[Owasp-leaders] Speakers at Appsec conferences

Tobias tobias.gondrom at owasp.org
Thu Sep 11 22:35:39 UTC 2014

Apologies, my communication was imprecise: As member of the organising 
team for AppSec EU 2014, I had the impression (which might very well be 
a misunderstanding on my part) that we would have a general practice to 
not pay AppSec speaker travel, except for keynotes. (and further 
exceptions could be made using chapter, project or other budgets...)

Best regards, Tobias

On 11/09/14 22:54, Josh Sokol wrote:
> It's OWASP practice not to pay speaker hotel/travel?  I don't think 
> I've ever seen that written anywhere.  In fact, we offer pots of money 
> like OWASP on the Move funds to do the opposite.  And I'm pretty sure 
> that speaker travel is something that is explicitly allowed in the 
> Chapter Leader Handbook.  In the case of AppSecUSA, nobody ever told 
> us it was somebody else's decision so we just assumed it was ours to 
> make just like all of the other decisions.  As long as the budget is 
> set up to accommodate it, I can't really see the Foundation caring 
> about it.  But if someone needs an explicit "Yes, conference 
> organizers can pay speaker expenses if it makes sense to do so", then 
> I'm all for it as long as they figure out how to account for it 
> financially.
> ~josh
> On Thu, Sep 11, 2014 at 4:38 PM, Tobias <tobias.gondrom at owasp.org 
> <mailto:tobias.gondrom at owasp.org>> wrote:
>     Josh,
>     in my experience, to some degree this has in the past not been up
>     to the team planning the conference.
>     We have referred back to general OWASP practice to in general not
>     pay speaker hotel/travel (except for keynote speakers). So one
>     outcome of this discussion could be to explicitly make this the
>     choice of the conference organising chapter team.
>     Tobias
>     On 11/09/14 22:20, Josh Sokol wrote:
>>     Historically, this has been a decision that has been left up to
>>     the team planning the conference.  I know with AppSecUSA 2012,
>>     there were a few speakers that we really wanted to get to the
>>     conference and they couldn't pay their way so we helped them with
>>     expenses.  We do the same for LASCON if we really want someone
>>     and circumstances merit it.  But, like Michael alluded to, this
>>     is an expense that should become part of the conference planning
>>     budget and we need to figure out how to offset it. Personally, I
>>     would hesitate to compare any of OWASP's relatively small
>>     conferences to BlackHat (5,000 attendees) or Defcon (15,000
>>     attendees). Not even in the same ballpark.  And when you factor
>>     in that a ticket to BlackHat averages out somewhere around $2000
>>     per person, well, we're not even in the same city where revenue
>>     is concerned.  My gut says to leave these decisions up to the
>>     local planning teams, but not make a habit out of it.
>>     ~josh
>>     On Thu, Sep 11, 2014 at 4:08 PM, Azeddine Islam Mennouchi
>>     <azeddine.mennouchi at owasp.org
>>     <mailto:azeddine.mennouchi at owasp.org>> wrote:
>>         Hello,
>>         sure :D you were great in Math Michael :D
>>         I think Stev. has a point almost all the confs. pay a part of
>>         the expenses (if not full expenses)
>>         Not all companies have the same policy not all people get
>>         sponsored by there companies
>>         Sponsoring some people would be great I think
>>         Regards Islam,
>>         On Thu, Sep 11, 2014 at 10:54 PM, Michael Coates
>>         <michael.coates at owasp.org <mailto:michael.coates at owasp.org>>
>>         wrote:
>>             Steven,
>>             Hope all is well and it will be great to catch up in Denver.
>>             I always enjoy new ideas and discussion. I have a few
>>             questions about your idea.
>>             1. Do we have any indication that quality speakers aren't
>>             applying because travel / hotel is not covered?
>>             2. Do you think the quality of speakers would increase if
>>             travel costs were covered?
>>             3. How many of the speakers do you think are paying for
>>             their travel out of pocket versus having it covered as a
>>             business expense?
>>             4. Would you support an increase in ticket prices to
>>             cover the costs of speakers? If not, where would you
>>             suggest the costs be covered?
>>             A bit of cost planning:
>>             AppSecUSA has 79 people listed on the speakers tab.
>>              Let's assume travel as $900 per person ($500 airfare + 2
>>             nights hotel at $200 night). That comes out to $71,000.
>>             Cost increase per attendee:
>>             500 attendees +$142 per ticket
>>             1000 attendees +$71 per ticket
>>             --
>>             Michael Coates
>>             Chairman, OWASP Board
>>             @_mwc
>>             On Thu, Sep 11, 2014 at 1:11 PM, Steven van der Baan
>>             <steven.van.der.baan at owasp.org
