[Global_chapter_committee] FW: DEF CON Reimbursement

Stevens, Teresa ExSi at pge.com
Thu Sep 1 11:30:04 EDT 2011


I agree with Dave. I think we have to be careful about being too dictatorial. We want members to be happy, and satisfied with their membership, while understanding our guidelines, and policies. It is a difficult balance to maintain, sometimes, but the most successful organizations find a way to balance freedom of choice, with requiring a degree of adherance to rules.  

Thanks, 

Teresa Stevens, MCPM, MSIA, CISSP
Information Security Specialist
InfoSec, ISTS
Pacific Gas and Electric Company
77 Beale Street, Room 2605A
Mail Code B26S
San Francisco, CA 94105
415-973-1961

-----Original Message-----
From: global_chapter_committee-bounces at lists.owasp.org [mailto:global_chapter_committee-bounces at lists.owasp.org] On Behalf Of Dave Wichers
Sent: Thursday, September 01, 2011 6:02 AM
To: 'Tin Zaw'; 'Jason Li'
Cc: 'global_conference_committee'; global_chapter_committee at lists.owasp.org; committees-chairs at lists.owasp.org
Subject: Re: [Global_chapter_committee] FW: DEF CON Reimbursement

Thanks Tin. I think this is a good idea and I also agree with Lorna that we need more detailed guidelines. 

Here is what I propose.

1) We approve the expense in question. I really don't think its that big of a deal and not an obvious abuse.

But I do think its worth discussing which is why I wanted to bring this up.

2) So, we discuss this at the conference as Tin proposes and the GCC hopefully establishes some more details on expected or allowed chapter expenses, and maybe even starts a list of expenses generally NOT allowed if we ultimately decide this is a type of expense that we should NOT fund in general. 

I'm OK with these being guidelines, and I think if we indicate that in general something not be allowed, that its still OK for a chapter lead to ask the GCC if they can spend money on that type of thing with an explanation of why and the GCC can consider approving it. I don't want to end up with dictatorial hard and fast rules. I think guidelines are OK and in general have been working.

But I also think staying within these guidelines in general is good for OWASP. I want to try as much as we can to avoid the perception of abuse, which I think is very important to our reputation amongst our members and the people that provide us with the limited funds we do get. We need to be good stewards of OWASP's funds because there are many different ways they could be used, some more effective than others to the overall benefit to our community.

3) I think we should also consider requiring some kind of two person controls if the money is spent for the chapter leaders benefit. i.e., they can't approve their own expenses in advance.  That is not the case in this situation because I don't think Richard is the local chapter lead (or sole lead), but It's a control that we might suggest be put in place for situations where it is the sole chapter lead receiving the primary benefit of the expense.

-Dave

p.s. And I'm also pleased that this conversation remained civil and didn't blow out of control. I appreciate that. Thanks everyone and I hope to see most of you in MN later this month.

-----Original Message-----
From: Tin Zaw [mailto:tin.zaw at owasp.org]
Sent: Wednesday, August 31, 2011 10:20 PM
To: Jason Li
Cc: Tom Brennan; global_conference_committee; global_chapter_committee at lists.owasp.org; committees-chairs at lists.owasp.org;
Dave Wichers
Subject: Re: [Global_chapter_committee] FW: DEF CON Reimbursement

Since I am directly involved, I will not comment on the particulars, but I would agree that we need better guidance on chapter finances.
This is what the chapter committee is supposed to do, and so far, it is an unfinished job.

I would like to invite all the interested parties, especially chapter leaders, to join us at the chapter leader workshop on September 21 afternoon at AppSec USA. Chapter finances will be a heated topic to discuss there.

Thanks.

