Upload
noreen-whysel
View
296
Download
1
Embed Size (px)
Citation preview
(Chapter) Leaders Workshop
Part 1: People and Capital – The Fire & Fuel for Chapter ActivitiesPart 2: I’m a Leader. Now What? – Basic Information for Jump Starting a ChapterPart 3: What’s in Your Toolbox? – Resources for EngagementPart 4: If You Build It, They Will Come – The OWASP Wiki Edit-a-Thon
(Chapter) Leaders Workshop
This workshop is intended for All OWASP Leaders who are responsible for managing volunteers, budget and promotion of a chapter, project or initiative.
While the focus is Chapters, you do not need to be a chapter leader to benefit from the information in these sessions. Future leadership workshops will be marketed to be more inclusive of all OWASP leaders.
Chapter Leaders Workshop
People and Capital –
The Fire & Fuel for Chapter Activities
Meet the OWASP Staff• Paul Ritchie, Executive Director – California, USA• Kate Hartmann, Operations Director – Maryland, USA• Kelly Santalucia, Membership Business Liaison – New Jersey, USA• Alison Shrader, Accounting – Maryland, USA• Laura Grau, Event Manager – Bay Area, California, USA• Noreen Whysel, Community Manager – New York City, USA• Claudia Aviles-Casanovas, Projects Coordinator – New Jersey, USA• Matt Tesauro IT Admin (Contractor) – Texas, USA• Hugo Costa, Graphic Design, (Contractor) – Portugal
OWASP Staff Services
• Setting up new projects and chapters• Setting up new leaders with tools and account access• Access to funding, information about funding processes, ways to raise funds• Contracts, co-marketing agreements, event partnerships• Branding, logos, merchandise• Event planning and coordination• Technical support, IT platforms and services• Communications, promotion
Community Management• Noreen Whysel, Community Manager
• Chapter Development• New Leaders• Chapter Activity and Promotion• Funding Access and Ideas• Communications
Chapter Development
Chapter Development• 28 new chapters started in 2015• 8 chapters restarted• 26 chapters inactivated
• some are in the process of restarting• 1 merged chapter (Kenya/Nairobi)• 3 chapter splits (Spain, Argentina, Sweden)• 53 new added, including restarts• 120+ cases and conversations with chapter leaders worldwide
Chapter Statistics: https://docs.google.com/spreadsheets/d/1nb9ybMv3mKL59DLsUiEtUtU3YYWYTAQnsZfCbrFTUbw/edit#gid=1009313527
Chapter Activity: Meetings
OWASP Sheffield, UK OWASP NYC Meeting
Chapter Activity: Trainings
OWASP AppSecUSA 2015 OWASP Hyderabad ZAP Training
Chapter Activity: Outreach
OWASP Philippines, Community Growth, Awareness and Education
OWASP Noida, Cyber Awareness at
Middle and High Schools
Project Management• Claudia Aviles-Casanovas
• New Project evaluation process
E-Merchandise• Kate Hartmann
• E-Merchandise process demo• OCMS submission and approval process, auto-messaging features,
reminders on the role/responsibility/resources available from Staff by event type.
E-Merchandise• Kelly Santalucia
• OWASP Conference Management System• Contracts
Funding Chapter Activities
Typically Approved Use of Funds• Catering expenses• Venue expenses• Speaker travel to your events• Outreach, travel/merchandise at external events• OWASP Merchandise, printing• Marketing, graphic design, web hosting, etc.• Hardware and collaborative tools, like Github, to support project activity• Member engagement platforms, like Meetup
Funding Rules• All funding requests MUST be pre-approved.
• Funding is deducted from the local chapter budget first.
• A chapter or project without sufficient funds may request funding from the foundation "Community Engagement" fund.
• If you exceed available funding, we can help you locate sponsors or develop fundraising ideas.
