Sunday 7 May 2017

Help with OWASP Summit 2017 Outreach

(email I just sent to the owasp-leaders list)

Hi Owasp Leaders, I would like to ask you for some help in promoting the Owasp Summit 2017

We are now at phase of the Summit's journey, where we have reached critical mass, and really need your energy, collaboration and involvement.

About the Summit:

Owasp Summits are not a normal conference where attendees go to watch presentations. This is a highly collaborative environment made of Working Sessions, which are created by the participants around areas they are passionate about or have real-world problems they need solutions for. 

These Summits generate massive amounts of energy, and this one will be the Woodstock of AppSec in 2017

This is the kind of event that only Owasp can create, and the fact that we have already so many participants (in a pure grass-roots effort) is a good testament to the power and trust that the community and industry has in Owasp

In terms of the current Owasp Summit 2017 content, you probably have not had the time to catch up with the latest changes (after all they are happening very fast these days :)  ), so here is a quick overview of the Working Sessions we have planned.

Due to the number of Working Sessions planned (122 at last count), we are organising them in (12) Tracks:
  • Threat Modeling - This is one of the strongest tracks. If you look at the 'Threat Model' talent that will be there (Adam S, Tony UV, Stephen V,  and others...), you can see that we really have most of the core Threat Modeling talent in the world coming to the Summit! If there is one hard-core AppSec topic that we should be promoting about the Summit, we should be talking about the fact that we will be making a big difference in Threat Modeling (check out the Working Sessions topics)
  • OwaspSAMM - This is another track where we have the main contributors and users of this Owasp project participating at the Summit (hopefully we will also have a good representation of companies that are already using this Maturity Model) 
  • DevSecOps - This track is the one that has been generating quite a lot of buzz on the people we talk to, since it is addressing real pain points and problems that companies have today
  • Education - Always strong in OWASP, this Track ranges from University master degree to how to create the next generation of AppSec professionals
  • Mobile Security - Another track where the key Owasp leaders of Mobile related Owasp projects are participating
  • CISO - This track has started slow, but is now really reaching a wide audience of CISOs and covering a wide range of CISO related topics
  • Research - This is a recently added track, but is already covering really important and interesting research topics (it's important to also look at the future and work on the next generation of Application Security)
  • Agile AppSec - This is a Track driven by a couple participants that really care about Agile and want to find better ways to integrate it with AppSec practices
  • Security Crowdsourcing - This is a Track that is focused on scaling AppSec activities via internal and external crowdsourcing
  • Tools - Track focused on specific tools or services
  • Owasp - As always, once the number of Owasp leaders per square meter goes up, there is always the opportunity to address important organisational and operational Owasp related issues 
  • Owasp Project's Summit - last but not least, here are 31x Working Sessions directly related to an Owasp Project. I'm sure you will agree that it is a pretty impressive list of Owasp Projects (with most having the Project Leader participating)
In terms of Working Sessions, at the moment we have 122 created (with a good number more still on the works) and probably the most high profile ones will be the Owasp Top 10 related (Implications of Owasp Top 10 2017  and Data behind Owasp Top 10 2017) which given the fact that Dave Wichers is attending, they are bound to be quite 'interesting'.

To understand what is the current plan to organise the Working Sessions , please see the Working Sessions - How page.

As I hope you agree, we have an amazing opportunity to really make a difference in the Application Security world in 2017, what we need is some help from you, the Owasp community.

So how can you help?
  • Be a participant - as you can see by the Participant's and Working Sessions list, the Summit is going to be an amazing event, and the best way you can help is to be an Participant (if you need help with travel and ticket costs, please add your name to this list asap). Note that tickets start at £100 for the day ticket or £300 for one day with accommodation (5x days cost £400 for just the event or £1200 for event+dinner+accommodation)
  • Twitter - Follow @OwaspSummit and retweet the ones relevant to your followers. Write tweets about the Summit, ping your followers directly
  • Write articles or blog posts - share the Summit with your community and see if we can get some more media coverage
  • Contact possible participants - reach out to your community directly, and point them to specific tracks or Working Sessions they are interested in
  • Help to bring groups to the Summit - For example PhotoBox is going to bring 12 participants to the Summit (6 from the Security Team and 6 from development/operations) at a costs of £7,680 (with 20% discount for 10+ tickets)
FYI, we have also reached out the Owasp Board and Employees and asked them for help on these Owasp community assets:
  • Owasp Twitter - with 78.5k followers the retweet of important milestones or Tweets about the Summit would reach quite a wide audience 
  • Owasp Blog - I don't know how many subscribers, but I'm sure it's reach is quite wide. 
  • Owasp LinkedIn - with 19k followers, this would also be a great way to reach potential Summit Attendees 
  • Owasp monthly newsletter - Another great way to reach the Owasp community and all registered email users
  • Owasp Conferences and Chapters - With the high number of events that Owasp will organise or be involved between now and the Summit, it would be great promote the Summit there
  • Owasp global distribution list - Yes I know that this needs to be used very carefully, but its outreach is massive and the Summit is exactly the kind of event that we should be making out global community aware of
  • Owasp Home page - There are no links (or mentions) in the home page about the Summit (I know that you need to be careful on which evens to expose there, but the Summit should be seen as an special event due to the amount of work that will be done and amount of collaboration that will occur)
  • Official Owasp Press Release - This is another kind of activity where sending it from the OWASP mothership would do wonders to the Summit's promotion (ideally with some quotes from OWASP Board and other high profile Summit Participants)
We have a pretty good Summit Organisation team (Seba, Francois and me) and 6 Summit Editors (sponsored Summit participants that are helping before the Summit), so please let us know how we can help you to help the Summit :)


Dinis, Seba and Francois