Presentation to chapter and project leaders at the OWASP Foundation's 2015 AppSecUSA conference in San Francisco. Covers building and motivating volunteer teams, planning engaging events, mentoring, funding and how to use the tools available to leaders at the OWASP Foundation.
Part 1: People and Capital – The Fire & Fuel for Chapter Activities
Part 2: I’m a Leader. Now What? – Basic Information for Jump Starting a Chapter
https://drive.google.com/open?id=0ByZ3H0-PMUGuZDNYYVFWbDNXcnc (Part 1 and 2 are combined, 71MB MP4 audio only)
Part 3: What’s in Your Toolbox? – Resources for Engagement
https://drive.google.com/open?id=0ByZ3H0-PMUGud29mM0hxMEl1YU0 (167MB MP4 audio and video)
Part 4: If You Build It, They Will Come – The OWASP Wiki Edit-a-Thon
https://drive.google.com/open?id=0ByZ3H0-PMUGuUE54OU5kS3RCTW8 (265MB MP4 audio and video)
1. (Chapter) Leaders Workshop
Part 1: People and Capital – The Fire & Fuel for Chapter Activities
Part 2: I’m a Leader. Now What? – Basic Information for Jump Starting a Chapter
Part 3: What’s in Your Toolbox? – Resources for Engagement
Part 4: If You Build It, They Will Come – The OWASP Wiki Edit-a-Thon
2. (Chapter) Leaders Workshop
This workshop is intended for All OWASP Leaders who are
responsible for managing volunteers, budget and promotion of
a chapter, project or initiative.
While the focus is Chapters, you do not need to be a chapter
leader to benefit from the information in these sessions.
Future leadership workshops will be marketed to be more
inclusive of all OWASP leaders.
4. Meet the OWASP Staff
• Paul Ritchie, Executive Director – California, USA
• Kate Hartmann, Operations Director – Maryland, USA
• Kelly Santalucia, Membership Business Liaison – New Jersey, USA
• Alison Shrader, Accounting – Maryland, USA
• Laura Grau, Event Manager – Bay Area, California, USA
• Noreen Whysel, Community Manager – New York City, USA
• Claudia Aviles-Casanovas, Projects Coordinator – New Jersey, USA
• Matt Tesauro IT Admin (Contractor) – Texas, USA
• Hugo Costa, Graphic Design, (Contractor) – Portugal
5. OWASP Staff Services
• Setting up new projects and chapters
• Setting up new leaders with tools and account access
• Access to funding, information about funding processes, ways to raise funds
• Contracts, co-marketing agreements, event partnerships
• Branding, logos, merchandise
• Event planning and coordination
• Technical support, IT platforms and services
• Communications, promotion
6. Community Management
• Noreen Whysel, Community Manager
• Chapter Development
• New Leaders
• Chapter Activity and Promotion
• Funding Access and Ideas
• Communications
8. Chapter Development
• 28 new chapters started in 2015
• 8 chapters restarted
• 26 chapters inactivated
• some are in the process of restarting
• 1 merged chapter (Kenya/Nairobi)
• 3 chapter splits (Spain, Argentina, Sweden)
• 53 new added, including restarts
• 120+ cases and conversations with chapter leaders worldwide
Chapter Statistics: https://docs.google.
com/spreadsheets/d/1nb9ybMv3mKL59DLsUiEtUtU3YYWYTAQnsZfCbrFTUbw/edit#gid=1009313527
13. E-Merchandise
• Kate Hartmann
• E-Merchandise process demo
• OCMS submission and approval process, auto-messaging features,
reminders on the role/responsibility/resources available from Staff by event
type.
16. Typically Approved Use of Funds
• Catering expenses
• Venue expenses
• Speaker travel to your events
• Outreach, travel/merchandise at external events
• OWASP Merchandise, printing
• Marketing, graphic design, web hosting, etc.
• Hardware and collaborative tools, like Github, to support project activity
• Member engagement platforms, like Meetup
17. Funding Rules
• All funding requests MUST be pre-approved.
• Funding is deducted from the local chapter budget first.
• A chapter or project without sufficient funds may request funding from the
foundation "Community Engagement" fund.
• If you exceed available funding, we can help you locate sponsors or develop
fundraising ideas.
18. Funding Limitations
• Standard funding thresholds are based on the type of activity, typically
• $500 per event for local chapter events or
• $1000 for multi-chapter events
• Limit of $2000 USD per year to any individual or chapter.
