Thursday, August 20, 2015

August 2015 Community News Flash

August 2015 Community News Flash

The AppSecUSA team is looking forward to our 2015 event in San Francisco, CA on September 22-25th. I will be hosting a series of Chapter Leader Workshops (details below) and encourage you to participate whether you are a chapter leader or interested in becoming more involved in your chapter. Project leaders may find the sessions on staff support and financing to be of interest, so please plan on attending.

I welcome feedback on this newsflash from the full spectrum of our community: chapters, projects, and initiatives. Many of the same issues that affect chapters, including funding, volunteer engagement and events, also affect projects and other activities. Be sure to read the news flash for tips and ideas for project teams.

Noreen Whysel
Community Manager
OWASP Foundation

In this Issue:
  • FEATURE: The Chapter Leaders Workshop at AppSecUSA
  • Back to School: Connect With Student Chapters!
  • Chapter Activity: New Chapters, Leader Transitions
  • New Tools: Trello
  • Resources
FEATURE: The Chapter Leaders Workshop at AppSecUSA

The Chapter Leader Workshops at AppSecUSA are designed for OWASP members currently leading or interested in starting a chapter in their local area. We are hosting four separate sessions plus afternoon Birds of a Feather flex sessions on Thursday AM and Friday all day in Room F on the Pacific Concourse level. We invite participation from all conference attendees whether they are a chapter leader, project leader or volunteers. If you are interested in how to plan and run OWASP activities at any level, you will enjoy these sessions

We'll be there to learn from each other how to run chapter activities, what types of events to host and how to promote them, outreach with education and other organizations, as well as where to access funding and how to spend it. The session descriptions are starting points for discussion, but the discussion is yours.

Click on the session title below for a full description of each workshop session:

For more information about the Chapter Leaders Workshop, or to suggest content to cover or issues of concern to you, please contact me.


It's the time of year again for many schools and universities to welcome students back to campus. This is a great time to connect with your local student chapters and educational institutions. To find out if there is a student chapter near you, visit the Student Chapter Program page on the wiki. If you don't have a student chapter in your area, you can help create one by reaching out to educational programs near you.

The Academic Supporter program also allows educators to participate in AppSec activities and offers a number of benefits including recognition of the institution on our website and at events, in exchange for providing space for chapter meetings and sharing OWASP educational materials and project opportunities with students. Leaders can work with faculty to help integrate Web Application Security into the curriculum, and can form teams to participate on university challenges at regional AppSec events and our seasonal project code sprints, as well as opportunities for mentoring and other interaction with professional chapters.


As a result of recent audit of chapter activity, several chapters have been marked inactive due to either nonresponse from the current leadership team or lack of any meetings in the past year. If you are interested in starting or helping to restart a chapter that has gone inactive, please review the listings at the Volunteer Opportunities page of the wiki. If you are a current chapter leader and are having difficulty finding space, volunteers or funding to host a meeting, let me know. I can direct you to resources and funding to help you.

Also keep in mind you can view your Chapter's budget and available funds at the Donation Scoreboard:

New Chapters
New/Transitioning Leaders
New Student Chapters

The OWASP Foundation has obtained a free premium Trello account for our community.

What is Trello?

Trello is a collaboration tool that organizes your projects into boards. In one glance, Trello tells you what's being worked on, who's working on what, and where something is in a process.

Getting Started Guide

Here you could see how easy it is to get up and running with Trello

What are the benefits of using Trello in my OWASP project/chapter?
  • You could create a board for your chapter to help you organise all the logistics of your next event.
  • You could create a GTD (Get Things Done) board for your project and allocate tasks to volunteers:
  • You can invite as many people to your board as you need, all for free. Drag and drop people to cards to divvy up tasks. Everyone sees the same board and the whole picture all at once.
  • You could integrate your Slack Channel with your OWASP Trello Board so any new task/card being created/actioned in Trello is shown in Slack.
OWASP Trello Main Board:

We are creating boards for some projects and chapters already… if interested in having your own board, please ping Fabio Cerullo at

Need some inspiration to create your Board?

Here are a couple of Board templates:

EVENTS: The Women in AppSec Program at AppSecUSA

The Women in AppSec (WIA) program is for all OWASP members who believe that diversity is important to the success of an organization, as well as for women who want to make career connections with like-minded colleagues. We encourage you to attend our session on Thursday at 3:30pm in Room F, featuring the founders of InfoSec Girls, Apoorva Giri and Shruthi Kamath, moderated by Astha Singhal.