On Wed, Aug 31, 2011 at 6:57 PM, Jason Li <jason.li at owasp.org> wrote:
> Tom,
> I don't think that's what Lorna is saying at all!
> I don't want to put words in her mouth, so I'll simply state my
observation.
> The Chapters Committee is responsible for setting policies in support 
> of chapters. The Conferences Committee is responsible for setting 
> policies in support of conferences. The Projects Committee is 
> responsible for setting policies in support of projects.
> As I vocalized on the last Board call, while these committees all 
> ostensibly work for the good of OWASP, our roles within our respective 
> individual areas of responsibility preclude us from fully appreciating 
> or seeing the impact of the Foundation as a whole.
> I don't think these types of issues can be solved by any one committee 
> alone
> - such policies and guidance regarding OWASP expenditures affect all 
> of OWASP.
> I believe the ongoing and repeated issues that are brought to the 
> Board by the Chapters/Conferences committees are indicative of the 
> fact that these types of issues cannot be solved at the committee level.
> Finances are an area where we need a body in higher authority (i.e. 
> the
> Board) to set a direction and policy for the organization as a whole. 
> What are the priorities for OWASP and how do we decide what's "best 
> for
OWASP"?
> In the absence of such guidance, we will continue to see issues bubble 
> up to the Board (think exceptions and overturned policies).
> The need to establish such policy and priorities is one of the reasons 
> I have been pushing hard to get the Board and Committee Chairs 
> together at AppSec USA.
> -Jason
>
> On Wed, Aug 31, 2011 at 8:59 PM, Tom Brennan <tomb at owasp.org> wrote:
>>
>> Excellent points.  So you would agree that this is a committee issue 
>> for the GCC - hence the purpose of the global committee
>>
>> https://www.owasp.org/index.php/Global_Chapter_Committee
>>
>>
>> On Aug 31, 2011, at 8:52 PM, "Lorna Alamri" <lorna.alamri at owasp.org>
>> wrote:
>>
>> > As a chapter leader and an OWASP Fund Raiser, I'm uncomfortable 
>> > with not having tight controls and limits around how chapter funds 
>> > are used for Chapter leaders travel. In development you put in a 
>> > separation of duties as a control and I think something similar 
>> > should be done within OWASP for Chapter Funds being used for travel 
>> > as well.
>> >
>> > I don't think it's appropriate that I raise funds, and then approve 
>> > using those funds for my OWASP related travel. The corporate 
>> > sponsors and members of our chapter have donated funds because they 
>> > want us to be able to bring in great speakers for meetings, hold 
>> > training and conference events. I feel there is a strong argument 
>> > for funding Chapter leaders to travel for OWASP from chapter funds.
>> >
>> > However, thought needs to be put into how chapter funds could be 
>> > misused and policies put in place to mitigate the risk. It would be 
>> > very damaging to OWASP as a whole if chapter funds were misused and 
>> > the OWASP Foundation needs to think about the ramifications if 
>> > allegations are made regarding chapter funds misuse as though it 
>> > would be a local incident it could have much further impact than 
>> > just regional.
>> >
>> > As OWASP is a growing organization it must be kept in mind that we 
>> > are setting precedent with these decisions. I think Dave is right 
>> > to hold up a flag and say wait we need to think this through.
>> >
>> > Regards,
>> > Lorna
>> >
>> >
>> > -----Original Message-----
>> > From: global_chapter_committee-bounces at lists.owasp.org
