This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

How to Host a Conference

From OWASP
Jump to: navigation, search


CONGRATULATIONS! YOU'RE GOING TO HOST AN OWASP EVENT



Just ask anyone who has put together an event of any size and they will tell you it is hard work, but can also be a lot of fun.

Our intent in posting these guidelines at the OWASP web site is to give conference planners something more than "Good Luck" as they prepare to host an event. While it is almost impossible to cover EVERY detail of planning, we think we have put together a fairly comprehensive series of recommendations. This manual is not meant to be a Bible for the ones who want to organize an OWASP event such as a conference. It is more of a handbook or a booklet of tips. This manual can be used as a general guideline for the organizers. It can give you an idea of all the steps that need to be taken when organizing such an event. It is absolutely necessary for you to use this manual in complement with your own thinking and ideas. We are an open community, so your peers are often a great resource. You are welcome to write in your own tips, so the manual can grow from an event to an event and someday become a true OWASP Manual for organizing conferences.

Refer to some of the other conference pages and contact OWASP staff directly for advice.

Different types of OWASP Events (see the Event Definition) have a few requirements imposed on them.

Questions?

Contact the OWASP Staff

Event Definitions

All OWASP events will fall into one of the following categories. If you are unsure as to what types of event you would like to plan contact us and for further clarification or to help define the scope of your event. Please also note that various types of events have some requirements set for them, see the policies/requirements tab for details

OWASP Global AppSec Conference

These conferences are the flagship of the OWASP outreach effort. This will be an international conference sponsored by OWASP and approved by the OWASP Staff along with a small group of community event reviewers. AppSec Conferences include multiple days of multi-track plenary sessions in addition to pre-conference training offerings. AppSec Conferences, schedules, and trainings must be reviewed by the OWASP Staff and will receive the full support of the OWASP Foundation. In any calendar year, there will be no more than 4 AppSec Conferences of this size. Locations will be determined the prior year and planning must begin at a minimum of 12 months in advance. The talent and services of volunteers are crucial to OWASP AppSec Conference success. That is the reason why it is important to establish standards and guidelines for volunteer so that both the volunteer and OWASP staff understand the parameters of the relationship up front. Volunteers that cancel at the last minute and produce limited results encumber OWASP mission, costing it money and preventing it from fulfilling its fundraising goals. A reliable volunteer with a strong work ethic can go a long way towards helping OWASP meet its goals. Before getting the approval to organize an OWASP AppSec Conference the Conference Organizers should: First, make a personal commitment to be there for OWASP. And second, read and fill out and sign the volunteer agreement.


OWASP Regional/Theme Conference

Regional/Theme conferences typically have lower attendance than AppSec conferences and typically include multiple days of single track plenary sessions. Training may or may not be offered at the discretion of the regional conference planning team. Regional conferences are not subject to the same rigor as AppSec conferences in terms of planning and only require the local planning team enter the event into the OWASP Conference Management System for review and approval by OWASP Staff and a small group of community reviewers. Regional conferences are encouraged to have a unique theme (development, Research, PHP, Government, Browsers...) to help differentiate them, although this is not required. Regional teams are free to brand their conference as they wish, as long as the OWASP affiliation is maintained, with the exception of the moniker "OWASP Global AppSec" which is reserved only for Global AppSec conferences.

OWASP Local Event

Events are typically single day or "OWASP Day" type events that are generally local in nature. Events typically have only one track and span anywhere from a half to a full day. Planning for these events is at the sole discretion of the event team and may be branded in any manner so long as the OWASP affiliation is maintained. In general, significant OWASP Foundation support will not be available for these events.

Project Summit

The purpose of our Project Summits is to focus dedicated time on collaboration & innovation of specific technical topics to help improve the quality and usefulness of our OWASP project tools. A Project Summit may be a standalone event or co-located with our Global AppSec conferences. Project Summits are classified as local or regional events and are eligible for the same level of support.

Partner/Promotional/Co-Marketing Events

Partner events are events of any type where OWASP partners with another non-profit organization to co-host an event. These events sometimes require close examination as the terms of the partnering agreement need to be reviewed to ensure OWASP integrity and reduce liability. These events also frequently will require both OWASP Staff and community review and may take many forms.

Many of our partnership & co-marketing agreements have the same standard deliverables, which may include but are not limited to:

  • Include the event under our Partner & Promotional section
  • Include the event in our monthly Connector up until the conclusion of the event
  • One (1) dedicated email invitation to the chapter leaders within the region of the event, asking them share the details and discounts with their community and chapter members. Email to be provided to OWASP for review/release by the partnering organization. Each chapter is run independently, so it is up to each chapter leaders discretion to promote the event.
  • Logo posted on our Supporting Partners page
  • Social Media - usually no more than 1x a month up until the start of the event.



Promotional Events are where OWASP has paid or in-kind sponsorship in a conference that is hosted by another organization. This sponsorship may take the shape of a booth, hosted competition, lanyards, bags, fliers and other promotional items and may or may not be a strictly financial transaction. These events require additional scrutiny as OWASP has a very limited marketing budget, however it is important for community members to have the support to "get the word out" at other events. These events will often provide OWASP with conference passes that can be distributed to volunteers who agree to represent OWASP at the OWASP booth.

