[Global_chapter_committee] [Global_conference_committee] [Global_membership_committee] Conference/Chapter Revenue Splitting

Richard Greenberg richard.greenberg at owasp.org
Wed Dec 22 09:59:37 EST 2010


As both an LA Chapter Board Member and GCC member, I am well positioned (I'd
better be) to weigh in on this passionate discussion. I have not yet read a
false statement from anyone, which means we are all speaking at a high
level. Of course, there must be some resolution to this hot issue, so here
are my thoughts.

Any local chapter that takes on the responsibility for a local hosting of a
Global AppSec conference does so with the understanding that they are the
ones who are in charge and must bear the responsibility for the success or
failure of the conference, both in terms of content and financially. We in
SoCal spent countless hours on all the conference planning tasks, from venue
issues to reception planning, from spreading the word for and vetting
speakers to getting sponsorships (and I personally got a number of these).
We are not paid OWASP employees, but of course all have other jobs, that we
put in much more than a 40 hour work week to be successful. Yet we still all
found the time to indeed make the conference a success. Why did we do this?
No, it was never directly about the money. Yes, it involved the money, but
solely to build the LA Chapter. LA is the largest megalopolis in the
country, yet its participation at OWASP meetings is not proportional to
this. We are using AppSec as a beacon to light the way for the development
and appsec community to come into the OWASP fold. Word of mouth is
important, but much of the efforts require cold hard cash, the kind that was
brought in from AppSec. Los Angeles is often looked at as a driving force in
initiatives for the rest of the country, and we are setting our goals
appropriately. Look at the success New York OWASP has been having. LA needs
to be at that level!

Stepping up a level, any local chapter that takes on the hosting
responsibility should receive the funding it needs for it's initiatives,
provided it has generated that income for both OWASP and the chapter itself.
It should not be the role of OWASP to dictate what the chapter must do with
its money, unless there is a clear misuse or poorly chosen direction. We
have highly motivated , intelligent, and resourceful Chapter Leaders that
have that responsibility. Let's remember not to covet others riches, but to
respect the capacity of each Chapter to build and spread the OWASP concepts
to as many people/companies as possible.

On Wed, Dec 22, 2010 at 9:26 AM, Kate Hartmann <kate.hartmann at owasp.org>wrote:

