[Owasp-leaders] how can you help - support ? (Fwd: Help with OWASP Summit 2017 Outreach)

Andrew van der Stock vanderaj at owasp.org
Sun May 21 14:26:34 UTC 2017

Dinis, please talk to Laura (cc'd)

I don't think we've ever had an event change from regional to global
before, so this will be a first.

@Laura, please find out how this would impact them, and please let us know
if we can help.


On Sun, May 21, 2017 at 12:44 PM, Dinis Cruz <dinis.cruz at owasp.org> wrote:

> Tiffany, can we change it, so that the Owasp Summit is marked and
> recognised as an Global Event?
> Thanks
> Dinis
> On 16 May 2017 at 10:23, Magno Logan <magno.logan at owasp.org> wrote:
>> Hi Tiffany,
>> Forgive my ignorance but why isn't the OWASP Summit a Global Event
>> instead of a Regional one? To my understanding it has all the features and
>> qualifications to be a global conference and it will have people from all
>> over world there, not just England or even Europe. What would take it to
>> become a global event? Thanks!
>> http://owaspsummit.org/website/participants.html
>> Att / Best Regards,
>> Magno Rodrigues, Security+
>> OWASP São Paulo - Chapter Leader
>> <https://www.owasp.org/index.php/Sao_Paulo>
>> Twitter: @owaspsp <http://www.twitter.com/owaspsp> / @magnologan
>> <http://www.twitter.com/magnologan>
>> On Mon, May 15, 2017 at 5:16 AM, Tiffany Long <tiffany.long at owasp.org>
>> wrote:
>>> Hey All,
>>> As a regional event, most of the support I will give you in is the form
>>> of editing, hosting and sharing.  For instance, you are absolutely welcome
>>> to write a blog post for the summit (the next regular slot is next Monday,
>>> 10 am PST).  If you write a rough draft, I would be glad to read, edit it,
>>> and offer suggestions for improvement, but I cannot allot time to originate
>>> the content.  You have invitations to become blog authors waiting.
>>> I will also set up auto retweet of your items again and available to
>>> advise on anything you might need.
>>> As a regional event, you should see a couple of tweets originating from
>>> the OWASP twitter handle in the next week as all regional events get a
>>> tweet planned a few weeks before their event.
>>> Regional events get significantly less material support than global
>>> events--from my side this is more a factor of time than of the financial
>>> split. Below I will address the rest of your points in order:
>>> *OWASP LinkedIn: * As a member of the OWASP Linked in group you are
>>> allowed to post in the group. Many events post the blogs from their event
>>> sites there.  Once a month we can release a single item as a post,
>>> discussion, and email to all of our members.  When this is not used for
>>> global events or major announcements, I give it to regional events or write
>>> a post discussing upcoming events.  If Laura does not need it, you can use
>>> it.  It can go out at anytime this month.  All you need to do is write the
>>> content and let me know you wish to do it.
>>> *Connector:*  Once again, nothing was submitted for the connector.  If
>>> you would like to submit something, please do so.  I suggest writing a blog
>>> post as that will be included in the connector as well.
>>> *Conferences and Chapters: *As a regional event you have access to the
>>> Leader's List and can absolutely ask chapter leaders to promote the event.
>>> I suggest including a slide promoting the event so they can easily promote
>>> it in their meetings, or giving a sample email/script for them to send to
>>> their lists.  Making it easy for chapter leaders to share your information
>>> is the best way to get them to do so.
>>> We promoted the event at the conference via handouts.
>>> *Leader's List: *Once again, as a regional event, our role is much more
>>> advisory than hands on.  Without a specific request, I don't promote
>>> anything on the leader's list, other regional event runners are treated
>>> exactly the same.  If for example, you said "Hey Tiffany, we need help
>>> getting people to apply for the CFP!"  I would give you a repeatable plan
>>> of action for promoting the CFP and then maybe toss off an email to the
>>> Leader's list about that specific item. Do you have a specific need that
>>> you would like me to help promote? Otherwise there is simply no clear
>>> message I can send.
>>> *Owasp global distribution list:  *I would be glad to send a message
>>> from here.  Once again, provide me with a first draft and I will help you
>>> write it.  Remember, I am not part of the planning committee.  I do not
>>> know what is important or exciting or needed.  I can help you shape the
>>> message, and after a conversation help you plan the message, but you will
>>> have to do the leg work for this.
>>> *OWASP Home Page:* There is no advertising of any event on the home
>>> page.  Hopefully this will change with the website reboot, but until it
>>> does, the page is so over worked that any additions will simply be lost.