Planning

FIRST THING FIRST

What does it take to put together an event with hundred or more people? The hard work over many months includes scheduling of speakers’ presentations, discussions and workshops, registration of delegates, sorting out catering, accommodation, transport, venues and much more. However, the most crucial effort is in the initial phase, where the core purpose and aim of the gathering is conceived. At the earliest stage, organizers need to ask themselves the deepest questions: Why? Why should we organize this event? What do we want to accomplish by organizing it? Before any other details are discussed, these questions need to be pondered in depth. We may call it a feasibility study. The people who have the initial idea to arrange a conference should take time to probe the proposed topic from every aspect, and answer to this questions: Is this the correct approach to achieve the desired results? The event must meet the desired level of a return on investment just as a product research and development project would have to demonstrate.


CONTENT In order to hold an event you need first to have the content, which is the reason why people are attending the event! Spending the time, energy and money organizing a conference is worthless unless you can assure people will sign up. Whatever niche you’re planning to organize a conference within, make sure there is sufficient demand.

Once you realize there’s sufficient demand for your niche, you want to decide what type of content you want to deliver on even days. Think broadly at this point. What are the areas you want conference presentations to be focused on? Try to make your conference stand out. What are the hooks that are going to assure people in your niche get excited about the event? Are there any hot topics going on in your industry? Are there any controversial debates happening in your industry? Is there a new breakthrough in your industry people are dying to learn more about?

International meetings usually have a general theme. However, for regional meetings, you may want to choose a theme that reflects your chapter's particular strengths or interests.

A good program is critical. Look for variety, interest, timeliness. What do your members need or want to leave with? Try to balance lectures with discussions, hands-on, social activities, and time for colleague interaction. While it is acceptable to target individuals/companies to solicit content, in keeping with the OWASP value of openness, all Call for Papers and Call for Training must be open to all to submit. Calls for Papers or Training must be at a minimum announced on the conference Wiki page.

After a long intensive day of speakers and/or training, a more casual opportunity for networking will be welcomed by most all attendees. Depending on the size and location of your event you may want to consider one or several of the following options: OWASP "meet up" at a local pub, OWASP gala dinner, Corporate-sponsored party, Guided site seeing tours, Group outing to a sporting event, etc. In many cases, you can include an optional fee to be paid to cover the costs of the event. In the case of a corporate sponsored event, the sponsor would cover the costs. Very often, however, an informal yet organized (planned) evening at the pub will be sufficient to facilitate networking among conference attendees and speakers. Be sure to remind everyone at the end of the last talk for the day of the location of the gathering, the cost (if any), and the start time for the next days' speakers. Whatever you plan, however, be sure to include some free time for people to do things on their own.


PLANNING The initial steps in planning are especially important to ensure success. Do all your homework early on. It is better to change course in the planning phase, than having to change things halfway through preparations. Care to do the necessary research and do not take anything for granted. Prepare well. Prepare for all possibilities. It is better to over-prepare than under-prepare. And remember, with humor all things get easier.

Establish preliminary event and dates
The amount of planning, committee work, advance deadlines, etc., in part, depends on the size event you are planning. A general rule is to allow about a month for every 20 participants. For example, if you are expecting 200 attendees, you should begin to prepare at least 10 months in advance.

The general dates and time of the event should be suggested by local variables as well as OWASP speaker availability. For example, it may not be a good idea to plan a conference in Wisconsin in January or Texas in August due to potential weather conditions. Check the OWASP conference schedule to make sure there are not any conflicting events. If you plan to invite out of town speakers, it’s best to arrange them months in advance. Good speakers and instructors are often booked up to a year in advance.

Consider the size and scope of your event. Small groups can be hosted nearly any time. But larger groups will require housing, transportation, and food services that might conflict with other events. Make sure to check the local community events to ensure there will be adequate access to these needs.

Having a cohesive, comprehensive plan for your event is key to the success of your event. While all plans change it is important to consider all of the elements listed in the following tabs when developing your conference planning package. Please have a look at the planning timeline that OWASP staff has developed to help you get started and keep track of your event.

Put together a team
Running a conference takes a lot more than you, your speakers and the audience. There are tons of other people that contribute behind the scenes to make sure everything goes smoothly. Figure out the places you’ll need help, and then look for the right people.

Put together a team
Running a conference takes a lot more than you, your speakers and the audience. There are tons of other people that contribute behind the scenes to make sure everything goes smoothly. Figure out the places you’ll need help, and then look for the right people.

OWASP Staff
The OWASP Staff is available to help with any and all questions you have regarding the planning and execution of your event. OWASP Staff can also help provide historical conference/event information. OWASP Staff must be involved for handling contracts and finances related to your event. Volunteers should not be signing or entering into any contract on behalf of the foundation. Volunteers also should not be collecting funds on behalf of the Foundation without pre-approval from the OWASP Staff.
Provide logistical support and the ability to make quick decisions on the ground (within reason) without having a formal board meeting and decision process.
Serve as a lightning rod for any issues, problems, suggestions or praise that anyone wants to provide about OWASP and bring them to the appropriate committee or OWASP Board. Contact the OWASP Staff with any questions related to their role in planning your event. Remember that the foundation does have some personnel who can help with the conference planning. While it's important not to over-leverage these people, do include them as often as they can support as their insight and experience will be invaluable.

