Difference between revisions of "Women In AppSec"

Women in AppSec

The OWASP Foundation, in recognition of value to both organizations and society, is working to support and enhance programs that increase the participation of women in the field of information and application security. The OWASP Foundation Women in AppSec Program provides merit-based funding for women to attend participating OWASP AppSec conferences. OWASP’s current program objective is to encourage female students at both the undergraduate and graduate levels, instructors, and professional working women who are dedicated to a career in information security and/or application development, to expand their skills and pursue application security. Interested applicants are encouraged to apply to the program running within their region of residence.

Past Eligibility Criteria

Below is the list of eligibility criteria used to select the winners in 2013.

• Has provided 2 responsive contacts as reference, and both references are familiar with the candidate, application security, and OWASP.
• Both references have provided letters of recommendation.
• Has relevant/appropriate achievement goals for attending the conference.
• Is the applicant from the region that the conference is taking place in.
• Has background in volunteering for OWASP or similar organizations.
• Has participated in one of OWASP's programs or activities?
• Is either studying, wishing to study, working in AppSec, or interested in working in AppSec.
• Has financial need.
• Is a paid OWASP member, and/or employer/school is an OWASP sponsor.
• Has an interest in exploring application security

We encourage you to create your own set of criteria that will fit the Women In AppSec that you are planning within your region. The criteria above is meant to be a guideline of what has been used in the past.

Winners

In the past, we have typically had two winners selected for the sponsorship award; however, the number of winners depends on how much you can afford to sponsor. We recommend that you raise $3000 USD for each winner, at least. In the past, we have given each winner a free conference pass, one free training, and free travel and accommodation to attend the event.

Pre-Conference

The majority of the planning involved in running the Women in AppSec Program occurs before the conference or regional event. Below, you will find a brief outline of the tasks your team will have to take on.

Planning & Selection Team

The first step you will need to take care of is the selection of your planning and selection team. These are the individuals that will be helping you manage the pre-event planning process and the selection of the candidates. You will typically need a team of 5-6 people. The selection committee will then be broken down into several sub-teams of one to two people who will then work on sponsorship, marketing, the grading process, and the call for entries.

Sub-Team Roles

Sponsorship

Two people should be responsible for developing the materials and seeking out sponsorships for the program. They will be in charge of creating the sponsorship packages, flyers, and seeking out sponsorship from other chapters and organizations.

Marketing

At least two people should be responsible for marketing the event. Their job will consist of putting together press releases, keeping the event planners updated on progress, and communicating progress to the overall community. They will also be responsible for getting the message out when the team is ready to start accepting applicants.

Grading Proces

While everyone on the committee will be involved in grading, one person will be in charge of the grading process. They will create spreadsheets similar to those originally created for the selection committee, and for making sure everyone has what they need for the grading process. This team will also be responsible for making sure the grading is complete on schedule, and that the announcement of the winners is made before the event.

Call for Entries

Finally, one to two people will be in charge of the call for entries. Depending on the amount of entries, this might work better with two people as it requires collecting entries, arranging them, and sorting them out to the other graders. The call for entries team is responsible for making the forms, and for developing at least the first draft of the selection criteria.

Award Details

This is the fun bit. You and your team will need to decide on the details of the awards. This involves making decisions such as if the winners will be provided travel and accommodation, or free training and conference attendance. Typically, we have covered both travel and accommodation for the two winners as well as one training class. We also provided the winners with a free conference pass; however, the award you choose to sponsor depends on the funds you are able to raise. It is also dependent on what your team decides is the best award package to give away based on your resources.

Budget

As mentioned above, it is up to your team to decide what it is you wish to award each winner. I recommend raising at least $6,000 USD to cover the expenses for each winner if you are going to cover travel and accommodation as well as conference passes and a free training class.

Sponsorship

It is very important to start reaching out to the overall OWASP community and their corporate contacts as potential sponsorship leads. Develop a Sponsorship Strategy and put together a sponsorship flyer outlining the program, what you are seeking, and the benefits of sponsorship. Give incentive for sponsorship and details about the program to get potential sponsors interested. Make sure to include the successes of past Women in AppSec conference events. Once you have your materials and sponsorship packages sorted, you can get started with sponsorship seeking activities. Below you will find an example of the Women in AppSec 2013 sponsorship flyer we sent out to potential sponsors.