> Tin, I am really not picking on you, individually, but need to really speak
> up on this subject since it is a very critical one for the foundation as an
> organization.
>
>
>
> Tin, please be careful when you bring in phrases like, “this is the core of
> the matter here.”  Really, I disagree with that statement.  The idea is not
> that simple – guilt.
>
> We are working on a global solutions to the chapter funding.  Not every
> chapter can host an AppSec and the regional events do not bring in that much
> revenue.  We need to think about the message we send to EVERYONE.
>
> Hosting an AppSec or any conference should really not be about the money.
> In fact, until very recently, the local chapter did not receive ANY split
> and we still had lots of chapters asking to host the conference.  In 2008,
> as a result of the first Summit, the Membership model was modified to
> provide local chapter’s a 40% share of incoming membership fees.  This means
> that a corporate supporter attached to a local chapter would generate $2K.
> There are many chapters who have used this “seed money” to drive membership,
> participation, and bring in additional chapter revenue through corporate
> supporters.
>
>
>
> Looking  at the first paragraph about OWASP on the website, at the mission
> of OWASP, it reads:
>
>
>
> “The Open Web Application Security Project (OWASP) is a 501c3
> not-for-profit worldwide charitable organization focused on improving the
> security of application software. Our mission is to make application
> security visible, so that people and organizations can make informed
> decisions about true application security risks. Everyone is free to
> participate in OWASP and all of our materials are available under a free and
> open software license. “
>
>
>
> It is MY OPINION based on what I have seen Globally, energy spent on
> Membership is more financially rewarding in the long term, and, hour for
> hour, provides a greater return on investment.  The profits for an AppSec
> conference are really the result of turning the membership relationships
> into sponsorships.
>
>
>
> Tin, really, I challenge you to look at the sponsorship revenue from AppSec
> US and point to the *local* companies that stepped up to sponsor the
> event.  Most of them are Corporate sponsors at the foundation level that I
> was able to connect with to generate sponsorship for the event.
> Additionally, it was the mailing lists created by the foundation and the
> blasts that generated a good portion of the attendance for the conference.
>
>
>
> The conferences committee is debating an opportunity to essentially reward
> the local chapter for their investment in time with the equivalent of 2 or 3
> corporate membership splits as funds to continue the efforts in that
> region.  One of the proposals on the table is to use the remaining split of
> the profits to assist other, smaller, newer chapters who otherwise would not
> have the funds to secure a venue, print flyers, bring in speakers, or find
> other ways to promote OWASP.
>
> I am sorry if it seem like I’m being harsh on you.  I see OWASP from the
> center and therefore very often try to find a compromise that benefits the
> entire organization.
>
>
>
> Kate Hartmann
>
> Operations Director
>
> 301-275-9403
>
> www.owasp.org
>
> Skype:  Kate.hartmann1
>
>
>
> *From:* global_conference_committee-bounces at lists.owasp.org [mailto:
> global_conference_committee-bounces at lists.owasp.org] *On Behalf Of *Tin
> Zaw
> *Sent:* Tuesday, December 21, 2010 10:47 PM
> *To:* Mark Bristow
> *Cc:* global_chapter_committee at lists.owasp.org; Eoin; Lucas Ferreira;
> Global_membership_committee at lists.owasp.org; global_conference_committee
> *Subject:* Re: [Global_conference_committee] [Global_chapter_committee]
> [Global_membership_committee] Conference/Chapter Revenue Splitting
>
>
>
> Mark, you do not need to snip anything. I said it on the record and I stand
> by it.
>
>
>
> And I agree, OWASP's needs come first, hence 75% of the proceeds, and the
> local chapter's needs come second, hence 25% of the proceeds. In this case,
> the local chapters over-fund OWASP, not the other way around.
>
>
>
> After such split, with OWASP being first, local chapters should have
> certain freedom, within OWASP guidelines, on how they allocate their funds.
> They should not feel guilty for it. In case it is not noticed, this is the
> core of the matter here.
>
>
>
> As I mentioned for the Summit cost, I am willing to negotiate, and I
> believe Kate and Dinis have made some good arguments on why spending chapter
> funds for the Summit is a good idea.
>
> We could go a long way if we all collaborate.
>
>
>
> Cheers!
>
>
>
>
>
> On Tue, Dec 21, 2010 at 6:52 PM, Mark Bristow <mark.bristow at owasp.org>
> wrote:
>
> This to me is a great example of why we should not over-fund chapters....
>
>
>
> Some context, this chapter is proposing that, even tho they have ample
> funds to send some of their leaders to the summit, that they split the cost
> 50/50 with the foundation even after Tom's call for "donations" to the
> summit fund from local chapter funds.  Clearly the summit is a huge priority
> for OWASP, however in the isolation of this chapter, it's not as important.
>
>
>
> <snip>
>
> As for local chapter funds, I have not been informed of, nor do I subscribe
> to the notion that funds are to be used for next calendar year. Our plans
> for chapter funds are for 2011 and beyond, with recognition that we will not
> be hosting AppSec -- and enjoy its proceeds -- anytime soon. Our current
> plans include more local outreach, support for local university chapters,
> and potential rental expenses for chapter meetings or mini-conferences when
