[Owasp-leaders] [Owasp-board] Appsec USA 2014 Proposals

Jim Manico jim.manico at owasp.org
Fri Jun 21 21:07:57 UTC 2013


+1 Denver, they have a track record of running a pretty amazing conference.

Aloha,
Jim

> Yes- both submitters were provided the budget actuals from last year
> and projections for this year as a point of reference in putting their
> proposals together.
> 
> Sarah
> 
> On Jun 19, 2013, at 1:06 PM, Dirk Wetter <dirk.wetter at owasp.org> wrote:
> 
>>
>> Hi all,
>>
>> I am European, so probably my opinion probably doesn't count
>> that much ;-)
>>
>> What would have helped us as we applied for AppSecEU 2013 would have been
>> having budget sheets or insights from the previous years, i.e. not the proposals but
>> more realistic numbers. That kind of learning effect would have been helpful.
>>
>> Is/Was there feedback loop in the US from previous years.?
>>
>> Cheers Dirk
>>
>>
>>
>> Am 06/19/2013 07:31 PM, schrieb Mark Major:
>>> Please take all of the below with a grain of salt. I am a member of the Denver planning committee
>>> and I want to be transparent about my bias. At the same time, I genuinely appreciate the
>>> enthusiasm, energy, and ambition coming out of Omaha. Keep it up!
>>>
>>>> Venue and catering are ~160k for Omaha, Denver 277k. BTW:
>>>> What's the venue for Denver?
>>>
>>> The Denver venue is under active negotiation with several locations. Catering costs used in the
>>> budget are projected from the downtown Denver Marriott where SnowFROC 2013 was held.. These costs
>>> are comparable to catering at similar venues in the area (notably the convention center). Also,
>>> the numbers are somewhat inflated because they include Entertainment costs. By hosting a speaker
>>> reception, VIP dinner, etc. at the conference venue, a good chunk of the expenditures apply toward
>>> the venue's minimum catering obligation. In order to track all venue catering in the same place we
>>> moved Entertainment catering costs into the Catering tab (see "Pre-conference").
>>>
>>> Conversely, the Omaha budget appears to feed 700 of the 1000 attendees and does not account for
>>> tax or service fees (7% and 19%, respectively). I would guess their conservative catering numbers
>>> should be around 258k (not including Entertainment catering). In fairness, they may have
>>> negotiated around the service fee, in which case the conservative catering costs should be around
>>> $217k (before Entertainment catering). It looks like a couple other expenditures in the Omaha
>>> budget may suffer from scale problems related to per-person costs. Swag, for example, is based on
>>> a conference with fewer attendees than projected for Omaha.
>>>
>>> Overall, I get the impression Omaha's convention center can provide a very cost-effective
>>> conference. The CenturyLink Convention Center's catering menu is rather inexpensive for a venue of
>>> its size, and catering is (by far) the largest cost in any AppSec budget. However, their overall
>>> budget needs a lot of work before we can really compare apples-to-apples. In my opinion, hosting a
>>> regional conference in 2014 would be a great way for Omaha to establish a baseline for a national
>>> conference bid.
>>>
>>>
>>>> Looking the the Denver proposal, a number of companies are mentioned.
>>>>
>>>> Are they going to sponsor the event?
>>>
>>> Each of the companies listed in the Denver proposal has sponsored SnowFROC in the past. Without
>>> getting into specifics, yes, I do expect several of those companies listed will sponsor a Denver
>>> AppSec.
>>>
>>>
>>>
>>> On Wed, Jun 19, 2013 at 5:59 AM, Eoin <eoin.keary at owasp.org <mailto:eoin.keary at owasp.org>> wrote:
>>>
>>>    Looking the the Denver proposal, a number of companies are mentioned.
>>>
>>>    Are they going to sponsor the event?
>>>
>>>    Sponsorship is important IMHO.
>>>
>>>
>>>    Eoin Keary
>>>    Owasp Global Board
>>>    +353 87 977 2988
>>>
>>>
>>>    On 19 Jun 2013, at 12:24, Dirk Wetter <dirk.wetter at owasp.org <mailto:dirk.wetter at owasp.org>>
>>>    wrote:
>>>
>>>>
>>>>    Hi,
>>>>
>>>>    don't know about the US conferences but Omaha seems more optimistic as Denver, as
>>>>    far as training revenue is concerned (100k vs 79k/39k) and number of participants.
>>>>    Numbers for the latter:  1500/1000 vs  1000/750 (optimistic/conservative).
>>>>
>>>>    In the optimistic scenario the numbers for paid and total attendance are probably
>>>>    swapped.
>>>>
>>>>    Venue and catering are ~160k for Omaha, Denver 277k. BTW:
>>>>    What's the venue for Denver?
>>>>
>>>>    BR, Dirk
>>>>
