[Owasp-leaders] how can you help - support ? (Fwd: Help with OWASP Summit 2017 Outreach)

Dinis Cruz dinis.cruz at owasp.org
Sun May 21 02:44:25 UTC 2017

Tiffany, can we change it, so that the Owasp Summit is marked and
recognised as an Global Event?



On 16 May 2017 at 10:23, Magno Logan <magno.logan at owasp.org> wrote:

> Hi Tiffany,
> Forgive my ignorance but why isn't the OWASP Summit a Global Event instead
> of a Regional one? To my understanding it has all the features and
> qualifications to be a global conference and it will have people from all
> over world there, not just England or even Europe. What would take it to
> become a global event? Thanks!
> http://owaspsummit.org/website/participants.html
> Att / Best Regards,
> Magno Rodrigues, Security+
> OWASP São Paulo - Chapter Leader
> <https://www.owasp.org/index.php/Sao_Paulo>
> Twitter: @owaspsp <http://www.twitter.com/owaspsp> / @magnologan
> <http://www.twitter.com/magnologan>
> On Mon, May 15, 2017 at 5:16 AM, Tiffany Long <tiffany.long at owasp.org>
> wrote:
>> Hey All,
>> As a regional event, most of the support I will give you in is the form
>> of editing, hosting and sharing.  For instance, you are absolutely welcome
>> to write a blog post for the summit (the next regular slot is next Monday,
>> 10 am PST).  If you write a rough draft, I would be glad to read, edit it,
>> and offer suggestions for improvement, but I cannot allot time to originate
>> the content.  You have invitations to become blog authors waiting.
>> I will also set up auto retweet of your items again and available to
>> advise on anything you might need.
>> As a regional event, you should see a couple of tweets originating from
>> the OWASP twitter handle in the next week as all regional events get a
>> tweet planned a few weeks before their event.
>> Regional events get significantly less material support than global
>> events--from my side this is more a factor of time than of the financial
>> split. Below I will address the rest of your points in order:
>> *OWASP LinkedIn: * As a member of the OWASP Linked in group you are
>> allowed to post in the group. Many events post the blogs from their event
>> sites there.  Once a month we can release a single item as a post,
>> discussion, and email to all of our members.  When this is not used for
>> global events or major announcements, I give it to regional events or write
>> a post discussing upcoming events.  If Laura does not need it, you can use
>> it.  It can go out at anytime this month.  All you need to do is write the
>> content and let me know you wish to do it.
>> *Connector:*  Once again, nothing was submitted for the connector.  If
>> you would like to submit something, please do so.  I suggest writing a blog
>> post as that will be included in the connector as well.
>> *Conferences and Chapters: *As a regional event you have access to the
>> Leader's List and can absolutely ask chapter leaders to promote the event.
>> I suggest including a slide promoting the event so they can easily promote
>> it in their meetings, or giving a sample email/script for them to send to
>> their lists.  Making it easy for chapter leaders to share your information
>> is the best way to get them to do so.
>> We promoted the event at the conference via handouts.
>> *Leader's List: *Once again, as a regional event, our role is much more
>> advisory than hands on.  Without a specific request, I don't promote
>> anything on the leader's list, other regional event runners are treated
>> exactly the same.  If for example, you said "Hey Tiffany, we need help
>> getting people to apply for the CFP!"  I would give you a repeatable plan
>> of action for promoting the CFP and then maybe toss off an email to the
>> Leader's list about that specific item. Do you have a specific need that
>> you would like me to help promote? Otherwise there is simply no clear
>> message I can send.
>> *Owasp global distribution list:  *I would be glad to send a message
>> from here.  Once again, provide me with a first draft and I will help you
>> write it.  Remember, I am not part of the planning committee.  I do not
>> know what is important or exciting or needed.  I can help you shape the
>> message, and after a conversation help you plan the message, but you will
>> have to do the leg work for this.
>> *OWASP Home Page:* There is no advertising of any event on the home
>> page.  Hopefully this will change with the website reboot, but until it
>> does, the page is so over worked that any additions will simply be lost.
>> *Press Release:* I would be glad to help write and release a press
>> release.  the cost ranges from $300 to a few thousand depending on where
>> you want it to go.  We can discuss this if you are still interested.
>> If you would like a call to discuss your needs, I will be back in the
>> states on Wednesday.
