, Jun 7, 2013 at 5:54 PM, Sarah Baso <sarah.baso at owasp.org
>>>>>            <mailto:sarah.baso at owasp.org>> wrote:
>>>>>
>>>>>                Hi Eoin (and OWASP community members)
>>>>>
>>>>>                Great questions ;-)
>>>>>
>>>>>                First the specifics for next year's events:
>>>>>
>>>>>                We have received one proposal for each AppSec USA 2014 (Denver CO) and AppSec
>>>>>                Europe (Cambridge UK) - so there is no selection as much as an open opportunity
>>>>>                for anyone to voice any objections before I approve these two great proposals
>>>>>                so they can get planning.
>>>>>
>>>>>                AppSec EU/Research for 2014 is proposed for the end of June in Cambridge, UK --
>>>>>                details here: https://ocms.owasp.org/events/220/
>>>>>
>>>>>                AppSec USA 2014 is proposed for Q3 (September ideally) for Denver, Colorado --
>>>>>                details here: https://ocms.owasp.org/events/230/
>>>>>
>>>>>                So, please take this opportunity to voice any questions, objections, support
>>>>>                and barring no big issues, I will go forward with approving the events in OCMS
>>>>>                on next Friday, the 14th.
>>>>>
>>>>>
>>>>>                -----
>>>>>                In terms of a transparent and audit-able selection process - when there is only
>>>>>                one proposal received for the event (as has been the case for all the Global
>>>>>                appsecs last year and most of them the year before that, and so far for next
>>>>>                year) - there really is no "selection process" as much as an opportunity to
>>>>>                review the budget, discuss expectations with the local team proposing to host,
>>>>>                and barring no issues "approve".  The Global Conference Committee previously
>>>>>                conducted this process and there was not a scoring, but they just voted on the
>>>>>                location  if there was more than one submitted.
>>>>>
>>>>>                If you would like to put together a process or outline for what you would like
>>>>>                to see, I think that would be great. Otherwise, we will put it on the wish list
>>>>>                and when we get someone new hired for the conferences position the staff,
>>>>>                community, and that person can work on putting something together.
>>>>>
>>>>>                Open to other feedback you have!
>>>>>
>>>>>                Best,
>>>>>                Sarah Baso
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>                On Fri, Jun 7, 2013 at 6:14 AM, Eoin <eoin.keary at owasp.org
>>>>>                <mailto:eoin.keary at owasp.org>> wrote:
>>>>>
>>>>>                    May I ask when venues for 2014 shall be selected and also how is the
>>>>>                    selection process conducted.
>>>>>
>>>>>                    Who makes the choice, how is the panel made up?
>>>>>
>>>>>                    I really want a transparent an auditable selection process.  What scoring
>>>>>                    mechanism is being used?
>>>>>
>>>>>                    For me this is a staff decision coupled with our (to be hired) conference
>>>>>                    manager.
>>>>>
>>>>>
>>>>>
>>>>>                    Eoin Keary
>>>>>                    Owasp Global Board
>>>>>                    +353 87 977 2988 <tel:%2B353%2087%20977%202988>
>>>>>
>>>>>                    _______________________________________________
>>>>>                    Owasp-board mailing list
>>>>>                    Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>>>>                    https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>                --
>>>>>                Executive Director
>>>>>                OWASP Foundation
>>>>>
>>>>>                sarah.baso at owasp.org <mailto:sarah.baso at owasp.org>
>>>>>                +1.312.869.2779 <tel:%2B1.312.869.2779>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>            --
>>>>>            Executive Director
>>>>>            OWASP Foundation
>>>>>
>>>>>            sarah.baso at owasp.org <mailto:sarah.baso at owasp.org>
>>>>>            +1.312.869.2779 <tel:%2B1.312.869.2779>
>>>>
>>>>
>>>>
>>>>    --
>>>>    Executive Director
>>>>    OWASP Foundation
>>>>
>>>>    sarah.baso at owasp.org <mailto:sarah.baso at owasp.org>
>>>>    +1.312.869.2779
>>>
>>>
>>>    --
>>>    German OWASP Board, Conference Chair AppSec EU 2013
>>>    http://appsec.eu/       |                 @appseceu
>>>    skype://drwetter.de     |      tel:+49-40-2442035-1
>>
>>
>> --
>> Mark
>> OWASP Boulder
>
>
> --
> German OWASP Board, Conference Chair AppSec EU 2013
> http://appsec.eu/       |                 @appseceu
> skype://drwetter.de     |      tel:+49-40-2442035-1
>


More information about the OWASP-Leaders mailing list