OWASP Global Board Member Role The OWASP Board will make every effort to have at least one OWASP Board Member in attendance at each AppSec conference. The Board Member will: Provide a keynote or other address on OWASP, our goals, vision, strategy, ethics, projects, membership, and progress. The goal is to introduce attendees to OWASP and our culture, describe membership program, attract contributors, and inspire people about the importance of application security.
Ensure that OWASP principles and ethics are upheld in all aspects of the prosecution of the conference. In particular, ensure that OWASP’s brand is not misused by commercial entities.
Assess the general operation of the local/regional OWASP organization, chapters, sponsors, leaders, and contributors. The goal is to use this information to strategize how to grow OWASP’s presence in the region and support the local leadership. Meet with local leaders from OWASP, government, vendors, and industry to get them to understand why application security is important and joining with OWASP makes sense.

Conference Organizers This should be a relatively small group (recommend 3) who are the core organizers of the conference. This group is the "executive leadership" for the conference. There is a tendency for one person to lead a conference, or for this group to be fairly large. Experience indicates that one person is likely unable to handle all of the decisions that will be required for managing a successful conference while having too many causes the issue of inaction by committee. In the initial stages, these are the people who will be doing the heavy lifting while the rest of the committee comes into place. It's recommended that specific organizers be initially tasked into the following:
One of the principle organizers should be designated as responsible for the budget. It is important to reconcile any decisions with the budget as well as keep it up to date. Conferences are the lifeblood of OWASP's financial picture so it's important that they be managed well. See the Conference Budget Planning Tool page for more budgeting information.
One organizer should be devoted to developing partnerships/sponsorship leads for the conference. It's important to determine if the conference will be partnering with any local organizations or governments up front and to manage that relationship. Additionally getting sponsorships early will greatly help keep the conference fiscally responsible.
The last organizer should be devoted to facilities. The first step in planning a conference is to develop a contract with the conference facility and vendors. There are many things to consider while working this process and it requires dedicated attention. Please do keep in mind however that organizers may not sign contracts, only officers of OWASP (The Board) may obligate the foundation legally.
Everyone should do its best to promote the event, but It would be good to have someone taking the lead on the website.

Local Conference Planning Committee
While there is no requirement to organize your conference's committee in any particular way, these structures have worked for successful conferences in the past. It's important to organize a conference committee as early as possible. It is recommended that you establish regular planning/reporting meetings and set up email lists. Always make it clear who is supposed to do what and when. Keep minutes/notes of your meetings and use them to follow up. The more you communicate with each other, the less likely you'll have slip ups.
It is important that the conference committee be predominately comprised of a local team that is able to act locally to speed up and help in all activities related to the conference venue and local services. Planning a conference entirely from a remote location is a challenging job and is NOT recommended. Events without local support are unlikely to get Global Conferences Committee approval.

Program and Training Committee
You need a group of people to review the papers you will receive. A good criteria to select Program and Training Committee members include their involvement in OWASP activities (e.g projects, conferences, mailing lists). Getting people already involved with OWASP helps choosing proposals that are aligned with OWASP's values.
A selection criteria chart has been created to help the program committee scan the submissions.

Functional Leaders (During the event)
In the past it has been helpful to appoint functional leaders for the conference. These volunteers are typically assigned a specific area of responsibility to work in conjunction with the principle organizer's efforts.  Sponsors -- To augment the activities of the principal organizer assigned to this task, it's important to assign someone to sponsorships right away. OWASP staff can help with that. On the other hand, helping Sponsors get to their assigned areas, and making sure that they have the resources that they need to do their tasks. Will also interface with the facilities team if any facilities issues arise and need to be remedied  Security -- Checking credentials at the entrance to convention only areas and controlling access to convention events. There will be licensed security personnel onsite to handle and "real" security issues should they arise; volunteers are not expected to put themselves in any jeopardy as security staff.  Speakers -- Helping Speakers and Trainers get to and from their assigned areas, and making sure that they have the resources that they need to do their tasks. Will also interface with the facilities team if any facilities issues arise and need to be remedied.  Registration/Info Desk/Merch -- Helping run the registration and "Front Desk" functions of the conference. This may also expand to running an Information Desk functionality and/or helping sell merchandise.  Facilities -- Helping run the "behind the scenes" of the conference. This will mainly be overseeing the various contractors and vendors hired to provide services for the conference, and acting as a liaison between the convention center, contractors, exhibitors and the rest of the conference.  Volunteers -- Getting a small army is hard to do.



Budget

The OWASP Conference Budget Planning Tool

Develop the Event Budget

The OWASP Conference Budget Planning Tool was developed to assist in the budget planning process. The tool was originally designed for AppSec conferences but can be used for a conference of any size.

Attendees should be expected to pay their registration fees in advance. This helps provide an accurate picture of the number who will attend because the attendees are more committed to attending. You can consider a slightly higher fee for late registrations or registrations onsite, if your food and facilities planning can handle extra last-minute registrations. Your conference costs should be handled through the Foundation. Sponsorship funds, venue deposits, travel reimbursements, printing, etc will be managed for you. This allows you to focus more on the event content! Contact Us as soon as possible to get this set up. Don't minimize the importance of a detailed accounting of your conference funds. Setting things up right before you begin to receive registrations fees can make things a lot easier during and after the conference.

