[Owasp-leaders] [Owasp-board] Appsec USA 2014 Proposals

Sarah Baso sarah.baso at owasp.org
Sat Jun 22 00:23:34 UTC 2013


Thanks everyone for your feedback.  Based on the responses to this thread
as well as the votes on the google moderator (131 likes for Denver and 93
for Omaha), we will go forward with confirming Denver for next year's
conference host.

Omaha team - Thanks for your proposal and enthusiasm.  Hopefully you will
be interested in submitting for 2015 and consider starting with a local or
regional event for next year.

For those of you interested in being part of the the Global initiative to
review proposals and develop scoring criteria for future Global AppSec's -
please sign up here:
http://sl.owasp.org/conference_volunteers<http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing?campaignid=701U0000000AUbv>

All this passion for OWASP and AppSec USA is great to see ;-)

Best,
Sarah Baso
-- 
Executive Director
OWASP Foundation

sarah.baso at owasp.org
+1.312.869.2779



On Fri, Jun 21, 2013 at 2:07 PM, Jim Manico <jim.manico at owasp.org> wrote:

> +1 Denver, they have a track record of running a pretty amazing conference.
>
> Aloha,
> Jim
>
> > Yes- both submitters were provided the budget actuals from last year
> > and projections for this year as a point of reference in putting their
> > proposals together.
> >
> > Sarah
> >
> > On Jun 19, 2013, at 1:06 PM, Dirk Wetter <dirk.wetter at owasp.org> wrote:
> >
> >>
> >> Hi all,
> >>
> >> I am European, so probably my opinion probably doesn't count
> >> that much ;-)
> >>
> >> What would have helped us as we applied for AppSecEU 2013 would have
> been
> >> having budget sheets or insights from the previous years, i.e. not the
> proposals but
> >> more realistic numbers. That kind of learning effect would have been
> helpful.
> >>
> >> Is/Was there feedback loop in the US from previous years.?
> >>
> >> Cheers Dirk
> >>
> >>
> >>
> >> Am 06/19/2013 07:31 PM, schrieb Mark Major:
> >>> Please take all of the below with a grain of salt. I am a member of
> the Denver planning committee
> >>> and I want to be transparent about my bias. At the same time, I
> genuinely appreciate the
> >>> enthusiasm, energy, and ambition coming out of Omaha. Keep it up!
> >>>
> >>>> Venue and catering are ~160k for Omaha, Denver 277k. BTW:
> >>>> What's the venue for Denver?
> >>>
> >>> The Denver venue is under active negotiation with several locations.
> Catering costs used in the
> >>> budget are projected from the downtown Denver Marriott where SnowFROC
> 2013 was held.. These costs
> >>> are comparable to catering at similar venues in the area (notably the
> convention center). Also,
> >>> the numbers are somewhat inflated because they include Entertainment
> costs. By hosting a speaker
> >>> reception, VIP dinner, etc. at the conference venue, a good chunk of
> the expenditures apply toward
> >>> the venue's minimum catering obligation. In order to track all venue
> catering in the same place we
> >>> moved Entertainment catering costs into the Catering tab (see
> "Pre-conference").
> >>>
> >>> Conversely, the Omaha budget appears to feed 700 of the 1000 attendees
> and does not account for
> >>> tax or service fees (7% and 19%, respectively). I would guess their
> conservative catering numbers
> >>> should be around 258k (not including Entertainment catering). In
> fairness, they may have
> >>> negotiated around the service fee, in which case the conservative
> catering costs should be around
> >>> $217k (before Entertainment catering). It looks like a couple other
> expenditures in the Omaha
> >>> budget may suffer from scale problems related to per-person costs.
> Swag, for example, is based on
> >>> a conference with fewer attendees than projected for Omaha.
> >>>
> >>> Overall, I get the impression Omaha's convention center can provide a
> very cost-effective
> >>> conference. The CenturyLink Convention Center's catering menu is