>> Best,
>> Tiffany
>> Tiffany Long
>> Community Manager
>> On Mon, May 15, 2017 at 12:17 AM, Dinis Cruz <dinis.cruz at owasp.org>
>> wrote:
>>> Thanks Mark,
>>> I just added it as blog entry at http://owaspsummit.org/2017
>>> /05/15/Seba-on-Owasp-Podcast.html
>>> Dinis
>>> On 14 May 2017 at 23:40, Mark Miller <mark.miller at owasp.org> wrote:
>>>> If you'd like to hear more about the Summit, Seba and I go together at
>>>> AppSec EU 2017 Belfast and recorded a short update.
>>>> https://soundcloud.com/owasp-podcast/less-than-10-minutes-se
>>>> ries-owasp-summit-2017
>>>> Mark
>>>> On Mon, May 8, 2017 at 1:34 AM, Seba <seba at owasp.org> wrote:
>>>>> Hi fellow-leaders,
>>>>> Check out our request below to the board & staff. We hope to have your
>>>>> support on this!
>>>>> A couple of ways you can help us:
>>>>> 1) support our request for funding towards your favourite board
>>>>> member(s)!
>>>>> 2) if you have budget available (see https://www.owasp.org/index.ph
>>>>> p/Donation_Scoreboard chapters - $882,638, projects $114,126): please
>>>>> sponsor your surplus budget to the summit? We expect the outcome of the
>>>>> summit to be fantastically useful for all chapter and owasp projects
>>>>> worldwide.
>>>>> 3) join us at the summit! http://owaspsummit.org
>>>>> /website/buy-ticket.html
>>>>> kind regards,
>>>>> Seba, Dinis, Francois
>>>>> ---------- Forwarded message ---------
>>>>> From: Seba <seba at owasp.org>
>>>>> Date: Mon, May 8, 2017 at 7:24 AM
>>>>> Subject: Re: Help with OWASP Summit 2017 Outreach
>>>>> To: Dinis Cruz <dinis.cruz at owasp.org>, Matt Tesauro <
>>>>> matt.tesauro at owasp.org>, johanna curiel curiel <
>>>>> johanna.curiel at owasp.org>, Claudia Casanovas <
>>>>> Claudia.Aviles-Casanovas at owasp.org>, Tom Brennan <tomb at owasp.org>,
>>>>> Matt Konda <matt.konda at owasp.org>, vanderaj vanderaj <
>>>>> vanderaj at owasp.org>, Josh Sokol <josh.sokol at owasp.org>, Michael
>>>>> Coates <michael.coates at owasp.org>, Tobias Gondrom <
>>>>> tobias.gondrom at owasp.org>, Kate Hartmann <kate.hartmann at owasp.org>,
>>>>> Tiffany Long <tiffany.long at owasp.org>, Laura Grau <
>>>>> laura.grau at owasp.org>, Kelly Santalucia <kelly.santalucia at owasp.org>,
>>>>> alison.shrader at owasp.org <alison.shrader at owasp.org>, Dawn Aitken <
>>>>> dawn.aitken at owasp.org>, Hugo Costa <hugo.costa at owasp.org>,
>>>>> owasp-board at owasp.org <owasp-board at owasp.org>, OWASP Foundation Board
>>>>> List <owasp-board at lists.owasp.org>
>>>>> Cc: Francois <francois at devseccon.com>
>>>>> Hi Owasp Board and Owasp Employees,
>>>>> One way to help us, is with financial and operational support.
>>>>> The OWASP Summit is getting great traction:
>>>>>    - 70+ confirmed participants
>>>>>    - 105 Working sessions planned
>>>>> For more details, see the email from Dinis below.
>>>>> We started the OWASP Summit last year and so far, have run the summit
>>>>> on a shoestring budget.
>>>>> We used the 150K USD seed fund from the board to reserve the lodges
>>>>> and conference rooms of the venue.
>>>>> With the currently confirmed sponsors, participants and the
>>>>> registrations in the pipeline, we are confident that we will break even on
>>>>> the venue and the catering.
>>>>> This means we will be able to return the seed fund, which is great
>>>>> news.
>>>>> However, *we need extra funding:*
>>>>> 1) The first funding we need is to get the amazing OWASP leaders and
>>>>> contributors that need support (flight+ticket) to the summit!