Things to Consider:

  • Shipment of OWASP products will come out of the conference budget
  • Conferences are expected to provide travel for at least one board member
  • Be sure to budget for fliers, signage and schwag
  • To request general OWASP schwag/promotional merchandise, fill out the Google Form

Profit Sharing for Events (updated for 2015 - see the Discussion page for the original proposal text )

  • Global AppSec Events – 90/10 revenue share (Foundation/Chapter) until the profit target for the event is met, as determined by the Global Conferences Committee and the OWASP Board. This target will be defined based on the annual budget needs for the OWASP Foundation and that past profit history of that Global AppSec event. These budget targets will be finalized within 30 days after the U.S. Global AppSec Event. Any amount above the profit target will be allocated 60/40 to the local chapter. There is no cap on this chapter profit sharing.
  • Global Training Initiative - 90/10 revenue share (Foundation/Chapter) Foundation led and organized events such as global training (https://www.owasp.org/index.php/OWASP_Training_Schedules ) until the profit target for the event is met, as determined by the OWASP Board. This target will be defined based on the annual budget needs for the OWASP Foundation and that past profit history of that Global AppSec event. These budget targets will be finalized within 30 days after the U.S. Global AppSec Event. Any amount above the profit target will be allocated 60/40 to the local chapter. There is no cap on this chapter profit sharing.
  • All other events not classified as one of the Global AppSec Events will realize a 10/90 profit split (Foundation/Chapter). There is no cap on this chapter profit sharing.




Sponsorships

Obtaining sponsorship is essential to the success of your event. Without financial input from vendors to cover costs of food, venue, giveaways, and everything else, your event will inevitably fail. The following document has been prepared to assist you in convincing vendors to give you money. Please tailor the document to suit your event and forward it to any and all potential sponsors.

AppSecEU

AppSecUSA

It is important to have completed your budget early so you can correctly estimate the amount of sponsorship you will need.


Contact us if you would like assistance or have interest in selling an event sponsorship.

If you plan to have an exhibit hall it must be easily accessible and must have adequate space to accommodate vendor booths. There may be costs associated with such a hall. Some facilities require that their own people set things up. Make sure you know what is included with any rental costs, and what you may have to pay extra for.

Make sure that there is adequate time for attendees to visit the exhibits and to talk with vendors. Directing breaks and snacks into the vendor expo will encourage participants to visit the exhibits. Depending on the benefits to the vendors, you may ask that they pay for exhibit space, or leverage their participation by asking them to sponsor one or more conference activities (reception, meal, etc.).


Venue

One of your very first items of business should be to reserve necessary rooms for plenary sessions, breakout sessions, classroom sessions, tech expo, breaks, receptions, and conference headquarters/registration.

Adapt your conference to the facilities you have available. For example, good plenary sessions can be better than breakout sessions that don't have adequate facilities. To the extent that you can, schedule conference sessions in rooms that have basic AV equipment (overhead projectors and screens, for example). If the rooms already have computers and computer/video projection, that's even better. Then assign conference sessions to the appropriate rooms.

Try to keep conference costs down by using rooms that are free. Again, this may require some adapting or negotiating. Partnering with a local university is a great way to obtain free space.

A contract to secure your venue is critical. Contracts MUST be submitted to the OWASP Executive Director for a signature! Contact Us for signatures.

Training rooms will require space to accommodate generally 10-50 students per class.


Content

International meetings usually have a general theme. However, for regional meetings, you may want to choose a theme that reflects your chapter's particular strengths or interests.

A good program is critical. Look for variety, interest, timeliness. What do your members need or want to leave with? Try to balance lectures with discussions, hands-on, social activities, and time for colleague interaction.

While it is acceptable to target individuals/companies to solicit content, in keeping with the OWASP value of openness, all Call for Papers and Call for Training must be open to all to submit. Calls for Papers or Training must be at a minimum announced on the conference Wiki page.

Presentations

A general call for presenters should have a deadline that gives you ample time to recruit and to fill in gaps should you not get all the good proposals you need. Network with other members of your organization to identify people who might be invited to make presentations. Immediately after the deadline, begin organizing the conference schedule. Select the proposals you want to use and contact them to verify their availability. Create a tentative schedule, matching presenters to the facilities. You may want to lay out your schedule on a whiteboard or use 3x5 cards on a corkboard so you can visualize how things fit together. Make sure you plan time for attendees to talk with each other, such as at breaks, before and after dinners, at receptions, etc.

Send a formal acceptance note to each participant, and ask them to confirm by sending an abstract (if you didn't get that as part of their submission) and submitting a request for any special equipment (AV, computer, etc.)

Also note that according to the standard OWASP Speaker Agreement, presenters must submit their presentations (in Powerpoint format) at least 60 days prior to the conference. Submissions should be uploaded to OWASP Presentations after the event.

Consider a CFP system to manage submissions such as EasyChair (it is free) http://www.easychair.org, or OpenConf (free and pro-version) http://www.openconf.com.

Additionally, each OWASP Conference is required to solicit a board member to provide a welcoming or keynote address. This shows foundation endorsement of the local team ensures a consistent OWASP message.

Training

If you are offering training at your event the Call For Training proposal template should help you issue a call for training. While you are welcome to target training organizations, remember to ensure that the call for training is publicly available so that all my propose classes.

Training revenues are to be split 60/40 with 60% of the revenue going to OWASP and 40% going to the trainer. OWASP will provide the facilities, promotion, A/V equipment, and refreshments for all training. Trainers are responsible for travel/accommodations for the training staff, all training materials, and promotion of the training.

All training during OWASP Events must be OPEN TO THE PUBLIC. OWASP and the Trainer may set aside no more than a combined 10% of the available training slots for their own use.



Audio Visual/Recording

This is another critically important part of the conference, especially in our technology-driven organization. You should assign a member of your committee to head this up since it's a demanding and time-consuming responsibility.

To the extent that you can, schedule conference sessions in rooms that have basic AV equipment (overhead projectors and screens, for example). If the rooms already have computers and computer/video projection, that's even better. Then assign conference sessions to the appropriate rooms.

