[Owasp-leaders] how can you help - support ? (Fwd: Help with OWASP Summit 2017 Outreach)

Dinis Cruz dinis.cruz at owasp.org
Sun May 14 23:17:08 UTC 2017

Thanks Mark,

I just added it as blog entry at


On 14 May 2017 at 23:40, Mark Miller <mark.miller at owasp.org> wrote:

> If you'd like to hear more about the Summit, Seba and I go together at
> AppSec EU 2017 Belfast and recorded a short update.
> https://soundcloud.com/owasp-podcast/less-than-10-minutes-
> series-owasp-summit-2017
> Mark
> On Mon, May 8, 2017 at 1:34 AM, Seba <seba at owasp.org> wrote:
>> Hi fellow-leaders,
>> Check out our request below to the board & staff. We hope to have your
>> support on this!
>> A couple of ways you can help us:
>> 1) support our request for funding towards your favourite board member(s)!
>> 2) if you have budget available (see https://www.owasp.org/index.ph
>> p/Donation_Scoreboard chapters - $882,638, projects $114,126): please
>> sponsor your surplus budget to the summit? We expect the outcome of the
>> summit to be fantastically useful for all chapter and owasp projects
>> worldwide.
>> 3) join us at the summit! http://owaspsummit.org/website/buy-ticket.html
>> kind regards,
>> Seba, Dinis, Francois
>> ---------- Forwarded message ---------
>> From: Seba <seba at owasp.org>
>> Date: Mon, May 8, 2017 at 7:24 AM
>> Subject: Re: Help with OWASP Summit 2017 Outreach
>> To: Dinis Cruz <dinis.cruz at owasp.org>, Matt Tesauro <
>> matt.tesauro at owasp.org>, johanna curiel curiel <johanna.curiel at owasp.org>,
>> Claudia Casanovas <Claudia.Aviles-Casanovas at owasp.org>, Tom Brennan <
>> tomb at owasp.org>, Matt Konda <matt.konda at owasp.org>, vanderaj vanderaj <
>> vanderaj at owasp.org>, Josh Sokol <josh.sokol at owasp.org>, Michael Coates <
>> michael.coates at owasp.org>, Tobias Gondrom <tobias.gondrom at owasp.org>,
>> Kate Hartmann <kate.hartmann at owasp.org>, Tiffany Long <
>> tiffany.long at owasp.org>, Laura Grau <laura.grau at owasp.org>, Kelly
>> Santalucia <kelly.santalucia at owasp.org>, alison.shrader at owasp.org <
>> alison.shrader at owasp.org>, Dawn Aitken <dawn.aitken at owasp.org>, Hugo
>> Costa <hugo.costa at owasp.org>, owasp-board at owasp.org <
>> owasp-board at owasp.org>, OWASP Foundation Board List <
>> owasp-board at lists.owasp.org>
>> Cc: Francois <francois at devseccon.com>
>> Hi Owasp Board and Owasp Employees,
>> One way to help us, is with financial and operational support.
>> The OWASP Summit is getting great traction:
>>    - 70+ confirmed participants
>>    - 105 Working sessions planned
>> For more details, see the email from Dinis below.
>> We started the OWASP Summit last year and so far, have run the summit on
>> a shoestring budget.
>> We used the 150K USD seed fund from the board to reserve the lodges and
>> conference rooms of the venue.
>> With the currently confirmed sponsors, participants and the registrations
>> in the pipeline, we are confident that we will break even on the venue and
>> the catering.
>> This means we will be able to return the seed fund, which is great news.
>> However, *we need extra funding:*
>> 1) The first funding we need is to get the amazing OWASP leaders and
>> contributors that need support (flight+ticket) to the summit!
>> Check out the list here http://owaspsummit.org/pa
>> ges/for-editors/participants/need-funding.html
>> In total we need about *33K USD to cover 17 people* to contribute to the
>> success of the summit.
>> 2) Everything we have done so far (Dinis, Francois, 6 summit editors and
>> myself) has been done with our volunteer time.
>> But for the summit to become a success, we need the support of a
>> professional operations team with an operations budget.
>> We currently estimate this *operations to cost about 50K USD*:
>> - 10k for Tickets and flights for OWASP (or other operational) staff
>> and/or participating Board Members
>> - 20k for operational team expenses (before summit)
>>    - venue accommodation for team that will go to the venue for the
>> weekend before the Summit
>>    - temp contractors to help with logistics and scheduling
>>    - printing, signage and logistics
>> -  20k for operational team expenses (during the Summit)
>>    - venue accommodation for operational team (during summit)
>>    - temp contractors to help with logistics and scheduling
>>    - extra internet connection
>>    - other misc expenses
>> As we stand today these costs are *‘critical’ for the Summit success.*
>> Of course we will try to cover these costs and reach a profit (and we are
>> going on the right direction), but *at the moment we do not have that
>> budget.*
>> *So in total we need about 85K USD to get extra people to the summit and
>> have a professional operations team in place.*
>> One option (for the board) is for you to *allow us to use the 150k as a
>> buffer (knowing that we might need to use it).*
>> That should be seen as an ‘investment’ for OWASP, not a cost (after all
>> that is why owasp should make money)
>> Another option is to budget for 85K USD for the summit as separate
>> investment from the OWASP foundation in the summit.
>> Thanks for considering this request (I have scheduled this as new
