[Owasp-leaders] how can you help - support ? (Fwd: Help with OWASP Summit 2017 Outreach)

Magno Logan magno.logan at owasp.org
Tue May 16 09:23:57 UTC 2017

Hi Tiffany,

Forgive my ignorance but why isn't the OWASP Summit a Global Event instead
of a Regional one? To my understanding it has all the features and
qualifications to be a global conference and it will have people from all
over world there, not just England or even Europe. What would take it to
become a global event? Thanks!


Att / Best Regards,

Magno Rodrigues, Security+
OWASP São Paulo - Chapter Leader <https://www.owasp.org/index.php/Sao_Paulo>
Twitter: @owaspsp <http://www.twitter.com/owaspsp> / @magnologan

On Mon, May 15, 2017 at 5:16 AM, Tiffany Long <tiffany.long at owasp.org>

> Hey All,
> As a regional event, most of the support I will give you in is the form of
> editing, hosting and sharing.  For instance, you are absolutely welcome to
> write a blog post for the summit (the next regular slot is next Monday, 10
> am PST).  If you write a rough draft, I would be glad to read, edit it, and
> offer suggestions for improvement, but I cannot allot time to originate the
> content.  You have invitations to become blog authors waiting.
> I will also set up auto retweet of your items again and available to
> advise on anything you might need.
> As a regional event, you should see a couple of tweets originating from
> the OWASP twitter handle in the next week as all regional events get a
> tweet planned a few weeks before their event.
> Regional events get significantly less material support than global
> events--from my side this is more a factor of time than of the financial
> split. Below I will address the rest of your points in order:
> *OWASP LinkedIn: * As a member of the OWASP Linked in group you are
> allowed to post in the group. Many events post the blogs from their event
> sites there.  Once a month we can release a single item as a post,
> discussion, and email to all of our members.  When this is not used for
> global events or major announcements, I give it to regional events or write
> a post discussing upcoming events.  If Laura does not need it, you can use
> it.  It can go out at anytime this month.  All you need to do is write the
> content and let me know you wish to do it.
> *Connector:*  Once again, nothing was submitted for the connector.  If
> you would like to submit something, please do so.  I suggest writing a blog
> post as that will be included in the connector as well.
> *Conferences and Chapters: *As a regional event you have access to the
> Leader's List and can absolutely ask chapter leaders to promote the event.
> I suggest including a slide promoting the event so they can easily promote
> it in their meetings, or giving a sample email/script for them to send to
> their lists.  Making it easy for chapter leaders to share your information
> is the best way to get them to do so.
> We promoted the event at the conference via handouts.
> *Leader's List: *Once again, as a regional event, our role is much more
> advisory than hands on.  Without a specific request, I don't promote
> anything on the leader's list, other regional event runners are treated
> exactly the same.  If for example, you said "Hey Tiffany, we need help
> getting people to apply for the CFP!"  I would give you a repeatable plan
> of action for promoting the CFP and then maybe toss off an email to the
> Leader's list about that specific item. Do you have a specific need that
> you would like me to help promote? Otherwise there is simply no clear
> message I can send.
> *Owasp global distribution list:  *I would be glad to send a message from
> here.  Once again, provide me with a first draft and I will help you write
> it.  Remember, I am not part of the planning committee.  I do not know what
> is important or exciting or needed.  I can help you shape the message, and
> after a conversation help you plan the message, but you will have to do the
> leg work for this.
> *OWASP Home Page:* There is no advertising of any event on the home
> page.  Hopefully this will change with the website reboot, but until it
> does, the page is so over worked that any additions will simply be lost.
> *Press Release:* I would be glad to help write and release a press
> release.  the cost ranges from $300 to a few thousand depending on where
> you want it to go.  We can discuss this if you are still interested.
> If you would like a call to discuss your needs, I will be back in the
> states on Wednesday.