Funding Limitations• Standard funding thresholds are based on the type of activity, typically
• $500 per event for local chapter events or • $1000 for multi-chapter events
• Limit of $2000 USD per year to any individual or chapter.• A chapter/initiative can use the sponsorship 4 times a year, with a maximum of 2
speakers sponsored by the Community Engagement Fund for one single event. • Additional funding may be approved in special cases.• Community Engagement funds are not to be used by speakers to attend OWASP
conferences.
Funding Procedures1. Leader or speaker submits a funding request.
https://www.owasp.org/index.php/contact-U.S.2. OWASP Staff reviews the request. If the request complies with funding rules, it
will be approved. 3. The speaker who made the travel/lodging expenses, or the chapter leader who
paid for meeting space, food or supplies, submits a reimbursement request, including receipts, typically after the presentation is performed.
https://www.owasp.org/Reimbursement_Request_Form4. The Reimbursement is approved and processed.
Things to Keep in Mind• Funds are drawn from the chapter allocation first, then from the Community
Engagement fund.• Be sure to submit an estimate of expenses and get approval BEFORE requesting
reimbursement.• Chapter leaders may use the Reimbursement Request Form to request direct
payment to vendors (with prior approval) by supplying a copy of the invoice and payee details.
• Travel can also be booked through the Foundation's travel management system.
Other Funding Resources• Membership allocation• Corporate allocation, sponsorship• Individual donation (Donate button)• Sponsorship of a chapter event or project by another chapter• Local supporter program• Sponsorship drives, call for funding• In-Kind arrangements for event promotion, conference booths• OWASP Day conference registration and trainings
Conference Planning• How to Host a Conference
https://www.owasp.org/index/How_to_Host_a_Conference
• Fundraising• 90/10 profit sharing with Foundation• 40/60 revenue share with speakers
• Outreach• Spreads application security awareness• Builds membership• Partner with local sponsors and schools
• Types of Events• Trainings• OWASP Days• AppSec Conference• AppSec Tours
Other Ideas?•
Chapter Leaders Workshop
I’m a Leader. Now What? –
Basic Information for Jump Starting a Chapter
I’m a Leader. Now What?
• Meeting Formats• Tips for Successful Meetings• Conference Planning• Chapter Leader Handbook• Funding and Donations
Meeting Formats• Introduction to OWASP | Overview Slides: https://docs.google.
com/presentation/d/10wi1EWFCPZwCpkB6qZaBNN8mR2XfQs8sLxcj9SCsP6c/edit?usp=sharing
• Trainings and Videos• Guest speakers, project leaders• AppSec Conference redux• Student mentoring projects, university/hackademic challenges, CTF• Outreach: Community cyber-awareness campaigns• Game night: Cornucopia, Jeopardy• Start a project
Chapter Activity: Meetings
OWASP Sheffield, UK OWASP NYC Meeting
Chapter Activity: Trainings
OWASP AppSecUSA 2015 OWASP Hyderabad ZAP Training
Chapter Activity: Outreach
OWASP Philippines, Community Growth, Awareness and Education
OWASP Noida, Cyber Awareness at
Middle and High Schools
Tips for Successful Meetings1. They hold regular monthly meetings with decent speakers
2. They have more than one leader helping run the chapter
3. They communicate well and list chapter meetings on the wiki/meetings/etc well in advance
4. Many chapters have seen a big bump in membership just by using Meetup
--Jim Manico
OWASP Middle East Strategy Guide by Dhruv Soi, Dubai: https://docs.google.com/presentation/d/1K9JZ5-jBfWedDgjuN4QftP5UDxFS6GQ6Jr5SaVgKrCQ/edit?usp=sharing
Conference Planning• How to Host a Conference: https://www.owasp.
