(Chapter) Leaders Workshop

Part 1: People and Capital – The Fire & Fuel for Chapter ActivitiesPart 2: I’m a Leader. Now What? – Basic Information for Jump Starting a ChapterPart 3: What’s in Your Toolbox? – Resources for EngagementPart 4: If You Build It, They Will Come – The OWASP Wiki Edit-a-Thon

(Chapter) Leaders Workshop

This workshop is intended for All OWASP Leaders who are responsible for managing volunteers, budget and promotion of a chapter, project or initiative.

While the focus is Chapters, you do not need to be a chapter leader to benefit from the information in these sessions. Future leadership workshops will be marketed to be more inclusive of all OWASP leaders.

Chapter Leaders Workshop

People and Capital –

The Fire & Fuel for Chapter Activities

Meet the OWASP Staff• Paul Ritchie, Executive Director – California, USA• Kate Hartmann, Operations Director – Maryland, USA• Kelly Santalucia, Membership Business Liaison – New Jersey, USA• Alison Shrader, Accounting – Maryland, USA• Laura Grau, Event Manager – Bay Area, California, USA• Noreen Whysel, Community Manager – New York City, USA• Claudia Aviles-Casanovas, Projects Coordinator – New Jersey, USA• Matt Tesauro IT Admin (Contractor) – Texas, USA• Hugo Costa, Graphic Design, (Contractor) – Portugal

OWASP Staff Services

• Setting up new projects and chapters• Setting up new leaders with tools and account access• Access to funding, information about funding processes, ways to raise funds• Contracts, co-marketing agreements, event partnerships• Branding, logos, merchandise• Event planning and coordination• Technical support, IT platforms and services• Communications, promotion

Community Management• Noreen Whysel, Community Manager

• Chapter Development• New Leaders• Chapter Activity and Promotion• Funding Access and Ideas• Communications

Chapter Development

Chapter Development• 28 new chapters started in 2015• 8 chapters restarted• 26 chapters inactivated

• some are in the process of restarting• 1 merged chapter (Kenya/Nairobi)• 3 chapter splits (Spain, Argentina, Sweden)• 53 new added, including restarts• 120+ cases and conversations with chapter leaders worldwide

Chapter Statistics: https://docs.google.com/spreadsheets/d/1nb9ybMv3mKL59DLsUiEtUtU3YYWYTAQnsZfCbrFTUbw/edit#gid=1009313527

Chapter Activity: Meetings

OWASP Sheffield, UK OWASP NYC Meeting

Chapter Activity: Trainings

OWASP AppSecUSA 2015 OWASP Hyderabad ZAP Training

Chapter Activity: Outreach

OWASP Philippines, Community Growth, Awareness and Education

OWASP Noida, Cyber Awareness at

Middle and High Schools

Project Management• Claudia Aviles-Casanovas

• New Project evaluation process

E-Merchandise• Kate Hartmann

• E-Merchandise process demo• OCMS submission and approval process, auto-messaging features,

reminders on the role/responsibility/resources available from Staff by event type.

E-Merchandise• Kelly Santalucia

• OWASP Conference Management System• Contracts

Funding Chapter Activities

Typically Approved Use of Funds• Catering expenses• Venue expenses• Speaker travel to your events• Outreach, travel/merchandise at external events• OWASP Merchandise, printing• Marketing, graphic design, web hosting, etc.• Hardware and collaborative tools, like Github, to support project activity• Member engagement platforms, like Meetup

Funding Rules• All funding requests MUST be pre-approved.

• Funding is deducted from the local chapter budget first.

• A chapter or project without sufficient funds may request funding from the foundation "Community Engagement" fund.

• If you exceed available funding, we can help you locate sponsors or develop fundraising ideas.