> Best,
> Tiffany
> Tiffany Long
> Community Manager
> On Mon, May 15, 2017 at 12:17 AM, Dinis Cruz <dinis.cruz at owasp.org> wrote:
>> Thanks Mark,
>> I just added it as blog entry at http://owaspsummit.org/2017
>> /05/15/Seba-on-Owasp-Podcast.html
>> Dinis
>> On 14 May 2017 at 23:40, Mark Miller <mark.miller at owasp.org> wrote:
>>> If you'd like to hear more about the Summit, Seba and I go together at
>>> AppSec EU 2017 Belfast and recorded a short update.
>>> https://soundcloud.com/owasp-podcast/less-than-10-minutes-se
>>> ries-owasp-summit-2017
>>> Mark
>>> On Mon, May 8, 2017 at 1:34 AM, Seba <seba at owasp.org> wrote:
>>>> Hi fellow-leaders,
>>>> Check out our request below to the board & staff. We hope to have your
>>>> support on this!
>>>> A couple of ways you can help us:
>>>> 1) support our request for funding towards your favourite board
>>>> member(s)!
>>>> 2) if you have budget available (see https://www.owasp.org/index.ph
>>>> p/Donation_Scoreboard chapters - $882,638, projects $114,126): please
>>>> sponsor your surplus budget to the summit? We expect the outcome of the
>>>> summit to be fantastically useful for all chapter and owasp projects
>>>> worldwide.
>>>> 3) join us at the summit! http://owaspsummit.org
>>>> /website/buy-ticket.html
>>>> kind regards,
>>>> Seba, Dinis, Francois
>>>> ---------- Forwarded message ---------
>>>> From: Seba <seba at owasp.org>
>>>> Date: Mon, May 8, 2017 at 7:24 AM
>>>> Subject: Re: Help with OWASP Summit 2017 Outreach
>>>> To: Dinis Cruz <dinis.cruz at owasp.org>, Matt Tesauro <
>>>> matt.tesauro at owasp.org>, johanna curiel curiel <
>>>> johanna.curiel at owasp.org>, Claudia Casanovas <
>>>> Claudia.Aviles-Casanovas at owasp.org>, Tom Brennan <tomb at owasp.org>,
>>>> Matt Konda <matt.konda at owasp.org>, vanderaj vanderaj <
>>>> vanderaj at owasp.org>, Josh Sokol <josh.sokol at owasp.org>, Michael Coates
>>>> <michael.coates at owasp.org>, Tobias Gondrom <tobias.gondrom at owasp.org>,
>>>> Kate Hartmann <kate.hartmann at owasp.org>, Tiffany Long <
>>>> tiffany.long at owasp.org>, Laura Grau <laura.grau at owasp.org>, Kelly
>>>> Santalucia <kelly.santalucia at owasp.org>, alison.shrader at owasp.org <
>>>> alison.shrader at owasp.org>, Dawn Aitken <dawn.aitken at owasp.org>, Hugo
>>>> Costa <hugo.costa at owasp.org>, owasp-board at owasp.org <
>>>> owasp-board at owasp.org>, OWASP Foundation Board List <
>>>> owasp-board at lists.owasp.org>
>>>> Cc: Francois <francois at devseccon.com>
>>>> Hi Owasp Board and Owasp Employees,
>>>> One way to help us, is with financial and operational support.
>>>> The OWASP Summit is getting great traction:
>>>>    - 70+ confirmed participants
>>>>    - 105 Working sessions planned
>>>> For more details, see the email from Dinis below.
>>>> We started the OWASP Summit last year and so far, have run the summit
>>>> on a shoestring budget.
>>>> We used the 150K USD seed fund from the board to reserve the lodges and
>>>> conference rooms of the venue.
>>>> With the currently confirmed sponsors, participants and the
>>>> registrations in the pipeline, we are confident that we will break even on
>>>> the venue and the catering.
>>>> This means we will be able to return the seed fund, which is great news.
>>>> However, *we need extra funding:*
>>>> 1) The first funding we need is to get the amazing OWASP leaders and
>>>> contributors that need support (flight+ticket) to the summit!
>>>> Check out the list here http://owaspsummit.org/pa
>>>> ges/for-editors/participants/need-funding.html
>>>> In total we need about *33K USD to cover 17 people* to contribute to
>>>> the success of the summit.