Determine ahead of time what portable equipment you have available, and whether you have to rent equipment. OWASP owns one projector that can be "loaned" out for events. Contact Us to arrange for the shipping of this and other items. When you confirm conference presentations, ask presenters to provide you with a list of equipment they need.


Registration

For larger, paying events OWASP currently utilizes a registration in place through MemberNation which runs on the Salesforce Platform. If your event is free of charge, but you require an RSVP for space restrictions or food, we recommend Eventbrite. Please Contact Us to review registration options for your event.

Registration Distribution

The following data was taken from several larger OWASP conferences to demonstrate how registrations are typically distributed over time.

OWASP Conference Registration Distribution over time.
OWASP Conference Registration Distribution over time.


OWASP AppSec USA All Registration Cumulative by week
OWASP AppSecUSA All Registration Cumulative by week.


OWASP AppSec USA Paid Registration Cumulative by week
OWASP AppSecUSA Paid Registration Cumulative by week.


OWASP AppSec USA Training Registration Cumulative by week
OWASP AppSecUSA Training Registration Cumulative by week.


OWASP AppSec APAC All Registration Cumulative by week
OWASP AppSec APAC All Registration Cumulative by week.


OWASP AppSec APAC Paid Registration Cumulative by week
OWASP AppSec APAC Paid Registration Cumulative by week.


OWASP AppSec APAC Training Registration Cumulative by week
OWASP AppSec APAC Training Registration Cumulative by week.


OWASP AppSec Europe All Registration Cumulative by week
OWASP AppSec Europe All Registration Cumulative by week.


OWASP AppSec Europe Paid Registration Cumulative by week
OWASP AppSec Europe Paid Registration Cumulative by week.


OWASP AppSec Europe Training Registration Cumulative by week
OWASP AppSec Europe Training Registration Cumulative by week.





Promotion

Promoting your conference begins as soon as you have selected a conference site and date. All OWASP Branded Events/Conferences are required to have a presence on the OWASP Wiki. You are also welcome to register an external web address (preferably in the .org tld) to help market and promote your event so long as the site links back to the OWASP Wiki (main page or event page) in some way. You are however required to keep the Wiki page up to date and current as the primary source of information for the event, any external resources are secondary sources of information. Post the date and location on the OWASP wiki. Make sure to review pages for other conferences for great ideas and to allow for continuity in page style.

  • To request general OWASP schwag/promotional merchandise, fill out the Google Form

The first wave of publicity comes with the call for presentations.

The next wave comes as you send out the conference announcement, with as much detail as you have, including a tentative program. This is important if you want to convince people they should come. Set a registration deadline that accounts for your own deadlines (food services, etc.) You may have to consider a higher fee for those who are late, especially if that really does incur additional costs for you.

Advertisements

Conference organizers are welcome to negotiate with local newspapers, trade magazines, and other media to help promote the event. OWASP prefers to establish "in kind" agreements with media for promotions but in the past, paid advertisements have been used where appropriate. If you have any questions or concerns please Contact the OWASP Staff.

Design Components

In designing your own Powerpoint templates, t-shirts, bags, badges, banners, flags, carpets and what have you, find the original vector graphic of the OWASP logo (in EPS and AI formats) here. Please do share them with the other conference chairs!

The Resources tab has additional resources for assisting in promoting your event.


Conference Materials

At a minimum, you need to provide some sort of printed program. For most conferences, the following is usually adequate: a simple folder with program, maps, lists of local restaurants and attractions, a name tag, and writing materials (pen and pad). For larger, conferences you may want to include a conference bag that includes OWASP books or handouts. Be sure to allow ample time for printing and shipping of OWASP materials. International shipping can take several weeks.

  • To request general OWASP schwag/promotional merchandise, fill out the Google Form

Name Tags

If you plan properly, you should be able to generate name tags to be printed from your conference database program. If you process your registrations through the OWASP office, they can create your nametags.

Keep the name tag layout simple: a small conference logo or title, the person's full name in LARGE, readable letters, and the person's institution. Don't make people squint to read names on name tags.

The actual type of name tag (paper stick-on, pin on plastic case, hang-around-the-neck, etc.) depends on your preferences and budget. If you do provide stick-on tags, you may want to generate at least one tag for each day of the conference since they won't be able to reuse the tags. If you use plastic badges, you can invite attendees to recycle them at the end of the conference.


Catering

Well-planned meals and snacks are critical to a successful conference. Consult with your venue food services, or with a local caterer, determine what is needed, and what it will cost. Let food services or the caterer do the work.

Be sure to negotiate food services in such a way that you are not liable for food costs beyond what you can cover through conference fees. Usually food planners will allow up to 10% more people than you contract for (e.g., for late registrations), but be sure this is clear up front.

To reduce costs, seek sponsors for specific meals where possible. Some larger vendors are happy to get the publicity that comes from sponsoring a breakfast, lunch, reception, or even a dinner. In any case, it doesn't hurt to ask. If the sponsor desires it, let the sponsor choose the caterer and take care of the arrangements.

For small conferences, many if not most of the meals can be left up to the attendees. Be sure to provide a good list of local eateries. Include information about which are within walking distance, which are not, and how to get to those that are not.

