Women In AppSec

Revision as of 19:31, 23 October 2013 by Samantha Groves (talk | contribs)

Jump to: navigation, search

Women in Application Security Program

The purpose of the Women in AppSec Program is to increase the participation of women in the field of application security. The program was successfully launched in 2011 at AppSec USA, and the aim is to run the program at every OWASP Global AppSec in 2014. The Women in AppSec program is for female undergraduate and graduate students, instructors, and professionals who are dedicated to information security or application development. Applicants are encouraged to submit their details to the program running in conjunction with the conference nearest to their area of residence.

Regional conferences are encouraged to host the Women in AppSec program, as well. You will find detailed planning instructions here, and you can find templates used in previous years to help you get started with program organization. We encourage you to read this page in full, and reach out to Samantha Groves (Samantha.Groves@owasp.org) if you have any questions on how to successfully run the program at your event.

Owasp summit.jpg

IMG 5579.JPG

Contact Us

If you are interested in running the Women in AppSec Program for your event, please contact OWASP Project Manager, Samantha Groves (Samantha.Groves@owasp.org). Alternatively, please contact our Grants and Fundraising Intern, Kait Disney Leugers (Kait.Disney.Leugers@owasp.org).

Women in AppSec

IMG 5579.JPG

The OWASP Foundation, in recognition of value to both organizations and society, is working to support and enhance programs that increase the participation of women in the field of information and application security. The OWASP Foundation Women in AppSec Program provides merit-based funding for women to attend participating OWASP AppSec conferences. OWASP’s current program objective is to encourage female students at both the undergraduate and graduate levels, instructors, and professional working women who are dedicated to a career in information security and/or application development, to expand their skills and pursue application security. Interested applicants are encouraged to apply to the program running within their region of residence.

Past Eligibility Criteria

Below is the list of eligibility criteria used to select the winners in 2013.

  • Has provided 2 responsive contacts as reference, and both references are familiar with the candidate, application security, and OWASP.
  • Both references have provided letters of recommendation.
  • Has relevant/appropriate achievement goals for attending the conference.
  • Is the applicant from the region that the conference is taking place in.
  • Has background in volunteering for OWASP or similar organizations.
  • Has participated in one of OWASP's programs or activities?
  • Is either studying, wishing to study, working in AppSec, or interested in working in AppSec.
  • Has financial need.
  • Is a paid OWASP member, and/or employer/school is an OWASP sponsor.
  • Has an interest in exploring application security

We encourage you to create your own set of criteria that will fit the Women In AppSec that you are planning within your region. The criteria above is meant to be a guideline of what has been used in the past.


In the past, we have typically had two winners selected for the sponsorship award; however, the number of winners depends on how much you can afford to sponsor. We recommend that you raise $3000 USD for each winner, at least. In the past, we have given each winner a free conference pass, one free training, and free travel and accommodation to attend the event.

Global AppSec Conferences

Appsec APAC.jpg

OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in software security. This series was launched in the United States in 2004 and Europe in 2005. Global AppSec conferences are held annually in North America, Latin America, Europe, and Asia Pacific. Additionally, regional events are held in locations such as Brazil, China, India, Ireland, Israel, and Washington D.C just to name a few. The aim of the foundation is to bring the Women in AppSec Program to each of the four global conference taking place in 2014.


The AppSec APAC global conference takes place in the Asian-Pacific region. This conference is a reunion of local software security leaders, and aims to present cutting-edge ideas to attendees. OWASP events attract a worldwide audience interested in “what’s next”, and this global conference is no different. The conference is expected to draw 200-250 technologists each year from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many more. Women from the Asia-Pacific region are encouraged to apply to the program taking place during AppSec APAC.

AppSec EU

The AppSec EU global conference take place in the European region. Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers, travel to hear the cutting-edge ideas presented by the software security industry's top talent. This conference is expected to draw 400-500 attendees each year from various regions within the Europe and beyond. Women from the European region are encouraged to apply to the program taking place during AppSec EU Research

AppSec Latam

The AppSec LATAM global conference takes place in the Latin American region. AppSec LATAM is a reunion of Latin American, software security leaders, providing a platform to discuss, participate in, and innovate within the software security industry. The conference is expected to draw 200-250 attendees from the Latin American region and beyond. Women in the Latin American region are encouraged to apply to the program taking place during AppSec LATAM.

AppSec USA

The AppSec USA global conference takes place in the North American region. AppSec USA is a world-class software security conference for technologists, auditors, risk managers, and entrepreneurs, gathering the world's top practitioner, to share the latest research and practices. This conference is expected to draw over 300 attendees within the North American region. AppSec USA is typically OWASP's biggest conference of the year so women are encouraged to apply to the program taking place during AppSec USA if they live or will be traveling from within North America.


Step 1:

Put together a selection committee of about 5-6 people. The selection committee will then be broken down into several sub-committees of one to two people who will then work on sponsorship, marketing, the grading process and the call for entries.

