[Global_conference_committee] Items requiring board attention to support the OWASP 2011 GCC Plan

[Mark Bristow]

Eoin,

As our Board rep, could you please pass the following to the OWASP Board for
their consideration?

Thanks,
-Mark

OWASP Board Members,

Recently, the OWASP Global Conferences Committee has passed it's 2011
Committee Plan (
http://www.owasp.org/index.php/Global_Conferences_Committee_2011_Plan).  In
this plan the committee has outlined 9 Major goals along with 7 Major
initiatives (described in detail on the wiki) that the committee feels will
help OWASP better Manage, Promote and Execute OWASP conferences/events as
well as make strides in spreading the OWASP message, bolster membership and
provide revenue for the foundation.  In order to execute our plan, the
committee has identified several areas where it was identified in the
by-laws or we felt that board involvement is necessary in order to execute
this plan.  While the link provides the comprehensive plan, I will attempt
to outline the following three areas that we felt met the board threshold,
and explain our rational for these changes as briefly as possible.

   - Requirement for GCC Member to be present at all Global AppSec and
   Regional/Theme conferences
   - OWASP Foundation signature authority for the GCC Membership
   - A Global Conference Committee Operational Budget of $33,000 USD

*Requirement for GCC Member to be present at all Global AppSec and
Regional/Theme conferences*
In order to ensure consistent quality events, aid in event operation, elicit
direct Sponsor/Speaker/Planner/
Attendee feedback and promote involvement between the larger OWASP events
and the Global Conferences Committee as the foundation's representatives the
GCC would like to require that a GCC member attend each Global AppSec and as
many Regional conferences as possible.  The attending member would be
responsible for working with the local planning team ahead of the
conference,  assist in any last minute logistical issues (see item 2:
Signature authority), spend time with Attendees, Sponsors, Speakers and the
conference planners while on site to get direct feedback about the event.
They would also be there to address any issues in addition to identify any
truly unique or outstanding items that the local team may have put
together.  This post-event feedback and lessons learned has been identified
as a major gap in managing our conferences as there is much institutional
knowledge about running successful OWASP events, however most of this is
captured in individuals and not in a more accessible form.  To address this
the attending GCC member would be required to file a report upon return
capturing these data points for collection on the wiki (for now).  Funding
for this travel would come from the GCC Operations Budget (see item 3) and
be subject to the GCC travel policy.

*OWASP Foundation signature authority for the GCC Membership*
Currently, only a board member or foundation employee (not entirely clear in
all cases) is empowered obligate the foundation on any contracts.  This has
created a number of bottlenecks in the contracting process that has impacted
some events ability to appropriately plan their events.  As a result, many
planners simply sign contracts that they do not have authority to sign on
the good faith that OWASP will honor the contract.  Also, the restriction on
signature authority is not clear to OWASP leaders, and many events are
signed for in OWASPs name without the knowledge of the foundation, when
asked, overhead is usually quoted as a reason for not following the correct
process.  The GCC proposes that GCC members be designated as Agents of the
foundation for the purpose of obligating the foundation for OWASP Events
(Leverage By-Lawys Article VI Section 1).  This would allow for the
committee, whom is more involved with event management and in a good
position to make assessments on event budgets, contracts et all, the
authority to sign contracts, thus reducing the load on the board members and
decreasing the turn-around time for event related contracts.  As such, we
propose that ALL event related contracts go through the GCC for approval and
signature (with the chair being primarily responsible for signatures,
however all members would be empowered to eliminate bottlenecks).  This
should reduce overhead, and overall increase the visibility the foundation
has into contracts being signed for "rogue" OWASP events.  To eliminate
conflicts of interest, GCC members will not be permitted to sign contracts
for conferences they organize (except when signature is required
immediately, for example on-site last minute items).  All completed
contracts will be kept on file in the GCC Fileshare (google docs) in PDF
form and supplied to the OWASP Operations director for foundation record
keeping.

*A Global Conference Committee Operational Budget*
While much of the GCC initiates for 2011can be supported by volunteer
efforts, several of the initiatives that the GCC would like to take on in
2011 require funding to support the activities.

   - $7500 for conference support (schwag/tables) targeting developer
   conferences

It has been identified that there is currently no coordinated budget for
OWASP support of non-OWASP events.  A request that frequently comes to the
committee is for a leader to approach the committee who has acquired or
would like to acquire OWASP "sponsorship" and/or booth space at a security
community event and is requesting support for schwag, funds to support the
event booth staff, shipping of materials ect.  This budget would be used to
support these activities as well provide an OWASP presence at strategic
conferences (with a developer focus) that would help spread application
security and the OWASP mission.

   - $500 OWASP GCC Technology Needs

The GCC would like to purchase several domain names and some other
technology to support the marketing of OWASP events.  In addition in order
to support some of the other GCC initiatives (such as a Conference
Management System, unified CFP ect.....) additional funds for technology may
be required.

   - $15,000, OWASP Track Travel expenses

Possibly one of the most exciting new initiatives in the GCC plan is the
OWASP Track.  At many OWASP events, even Global AppSec events, OWASP is
missing out on a golden opportunity to promote the great work that is being
done by OWASP volunteers.  In order to capitalize on this, the GCC would
like to partner with the GPC to put together an "OWASP Track".  The track
would consist of a cadre (10-20) of speakers from inew/high profile OWASP
projects.  The GCC would manage these speakers through an internal call for
papers that would be vetted by the GCC/GPC for some of our best speakers
from high profile projects.  As a new conference requests an OWASP Speaking
track (or for Global AppSec conferences, this will be required) the GCC
would reach out to the selected presenters to verify their availability for
the event and provide a list of 6-7 speakers to the local event coordinators
for the schedule.  The GCC/GPC would be responsible for maintaining the
quality of the speakers/content in the OWASP track and the funds would be
used to cover speaker travel expenses.  Speakers would be asked to first
approach employers to cover costs before foundation expenses are used and
would be held to the GCC Travel policy.

   - $10,000 GCC Member at all conferences (approx $1500/AppSec, $800
   Regional)

This would be the operational budget to support the first initiative
described in this email.  GCC representatives will be selected based on
availability/proximity to the event to limit travel expenses.  It is
expected that costs would be approximately $1500 for each AppSec conference
and $800 for each regional conference.

I apologize for the somewhat lengthy email, but I felt it was important to
provide some context/rationale for each item so that informed decisions can
be made by the board members.  If you have any questions I would be happy to
address them either on the phone or via email.

Regards,

-- 
Mark Bristow
(703) 596-5175
mark.bristow at owasp.org

OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
AppSec DC Organizer - https://www.appsecdc.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_conference_committee/attachments/20110103/349f1527/attachment.html