Friday 6 April 2012

I want to vote for a Summit Team+Vision , NOT for a venue

I wrote the text below in 11/Mar/12 and sent it originally to the OWASP Summit 2013 mailing list (you can see some comments to it there) and with the recent Cancelation of the OWASP Summit 2013 announcement, I wanted to write a number of blog posts about OWASP Summits (so here is the first one)

---------------------------------------------------

Subject: I want to vote for a Summit Team+Vision , NOT for a venue

Following the Summit call on Friday I finally realized what was worrying me with the current Summit 2013 planning process: we are being asked to vote/select a venue, before we have chosen: 
  a) who is going to lead the summit team, 
  b) what is its vision and 
  c) what team/energy can they generate.

When I asked at the end of the call "so who is going to be the leadership team of the Summit since that should be different depending on which venue is selected?" I got the answer "..this time is going to be different.. this whole group (on the Summit mailing list) is that leadership team, and it doesn't matter where the venue is, once it is chosen, we are all in charge..."

Now I am the first to want open solutions, but you don't organize a Summit by Committee (in fact you don't even do it for conferences, chapters or projects).

There needs to be a core leadership team (1 to 4) that is all in sync with their vision for the Summit. Of course that we want as many OWASP leaders to be involved, BUT, there needs to be a core team with the vision and authority to make decisions, mainly because some of the decisions cannot be realistically made by a bigger group (not to say that the bigger group shouldn't be involved, but there are moments when decisions need to be made, and not everybody will have the same opinion/vision on the best course of action).

Just to be clear this is what I would like to be asked to vote on.

A 'Summit Proposal' with:
  • Summit Leadership Team (1 to 4) who are responsible for defining and executing a proposed vision for the Summit (see below)
  • Local Summit Team (5++)  who COMMIT to going to the Summit
  • Remote Summit Team (5++) who cannot go to the Summit but will help remotely (before, during, after) and even might try to organize a local (to them) event (Seba's idea of other simultanious mini summits)
  • Advisory Team and Working Sessions Champions (5++) responsible for providing advice to the Summit Team and to help with the development, promotion and (ideally) execution of the Summit's Working Session
  • External (to OWASP) participants (as many as possible) - who agree with the proposed vision and commit to going, promoting or helping
    • At the last Summit we (finally) had good success at brining a good number of external (to OWASP) participants (Mozila, Microsoft, Google, etc...). A large number of them already had good ideas on 'what the next Summit should be about', and we need to leverage these ideas and get them involved as soon as possible 
  • Paid Summit Team - professional contractors that will help to run the event (at the last Summit we had 6 external contractors + travel agency)
  • A vision for the Summit:
    • What are the topics/themes? 
    • What is it all about?
    • What type of venue they would like to get?
    • Where should be Summit be
  • A solution for improving the 'Summit Deliverables'
    • This is what will survive the Summit, and we need to do a much better job at creating and promoting a number of solid+useful deliverables
    • This needs its own strategy, and should be a key reason of why we go with a specific Summit team (for example, should there be post-Summit group that stays on the venue to wrap up the deliverables?)
  • Budget and Dates
    • How much money they would like to have from OWASP?
    • When would they like to do the summit?
    • Other sources of income 
In this model, an owasp leader could be part of multiple teams (since the objective is the get the best out of available resources). For example, given their past involvement+contributions of (just to name a few) Lorna, Jason, Justin, John W, Jeff W, Colin W, Jim M, etc... , it would be crazy to not have them involved in these teams (even if only as 'advisers').

I'm very happy that after two Summits there is so much energy behind having another Summit, but we need to do this right.

Now, at the moment we have two realistic proposals for the Summit (Royal Holloway and Boat) which come from two different points of view (and visions) for what the Summit should be. The other proposals are either not realistic or too far away (we can't have a Summit that takes 20h+ to get to from Europe, US or Asia)

For the record, I am not going to vote on the two venue proposals since both have what I consider to be 'show stoppers'. We have talked about the positives of each venue, so there is no need to repeat them.

'Show stoppers for Royal Holloway'
  • There is no team behind this proposal (see above)
  • There is no active participation from the London/UK chapters (after Dennis dropped his support)
'Show stoppers for Boat Option'
  • There is no team behind this proposal (see above)
  • The venue is a 3000+ guest's hotel on water - this will make it very difficult to re-create the Summit Experience in a boat with that size, and will mean that we will not 'own the venue'. Since even in the unlikely case that that have 300ish participants, we will still be about 10% of the venue capacity. This for example might limit our:
    • ability to bring in our own Food and Drinks - This is very important since we know that we will need a good amount of beer (and wine) to be made available to the attendees 
  • Hard Limit on start and stop of the Summit (i.e. mandatory boarding day) - at the last two Summits we had people arriving and departing all the time (some due to other commitments and some due to missed/delayed flights)
  • No ability to have 'drop in' participants - this is something we had a bit on the last summit (some Portuguese Government officials where there some a couple hours), and something that we should try to have a lot more in the next summit (think of special key note speakers, industry/government participants or special guests). 
  • No ability to go an 'buy something that is needed ASAP' - I lost count how many 'shopping trips' happened during the last Summits. It doesn't matter how much you plan (and we tried hard), but there is always something that is needed ASAP (from office supplies, to A3 paper, to network equipment, to medical supplies, to food, to drinks, etc ...)
'Not Show stoppers but areas of concern: for Boat Option'
  • 'Holiday perception' - in addition to the fact that the argument '...its a good holiday venue which will allow the participant partners to also attend'... is not correct (no partners will want to attend the venue (neither will the attendees want them to go)), in the case of the boat, its 'holiday' perception actually backfires. I.e. there is good tradition to go to hotels/venues for Summits and work hard, there is less tradition to do that on boats. 
    • Another issue with that many people on the boat is the 'holiday atmosphere' that will exist (with 90% of the other passengers on holiday).
    • Both will make it hard to justify the trip to employers
  • No experience at OWASP in doing an event on a boat - regardless of how much research we can do before hand, as far as I know there has been no previous events organized by owasp at a boat. This menas that the number of unknowns is even bigger.

Moving forward, I think we have two options:

Option A) go with the Boat option
  • Mark has done extended research on this option and as long as he takes the leadership role on the next Summit (i.e. he is one of the 'Summit Leadership Team') then we should trust him to make it a success
  • Mark has extended experience and track record at delivering owasp conferences, so since he feel so strongly about the boat option, he should ge given the change
Option B) wait for a 'Summit Team+Vision' proposal (as defined above)
  • Put a pause in the current 'Summit Venue' allocation process
  • Make a public request for 'Summit Team+Vision' proposals 
  • Wait for those proposal to appear (wait if needed 1,2,3 or 6 months for it)
  • Vote on the best one
Sorry for not raising these issues before, but only on the last couple days I was able to rationalize my worries about the current Summit 2013 process, which come down to this simple concept:

I want to vote on a Summit Team+Vision, not on a Venue