Step 2:

Decide on the details of the awards, such as if the winners will be provided travel and accommodations.

Step 3:

Come up with a budget to allocate for the award based on the expense of travel for each winner, the accommodations provided and conference pass.

Step 4:

Develop a Sponsorship Strategy and put together a sponsorship flyer outlining the program, what you are seeking and the benefits of sponsorship. Give incentive for sponsorship and details about the program to get potential sponsors interested. Included the successes of past Women in AppSec conference events.

Sample of 2013 Sponsorship Flyer

Step 5:

Seek out sponsor for the program.

Step 6:

Develop the application timeline with deadlines for each stage. Deadlines are critically important, and there has to be a cut off point. Create a deadline for when submissions should be in, for when letters of recommendation should be received, the timeline for the grading process, the date the top 5 will be announced and the date the winners will be announced.

Step 7:

Create the selection criteria and send out a call for entries. Be specific on the criteria you are looking for in candidates. Especially note that only women in the region that the conference is being held can submitted for consideration.

Sample Selection Criteria

Step 8:

Make the final selection on candidates and announce the winners.

Step 9:

Help the winners arrange travel, accommodations and other logistics. Upon their arrival at the conference center insure they are taken care of by an OWASP volunteer, someone who will get them settled and that they make it to panels and trainings without issue. The bigger the conference, the more important it is to make sure the winners are not lost in the crowd.


Step 1:

Gather feedback from the winners. Ask the winners for a brief blurb about their experience, with a picture attached for the website. Then write up a review and lessons learned page to document the experience with the program and what can be improved upon in the future.

The Program Committee

The Program Committee should consist of around 5-6 people. The committee should then be broken down into subcommittees of one to two people who will work on various parts of the program, including sponsorship, marketing the program, the grading process, and the call for entries.


Two people will be responsible for sponsorship. They will be in charge of creating the sponsorship packages, flyers and seeking out sponsorship from other chapters and organizations.


One person will be responsible for marketing the event. Their job will consist of putting together press releases, keeping the event planners updated on progress and communicating progress to the overall community.

Grading Process

While everyone on the committee will be involved in grading, one person will be in charge of the grading process. They will create spreadsheets similar to those originally created for the selection committee, and for making sure everyone has what they need for the grading process.

Call for Entries

Finally, one to two people will be in charge of the call for entries. Depending on the amount of entries, this might work better with two people as it requires collecting entries, arranging them and sorting them out to the other graders.

Training Days

Prior to the conference, the winners will arrive during the training workshops. Upon their arrival an OWASP volunteer will be around to greet them, sort out their hotel arrangements and take them to trainings. This is to ensure that the winners are taken care of and that they feel welcome and comfortable. The two training days prior to the conference should give the winners a chance to get to know local chapter volunteers and early attendees. Winners are encouraged to attend trainings that interest them and to mingle with fellow trainees. If there is a welcome event, winners should be encouraged to attend as well.

Conference Days

During the two days of the conference an OWASP volunteer will be available to show the winners around, introduce them to staff members and get them acquainted with conference goers. The volunteer will also be responsible for getting the winners to the Women in AppSec panel. The volunteers should be made available if the winners have any questions or need help with anything. It is important that the winners get a full AppSec experience. This includes attending sessions of interests and encourage winners to participate in the various activities provided at AppSec.

Previous Women in AppSec Winners

Following their experience at AppSec, winners are encouraged to write a short piece about their experience at the conference and their participation in the Women in AppSec program.

Carrie Schaper, 2013 Winner

Carrie Schaper is an Information Security Professional with over 12+ years of industry experience ranging from Penetration Testing Fortune 500 companies, the Banking Infrastructure, and Government to Incident Response and Continuous Monitoring. She has performed Threat-Mitigation against targeted attacks from domestic and foreign adversaries for both corporate and government environments.

Nancy Lornston, 2013 Winner

Nancy Lorntson is the Security Program Manager at Infinite Campus, the largest American-owned Student Information System, managing 6 million students in 43 states. Previously, Nancy was a school district Information Services Manager and part-time trainer for Guidance Software. In her current role, Nancy is responsible for all things security at Infinite Campus, working between the application development organization and the support, network, business operations, and hosting teams to implement, grow and improve a world class security program.

Tara Wilson, 2011 Winner

“Being fortunate enough to receive the Women in AppSec grant is a unique and valuable experience. It is a great opportunity for women to have a chance to bolster their skills and dive deep into the world of application security. I found that attending the conference was not only a great way to experience what the OWASP community has to offer, but it also gives students a chance to network with a great group of people who are passionate about their field and willing to share a wealth of information.”

If you have questions, or if you wish to contribute to the program, please e-mail Samantha Groves at: samantha.groves@owasp.org

or intern Kait Disney-Leugers at: kait.disney.leugers@owasp.org