[Owasp-leaders] Guide for a new chapter

Joseph Konieczka joseph.konieczka at owasp.org
Mon Apr 17 17:35:46 UTC 2017


I also recommend exploring combined meetings with local developer groups
and colleges. Getting both of those audiences involved furthers the mission
of OWASP, expands the pool of volunteers, and generates buzz. We've had
success with the local Java Users Group since they are an established group
with a solid meeting turnout each month. Finding the largest gathering of
developers helps you easily spread the word.

Last month we helped provide guidance and insight to a local community
college district on ways to enhance their information security and web
application development programs. We're also on track to present at the
Houston Java Users Group on an annual basis each February.

Joseph Konieczka
one of the Houston, TX chapter leaders

On Mon, Apr 17, 2017 at 12:12 PM, Tiffany Long <tiffany.long at owasp.org>
wrote:

>
> Thanks for such a clear plan Sherif!  Ajay, I interpret your question as
> also being about building chapter membership. A good first step is to reach
> out through your professional network and send emails and whats app
> messages to the people you already know would be interested.  You could
> start a MeetUp group or Event Bright event and direct them to the link and
> ask them to share with their networks.
>
> You can also ask to speak at local groups to let them know an new OWASP
> Chapter is growing.  Perhaps Null would welcome you?
>
> Sometimes chapters choose to have the first meeting be an informal one
> where interested parties can come to describe what they want to get out of
> an OWASP chapter.  Sometimes chapters decide it is better to host a few
> speakers and then discuss future OWASP developments after the talk.
>
> As you can see Sherif illustrated a fairly large meeting, but it is very
> common for first meetings to be held at cafes or in small conference rooms,
> so don't be intimidated if this is how your chapter begins.
>
> Best,
>
> Tiffany Long
> Community Manager
>
> On Sat, Apr 15, 2017 at 3:42 AM, Sherif Mansour <sherif.mansour at owasp.org>
> wrote:
>
>> Hi Ade,
>>
>> Sam and I have drawn up some useful docs for our speakers and our hosts
>> which might be helpful.
>> There some key tips though:
>>
>>    - Keep it simple, find a lightweight process to manage your chapter.
>>    You can harness sites like Eventbrite to manage invites to events and use
>>    the OWASP chapter page + Email List, and social media (Twitter has been
>>    quite useful for us).
>>    - Find volunteers or another Chapter leader to help you: Simply put,
>>    its too much work for one person especially if its going to be on an
>>    ongoing basis, its best to find a like minded colleague and work together.
>>    - Re-use as much as you can. At the London Chapter we built a
>>    template for news-letter, intro presentations, and how to run an event for
>>    the hosts etc.. This way it becomes easier as time goes by (and not the
>>    other way round).
>>    - Build a community: So the other thing is to understand what the
>>    community needs, and try to give it to them, for example if there is a new
>>    trend of attacks, might be worth getting an expert to talk about it etc..
>>    If they want a hackathon try to run one, and you'll be surprised who will
>>    come out to help.
>>    - Be consistent: If you are able to deliver events or talks on a
>>    regular basis, and you do communicate it effectively, your community will
>>    grow. So make sure you have a maintainable pace otherwise you could burnout
>>    etc..
>>
>> Please find attached a sample eventbrite post and the link to our OWASP
>> London page https://www.owasp.org/index.php/London
>>
>> For hosting an event:
