Monday, 22 May 2017

Owasp Summit Working Session 'Definition of Done'

(email sent to all Summit Participants)
Hi Summit Participant. As you can see by the Summit Schedule, one of the nice problems that Participants will have is going to be: how to select which Working Sessions to attend.

The Summit will create a highly focused and energized environment where each Participant is donating it most valuable assets: Time and Knowledge

The Working Sessions organizers have the privilege of the Participant's time, which is a massive gift. Their responsibility is to create the most effective and productive environments for them.

In practice this means that we need to be very disciplined on what will happen in the Working Sessions, where we need to ensure that each one will create something tangible and actionable.
Working Sessions are competing for Participant's talent and time (in a darwinian way). Working Session organizers need to create detailed action plans and to-dos lists, that are easy pick up and start contributing (recommendation is to use GitHub Issues and Projects)

In the next couple weeks we need each Working Session to explicitly define what is its 'Definition of Done' (which will affect the location and duration of that Working Session in the main Summit's schedule).

Here are some examples of what these outcomes/deliverables could look like:
  • Artefacts (Diagrams)
  • Documents or Books
  • Playbooks
  • Roadmaps (for next meeting)
  • Wiki pages (namely on owasp.org)
  • Code
  • Statement or Position (signed by the Working Sessions Participants)
  • Security Review (or a particular application or api)
  • Lessons Learned
All materials must be ready by end of the day (or Working Session), so that we can release them to the world in a consumable format (there will be some logistical support provided to Working Sessions organizers). For reference all materials need to be released under an CC BY 4.0 or Apache 2.0 licenses.

If you are an Working Session organizer, please start mapping what is the 'Definition of Done' for your Working Session (if you are not an organizer, but have ideas of what should happen at a particular Working Session, then become an organizer, and make your ideas real).

We will be adding a 'Definition of Done' to all Working Sessions. Any Working Session that doesn't have one, will NOT be added to the main schedule and benefit from being part of the Summit Participant's individual daily schedule.

It will be better to have a smaller number of Working Sessions highly focused on a common objective (for 1,3,6,9 hours) than to have large number of Working Sessions made of only 'great conversations and debates' (which btw will still happen due to the Summit's 18h per day collaboration environment)
Given the time restrictions of the talent pool available (couple days in June), the best way to achieve solid results at the Summit, is to work on the Working Sessions topics before the Summit. This means NOW!

Please don't wait for the Summit to start thinking/sharing/working on the Working Sessions you want to be involved in.

Start collaborating now with the Participants already registered, and leave the hard questions or work for the Summit.

We have a great opportunity to really make the difference in our industry and (more importantly) to make the world a bit safer.

This is your time to create something special

Thanks again for giving Owasp and the Security community your most valuable asset: Time and Knowledge
Post a Comment