This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Summit 2011/Schedule - Concepts and Structure

Revision as of 12:51, 11 January 2011 by Dinis.cruz (talk | contribs) (Schedules)

Jump to: navigation, search

NOTE: THIS PAGE CURRENTLY CONTAINS A BRAIN DUMP (Jim please edit and delete this NOTE when you are happy with its content)

Discussion group

There is a dedicated Discussion Forum for Summit Schedule items, which can be found here:


The key objecives of the Summit Schedule are:

  • Maximize Attendees productivity (while at the Summit)
  • Attract as much talent (and key players) to the Summit as possible
  • Convince attendees to spend (at least) 3 days at the Summit (Tue, Wed and Thu)


There will be a number of different schedules that need to be created

  • Pre-Summit Schedule - Created/Released 4 weeks before the Summit, Contains what its known at the time, doesn't make ANY commitment (apart for very specific exceptions) on when a Track or Working Session will occour, defines the KEY Summit Schedule components (i.e. how many Large/Medium/Small Working Sessions slots will exist)
  • Draft Scheadule - Not for public consumtion schedule, used internally to test out the possible schedule combinations and to detect/address major schedule conflicts. This is where all data will be feed as it becomes available (attendees arrival times, attendees working sessions attendance preferences, attendees 'black spots', etc....)
  • Final Schedule - Released 1 or 2 days before the Summit. This is basically the final version of the Draft Scheadule, NOT to be modified during the Summit

What needs to be known before the Final schedule is created

  • When are the attendees arriving (exact dates and times they arrive at the venue)
  • What working sessions will exist
  • What working sessions the attendees MUST be present (since they are a key participant or leader)
  • What working sessions the attendees WOULD LIKE to be present
  • Any time or date limitations/constraints
    • Ask key attendees if they have remote meetings that they need to be and will make them unavailable to participate in a working session (we should keep these to the minimum, but it will be good to take them into account)
    • Some attendees will have other Summit Related tasks (let's say Jim with helping out on Podcasting), so we need to take this into account when creating the personalized scheadules

What can be mapped for the 'Pre-Summit Schedule'

Although it will be too soon to make any committments on when a particular track or working session will occour, the following items can be added to the publicly available (to be published ASAP) 'Pre-Summit Schedule'

How to know the attende's Working Sessions mappings

A technological solution must be found to allow the attendees to provide this info (for reference when Jim Manico was asked to provide a quick list of Working Sessions the MUST go, he came up with 33 (and that are the Working sessions marked as A in an A to F ranking)

  • we could use the wiki (since every working session has its own page
  • use other non-wiki solutions (which will need a way to batch import and export the working session's data)
    • OWASP current registation solution (already used to register the attendees and sponsorships)
    • EventBrite
    • other conference registration solutions (for example the UK's DDD conference does a similar 'attendee pool' to decide which presentations will happen)

Other examples of 'Flexible Schedule' conferences

There are a number of conferences that have large parts of its schedule allocated to meetings that are only defined a couple days before (or even at the beggining of the conference). Also, what does the schedule looks like for those big government meetings? G20, EU Summits, Davos, etc... Don't they also have a big element of 'dynamic sheduling'?

We should identify them and learn from their experience.

Types of Attendees

There will be a number of different attendees at the Summit:

  • OWASP 'Hard-core' Leaders - will want to be involved in OWASP Governace issues
  • OWASP Leaders - will mainly be interrested in their own project/chapter and Working Sessions related to their professional/personal interrests
  • OWASP User
  • new to OWASP

For each one of these type we should:

  • have a description
  • know how many there are in each group
  • map any special considerations or activities we should be planning for them
  • name them! (i.e. see if it is possible to find and name one (or more) individuals in each category so that it is easier to visualize what would be their needs, desires and requirements)

Types of Track

  • Keynote: one to many presentation, 15m slot, to be used very selectively, should be done by industry leaders and focused on 'big picture' or 'motivational' items
  • Large Working Session: few to many type of session, 50+ attendees
  • Medium Working Session: many to many type of session, 20+ attendees
  • Small Working Session: many to many type of session, 5+ attendees

Lessons Learned from the Summit 2008

The OWASP_EU_Summit_2008 2008 Summit also had 'dynamic schedule' that was created a couple days before the actual event. Here are the lessons learned:

  • it is possible to create a working schedule a couple days before (not to say that that is what we only want to create it a couple days before, just that it can be published a couple day(s) before)
  • there are a number of critical pieces of information required to create a really effective schedule that are only known (or finalized) in the last couple days/week
  • New ideas for Working Sessions will appear when attendees focus on the Summit (which last time only happened when they got there, and this time around we have been doing this from mid December)
  • Don't start the main sessions and keynotes at 9:00am. Last time we had to push the schedule forward 30m forward since it would had not been fair to the owasp leaders that worked so hard on their project and only had 50% of the Summit attendees there (this time around we should put Smaller working sessions starting at 9:00am so that if people miss that session they are shooting themselves in the foot
  • Work lunches worked quite well (not to say that we should put that as part of the schedule, but the attendees are so passionate on the Working sessions they are involved in, that they still want to continue the conversation over lunch :) )
  • 'Beer/wine delivery' at 4pm was a massive success. What happened was that at 4pm a hotel crew (and the Summit Staff) would appear in the main Working session rooms with a massive bucket of beers and wines, which was then distributed to the atteendees
  • We need to provide dinner and beer to all attendees (this was something that we were not counting of doing, but it proved completely impractical (and expensive for the attendees) NOT to do it. Since we used the vilas, it actually turned out great, since the Working Sessions continuted over dinner and night
  • Provided enough food and drinks, the attendees will stay talking about OWASP on the villas until 1am (if not more). And most (with some exceptions) did turn up on time for the morning sessions :)

  • Other items to take into account