>>> *Press Release:* I would be glad to help write and release a press
>>> release.  the cost ranges from $300 to a few thousand depending on where
>>> you want it to go.  We can discuss this if you are still interested.
>>> If you would like a call to discuss your needs, I will be back in the
>>> states on Wednesday.
>>> Best,
>>> Tiffany
>>> Tiffany Long
>>> Community Manager
>>> On Mon, May 15, 2017 at 12:17 AM, Dinis Cruz <dinis.cruz at owasp.org>
>>> wrote:
>>>> Thanks Mark,
>>>> I just added it as blog entry at http://owaspsummit.org/2017
>>>> /05/15/Seba-on-Owasp-Podcast.html
>>>> Dinis
>>>> On 14 May 2017 at 23:40, Mark Miller <mark.miller at owasp.org> wrote:
>>>>> If you'd like to hear more about the Summit, Seba and I go together at
>>>>> AppSec EU 2017 Belfast and recorded a short update.
>>>>> https://soundcloud.com/owasp-podcast/less-than-10-minutes-se
>>>>> ries-owasp-summit-2017
>>>>> Mark
>>>>> On Mon, May 8, 2017 at 1:34 AM, Seba <seba at owasp.org> wrote:
>>>>>> Hi fellow-leaders,
>>>>>> Check out our request below to the board & staff. We hope to have
>>>>>> your support on this!
>>>>>> A couple of ways you can help us:
>>>>>> 1) support our request for funding towards your favourite board
>>>>>> member(s)!
>>>>>> 2) if you have budget available (see https://www.owasp.org/index.ph
>>>>>> p/Donation_Scoreboard chapters - $882,638, projects $114,126):
>>>>>> please sponsor your surplus budget to the summit? We expect the outcome of
>>>>>> the summit to be fantastically useful for all chapter and owasp projects
>>>>>> worldwide.
>>>>>> 3) join us at the summit! http://owaspsummit.org
>>>>>> /website/buy-ticket.html
>>>>>> kind regards,
>>>>>> Seba, Dinis, Francois
>>>>>> ---------- Forwarded message ---------
>>>>>> From: Seba <seba at owasp.org>
>>>>>> Date: Mon, May 8, 2017 at 7:24 AM
>>>>>> Subject: Re: Help with OWASP Summit 2017 Outreach
>>>>>> To: Dinis Cruz <dinis.cruz at owasp.org>, Matt Tesauro <
>>>>>> matt.tesauro at owasp.org>, johanna curiel curiel <
>>>>>> johanna.curiel at owasp.org>, Claudia Casanovas <
>>>>>> Claudia.Aviles-Casanovas at owasp.org>, Tom Brennan <tomb at owasp.org>,
>>>>>> Matt Konda <matt.konda at owasp.org>, vanderaj vanderaj <
>>>>>> vanderaj at owasp.org>, Josh Sokol <josh.sokol at owasp.org>, Michael
>>>>>> Coates <michael.coates at owasp.org>, Tobias Gondrom <
>>>>>> tobias.gondrom at owasp.org>, Kate Hartmann <kate.hartmann at owasp.org>,
>>>>>> Tiffany Long <tiffany.long at owasp.org>, Laura Grau <
>>>>>> laura.grau at owasp.org>, Kelly Santalucia <kelly.santalucia at owasp.org>,
>>>>>> alison.shrader at owasp.org <alison.shrader at owasp.org>, Dawn Aitken <
>>>>>> dawn.aitken at owasp.org>, Hugo Costa <hugo.costa at owasp.org>,
>>>>>> owasp-board at owasp.org <owasp-board at owasp.org>, OWASP Foundation
>>>>>> Board List <owasp-board at lists.owasp.org>
>>>>>> Cc: Francois <francois at devseccon.com>
>>>>>> Hi Owasp Board and Owasp Employees,
>>>>>> One way to help us, is with financial and operational support.
>>>>>> The OWASP Summit is getting great traction:
>>>>>>    - 70+ confirmed participants
>>>>>>    - 105 Working sessions planned
>>>>>> For more details, see the email from Dinis below.
>>>>>> We started the OWASP Summit last year and so far, have run the summit
>>>>>> on a shoestring budget.
>>>>>> We used the 150K USD seed fund from the board to reserve the lodges
>>>>>> and conference rooms of the venue.
>>>>>> With the currently confirmed sponsors, participants and the
>>>>>> registrations in the pipeline, we are confident that we will break even on
>>>>>> the venue and the catering.
>>>>>> This means we will be able to return the seed fund, which is great
>>>>>> news.