>>>>    Am 06/18/2013 10:56 PM, schrieb Sarah Baso:
>>>>>    Checklist version 1 is available
>>>>>    here: https://www.owasp.org/index.php/Conference_Planning_Table  and overview of tasks
>>>>>    here: https://www.owasp.org/images/2/2a/Conference_Timeline_Overview.pdf
>>>>>
>>>>>    This definitely could use some work but it is a starting place for now ;-0
>>>>>
>>>>>
>>>>>    On Tue, Jun 18, 2013 at 1:55 PM, Fabio Cerullo <fcerullo at owasp.org
>>>>>    <mailto:fcerullo at owasp.org>> wrote:
>>>>>
>>>>>        Agree with Tom.
>>>>>
>>>>>        For an Appsec Conference there should be a track record of at least one regional event
>>>>>        being held by the soliciting chapter.
>>>>>
>>>>>        A scoring criteria for proposals will definitely help. Also, a checklist of "things to
>>>>>        be done" once the proposal has been selected with time frames, etc.
>>>>>
>>>>>        Fabio
>>>>>
>>>>>        Sent from my iPhone
>>>>>
>>>>>        On 18 Jun 2013, at 21:42, Tom Brennan <tomb at owasp.org <mailto:tomb at owasp.org>> wrote:
>>>>>
>>>>>>        Denver has been kicking ass and taking names at FROC proven team and experience.
>>>>>>
>>>>>>        I would love to see a Nebraska event however is there a track record?  I would like to
>>>>>>        see a active chapter, a active regional event that makes OCMS before the investment of
>>>>>>        time energy and effort.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>        On Tue, Jun 18, 2013 at 3:45 PM, Sarah Baso <sarah.baso at owasp.org
>>>>>>        <mailto:sarah.baso at owasp.org>> wrote:
>>>>>>
>>>>>>            All -
>>>>>>            We have received an additional proposal for AppSec USA 2014 from the Omaha,
>>>>>>            Nebraska Chapter.  So, now that we have 2 proposals to consider (Denver and Omaha)
>>>>>>             I think it is appropriate to have an open comment and vote on the about the two
>>>>>>            proposals.
>>>>>>
>>>>>>            In the future, as Eoin noted in his original email, we need to develop some scoring
>>>>>>            criteria for proposals.  Since time is of the essence though with the AppSec USA
>>>>>>            proposals and I don't think it is fair to set scoring criteria AFTER the
>>>>>>            submissions have been received, I think the best way to handle this is to have an
>>>>>>            open voting.  I have included some previous AppSec conference hosts on this thread
>>>>>>            hoping they will weigh in on any considerations or thoughts on the proposals, base
>>>>>>            on their past experiences.
>>>>>>
>>>>>>            *I have set up this google moderator page for
>>>>>>            voting https://www.google.com/moderator/#15/e=20c908&t=20c908.41 *
>>>>>>            *
>>>>>>            *
>>>>>>            *We will be accepting votes until the end of the day FRIDAY, JUNE 21.*
>>>>>>
>>>>>>            *Information on the two proposals:*
>>>>>>
>>>>>>            *DENVER, CO*
>>>>>>            *Submission from Snofroc Team (Denver & Boulder Chapters) -
>>>>>>             *https://ocms.owasp.org/events/230/
>>>>>>
>>>>>>              * Team leads: Mark Major & Steve Kosten
>>>>>>              * Presentation (Why Denver?)
>>>>>>                https://docs.google.com/a/owasp.org/file/d/0B5cq5xuMqNYSRWlUbUZSckhNMlk/edit?usp=sharing
>>>>>>              * Budget
>>>>>>                - https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0Apcq5xuMqNYSdHMyUnAwaDBlQ1Nxa3AyWDEwN0Zya3c#gid=0
>>>>>>
>>>>>>
>>>>>>            *OMAHA, NE*
>>>>>>            Submission from Omaha Chapter -- https://ocms.owasp.org/events/231/
>>>>>>
>>>>>>              * Team leads: Fred Donovan and Rob Temple
>>>>>>              * Presentation (Why Omaha?)
>>>>>>                https://docs.google.com/a/owasp.org/file/d/0B6ftS9CyBPmqYThQR1NPYko4Yjg/edit?usp=sharing
>>>>>>              * Budget
>>>>>>                - https://docs.google.com/a/owasp.org/file/d/0B6ftS9CyBPmqaTgwdXdteWpzd2c/edit?usp=sharing
>>>>>>
>>>>>>
>>>>>>            Looking forward to hearing everyone's thoughts and feedback!
>>>>>>
>>>>>>            Regards,
>>>>>>            Sarah Baso
>>>>>>
>>>>>>            On Fri, Jun 7, 2013 at 5:54 PM, Sarah Baso <sarah.baso at owasp.org
>>>>>>            <mailto:sarah.baso at owasp.org>> wrote:
>>>>>>
>>>>>>                Hi Eoin (and OWASP community members)
>>>>>>
>>>>>>                Great questions ;-)
>>>>>>
>>>>>>                First the specifics for next year's events:
>>>>>>
>>>>>>                We have received one proposal for each AppSec USA 2014 (Denver CO) and AppSec
