Monday 8 May 2017

FAQ on attendees count, working session format and how to contribute (as a vendor)

(email sent to all Owasp Summit participants)

Hi Summit Participants, please see below an email sent today in response to a couple questions we received from one of the companies in the Security Crowdsourcing space. See if you can guess which one :)

I'm sure some of you have similar questions, specially around the participation by vendors of security products/services in the Summit's Working Sessions

Btw, if you have questions that you think we have not provided good answers for, please reach out, and we will do our best to answer them

I think the Summit is great opportunity to really explore the power of crowdsourcing security, in an environment where the key players are in the same location and are collaborating together (i.e. companies who need the service, current clients of crowdsourcing, crowdsourcing service providers, security professionals, researchers, etc..)

Thanks for your questions, which I will try to answer next:

> How many attendees do you expect?

At the moment I'm not 100% sure. I would say between 180 and 350 (the venue can scale up to 500), with a lot depending on how many companies or security/developer teams we are able to get on board over the next couple weeks (these official endorsements will will bring a significant number of 'I really need to be there' participants). 

Note that most participants are quite senior and knowledgeable,with the expectation being that they are going there to work and collaborate. This means that the 'talent per square meter' is really high (as you can see by the current list of Participants)

>  What would be the format for working sessions?

The working sessions format depends on the topic, number of active participants and number of registered participants. 

There is a longer explanation here but the core concept is that the working sessions will be organised in ways to maximise the participant's time and potential outcomes (we will be writing soon about the 'definition of done' for the Working Sessions).

Most Working Sessions will take a 'round table' format, where the key players for that particular topic (some will be direct competitors) collaborate openly, with the objective to solve (or evolve) a particular problem.

Take the Security Crowdsourcing track. Those Working Sessions represent real problems and real questions that currently many people in our industry have. 

What we need is to define (for each Working Session) is what can be achieved in 1h,2h or 3h hours of work by its participants. 

This is where the Working Sessions organisers have a really critical role, specially since we will be using an darwinian approach to which sessions will be hosted on the main conference centre (round table with 5 to 10 active participants and 50 to 100 'watchers'), which sessions will be hosted in the Lodges/Villas (round table with 5 to 10 active participants) and which sessions that will not be part of the official schedule.

For example I expect the Crowdsourcing Security Knowledge and Lessons learned from public bug bounties programmes Working Session to have quite a wide appeal and interest, where something like Cross Company Hackathons will have a much small audience (since that Working Session is really only relevant to companies that already have mature Application Security and Bug Bounties programmes)

There will also been some Working Sessions that will have completely different formats/schedules. For example the Hackathon Daily Sessions will happen every night, in a "lets hack together a number of companies/applications collaboratively" format. We did this at the last two Summits and is similar to what I help to setup and one of the recent AppSec USA conferences.

 >  If we wanted to contribute a working session would that be possible?

Of course it is possible! In fact the whole point of you going to the Summit is to contribute and participate :)

What is important is to make sure that you are not doing a 'covert sales pitch' for your product/service. The idea is that you are sharing your experiences and knowledge, of a particular domain that you are expert, and have real-world experience.

Owasp is really good at creating an good collaborative environment where vendors and competitors 'behave' really well, are able to keep their 'commercial interests' at the door, and be able to focus on the problem/challenges covered by a particular Working Session.

The Owasp Summit is an unique event where you will find competitors, clients, security professionals, students, government employees and researchers, all working together for an common goal. 

One of the other opportunities that you have at the Summit, is to bring together your own team (specially important if they are on different geographical locations or have never meet in person), and use it has a team-building exercise or 'company offsite'. Note that once you get 6x 24h tickets (at a cost of £6480) you get a Lodge/Villa which has two really good meeting room locations (that you can use as you please).

For example PhotoBox is taking 12 Participants to the Summit, and we're going to do a number of closed door sessions (i.e. PhotoBox only) focused on our strategy for the next 12 months.

Another option that we are organising with a couple other vendors, is the ability to do direct presentations of their product in their Lodge/Villa. This is actually ok since nobody is forced to go there, those sessions are not part of the 'official schedule', and the attendees know that it is a kinda of 'sales pitch'.

There are also a couple attendees that want to have some sessions under the chatham house rule, which again it is fine, since those will happen outside the main conference rooms and tracks. After all, the power of having participants 24h in the same location, and 10x Lodges/Villas really close to the venue with really good meeting facilities, is that we can be really creative in creating environments that suits the Participant's passions and focus.

In terms of sponsorship (see all details here), the 10k USD option is the one that will give you more visibility, since you could sponsor a specific track (like the Security Crowdsourcing )

Let me know if you have any further questions, 

Dinis Cruz