Strategically scheduled snack breaks, with drinks and fruit or cookies, can add a touch of class to your conference. These don't usually cost too much, and can be covered by registration fees. Don't skimp on the time allotted for breaks, since attendees will want to network and will take the time anyway. Be sure to take care of all the caffine junkies in the crowd. If possible, try and arrange for a pre event tasting. You don't want people remembering your event for the bad coffee or sandwiches.

Be sure to allow for special dietary considerations. Always offer some vegetarian options for your meals.


Social Events

After a long intensive day of speakers and/or training, a more casual opportunity for networking will be welcomed by most all attendees. Depending on the size and location of your event you may want to consider one or several of the following options:

  • OWASP "meet up" at a local pub
  • OWASP gala dinner
  • Corporate sponsored party
  • Guided site seeing tours
  • Group outing to a sporting event

In many cases you can include an optional fee to be paid to cover the costs of the event. In the case of a corporate sponsored event, the sponsor would cover the costs. Very often, however, an informal yet organized (planned) evening at the pub will be sufficient to facilitate networking among conference attendees and speakers.

Be sure to remind everyone at the end of the last talk for the day of the location of the gathering, the cost (if any), and the start time for the next days speakers.

Whatever you plan, however, be sure to include some free time for people to do things on their own.


Accommodations

If you plan on a regional or international event, it is considerate to negotiate a discounted room rate with a local hotel. In many cases, if you event is at a hotel, they will happily give you greater than 50% discount on rooms. If your event is at another type of venue (convention center, university campus, corporate building) there are often referral relationships between the venue and nearby hotels. Be sure to ask you coordinator.

When reserving your room blocks take into consideration the number of out of town speakers and guests you are expecting and how many room nights will be required. Be sure to avoid commitment for the unsold rooms. The hotel wants to get paid of course. Be sure that the hotel will not hold OWASP responsible for unbooked rooms.

Travel

Your conference venue usually has maps and travel information on how to get to the location. If there aren't adequate limo or shuttle services to your venue from the airport, you may need to make your own arrangements.

OWASP on the MOVE funds are not to be used for conferences or events. If you are planning on covering ANY speakers travel and/or accommodations, be sure to plan for this in your event budget.

International Travel

If you are a conference organizer or sponsor of a conference or event located in the U.S. and the conference will be held in the U.S., please contact the email address: [email protected], sending the following information:

  • Date(s) when conference or event is to be held;
  • Title/name of conference or event;
  • Brief description of the conference, including purpose and sponsorship;
  • Location of the conference or event;
  • Expected international attendance (100 visa applicants minimum to post an event), and the total number of expected attendees;
  • Point of contact (at conference/event organizer): Organization website (if available), contact name, title, address, telephone number and email address, in case the embassy has questions about your announcement.


This is especially important when we are issuing letters so foreign nationals can travel to the event.

More information at http://travel.state.gov/visa/temp/types/types_2665.html#14 http://travel.state.gov/visa/temp/types/types_2665.html#14

Visitor's Guide

All global conferences that will attract a substantial international audience should create a city Visitor's guide. A great example of a visitor's guide was put together by the AppSec Research 2010 teamThis guide should include sections like:

  • Country Overview
    • Common Languages
    • Money
    • Tipping and Haggling
    • Local Customs
    • Special Events during the conference
  • Transportation to Event
    • Taxi Company Phone numbers and estimated prices
    • Buss or Mass Transit information, schedules, and prices
    • Directions on how to get to conference site WITH PICTURES (It's recommended you walk from the major transportation hubs and take pictures along the way)
  • Host City
    • Local points of interest
    • How to get around the city (metro/bus maps)
    • Bars near the event



Access to any/all of these resources must be first pre-coordinated with the Foundation via the OWASP Conference Management System (OCMS) Portal. All requests for assistance need to go through this system for review and approval.

General

OWASP Registration System - OWASP is now using an event interfaceOfficial OWASP Event registration system for ALL OWASP events (Conferences, Events and Chapter Meetings) contact us for more information.

Pre-Negotiated hotel contracts

Supplies

  • Table top tripod (4)
  • 1.8 m SVGA Cable
  • 2m cable video DVI/HDMI (2)
  • MacBook air micro-DVI to video adapter
  • Motorola radios (10)
  • Net gear N150 wireless USB Adapter
  • Preferred US rental provider: CRS

Promotion

To request general OWASP Promotional Materials, fill out this Google Form.

via Free OWASP Banner Ads

via Articles and mentions in the OWASP Newsletter

OWASP Event Calendar

via OWASP Twitter Accounts (@OWASPConference, @OWASP)

Wiki

AppSec Sample Conference Wiki Page

Web Presence/Social Media

Region URL(s) Twitter Emails
ASIAPAC
URL .org .com
AppSecAsia X X
AppSecAPAC X X
AppSecAsiaPac X X
AppSecAsiaPacific X X
  • AppSecAsia
Europe
URL .org .com
AppSecEU X X
AppSecIreland X X
  • AppSecEU
Latin America
URL .org .com
AppSecLA X X
AppSecLatinAmerica X X
AppSecSA X X
AppSecSouthAmerica X X
AppSecLatam X X
  • AppSecSA
North America
URL .org .com
AppSecNA X X
AppSecNorthAmerica X X
AppSecUS X X
AppSecUSA X X
  • AppSecNA
  • AppSecUS
  • AppSecUSA

Video

OWASP Video Cameras

OWASP Currently owns 5 sets of consumer grade video cameras (Canon VIXIA HF M300), tri-pods, memory cards, and audio connection equipment. For examples of the video taken from these cameras see the AppSec DC Vimeo stream. The cameras can shoot HD Video and have an audio input jack for taking in a house line. The system also has a QNAP TS-459 PRO network attached storage device that can be used for on-site reliable storage and backup of the video.