>> business for the upcoming board meeting tomorrow).
>> If you are in Belfast, we can discuss face to face.
>> Otherwise, happy to discuss by email or to schedule call(s).
>> Kind regards,
>> Seba, Dinis, Francois.
>> On Sun, May 7, 2017 at 8:26 PM Dinis Cruz <dinis.cruz at owasp.org> wrote:
>>> Hi Owasp Board and Owasp Employees, I would like to ask for some help in
>>> promoting the Owasp Summit 2017 <http://owaspsummit.org/>.
>>> We are now in the critical phase of the Summit where we have reached
>>> critical mass and really could do with some extra help from the Owasp
>>> mothership (after all this is an Owasp event to/for the Owasp community)
>>> Here are the areas where you could help
>>>    - *Owasp Twitter <https://twitter.com/Owasp> *- with 78.5k followers
>>>    the retweet of important milestones or Tweets about the Summit would reach
>>>    quite a wide audience (note that in 2017 there has only been one (1) tweet
>>>    about the Owasp Summit, and that was a retweet of one of Tom's tweet)
>>>    - *Owasp Blog <https://owasp.blogspot.co.uk/>* - I don't know how
>>>    many subscribers, but I'm sure it's reach is quite wide. Note that as far
>>>    as I can tell there has been no blog post about the Summit
>>>    - *Owasp LinkedIn <https://www.linkedin.com/company-beta/250673/> *-
>>>    with 19k followers, this would also be a great way to reach potential
>>>    Summit Attendees
>>>    - *Owasp monthly newsletter - *The last Owasp Connector
>>>    <https://owasp.blogspot.co.uk/2017/04/April2017Connector.html> only
>>>    has one link to the Owasp Summit 2017, with a large feature being allocated
>>>    to the Project Summit and Developer Summit happing at AppSec EU. Note that
>>>    I'm not saying we shouldn't be promoting those activities (at AppSec EU),
>>>    but as you can see by the number of Working Sessions
>>>    <http://owaspsummit.org/website/working-sessions.html> and
>>>    Participants <http://owaspsummit.org/website/participants.html>, the
>>>    Owasp Summit 2017 will be a much bigger event
>>>    - *Owasp Conferences and Chapters - *With the high number of events
>>>    that Owasp will organise or be involved between now and the Summit, it
>>>    would be great if the Owasp mothership asked these events to promote the
>>>    Summit
>>>    - *Owasp Leaders list* - This is the list that reaches our trusted
>>>    leaders and it would make a massive difference if there were a couple posts
>>>    from the Owasp Board or Employees about the Summit (as far as I can tell
>>>    most, if not all, Owasp Summit 2017 related posts have been started by me
>>>    or Seba, with Tom being the exception on his help on trying to get the
>>>    chapters/projects to sponsor the Summit)
>>>    - *Owasp global distribution list - *Yes I know that this needs to
>>>    be used very carefully, but its outreach is massive and the Summit is
>>>    exactly the kind of event that we should be making out global community
>>>    aware of
>>>    - *Owasp Home page* - There are no links (or mentions) in the home
>>>    page about the Summit (I know that you need to be careful on which evens to
>>>    expose there, but the Summit should be seen as an special event due to the
>>>    amount of work that will be done and amount of collaboration that will
>>>    occur)
>>>    - *Official Owasp Press Release *- This is another kind of activity
>>>    where sending it from the OWASP mothership would do wonders to the Summit's
>>>    promotion (ideally with some quotes from OWASP Board and other high profile
>>>    Summit Participants, like Neil from Capital One
>>>    <http://owaspsummit.org/Participants/ticket-24h-sponsor/Neil-Barlow.html>
>>>    )
>>> Note that at the moment there is $0 USD direct support from the Owasp
>>> Mothership to the Summit. What we currently have is:
>>>    - $6,000 from Project outreach funds (where each participant applied
>>> directly to Owasp)
>>>    - $150k buffer that were used to book the venue, only on the
>>> condition that all amount was recovered with tickets and sponsorships (i.e.
>>> we can't use those funds to cover any operational expenses or to fund
>>> participants that still need funding to attend
>>> <http://owaspsummit.org/pages/for-editors/participants/need-funding.html> the
>>> Summit). Thanks Andrew, Johanna and Matt for making this happen, it helped
>>> us to secure the venue.
>>> *About the Summit:*
>>> The Summit has massive amounts of energy at the moment and it is a
>>> really good story for OWASP.
>>> This is the kind of event that only Owasp can create and the fact that
>>> we have already so many participants (in a pure grass-roots effort) is a
>>> good testament to the power and trust that the community has in Owasp
>>> In terms of the current Owasp Summit 2017 content, you probably have not
>>> had the time to catch up with the latest changes (after all they are
>>> happening very fast these days :)  ), so here is a quick overview of the
>>> Working Sessions we have planned.
>>> Due to the number of Working Sessions planned (122 at last count), we
>>> are organising them in (12) Tracks:
>>>    - *Threat Modeling