> we outgrow space. In addition, I plan to leave the chapter in a better
> financial shape when I step down one day.
>
>
>
> I hope my points are understandable. I also understand that OWASP plans to
> bring as many people as possible, and if and when it comes down to financial
> necessity, I am willing to negotiate other options.
>
> </snip>
>
>
>
> While I've snipped out the bits that identify the chapter, the message is
> almost perfectly intact.  It's pretty clear to me that the foundation could
> really use some of these funds currently, however the chapter disagrees and
> therefore we have to hunt for funds elsewhere.
>
>
>
> I agree it's a TON of work to organize a conference, I've done it directly
> 2 years in a row.  But the motivation for doing so should not be a financial
> one and the needs of the foundation should always come first, because in the
> end, it was an OWASP event, not a chapter one.
>
>
>
> On Sun, Dec 19, 2010 at 2:58 AM, dinis cruz <dinis.cruz at owasp.org> wrote:
>
> The Samy tour is a great example of what happens when you remove from the
> Chapters the responsibility to make the initial decision (and some of the
> financial cost).
>
>
>
> John's email below is spot on, when I talk about 'financial paralysis' and
> the inability from our chapter leaders to spend (or ask) for money, that is
> exactly what I'm talking about. If (in the curent model) John W. doesn't
> feel confortable in asking for money, then who is?
>
>
> Our current OWASP culture, doesn't promote a 'spending proactivity' of our
> projects and chapter leaders. In fact, it is not even enough to say *'here
> is money, we trust you, go and spend it'* (as we see with the 30k
> allocated to Projects, Committees and Chapters which has barely been used).
>
>
>
> I think that this is a reflection of the normal non-OWASP world where there
> are always very strong controls on the use of financial resources.
>
>
>
> Add to that a *"I don't need the headache of having to justify why I need
> the money"* to a *"If I'm doing this for OWASP and I have the track
> record, why should I even have to justify it"* to a *"I really like OWASP
> and don't want to spend the resources badly"*  to a *"What are the rules
> for engagement if it doesn't work out as well as I would like it to?"* you
> have a perfect storm for inaction
>
> Dinis Cruz
>
>
>
> On 17 December 2010 12:21, John Wilander <john.wilander at owasp.org> wrote:
>
> Gosh, some heavy emailing going on here.
>
>
>
> Just a short one to answer Mark's request for examples of chapters being
> denies funding.
>
>
>
> I think this is not a case of chapters asking for money and being denied.
> No such examples to my knowledge. I think the case is "we have no money so
> we don't do X and Y". Chapters don't feel empowered or comfortable to write
> an email to Mark or Kate and ask for $. Instead they strive in mediocracy
> and skip doing better events.
>
>
>
> In concrete terms ... Samy Kamkar's talks at several European chapters were
> a huge success. But they were *not* initiated by empowered chapters. It
> was a *central* OWASP initiative with a *central* funding solution in
> place. Now OWASP Sweden wants to pursue this path and invite Mario
> Heiderich, Gareth Heyes, Dinis Cruz etc. Great! But have we written an email
> to Mark yet? No. Not even I, being a member of the GCC, feel comfortable
> asking for the foundation's money to run a local event.
>
>
>
> In this case OWASP Sweden actually has money. Why? Because we got a share
> of the revenue from OWASP AppSec in Stockholm. So we're going to fly Mario
> Heiderich in and build upon the success with Samy. We already have more than
> 500 members and we asked them what we should use the chapter's money for.
> Answer: More international experts giving talks and tutorials. This is what
> the chapter members want.
>
> (Of course we will try to find sponsors to lower the chapter's costs and we
> will try to cooperate with OWASP Finland and Norway so we can share travel
> costs.)
>
>
>
>    Regards, John
>
>
>
>
>
> 2010/12/16 L. Gustavo C. Barbato <lgbarbato at owasp.org>
>
>
>
>
> I also defend the idea of collaboration between chapters in order to
> achieve great conferences results - when I say collaboration I do mean
> collaborate <http://dictionary.reference.com/browse/collaborate> (*to
> work, one with another; cooperate, as on a literary work*), in other
> words, without having profits in mind.
>
> However, aiming to compensate the collaboration on conferences and have a
> fair support of OWASP, I do defend the idea of having conferences in
> different cities yearly according to local chapters locations. Nevertheless,
> we can't forget the hard work necessary of local chapters to host a
> conference -- I know that because after the AppSec Brazil 2010 (last month),
> I don't stop thinking and working on AppSec 2011 -- it's already being
> time-consuming.
>
> L. *Gustavo* C. *Barbato*, Ph.D.
> Chapter Leader, OWASP Porto Alegre / *Brazil*
> Global Chapter Committee Member
> http://www.owasp.org/index.php/User:Gustavo_Barbato
>
>
> On 12/15/2010 12:29 PM, Mark Bristow wrote:
>
> Comments forwarded on Lucas's behalf (he's on vacation and can't send as
> the right user.....)
>
>
>
> =======
>
> I don't like the idea of having one chapter getting so more funds then
> others. For AppSec Brasil, we will have people from multiple chapters
> involved and it would not be nice to have one chapter getting all the
> money. Having to decide a split amongst chapters would need energy
> that could be better used somewhere else.
>
> In principle, I don't like the idea of having chapters "fighting" for
> money, and we may have this in the future if the chapter split is too