>>>>>> However, *we need extra funding:*
>>>>>> 1) The first funding we need is to get the amazing OWASP leaders and
>>>>>> contributors that need support (flight+ticket) to the summit!
>>>>>> Check out the list here http://owaspsummit.org/pa
>>>>>> ges/for-editors/participants/need-funding.html
>>>>>> In total we need about *33K USD to cover 17 people* to contribute to
>>>>>> the success of the summit.
>>>>>> 2) Everything we have done so far (Dinis, Francois, 6 summit editors
>>>>>> and myself) has been done with our volunteer time.
>>>>>> But for the summit to become a success, we need the support of a
>>>>>> professional operations team with an operations budget.
>>>>>> We currently estimate this *operations to cost about 50K USD*:
>>>>>> - 10k for Tickets and flights for OWASP (or other operational) staff
>>>>>> and/or participating Board Members
>>>>>> - 20k for operational team expenses (before summit)
>>>>>>    - venue accommodation for team that will go to the venue for the
>>>>>> weekend before the Summit
>>>>>>    - temp contractors to help with logistics and scheduling
>>>>>>    - printing, signage and logistics
>>>>>> -  20k for operational team expenses (during the Summit)
>>>>>>    - venue accommodation for operational team (during summit)
>>>>>>    - temp contractors to help with logistics and scheduling
>>>>>>    - extra internet connection
>>>>>>    - other misc expenses
>>>>>> As we stand today these costs are *‘critical’ for the Summit
>>>>>> success.*
>>>>>> Of course we will try to cover these costs and reach a profit (and we
>>>>>> are going on the right direction), but *at the moment we do not have
>>>>>> that budget.*
>>>>>> *So in total we need about 85K USD to get extra people to the summit
>>>>>> and have a professional operations team in place.*
>>>>>> One option (for the board) is for you to *allow us to use the 150k
>>>>>> as a buffer (knowing that we might need to use it).*
>>>>>> That should be seen as an ‘investment’ for OWASP, not a cost (after
>>>>>> all that is why owasp should make money)
>>>>>> Another option is to budget for 85K USD for the summit as separate
>>>>>> investment from the OWASP foundation in the summit.
>>>>>> Thanks for considering this request (I have scheduled this as new
>>>>>> business for the upcoming board meeting tomorrow).
>>>>>> If you are in Belfast, we can discuss face to face.
>>>>>> Otherwise, happy to discuss by email or to schedule call(s).
>>>>>> Kind regards,
>>>>>> Seba, Dinis, Francois.
>>>>>> On Sun, May 7, 2017 at 8:26 PM Dinis Cruz <dinis.cruz at owasp.org>
>>>>>> wrote:
>>>>>>> Hi Owasp Board and Owasp Employees, I would like to ask for some
>>>>>>> help in promoting the Owasp Summit 2017 <http://owaspsummit.org/>.
>>>>>>> We are now in the critical phase of the Summit where we have reached
>>>>>>> critical mass and really could do with some extra help from the Owasp
>>>>>>> mothership (after all this is an Owasp event to/for the Owasp community)
>>>>>>> Here are the areas where you could help
>>>>>>>    - *Owasp Twitter <https://twitter.com/Owasp> *- with 78.5k
>>>>>>>    followers the retweet of important milestones or Tweets about the Summit
>>>>>>>    would reach quite a wide audience (note that in 2017 there has only been
>>>>>>>    one (1) tweet about the Owasp Summit, and that was a retweet of one of
>>>>>>>    Tom's tweet)
>>>>>>>    - *Owasp Blog <https://owasp.blogspot.co.uk/>* - I don't know
>>>>>>>    how many subscribers, but I'm sure it's reach is quite wide. Note that as
>>>>>>>    far as I can tell there has been no blog post about the Summit
>>>>>>>    - *Owasp LinkedIn
>>>>>>>    <https://www.linkedin.com/company-beta/250673/> *- with 19k
>>>>>>>    followers, this would also be a great way to reach potential Summit
>>>>>>>    Attendees