We also invite you to join us for our networking and "Birds of a Feather" sessions on Thursday in the WIA meeting room . Stop by anytime between 10:00am and 3:30pm to meet other members, learn more about the WIA program, and discuss relevant topics. Suggest a discussion topic on the sign-up board at the room entrance!

Other local and regional events brought to you by OWASP Chapters:
Chapter Leaders Workshop at AppSec:


Trello Main Board:

Women in AppSec Panel at AppSecUSA:

Chapter Leader Handbook:

Funding Resources:

Donation Scoreboard - Current Chapter Funding Allocation:


Feel free to contact me at any time if you have a question or suggestion. To create a trackable case, please use the contact us form at

Noreen Whysel
Community Manager
OWASP Foundation

Community Manager Open Hours on Slack:
Join the #AsktheCM channel Tuesdays from 10am-Noon EDT.

Monday, August 10, 2015

Your 2015 Global BoD Candidates Have Been Announced!

Committing to run for a seat on a Board of Directors is not always an easy decision. Dedication, leadership and time are just a few attributes of what it takes to have a successful board and organization. 

That being said, we would like to thank all the individuals who submitted their candidacy to run for one of the four available seats to sit on the OWASP Global BoD.

All of the candidates have been notified and below are your 2015 eligible candidates: 

Abbas Naderi Afooshteh

Tom Brennan

Jonathan Carter

Michael Coates

Bil Corry

Tobias Gondrom

Nigel Phair

Milton Smith

Josh Sokol

For more information on the election, please visit the 2015 Election page .

Wednesday, July 29, 2015

5 Days Left to Submit your Candidacy!!

This Friday, July 31 is the last day to submit your candidacy for the 2015 Global BoD election.

Check out the 2015 election timeline, eligibility requirements, primary responsibilities and much more including how to submit your candidacy visit:


Only a couple more hours remaining before the Call for Nominees closes. To submit your nominees for the 2015 WASPY Awards visit:



The purpose of these awards is to bring recognition to those in the OWASP community who "fly under the radar".  These are the individuals who work everyday to improve the cyber-security world, yet seem to go unrecognized.

This year, you may nominate 1 individual per category (there are 4 categories) from each of our 7 regions  who you feel best fits these descriptions so that, as a community, we can recognize them for their contributions.  

**NOTE: You do NOT have to nominate an individual for every region for your submission to count.

Monday, July 27, 2015

This Friday, July 31 is the deadline to submit your candidacy!

ONLY 5 days remain to submit your candidacy for the 2015 Global BoD. This Friday July 31 is the DEADLINE. If you are interested in running for one of the four seats that are up, please don't delay and submit today! 

July 2015 Community News Flash

Greetings OWASP Community,

This month's feature article is about what to do when you outgrow your chapter boundaries. The process of growing or consolidating can include difficult political, financial and social decisions. I want to help chapter leaders navigate the process, make the right decisions and communicate the changes to the community effectively. We will also discuss when to consider consolidating less active chapters into a larger chapter to help jumpstart activity. 

The August Community News Flash will be released on a new schedule, moving to the beginning of the month. The change accommodates a planned series of Google Hangouts to complement news flash content. Next month, we will delve deeper into funding resources to help your chapter fund activities. Look for that the week of August 10.

Noreen Whysel
Community Manager
OWASP Foundation

In this Issue:
  • FEATURE: Outgrowing Your Chapter Boundaries
  • Upcoming Deadlines: WASPY's, Board Nominations/Candidate Questions
  • Chapter Activity: New Chapters, Leader Transitions
  • AppSecUSA: Chapter Leader Workshop and Women in AppSec
  • Resources

FEATURE: Outgrowing Your Chapter Boundaries

What do you do when you find your chapter is unable to accommodate its membership because of size or distance? How do you decide when it makes sense to split into two or more local chapters? 

Several country level chapters currently are in the process of splitting into local city chapters. This often happens when AppSec professionals in a city that is far from the main chapter's activities wishes to host their own events. Breaking into subchapters is not only possible, but is encouraged when a country or large metropolitan area exhibits local activity that warrants it's own chapter. Section 5.02 of the OWASP Bylaws (PDF) explicitly allows country and city level chapters to break into smaller, local chapters. The Chapter Leader Handbook further qualifies this allowance, as long as the new chapters do not overlap boundaries.

It is important to work with the current chapter leader when requesting to create a new chapter within an area that is already represented at the country or metro level. This can be a difficult and occasionally uncomfortable process, particularly if the issue is that the current chapter is not serving your local area adequately.