>>>>> Check out the list here http://owaspsummit.org/pa
>>>>> ges/for-editors/participants/need-funding.html
>>>>> In total we need about *33K USD to cover 17 people* to contribute to
>>>>> the success of the summit.
>>>>> 2) Everything we have done so far (Dinis, Francois, 6 summit editors
>>>>> and myself) has been done with our volunteer time.
>>>>> But for the summit to become a success, we need the support of a
>>>>> professional operations team with an operations budget.
>>>>> We currently estimate this *operations to cost about 50K USD*:
>>>>> - 10k for Tickets and flights for OWASP (or other operational) staff
>>>>> and/or participating Board Members
>>>>> - 20k for operational team expenses (before summit)
>>>>>    - venue accommodation for team that will go to the venue for the
>>>>> weekend before the Summit
>>>>>    - temp contractors to help with logistics and scheduling
>>>>>    - printing, signage and logistics
>>>>> -  20k for operational team expenses (during the Summit)
>>>>>    - venue accommodation for operational team (during summit)
>>>>>    - temp contractors to help with logistics and scheduling
>>>>>    - extra internet connection
>>>>>    - other misc expenses
>>>>> As we stand today these costs are *‘critical’ for the Summit success.*
>>>>> Of course we will try to cover these costs and reach a profit (and we
>>>>> are going on the right direction), but *at the moment we do not have
>>>>> that budget.*
>>>>> *So in total we need about 85K USD to get extra people to the summit
>>>>> and have a professional operations team in place.*
>>>>> One option (for the board) is for you to *allow us to use the 150k as
>>>>> a buffer (knowing that we might need to use it).*
>>>>> That should be seen as an ‘investment’ for OWASP, not a cost (after
>>>>> all that is why owasp should make money)
>>>>> Another option is to budget for 85K USD for the summit as separate
>>>>> investment from the OWASP foundation in the summit.
>>>>> Thanks for considering this request (I have scheduled this as new
>>>>> business for the upcoming board meeting tomorrow).
>>>>> If you are in Belfast, we can discuss face to face.
>>>>> Otherwise, happy to discuss by email or to schedule call(s).
>>>>> Kind regards,
>>>>> Seba, Dinis, Francois.
>>>>> On Sun, May 7, 2017 at 8:26 PM Dinis Cruz <dinis.cruz at owasp.org>
>>>>> wrote:
>>>>>> Hi Owasp Board and Owasp Employees, I would like to ask for some help
>>>>>> in promoting the Owasp Summit 2017 <http://owaspsummit.org/>.
>>>>>> We are now in the critical phase of the Summit where we have reached
>>>>>> critical mass and really could do with some extra help from the Owasp
>>>>>> mothership (after all this is an Owasp event to/for the Owasp community)
>>>>>> Here are the areas where you could help
>>>>>>    - *Owasp Twitter <https://twitter.com/Owasp> *- with 78.5k
>>>>>>    followers the retweet of important milestones or Tweets about the Summit
>>>>>>    would reach quite a wide audience (note that in 2017 there has only been
>>>>>>    one (1) tweet about the Owasp Summit, and that was a retweet of one of
>>>>>>    Tom's tweet)
>>>>>>    - *Owasp Blog <https://owasp.blogspot.co.uk/>* - I don't know how
>>>>>>    many subscribers, but I'm sure it's reach is quite wide. Note that as far
>>>>>>    as I can tell there has been no blog post about the Summit
>>>>>>    - *Owasp LinkedIn
>>>>>>    <https://www.linkedin.com/company-beta/250673/> *- with 19k
>>>>>>    followers, this would also be a great way to reach potential Summit
>>>>>>    Attendees
>>>>>>    - *Owasp monthly newsletter - *The last Owasp Connector
>>>>>>    <https://owasp.blogspot.co.uk/2017/04/April2017Connector.html> only
>>>>>>    has one link to the Owasp Summit 2017, with a large feature being allocated
>>>>>>    to the Project Summit and Developer Summit happing at AppSec EU. Note that
>>>>>>    I'm not saying we shouldn't be promoting those activities (at AppSec EU),
>>>>>>    but as you can see by the number of Working Sessions
>>>>>>    <http://owaspsummit.org/website/working-sessions.html> and
>>>>>>    Participants <http://owaspsummit.org/website/participants.html>,
>>>>>>    the Owasp Summit 2017 will be a much bigger event
>>>>>>    - *Owasp Conferences and Chapters - *With the high number of