Equipment

  • Turbo NAS TS-459 pro (for on-site redundant storage)
  • Seagate Barracuda 1.5TB Hard Drives (for NAS)
  • Final Cut express
  • In Each Camera Kit
    • Canon VIXIA HF M300
    • 8 Kingston 16 GB Class 4 SDHC Flash Memory Card
    • Pelican 0910-010-110 Secure Digital Memory Card Case
    • AVerTV Hybrid Volar HD (enables streaming via a computer)
    • Current converter
    • 60" Tripod

Contact us for more information.

Video Editing/Post Processing via IEHD Productions

Contact [email protected] or Mark Bristow for more information

Service Name Description Rate
Basic Post-Production
  • Basic Editing (trimming the "fat" from the beginning/end of the video)
  • Removing any artifacts from the video/audio leveling
  • Trans-Coding to MPEG4 or other suitable format for online video
  • Upload to a online account Vimeo et all (OWASP Provided Acct)
  • Adding OWASP/Conference graphic watermark
  • Adding intro/end slides with basic presentation details
$40.00 per finished presenter of approx. 60 minutes with no minimum
Full Post-Production
  • Basic Post Plus....
  • Inter splicing slides from various formats not limited to .ppt, .pdf, .odp

and other key sources. (client provided notations for slide transitions)

$60.00 per finished presenter of approx. 60 minutes with no minimum
On site Video Production
  • One HD 3 chip camera per room/track with operator & fluid head tripod
  • Audio setup to camera from podium or mixer
  • Obtaining presentations from speakers if not provided previously
  • Notating of time code for slide transitions
  • First Track: $1,100.00/day
  • Each Additional Track: $550.00/day
  • + any travel outside Southern California

Completion/turn around model 30+ speakers with production and/or post production is 4-6 weeks with projects uploading starting second week after conference end. Smaller or larger conferences/projects are adjusted accordingly.

Budget Management

Conference Budget Planning Tool

Sponsorships

Sponsorship Document

OWASP Global Conference Sponsors

Institutional knowledge about past sponsors and sponsorships

Presentations and Training

OWASP Track

Speaker Agreement

Presentation Template.

Call For Papers Template

Call For Training proposal template.

Training Instructor Agreement

Schwag

To request general OWASP Promotional Materials, fill out this Google Form.

Event planners are welcome to use any vendor that they feel can provide appropriate items for their conference. However OWASP has relationships with the following vendors that can ease the process.

Konik - Preferred SCHWAG Vendor

Rocksports - Preferred apparel Vendor

OWASP Store - Merchandise for sale at conferences

These are the requirements imposed on any event using the OWASP brand. All Events must be coordinated with the Foundation and receive pre-approval. Event requests should be submitted via the OWASP Conference Management System (OCMS) Portal.


If you have questions or require an exception to any of these please contact the OWASP Staff.


Policy Applicability
All content must be vendor neutral All Events - Core Value
All content must be made available to the public after the conference All Events - Core Value
All calls for papers, training and registration must be open and promoted to the public All Events - Core Value
Selecting Committee Members (Training or Papers) must not submit All Events
Use the conference website/wikipage to submit papers. It must supports blind paper submissions. All Events
All events must be conducted in a manner consistent with the OWASP Mission, Principles and Code of Ethics All Events - Core Value
OWASP Event Definitions All Events
OWASP Event Requirements All Events
Local host chapters will share in OWASP event profits under the following schedule. In the case of multiple host chapters, the host chapters will be responsible for determining the division before the event. Policy Document
  • Global AppSec Conference - 10% of event profits up to Profit Goal set in annual Foundation Budget ($10,000 for multi-chapter events), 40 % of event profits in excess of Profit Goal. No profit cap.
  • Local and Regional Events - 90% of event profits. No profit cap.
All Events
All OWASP Events must be coordinated with OWASP Foundation Staff by submitting an events description via OCMS. An approval that the event will be posted on the OWASP Wiki and Event announcement webpage will be sent from the OCMS input. Any request for funding support must follow normal funding request procedures separate from the OCMS submission. All Events
Events must have an OWASP Wiki Page, or a webpage showing the OWASP logo and be linked to the OWASP wiki Events Pages All Events
Only OWASP Board members or their designates may enter into contracts on behalf of the foundation All Events
All finances must be handled by the OWASP Foundation All Events
Complimentary conference admissions are provided to speakers, volunteers, staff, Global Board members and active OWASP Leaders.

A “Leader” is defined as a chapter or project leader that is clearly identified on the chapter or project wiki page AND has been documented as a leader in the Foundation’s records. If a leader registers for a conference complimentary ticket but does not appear for the conference, the chapter will be charged 60% of the retail cost of a conference ticket.

All Events
OWASP individual members in good standing shall receive $50 off admission to all OWASP events charging more than $50 entry fee. All Events
A complete budget must be submitted if the event requires any funds from the OWASP Foundation and funding requests will be reviewed and approved by OWASP Executive Director. Please submit a requests via our Contact Us link on the OWASP Wiki homepage. Regional/Theme Conferences
An OWASP leader should be invited to provide welcome and state of the union. All Events
Global AppSec Conferences must include training Global AppSec Conferences
Global AppSec Conferences must charge an admission fee Global AppSec Conferences
Sessions must be recorded and posted to the public after the conference Global AppSec Conferences
There must be at least one networking event at the conference Global AppSec Conferences
All Training providers are required to sign a Training Instructor Agreement Training
Training revenue will be split 60/40 (OWASP/Training Provider) Training
Each training class allows for two complimentary seats to be made available to OWASP Leaders. This must be included in the Training Instructor Agreement. These are available on a first come basis. Only one training seat per session is allowed per chapter to allow for diversity in distribution of seats.