Funding Limitations• Standard funding thresholds are based on the type of activity, typically

• $500 per event for local chapter events or • $1000 for multi-chapter events

• Limit of $2000 USD per year to any individual or chapter.• A chapter/initiative can use the sponsorship 4 times a year, with a maximum of 2

speakers sponsored by the Community Engagement Fund for one single event. • Additional funding may be approved in special cases.• Community Engagement funds are not to be used by speakers to attend OWASP

conferences.

Funding Procedures1. Leader or speaker submits a funding request.

https://www.owasp.org/index.php/contact-U.S.2. OWASP Staff reviews the request. If the request complies with funding rules, it

will be approved. 3. The speaker who made the travel/lodging expenses, or the chapter leader who

paid for meeting space, food or supplies, submits a reimbursement request, including receipts, typically after the presentation is performed.

https://www.owasp.org/Reimbursement_Request_Form4. The Reimbursement is approved and processed.

Things to Keep in Mind• Funds are drawn from the chapter allocation first, then from the Community

Engagement fund.• Be sure to submit an estimate of expenses and get approval BEFORE requesting

reimbursement.• Chapter leaders may use the Reimbursement Request Form to request direct

payment to vendors (with prior approval) by supplying a copy of the invoice and payee details.

• Travel can also be booked through the Foundation's travel management system.

Other Funding Resources• Membership allocation• Corporate allocation, sponsorship• Individual donation (Donate button)• Sponsorship of a chapter event or project by another chapter• Local supporter program• Sponsorship drives, call for funding• In-Kind arrangements for event promotion, conference booths• OWASP Day conference registration and trainings

Conference Planning• How to Host a Conference

https://www.owasp.org/index/How_to_Host_a_Conference

• Fundraising• 90/10 profit sharing with Foundation• 40/60 revenue share with speakers

• Outreach• Spreads application security awareness• Builds membership• Partner with local sponsors and schools

• Types of Events• Trainings• OWASP Days• AppSec Conference• AppSec Tours

Other Ideas?•

Chapter Leaders Workshop

I’m a Leader. Now What? –

Basic Information for Jump Starting a Chapter

I’m a Leader. Now What?

• Meeting Formats• Tips for Successful Meetings• Conference Planning• Chapter Leader Handbook• Funding and Donations

Meeting Formats• Introduction to OWASP | Overview Slides: https://docs.google.

com/presentation/d/10wi1EWFCPZwCpkB6qZaBNN8mR2XfQs8sLxcj9SCsP6c/edit?usp=sharing

• Trainings and Videos• Guest speakers, project leaders• AppSec Conference redux• Student mentoring projects, university/hackademic challenges, CTF• Outreach: Community cyber-awareness campaigns• Game night: Cornucopia, Jeopardy• Start a project

Chapter Activity: Meetings

OWASP Sheffield, UK OWASP NYC Meeting

Chapter Activity: Trainings

OWASP AppSecUSA 2015 OWASP Hyderabad ZAP Training

Chapter Activity: Outreach

OWASP Philippines, Community Growth, Awareness and Education

OWASP Noida, Cyber Awareness at

Middle and High Schools

Tips for Successful Meetings1. They hold regular monthly meetings with decent speakers

2. They have more than one leader helping run the chapter

3. They communicate well and list chapter meetings on the wiki/meetings/etc well in advance

4. Many chapters have seen a big bump in membership just by using Meetup

--Jim Manico

OWASP Middle East Strategy Guide by Dhruv Soi, Dubai: https://docs.google.com/presentation/d/1K9JZ5-jBfWedDgjuN4QftP5UDxFS6GQ6Jr5SaVgKrCQ/edit?usp=sharing

Conference Planning• How to Host a Conference: https://www.owasp.

org/index/How_to_Host_a_Conference

• Fundraising• 90/10 profit sharing with Foundation• 40/60 revenue share with speakers

• Outreach• Spreads application security awareness• Builds membership• Partner with local sponsors and schools