>>>> 2) Everything we have done so far (Dinis, Francois, 6 summit editors
>>>> and myself) has been done with our volunteer time.
>>>> But for the summit to become a success, we need the support of a
>>>> professional operations team with an operations budget.
>>>> We currently estimate this *operations to cost about 50K USD*:
>>>> - 10k for Tickets and flights for OWASP (or other operational) staff
>>>> and/or participating Board Members
>>>> - 20k for operational team expenses (before summit)
>>>>    - venue accommodation for team that will go to the venue for the
>>>> weekend before the Summit
>>>>    - temp contractors to help with logistics and scheduling
>>>>    - printing, signage and logistics
>>>> -  20k for operational team expenses (during the Summit)
>>>>    - venue accommodation for operational team (during summit)
>>>>    - temp contractors to help with logistics and scheduling
>>>>    - extra internet connection
>>>>    - other misc expenses
>>>> As we stand today these costs are *‘critical’ for the Summit success.*
>>>> Of course we will try to cover these costs and reach a profit (and we
>>>> are going on the right direction), but *at the moment we do not have
>>>> that budget.*
>>>> *So in total we need about 85K USD to get extra people to the summit
>>>> and have a professional operations team in place.*
>>>> One option (for the board) is for you to *allow us to use the 150k as
>>>> a buffer (knowing that we might need to use it).*
>>>> That should be seen as an ‘investment’ for OWASP, not a cost (after all
>>>> that is why owasp should make money)
>>>> Another option is to budget for 85K USD for the summit as separate
>>>> investment from the OWASP foundation in the summit.
>>>> Thanks for considering this request (I have scheduled this as new
>>>> business for the upcoming board meeting tomorrow).
>>>> If you are in Belfast, we can discuss face to face.
>>>> Otherwise, happy to discuss by email or to schedule call(s).
>>>> Kind regards,
>>>> Seba, Dinis, Francois.
>>>> On Sun, May 7, 2017 at 8:26 PM Dinis Cruz <dinis.cruz at owasp.org> wrote:
>>>>> Hi Owasp Board and Owasp Employees, I would like to ask for some help
>>>>> in promoting the Owasp Summit 2017 <http://owaspsummit.org/>.
>>>>> We are now in the critical phase of the Summit where we have reached
>>>>> critical mass and really could do with some extra help from the Owasp
>>>>> mothership (after all this is an Owasp event to/for the Owasp community)
>>>>> Here are the areas where you could help
>>>>>    - *Owasp Twitter <https://twitter.com/Owasp> *- with 78.5k
>>>>>    followers the retweet of important milestones or Tweets about the Summit
>>>>>    would reach quite a wide audience (note that in 2017 there has only been
>>>>>    one (1) tweet about the Owasp Summit, and that was a retweet of one of
>>>>>    Tom's tweet)
>>>>>    - *Owasp Blog <https://owasp.blogspot.co.uk/>* - I don't know how
>>>>>    many subscribers, but I'm sure it's reach is quite wide. Note that as far
>>>>>    as I can tell there has been no blog post about the Summit
>>>>>    - *Owasp LinkedIn <https://www.linkedin.com/company-beta/250673/> *-
>>>>>    with 19k followers, this would also be a great way to reach potential
>>>>>    Summit Attendees
>>>>>    - *Owasp monthly newsletter - *The last Owasp Connector
>>>>>    <https://owasp.blogspot.co.uk/2017/04/April2017Connector.html> only
>>>>>    has one link to the Owasp Summit 2017, with a large feature being allocated
>>>>>    to the Project Summit and Developer Summit happing at AppSec EU. Note that
>>>>>    I'm not saying we shouldn't be promoting those activities (at AppSec EU),
>>>>>    but as you can see by the number of Working Sessions
>>>>>    <http://owaspsummit.org/website/working-sessions.html> and
>>>>>    Participants <http://owaspsummit.org/website/participants.html>,
>>>>>    the Owasp Summit 2017 will be a much bigger event
>>>>>    - *Owasp Conferences and Chapters - *With the high number of
>>>>>    events that Owasp will organise or be involved between now and the Summit,
>>>>>    it would be great if the Owasp mothership asked these events to promote the