>>>>>>    events that Owasp will organise or be involved between now and the Summit,
>>>>>>    it would be great if the Owasp mothership asked these events to promote the
>>>>>>    Summit
>>>>>>    - *Owasp Leaders list* - This is the list that reaches our
>>>>>>    trusted leaders and it would make a massive difference if there were a
>>>>>>    couple posts from the Owasp Board or Employees about the Summit (as far as
>>>>>>    I can tell most, if not all, Owasp Summit 2017 related posts have been
>>>>>>    started by me or Seba, with Tom being the exception on his help on trying
>>>>>>    to get the chapters/projects to sponsor the Summit)
>>>>>>    - *Owasp global distribution list - *Yes I know that this needs
>>>>>>    to be used very carefully, but its outreach is massive and the Summit is
>>>>>>    exactly the kind of event that we should be making out global community
>>>>>>    aware of
>>>>>>    - *Owasp Home page* - There are no links (or mentions) in the
>>>>>>    home page about the Summit (I know that you need to be careful on which
>>>>>>    evens to expose there, but the Summit should be seen as an special event
>>>>>>    due to the amount of work that will be done and amount of collaboration
>>>>>>    that will occur)
>>>>>>    - *Official Owasp Press Release *- This is another kind of
>>>>>>    activity where sending it from the OWASP mothership would do wonders to the
>>>>>>    Summit's promotion (ideally with some quotes from OWASP Board and other
>>>>>>    high profile Summit Participants, like Neil from Capital One
>>>>>>    <http://owaspsummit.org/Participants/ticket-24h-sponsor/Neil-Barlow.html>
>>>>>>    )
>>>>>> Note that at the moment there is $0 USD direct support from the Owasp
>>>>>> Mothership to the Summit. What we currently have is:
>>>>>>    - $6,000 from Project outreach funds (where each participant
>>>>>> applied directly to Owasp)
>>>>>>    - $150k buffer that were used to book the venue, only on the
>>>>>> condition that all amount was recovered with tickets and sponsorships (i.e.
>>>>>> we can't use those funds to cover any operational expenses or to fund
>>>>>> participants that still need funding to attend
>>>>>> <http://owaspsummit.org/pages/for-editors/participants/need-funding.html> the
>>>>>> Summit). Thanks Andrew, Johanna and Matt for making this happen, it helped
>>>>>> us to secure the venue.
>>>>>> *About the Summit:*
>>>>>> The Summit has massive amounts of energy at the moment and it is a
>>>>>> really good story for OWASP.
>>>>>> This is the kind of event that only Owasp can create and the fact
>>>>>> that we have already so many participants (in a pure grass-roots effort) is
>>>>>> a good testament to the power and trust that the community has in Owasp
>>>>>> In terms of the current Owasp Summit 2017 content, you probably have
>>>>>> not had the time to catch up with the latest changes (after all they are
>>>>>> happening very fast these days :)  ), so here is a quick overview of the
>>>>>> Working Sessions we have planned.
>>>>>> Due to the number of Working Sessions planned (122 at last count), we
>>>>>> are organising them in (12) Tracks:
>>>>>>    - *Threat Modeling
>>>>>>    <http://owaspsummit.org/Working-Sessions/Threat-Model/>* - This
>>>>>>    is one of the strongest tracks. If you look at the 'Threat Model' talent
>>>>>>    that will be there (Adam S, Tony UV, Stephen V,  and others...), you can
>>>>>>    see that we really *have most of the core Threat Modeling talent
>>>>>>    in the world coming to the Summit!* If there is one hard-core
>>>>>>    AppSec topic that we should be promoting about the Summit, we should be
>>>>>>    talking about the fact that we will be making a big difference in Threat
>>>>>>    Modeling (check out the Working Sessions topics)
>>>>>>    - *OwaspSAMM
>>>>>>    <http://owaspsummit.org/Working-Sessions/OwaspSAMM/> *- This is
>>>>>>    another track where we have the main contributors and users of this Owasp
>>>>>>    project participating at the Summit (hopefully we will also have a good
>>>>>>    representation of companies that are already using this Maturity Model)
>>>>>>    - *DevSecOps* <http://owaspsummit.org/Working-Sessions/DevSecOps/> -
>>>>>>    This track is the one that has been generating quite a lot of buzz on the
