[Owasp-leaders] how can you help - support ? (Fwd: Help with OWASP Summit 2017 Outreach)

Tiffany Long tiffany.long at owasp.org
Mon May 15 08:16:14 UTC 2017


Hey All,

As a regional event, most of the support I will give you in is the form of
editing, hosting and sharing.  For instance, you are absolutely welcome to
write a blog post for the summit (the next regular slot is next Monday, 10
am PST).  If you write a rough draft, I would be glad to read, edit it, and
offer suggestions for improvement, but I cannot allot time to originate the
content.  You have invitations to become blog authors waiting.

I will also set up auto retweet of your items again and available to advise
on anything you might need.

As a regional event, you should see a couple of tweets originating from the
OWASP twitter handle in the next week as all regional events get a tweet
planned a few weeks before their event.

Regional events get significantly less material support than global
events--from my side this is more a factor of time than of the financial
split. Below I will address the rest of your points in order:

*OWASP LinkedIn: * As a member of the OWASP Linked in group you are allowed
to post in the group. Many events post the blogs from their event sites
there.  Once a month we can release a single item as a post, discussion,
and email to all of our members.  When this is not used for global events
or major announcements, I give it to regional events or write a post
discussing upcoming events.  If Laura does not need it, you can use it.  It
can go out at anytime this month.  All you need to do is write the content
and let me know you wish to do it.

*Connector:*  Once again, nothing was submitted for the connector.  If you
would like to submit something, please do so.  I suggest writing a blog
post as that will be included in the connector as well.

*Conferences and Chapters: *As a regional event you have access to the
Leader's List and can absolutely ask chapter leaders to promote the event.
I suggest including a slide promoting the event so they can easily promote
it in their meetings, or giving a sample email/script for them to send to
their lists.  Making it easy for chapter leaders to share your information
is the best way to get them to do so.

We promoted the event at the conference via handouts.

*Leader's List: *Once again, as a regional event, our role is much more
advisory than hands on.  Without a specific request, I don't promote
anything on the leader's list, other regional event runners are treated
exactly the same.  If for example, you said "Hey Tiffany, we need help
getting people to apply for the CFP!"  I would give you a repeatable plan
of action for promoting the CFP and then maybe toss off an email to the
Leader's list about that specific item. Do you have a specific need that
you would like me to help promote? Otherwise there is simply no clear
message I can send.

*Owasp global distribution list:  *I would be glad to send a message from
here.  Once again, provide me with a first draft and I will help you write
it.  Remember, I am not part of the planning committee.  I do not know what
is important or exciting or needed.  I can help you shape the message, and
after a conversation help you plan the message, but you will have to do the
leg work for this.

*OWASP Home Page:* There is no advertising of any event on the home page.
Hopefully this will change with the website reboot, but until it does, the
page is so over worked that any additions will simply be lost.

*Press Release:* I would be glad to help write and release a press release.
 the cost ranges from $300 to a few thousand depending on where you want it
to go.  We can discuss this if you are still interested.

If you would like a call to discuss your needs, I will be back in the
states on Wednesday.

Best,
Tiffany

Tiffany Long
Community Manager

On Mon, May 15, 2017 at 12:17 AM, Dinis Cruz <dinis.cruz at owasp.org> wrote:

> Thanks Mark,
>
> I just added it as blog entry at http://owaspsummit.org/
> 2017/05/15/Seba-on-Owasp-Podcast.html
>
> Dinis
>
> On 14 May 2017 at 23:40, Mark Miller <mark.miller at owasp.org> wrote:
>
>> If you'd like to hear more about the Summit, Seba and I go together at
>> AppSec EU 2017 Belfast and recorded a short update.
>>
>> https://soundcloud.com/owasp-podcast/less-than-10-minutes-se
>> ries-owasp-summit-2017
>>
>> Mark
>>
>>
>> On Mon, May 8, 2017 at 1:34 AM, Seba <seba at owasp.org> wrote:
>>
>>> Hi fellow-leaders,
>>>
>>> Check out our request below to the board & staff. We hope to have your
>>> support on this!
>>>
>>> A couple of ways you can help us:
>>>
>>> 1) support our request for funding towards your favourite board
>>> member(s)!
>>> 2) if you have budget available (see https://www.owasp.org/index.ph
>>> p/Donation_Scoreboard chapters - $882,638, projects $114,126): please
>>> sponsor your surplus budget to the summit? We expect the outcome of the
>>> summit to be fantastically useful for all chapter and owasp projects
>>> worldwide.
>>> 3) join us at the summit! http://owaspsummit.org/website/buy-ticket.html
>>>
>>>
>>> kind regards,
>>>
>>> Seba, Dinis, Francois
>>>
>>>
>>> ---------- Forwarded message ---------
>>> From: Seba <seba at owasp.org>
>>> Date: Mon, May 8, 2017 at 7:24 AM
>>> Subject: Re: Help with OWASP Summit 2017 Outreach
>>> To: Dinis Cruz <dinis.cruz at owasp.org>, Matt Tesauro <
>>> matt.tesauro at owasp.org>, johanna curiel curiel <johanna.curiel at owasp.org>,
>>> Claudia Casanovas <Claudia.Aviles-Casanovas at owasp.org>, Tom Brennan <
>>> tomb at owasp.org>, Matt Konda <matt.konda at owasp.org>, vanderaj vanderaj <
>>> vanderaj at owasp.org>, Josh Sokol <josh.sokol at owasp.org>, Michael Coates <
>>> michael.coates at owasp.org>, Tobias Gondrom <tobias.gondrom at owasp.org>,
>>> Kate Hartmann <kate.hartmann at owasp.org>, Tiffany Long <
>>> tiffany.long at owasp.org>, Laura Grau <laura.grau at owasp.org>, Kelly
>>> Santalucia <kelly.santalucia at owasp.org>, alison.shrader at owasp.org <
>>> alison.shrader at owasp.org>, Dawn Aitken <dawn.aitken at owasp.org>, Hugo
>>> Costa <hugo.costa at owasp.org>, owasp-board at owasp.org <
>>> owasp-board at owasp.org>, OWASP Foundation Board List <
>>> owasp-board at lists.owasp.org>
>>> Cc: Francois <francois at devseccon.com>
>>>
>>>
>>> Hi Owasp Board and Owasp Employees,
>>>
>>> One way to help us, is with financial and operational support.
>>>
>>> The OWASP Summit is getting great traction:
>>>
>>>    - 70+ confirmed participants
>>>    - 105 Working sessions planned
>>>
>>> For more details, see the email from Dinis below.
>>>
>>> We started the OWASP Summit last year and so far, have run the summit on
>>> a shoestring budget.
>>> We used the 150K USD seed fund from the board to reserve the lodges and
>>> conference rooms of the venue.
>>> With the currently confirmed sponsors, participants and the
>>> registrations in the pipeline, we are confident that we will break even on
>>> the venue and the catering.
>>> This means we will be able to return the seed fund, which is great news.
>>>
>>> However, *we need extra funding:*
>>>
>>> 1) The first funding we need is to get the amazing OWASP leaders and
>>> contributors that need support (flight+ticket) to the summit!
>>> Check out the list here http://owaspsummit.org/pa
>>> ges/for-editors/participants/need-funding.html
>>> In total we need about *33K USD to cover 17 people* to contribute to
>>> the success of the summit.
>>>
>>> 2) Everything we have done so far (Dinis, Francois, 6 summit editors and
>>> myself) has been done with our volunteer time.
>>> But for the summit to become a success, we need the support of a
>>> professional operations team with an operations budget.
>>> We currently estimate this *operations to cost about 50K USD*:
>>> - 10k for Tickets and flights for OWASP (or other operational) staff
>>> and/or participating Board Members