• A chapter/initiative can use the sponsorship 4 times a year, with a maximum of 2
speakers sponsored by the Community Engagement Fund for one single event.
• Additional funding may be approved in special cases.
• Community Engagement funds are not to be used by speakers to attend OWASP
conferences.
19. Funding Procedures
1. Leader or speaker submits a funding request.
https://www.owasp.org/index.php/contact-U.S.
2. OWASP Staff reviews the request. If the request complies with funding rules, it
will be approved.
3. The speaker who made the travel/lodging expenses, or the chapter leader who
paid for meeting space, food or supplies, submits a reimbursement request,
including receipts, typically after the presentation is performed.
https://www.owasp.org/Reimbursement_Request_Form
4. The Reimbursement is approved and processed.
20. Things to Keep in Mind
• Funds are drawn from the chapter allocation first, then from the Community
Engagement fund.
• Be sure to submit an estimate of expenses and get approval BEFORE requesting
reimbursement.
• Chapter leaders may use the Reimbursement Request Form to request direct
payment to vendors (with prior approval) by supplying a copy of the invoice and
payee details.
• Travel can also be booked through the Foundation's travel management system.
21. Other Funding Resources
• Membership allocation
• Corporate allocation, sponsorship
• Individual donation (Donate button)
• Sponsorship of a chapter event or project by another chapter
• Local supporter program
• Sponsorship drives, call for funding
• In-Kind arrangements for event promotion, conference booths
• OWASP Day conference registration and trainings
22. Conference Planning
• How to Host a Conference
https://www.owasp.org/index/How_to_Host_a_Conference
• Fundraising
• 90/10 profit sharing with Foundation
• 40/60 revenue share with speakers
• Outreach
• Spreads application security awareness
• Builds membership
• Partner with local sponsors and schools
• Types of Events
• Trainings
• OWASP Days
• AppSec Conference
• AppSec Tours
29. Chapter Activity: Outreach
OWASP Philippines, Community
Growth, Awareness and Education
OWASP Noida, Cyber Awareness at
Middle and High Schools
30. Tips for Successful Meetings
1. They hold regular monthly meetings with decent speakers
2. They have more than one leader helping run the chapter
3. They communicate well and list chapter meetings on the wiki/meetings/etc well in
advance
4. Many chapters have seen a big bump in membership just by using Meetup
--Jim Manico
OWASP Middle East Strategy Guide by Dhruv Soi, Dubai: https://docs.google.
com/presentation/d/1K9JZ5-jBfWedDgjuN4QftP5UDxFS6GQ6Jr5SaVgKrCQ/edit?
usp=sharing
31. Conference Planning
• How to Host a Conference: https://www.owasp.
org/index/How_to_Host_a_Conference
• Fundraising
• 90/10 profit sharing with Foundation
• 40/60 revenue share with speakers
• Outreach
• Spreads application security awareness
• Builds membership
• Partner with local sponsors and schools
• Types of Events
• Trainings
• OWASP Days
• AppSec Conference
• AppSec Tours
32. Chapter Leader Handbook
• https://www.owasp.org/index.php/Chapter_Leader_Handbook
• Chapter 1: Handbook Overview
• Chapter 2: Mandatory Chapter Rules
• Chapter 3: How to Start a Chapter
• Chapter 4: Chapter Administration
• Chapter 5: Governance
• Chapter 6: Chapter Activity
• Chapter 7: Organizing Chapter Meetings
• Chapter 8: Organizing Local Events
• Chapter 9: Growing and Promoting your Chapter
• Chapter 10: International Aspects
37. Resources for Engagement
• OWASP Resources
• Social Media
• Collaboration Tools
• Meeting Management
• Newsletters
38. OWASP Resources
● Chapter Leader Handbook
● Reimbursement Request form
● Donation Scoreboard --- This is Listing of Available Budget by Chapter
● Chapter Transactions - US (Amounts shown in USD)
● Chapter Transactions - EU (Amounts shown in Euros)
● For OWASP Chapter resources, click here.
