[Global_conference_committee] OWASP Points for Leaders

Mark Bristow mark.bristow at owasp.org
Mon Dec 13 11:30:49 EST 2010


I'd contend you have to be a paid member in order to earn points.

On Mon, Dec 13, 2010 at 11:29 AM, Kate Hartmann <kate.hartmann at owasp.org>wrote:

> *Great stuff.  I think this is a good start and may be applicable for the
> Summit.  I have some questions on the list as noted.  I also think,
> considering the points mentioned by Tom regarding membership, we should add
> “paid member” to the criteria.  Lead by example.*
>
> ·
>
> ·  *Major Active Project Leader 5 points – Which projects are the “Major
> Active Ones?”*
>
> ·  *AppSec organizer in 2009/2010 5 points – Includes the entire
> committee, right?*
>
> ·  *Special Invitation 4 points – What is this?*
>
> ·  *Key Industry player 4 points – What does this mean?*
>
> ·  *Active Chapter leaders 3 points – Define “Active.”*
>
> ·  *New Committee Member 3 points – Less than ?  Three months, one year?*
>
> ·  *New  Project Leader 3 points – Define new?*
>
> ·  *Recommit Committee member 2 points – Annual renewal?*
>
> ·  *Past OWASP leaders 2 points – Is this to reengage?*
>
> ·  *Responded by 30th  2 points*
>
> ·  *Participated at AppSec 1 point – attended, spoken?*
>
>
>
>
>
> Kate Hartmann
>
> Operations Director
>
> 301-275-9403
>
> www.owasp.org
>
> Skype:  Kate.hartmann1
>
>
>
> *From:* global_conference_committee-bounces at lists.owasp.org [mailto:
> global_conference_committee-bounces at lists.owasp.org] *On Behalf Of *dinis
> cruz
> *Sent:* Monday, December 13, 2010 6:13 AM
> *To:* Tony UV
> *Cc:* Global_membership_committee at lists.owasp.org;
> global_conference_committee; owasp-summit-2011 at lists.owasp.org
> *Subject:* [Global_conference_committee] OWASP Points for Leaders
>
>
>
> (I changed the title to reflect the current topic (see thread below for
> reference)
>
>
>
> Mark is spot on that the point of the points system :)  , is to recognize
> the leaders participation (and not to encourage it)
>
>
>
> The fact that we don't have good visibility into our leaders contribution
> is a massive problem at OWASP (and one that if don't tackle soon could cause
> a lot of damage to our community).
>
>
>
> Since the best way to get something done at OWASP is to have a reason/event
> creating its need, the OWASP Summit 2011 is the perfect opportunity to have
> a first pass at doing this.
>
>
>
> The problem we have at the Summit is *'On which order/priority do we
> allocate the limited available funds to bring our hard-working leaders to
> the Summit' *(i.e. if we have an extra 25k, who should get that money
> first? (as you will see on the spreadsheet below, the current amount needed
> is 88k)
>
>
>
> In order to get to this answer we have started creating a solution which is
> in essence the points model proposed on this list.