> rather inexpensive for a venue of
> >>> its size, and catering is (by far) the largest cost in any AppSec
> budget. However, their overall
> >>> budget needs a lot of work before we can really compare
> apples-to-apples. In my opinion, hosting a
> >>> regional conference in 2014 would be a great way for Omaha to
> establish a baseline for a national
> >>> conference bid.
> >>>
> >>>
> >>>> Looking the the Denver proposal, a number of companies are mentioned.
> >>>>
> >>>> Are they going to sponsor the event?
> >>>
> >>> Each of the companies listed in the Denver proposal has sponsored
> SnowFROC in the past. Without
> >>> getting into specifics, yes, I do expect several of those companies
> listed will sponsor a Denver
> >>> AppSec.
> >>>
> >>>
> >>>
> >>> On Wed, Jun 19, 2013 at 5:59 AM, Eoin <eoin.keary at owasp.org <mailto:
> eoin.keary at owasp.org>> wrote:
> >>>
> >>>    Looking the the Denver proposal, a number of companies are
> mentioned.
> >>>
> >>>    Are they going to sponsor the event?
> >>>
> >>>    Sponsorship is important IMHO.
> >>>
> >>>
> >>>    Eoin Keary
> >>>    Owasp Global Board
> >>>    +353 87 977 2988
> >>>
> >>>
> >>>    On 19 Jun 2013, at 12:24, Dirk Wetter <dirk.wetter at owasp.org<mailto:
> dirk.wetter at owasp.org>>
> >>>    wrote:
> >>>
> >>>>
> >>>>    Hi,
> >>>>
> >>>>    don't know about the US conferences but Omaha seems more
> optimistic as Denver, as
> >>>>    far as training revenue is concerned (100k vs 79k/39k) and number
> of participants.
> >>>>    Numbers for the latter:  1500/1000 vs  1000/750
> (optimistic/conservative).
> >>>>
> >>>>    In the optimistic scenario the numbers for paid and total
> attendance are probably
> >>>>    swapped.
> >>>>
> >>>>    Venue and catering are ~160k for Omaha, Denver 277k. BTW:
> >>>>    What's the venue for Denver?
> >>>>
> >>>>    BR, Dirk
> >>>>
> >>>>    Am 06/18/2013 10:56 PM, schrieb Sarah Baso:
> >>>>>    Checklist version 1 is available
> >>>>>    here: https://www.owasp.org/index.php/Conference_Planning_Table and overview of tasks
> >>>>>    here:
> https://www.owasp.org/images/2/2a/Conference_Timeline_Overview.pdf
> >>>>>
> >>>>>    This definitely could use some work but it is a starting place
> for now ;-0
> >>>>>
> >>>>>
> >>>>>    On Tue, Jun 18, 2013 at 1:55 PM, Fabio Cerullo <
> fcerullo at owasp.org
> >>>>>    <mailto:fcerullo at owasp.org>> wrote:
> >>>>>
> >>>>>        Agree with Tom.
> >>>>>
> >>>>>        For an Appsec Conference there should be a track record of at
> least one regional event
> >>>>>        being held by the soliciting chapter.
> >>>>>
> >>>>>        A scoring criteria for proposals will definitely help. Also,
> a checklist of "things to
> >>>>>        be done" once the proposal has been selected with time
> frames, etc.
> >>>>>
> >>>>>        Fabio
> >>>>>
> >>>>>        Sent from my iPhone
> >>>>>
> >>>>>        On 18 Jun 2013, at 21:42, Tom Brennan <tomb at owasp.org<mailto:
> tomb at owasp.org>> wrote:
> >>>>>
> >>>>>>        Denver has been kicking ass and taking names at FROC proven
> team and experience.
> >>>>>>
> >>>>>>        I would love to see a Nebraska event however is there a
> track record?  I would like to
> >>>>>>        see a active chapter, a active regional event that makes
> OCMS before the investment of
> >>>>>>        time energy and effort.
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>        On Tue, Jun 18, 2013 at 3:45 PM, Sarah Baso <
> sarah.baso at owasp.org
> >>>>>>        <mailto:sarah.baso at owasp.org>> wrote:
> >>>>>>
> >>>>>>            All -
> >>>>>>            We have received an additional proposal for AppSec USA
> 2014 from the Omaha,
> >>>>>>            Nebraska Chapter.  So, now that we have 2 proposals to
> consider (Denver and Omaha)
> >>>>>>             I think it is appropriate to have an open comment and
> vote on the about the two
> >>>>>>            proposals.
> >>>>>>