>> Make sure you have an agenda sent out ahead of time (see the eventbrite
>> PDF for example), and work with the host on how to run the event (Does the
>> event have the right audio visual setup, is there someone who checks
>> attendee names etc.., making sure the event ends on time).
>>
>> Sometimes, the hosts might not know how to run an event especially in a
>> large organisation. Usually with a company with many lines of business,
>> reaching out to facilities is the first port of call as they are the ones
>> that manage the event theaters / hosting areas and they also know who to
>> reach out to about catering.
>> Depending on the company/facility using their catering team might be
>> mandatory as was the case with banks like Nomura and HSBC. Tech companies
>> like Expedia and Microsoft don't have that requirement so the host just
>> orders Pizzas.
>>
>> The cost breakdown for the catering & cleanup at one company was:
>>
>>    - 4x bottles of red Malbec,  £23.16 (£27.80 with VAT)
>>    - 4x bottles white, Le Colline San Giorgio  £21.52 (£25.84 with VAT)
>>    - 6x cases of Becks = 74p £106.56 (£128.16 with VAT)
>>    - Evening clean up = £70
>>    - 20 Pizzas = £200 - *Note:* deal from Papa John's has expired
>>    - Total = £451.8
>>
>> Hope that helps.
>>
>> Kind regards
>> Sherif Mansour
>>
>> On Sun, Apr 9, 2017 at 1:56 AM, Ade Yoseman Putra <ade.putra at owasp.org>
>> wrote:
>>
>>> Hi ajay
>>>
>>> You shoud read the chapter handbook for your guide
>>> https://www.owasp.org/index.php/Category:Chapter_Handbook .
>>>
>>> Thanks
>>>
>>>
>>>
>>> Pada tanggal 9 Apr 2017 12.31 AM, "Ajay Dutta" <ajay.dutta at owasp.org>
>>> menulis:
>>>
>>> Dear Friends,
>>> I have started a new chapter at chandigarh. Please guide me for further
>>> activity.
>>>
>>> On Fri, Apr 7, 2017 at 7:57 PM, Mike McCabe <mccabe615 at gmail.com> wrote:
>>>
>>>> Awesome idea and great project!
>>>>
>>>> On Sat, Apr 1, 2017 at 5:09 AM, Bjoern Kimminich <
>>>> bjoern.kimminich at owasp.org> wrote:
>>>>
>>>>> Dear all,
>>>>>
>>>>> I just released v2.25 which adds an awesome new feature to the OWASP
>>>>> Juice
>>>>> Shop: Via a simple YAML-based configuration file you can now customize
>>>>> the
>>>>> look & feel (logo, app name, theme, ...) and all products the store!
>>>>> Why
>>>>> would you want to do this? When using Juice Shop in trainings for your
>>>>> employer or at a customer, you might actually increase the awareness
>>>>> impact
>>>>> by customizing the Juice Shop to their very own corporate identity and
>>>>> business domain! Kudos to Timo Pagel for envisioning and contributing
>>>>> this
>>>>> feature!
>>>>>
>>>>> The following customization examples are delivered out of the box with
>>>>> OWASP
>>>>> Juice Shop v2.25.0:
>>>>> * The BodgeIt Store: An homage to our server-side rendered ancestor
>>>>> * Sick-Shop: A store that offers a variety of illnesses. Achoo! Bless
>>>>> you!
>>>>>
>>>>> Please check out
>>>>> https://github.com/bkimminich/juice-shop/blob/master/CUSTOMIZATION.md
>>>>> to
>>>>> learn how to use one of these samples and how to roll your own
>>>>> corporate
>>>>> theme! You can even use the existing end-to-end test suite to verify
>>>>> if all
>>>>> hacking challenges will keep working with yourcustom configuration!
>>>>> Below
>>>>> you also find the complete release notes. Some challenge solutions
>>>>> needed to
>>>>> be adjusted to work with the new customization feature. The "Pwning
>>>>> OWASP
>>>>> Juice Shop" companion guide eBook available at
>>>>> https://bkimminich.gitbooks.io/pwning-owasp-juice-shop/content will be
>>>>> updated soon after to reflect those changes.
>>>>>
>>>>> Cheers,
>>>>> Bjoern
>>>>>
>>>>> PS in case you are wondering: No, this is not an April's Fools joke!
>>>>>