>
>
>
> Please start by reading this thread:
> https://lists.owasp.org/pipermail/owasp-summit-2011/2010-December/000339.html which
> points to this spreadsheet
> https://spreadsheets.google.com/a/owasp.org/ccc?key=0Amvv_7Gz8Z7TdGNEb0RRUUdfX0tMQ1EwTjY1MzNMWmc&hl=en (see
> sheet #2 called '2nd Batch - Sponsorships')
>
>
>
> The discussion is currently at *'What types of points should we have and
> what should be their value?'*
>
>
>
> Jason (in
> https://lists.owasp.org/pipermail/owasp-summit-2011/2010-December/000346.html)
> proposes the following list (which I agree) . Note that this needs to be
> merged with the ideas already discussed in this thread:
>
> ·  *Major Active Project Leader 5 points*
>
> ·  *AppSec organizer in 2009/2010 5 points*
>
> ·  *Special Invitation 4 points*
>
> ·  *Key Industry player 4 points*
>
> ·  *Active Chapter leaders 3 points*
>
> ·  *New Committee Member 3 points *
>
> ·  *New  Project Leader 3 points*
>
> ·  *Recommit Committee member 2 points*
>
> ·  *Past OWASP leaders 2 points *
>
> ·  *Responded by 30th  2 points*
>
> ·  *Participated at AppSec 1 point*
>
> *Rationale:*
>
> *- Committee Members: New committee members are demonstrating energy and
> initiative. Recommitted members are members who for one reason or another
> became inactive but have recommitted themselves to their committee. While
> it's great that they have recommitted, I think we should give a slight
> priority to new committee members over members who have already had an
> opportunity to serve but failed to deliver. In essence, Recommitted
> Committee members are akin to "historic" leaders*
>
> *- Projects: New projects leaders are like new committee in that we want
> to encourage the energy and initiative. Existing project leaders of active
> projects are extremely important to the OWASP ecosystem so they should be
> prioritized.*
>
>
>
> * *Let's see if over the next couple days, we can:
>
>    - agree on a criteria,
>    - complete the spreadsheet formula,
>    - do a first pass at the mappings
>    - and finally open up the discussion and mappings to the owasp-leaders
>    list
>
> Dinis Cruz
>
>
> On 13 December 2010 00:45, Tony UV <tonyuv at owasp.org> wrote:
>
> Sounds good.  Inline comments below. Overall main concern is the (a)
> development of the point system (b) educating a wide global member base on
> the point system (despite the most clear and concise wiki, etc to accompany
> it) (c) marketing this reward system to the point that adoption ramps up
> effectively. In either case, I’m all in.
>
>
>
>
>
> Tony UcedaVelez, CISM, CISA, GSEC
>
> *Chapter Lead*
>
> *OWASP Atlanta*
>
> http://www.owasp.org/index.php/Atlanta_Georgia
>
> Twitter: *@versprite*
>
>
>
> *From:* Mark Bristow [mailto:mark.bristow at owasp.org]
> *Sent:* Sunday, December 12, 2010 7:34 PM
> *To:* Tony UV
> *Cc:* Michael Coates; global_conference_committee;
> Global_membership_committee at lists.owasp.org
>
>
> *Subject:* Re: [Global_membership_committee] Honorary Memberships - Vote
> Scheduled for 12/21 @ Membership Meeting
>
>
>
> The point is't to motivate people to contribute, *[Tony UcedaVelez] * No
> arguments on the need and goal to motivate folks.  Agree there.
>
>
>
> it's to recognize people who do and provide some metrics that can be
> pointed to (Like CISSP CPEs) to demonstrate involvement.  *[Tony
> UcedaVelez] * Wouldn’t issuing CPE certs (a) achieve the same thing in
> terms of metrics (number issued to, what they did, etc) and (b) give
> volunteers something that they actually need? Otherwise we’ll have to
> develop a fairly point redeeming system AND educate them (more time) in
> order to get them to understand what those points translate into.  All good
> if we want to do that, but simply speaking on the logistics and time to be
> taken vs tapping into an existing solution that they already know.  Currently
> there is no measure of this.
>
>
>
> This is why I was shouldering the responsibility for individual points
> awards/tracking on each Committee.  *[Tony UcedaVelez] * Would it make
> sense that there would be a dedicated global points coordinator for all of
> this or even team to do this across the board?  Just thinking of the
> scalability of leaders of those committees to have to set yet something else
> up as well.  Conference Volunteers is actually something not difficult for
> me to track (as they get in free, need shirts ordered for them et all, they
> are identified early).*[Tony UcedaVelez] * Sounds good then.  As long as
> this and other proposed use cases doesn’t introduce a fuzzy, non-credible
> point system where points are awarded w/o proper accountability.
>
>
>
> Each committee knows what's measurable and what's not.
