[Owasp-leaders] how can you help - support ? (Fwd: Help with OWASP Summit 2017 Outreach)

Mark Miller mark.miller at owasp.org
Sun May 14 22:40:01 UTC 2017


If you'd like to hear more about the Summit, Seba and I go together at
AppSec EU 2017 Belfast and recorded a short update.

https://soundcloud.com/owasp-podcast/less-than-10-minutes-series-owasp-summit-2017

Mark


On Mon, May 8, 2017 at 1:34 AM, Seba <seba at owasp.org> wrote:

> Hi fellow-leaders,
>
> Check out our request below to the board & staff. We hope to have your
> support on this!
>
> A couple of ways you can help us:
>
> 1) support our request for funding towards your favourite board member(s)!
> 2) if you have budget available (see https://www.owasp.org/index.
> php/Donation_Scoreboard chapters - $882,638, projects $114,126): please
> sponsor your surplus budget to the summit? We expect the outcome of the
> summit to be fantastically useful for all chapter and owasp projects
> worldwide.
> 3) join us at the summit! http://owaspsummit.org/website/buy-ticket.html
>
> kind regards,
>
> Seba, Dinis, Francois
>
>
> ---------- Forwarded message ---------
> From: Seba <seba at owasp.org>
> Date: Mon, May 8, 2017 at 7:24 AM
> Subject: Re: Help with OWASP Summit 2017 Outreach
> To: Dinis Cruz <dinis.cruz at owasp.org>, Matt Tesauro <
> matt.tesauro at owasp.org>, johanna curiel curiel <johanna.curiel at owasp.org>,
> Claudia Casanovas <Claudia.Aviles-Casanovas at owasp.org>, Tom Brennan <
> tomb at owasp.org>, Matt Konda <matt.konda at owasp.org>, vanderaj vanderaj <
> vanderaj at owasp.org>, Josh Sokol <josh.sokol at owasp.org>, Michael Coates <
> michael.coates at owasp.org>, Tobias Gondrom <tobias.gondrom at owasp.org>,
> Kate Hartmann <kate.hartmann at owasp.org>, Tiffany Long <
> tiffany.long at owasp.org>, Laura Grau <laura.grau at owasp.org>, Kelly
> Santalucia <kelly.santalucia at owasp.org>, alison.shrader at owasp.org <
> alison.shrader at owasp.org>, Dawn Aitken <dawn.aitken at owasp.org>, Hugo
> Costa <hugo.costa at owasp.org>, owasp-board at owasp.org <owasp-board at owasp.org>,
> OWASP Foundation Board List <owasp-board at lists.owasp.org>
> Cc: Francois <francois at devseccon.com>
>
>
> Hi Owasp Board and Owasp Employees,
>
> One way to help us, is with financial and operational support.
>
> The OWASP Summit is getting great traction:
>
>    - 70+ confirmed participants
>    - 105 Working sessions planned
>
> For more details, see the email from Dinis below.
>
> We started the OWASP Summit last year and so far, have run the summit on a
> shoestring budget.
> We used the 150K USD seed fund from the board to reserve the lodges and
> conference rooms of the venue.
> With the currently confirmed sponsors, participants and the registrations
> in the pipeline, we are confident that we will break even on the venue and
> the catering.
> This means we will be able to return the seed fund, which is great news.
>
> However, *we need extra funding:*
>
> 1) The first funding we need is to get the amazing OWASP leaders and
> contributors that need support (flight+ticket) to the summit!
> Check out the list here http://owaspsummit.org/pages/for-editors/
> participants/need-funding.html
> In total we need about *33K USD to cover 17 people* to contribute to the
> success of the summit.
>
> 2) Everything we have done so far (Dinis, Francois, 6 summit editors and
> myself) has been done with our volunteer time.
> But for the summit to become a success, we need the support of a
> professional operations team with an operations budget.
> We currently estimate this *operations to cost about 50K USD*:
> - 10k for Tickets and flights for OWASP (or other operational) staff
> and/or participating Board Members
> - 20k for operational team expenses (before summit)
>    - venue accommodation for team that will go to the venue for the
> weekend before the Summit
>    - temp contractors to help with logistics and scheduling
>    - printing, signage and logistics
> -  20k for operational team expenses (during the Summit)
>    - venue accommodation for operational team (during summit)
>    - temp contractors to help with logistics and scheduling
>    - extra internet connection
>    - other misc expenses
> As we stand today these costs are *‘critical’ for the Summit success.*
>
> Of course we will try to cover these costs and reach a profit (and we are
> going on the right direction), but *at the moment we do not have that
> budget.*
>
> *So in total we need about 85K USD to get extra people to the summit and
> have a professional operations team in place.*
>
> One option (for the board) is for you to *allow us to use the 150k as a
> buffer (knowing that we might need to use it).*
> That should be seen as an ‘investment’ for OWASP, not a cost (after all
> that is why owasp should make money)
> Another option is to budget for 85K USD for the summit as separate
> investment from the OWASP foundation in the summit.
>
> Thanks for considering this request (I have scheduled this as new business
> for the upcoming board meeting tomorrow).
