How to Host a Conference/Roles and Responsibilities
Put together a team
Running a conference takes a lot more than you, your speakers and the audience. There are tons of other people that contribute behind the scenes to make sure everything goes smoothly. Figure out the places you’ll need help, and then look for the right people.
The OWASP Staff is available to help with any and all questions you have regarding the planning and execution of your event. OWASP Staff can also help provide historical conference/event information. OWASP Staff must be involved for handling contracts and finances related to your event. Volunteers should not be signing or entering into any contract on behalf of the foundation. Volunteers also should not be collecting funds on behalf of the Foundation without pre-approval from the OWASP Staff.
Provide logistical support and the ability to make quick decisions on the ground (within reason) without having a formal board meeting and decision process.
Serve as a lightning rod for any issues, problems, suggestions or praise that anyone wants to provide about OWASP and bring them to the appropriate committee or OWASP Board. Contact the OWASP Staff with any questions related to their role in planning your event. Remember that the foundation does have some personnel who can help with the conference planning. While it's important not to over-leverage these people, do include them as often as they can support as their insight and experience will be invaluable.
OWASP Global Board Member Role The OWASP Board will make every effort to have at least one OWASP Board Member in attendance at each AppSec conference. The Board Member will: Provide a keynote or other address on OWASP, our goals, vision, strategy, ethics, projects, membership, and progress. The goal is to introduce attendees to OWASP and our culture, describe membership program, attract contributors, and inspire people about the importance of application security.
Ensure that OWASP principles and ethics are upheld in all aspects of the prosecution of the conference. In particular, ensure that OWASP’s brand is not misused by commercial entities.
Assess the general operation of the local/regional OWASP organization, chapters, sponsors, leaders, and contributors. The goal is to use this information to strategize how to grow OWASP’s presence in the region and support the local leadership. Meet with local leaders from OWASP, government, vendors, and industry to get them to understand why application security is important and joining with OWASP makes sense.
Conference Organizers This should be a relatively small group (recommend 3) who are the core organizers of the conference. This group is the "executive leadership" for the conference. There is a tendency for one person to lead a conference, or for this group to be fairly large. Experience indicates that one person is likely unable to handle all of the decisions that will be required for managing a successful conference while having too many causes the issue of inaction by committee. In the initial stages, these are the people who will be doing the heavy lifting while the rest of the committee comes into place. It's recommended that specific organizers be initially tasked into the following:
One of the principle organizers should be designated as responsible for the budget. It is important to reconcile any decisions with the budget as well as keep it up to date. Conferences are the lifeblood of OWASP's financial picture so it's important that they be managed well. See the Conference Budget Planning Tool page for more budgeting information.
One organizer should be devoted to developing partnerships/sponsorship leads for the conference. It's important to determine if the conference will be partnering with any local organizations or governments up front and to manage that relationship. Additionally getting sponsorships early will greatly help keep the conference fiscally responsible.
The last organizer should be devoted to facilities. The first step in planning a conference is to develop a contract with the conference facility and vendors. There are many things to consider while working this process and it requires dedicated attention. Please do keep in mind however that organizers may not sign contracts, only officers of OWASP (The Board) may obligate the foundation legally.
Everyone should do its best to promote the event, but It would be good to have someone taking the lead on the website.
Local Conference Planning Committee
While there is no requirement to organize your conference's committee in any particular way, these structures have worked for successful conferences in the past. It's important to organize a conference committee as early as possible. It is recommended that you establish regular planning/reporting meetings and set up email lists. Always make it clear who is supposed to do what and when. Keep minutes/notes of your meetings and use them to follow up. The more you communicate with each other, the less likely you'll have slip ups.
It is important that the conference committee be predominately comprised of a local team that is able to act locally to speed up and help in all activities related to the conference venue and local services. Planning a conference entirely from a remote location is a challenging job and is NOT recommended. Events without local support are unlikely to get Global Conferences Committee approval.
Program and Training Committee
You need a group of people to review the papers you will receive. A good criteria to select Program and Training Committee members include their involvement in OWASP activities (e.g projects, conferences, mailing lists). Getting people already involved with OWASP helps choosing proposals that are aligned with OWASP's values.
A selection criteria chart has been created to help the program committee scan the submissions.
Functional Leaders (During the event)
In the past it has been helpful to appoint functional leaders for the conference. These volunteers are typically assigned a specific area of responsibility to work in conjunction with the principle organizer's efforts. Sponsors -- To augment the activities of the principal organizer assigned to this task, it's important to assign someone to sponsorships right away. OWASP staff can help with that. On the other hand, helping Sponsors get to their assigned areas, and making sure that they have the resources that they need to do their tasks. Will also interface with the facilities team if any facilities issues arise and need to be remedied Security -- Checking credentials at the entrance to convention only areas and controlling access to convention events. There will be licensed security personnel onsite to handle and "real" security issues should they arise; volunteers are not expected to put themselves in any jeopardy as security staff. Speakers -- Helping Speakers and Trainers get to and from their assigned areas, and making sure that they have the resources that they need to do their tasks. Will also interface with the facilities team if any facilities issues arise and need to be remedied. Registration/Info Desk/Merch -- Helping run the registration and "Front Desk" functions of the conference. This may also expand to running an Information Desk functionality and/or helping sell merchandise. Facilities -- Helping run the "behind the scenes" of the conference. This will mainly be overseeing the various contractors and vendors hired to provide services for the conference, and acting as a liaison between the convention center, contractors, exhibitors and the rest of the conference. Volunteers -- Getting a small army is hard to do.