[Owasp-on-the-move] OWASP on the move

Ofer Shezaf OferS at Breach.com
Tue Oct 23 06:05:43 EDT 2007

No worries, I also shuffle between too many things (and a family...).
This 1st e-mail was easy for me as I listed things I already thought of
in recent months.

So, whenever you have the time.

~ Ofer

> -----Original Message-----
> From: Knobloch, Martin [mailto:martin.knobloch at sogeti.nl]
> Sent: Tuesday, October 23, 2007 8:49 AM
> To: Ofer Shezaf; owasp-on-the-move at lists.owasp.org
> Cc: seba at deleersnyder.eu; Dinis Cruz
> Subject: RE: OWASP on the move
> Ofer,
> You did a great job. Unfortunately I did not have time to look through
> it yet in details. Will do so a.s.a.p.!
> Also, I did not receive any feedback from Dave or Dinis yet.
> Of course, we also need to start the PR on the OotM project.
> Probably best thing to do next is to get the line of the policy on the
> wiki and mark them as 'work in progress'.
> To some how state, it's not complete to not give the impression when
> all
> requirements are fulfilled, the requester has a right to get
> sponsorship!
> Thanks for your effort.
> Cheers,
> Martin
> -----Oorspronkelijk bericht-----
> Van: Ofer Shezaf [mailto:OferS at Breach.com]
> Verzonden: maandag 22 oktober 2007 12:18
> Aan: owasp-on-the-move at lists.owasp.org
> CC: seba at deleersnyder.eu; Dinis Cruz; Knobloch, Martin
> Onderwerp: RE: OWASP on the move
> (Moving to the list. Tell me if it worked. For this e-mail I kept also
> personal e-mails, just in case)
> I think that it is a very good document describing the procedures (as
> the title implies), but we need a "project plan" paper. I tried to
> write
> down a few ideas I had. I know it is easy to make suggestion, but I am
> also willing to take upon myself tasks from creating a plan to writing
> the e-mails to mailing lists.
> Goals
> =====
> I have translated the "what is" section to goals:
> + Provide a valuable resource to chapters to enable them to extend
> their
> activity and get more people to come.
> + Enable an additional sponsorship opportunity at OWASP. Provide a
> bonus
> + to OWASP more active contributors.
> PR
> ==
> Currently OotM is a pretty well kept secret, mainly among the
> speakers who are more of a problem. In the speaker <-> chapter
> relationship, the suitor is the chapter, for which having someone
> from abroad speaking is easy, while (good) speakers who will travel
> a day to Idaho are harder to find.
> e-mails:
> 	+ Announce the project e-mail to major mailing lists (do we want
> also a PR? Might get some company to sponsor it as the 1st
> sponsorship).
> 	+ Monthly e-mails to leaders asking to list requirements
> (dates/subject if any).
> 	+ Periodical e-mail to leaders asking about ongoing
> opportunities ("if you are in the area, you can come" sort of thing).
> noticed that many chapters do not have predefined schedule and CfP
> process and a speaker can be an opportunity to arrange a meeting.
> 	+ Monthly to mailing lists (webasppsec, bugtraq) about the
> opportunities for the coming months.
> On the web we should present the information gathered, mainly the
> ongoing ones:
> 	+ List of presentations and speakers offering to travel.
> 	+ List of speaking opportunities.
> Contact marketing people in relevant companies about the opportunity.
> This is a key issue, and we need more ideas here.
> Sponsors
> ========
> Sponsorship package is very important to attract sponsors:
> + Logo on the specific meeting page, brochures if any and invitation
> e-mails.
> + Logo on OotM page if contributed more than X a year ($2000?)
> (requires
> + further thought) We send for them an e-mail to the event
> attendees or chapter's list, might be limited to a questionnaire. I'm
> trying to give sponsors some feel of "lead gen", which is the way to
> get
> marketing money, while not really giving them any names.
> + Designating their speaker. I'm bluffing here. I can't and won't stop
> companies from sending their speakers to OWASP meetings, I just want
> re-route it through the project.
> Criteria for selection
> ======================
> I think that we should plan for success from now and determine who
> the money. I suggest:
> + Chapters
> 	+ Past number of participates in chapter meetings - I think we
> should also set a threshold for this one (25?). Waste of time and
> to send a person to speak in front of 10 people. It is also an