>>             <mailto:steven.van.der.baan at owasp.org>> wrote:
>>                 hi Leaders,
>>                 I've got a question for you all and it is regarding
>>                 speakers at Appsec
>>                 conferences.
>>                 I am of the opinion that we should cover expenses for
>>                 speakers that are
>>                 presenting at Appsec conferences. At the moment this
>>                 is not the case and
>>                 I truly believe that this is wrong. I think that if
>>                 OWASP wants the
>>                 AppSec conferences to grow in size, we should also
>>                 give the speakers
>>                 more than just an entrance ticket. I would like to
>>                 see that also some of
>>                 the expenses are covered. This is currently only done
>>                 for the keynote
>>                 speakers. I agree that the keynote speakers should be
>>                 handled more
>>                 special, but they are only the 'cherry on the cake'.
>>                 It's the speakers
>>                 that 'make the cake' and without good speakers you
>>                 will have a lousy cake.
>>                 I know that conferences like HitB and BlackHat/Defcon
>>                 provide hotel
>>                 expenses next to the entrance fee (with BH and Defcon
>>                 you can choose
>>                 between more badges or money). And they do get a
>>                 large number of
>>                 attendees, especially due to the numbers and quality
>>                 of their speakers.
>>                 This is what I would like to see with the OWASP
>>                 Appsec conferences as
>>                 well. Being known for outstanding speakers and at the
>>                 same time
>>                 attracting more attendees. Reflecting back at taking
>>                 part in organising
>>                 Appsec EU 2014, the attendee numbers where really low
>>                 for a long time
>>                 (below 100 up to two weeks before the conference).
>>                 Thought it did pick
>>                 up in the last two weeks, i firmly believe that these
>>                 numbers could
>>                 easily have been doubled if we take more care of our
>>                 speakers.
>>                 I know that I have a personal stake in this as I'm
>>                 one of the speakers
>>                 at Appsec USA. But it should not only be an honour to
>>                 speak at an OWASP
>>                 conference, we as OWASP should actively support this
>>                 knowledge sharing
>>                 by stimulating speakers and meet them with their
>>                 expenses and take care
>>                 of the hotel for them. I am aware that in the current
>>                 model the Appsec
>>                 conferences are used to generate revenue for the
>>                 foundation, but I am a
>>                 firm believer that you first have to spend money to
>>                 make money: to
>>                 invest into the speakers, which in turn will attract
>>                 more attendees and
>>                 therefore generate more income.
>>                 Below are two tweets that I quickly found searching
>>                 online about this.
>>                 These tweets are from non OWASP members
>>                 https://twitter.com/MatiasKatz/status/323490014136791041
>>                 https://twitter.com/notsosecure/status/478912487182827520
>>                 I'd love to see this change happen.
>>                 Steven.
>>                 _______________________________________________
>>                 OWASP-Leaders mailing list
>>                 OWASP-Leaders at lists.owasp.org
>>                 <mailto:OWASP-Leaders at lists.owasp.org>
>>                 https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>             _______________________________________________
>>             OWASP-Leaders mailing list
>>             OWASP-Leaders at lists.owasp.org
>>             <mailto:OWASP-Leaders at lists.owasp.org>
>>             https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>         -- 
>>         Islam Azeddine Mennouchi
>>         Consultant at ITS
>>         http://www.infotoolssolutions.dz/
>>         OWASP ALGERIA Chapter Leader
>>         phone n°: +213658227651 <tel:%2B213658227651>
>>         _______________________________________________
>>         OWASP-Leaders mailing list
>>         OWASP-Leaders at lists.owasp.org
>>         <mailto:OWASP-Leaders at lists.owasp.org>
>>         https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>     _______________________________________________
>>     OWASP-Leaders mailing list
>>     OWASP-Leaders at lists.owasp.org  <mailto:OWASP-Leaders at lists.owasp.org>
>>     https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140911/6e80a5cb/attachment-0001.html>

More information about the OWASP-Leaders mailing list