org/index/How_to_Host_a_Conference
• Fundraising• 90/10 profit sharing with Foundation• 40/60 revenue share with speakers
• Outreach• Spreads application security awareness• Builds membership• Partner with local sponsors and schools
• Types of Events• Trainings• OWASP Days• AppSec Conference• AppSec Tours
Chapter Leader Handbook• https://www.owasp.org/index.php/Chapter_Leader_Handbook
• Chapter 1: Handbook Overview
• Chapter 2: Mandatory Chapter Rules
• Chapter 3: How to Start a Chapter
• Chapter 4: Chapter Administration
• Chapter 5: Governance
• Chapter 6: Chapter Activity
• Chapter 7: Organizing Chapter Meetings
• Chapter 8: Organizing Local Events
• Chapter 9: Growing and Promoting your Chapter
• Chapter 10: International Aspects
Mandatory Rules
https://www.owasp.org/index.php/Chapter_Handbook/Chapter_2:_Mandatory_Chapter_Rules
Funding and Donations• Donation Scoreboard: https://docs.google.com/spreadsheet/pub?
hl=en_US&hl=en_US&key=0Atu4kyR3ljftdEdQWTczbUxoMUFnWmlTODZ2ZFZvaXc&output=html
• Funding: https://www.owasp.org/index.php/Funding• Approved Community Engagement Allocations• Funding Report US: https://www.owasp.org/images/1/12/20150824_-_US_Chapter_Funds.
pdf• Funding Report EU: https://www.owasp.org/images/8/8e/20150824_-_EU_Chapter_Funds.
Other Ideas?
Chapter Leaders Workshop
What’s in Your Toolbox? –
Resources for Engagement
Resources for Engagement
• OWASP Resources• Social Media• Collaboration Tools• Meeting Management• Newsletters
OWASP Resources
● Chapter Leader Handbook
● Reimbursement Request form
● Donation Scoreboard --- This is Listing of Available Budget by Chapter
● Chapter Transactions - US (Amounts shown in USD)
● Chapter Transactions - EU (Amounts shown in Euros)
● For OWASP Chapter resources, click here.
OWASP Resources
● Mailing Listshttps://lists.owasp.org/mailman/listinfo/owasp-chaptershttps://lists.owasp.org/mailman/listinfo/owasp_project_leader_list
● Conferencing:GoToMeetingGoToWebinar
OWASP Resources
● OWASP Chapter presentations
● OWASP News Item template
● OWASP Chapter promotion tips
● OWASP Branded Chapter Supplies (Google Form)
● Apparel available through our 3rd party vendor
● OWASP Marketing Stuff Page
OWASP Project Resources
How to Run a Successful Open Source Project:
http://www2.econ.iastate.edu/tesfatsi/ProducingOSS.KarlFogel2005.pdf
• Openhub: https://www.openhub.net/orgs/OWASP
Other Free Services
● http://crowdin.net/ a translation and localization management platform
● https://scan.coverity.com/ C/C++/C# and Java static source code analysis
● https://www.mir-swamp.org/ - This web based code analysis service is 100% FREE of charge and is open to the public
Social Media• Twitter (as of 8/31/2015)
• 4014 tweets• 325 following• 56,819 followers
• Facebook• 9,062 Page Likes• 8,839 Group Members
• 22,730 group members
• 12,800 followers
• Slack• 399 members• 76 channels
• Meetup• 54 “OWASP” Meetup
Groups• 13,328 Members• 1,416 Expressed Interest• 50 Cities• 17 Countries
Resources for Engagement
Social Media
Using Social Media
• Advantages and traps of social media?
• How can we ensure they are open, inviting and secure?
• How to ensure continuity?
Hootsuite
Collaboration Tools: Slack
Collaboration Tools: Trello
Meeting Management: Meetup
Community News Flash• First issue April 2015• Sent to owasp-leaders and owasp-community lists• Switched to Vertical Response in August 2015
• August 2015
• Sent to: 1,282
• Opens (257): 20.05%
• Clicks (52): 4.06%
• Bounces (13): 1.01%
• Unsubscribes (0): 0.00%
• September 2015
• Sent to: 1,269
• Opens (255): 20.09%
• Clicks (26): 2.05%
• Bounces (3): .24%
• Unsubscribes (1): 0.08%
OWASP Connector• Latest issue April 2015• Sent to entire community
• March 2015
• Sent to: 39,244
• Opens (6,322): 16.11%
• Clicks (501): 1.28%
• Bounces (239): 0.61%
• Unsubscribes (61): 0.16%
• April 2015
• Sent to: 39,076
• Opens (5,305): 13.58%
• Clicks (1,518): 3.88%
• Bounces (261): 0.67%
• Unsubscribes (59): 0.15%
Other ideas?