If a leader registers for a complimentary training seat but does not attend the full training session the chapter will be charged 60% of the retail cost of the training session and the leader will not be given a complimentary ticket (conference or training sessions) for any other Global AppSec events in the following year.

Training
Speakers must sign a Speaker Agreement Speakers
Speakers will not receive compensation for their speaking engagement Speakers
Event organizers must reach out to the WIA program to assist with the program committee and to help find suitable keynote and invited speakers. Global AppSec Conferences & Regional Events
Event organizers must send an open call for participation for volunteers, papers committee. Global AppSec Conferences & Regional Events
Event organizers should encourage all training and CFP proposals to go through the “Talk bootcamp” process. Global AppSec Conferences & Regional Events
WIA initiative should lead a search for women keynotes, featured, panel speakers. Global AppSec Conferences & Regional Events
Event organizers and WIA initiative should reach out to women speaker lists to encourage training proposals and speakers to submit through the normal CFP process. If there is to be a women in AppSec panels to be organized, the WIA initiative must be involved and feature predominantly women panelists. Global AppSec Conferences & Regional Events
These aren’t quotas, but a goal. Global events organizers are free to exceed these metrics.
*At least 10% of the program committee must be women, and must include the WIA initiative members
*At least 50% of keynotes and featured speakers must be women
*At least 25% of panel participants must be women. If there are no women participants, the panel should be cancelled. 
*At least 10% of talks must be women

If these metrics cannot be reached, the organizing committee should reach out to the Conference Manager for assistance, and must apply for an exception if they can’t be reached after all avenues have been exhausted.

Global AppSec Conferences
These aren’t quotas, but an aspiration goal for regional events. Organizers are free to exceed these metrics.
*At least one of the program / papers committee must be a woman, and should include the WIA initiative members
*At least one of keynotes, featured and invited speakers must be a woman
*At least 25% of panel participants should be women. If a panel has no women participants, it should be cancelled
*At least 10% of talks chosen should be women speakers
Regional Events

Co-Marketing of Event Contract Sample

The <External Organization> Provides:

  • A Vendor Table in Vendor Area
  • OWASP Logo and Link on RSS Web-site
  • OWASP Logo and description in the Event Guide
  • Opportunity to provide an OWASP Banner in conference room
  • Tickets for 2 OWASP Speakers mutually approved by OWASP and <External Organization>
  • Software Security Track Chair
  • Monthly status update emailed to the OWASP Global Conferences Committee Chair ([email protected]) including
    • Current number of people registered for event
    • A budget update including all revenue and expenditures relating to the event

The OWASP Foundation provides:

  • OWASP Promotional Materials for the provided table
  • Marketing of Conference
    • Notification to OWASP members and constituents about special discount code to attend <EVENT>. The event will provide 50-100 words of text and link describing offer; OWASP will transmit within any newsletter, via email notification and/or other methods as approved by OWASP
    • Event banner in OWASP banner rotation on main page for 90 days prior to the event

Co-Hosted Event Contract Sample

The <External Organization> Provides:

  • A Vendor Table in Vendor Area
  • OWASP Logo and Link on RSS Web-site
  • OWASP Logo and description in the Event Guide
  • Opportunity to provide an OWASP Banner in conference room
  • Tickets for 2 OWASP Speakers mutually approved by OWASP and <External Organization>
  • Software Security Track Chair
  • Monthly status update emailed to the OWASP Global Conferences Committee Chair ([email protected]) including
    • Current number of people registered for event
    • A budget update including all revenue and expenditures relating to the event

The OWASP Foundation provides:

  • An active and contributing member of the conference executive committee present at 85% or more of the planning sessions, who will chair and moderate the Software Security Track.
  • At least 1 additional volunteer to assist on-site during the event, to be coordinated with the event volunteer coordinator.
  • Travel expenses for 2 well recognized OWASP speakers (topic and speaker mutually approved by Software Security Track Chair and OWASP)
    • Speakers must also sign the standard OWASP Speaking agreement
  • OWASP Schwag Give-aways for X attendees
  • X OWASP Lanyards
  • OWASP Promotional Materials for the provided table
  • Marketing of Conference
    • Notification to OWASP members and constituents about special discount code to attend <EVENT>. The event will provide 50-100 words of text and link describing offer; OWASP will transmit within any newsletter, via email notification and/or other methods as approved by OWASP
    • Event banner in OWASP banner rotation on main page for 90 days prior to the event

Payment Schedule:

  • All real costs incurred by the Event and OWASP shall be reimbursed prior to the distribution of any profits from the event. Real costs include expenses for schwag, Speaker Travel and Lanyards as well as any other costs not incurred in the course of supporting a booth at the event.
  • Should the event take a loss
    • 30% of losses shall be covered by the OWASP foundation, up to the amount of tangible goods provided
    • 70% Shall be covered by Event
  • Should the event make a profit (after real costs have been reimbursed)
    • 30% of profits shall be paid to the OWASP Foundation
    • 70% of profits shall be retained by Event

Historic Contracts

Archive of Event Contracts