>>>>>>>    - *Owasp monthly newsletter - *The last Owasp Connector
>>>>>>>    <https://owasp.blogspot.co.uk/2017/04/April2017Connector.html> only
>>>>>>>    has one link to the Owasp Summit 2017, with a large feature being allocated
>>>>>>>    to the Project Summit and Developer Summit happing at AppSec EU. Note that
>>>>>>>    I'm not saying we shouldn't be promoting those activities (at AppSec EU),
>>>>>>>    but as you can see by the number of Working Sessions
>>>>>>>    <http://owaspsummit.org/website/working-sessions.html> and
>>>>>>>    Participants <http://owaspsummit.org/website/participants.html>,
>>>>>>>    the Owasp Summit 2017 will be a much bigger event
>>>>>>>    - *Owasp Conferences and Chapters - *With the high number of
>>>>>>>    events that Owasp will organise or be involved between now and the Summit,
>>>>>>>    it would be great if the Owasp mothership asked these events to promote the
>>>>>>>    Summit
>>>>>>>    - *Owasp Leaders list* - This is the list that reaches our
>>>>>>>    trusted leaders and it would make a massive difference if there were a
>>>>>>>    couple posts from the Owasp Board or Employees about the Summit (as far as
>>>>>>>    I can tell most, if not all, Owasp Summit 2017 related posts have been
>>>>>>>    started by me or Seba, with Tom being the exception on his help on trying
>>>>>>>    to get the chapters/projects to sponsor the Summit)
>>>>>>>    - *Owasp global distribution list - *Yes I know that this needs
>>>>>>>    to be used very carefully, but its outreach is massive and the Summit is
>>>>>>>    exactly the kind of event that we should be making out global community
>>>>>>>    aware of
>>>>>>>    - *Owasp Home page* - There are no links (or mentions) in the
>>>>>>>    home page about the Summit (I know that you need to be careful on which
>>>>>>>    evens to expose there, but the Summit should be seen as an special event
>>>>>>>    due to the amount of work that will be done and amount of collaboration
>>>>>>>    that will occur)
>>>>>>>    - *Official Owasp Press Release *- This is another kind of
>>>>>>>    activity where sending it from the OWASP mothership would do wonders to the
>>>>>>>    Summit's promotion (ideally with some quotes from OWASP Board and other
>>>>>>>    high profile Summit Participants, like Neil from Capital One
>>>>>>>    <http://owaspsummit.org/Participants/ticket-24h-sponsor/Neil-Barlow.html>
>>>>>>>    )
>>>>>>> Note that at the moment there is $0 USD direct support from the
>>>>>>> Owasp Mothership to the Summit. What we currently have is:
>>>>>>>    - $6,000 from Project outreach funds (where each participant
>>>>>>> applied directly to Owasp)
>>>>>>>    - $150k buffer that were used to book the venue, only on the
>>>>>>> condition that all amount was recovered with tickets and sponsorships (i.e.
>>>>>>> we can't use those funds to cover any operational expenses or to fund
>>>>>>> participants that still need funding to attend
>>>>>>> <http://owaspsummit.org/pages/for-editors/participants/need-funding.html> the
>>>>>>> Summit). Thanks Andrew, Johanna and Matt for making this happen, it helped
>>>>>>> us to secure the venue.
>>>>>>> *About the Summit:*
>>>>>>> The Summit has massive amounts of energy at the moment and it is a
>>>>>>> really good story for OWASP.
>>>>>>> This is the kind of event that only Owasp can create and the fact
>>>>>>> that we have already so many participants (in a pure grass-roots effort) is
>>>>>>> a good testament to the power and trust that the community has in Owasp
>>>>>>> In terms of the current Owasp Summit 2017 content, you probably have
>>>>>>> not had the time to catch up with the latest changes (after all they are
>>>>>>> happening very fast these days :)  ), so here is a quick overview of the
>>>>>>> Working Sessions we have planned.
