How to Host a Conference/Planning

0. FIRST THING FIRST

What does it take to put together an event with hundred or more people? The hard work over many months includes scheduling of speakers’ presentations, discussions and workshops, registration of delegates, sorting out catering, accommodation, transport, venues and much more. However, the most crucial effort is in the initial phase, where the core purpose and aim of the gathering is conceived. At the earliest stage, organizers need to ask themselves the deepest questions: Why? Why should we organize this event? What do we want to accomplish by organizing it? Before any other details are discussed, these questions need to be pondered in depth. We may call it a feasibility study. The people who have the initial idea to arrange a conference should take time to probe the proposed topic from every aspect, and answer to this questions: Is this the correct approach to achieve the desired results? The event must meet the desired level of a return on investment just as a product research and development project would have to demonstrate.


1. CONTENT In order to hold an event you need first to have the content, which is the reason why people are attending the event! Spending the time, energy and money organizing a conference is worthless unless you can assure people will sign up. Whatever niche you’re planning to organize a conference within, make sure there is sufficient demand.

Once you realize there’s sufficient demand for your niche, you want to decide what type of content you want to deliver on even days. Think broadly at this point. What are the areas you want conference presentations to be focused on? Try to make your conference stand out. What are the hooks that are going to assure people in your niche get excited about the event? Are there any hot topics going on in your industry? Are there any controversial debates happening in your industry? Is there a new breakthrough in your industry people are dying to learn more about?

International meetings usually have a general theme. However, for regional meetings, you may want to choose a theme that reflects your chapter's particular strengths or interests.

A good program is critical. Look for variety, interest, timeliness. What do your members need or want to leave with? Try to balance lectures with discussions, hands on, social activities, and time for colleague interaction. While it is acceptable to target individuals/companies to solicit content, in keeping with the OWASP value of openness, all Call for Papers and Call for Training must be open to all to submit. Calls for Papers or Training must be at a minimum announced on the conference Wiki page.

After a long intensive day of speakers and/or training, a more casual opportunity for networking will be welcomed by most all attendees. Depending on the size and location of your event you may want to consider one or several of the following options: OWASP "meet up" at a local pub, OWASP gala dinner, Corporate sponsored party, Guided site seeing tours, Group outing to a sporting event, etc. In many cases you can include an optional fee to be paid to cover the costs of the event. In the case of a corporate sponsored event, the sponsor would cover the costs. Very often, however, an informal yet organized (planned) evening at the pub will be sufficient to facilitate networking among conference attendees and speakers. Be sure to remind everyone at the end of the last talk for the day of the location of the gathering, the cost (if any), and the start time for the next days speakers. Whatever you plan, however, be sure to include some free time for people to do things on their own.


1. PLANNING The initial steps in planning are especially important to ensure success. Do all your homework early on. It is better to change course in the planning phase, than having to change things halfway through preparations. Care to do necessary research and do not take anything for granted. Prepare well. Prepare for all possibilities. It is better to over-prepare than under-prepare. And remember, with humor all things get easier.

1.1. Establish preliminary event and dates
The amount of planning, committee work, advance deadlines, etc., in part depends on the size event you are planning. A general rule is to allow about a month for every 20 participants. For example, if you are expecting 200 attendees, you should begin to prepare at least 10 months in advance.

The general dates and time of the event should be suggested by local variables as well as OWASP speaker availability. For example, it may not be a good idea to plan a conference in Wisconsin in January or Texas in August due to potential weather conditions. Check the OWASP conference schedule to make sure there are not any conflicting events. If you plan to invite out of town speakers, it’s best to arrange them months in advance. Good speakers and instructors are often booked up to a year in advance.

Consider the size and scope of your event. Small groups can be hosted nearly any time. But larger groups will require housing, transportation, and food services that might conflict with other events. Make sure to check the local community events to ensure there will be adequate accessibility to these needs.

Having a cohesive, comprehensive plan for your event is key to the success of your event. While all plans change it is important to consider all of the elements listed in the following tabs when developing your conference planning package. Please have a look at the planning time line that OWASP staff has developed to help you get started and keep track of your event.

1.2. Put together a team
Running a conference takes a lot more than you, your speakers and the audience. There are tons of other people that contribute behind the scenes to make sure everything goes smoothly. Figure out the places you’ll need help, and then look for the right people.

1.2.1. OWASP Staff
The OWASP Staff is available to help with any and all questions you have regarding the planning and execution of your event. OWASP Staff can also help provide historical conference/event information. OWASP Staff must be involved for handling contracts and finances related to your event. Volunteers should not be signing or entering into any contract on behalf of the foundation. Volunteers also should not be collecting funds on behalf of the Foundation without pre-approval from the OWASP Staff.
Provide logistical support and the ability to make quick decisions on the ground (within reason) without having a formal board meeting and decision process.
Serve as a lightning rod for any issues, problems, suggestions or praise that anyone wants to provide about OWASP and bring them to the appropriate committee or OWASP Board. Contact the OWASP Staff with any questions related to their role in planning your event. Remember that the foundation does have some personnel who can help with the conference planning. While it's important not to over-leverage these people, do include them as often as they can support as their insight and experience will be invaluable.