• Types of Events• Trainings• OWASP Days• AppSec Conference• AppSec Tours

Chapter Leader Handbook• https://www.owasp.org/index.php/Chapter_Leader_Handbook

• Chapter 1: Handbook Overview

• Chapter 2: Mandatory Chapter Rules

• Chapter 3: How to Start a Chapter

• Chapter 4: Chapter Administration

• Chapter 5: Governance

• Chapter 6: Chapter Activity

• Chapter 7: Organizing Chapter Meetings

• Chapter 8: Organizing Local Events

• Chapter 9: Growing and Promoting your Chapter

• Chapter 10: International Aspects

Mandatory Rules

https://www.owasp.org/index.php/Chapter_Handbook/Chapter_2:_Mandatory_Chapter_Rules

Funding and Donations• Donation Scoreboard: https://docs.google.com/spreadsheet/pub?

hl=en_US&hl=en_US&key=0Atu4kyR3ljftdEdQWTczbUxoMUFnWmlTODZ2ZFZvaXc&output=html

• Funding: https://www.owasp.org/index.php/Funding• Approved Community Engagement Allocations• Funding Report US: https://www.owasp.org/images/1/12/20150824_-_US_Chapter_Funds.

pdf• Funding Report EU: https://www.owasp.org/images/8/8e/20150824_-_EU_Chapter_Funds.

pdf

Other Ideas?

Chapter Leaders Workshop

What’s in Your Toolbox? –

Resources for Engagement

Resources for Engagement

• OWASP Resources• Social Media• Collaboration Tools• Meeting Management• Newsletters

OWASP Resources

● Chapter Leader Handbook

● Reimbursement Request form

● Donation Scoreboard --- This is Listing of Available Budget by Chapter

● Chapter Transactions - US (Amounts shown in USD)

● Chapter Transactions - EU (Amounts shown in Euros)

● For OWASP Chapter resources, click here.

OWASP Resources

● Mailing Listshttps://lists.owasp.org/mailman/listinfo/owasp-chaptershttps://lists.owasp.org/mailman/listinfo/owasp_project_leader_list

● Conferencing:GoToMeetingGoToWebinar

OWASP Resources

● OWASP Chapter presentations

● OWASP News Item template

● OWASP Chapter promotion tips

● OWASP Branded Chapter Supplies (Google Form)

● Apparel available through our 3rd party vendor

● OWASP Marketing Stuff Page

OWASP Project Resources

How to Run a Successful Open Source Project:

http://www2.econ.iastate.edu/tesfatsi/ProducingOSS.KarlFogel2005.pdf

• Openhub: https://www.openhub.net/orgs/OWASP

Other Free Services

● http://crowdin.net/ a translation and localization management platform

● https://scan.coverity.com/ C/C++/C# and Java static source code analysis

● https://www.mir-swamp.org/ - This web based code analysis service is 100% FREE of charge and is open to the public

Social Media• Twitter (as of 8/31/2015)

• 4014 tweets• 325 following• 56,819 followers

• Facebook• 9,062 Page Likes• 8,839 Group Members

• LinkedIn

• 22,730 group members

• 12,800 followers

• Slack• 399 members• 76 channels

• Meetup• 54 “OWASP” Meetup

Groups• 13,328 Members• 1,416 Expressed Interest• 50 Cities• 17 Countries

Resources for Engagement

Social Media

Using Social Media

• Advantages and traps of social media?

• How can we ensure they are open, inviting and secure?

• How to ensure continuity?

Hootsuite

Collaboration Tools: Slack

Collaboration Tools: Trello

Meeting Management: Meetup

Community News Flash• First issue April 2015• Sent to owasp-leaders and owasp-community lists• Switched to Vertical Response in August 2015

• August 2015

• Sent to: 1,282

• Opens (257): 20.05%

• Clicks (52): 4.06%

• Bounces (13): 1.01%

• Unsubscribes (0): 0.00%

• September 2015

• Sent to: 1,269

• Opens (255): 20.09%

• Clicks (26): 2.05%

• Bounces (3): .24%

• Unsubscribes (1): 0.08%

OWASP Connector• Latest issue April 2015• Sent to entire community

• March 2015

• Sent to: 39,244

• Opens (6,322): 16.11%

• Clicks (501): 1.28%

• Bounces (239): 0.61%

• Unsubscribes (61): 0.16%

• April 2015

• Sent to: 39,076

• Opens (5,305): 13.58%

• Clicks (1,518): 3.88%

• Bounces (261): 0.67%

• Unsubscribes (59): 0.15%

Other ideas?