>>>>>>> Due to the number of Working Sessions planned (122 at last count),
>>>>>>> we are organising them in (12) Tracks:
>>>>>>>    - *Threat Modeling
>>>>>>>    <http://owaspsummit.org/Working-Sessions/Threat-Model/>* - This
>>>>>>>    is one of the strongest tracks. If you look at the 'Threat Model' talent
>>>>>>>    that will be there (Adam S, Tony UV, Stephen V,  and others...), you can
>>>>>>>    see that we really *have most of the core Threat Modeling talent
>>>>>>>    in the world coming to the Summit!* If there is one hard-core
>>>>>>>    AppSec topic that we should be promoting about the Summit, we should be
>>>>>>>    talking about the fact that we will be making a big difference in Threat
>>>>>>>    Modeling (check out the Working Sessions topics)
>>>>>>>    - *OwaspSAMM
>>>>>>>    <http://owaspsummit.org/Working-Sessions/OwaspSAMM/> *- This is
>>>>>>>    another track where we have the main contributors and users of this Owasp
>>>>>>>    project participating at the Summit (hopefully we will also have a good
>>>>>>>    representation of companies that are already using this Maturity Model)
>>>>>>>    - *DevSecOps*
>>>>>>>    <http://owaspsummit.org/Working-Sessions/DevSecOps/> - This
>>>>>>>    track is the one that has been generating quite a lot of buzz on the people
>>>>>>>    we talk to, since it is addressing real pain points and problems that
>>>>>>>    companies have today
>>>>>>>    - *Education*
>>>>>>>    <http://owaspsummit.org/Working-Sessions/Education/> - Always
>>>>>>>    strong in OWASP, this Track ranges from University master degree to how to
>>>>>>>    create the next generation of AppSec professionals
>>>>>>>    - *Mobile Security*
>>>>>>>    <http://owaspsummit.org/Working-Sessions/Mobile-Security/> -
>>>>>>>    Another track where the key Owasp leaders of Mobile related Owasp projects
>>>>>>>    are participating
>>>>>>>    - *CISO* <http://owaspsummit.org/Working-Sessions/CISO/> - This
>>>>>>>    track has started slow, but is now really reaching a wide audience of CISOs
>>>>>>>    and covering a wide range of CISO related topics
>>>>>>>    - *Research* <http://owaspsummit.org/Working-Sessions/Research/> -
>>>>>>>    This is a recently added track, but is already covering really important
>>>>>>>    and interesting research topics (it's important to also look at the future
>>>>>>>    and work on the next generation of Application Security)
>>>>>>>    - *Agile AppSec
>>>>>>>    <http://owaspsummit.org/Working-Sessions/Agile-AppSec/> *- This
>>>>>>>    is a Track driven by a couple participants that really care about Agile and
>>>>>>>    want to find better ways to integrate it with AppSec practices
>>>>>>>    - *Security Crowdsourcing*
>>>>>>>    <http://owaspsummit.org/Working-Sessions/Security-Crowdsourcing/>
>>>>>>>    - This is a Track that is focused on scaling AppSec activities via internal
>>>>>>>    and external crowdsourcing
>>>>>>>    - *Tools* <http://owaspsummit.org/Working-Sessions/Tools/> -
>>>>>>>    Track focused on specific tools or services
>>>>>>>    - *Owasp <http://owaspsummit.org/Working-Sessions/Owasp/> *- As
>>>>>>>    always, once the number of Owasp leaders per square meter goes up, there is
>>>>>>>    always the opportunity to address important organisational and operational
>>>>>>>    Owasp related issues
>>>>>>>    - *Owasp Project's Summit*
>>>>>>>    <http://owaspsummit.org/Working-Sessions/Project-Summit/> - last
>>>>>>>    but not least, here are all the 31x Working Sessions directly related to an
>>>>>>>    Owasp Project. I'm sure you will agree that it is a pretty impressive list
>>>>>>>    of Owasp Projects (with most having the Project Leader participating)
>>>>>>> In terms of Working Sessions, at the moment we have 122 created
>>>>>>> (with a good number more still on the works) and probably the most high
>>>>>>> profile ones will be the Owasp Top 10 related (Implications of
>>>>>>> Owasp Top 10 2017
>>>>>>> <http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017>  and Data
>>>>>>> behind Owasp Top 10 2017
>>>>>>> <http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017/Data-behind-OWASP-Top-10-2017.html>)
>>>>>>> which given the fact that Dave Wichers
>>>>>>> <http://owaspsummit.org/Participants/Dave-Wichers.html> is
>>>>>>> attending, are bound to be quite 'interesting'.
>>>>>>> I believe most of you participated at one of the last Summits, but
>>>>>>> if you want a refresher or want to read the current plan, please see the Working
>>>>>>> Sessions - How
>>>>>>> <http://owaspsummit.org/website/working-sessions-how.html> page.
>>>>>>> As I hope you agree, we have an amazing opportunity here to really
>>>>>>> make a difference in the Application Security world in 2017, *what
>>>>>>> we need is some help from the Owasp mothership.*
>>>>>>> We have a pretty good Summit Organisation team (Seba, Francois and
>>>>>>> me) and 6 Summit Editors (sponsored Summit participants that are helping
>>>>>>> before the Summit), so please let us know how we can help you to help the
>>>>>>> Summit :)
>>>>>>> Thanks
>>>>>>> Dinis, Seba and Francois
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>> --
>>>>> *Mark Miller, Senior Storyteller*
>>>>> *Editor/Moderator, DevOps Group on LinkedIn (32K members and growing)*
>>>>> *Host and Executive Producer, OWASP 24/7 Podcast Channel*
>>>>> *Community Advocate, Sonatype*
>>>>> *Developers and Application Security: Who is Responsible?*
>>>>> <https://www.surveymonkey.com/s/Developers_and_AppSec>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170522/6982dfba/attachment-0001.html>

More information about the OWASP-Leaders mailing list