>>>    <http://owaspsummit.org/Working-Sessions/Threat-Model/>* - This is
>>>    one of the strongest tracks. If you look at the 'Threat Model' talent that
>>>    will be there (Adam S, Tony UV, Stephen V,  and others...), you can see
>>>    that we really *have most of the core Threat Modeling talent in the
>>>    world coming to the Summit!* If there is one hard-core AppSec topic
>>>    that we should be promoting about the Summit, we should be talking about
>>>    the fact that we will be making a big difference in Threat Modeling (check
>>>    out the Working Sessions topics)
>>>    - *OwaspSAMM <http://owaspsummit.org/Working-Sessions/OwaspSAMM/> *-
>>>    This is another track where we have the main contributors and users of this
>>>    Owasp project participating at the Summit (hopefully we will also have a
>>>    good representation of companies that are already using this Maturity
>>>    Model)
>>>    - *DevSecOps* <http://owaspsummit.org/Working-Sessions/DevSecOps/> -
>>>    This track is the one that has been generating quite a lot of buzz on the
>>>    people we talk to, since it is addressing real pain points and problems
>>>    that companies have today
>>>    - *Education* <http://owaspsummit.org/Working-Sessions/Education/> -
>>>    Always strong in OWASP, this Track ranges from University master degree to
>>>    how to create the next generation of AppSec professionals
>>>    - *Mobile Security*
>>>    <http://owaspsummit.org/Working-Sessions/Mobile-Security/> - Another
>>>    track where the key Owasp leaders of Mobile related Owasp projects are
>>>    participating
>>>    - *CISO* <http://owaspsummit.org/Working-Sessions/CISO/> - This
>>>    track has started slow, but is now really reaching a wide audience of CISOs
>>>    and covering a wide range of CISO related topics
>>>    - *Research* <http://owaspsummit.org/Working-Sessions/Research/> -
>>>    This is a recently added track, but is already covering really important
>>>    and interesting research topics (it's important to also look at the future
>>>    and work on the next generation of Application Security)
>>>    - *Agile AppSec
>>>    <http://owaspsummit.org/Working-Sessions/Agile-AppSec/> *- This is a
>>>    Track driven by a couple participants that really care about Agile and want
>>>    to find better ways to integrate it with AppSec practices
>>>    - *Security Crowdsourcing*
>>>    <http://owaspsummit.org/Working-Sessions/Security-Crowdsourcing/> -
>>>    This is a Track that is focused on scaling AppSec activities via internal
>>>    and external crowdsourcing
>>>    - *Tools* <http://owaspsummit.org/Working-Sessions/Tools/> - Track
>>>    focused on specific tools or services
>>>    - *Owasp <http://owaspsummit.org/Working-Sessions/Owasp/> *- As
>>>    always, once the number of Owasp leaders per square meter goes up, there is
>>>    always the opportunity to address important organisational and operational
>>>    Owasp related issues
>>>    - *Owasp Project's Summit*
>>>    <http://owaspsummit.org/Working-Sessions/Project-Summit/> - last but
>>>    not least, here are all the 31x Working Sessions directly related to an
>>>    Owasp Project. I'm sure you will agree that it is a pretty impressive list
>>>    of Owasp Projects (with most having the Project Leader participating)
>>> In terms of Working Sessions, at the moment we have 122 created (with a
>>> good number more still on the works) and probably the most high profile
>>> ones will be the Owasp Top 10 related (Implications of Owasp Top 10 2017
>>> <http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017>  and Data
>>> behind Owasp Top 10 2017
>>> <http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017/Data-behind-OWASP-Top-10-2017.html>)
>>> which given the fact that Dave Wichers
>>> <http://owaspsummit.org/Participants/Dave-Wichers.html> is attending,
>>> are bound to be quite 'interesting'.
>>> I believe most of you participated at one of the last Summits, but if
>>> you want a refresher or want to read the current plan, please see the Working
>>> Sessions - How
>>> <http://owaspsummit.org/website/working-sessions-how.html> page.
>>> As I hope you agree, we have an amazing opportunity here to really make
>>> a difference in the Application Security world in 2017, *what we need
>>> is some help from the Owasp mothership.*
>>> We have a pretty good Summit Organisation team (Seba, Francois and me)
>>> and 6 Summit Editors (sponsored Summit participants that are helping before
>>> the Summit), so please let us know how we can help you to help the Summit :)
>>> Thanks
>>> Dinis, Seba and Francois
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> --
> *Mark Miller, Senior Storyteller*
> *Editor/Moderator, DevOps Group on LinkedIn (32K members and growing)*
> *Host and Executive Producer, OWASP 24/7 Podcast Channel*
> *Community Advocate, Sonatype*
> *Developers and Application Security: Who is Responsible?*
> <https://www.surveymonkey.com/s/Developers_and_AppSec>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170515/54b3fdb5/attachment-0001.html>

More information about the OWASP-Leaders mailing list