>>>>>    Summit
>>>>>    - *Owasp Leaders list* - This is the list that reaches our trusted
>>>>>    leaders and it would make a massive difference if there were a couple posts
>>>>>    from the Owasp Board or Employees about the Summit (as far as I can tell
>>>>>    most, if not all, Owasp Summit 2017 related posts have been started by me
>>>>>    or Seba, with Tom being the exception on his help on trying to get the
>>>>>    chapters/projects to sponsor the Summit)
>>>>>    - *Owasp global distribution list - *Yes I know that this needs to
>>>>>    be used very carefully, but its outreach is massive and the Summit is
>>>>>    exactly the kind of event that we should be making out global community
>>>>>    aware of
>>>>>    - *Owasp Home page* - There are no links (or mentions) in the home
>>>>>    page about the Summit (I know that you need to be careful on which evens to
>>>>>    expose there, but the Summit should be seen as an special event due to the
>>>>>    amount of work that will be done and amount of collaboration that will
>>>>>    occur)
>>>>>    - *Official Owasp Press Release *- This is another kind of
>>>>>    activity where sending it from the OWASP mothership would do wonders to the
>>>>>    Summit's promotion (ideally with some quotes from OWASP Board and other
>>>>>    high profile Summit Participants, like Neil from Capital One
>>>>>    <http://owaspsummit.org/Participants/ticket-24h-sponsor/Neil-Barlow.html>
>>>>>    )
>>>>> Note that at the moment there is $0 USD direct support from the Owasp
>>>>> Mothership to the Summit. What we currently have is:
>>>>>    - $6,000 from Project outreach funds (where each participant
>>>>> applied directly to Owasp)
>>>>>    - $150k buffer that were used to book the venue, only on the
>>>>> condition that all amount was recovered with tickets and sponsorships (i.e.
>>>>> we can't use those funds to cover any operational expenses or to fund
>>>>> participants that still need funding to attend
>>>>> <http://owaspsummit.org/pages/for-editors/participants/need-funding.html> the
>>>>> Summit). Thanks Andrew, Johanna and Matt for making this happen, it helped
>>>>> us to secure the venue.
>>>>> *About the Summit:*
>>>>> The Summit has massive amounts of energy at the moment and it is a
>>>>> really good story for OWASP.
>>>>> This is the kind of event that only Owasp can create and the fact that
>>>>> we have already so many participants (in a pure grass-roots effort) is a
>>>>> good testament to the power and trust that the community has in Owasp
>>>>> In terms of the current Owasp Summit 2017 content, you probably have
>>>>> not had the time to catch up with the latest changes (after all they are
>>>>> happening very fast these days :)  ), so here is a quick overview of the
>>>>> Working Sessions we have planned.
>>>>> Due to the number of Working Sessions planned (122 at last count), we
>>>>> are organising them in (12) Tracks:
>>>>>    - *Threat Modeling
>>>>>    <http://owaspsummit.org/Working-Sessions/Threat-Model/>* - This is
>>>>>    one of the strongest tracks. If you look at the 'Threat Model' talent that
>>>>>    will be there (Adam S, Tony UV, Stephen V,  and others...), you can see
>>>>>    that we really *have most of the core Threat Modeling talent in
>>>>>    the world coming to the Summit!* If there is one hard-core AppSec
>>>>>    topic that we should be promoting about the Summit, we should be talking
>>>>>    about the fact that we will be making a big difference in Threat Modeling
>>>>>    (check out the Working Sessions topics)
>>>>>    - *OwaspSAMM <http://owaspsummit.org/Working-Sessions/OwaspSAMM/> *-
>>>>>    This is another track where we have the main contributors and users of this
>>>>>    Owasp project participating at the Summit (hopefully we will also have a
>>>>>    good representation of companies that are already using this Maturity
>>>>>    Model)
>>>>>    - *DevSecOps* <http://owaspsummit.org/Working-Sessions/DevSecOps/> -
>>>>>    This track is the one that has been generating quite a lot of buzz on the
>>>>>    people we talk to, since it is addressing real pain points and problems