Sample of 2013 Sponsorship Flyer

Application Process

You will need to start developing the application process while the sponsorship activities are going on. Make sure to develop the application timeline with deadlines for each stage. Deadlines are critically important, and there has to be a cut off point. Create a deadline for when submissions should be in, for when letters of recommendation should be received, the timeline for the grading process, the date the top 5 will be selected, and the date the final winners will be selected and announced. You will also need to develop a set of selection criteria that the team will use to grade all of the applicants against. Be specific on the criteria you are looking for in candidates. Especially note that only women in the region that the conference is being held can submitted for consideration. After you have all of these details sorted out, you will need to start the Call for Entries. Make sure create an online form where applicants can submit their details to the team.

Sample Selection Criteria

Selection Process

The selection of the winners can be a very lengthy process especially if you have received more than 30 applicants. In the past, the grading has been split between each program team member. Each member will be randomly allocated a handful of applicants which they will grade using the pre-determined selection criteria. Once the grading is complete, you can make the final selection on candidates and announce the winners as a team.

After the winners have been selected and announced, the team will need to help the winners arrange travel, accommodations, and event logistics. Upon their arrival at the conference center, insure they are taken care of by an OWASP volunteer, someone who will get them settled and that they make it to panels and trainings without issue. The bigger the conference, the more important it is to make sure the winners are not lost in the crowd.

Post-Conference

After the conference, it is very important to gather feedback from the winners to make sure they enjoyed the experience. Ask the winners for a brief description about their experience, with a picture attached for the website. Then write up a review and lessons learned page to document the experience with the program. Make sure to include what can be improved upon in the future.

Training Days

Prior to the conference, the winners will arrive during the training workshops. Upon their arrival an OWASP volunteer will be around to greet them and take them to the trainings. This is to ensure that the winners are taken care of, and that they feel welcome and comfortable. The two training days prior to the conference should give the winners a chance to get to know local chapter volunteers and early attendees. Winners are encouraged to attend trainings that interest them and to mingle with fellow trainees. If there is a welcome event, winners should be encouraged to attend as well.

Conference Days

During the two days of the conference an OWASP volunteer will be available to show the winners around, introduce them to staff members, and get them acquainted with conference goers. The volunteer will also be responsible for getting the winners to the Women in AppSec scheduled activities, if any are planned. The volunteers should be made available if the winners have any questions or need help with anything. It is important that the winners get the full OWASP AppSec experience. This includes attending sessions of interests and encouraging winners to participate in the various activities provided at the Global AppSecs.

Previous Women in AppSec Winners

Following their experience at AppSec, winners are encouraged to write a short piece about their experience at the conference and their participation in the Women in AppSec program. Here, they outline their experience with the Women in AppSec Program in their own words.

Carrie Schaper, 2013 Winner

	Carrie Schaper is an Information Security Professional with over 12+ years of industry experience ranging from Penetration Testing Fortune 500 companies, the Banking Infrastructure, and Government to Incident Response and Continuous Monitoring. She has performed Threat-Mitigation against targeted attacks from domestic and foreign adversaries for both corporate and government environments.

Nancy Lornston, 2013 Winner

Nancy Lorntson is the Security Program Manager at Infinite Campus, the largest American-owned Student Information System, managing 6 million students in 43 states. Previously, Nancy was a school district Information Services Manager and part-time trainer for Guidance Software. In her current role, Nancy is responsible for all things security at Infinite Campus, working between the application development organization and the support, network, business operations, and hosting teams to implement, grow and improve a world class security program.

Tara Wilson, 2011 Winner

“Being fortunate enough to receive the Women in AppSec sponsorhsip is a unique and valuable experience. It is a great opportunity for women to have a chance to bolster their skills and dive deep into the world of application security. I found that attending the conference was not only a great way to experience what the OWASP community has to offer, but it also gives students a chance to network with a great group of people who are passionate about their field and willing to share a wealth of information.”

Contact Us

If you are interested in another piece of OWASP design for your event or project, please let us know by using the OWASP Contact Us form.