> >>>>>>            In the future, as Eoin noted in his original email, we
> need to develop some scoring
> >>>>>>            criteria for proposals.  Since time is of the essence
> though with the AppSec USA
> >>>>>>            proposals and I don't think it is fair to set scoring
> criteria AFTER the
> >>>>>>            submissions have been received, I think the best way to
> handle this is to have an
> >>>>>>            open voting.  I have included some previous AppSec
> conference hosts on this thread
> >>>>>>            hoping they will weigh in on any considerations or
> thoughts on the proposals, base
> >>>>>>            on their past experiences.
> >>>>>>
> >>>>>>            *I have set up this google moderator page for
> >>>>>>            voting
> https://www.google.com/moderator/#15/e=20c908&t=20c908.41 *
> >>>>>>            *
> >>>>>>            *
> >>>>>>            *We will be accepting votes until the end of the day
> FRIDAY, JUNE 21.*
> >>>>>>
> >>>>>>            *Information on the two proposals:*
> >>>>>>
> >>>>>>            *DENVER, CO*
> >>>>>>            *Submission from Snofroc Team (Denver & Boulder
> Chapters) -
> >>>>>>             *https://ocms.owasp.org/events/230/
> >>>>>>
> >>>>>>              * Team leads: Mark Major & Steve Kosten
> >>>>>>              * Presentation (Why Denver?)
> >>>>>>
> https://docs.google.com/a/owasp.org/file/d/0B5cq5xuMqNYSRWlUbUZSckhNMlk/edit?usp=sharing
> >>>>>>              * Budget
> >>>>>>                -
> https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0Apcq5xuMqNYSdHMyUnAwaDBlQ1Nxa3AyWDEwN0Zya3c#gid=0
> >>>>>>
> >>>>>>
> >>>>>>            *OMAHA, NE*
> >>>>>>            Submission from Omaha Chapter --
> https://ocms.owasp.org/events/231/
> >>>>>>
> >>>>>>              * Team leads: Fred Donovan and Rob Temple
> >>>>>>              * Presentation (Why Omaha?)
> >>>>>>
> https://docs.google.com/a/owasp.org/file/d/0B6ftS9CyBPmqYThQR1NPYko4Yjg/edit?usp=sharing
> >>>>>>              * Budget
> >>>>>>                -
> https://docs.google.com/a/owasp.org/file/d/0B6ftS9CyBPmqaTgwdXdteWpzd2c/edit?usp=sharing
> >>>>>>
> >>>>>>
> >>>>>>            Looking forward to hearing everyone's thoughts and
> feedback!
> >>>>>>
> >>>>>>            Regards,
> >>>>>>            Sarah Baso
> >>>>>>
> >>>>>>            On Fri, Jun 7, 2013 at 5:54 PM, Sarah Baso <
> sarah.baso at owasp.org
> >>>>>>            <mailto:sarah.baso at owasp.org>> wrote:
> >>>>>>
> >>>>>>                Hi Eoin (and OWASP community members)
> >>>>>>
> >>>>>>                Great questions ;-)
> >>>>>>
> >>>>>>                First the specifics for next year's events:
> >>>>>>
> >>>>>>                We have received one proposal for each AppSec USA
> 2014 (Denver CO) and AppSec
> >>>>>>                Europe (Cambridge UK) - so there is no selection as
> much as an open opportunity
> >>>>>>                for anyone to voice any objections before I approve
> these two great proposals
> >>>>>>                so they can get planning.
> >>>>>>
> >>>>>>                AppSec EU/Research for 2014 is proposed for the end
> of June in Cambridge, UK --
> >>>>>>                details here: https://ocms.owasp.org/events/220/
> >>>>>>
> >>>>>>                AppSec USA 2014 is proposed for Q3 (September
> ideally) for Denver, Colorado --
> >>>>>>                details here: https://ocms.owasp.org/events/230/
> >>>>>>
> >>>>>>                So, please take this opportunity to voice any
> questions, objections, support
> >>>>>>                and barring no big issues, I will go forward with
> approving the events in OCMS
> >>>>>>                on next Friday, the 14th.
> >>>>>>
> >>>>>>
> >>>>>>                -----
> >>>>>>                In terms of a transparent and audit-able selection
> process - when there is only
> >>>>>>                one proposal received for the event (as has been the
> case for all the Global
> >>>>>>                appsecs last year and most of them the year before