>>>>> --------------------------------------------------
>>>>>
>>>>> v2.25.0
>>>>> ======
>>>>> https://github.com/bkimminich/juice-shop/releases/tag/v2.25.0
>>>>>
>>>>> Changes
>>>>> -----------
>>>>> * Customization allows you to tailor the OWASP Juice Shop to your own
>>>>> corporate business domain and styleguide for maximum awareness impact!
>>>>> * Changed some challenge solutions to be independent of customizations
>>>>> * Changed all generated Feedback to be not "juice"-theme any more
>>>>>
>>>>> Bugfixes
>>>>> ------------
>>>>> * Fixed language selection label for Hungarian
>>>>> * Fixed Challenge solved!-notifications not showing when coming back
>>>>> to the
>>>>> UI after e.g. hacking the API directly
>>>>>
>>>>> I18N
>>>>> -------
>>>>> * Added Romanian  translation
>>>>>
>>>>> -----BEGIN PGP MESSAGE-----
>>>>> Version: GnuPG v2
>>>>>
>>>>> owGVVn2IFGUYv7v8vDz6EoQyevbMUrvdVUvsDir3FPFOvTvdU9MSfHfm3ZnXnZl3
>>>>> mXdm5zYighArjArqjyDIj4QglQ40DYWsJKXzn5IkTfT6AE0Jv1Aw0Xqed3bvQw1q
>>>>> OW53dmae5/f8Pp7ZdxruqhlTO2rauk/6rp84Xtt3Llfz/ClvxjzOfGCO0wQN9V9v
>>>>> xH9tsDZUAfjc4UxxE0ozUzNnQWQLwwZmmgqYByziSrocPB5BnrMg9DkEEgKbQ+eK
>>>>> TLYL2kNhcMjastgCywUDBkq4RYfDysziRcmcLmxILy+s0GeBkB7kBZ4tyxAMrO/J
>>>>> CAxEIV3xEtdlHSkL8Bg24w5McaQlm4AVi+AxlzfRBfSWSqWmIjqTxoGiL83QCJS+
>>>>> Gyv5PAEr7DJEMnRM3ShiXkCoTQIu1HN4mnsQKuFZQ/CD8CDwmfDwawV56dO9PnCc
>>>>> Rpa5D/gFC3C+GC73m3RtV1g2fmsEIWIpYw3DJzY1GBYxn3tcKUBK8BLIlQeGpd50
>>>>> zZD+Ma/ChxL3yyAjD4nzixJp4yBM7gUiKOupcwSdyprSRbwJWBiaUtH93cKV0MUs
>>>>> 5I4G4F5JKOScmtGNKETgi1wYxN2FqmqaqFiiGxHlpePIiK6oYo114z2MhEVboAdM
>>>>> 7giEieLKMACZ17PkZA9EIrBvs0ZsrdT0FmwxDahJqzQt3hZAlvRqgYwHNs5iaXMR
>>>>> 64r7WD6pcG40qGfqVswzOAmsq2SFUUjGvsvEsiMGRljy3EeQUGK+4MgYghOOQ3xx
>>>>> lYKMYUuZgFaH+EMBE9U0dOkUgGFzo6CHsoOgqFrSaQsnCnMpQ7rpXEG4LhrEsNNr
>>>>> abikwv7pnCNzaZepgPvpucuy3Z2L21Zluts6O1KuSfNgYZ/mi+ggxB7S4xXK8EBV
>>>>> WUV9Ktf4qEBsvuEm0O5PwMpKdnhJuzj2Gu8RSsuKZCUDmcQ3CJAtUKEINK3Ip8ij
>>>>> Q/M6NTYzClpjG4+4ZyGCCGmCAudFjI6vT2oxCUjshOFBRhI5GkWngDlKYrCpJ2JB
>>>>> qnCkgFdXC6Y8IO6ztEkGGoKSTkiFFG4XbnLNVQ5TY9Jaig8JSIyC6tISGu7Jin1T
>>>>> 2lONXZF2+q3ua9SAmEc3WCE5irfSkmElJhyWw23EBtUelDiFwufwOpUSMl3UpZMy
>>>>> YqqYHKI9JQqTGXOH4MOiyQi7ktiM5dESWlCedzjmP7ClthgjvlMV4821ORqWtnLr
>>>>> WsnRKVVDZmkjGcSfphgNHklKAgJpgQ7ZFCcY/5Be2tWZoi+cxxXMl9JRsFYW+IC5
>>>>> k//7Vb2zklz89Ix+4Yf/HIyK/CodMCs9WKgytSZhODYd7LnDFGa0jHRS9X5ExTD/
>>>>> d3r80Ok7ZOaWXaljpoKyw2Mn0JZ0WY9wQ/e2dZ3QaDROEvRfvBubFq3Pi7SnPL0N
>>>>> h7lUwdBCFD4L2/jaJ/PR+TmMYqUMKdmoGWxM6rQj3jK4uNwa6tEfoZUXPbeSFrM2
>>>>> H0+Y4GCPkNao4mQ4IhAdvrvyOFgQehYuReYN3jB36EQlbiaSCEHkhVFBToBQS/04
>>>>> iOipiWrT5ypmUmJZW8XpPGWlBhYLncl0tYEpfETilGmAthlPdwxg17AzJgV/KWrj
>>>>> IS50Bj6BPeXE2r9RO3FETe2YmlEj6+gHTE392Hurv2rKm0b/veTG6Z6vTkyS8zfM
>>>>> fnfCn1Pm1NkfXT360wcLH1l2X/+WMYvez24X43pHvOlmx9747OOlhcYXzxfP3n/m
>>>>> 0I6942umw18LJlwafezZb/fUXTAPNx/d+d3EzZuy117Y+OsWs27jA7v2lradufrF
>>>>> 5XlPXnpo+Yevjdy6Id/Q+vPnvWt6Z82M6m/+tn7nnJ6DR84ffLt5f/31yU0XL46v
>>>>> WTX1y8vTl8CBp/wdD566p7/5ZPeF/RM7Nh86bX3fve+V1e91Llo/bvK+w8ePtbdP
>>>>> mm2vX3OlZG1I9Z8r9p778cC6s9eWb3ri4Qvbdr/8h33AfLT1h0Tf1vysX15tv/vI
>>>>> 9ZmwtO/mp92h/fueOfOu7FrZfP311du/OflW/z8=
>>>>> =TBZs
>>>>> -----END PGP MESSAGE-----
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>>
>> --
>>
>> Sherif Mansour
>> OWASP London Chapter Leadersherif.mansour at owasp.org https://www.owasp.org/index.php/London
>> Follow OWASP London Chapter on Twitter: @owasplondon  <https://tracking.cirrusinsight.com/6426beaa-499f-41a9-b5ef-8dd71c6d2dd9/twitter-com-owasplondon>
>> "Like" us on Facebook: https://www.facebook.com/OWASPLondon
>> Subscribe to our (lightweight) mailing list: https://lists.owasp.org/mailman/listinfo/owasp-london
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170417/3c387bf1/attachment-0001.html>


More information about the OWASP-Leaders mailing list