>>> - 20k for operational team expenses (before summit)
>>>    - venue accommodation for team that will go to the venue for the
>>> weekend before the Summit
>>>    - temp contractors to help with logistics and scheduling
>>>    - printing, signage and logistics
>>> -  20k for operational team expenses (during the Summit)
>>>    - venue accommodation for operational team (during summit)
>>>    - temp contractors to help with logistics and scheduling
>>>    - extra internet connection
>>>    - other misc expenses
>>> As we stand today these costs are *‘critical’ for the Summit success.*
>>>
>>> Of course we will try to cover these costs and reach a profit (and we
>>> are going on the right direction), but *at the moment we do not have
>>> that budget.*
>>>
>>> *So in total we need about 85K USD to get extra people to the summit and
>>> have a professional operations team in place.*
>>>
>>> One option (for the board) is for you to *allow us to use the 150k as a
>>> buffer (knowing that we might need to use it).*
>>> That should be seen as an ‘investment’ for OWASP, not a cost (after all
>>> that is why owasp should make money)
>>> Another option is to budget for 85K USD for the summit as separate
>>> investment from the OWASP foundation in the summit.
>>>
>>> Thanks for considering this request (I have scheduled this as new
>>> business for the upcoming board meeting tomorrow).
>>> If you are in Belfast, we can discuss face to face.
>>>
>>> Otherwise, happy to discuss by email or to schedule call(s).
>>>
>>> Kind regards,
>>>
>>> Seba, Dinis, Francois.
>>>
>>>
>>> On Sun, May 7, 2017 at 8:26 PM Dinis Cruz <dinis.cruz at owasp.org> wrote:
>>>
>>>> Hi Owasp Board and Owasp Employees, I would like to ask for some help
>>>> in promoting the Owasp Summit 2017 <http://owaspsummit.org/>.
>>>>
>>>> We are now in the critical phase of the Summit where we have reached
>>>> critical mass and really could do with some extra help from the Owasp
>>>> mothership (after all this is an Owasp event to/for the Owasp community)
>>>>
>>>> Here are the areas where you could help
>>>>
>>>>    - *Owasp Twitter <https://twitter.com/Owasp> *- with 78.5k
>>>>    followers the retweet of important milestones or Tweets about the Summit
>>>>    would reach quite a wide audience (note that in 2017 there has only been
>>>>    one (1) tweet about the Owasp Summit, and that was a retweet of one of
>>>>    Tom's tweet)
>>>>    - *Owasp Blog <https://owasp.blogspot.co.uk/>* - I don't know how
>>>>    many subscribers, but I'm sure it's reach is quite wide. Note that as far
>>>>    as I can tell there has been no blog post about the Summit
>>>>    - *Owasp LinkedIn <https://www.linkedin.com/company-beta/250673/> *-
>>>>    with 19k followers, this would also be a great way to reach potential
>>>>    Summit Attendees
>>>>    - *Owasp monthly newsletter - *The last Owasp Connector
>>>>    <https://owasp.blogspot.co.uk/2017/04/April2017Connector.html> only
>>>>    has one link to the Owasp Summit 2017, with a large feature being allocated
>>>>    to the Project Summit and Developer Summit happing at AppSec EU. Note that
>>>>    I'm not saying we shouldn't be promoting those activities (at AppSec EU),
>>>>    but as you can see by the number of Working Sessions
>>>>    <http://owaspsummit.org/website/working-sessions.html> and
>>>>    Participants <http://owaspsummit.org/website/participants.html>,
>>>>    the Owasp Summit 2017 will be a much bigger event
>>>>    - *Owasp Conferences and Chapters - *With the high number of events
>>>>    that Owasp will organise or be involved between now and the Summit, it
>>>>    would be great if the Owasp mothership asked these events to promote the
>>>>    Summit
>>>>    - *Owasp Leaders list* - This is the list that reaches our trusted
>>>>    leaders and it would make a massive difference if there were a couple posts
>>>>    from the Owasp Board or Employees about the Summit (as far as I can tell