>>>>>>                Europe (Cambridge UK) - so there is no selection as much as an open opportunity
>>>>>>                for anyone to voice any objections before I approve these two great proposals
>>>>>>                so they can get planning.
>>>>>>
>>>>>>                AppSec EU/Research for 2014 is proposed for the end of June in Cambridge, UK --
>>>>>>                details here: https://ocms.owasp.org/events/220/
>>>>>>
>>>>>>                AppSec USA 2014 is proposed for Q3 (September ideally) for Denver, Colorado --
>>>>>>                details here: https://ocms.owasp.org/events/230/
>>>>>>
>>>>>>                So, please take this opportunity to voice any questions, objections, support
>>>>>>                and barring no big issues, I will go forward with approving the events in OCMS
>>>>>>                on next Friday, the 14th.
>>>>>>
>>>>>>
>>>>>>                -----
>>>>>>                In terms of a transparent and audit-able selection process - when there is only
>>>>>>                one proposal received for the event (as has been the case for all the Global
>>>>>>                appsecs last year and most of them the year before that, and so far for next
>>>>>>                year) - there really is no "selection process" as much as an opportunity to
>>>>>>                review the budget, discuss expectations with the local team proposing to host,
>>>>>>                and barring no issues "approve".  The Global Conference Committee previously
>>>>>>                conducted this process and there was not a scoring, but they just voted on the
>>>>>>                location  if there was more than one submitted.
>>>>>>
>>>>>>                If you would like to put together a process or outline for what you would like
>>>>>>                to see, I think that would be great. Otherwise, we will put it on the wish list
>>>>>>                and when we get someone new hired for the conferences position the staff,
>>>>>>                community, and that person can work on putting something together.
>>>>>>
>>>>>>                Open to other feedback you have!
>>>>>>
>>>>>>                Best,
>>>>>>                Sarah Baso
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>                On Fri, Jun 7, 2013 at 6:14 AM, Eoin <eoin.keary at owasp.org
>>>>>>                <mailto:eoin.keary at owasp.org>> wrote:
>>>>>>
>>>>>>                    May I ask when venues for 2014 shall be selected and also how is the
>>>>>>                    selection process conducted.
>>>>>>
>>>>>>                    Who makes the choice, how is the panel made up?
>>>>>>
>>>>>>                    I really want a transparent an auditable selection process.  What scoring
>>>>>>                    mechanism is being used?
>>>>>>
>>>>>>                    For me this is a staff decision coupled with our (to be hired) conference
>>>>>>                    manager.
>>>>>>
>>>>>>
>>>>>>
>>>>>>                    Eoin Keary
>>>>>>                    Owasp Global Board
>>>>>>                    +353 87 977 2988 <tel:%2B353%2087%20977%202988>
>>>>>>
>>>>>>                    _______________________________________________
>>>>>>                    Owasp-board mailing list
>>>>>>                    Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>>>>>                    https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>                --
>>>>>>                Executive Director
>>>>>>                OWASP Foundation
>>>>>>
>>>>>>                sarah.baso at owasp.org <mailto:sarah.baso at owasp.org>
>>>>>>                +1.312.869.2779 <tel:%2B1.312.869.2779>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>            --
>>>>>>            Executive Director
>>>>>>            OWASP Foundation
>>>>>>
>>>>>>            sarah.baso at owasp.org <mailto:sarah.baso at owasp.org>
>>>>>>            +1.312.869.2779 <tel:%2B1.312.869.2779>
>>>>>
>>>>>
>>>>>
>>>>>    --
>>>>>    Executive Director
>>>>>    OWASP Foundation
>>>>>
>>>>>    sarah.baso at owasp.org <mailto:sarah.baso at owasp.org>
>>>>>    +1.312.869.2779
>>>>
>>>>
>>>>    --
>>>>    German OWASP Board, Conference Chair AppSec EU 2013
>>>>    http://appsec.eu/       |                 @appseceu
>>>>    skype://drwetter.de     |      tel:+49-40-2442035-1
>>>
>>>
>>> --
>>> Mark
>>> OWASP Boulder
>>
>>
>> --
>> German OWASP Board, Conference Chair AppSec EU 2013
>> http://appsec.eu/       |                 @appseceu
>> skype://drwetter.de     |      tel:+49-40-2442035-1
>>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
> 



More information about the OWASP-Leaders mailing list