This is really OK. Chapters grow. At the country level, it may be difficult for a country leader to host meetings in every city where there is interest. In most cases the chapter leader will welcome the expansion and appreciate offsetting some activity to a local chapter. Also, the closer a chapter is to a prospective member, the more likely that person will pay for a membership, which is good for each chapter's bottom line.

When does it NOT make sense to split a chapter? Issues such as inactivity at the country level can be resolved by having alternate localities host chapter events on behalf of the country leader. It is difficult to justify splitting an inactive chapter into multiple chapters if participation overall is low. There may also be personal and political reasons for creating a new chapter which need to be examined as well. Such disputes, for financial and operational reasons, may not warrant splitting a chapter. Our dispute resolution process is available for addressing these kinds of disagreements.

Another big issue to address is funding. When joining OWASP, members self-select which chapter they identify with, and have the option to move their allocation to a new chapter upon renewal. In most cases, funding is available in the existing chapter's account that accrued from a share of revenue from events or membership dues. 

So, what happens to this funding when a new chapter splits off? Chapter leaders may need to negotiate an equitable split of the available funding or hold a vote among its dues-paying members. New chapters also have the option to request engagement funding which may make more financial sense if overall funding is low. We can help to guide and facilitate funding decisions.

Country level oversight may be desirable in some cases. We have a few country chapters that operate centrally, overseeing subchapters that share funding in a common, country level allocation. Korea and China are examples of centrally operated chapters. Both maintain external, common language websites and oversee regional activities from a central coordinating committee. Atlantic Canada, a new chapter covering Nova Scotia, Newfoundland, Prince Edward Island and New Brunswick will operate this way. Other chapters such as Sweden and South Africa have opted instead to break into separate city level chapters. We have facilitated those changes in Sweden and are in the process of helping South Africa do the same.

If you are exploring chapter changes that require either a consolidation or splitting of an existing chapter, please let me know. I can help make the process a smooth one.


WASPY Awards - Deadline July 29 to Submit Your NominationsDo you know someone who does great things for OWASP, but never seems to receive the recognition they deserve?  Why not nominate them for the WASPY awards!!  The deadline to submit your nominees is July 29, 2015.  To learn more about the award including a list of rules and how to submit your nominees, please visit

2015 Global BoD Election - Deadline July 31 To Submit Your Candidacy Time is running out!  Please consider running for one of the four seats that are available in this years election. More information can be found here. Submit your candidacy today!

Questions for the 2015 Board Candidates - Deadline July 31 To Submit Your QuestionsOWASP Board elections are coming up soon, and individuals have submitted their candidacy. In order to hear what our candidates think about OWASP priorities, please submit your questions that you would like asked of each candidate.  The candidates will be asked the top 4-5 questions during their interviews.  The full cycle of activities and schedule can be found here.

Remember, to vote for the WASPY Awards your membership (paid or honorary) must be on file with the foundation no later than July 26, 2015. To cast a vote in the 2015 Election, your membership (paid or honorary) must be on file with the foundation no later than Sept 30, 2015.


New Chapters
New/Transitioning Leaders
Merging Chapters
  • Kenya/Nairobi: the inactive Nairobi chapter will merge with Kenya. Kenya team is incorporating historical info on past Nairobi meetings on their page. Nairobi leaders have been invited to join Kenya leadership team.
New Academic Supporters
New Student Chapters

TOOLS: OWASP-Community Open Hours on Slack

As you know, we have launched a Slack as a resource to discuss project and chapter activity. We recently added an owasp-community channel that will serve as a virtual Open Hours. I have selected Tuesdays from 10am-11am Eastern time as a weekly open hours slot, and may adjust the schedule as demand requires. You can also suggest a appointment time and I will be happy to log in. Sign up at


The full agenda for speakers and training sessions is now available for AppSecUSA to he held in San Francisco from September 22-25, 2015. Last chance for early bird pricing is August 1. View a recently released Highlights Video from last year's conference. Register soon!

I am proposing a series of chapter leader workshops, covering fundraising, membership development, communication tools like the wiki, Social Media and Slack, and ideas for activities and community engagement, among other topics. If you would like to help out, present or suggest a topic, please let me know:

Plans are being made for a panel and workshop on Women in AppSec with a goal to introduce application security as a career option for women. For details, visit and join the OWASP Women in AppSec Community Group, at


Funding Resources:
Donation Scoreboard - Current Chapter Funding Allocation:
OWASP-Community Slack Channel:



Feel free to contact me at any time if you have a question or suggestion. To create a trackable case, please use the contact us form at

Noreen Whysel
Community Manager
OWASP Foundation

Community Manager Open Hours on Slack:
Join the #AsktheCM channel Tuesdays from 10am-Noon EDT.