[Global_chapter_committee] [Global_conference_committee] OWASP Points for Leaders

Kate Hartmann kate.hartmann at owasp.org
Mon Dec 13 11:29:34 EST 2010


Great stuff.  I think this is a good start and may be applicable for the
Summit.  I have some questions on the list as noted.  I also think,
considering the points mentioned by Tom regarding membership, we should add
"paid member" to the criteria.  Lead by example.

.   

.  Major Active Project Leader 5 points - Which projects are the "Major
Active Ones?"

.  AppSec organizer in 2009/2010 5 points - Includes the entire committee,
right?

.  Special Invitation 4 points - What is this?

.  Key Industry player 4 points - What does this mean?

.  Active Chapter leaders 3 points - Define "Active."

.  New Committee Member 3 points - Less than ?  Three months, one year?

.  New  Project Leader 3 points - Define new?

.  Recommit Committee member 2 points - Annual renewal?

.  Past OWASP leaders 2 points - Is this to reengage?

.  Responded by 30th  2 points

.  Participated at AppSec 1 point - attended, spoken?

 

 

Kate Hartmann

Operations Director

301-275-9403

 <http://www.owasp.org/> www.owasp.org 

Skype:  Kate.hartmann1

 

From: global_conference_committee-bounces at lists.owasp.org
[mailto:global_conference_committee-bounces at lists.owasp.org] On Behalf Of
dinis cruz
Sent: Monday, December 13, 2010 6:13 AM
To: Tony UV
Cc: Global_membership_committee at lists.owasp.org;
global_conference_committee; owasp-summit-2011 at lists.owasp.org
Subject: [Global_conference_committee] OWASP Points for Leaders

 

(I changed the title to reflect the current topic (see thread below for
reference)

 

Mark is spot on that the point of the points system :)  , is to recognize
the leaders participation (and not to encourage it)

 

The fact that we don't have good visibility into our leaders contribution is
a massive problem at OWASP (and one that if don't tackle soon could cause a
lot of damage to our community).

 

Since the best way to get something done at OWASP is to have a reason/event
creating its need, the OWASP Summit 2011 is the perfect opportunity to have
a first pass at doing this.

 

The problem we have at the Summit is 'On which order/priority do we allocate
the limited available funds to bring our hard-working leaders to the Summit'
(i.e. if we have an extra 25k, who should get that money first? (as you will
see on the spreadsheet below, the current amount needed is 88k)

 

In order to get to this answer we have started creating a solution which is
in essence the points model proposed on this list.

 

Please start by reading this thread:
https://lists.owasp.org/pipermail/owasp-summit-2011/2010-December/000339.htm
l which points to this spreadsheet
https://spreadsheets.google.com/a/owasp.org/ccc?key=0Amvv_7Gz8Z7TdGNEb0RRUUd
fX0tMQ1EwTjY1MzNMWmc
<https://spreadsheets.google.com/a/owasp.org/ccc?key=0Amvv_7Gz8Z7TdGNEb0RRUU
dfX0tMQ1EwTjY1MzNMWmc&hl=en> &hl=en (see sheet #2 called '2nd Batch -
Sponsorships')

 

The discussion is currently at 'What types of points should we have and what
should be their value?'

 

Jason (in
https://lists.owasp.org/pipermail/owasp-summit-2011/2010-December/000346.htm
l) proposes the following list (which I agree) . Note that this needs to be
merged with the ideas already discussed in this thread:

.  Major Active Project Leader 5 points

.  AppSec organizer in 2009/2010 5 points

.  Special Invitation 4 points

.  Key Industry player 4 points

.  Active Chapter leaders 3 points

.  New Committee Member 3 points 

.  New  Project Leader 3 points

.  Recommit Committee member 2 points

.  Past OWASP leaders 2 points 

.  Responded by 30th  2 points

.  Participated at AppSec 1 point

Rationale:

- Committee Members: New committee members are demonstrating energy and
initiative. Recommitted members are members who for one reason or another
became inactive but have recommitted themselves to their committee. While
it's great that they have recommitted, I think we should give a slight
priority to new committee members over members who have already had an
opportunity to serve but failed to deliver. In essence, Recommitted
Committee members are akin to "historic" leaders

- Projects: New projects leaders are like new committee in that we want to
encourage the energy and initiative. Existing project leaders of active
projects are extremely important to the OWASP ecosystem so they should be
prioritized.