> If you are in Belfast, we can discuss face to face.
>
> Otherwise, happy to discuss by email or to schedule call(s).
>
> Kind regards,
>
> Seba, Dinis, Francois.
>
>
> On Sun, May 7, 2017 at 8:26 PM Dinis Cruz <dinis.cruz at owasp.org> wrote:
>
>> Hi Owasp Board and Owasp Employees, I would like to ask for some help in
>> promoting the Owasp Summit 2017 <http://owaspsummit.org/>.
>>
>> We are now in the critical phase of the Summit where we have reached
>> critical mass and really could do with some extra help from the Owasp
>> mothership (after all this is an Owasp event to/for the Owasp community)
>>
>> Here are the areas where you could help
>>
>>    - *Owasp Twitter <https://twitter.com/Owasp> *- with 78.5k followers
>>    the retweet of important milestones or Tweets about the Summit would reach
>>    quite a wide audience (note that in 2017 there has only been one (1) tweet
>>    about the Owasp Summit, and that was a retweet of one of Tom's tweet)
>>    - *Owasp Blog <https://owasp.blogspot.co.uk/>* - I don't know how
>>    many subscribers, but I'm sure it's reach is quite wide. Note that as far
>>    as I can tell there has been no blog post about the Summit
>>    - *Owasp LinkedIn <https://www.linkedin.com/company-beta/250673/> *-
>>    with 19k followers, this would also be a great way to reach potential
>>    Summit Attendees
>>    - *Owasp monthly newsletter - *The last Owasp Connector
>>    <https://owasp.blogspot.co.uk/2017/04/April2017Connector.html> only
>>    has one link to the Owasp Summit 2017, with a large feature being allocated
>>    to the Project Summit and Developer Summit happing at AppSec EU. Note that
>>    I'm not saying we shouldn't be promoting those activities (at AppSec EU),
>>    but as you can see by the number of Working Sessions
>>    <http://owaspsummit.org/website/working-sessions.html> and
>>    Participants <http://owaspsummit.org/website/participants.html>, the
>>    Owasp Summit 2017 will be a much bigger event
>>    - *Owasp Conferences and Chapters - *With the high number of events
>>    that Owasp will organise or be involved between now and the Summit, it
>>    would be great if the Owasp mothership asked these events to promote the
>>    Summit
>>    - *Owasp Leaders list* - This is the list that reaches our trusted
>>    leaders and it would make a massive difference if there were a couple posts
>>    from the Owasp Board or Employees about the Summit (as far as I can tell
>>    most, if not all, Owasp Summit 2017 related posts have been started by me
>>    or Seba, with Tom being the exception on his help on trying to get the
>>    chapters/projects to sponsor the Summit)
>>    - *Owasp global distribution list - *Yes I know that this needs to be
>>    used very carefully, but its outreach is massive and the Summit is exactly
>>    the kind of event that we should be making out global community aware of
>>    - *Owasp Home page* - There are no links (or mentions) in the home
>>    page about the Summit (I know that you need to be careful on which evens to
>>    expose there, but the Summit should be seen as an special event due to the
>>    amount of work that will be done and amount of collaboration that will
>>    occur)
>>    - *Official Owasp Press Release *- This is another kind of activity
>>    where sending it from the OWASP mothership would do wonders to the Summit's
>>    promotion (ideally with some quotes from OWASP Board and other high profile
>>    Summit Participants, like Neil from Capital One
>>    <http://owaspsummit.org/Participants/ticket-24h-sponsor/Neil-Barlow.html>
>>    )
>>
>> Note that at the moment there is $0 USD direct support from the Owasp
>> Mothership to the Summit. What we currently have is:
>>
>>    - $6,000 from Project outreach funds (where each participant applied
>> directly to Owasp)
>>    - $150k buffer that were used to book the venue, only on the condition
>> that all amount was recovered with tickets and sponsorships (i.e. we can't
>> use those funds to cover any operational expenses or to fund participants
>> that still need funding to attend
>> <http://owaspsummit.org/pages/for-editors/participants/need-funding.html> the
>> Summit). Thanks Andrew, Johanna and Matt for making this happen, it helped
>> us to secure the venue.
>>
>> *About the Summit:*
>>
>> The Summit has massive amounts of energy at the moment and it is a really
>> good story for OWASP.
>>
>> This is the kind of event that only Owasp can create and the fact that we
>> have already so many participants (in a pure grass-roots effort) is a good
>> testament to the power and trust that the community has in Owasp
>>
>> In terms of the current Owasp Summit 2017 content, you probably have not
>> had the time to catch up with the latest changes (after all they are
>> happening very fast these days :)  ), so here is a quick overview of the
>> Working Sessions we have planned.
>>
>> Due to the number of Working Sessions planned (122 at last count), we are
>> organising them in (12) Tracks:
>>
>>    - *Threat Modeling
