Thoughts for OWASP Chapters

53 views
Skip to first unread message

John Steven

unread,
May 9, 2013, 6:55:51 PM5/9/13
to owasp...@googlegroups.com
All,

I'd like to (again) congratulate Jack, Jeremy, and Mike on their election as chapter board. John Wilander just stepped down as the Sweden Chapter lead and it reminded me I wanted to share some reflections I've had about my own tenure in OWASPNoVA. Here goes:

 [Towards Content & Quality]
  • Set yearly learning objectives based on actual and desired membership needs.
  • Plan speakers and topics towards learning objectives instead of available/well-known vendors.
  • If a single leader:

    1. Seek traction quickly,
    2. Establish a chapter board as soon as possible and,
    3. Groom a replacement
  • Do not rely solely on the Speaker Agreement
    •  Allot about 6-8 hrs for speaker QA prior to the meeting. Start EARLY;
    • Explicitly communicate a NO PITCH policy (slides, intros, sales/recruiting, etc.);
    • Attend the meeting and ACTIVELY challenge BS; Kill pitching fast.

  • Don't take the fundamentals for granted. Remember to cycle back to key OWASP content/projects.
  • Seek out and gather non-vendors for leadership roles.
[Push the Edges]

  • Spread focus: focus on coding and security Initiatives as well as vulnerability discovery.
  • Stretch OWASP rules (we explicitly brought a vendor in to offer free time on their tool). But:
    • Announce it to the leader's list first;
    • Foster and incorporate discussion about how to do it well;
    • Plan for a lot more work when you stretch things;
    • Debrief the chapter and leaders. Learn.
  • Invite your competitors. Where antagonistic, script content-based discussion focused on benefiting the audience.
  • Let go. You might be amazed at where the next leaders take your chapter.

[Advertising & Growth]

  • Use a variety of channels to drive awareness. Meetup has been extremely effective. Use the wiki, Twitter, Google's tools, and  physical means (posters, etc.)
  • Advertise multiple times beginning at least two (2) weeks in advance of the meeting.
  • Use changing (like increasingly specific teasers) for announcements subsequent to the first.

  •  Make a big deal of things. Three of our most successful meetings were:
    • Van Wyk Moderating a Penetration Testing panel: Boutique vs. SaaS vs. Tool (AppScan Std)
    • "Bring your Boss to OWASP Day": Better food, conversation w/ CISO about what he wants to hear, & Q&A
    • Free hands-on training on a SAST tool. 4hrs to tinker.

[Community]

  • Provide 30-60 minutes for member mixing/conversation / meeting
  • Solicit and cajole 2-3 "Fire talks" / meeting: 5 min "I'm [Me] and here's what I'm working on..."

  • When you fly OWASPers out, make sure you take time to:
    • Spend time with them as people/humans;
    • Collaborate, to the extent possible, with the org. you come from.

Hopefully, these thoughts tickle some ideas you might have been thinking about.
-jOHN
Reply all
Reply to author
Forward
0 new messages