>>>>    most, if not all, Owasp Summit 2017 related posts have been started by me
>>>>    or Seba, with Tom being the exception on his help on trying to get the
>>>>    chapters/projects to sponsor the Summit)
>>>>    - *Owasp global distribution list - *Yes I know that this needs to
>>>>    be used very carefully, but its outreach is massive and the Summit is
>>>>    exactly the kind of event that we should be making out global community
>>>>    aware of
>>>>    - *Owasp Home page* - There are no links (or mentions) in the home
>>>>    page about the Summit (I know that you need to be careful on which evens to
>>>>    expose there, but the Summit should be seen as an special event due to the
>>>>    amount of work that will be done and amount of collaboration that will
>>>>    occur)
>>>>    - *Official Owasp Press Release *- This is another kind of activity
>>>>    where sending it from the OWASP mothership would do wonders to the Summit's
>>>>    promotion (ideally with some quotes from OWASP Board and other high profile
>>>>    Summit Participants, like Neil from Capital One
>>>>    <http://owaspsummit.org/Participants/ticket-24h-sponsor/Neil-Barlow.html>
>>>>    )
>>>>
>>>> Note that at the moment there is $0 USD direct support from the Owasp
>>>> Mothership to the Summit. What we currently have is:
>>>>
>>>>    - $6,000 from Project outreach funds (where each participant applied
>>>> directly to Owasp)
>>>>    - $150k buffer that were used to book the venue, only on the
>>>> condition that all amount was recovered with tickets and sponsorships (i.e.
>>>> we can't use those funds to cover any operational expenses or to fund
>>>> participants that still need funding to attend
>>>> <http://owaspsummit.org/pages/for-editors/participants/need-funding.html> the
>>>> Summit). Thanks Andrew, Johanna and Matt for making this happen, it helped
>>>> us to secure the venue.
>>>>
>>>> *About the Summit:*
>>>>
>>>> The Summit has massive amounts of energy at the moment and it is a
>>>> really good story for OWASP.
>>>>
>>>> This is the kind of event that only Owasp can create and the fact that
>>>> we have already so many participants (in a pure grass-roots effort) is a
>>>> good testament to the power and trust that the community has in Owasp
>>>>
>>>> In terms of the current Owasp Summit 2017 content, you probably have
>>>> not had the time to catch up with the latest changes (after all they are
>>>> happening very fast these days :)  ), so here is a quick overview of the
>>>> Working Sessions we have planned.
>>>>
>>>> Due to the number of Working Sessions planned (122 at last count), we
>>>> are organising them in (12) Tracks:
>>>>
>>>>    - *Threat Modeling
>>>>    <http://owaspsummit.org/Working-Sessions/Threat-Model/>* - This is
>>>>    one of the strongest tracks. If you look at the 'Threat Model' talent that
>>>>    will be there (Adam S, Tony UV, Stephen V,  and others...), you can see
>>>>    that we really *have most of the core Threat Modeling talent in the
>>>>    world coming to the Summit!* If there is one hard-core AppSec topic
>>>>    that we should be promoting about the Summit, we should be talking about
>>>>    the fact that we will be making a big difference in Threat Modeling (check
>>>>    out the Working Sessions topics)
>>>>    - *OwaspSAMM <http://owaspsummit.org/Working-Sessions/OwaspSAMM/> *-
>>>>    This is another track where we have the main contributors and users of this
>>>>    Owasp project participating at the Summit (hopefully we will also have a
>>>>    good representation of companies that are already using this Maturity
>>>>    Model)
>>>>    - *DevSecOps* <http://owaspsummit.org/Working-Sessions/DevSecOps/> -
>>>>    This track is the one that has been generating quite a lot of buzz on the
>>>>    people we talk to, since it is addressing real pain points and problems
>>>>    that companies have today
>>>>    - *Education* <http://owaspsummit.org/Working-Sessions/Education/> -