> high. I'm afraid collaboration may decrease in the long run. On the
> oher hand, I'd like to see a solution that increases the involvement
> of chapter leader in our conferences, specially to have people from
> different chpaters to collaborate in conference teams.
>
> I think that having many chapters with some money is better than
> having a few chapters with a lot of money. I think we should invest
> more in getting more active chapters than making a few chapters more
> active.
>
> The fund idea seams a good solution to me.
>
> Regards,
>
> Lucas
>
> On Tue, Dec 14, 2010 at 7:19 PM, Neil Matatall <neil at owasp.org> wrote:
>
> Well this thread has become epic and unfortunately I haven't been able
> to catch all of the ideas.  I really hope I can catch up, but why
> don't we have a conference call or discuss this at the summit (those
> not in attendance will have to be accommodated somehow)?
>
> Times like these make me wish my phone has an "threaded" email view :(
>
>
> On Tue, Dec 14, 2010 at 12:13 PM, Jason Li <jason.li at owasp.org> wrote:
> > So taking Michael's suggestion of starting fresh, I've cleared the long
> > quote of the thread.
> > As an observer to the thread, I'm going to capture what I think has been
> > mentioned so far on the thread.
> >
> > And then I'll weigh in with my humble opinion, keeping in mind that I am
> not
> > involved in the Conferences Committee, Membership Committee, Chapter
> > Committee, or the Board (in other words, I'm a nobody in this
> conversation
> > :)).
> > ----
> > Summary of Problem:
> > Where does Conference revenue go?
> > Points of Concern:
> > 1) Conferences are put on with the assistance of local chapters and
> > coordination/support from the OWASP mothership
> > 2) We want a way to reward local chapters for their help with
> > running/coordinating a conference
> > 3) We want conference attendees the option to get OWASP Memberships
> bundled
> > in with the conference
> > 4) Chapters need money to do things
> > -------
> > Now with that out of the way, my personal thoughts:
> > #4 is completely independent of Conference revenue. There are lots of
> other
> > OWASP sectors that also need money to do things (Projects and Summits for
> > example). If there is a need for Chapters to do something, then this
> should
> > be allocated out of the main OWASP mothership budget and not out of
> > Conference revenue.
> > In my view, conference revenue should go to one of three places:
> > 1) OWASP Mothership fund (where the Board can then re-allocate as needed
> to
> > support Chapters or other initiatives as appropriate)
> > 2) Local Chapter(s) supporting the conference (in order to recognize
> their
> > support)
> > 3) Conferences fund managed by the Conferences Committee
> > I'm not even sure if #3 is really necessary as that could also fall under
> > #1.
> > The only real debate is what proportion of the revenue should go into
> which
> > bucket. That's where I believe this debate originally started. All this
> > other talk about chapter needs and a chapter fund has clouded the
> > discussion.
> > -Jason
>
> > _______________________________________________
> > Global_conference_committee mailing list
> > Global_conference_committee at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/global_conference_committee
> >
> >
>
>
>
> --
>
> --
>
> Neil
>
>
>
>
> --
> Mark Bristow
> (703) 596-5175
> mark.bristow at owasp.org
>
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> AppSec DC Organizer - https://www.appsecdc.org
>
>
>
> _______________________________________________
>
> Global_chapter_committee mailing list
>
> Global_chapter_committee at lists.owasp.org
>
> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>
>
> _______________________________________________
> Global_conference_committee mailing list
> Global_conference_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>
>
>
>
> --
> John Wilander, https://twitter.com/johnwilander
> Chapter co-leader OWASP Sweden, http://owaspsweden.blogspot.com
>
> Co-organizer Global Summit, http://www.owasp.org/index.php/Summit_2011
>
> Conf Comm, http://www.owasp.org/index.php/Global_Conferences_Committee
>
>
>
>
> _______________________________________________
> Global_conference_committee mailing list
> Global_conference_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>
>
>
>
> _______________________________________________
> Global_conference_committee mailing list
> Global_conference_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>
>
>
>
> --
> Mark Bristow
> (703) 596-5175
> mark.bristow at owasp.org
>
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> AppSec DC Organizer - https://www.appsecdc.org
>
>
> _______________________________________________
> Global_chapter_committee mailing list
> Global_chapter_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>
>
>
>
> --
> Tin Zaw, CISSP, CSSLP
> Chapter Leader and President, OWASP Los Angeles Chapter
> Google Voice: (213) 973-9295
> LinkedIn: http://www.linkedin.com/in/tinzaw
>
> _______________________________________________
> Global_conference_committee mailing list
> Global_conference_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>
>


-- 
Richard Greenberg, CISSP
Board of Directors, OWASP Los Angeles,
www.owaspla.org<http://www.appsecusa.org/>
Board of Directors, ISSA Los Angeles, www.issa-la.org<http://www.appsecusa.org/>
OWASP Global Conference Committee
LinkedIn:  http://www.linkedin.com/in/richardagreenberg
                                                   <#>
<#>
<#>       <#>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_chapter_committee/attachments/20101222/1f21cfa7/attachment-0001.html 


More information about the Global_chapter_committee mailing list