>>    <http://owaspsummit.org/Working-Sessions/Threat-Model/>* - This is
>>    one of the strongest tracks. If you look at the 'Threat Model' talent that
>>    will be there (Adam S, Tony UV, Stephen V,  and others...), you can see
>>    that we really *have most of the core Threat Modeling talent in the
>>    world coming to the Summit!* If there is one hard-core AppSec topic
>>    that we should be promoting about the Summit, we should be talking about
>>    the fact that we will be making a big difference in Threat Modeling (check
>>    out the Working Sessions topics)
>>    - *OwaspSAMM <http://owaspsummit.org/Working-Sessions/OwaspSAMM/> *-
>>    This is another track where we have the main contributors and users of this
>>    Owasp project participating at the Summit (hopefully we will also have a
>>    good representation of companies that are already using this Maturity
>>    Model)
>>    - *DevSecOps* <http://owaspsummit.org/Working-Sessions/DevSecOps/> -
>>    This track is the one that has been generating quite a lot of buzz on the
>>    people we talk to, since it is addressing real pain points and problems
>>    that companies have today
>>    - *Education* <http://owaspsummit.org/Working-Sessions/Education/> -
>>    Always strong in OWASP, this Track ranges from University master degree to
>>    how to create the next generation of AppSec professionals
>>    - *Mobile Security*
>>    <http://owaspsummit.org/Working-Sessions/Mobile-Security/> - Another
>>    track where the key Owasp leaders of Mobile related Owasp projects are
>>    participating
>>    - *CISO* <http://owaspsummit.org/Working-Sessions/CISO/> - This track
>>    has started slow, but is now really reaching a wide audience of CISOs and
>>    covering a wide range of CISO related topics
>>    - *Research* <http://owaspsummit.org/Working-Sessions/Research/> -
>>    This is a recently added track, but is already covering really important
>>    and interesting research topics (it's important to also look at the future
>>    and work on the next generation of Application Security)
>>    - *Agile AppSec
>>    <http://owaspsummit.org/Working-Sessions/Agile-AppSec/> *- This is a
>>    Track driven by a couple participants that really care about Agile and want
>>    to find better ways to integrate it with AppSec practices
>>    - *Security Crowdsourcing*
>>    <http://owaspsummit.org/Working-Sessions/Security-Crowdsourcing/> -
>>    This is a Track that is focused on scaling AppSec activities via internal
>>    and external crowdsourcing
>>    - *Tools* <http://owaspsummit.org/Working-Sessions/Tools/> - Track
>>    focused on specific tools or services
>>    - *Owasp <http://owaspsummit.org/Working-Sessions/Owasp/> *- As
>>    always, once the number of Owasp leaders per square meter goes up, there is
>>    always the opportunity to address important organisational and operational
>>    Owasp related issues
>>    - *Owasp Project's Summit*
>>    <http://owaspsummit.org/Working-Sessions/Project-Summit/> - last but
>>    not least, here are all the 31x Working Sessions directly related to an
>>    Owasp Project. I'm sure you will agree that it is a pretty impressive list
>>    of Owasp Projects (with most having the Project Leader participating)
>>
>> In terms of Working Sessions, at the moment we have 122 created (with a
>> good number more still on the works) and probably the most high profile
>> ones will be the Owasp Top 10 related (Implications of Owasp Top 10 2017
>> <http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017>  and Data
>> behind Owasp Top 10 2017
>> <http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017/Data-behind-OWASP-Top-10-2017.html>)
>> which given the fact that Dave Wichers
>> <http://owaspsummit.org/Participants/Dave-Wichers.html> is attending,
>> are bound to be quite 'interesting'.
>>
>> I believe most of you participated at one of the last Summits, but if you
>> want a refresher or want to read the current plan, please see the Working
>> Sessions - How <http://owaspsummit.org/website/working-sessions-how.html>
>>  page.
>>
>> As I hope you agree, we have an amazing opportunity here to really make a
>> difference in the Application Security world in 2017, *what we need is
>> some help from the Owasp mothership.*
>>
>> We have a pretty good Summit Organisation team (Seba, Francois and me)
>> and 6 Summit Editors (sponsored Summit participants that are helping before
>> the Summit), so please let us know how we can help you to help the Summit :)
>>
>> Thanks
>>
>> Dinis, Seba and Francois
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
*Mark Miller, Senior Storyteller*
*Editor/Moderator, DevOps Group on LinkedIn (32K members and growing)*
*Host and Executive Producer, OWASP 24/7 Podcast Channel*
*Community Advocate, Sonatype*

*Developers and Application Security: Who is Responsible?*
<https://www.surveymonkey.com/s/Developers_and_AppSec>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170514/72c671a9/attachment-0001.html>


More information about the OWASP-Leaders mailing list