>>>>    Always strong in OWASP, this Track ranges from University master degree to
>>>>    how to create the next generation of AppSec professionals
>>>>    - *Mobile Security*
>>>>    <http://owaspsummit.org/Working-Sessions/Mobile-Security/> -
>>>>    Another track where the key Owasp leaders of Mobile related Owasp projects
>>>>    are participating
>>>>    - *CISO* <http://owaspsummit.org/Working-Sessions/CISO/> - This
>>>>    track has started slow, but is now really reaching a wide audience of CISOs
>>>>    and covering a wide range of CISO related topics
>>>>    - *Research* <http://owaspsummit.org/Working-Sessions/Research/> -
>>>>    This is a recently added track, but is already covering really important
>>>>    and interesting research topics (it's important to also look at the future
>>>>    and work on the next generation of Application Security)
>>>>    - *Agile AppSec
>>>>    <http://owaspsummit.org/Working-Sessions/Agile-AppSec/> *- This is
>>>>    a Track driven by a couple participants that really care about Agile and
>>>>    want to find better ways to integrate it with AppSec practices
>>>>    - *Security Crowdsourcing*
>>>>    <http://owaspsummit.org/Working-Sessions/Security-Crowdsourcing/> -
>>>>    This is a Track that is focused on scaling AppSec activities via internal
>>>>    and external crowdsourcing
>>>>    - *Tools* <http://owaspsummit.org/Working-Sessions/Tools/> - Track
>>>>    focused on specific tools or services
>>>>    - *Owasp <http://owaspsummit.org/Working-Sessions/Owasp/> *- As
>>>>    always, once the number of Owasp leaders per square meter goes up, there is
>>>>    always the opportunity to address important organisational and operational
>>>>    Owasp related issues
>>>>    - *Owasp Project's Summit*
>>>>    <http://owaspsummit.org/Working-Sessions/Project-Summit/> - last
>>>>    but not least, here are all the 31x Working Sessions directly related to an
>>>>    Owasp Project. I'm sure you will agree that it is a pretty impressive list
>>>>    of Owasp Projects (with most having the Project Leader participating)
>>>>
>>>> In terms of Working Sessions, at the moment we have 122 created (with a
>>>> good number more still on the works) and probably the most high profile
>>>> ones will be the Owasp Top 10 related (Implications of Owasp Top 10
>>>> 2017 <http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017>  and Data
>>>> behind Owasp Top 10 2017
>>>> <http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017/Data-behind-OWASP-Top-10-2017.html>)
>>>> which given the fact that Dave Wichers
>>>> <http://owaspsummit.org/Participants/Dave-Wichers.html> is attending,
>>>> are bound to be quite 'interesting'.
>>>>
>>>> I believe most of you participated at one of the last Summits, but if
>>>> you want a refresher or want to read the current plan, please see the Working
>>>> Sessions - How
>>>> <http://owaspsummit.org/website/working-sessions-how.html> page.
>>>>
>>>> As I hope you agree, we have an amazing opportunity here to really make
>>>> a difference in the Application Security world in 2017, *what we need
>>>> is some help from the Owasp mothership.*
>>>>
>>>> We have a pretty good Summit Organisation team (Seba, Francois and me)
>>>> and 6 Summit Editors (sponsored Summit participants that are helping before
>>>> the Summit), so please let us know how we can help you to help the Summit :)
>>>>
>>>> Thanks
>>>>
>>>> Dinis, Seba and Francois
>>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>>
>> --
>> *Mark Miller, Senior Storyteller*
>> *Editor/Moderator, DevOps Group on LinkedIn (32K members and growing)*
>> *Host and Executive Producer, OWASP 24/7 Podcast Channel*
>> *Community Advocate, Sonatype*
>>
>> *Developers and Application Security: Who is Responsible?*
>> <https://www.surveymonkey.com/s/Developers_and_AppSec>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170515/95c66484/attachment-0001.html>


More information about the OWASP-Leaders mailing list