>>>>>    that companies have today
>>>>>    - *Education* <http://owaspsummit.org/Working-Sessions/Education/> -
>>>>>    Always strong in OWASP, this Track ranges from University master degree to
>>>>>    how to create the next generation of AppSec professionals
>>>>>    - *Mobile Security*
>>>>>    <http://owaspsummit.org/Working-Sessions/Mobile-Security/> -
>>>>>    Another track where the key Owasp leaders of Mobile related Owasp projects
>>>>>    are participating
>>>>>    - *CISO* <http://owaspsummit.org/Working-Sessions/CISO/> - This
>>>>>    track has started slow, but is now really reaching a wide audience of CISOs
>>>>>    and covering a wide range of CISO related topics
>>>>>    - *Research* <http://owaspsummit.org/Working-Sessions/Research/> -
>>>>>    This is a recently added track, but is already covering really important
>>>>>    and interesting research topics (it's important to also look at the future
>>>>>    and work on the next generation of Application Security)
>>>>>    - *Agile AppSec
>>>>>    <http://owaspsummit.org/Working-Sessions/Agile-AppSec/> *- This is
>>>>>    a Track driven by a couple participants that really care about Agile and
>>>>>    want to find better ways to integrate it with AppSec practices
>>>>>    - *Security Crowdsourcing*
>>>>>    <http://owaspsummit.org/Working-Sessions/Security-Crowdsourcing/>
>>>>>    - This is a Track that is focused on scaling AppSec activities via internal
>>>>>    and external crowdsourcing
>>>>>    - *Tools* <http://owaspsummit.org/Working-Sessions/Tools/> - Track
>>>>>    focused on specific tools or services
>>>>>    - *Owasp <http://owaspsummit.org/Working-Sessions/Owasp/> *- As
>>>>>    always, once the number of Owasp leaders per square meter goes up, there is
>>>>>    always the opportunity to address important organisational and operational
>>>>>    Owasp related issues
>>>>>    - *Owasp Project's Summit*
>>>>>    <http://owaspsummit.org/Working-Sessions/Project-Summit/> - last
>>>>>    but not least, here are all the 31x Working Sessions directly related to an
>>>>>    Owasp Project. I'm sure you will agree that it is a pretty impressive list
>>>>>    of Owasp Projects (with most having the Project Leader participating)
>>>>> In terms of Working Sessions, at the moment we have 122 created (with
>>>>> a good number more still on the works) and probably the most high profile
>>>>> ones will be the Owasp Top 10 related (Implications of Owasp Top 10
>>>>> 2017 <http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017>  and Data
>>>>> behind Owasp Top 10 2017
>>>>> <http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017/Data-behind-OWASP-Top-10-2017.html>)
>>>>> which given the fact that Dave Wichers
>>>>> <http://owaspsummit.org/Participants/Dave-Wichers.html> is attending,
>>>>> are bound to be quite 'interesting'.
>>>>> I believe most of you participated at one of the last Summits, but if
>>>>> you want a refresher or want to read the current plan, please see the Working
>>>>> Sessions - How
>>>>> <http://owaspsummit.org/website/working-sessions-how.html> page.
>>>>> As I hope you agree, we have an amazing opportunity here to really
>>>>> make a difference in the Application Security world in 2017, *what we
>>>>> need is some help from the Owasp mothership.*
>>>>> We have a pretty good Summit Organisation team (Seba, Francois and me)
>>>>> and 6 Summit Editors (sponsored Summit participants that are helping before
>>>>> the Summit), so please let us know how we can help you to help the Summit :)
>>>>> Thanks
>>>>> Dinis, Seba and Francois
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> --
>>> *Mark Miller, Senior Storyteller*
>>> *Editor/Moderator, DevOps Group on LinkedIn (32K members and growing)*
>>> *Host and Executive Producer, OWASP 24/7 Podcast Channel*
>>> *Community Advocate, Sonatype*
>>> *Developers and Application Security: Who is Responsible?*
>>> <https://www.surveymonkey.com/s/Developers_and_AppSec>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170516/f642f0ae/attachment-0001.html>

More information about the OWASP-Leaders mailing list