>>>>>>    people we talk to, since it is addressing real pain points and problems
>>>>>>    that companies have today
>>>>>>    - *Education* <http://owaspsummit.org/Working-Sessions/Education/> -
>>>>>>    Always strong in OWASP, this Track ranges from University master degree to
>>>>>>    how to create the next generation of AppSec professionals
>>>>>>    - *Mobile Security*
>>>>>>    <http://owaspsummit.org/Working-Sessions/Mobile-Security/> -
>>>>>>    Another track where the key Owasp leaders of Mobile related Owasp projects
>>>>>>    are participating
>>>>>>    - *CISO* <http://owaspsummit.org/Working-Sessions/CISO/> - This
>>>>>>    track has started slow, but is now really reaching a wide audience of CISOs
>>>>>>    and covering a wide range of CISO related topics
>>>>>>    - *Research* <http://owaspsummit.org/Working-Sessions/Research/> -
>>>>>>    This is a recently added track, but is already covering really important
>>>>>>    and interesting research topics (it's important to also look at the future
>>>>>>    and work on the next generation of Application Security)
>>>>>>    - *Agile AppSec
>>>>>>    <http://owaspsummit.org/Working-Sessions/Agile-AppSec/> *- This
>>>>>>    is a Track driven by a couple participants that really care about Agile and
>>>>>>    want to find better ways to integrate it with AppSec practices
>>>>>>    - *Security Crowdsourcing*
>>>>>>    <http://owaspsummit.org/Working-Sessions/Security-Crowdsourcing/>
>>>>>>    - This is a Track that is focused on scaling AppSec activities via internal
>>>>>>    and external crowdsourcing
>>>>>>    - *Tools* <http://owaspsummit.org/Working-Sessions/Tools/> -
>>>>>>    Track focused on specific tools or services
>>>>>>    - *Owasp <http://owaspsummit.org/Working-Sessions/Owasp/> *- As
>>>>>>    always, once the number of Owasp leaders per square meter goes up, there is
>>>>>>    always the opportunity to address important organisational and operational
>>>>>>    Owasp related issues
>>>>>>    - *Owasp Project's Summit*
>>>>>>    <http://owaspsummit.org/Working-Sessions/Project-Summit/> - last
>>>>>>    but not least, here are all the 31x Working Sessions directly related to an
>>>>>>    Owasp Project. I'm sure you will agree that it is a pretty impressive list
>>>>>>    of Owasp Projects (with most having the Project Leader participating)
>>>>>> In terms of Working Sessions, at the moment we have 122 created (with
>>>>>> a good number more still on the works) and probably the most high profile
>>>>>> ones will be the Owasp Top 10 related (Implications of Owasp Top 10
>>>>>> 2017 <http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017>
>>>>>>   and Data behind Owasp Top 10 2017
>>>>>> <http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017/Data-behind-OWASP-Top-10-2017.html>)
>>>>>> which given the fact that Dave Wichers
>>>>>> <http://owaspsummit.org/Participants/Dave-Wichers.html> is
>>>>>> attending, are bound to be quite 'interesting'.
>>>>>> I believe most of you participated at one of the last Summits, but if
>>>>>> you want a refresher or want to read the current plan, please see the Working
>>>>>> Sessions - How
>>>>>> <http://owaspsummit.org/website/working-sessions-how.html> page.
>>>>>> As I hope you agree, we have an amazing opportunity here to really
>>>>>> make a difference in the Application Security world in 2017, *what
>>>>>> we need is some help from the Owasp mothership.*
>>>>>> We have a pretty good Summit Organisation team (Seba, Francois and
>>>>>> me) and 6 Summit Editors (sponsored Summit participants that are helping
>>>>>> before the Summit), so please let us know how we can help you to help the
>>>>>> Summit :)
>>>>>> Thanks
>>>>>> Dinis, Seba and Francois
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> --
>>>> *Mark Miller, Senior Storyteller*
>>>> *Editor/Moderator, DevOps Group on LinkedIn (32K members and growing)*
>>>> *Host and Executive Producer, OWASP 24/7 Podcast Channel*
>>>> *Community Advocate, Sonatype*
>>>> *Developers and Application Security: Who is Responsible?*
>>>> <https://www.surveymonkey.com/s/Developers_and_AppSec>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170521/6825cc25/attachment-0001.html>

More information about the OWASP-Leaders mailing list