>> > [mailto:global_chapter_committee-bounces at lists.owasp.org] On Behalf 
>> > Of Dave Wichers
>> > Sent: Wednesday, August 31, 2011 7:27 PM
>> > To: 'Christian Heinrich'
>> > Cc: global_chapter_committee at lists.owasp.org
>> > Subject: Re: [Global_chapter_committee] FW: DEF CON Reimbursement
>> >
>> > My question has nothing to do with what Richard does, or where he
works.
>> > It's simply a question of whether this type of chapter expense is 
>> > something we want to allow. I'm not hard over here. I'm just 
>> > interested in people's opinions. I personally don't think it's the 
>> > best use of a chapter's funds, and I'm not really sure it's an 
>> > appropriate use either, but that's my opinion. Best use is the 
>> > chapter's responsibility and I fully support their freedom to 
>> > choose.
>> >
>> > Appropriate use is an OWASP chapter expense guidelines question, 
>> > which is the question I posed.
>> >
>> > -Dave
>> >
>> > -----Original Message-----
>> > From: Christian Heinrich [mailto:christian.heinrich at owasp.org]
>> > Sent: Wednesday, August 31, 2011 8:20 PM
>> > To: Dave Wichers
>> > Cc: global_chapter_committee at lists.owasp.org
>> > Subject: Re: [Global_chapter_committee] FW: DEF CON Reimbursement
>> >
>> > Dave,
>> >
>> > I wish to highlight that since Richard is employed by the Los 
>> > Angeles County Department of Public Health i.e. an end user and
>> > *not* a vendor and/or consultancy, then in my opinion there is no 
>> > perceived conflict of interest or exploitation of OWASP.
>> >
>> > On Thu, Sep 1, 2011 at 4:55 AM, Dave Wichers 
>> > <dave.wichers at owasp.org>
>> > wrote:
>> >> Guys,
>> >>
>> >> I'm not trying to make a mountain of out nothing here, but I don't 
>> >> know if I would consider this an appropriate chapter expense. And 
>> >> on top of that, the chapter was already represented by at least 
>> >> two other members being there already.
>> >>
>> >> I'd like to get the entire committee's thoughts on the 
>> >> appropriateness of this type of expense. I've never seen an 
>> >> expense like this for OWASP
>> > before.
>> >> I know Tin's opinion since he approved this for his local chapter 
>> >> in the first place, so I'm interested in the rest of the 
>> >> committee's
>> > thoughts.
>> >>
>> >> -Dave
>> >>
>> >> -----Original Message-----
>> >> From: Alison McNamee [mailto:alison.mcnamee at owasp.org]
>> >> Sent: Wednesday, August 31, 2011 2:29 PM
>> >> To: Dave Wichers
>> >> Cc: Kate Hartmann
>> >> Subject: FW: DEF CON Reimbursement
>> >>
>> >> Dave,
>> >>
>> >> Please see Tin's response below concerning Richard Greenberg's 
>> >> reimbursement from the LA Chapter funds for travel to DEF CON.  Is 
>> >> it ok to go ahead and mail this check?
>> >>
>> >> Thanks,
>> >>
>> >> Alison Shrader
>> >> The OWASP Foundation
>> >> 9175 Guilford Road, Suite 300
>> >> Columbia, MD 21046
>> >> 1-301-575-0197
>> >> 1-443-283-4021 (Fax)
>> >>
>> >> -----Original Message-----
>> >> From: Tin Zaw [mailto:tin.zaw at owasp.org]
>> >> Sent: Tuesday, August 30, 2011 3:38 PM
>> >> To: Alison McNamee
>> >> Cc: Richard Greenberg
>> >> Subject: Re: DEF CON Reimbursement
>> >>
>> >> Alison,
>> >>
>> >> Richard was not presenting OWASP material at the conference, but 
>> >> Richard is instrumental in recruiting speakers and sponsors for LA 
>> >> chapter
>> > meetings.
>> >> DEFCON is a perfect ground for such event, and he got good leads
there.
>> >> Cassio and I were there too but we were lucky enough to be 
>> >> sponsored by our employers, but Richard was not, and hence we 
>> >> decided to support his
>> > trip.
>> >>
>> >> Thank you.
>> >>
>> >> On Tue, Aug 30, 2011 at 12:26 PM, Alison McNamee 