 

 Let's see if over the next couple days, we can:

*	agree on a criteria, 
*	complete the spreadsheet formula, 
*	do a first pass at the mappings 
*	and finally open up the discussion and mappings to the owasp-leaders
list

Dinis Cruz




On 13 December 2010 00:45, Tony UV <tonyuv at owasp.org> wrote:

Sounds good.  Inline comments below. Overall main concern is the (a)
development of the point system (b) educating a wide global member base on
the point system (despite the most clear and concise wiki, etc to accompany
it) (c) marketing this reward system to the point that adoption ramps up
effectively. In either case, I'm all in.

 

 

Tony UcedaVelez, CISM, CISA, GSEC

Chapter Lead

OWASP Atlanta

http://www.owasp.org/index.php/Atlanta_Georgia

Twitter: @versprite

 

From: Mark Bristow [mailto:mark.bristow at owasp.org] 
Sent: Sunday, December 12, 2010 7:34 PM
To: Tony UV
Cc: Michael Coates; global_conference_committee;
Global_membership_committee at lists.owasp.org


Subject: Re: [Global_membership_committee] Honorary Memberships - Vote
Scheduled for 12/21 @ Membership Meeting

 

The point is't to motivate people to contribute, [Tony UcedaVelez]  No
arguments on the need and goal to motivate folks.  Agree there.  

 

it's to recognize people who do and provide some metrics that can be pointed
to (Like CISSP CPEs) to demonstrate involvement.  [Tony UcedaVelez]
Wouldn't issuing CPE certs (a) achieve the same thing in terms of metrics
(number issued to, what they did, etc) and (b) give volunteers something
that they actually need? Otherwise we'll have to develop a fairly point
redeeming system AND educate them (more time) in order to get them to
understand what those points translate into.  All good if we want to do
that, but simply speaking on the logistics and time to be taken vs tapping
into an existing solution that they already know.  Currently there is no
measure of this. 

 

This is why I was shouldering the responsibility for individual points
awards/tracking on each Committee.  [Tony UcedaVelez]  Would it make sense
that there would be a dedicated global points coordinator for all of this or
even team to do this across the board?  Just thinking of the scalability of
leaders of those committees to have to set yet something else up as well.
Conference Volunteers is actually something not difficult for me to track
(as they get in free, need shirts ordered for them et all, they are
identified early).[Tony UcedaVelez]  Sounds good then.  As long as this and
other proposed use cases doesn't introduce a fuzzy, non-credible point
system where points are awarded w/o proper accountability.  

 

Each committee knows what's measurable and what's not.

On Sun, Dec 12, 2010 at 7:23 PM, Tony UV <tonyuv at owasp.org> wrote:

My .02 late in the game is as follows:  (please excuse any redundancy)

 

-          Main point, if people need a point system to lead or contribute,
then there is something wrong here. This is my main gut feeling.

-          Points would be difficult to track and maintain the
accountability and integrity of. He/She said could ensue, particularly if
points are awarded to relatively simple actions that are not well defined
(i.e. - OWASP Conference Volunteer)

-          Don't think that the point system would have much clout with
employers.  We could simply do the CPE thing for those that nurse those
certifications.  They have to find hours anyway and they may as well get
credit.  All depends on how active we've socialized the idea of awarding
CPEs to volunteers, etc. Works for ISSA/ ISACA to shepherd them in.

-          Point system may work best to cash in to a reward point system
(which may have already been discussed) where members turn in points for
freebies (OWASP merch) or points towards expense paid OWASP cons, etc.

-          Corporate level point system may work by letting them rack up
points so that they could get a free 2 day training from an OWASP lead or
trainer.  

