September 10, 2012 SB Report

Sarah Baso - Report of Conference Activity for August 2012 (Prepared for September 10, 2012 Board Meeting)
To view report of employee activity for August 14 to September 10, 2012: https://docs.google.com/a/owasp.org/document/d/1-k_ocmfbXUIykKeJXrW6zr6PMtGWC9xkQOx2duu1Gf8/edit click here]

Conferences Committee

General Committee Info

• Committee Membership: no changes, currently 8 members: Mark Bristow, Ralph Durkee, Richard Greenberg, Lucas Ferreira, John Wilander, Mohd Fazli Azran, Lorna Alamri, and Benny Ketelslegers.
• Committee Chair: Mark Bristow

• July Committee Meeting Minutes:
  • September 10

• Recurring meeting time: the third Wednesday of the month at 3pm GMT/UTC. 'Next Meetings scheduled for:
  • Wednesday, Septembeer 19, 2012 at 3:00 PM (15:00) UTC/GMT
  • Wednesday, October 17, 2012 at 3:00 PM (15:00) UTC/GMT

• Global Conferences Committee Budget - $26,029 of $40,000 remaining ($13,971 spent).

Major Activities/Projects (in addition to attending monthly committee meetings, taking & posting meeting minutes):

• Working with committee on setting goals for 2013, drafting committee budget for 2013, and drafting proposed revenue goals for 2013 Global AppSec Events
• Proposals for the 2013 AppSec USA event - one submission received from NYC. Submission to be reviewed/decided at September meeting.
• Soliciting proposals for the 2013 AppSec Latam Event
• Requested comments from committee on conference planning documents drafted by Sarah Baso:
  • Conference Planning Timeline/Overview
  • Detailed Conference Planning Checklist
  • Conference Planning - Project Plan with Deadlines
• Ongoing - Updated and monitored google form for tracking schwag requests and monitor OCMS for events that have requested schwag but not entered request into google form.
• Ongoing - Work with Konik, Kate, Rocksport, Zazzle, Lulu, and other misc. vendors to fulfull merchandise and conference requests.

OWASP Events

AppSec India 2012 - Regional

• Schedule for conference talks and training posted
• Over 150 people attended training, and 400 people attended conference
• Local event planners project the event to have made a profit, no details have been received from local team as of 10-Sept-2012
• Event attended by Sarah Baso: Post Event Report

AppSec Ireland 2012 - Regional

• Approx 100 people registered through cvent
• Conference Schedule posted on event website: appsecireland.org
• Sponsors: F5, WhiteHat Security, BCC Risk Advisory
• Other orgs/supporters: (ISC)2, irishdev, Pentest Magazine, Google Developer Group Dublin, Irish Internet Association, Irish Computer Society, British Computer Society, Irish Reporting and Information Security Service
• Event attended by Samantha Groves (staff), Michael Coates (Board), Eoin Keary (organizer, Board)

OWASP Israel 2012 - Regional

• Event website: https://www.owasp.org/index.php/OWASP_Israel_2012
• Free event with over 450 people registered to attend through cvent
• Sponsors
  • Gold: Quotium, Imperva, Ernst & Young, Akamai, IBM, Radware
  • Silver: GRSec, Liveperson, RSA, Foresight, Komodo Consulting, Secoz, HP, Rafael Co
• Event projected to make a profit, no details have been received from local team as of 10-Sept-2012

AppSec USA 2012 - Global

• Current conference profit estimate: $25,000 (Budget)
• Sponsorships = $118,150 - new sponsorships include: Adobe (Diamond), Veracode (Gold), Symplified (Silver), Whitehat Security (Silver), and Blueinfy Silver)
• Call For Papers ended on Saturday, August 11, 2012. Speaker Selection Committee will review over 130 submissions received and we expect to begin contacting speakers on or before Monday, August 27, 2012.
• CFT deadline was July 6 & Trainings are posted:
  • No Crack Required: Cryptanalysis in Real-World Applications (Timothy D. Morgan)
  • Elite Web Application Secure Defensive Coding Bootcamp (Jim Manico and Eoin Keary)
  • CISO Training: Managing Web & Application Security – OWASP for Senior Managers (Tobias Gondrom)
  • The Art of Exploiting SQL Injection (Sumit Siddharth)
  • Tactical Defense with ModSecurity (Josh Amishav-Zlatin)
  • Building a Software Security Program On Open Source Tools (Dan Cornell)
  • Android/iOS Hacking and Securing (Patrick Szeto)
  • Advanced Threat Tactics (Raphael Mudge)
  • Hands on Web Application Testing: Assessing Web Apps the OWASP Way (Matt Tesauro)
  • Writing Secure J2EE Code (Sherif Koussa)
  • .NET Secure Coding (Erez Metula)

• Registration (through Cvent) open and early early registration push (discounts to past attendee from Lascon and LY AppSec USA who registered before June 30 & early bird discount ending July 15) - 175 currently registered

AppSec Brazil 2012 - Regional

• Event cancelled - was to be hosted by OWASP Paraíba Chapter but Chapter Leader (who was the main person driving the event) had to drop out due to personal reasons.
• It was suggested that the Florianopolis Chapter turn their OWASP Floripa Day 2012 into the AppSec Brasil event, but due to the short time until the event (1 month away) - it was decided that no changes would be made.

AppSec Latam 2012 - Global

• http://appseclatam.org
• Fabio Cerullo is serving as their GCC liaison
• Event logistics (location and date) finalized:
  • Hosted at Antel National Telco Building in Montevideo, Uruguay
  • 2 days of training: Nov. 18-19
  • 2 days of conference talks: Nov. 20-21 (2 Tracks)
• 4 Keynotes confirmed: Jerry Hoff, Pravir Chandra, Cristian Borghello, and Hernan M. Racciatti
• CFP and CFT opened
• Completed revised sponsorship document

AppSec APAC 2013 - Global

• Sarah working with local team to set up status calls

AppSec EU/Research 2013 - Global

• Hamburg, Germany (related documents)
• Local team working to finalize dates within the next week
• Conference/Project management set up in Redmine, local team & Sarah had meeting last Friday (August 10) to give overview on how Redmine will work and next steps to move forward.

Outreach Events

• BlackHat USA (Post-event report pending)

Upcoming:

• ISC2 - Secure Brazil
• Hacker Halted USA
• BSidesDFW

In negotiation/under review:

• RSA Europe 2012 and RSA USA 2013
• MN Cyber Security Summit 2012
• AISA National Conference
• (ISC)2 Security Congress
• Hacker Halted Asia Pacific 2012
• Malaysia Open Source Conference 2012
• HITBSecConf2012

Other Activities

• Marketing:
  • Global Membership Handout (Template created by PR with Brains for NY Chapter, and modified for use at BlackHat Booth)
  • Kate had in-person meeting with Patrick Calder at Design Foundry last Thursday and we have call this afternoon with Patrick and his business partner to discuss next steps.
• Worked with Kate to consolidate Q3 goals [1].

Resource Pages

• Event Contracts
• Event Budgets
• Event Sponsorship Documents