Post to Trello!

Chapter Leaders Workshop

If You Build It, They Will Come –

The OWASP Wiki Edit-a-Thon

OWASP.org Wiki• OWASP Foundation information• How to Join, How to Donate• Resources and Tutorials• News and Media• Chapter and Project Pages

https://www.owasp.org/

Wiki Tutorial• How to Create an Account• Style and Content Guidelines• Formatting Tips• Discussion Pages• Links, Images and Files• Categories

https://www.owasp.org/index.php/Tutorial

Chapter Template

https://www.owasp.org/index.php/Template:Chapter_Template

Project Templates

https://www.owasp.org/index.php/OWASP_Code_Project_Template (there are others)

Wiki Editing

Wiki Cleanup Initiative: https://www.owasp.org/index.php/Wiki_Cleanup

Wiki Editors Mailing ist: http://lists.owasp.org/pipermail/owasp-wiki-editors/

https://www.owasp.org/index.php/Template:TaggedDocument is the main tagging system for flagging wiki pages. At the bottom of this page you will see links to different categories of FIXME.

https://www.owasp.org/index.php/Category:FIXME/inactiveDraft

https://www.owasp.org/index.php/Category:FIXME/historical

Wiki Editing

Once pages are fixed, updated or redirected, we remove the FIXME tag.

We do not delete any content.

• Redirect it to updated content (when we have duplicated content) or • Flag it as historical (which adds a link to newer content without deleting it).

Changes are easily reversible through history.

We also started flagging pages that are at the top of Google searches to trigger more scrutiny. https://www.owasp.org/index.php/Category:Popular

Exercise

OWASP in Wikipedia

Join WikiProjects to Make AppSec Visible https://docs.google.com/a/owasp.org/presentation/d/10UiKKz9zOB10vUtc8lBlAq9lRbye7e9BEbJ1rS2-2mw/edit?usp=sharing

OWASP in WikipediaOWASP Community Etherpadhttps://owasp-community.etherpad.mozilla.org/1

Guide to Contributing to Wikipedia:https://en.wikipedia.org/wiki/Wikipedia:Contributing_to_Wikipedia

Cheat Sheet:http://en.wikipedia.org/wiki/File:Wiki_markup_cheatsheet_EN.pdf

OWASP in WikipediaWikiProject: Computer Securityhttps://en.wikipedia.org/wiki/Wikipedia:WikiProject_Computer_Security

Requested Articles on Computer Science and Securityhttps://en.wikipedia.org/wiki/Wikipedia:Requested_articles/Applied_arts_and_sciences/Computer_science,_computing,_and_Internet#Security

Other Ideas?See OWASP’s Trello board for a summary of Chapter Leader Workshop ideas submitted by participants:https://trello.com/b/sudN9qd2/chapter-leader-workshop-appsecusa-2015

Feel free to add your own ideas to the list.

Session RecordingsSession 1 & 2: People & Capital and I’m a Leader, Now What?https://drive.google.com/open?id=0ByZ3H0-PMUGuZDNYYVFWbDNXcnc

Session 3: What’s In Your Toolboxhttps://drive.google.com/open?id=0ByZ3H0-PMUGud29mM0hxMEl1YU0

Session 4: OWASP Wiki Edit-a-thon https://drive.google.com/open?id=0ByZ3H0-PMUGuUE54OU5kS3RCTW8

Thanks!Noreen Whysel

Community Manager

OWASP Foundation

noreen.whysel@owasp.org

Nwhysel on Skype, Slack, Twitter, LinkedIn, etc.