>> >> <alison.mcnamee at owasp.org>
>> >> wrote:
>> >>> Hi Tin,
>> >>>
>> >>> I just want to verify why the LA chapter is paying for Richard's 
>> >>> travel to DEF CON.  Was he presenting on OWASP there?
>> >>>
>> >>> Thanks!!
>> >>>
>> >>> Alison Shrader
>> >>> The OWASP Foundation
>> >>> 9175 Guilford Road, Suite 300
>> >>> Columbia, MD 21046
>> >>> 1-301-575-0197
>> >>> 1-443-283-4021 (Fax)
>> >>>
>> >>> -----Original Message-----
>> >>> From: Tin Zaw [mailto:tin.zaw at owasp.org]
>> >>> Sent: Tuesday, August 23, 2011 9:06 PM
>> >>> To: alison mcnamee
>> >>> Cc: Richard Greenberg; Cassio Goldschmidt
>> >>> Subject: Fwd: DEF CON Reimbursement
>> >>>
>> >>> Alison,
>> >>>
>> >>> Please reimburse Richard with $533.98 from LA chapter funds.
>> >>>
>> >>> Thank you.
>> >>>
>> >>>
>> >>> ---------- Forwarded message ----------
>> >>> From: Richard Greenberg <richard.greenberg at owasp.org>
>> >>> Date: Mon, Aug 22, 2011 at 2:41 PM
>> >>> Subject: DEF CON Reimbursement
>> >>> To: Tin Zaw <tin.zaw at owasp.org>
>> >>>
>> >>>
>> >>> Tin,
>> >>>
>> >>> Please find attached my travel expenses for DEF CON. I have not 
>> >>> billed for food or admittance to the conference.
>> >>>
>> >>> Airfare: $215
>> >>> Hotel: $119.08
>> >>> Taxi: $199.90
>> >>> Total: $533.98
>> >>>
>> >>> My mailing address is:
>> >>> 5920 Stoneview Dr
>> >>> Culver City, Ca 90232
>> >>>
>> >>> Thank you.
>> >>>
>> >>> --
>> >>> Richard Greenberg, CISSP
>> >>> Board of Directors, OWASP Los Angeles, www.owaspla.org Board of 
>> >>> Directors, ISSA Los Angeles, www.issa-la.org OWASP Global 
>> >>> Conference Committee
>> >>> LinkedIn:  http://www.linkedin.com/in/richardagreenberg
>> >>>
>> >>>
>> >>>
>> >>> --
>> >>> Tin Zaw, CISSP, CSSLP
>> >>> Chapter Leader and President, OWASP Los Angeles Chapter Chair, 
>> >>> OWASP Global Chapter Committee Google Voice: (213) 973-9295
>> >>> LinkedIn: http://www.linkedin.com/in/tinzaw
>> >>>
>> >>>
>> >>
>> >>
>> >>
>> >> --
>> >> Tin Zaw, CISSP, CSSLP
>> >> Chapter Leader and President, OWASP Los Angeles Chapter Chair, 
>> >> OWASP Global Chapter Committee Google Voice: (213) 973-9295
>> >> LinkedIn: http://www.linkedin.com/in/tinzaw
>> >>
>> >>
>> >> _______________________________________________
>> >> Global_chapter_committee mailing list 
>> >> Global_chapter_committee at lists.owasp.org
>> >> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>> >>
>> >
>> >
>> >
>> > --
>> > Regards,
>> > Christian Heinrich
>> > http://www.owasp.org/index.php/user:cmlh
>> >
>> > _______________________________________________
>> > Global_chapter_committee mailing list 
>> > Global_chapter_committee at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>> >
>> > _______________________________________________
>> > Global_chapter_committee mailing list 
>> > Global_chapter_committee at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>> _______________________________________________
>> Global_chapter_committee mailing list 
>> Global_chapter_committee at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>
>
> _______________________________________________
> Global_chapter_committee mailing list
> Global_chapter_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>
>



--
Tin Zaw, CISSP, CSSLP
Chapter Leader and President, OWASP Los Angeles Chapter Chair, OWASP Global Chapter Committee Google Voice: (213) 973-9295
LinkedIn: http://www.linkedin.com/in/tinzaw

_______________________________________________
Global_chapter_committee mailing list
Global_chapter_committee at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/global_chapter_committee


More information about the Global_chapter_committee mailing list