How to Host a Conference/Roles and Responsibilities

Board Member Role

The OWASP Board will make every effort to have at least one OWASP Board Member in attendance at each AppSec conference. The Board Member will:

1. Provide a keynote or other address on OWASP, our goals, vision, strategy, ethics, projects, membership, and progress. The goal is to introduce attendees to OWASP and our culture, describe membership program, attract contributors, and inspire people about the importance of application security.
2. Ensure that OWASP principles and ethics are upheld in all aspects of the prosecution of the conference. In particular, ensure that OWASP’s brand is not misused by commercial entities.
3. Provide logistical support and the ability to make quick decisions on the ground (within reason) without having a formal board meeting and decision process.
4. Serve as a lightning rod for any issues, problems, suggestions or praise that anyone wants to provide about OWASP and bring them to the appropriate committee or OWASP Board.
5. Assess the general operation of the local/regional OWASP organization, chapters, sponsors, leaders, and contributors. The goal is to use this information to strategize how to grow OWASP’s presence in the region and support the local leadership.
6. Meet with local leaders from OWASP, government, vendors, and industry to get them to understand why application security is important and joining with OWASP makes sense.

Conference Liaison Initiative

As one of their 2011 initiatives, the Global Conferences Committee started a Conference Liaison Program, where a member of the committee is paired with each of the Global AppSec organizing teams in order to assist them with their planning process as well as attend the conference to help trouble shoot any issues and sign necessary paperwork.

The following duties were initially set forth for the GCC liaison:

The GCC member shall:

• interface with the local planning committee at least 1 month before trip (attend planning call)
• Interact with planners/attendees while at conference
• Interact with Sponsors
• Sign conference contracts under $20,000 (once approved)

At the GCC meeting following the event, the traveling member will be expected to provide an post trip report covering:

• Assessment of facility
• Event Marketing Strategy
• Examination of Event Budget
• Estimation of Speaker Quality
• Sponsor engagement/cost-effectiveness & feedback
• Any notable comments from planners/attendees
• Any unique outstanding elements
• Any issues

Conference Committee

While there is no requirement to organize your conference's committee in any particular way, these structures have worked for successful conferences in the past. It's important to organize a conference committee as early as possible. It is recommended that you establish regular planning/reporting meetings and set up email lists. Always make it clear who is supposed to do what and when. Keep minutes/notes of your meetings and use them to follow up. The more you communicate with each other, the less likely you'll have slip ups.

It is important that the conference committee be predominately comprised of a local team that is able to act locally to speed up and help in all activities related to the conference venue and local services. Planning a conference entirely from a remote location is a challenging job and is NOT recommended. Events without local support are unlikely to get Global Conferences Committee approval.

Conference Organizers

This should be a relatively small group (recommend 3) who are the core organizers of the conference. This group is the "executive leadership" for the conference. There is a tendency for one person to lead a conference, or for this group to be fairly large. experience indicates that one person is likely unable to handle all of the decisions that will be required for managing a successful conference while having too many causes the issue of inaction by committee. In the initial stages, these are the people who will be doing the heavy lifting while the rest of the committee comes into place. It's recommended that specific organizers be initially tasked into the following:

• One of the principle organizers should be designated as responsible for the budget. It is important to reconcile any decisions with the budget as well as keep it up to date. Conferences are the lifeblood of OWASP's financial picture so it's important that they be managed well. See the Conference Budget Planning Tool page for more budgeting information.

• One organizer should be devoted to developing partnerships/sponsorship leads for the conference. It's important to determine if the conference will be partnering with any local organizations or governments up front and to manage that relationship. Additionally getting sponsorships early will greatly help keep the conference fiscally responsible

• The last organizer should be devoted to facilities. The first step in planning a conference is to develop a contract with the conference facility. There are many things to consider while working this process and it requires dedicated attention. Please do keep in mind however that organizers may not sign contracts, only officers of OWASP (The Board) may obligate the foundation legally.

Functional Leaders

In the past it has been helpful to appoint functional leaders for the conference. These volunteers are typically assigned a specific area of responsibility to work in conjunction with the principle organizer's efforts.

• Sponsors -- To augment the activities of the principal organizer assigned to this task, it's important to assign someone to sponsorships right away. This task will involve a lot of email, conference calls, and footwork and needs all the help it can get.

• Security -- Checking credentials at the entrance to convention only areas and controlling access to convention events. There will be licensed security personnel onsite to handle and "real" security issues should they arise, volunteers are not expected to put themselves in any jeopardy as security staff.

• Speakers -- Helping Speakers and Trainers get to and from their assigned areas, and making sure that they have the resources that they need to do their tasks. Will also interface with the facilities team if any facilities issues arise and need to be remedied.

• Registration/Info Desk/Merch -- Helping run the registration and "Front Desk" functions of the conference. This may also expand to running an Information Desk functionality and/or helping sell merchandise.

• Facilities -- Helping run the "behind the scenes" of the conference. This will mainly be overseeing the various contractors and vendors hired to provide services for the conference, and acting as a liaison between the convention center, contractors, exhibitors and the rest of the conference.

• Volunteers -- Getting a small army is hard to do

Program Committee

You need a group of people to review the papers you will receive.

Good criteria to select Program Committee members include their involvement in OWASP activities (e.g projects, conferences, mailing lists). Selecting people already involved with OWASP helps choosing proposals that are aligned with OWASP's values.

Trainer Evaluators

You need a group of people to review the training proposals you will receive.

Good criteria to select Trainer Evaluators include their involvement in OWASP activities (e.g projects, conferences, mailing lists). Selecting people already involved with OWASP helps choosing proposals that are aligned with OWASP's values.