41. OWASP Project Resources
How to Run a Successful Open Source Project:
http://www2.econ.iastate.edu/tesfatsi/ProducingOSS.KarlFogel2005.pdf
• Openhub: https://www.openhub.net/orgs/OWASP
Other Free Services
● http://crowdin.net/ a translation and localization management platform
● https://scan.coverity.com/ C/C++/C# and Java static source code analysis
● https://www.mir-swamp.org/ - This web based code analysis service is 100%
FREE of charge and is open to the public
42. Social Media
• Twitter (as of 8/31/2015)
• 4014 tweets
• 325 following
• 56,819 followers
• Facebook
• 9,062 Page Likes
• 8,839 Group Members
• LinkedIn
• 22,730 group members
• 12,800 followers
• Slack
• 399 members
• 76 channels
• Meetup
• 54 “OWASP” Meetup
Groups
• 13,328 Members
• 1,416 Expressed Interest
• 50 Cities
• 17 Countries
50. Community News Flash
• First issue April 2015
• Sent to owasp-leaders and owasp-community lists
• Switched to Vertical Response in August 2015
• August 2015
• Sent to: 1,282
• Opens (257): 20.05%
• Clicks (52): 4.06%
• Bounces (13): 1.01%
• Unsubscribes (0): 0.00%
• September 2015
• Sent to: 1,269
• Opens (255): 20.09%
• Clicks (26): 2.05%
• Bounces (3): .24%
• Unsubscribes (1): 0.08%
51. OWASP Connector
• Latest issue April 2015
• Sent to entire community
• March 2015
• Sent to: 39,244
• Opens (6,322): 16.11%
• Clicks (501): 1.28%
• Bounces (239): 0.61%
• Unsubscribes (61): 0.16%
• April 2015
• Sent to: 39,076
• Opens (5,305): 13.58%
• Clicks (1,518): 3.88%
• Bounces (261): 0.67%
• Unsubscribes (59): 0.15%
54. OWASP.org Wiki
• OWASP Foundation information
• How to Join, How to Donate
• Resources and Tutorials
• News and Media
• Chapter and Project Pages
https://www.owasp.org/
55. Wiki Tutorial
• How to Create an Account
• Style and Content Guidelines
• Formatting Tips
• Discussion Pages
• Links, Images and Files
• Categories
https://www.owasp.org/index.php/Tutorial
58. Wiki Editing
Wiki Cleanup Initiative: https://www.owasp.org/index.php/Wiki_Cleanup
Wiki Editors Mailing ist: http://lists.owasp.org/pipermail/owasp-wiki-editors/
https://www.owasp.org/index.php/Template:TaggedDocument is the main tagging
system for flagging wiki pages. At the bottom of this page you will see links to
different categories of FIXME.
https://www.owasp.org/index.php/Category:FIXME/inactiveDraft
https://www.owasp.org/index.php/Category:FIXME/historical
59. Wiki Editing
Once pages are fixed, updated or redirected, we remove the FIXME tag.
We do not delete any content.
• Redirect it to updated content (when we have duplicated content) or
• Flag it as historical (which adds a link to newer content without deleting it).
Changes are easily reversible through history.
We also started flagging pages that are at the top of Google searches to trigger more
scrutiny. https://www.owasp.org/index.php/Category:Popular
61. OWASP in Wikipedia
Join WikiProjects to Make AppSec Visible https:
//docs.google.com/a/owasp.
org/presentation/d/10UiKKz9zOB10vUtc8lBlAq
9lRbye7e9BEbJ1rS2-2mw/edit?usp=sharing
62. OWASP in Wikipedia
OWASP Community Etherpad
https://owasp-community.etherpad.mozilla.org/1
Guide to Contributing to Wikipedia:
https://en.wikipedia.org/wiki/Wikipedia:Contributing_to_Wikipedia
Cheat Sheet:
http://en.wikipedia.org/wiki/File:Wiki_markup_cheatsheet_EN.pdf
63. OWASP in Wikipedia
WikiProject: Computer Security
https://en.wikipedia.org/wiki/Wikipedia:WikiProject_Computer_Security
Requested Articles on Computer Science and Security
https://en.wikipedia.org/wiki/Wikipedia:
Requested_articles/Applied_arts_and_sciences/Computer_science,_computing,
_and_Internet#Security
64. Other Ideas?
See OWASP’s Trello board for a summary of Chapter Leader
Workshop ideas submitted by participants:
https://trello.com/b/sudN9qd2/chapter-leader-workshop-
appsecusa-2015
Feel free to add your own ideas to the list.
65. Session Recordings
Session 1 & 2: People & Capital and I’m a Leader, Now What?
https://drive.google.com/open?id=0ByZ3H0-PMUGuZDNYYVFWbDNXcnc
Session 3: What’s In Your Toolbox
https://drive.google.com/open?id=0ByZ3H0-PMUGud29mM0hxMEl1YU0
Session 4: OWASP Wiki Edit-a-thon https://drive.google.com/open?
id=0ByZ3H0-PMUGuUE54OU5kS3RCTW8