> important
> criterion for a serious chapter leader.
> 	+ Larger & Longer events (full day vs. half day vs. evening as
> it usually ensures larger events).
> + Speakers:
> 	+ Past speaking engagements, preferably at OWASP events.
> 	+ Preferred presentation (see below).
> 	+ OWASP activity.
> 	+ Self (that is own companies) sponsorship.
> Approved Presentations
> ======================
> Preferred presentation would be presentations that we listed as such.
> Such a status ensures that:
> + The presentation is not commercial. Very important especially for
> commercially sponsored travel.
> + Is of quality.
> + Serves OWASP goals (for example, is about application security).
> Presentations do not have to be preferred to qualify but have
> precedence. the list of such presentations would also serve as a key
> element of the "OotM" project page.
> This can be based on the OWASP education page. The main difference is
> that it is a preso and a person, rather than just a preso. The list
> also
> have to be shorter with just highlights.
> ~ Ofer
> ----
> From: Sebastien Deleersnyder [mailto:seba at deleersnyder.eu]
> Sent: Thursday, October 18, 2007 8:53 PM
> To: Ofer Shezaf
> Cc: 'Knobloch, Martin'; 'Dinis Cruz'
> Subject: RE: OWASP on the move
> Ofer,
> Thank you very much for your kind offer.
> I absolutely agree that companies paying for their own speakers are a
> good way to spread webappsec knowledge and the OWASP 'message' We thus
> certainly welcome sponsors that want to pay for their own speakers, as
> long as this stays in line with the chapter policy rules.
> For you second suggestion: Martin Knobloch is the project leader. What
> I
> want to suggest is that you join our project team and that we take
> up together.
> See attached a first rules draft that we worked out on base of first
> experience together with Dave and Dinis. Your input is certainly
> appreciated.
> I propose that we use the project mailing list and/or keep each other
> in
> cc .
> One of the first actions is a post to the leaders list to promote the
> OotM project.
> Welcome!
> Kr,
> Seba
> ________________________________________
> From: Ofer Shezaf [mailto:OferS at Breach.com]
> Sent: woensdag 17 oktober 2007 14:36
> To: seba at deleersnyder.eu
> Subject: OWASP on the move
> Hi Seba,
> I gave some thought to the OWASP on the move project.
> I think (and know from my experience at Breach) that it is easier to
> make companies pay for their own people to travel, just than just
> sponsor the project. Even keeping to the non vendor pitch rule, it is
> win-win situation where we promote web app sec and the companies get
> recognized as thought leaders.
> Good examples are Brian Chess from Fortify and Jeremiah Grossman From
> WhiteHatSec who go around talking, paid by their companies. We also
> our share - between Ivan, muself and Ryan Barnett, we have spoken in
> Finland, Belgium, San Jose & Virginia, all paid by Breach.
> So
> 1st, I would like to post on the project's page on the offering side,
> something along this lines: we will come to speak, on such and such
> subjects (we have a nice list of presentations we give), sponsored by
> Breach, given a meeting of at least X (25? 40?) people.
> And 2nd, I would like to suggest, only if it is OK with you, to take
> this project of your hands, as you anyway do too many of them and work
> to have other companies do the same. We can add a step in which the
> presentations should be pre-approved for this project to prevent
> commercial abuse, as I do locally for my chapter. If you prefer to
> heading the project, I can just assist you in it.
> What do you think?
> ~ Ofer
> Ofer Shezaf
> ofers at breach.com, Phone:+972-9-9560036 #212, Cell: +972-54-4431119
> CTO, Breach Security; Chair, OWASP Israel; Leader, ModSecurity Core
> Rule
> Set Project
> Disclaimer:
> This message contains information that may be privileged or
> confidential and is the property of Sogeti Nederland B.V. or its Group
> members. It is intended only for the person to whom it is addressed.
> you are not the intended recipient, you are not authorized to read,
> print, retain, copy, disseminate, distribute, or use this message or
> any part thereof. If you receive this message in error, please notify
> the sender immediately and delete all copies of this message.

More information about the Owasp-on-the-move mailing list