Post to Trello!
Chapter Leaders Workshop
If You Build It, They Will Come –
The OWASP Wiki Edit-a-Thon
OWASP.org Wiki• OWASP Foundation information• How to Join, How to Donate• Resources and Tutorials• News and Media• Chapter and Project Pages
https://www.owasp.org/
Wiki Tutorial• How to Create an Account• Style and Content Guidelines• Formatting Tips• Discussion Pages• Links, Images and Files• Categories
https://www.owasp.org/index.php/Tutorial
Chapter Template
https://www.owasp.org/index.php/Template:Chapter_Template
Project Templates
https://www.owasp.org/index.php/OWASP_Code_Project_Template (there are others)
Wiki Editing
Wiki Cleanup Initiative: https://www.owasp.org/index.php/Wiki_Cleanup
Wiki Editors Mailing ist: http://lists.owasp.org/pipermail/owasp-wiki-editors/
https://www.owasp.org/index.php/Template:TaggedDocument is the main tagging system for flagging wiki pages. At the bottom of this page you will see links to different categories of FIXME.
https://www.owasp.org/index.php/Category:FIXME/inactiveDraft
https://www.owasp.org/index.php/Category:FIXME/historical
Wiki Editing
Once pages are fixed, updated or redirected, we remove the FIXME tag.
We do not delete any content.
• Redirect it to updated content (when we have duplicated content) or • Flag it as historical (which adds a link to newer content without deleting it).
Changes are easily reversible through history.
We also started flagging pages that are at the top of Google searches to trigger more scrutiny. https://www.owasp.org/index.php/Category:Popular
Exercise
OWASP in Wikipedia
Join WikiProjects to Make AppSec Visible https://docs.google.com/a/owasp.org/presentation/d/10UiKKz9zOB10vUtc8lBlAq9lRbye7e9BEbJ1rS2-2mw/edit?usp=sharing
OWASP in WikipediaOWASP Community Etherpadhttps://owasp-community.etherpad.mozilla.org/1
Guide to Contributing to Wikipedia:https://en.wikipedia.org/wiki/Wikipedia:Contributing_to_Wikipedia
Cheat Sheet:http://en.wikipedia.org/wiki/File:Wiki_markup_cheatsheet_EN.pdf
OWASP in WikipediaWikiProject: Computer Securityhttps://en.wikipedia.org/wiki/Wikipedia:WikiProject_Computer_Security
Requested Articles on Computer Science and Securityhttps://en.wikipedia.org/wiki/Wikipedia:Requested_articles/Applied_arts_and_sciences/Computer_science,_computing,_and_Internet#Security
Other Ideas?See OWASP’s Trello board for a summary of Chapter Leader Workshop ideas submitted by participants:https://trello.com/b/sudN9qd2/chapter-leader-workshop-appsecusa-2015
Feel free to add your own ideas to the list.
Session RecordingsSession 1 & 2: People & Capital and I’m a Leader, Now What?https://drive.google.com/open?id=0ByZ3H0-PMUGuZDNYYVFWbDNXcnc
Session 3: What’s In Your Toolboxhttps://drive.google.com/open?id=0ByZ3H0-PMUGud29mM0hxMEl1YU0
Session 4: OWASP Wiki Edit-a-thon https://drive.google.com/open?id=0ByZ3H0-PMUGuUE54OU5kS3RCTW8
Thanks!Noreen Whysel
Community Manager
OWASP Foundation
Nwhysel on Skype, Slack, Twitter, LinkedIn, etc.