> that, and so far for next
> >>>>>>                year) - there really is no "selection process" as
> much as an opportunity to
> >>>>>>                review the budget, discuss expectations with the
> local team proposing to host,
> >>>>>>                and barring no issues "approve".  The Global
> Conference Committee previously
> >>>>>>                conducted this process and there was not a scoring,
> but they just voted on the
> >>>>>>                location  if there was more than one submitted.
> >>>>>>
> >>>>>>                If you would like to put together a process or
> outline for what you would like
> >>>>>>                to see, I think that would be great. Otherwise, we
> will put it on the wish list
> >>>>>>                and when we get someone new hired for the
> conferences position the staff,
> >>>>>>                community, and that person can work on putting
> something together.
> >>>>>>
> >>>>>>                Open to other feedback you have!
> >>>>>>
> >>>>>>                Best,
> >>>>>>                Sarah Baso
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>                On Fri, Jun 7, 2013 at 6:14 AM, Eoin <
> eoin.keary at owasp.org
> >>>>>>                <mailto:eoin.keary at owasp.org>> wrote:
> >>>>>>
> >>>>>>                    May I ask when venues for 2014 shall be selected
> and also how is the
> >>>>>>                    selection process conducted.
> >>>>>>
> >>>>>>                    Who makes the choice, how is the panel made up?
> >>>>>>
> >>>>>>                    I really want a transparent an auditable
> selection process.  What scoring
> >>>>>>                    mechanism is being used?
> >>>>>>
> >>>>>>                    For me this is a staff decision coupled with our
> (to be hired) conference
> >>>>>>                    manager.
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>                    Eoin Keary
> >>>>>>                    Owasp Global Board
> >>>>>>                    +353 87 977 2988 <tel:%2B353%2087%20977%202988>
> >>>>>>
> >>>>>>                    _______________________________________________
> >>>>>>                    Owasp-board mailing list
> >>>>>>                    Owasp-board at lists.owasp.org <mailto:
> Owasp-board at lists.owasp.org>
> >>>>>>
> https://lists.owasp.org/mailman/listinfo/owasp-board
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>                --
> >>>>>>                Executive Director
> >>>>>>                OWASP Foundation
> >>>>>>
> >>>>>>                sarah.baso at owasp.org <mailto:sarah.baso at owasp.org>
> >>>>>>                +1.312.869.2779 <tel:%2B1.312.869.2779>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>            --
> >>>>>>            Executive Director
> >>>>>>            OWASP Foundation
> >>>>>>
> >>>>>>            sarah.baso at owasp.org <mailto:sarah.baso at owasp.org>
> >>>>>>            +1.312.869.2779 <tel:%2B1.312.869.2779>
> >>>>>
> >>>>>
> >>>>>
> >>>>>    --
> >>>>>    Executive Director
> >>>>>    OWASP Foundation
> >>>>>
> >>>>>    sarah.baso at owasp.org <mailto:sarah.baso at owasp.org>
> >>>>>    +1.312.869.2779
> >>>>
> >>>>
> >>>>    --
> >>>>    German OWASP Board, Conference Chair AppSec EU 2013
> >>>>    http://appsec.eu/       |                 @appseceu
> >>>>    skype://drwetter.de     |      tel:+49-40-2442035-1
> >>>
> >>>
> >>> --
> >>> Mark
> >>> OWASP Boulder
> >>
> >>
> >> --
> >> German OWASP Board, Conference Chair AppSec EU 2013
> >> http://appsec.eu/       |                 @appseceu
> >> skype://drwetter.de     |      tel:+49-40-2442035-1
> >>
> > _______________________________________________
> > Owasp-board mailing list
> > Owasp-board at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-board
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130621/7e33425e/attachment-0001.html>


More information about the OWASP-Leaders mailing list