 

 

 

Tony UcedaVelez, CISM, CISA, GSEC

Chapter Lead

OWASP Atlanta

http://www.owasp.org/index.php/Atlanta_Georgia

Twitter: @versprite

 

From: global_membership_committee-bounces at lists.owasp.org
[mailto:global_membership_committee-bounces at lists.owasp.org] On Behalf Of
Mark Bristow
Sent: Sunday, December 12, 2010 4:36 PM
To: Michael Coates
Cc: global_conference_committee; Global_membership_committee at lists.owasp.org
Subject: Re: [Global_membership_committee] Honorary Memberships - Vote
Scheduled for 12/21 @ Membership Meeting

 

<inject>

 

I actually was talking to Jason Li and Dinis about this at AppSec BR.  We
were thinking that we could develop a "OWASP Points" System that assigns
points to people based on the OWASP Activities they do.  Ultimately We'd
might work out member "levels" or some benefits to add to this, but i
digress.  

 

You all would set "global" point values for things like, being a committee
member, committee chair, board member, and other general member stuff.  The
thought would be each committee would assign the point values for their
respective AORs but it would be a Membership Committee initiative (see how I
volunteered you?).  Committee Chairs would have to report in points say,
quarterly and they would be assigned on completion of the activity.

 

As an Example for the GCC we do something like (point values are nominal,
we'd have to get together and normalize them):

*	OWASP Conference (Core) Organizer: 50 Pts
*	OWASP Conference Planning Committee Members: 20 Pts
*	OWASP Conference Voluenteer: 10 Pts
*	Attend an OWASP Conference: 5pts
*	Attend OWASP Training Class: 5pts
*	Host an OWASP Event: 10 Pts

Projects would then do something similar for their stuff (take a project to
alpha release, lead a project, submit code .... whatever they want)

 

Industry, Connections, Education, Chapters and so on.

 

This serves 2 functions.  You would be able to show off how many OWASP
points you'e earned..... and for employers, employees, having substantial
OWASP points could be a reason to get a raise, job et all.

 

OFC, you'd have to be a individual member of the organization for any of
this to be tracked.

 

</inject>

 

On Sun, Dec 12, 2010 at 4:20 PM, Michael Coates <michael.coates at owasp.org>
wrote:

 

In terms of the self assessment, where you thinking of having a specific
date for it (i.e. every november) or would it be X months from the last
review or when the leader was appointed?

 

Either way could work, but I think we could keep our heads around it better
if its at a set date every year. Also we can easily advertise/remind the
leaders list each time that window roles around.

 

Workload-wise it might be better to have this on a rolling basis.  That way
it could be a recurring task ("we need to review these applications by the
first of the month") rather than a huge project ("review ALL the
applications by Nov 1")  Also I believe that there will be increased OWASP
activity for most folks just before their renewals come up and it would be
better to have that spread throughout the year rather than centered at one
point on the calendar.

 

Good point on the ramp up of OWASP activity that might occur prior to the
deadline.  I'm for the rolling model, we just need to make sure we have a
good tracking system in place and have several methods to contact each
individual.

 

 

In terms of the review period, what do you think of making it smaller, i.e:
at least every 6 months?


 

Benefits: Cause individuals to reevaluate their contributions more often.
Possibly leading to people doing more work for OWASP.

Negatives: More work for individuals, more work for reviewers (committees
analyzing these docs).  May frustrate people to keep filling out these docs.
Also, sometimes people just get busy at work and have to do less OWASP.  Not
sure how they'd feel to loose their Honorary Status.

 

Might make sense to start with an annual model and increase the tempo if we
think it will increase involvement and it won't overload the folks doing the
reviewing.

 

I'm for starting this on an annual basis too.

 

-Michael


_______________________________________________
Global_membership_committee mailing list
Global_membership_committee at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/global_membership_committee




-- 
Mark Bristow
(703) 596-5175
mark.bristow at owasp.org

OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
AppSec DC Organizer - https://www.appsecdc.org




-- 
Mark Bristow
(703) 596-5175
mark.bristow at owasp.org

OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
AppSec DC Organizer - https://www.appsecdc.org


_______________________________________________
Global_membership_committee mailing list
Global_membership_committee at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/global_membership_committee

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_chapter_committee/attachments/20101213/06179e90/attachment-0001.html 


More information about the Global_chapter_committee mailing list