1.2.2. OWASP Global Board Member Role The OWASP Board will make every effort to have at least one OWASP Board Member in attendance at each AppSec conference. The Board Member will: Provide a keynote or other address on OWASP, our goals, vision, strategy, ethics, projects, membership, and progress. The goal is to introduce attendees to OWASP and our culture, describe membership program, attract contributors, and inspire people about the importance of application security.
Ensure that OWASP principles and ethics are upheld in all aspects of the prosecution of the conference. In particular, ensure that OWASP’s brand is not misused by commercial entities.
Assess the general operation of the local/regional OWASP organization, chapters, sponsors, leaders, and contributors. The goal is to use this information to strategize how to grow OWASP’s presence in the region and support the local leadership. Meet with local leaders from OWASP, government, vendors, and industry to get them to understand why application security is important and joining with OWASP makes sense.

1.2.3. Conference Organizers This should be a relatively small group (recommend 3) who are the core organizers of the conference. This group is the "executive leadership" for the conference. There is a tendency for one person to lead a conference, or for this group to be fairly large. Experience indicates that one person is likely unable to handle all of the decisions that will be required for managing a successful conference while having too many causes the issue of inaction by committee. In the initial stages, these are the people who will be doing the heavy lifting while the rest of the committee comes into place. It's recommended that specific organizers be initially tasked into the following:
One of the principle organizers should be designated as responsible for the budget. It is important to reconcile any decisions with the budget as well as keep it up to date. Conferences are the lifeblood of OWASP's financial picture so it's important that they be managed well. See the Conference Budget Planning Tool page for more budgeting information.
One organizer should be devoted to developing partnerships/sponsorship leads for the conference. It's important to determine if the conference will be partnering with any local organizations or governments up front and to manage that relationship. Additionally getting sponsorships early will greatly help keep the conference fiscally responsible.
The last organizer should be devoted to facilities. The first step in planning a conference is to develop a contract with the conference facility and vendors. There are many things to consider while working this process and it requires dedicated attention. Please do keep in mind however that organizers may not sign contracts, only officers of OWASP (The Board) may obligate the foundation legally.
Everyone should do its best to promote the event, but It would be good to have someone taking the lead on the website.

1.2.4. Local Conference Planning Committee
While there is no requirement to organize your conference's committee in any particular way, these structures have worked for successful conferences in the past. It's important to organize a conference committee as early as possible. It is recommended that you establish regular planning/reporting meetings and set up email lists. Always make it clear who is supposed to do what and when. Keep minutes/notes of your meetings and use them to follow up. The more you communicate with each other, the less likely you'll have slip ups.
It is important that the conference committee be predominately comprised of a local team that is able to act locally to speed up and help in all activities related to the conference venue and local services. Planning a conference entirely from a remote location is a challenging job and is NOT recommended. Events without local support are unlikely to get Global Conferences Committee approval.

1.2.5. Program and Training Committee
You need a group of people to review the papers you will receive. A good criteria to select Program and Training Committee members include their involvement in OWASP activities (e.g projects, conferences, mailing lists). Getting people already involved with OWASP helps choosing proposals that are aligned with OWASP's values.
A selection criteria chart has been created to help the program committee scan the submissions.

1.2.6. Functional Leaders (During the event)
In the past it has been helpful to appoint functional leaders for the conference. These volunteers are typically assigned a specific area of responsibility to work in conjunction with the principle organizer's efforts.  Sponsors -- To augment the activities of the principal organizer assigned to this task, it's important to assign someone to sponsorships right away. OWASP staff can help with that. On the other hand, helping Sponsors get to their assigned areas, and making sure that they have the resources that they need to do their tasks. Will also interface with the facilities team if any facilities issues arise and need to be remedied  Security -- Checking credentials at the entrance to convention only areas and controlling access to convention events. There will be licensed security personnel onsite to handle and "real" security issues should they arise; volunteers are not expected to put themselves in any jeopardy as security staff.  Speakers -- Helping Speakers and Trainers get to and from their assigned areas, and making sure that they have the resources that they need to do their tasks. Will also interface with the facilities team if any facilities issues arise and need to be remedied.  Registration/Info Desk/Merch -- Helping run the registration and "Front Desk" functions of the conference. This may also expand to running an Information Desk functionality and/or helping sell merchandise.  Facilities -- Helping run the "behind the scenes" of the conference. This will mainly be overseeing the various contractors and vendors hired to provide services for the conference, and acting as a liaison between the convention center, contractors, exhibitors and the rest of the conference.  Volunteers -- Getting a small army is hard to do.