>
> On Sun, Dec 12, 2010 at 7:23 PM, Tony UV <tonyuv at owasp.org> wrote:
>
> My .02 late in the game is as follows:  (please excuse any redundancy)
>
>
>
> -          Main point, if people need a point system to lead or
> contribute, then there is something wrong here. This is my main gut feeling.
>
> -          Points would be difficult to track and maintain the
> accountability and integrity of. He/She said could ensue, particularly if
> points are awarded to relatively simple actions that are not well defined
> (i.e. – OWASP Conference Volunteer)
>
> -          Don’t think that the point system would have much clout with
> employers.  We could simply do the CPE thing for those that nurse those
> certifications.  They have to find hours anyway and they may as well get
> credit.  All depends on how active we’ve socialized the idea of awarding
> CPEs to volunteers, etc. Works for ISSA/ ISACA to shepherd them in.
>
> -          Point system may work best to cash in to a reward point system
> (which may have already been discussed) where members turn in points for
> freebies (OWASP merch) or points towards expense paid OWASP cons, etc.
>
> -          Corporate level point system may work by letting them rack up
> points so that they could get a free 2 day training from an OWASP lead or
> trainer.
>
>
>
>
>
>
>
> Tony UcedaVelez, CISM, CISA, GSEC
>
> *Chapter Lead*
>
> *OWASP Atlanta*
>
> http://www.owasp.org/index.php/Atlanta_Georgia
>
> Twitter: *@versprite*
>
>
>
> *From:* global_membership_committee-bounces at lists.owasp.org [mailto:
> global_membership_committee-bounces at lists.owasp.org] *On Behalf Of *Mark
> Bristow
> *Sent:* Sunday, December 12, 2010 4:36 PM
> *To:* Michael Coates
> *Cc:* global_conference_committee;
> Global_membership_committee at lists.owasp.org
> *Subject:* Re: [Global_membership_committee] Honorary Memberships - Vote
> Scheduled for 12/21 @ Membership Meeting
>
>
>
> <inject>
>
>
>
> I actually was talking to Jason Li and Dinis about this at AppSec BR.  We
> were thinking that we could develop a "OWASP Points" System that assigns
> points to people based on the OWASP Activities they do.  Ultimately We'd
> might work out member "levels" or some benefits to add to this, but i
> digress.
>
>
>
> You all would set "global" point values for things like, being a committee
> member, committee chair, board member, and other general member stuff.  The
> thought would be each committee would assign the point values
> for their respective AORs but it would be a Membership
> Committee initiative (see how I volunteered you?).  Committee Chairs would
> have to report in points say, quarterly and they would be assigned on
> completion of the activity.
>
>
>
> As an Example for the GCC we do something like (point values are nominal,
> we'd have to get together and normalize them):
>
>    - OWASP Conference (Core) Organizer: 50 Pts
>    - OWASP Conference Planning Committee Members: 20 Pts
>    - OWASP Conference Voluenteer: 10 Pts
>    - Attend an OWASP Conference: 5pts
>    - Attend OWASP Training Class: 5pts
>    - Host an OWASP Event: 10 Pts
>
> Projects would then do something similar for their stuff (take a project to
> alpha release, lead a project, submit code .... whatever they want)
>
>
>
> Industry, Connections, Education, Chapters and so on.
>
>
>
> This serves 2 functions.  You would be able to show off how many OWASP
> points you'e earned..... and for employers, employees,
> having substantial OWASP points could be a reason to get a raise, job et
> all.
>
>
>
> OFC, you'd have to be a individual member of the organization for any of
> this to be tracked.
>
>
>
> </inject>
>
>
>
> On Sun, Dec 12, 2010 at 4:20 PM, Michael Coates <michael.coates at owasp.org>
> wrote:
>
>
>
> In terms of the self assessment, where you thinking of having a specific
> date for it (i.e. every november) or would it be X months from the last
> review or when the leader was appointed?
>
>
>
> Either way could work, but I think we could keep our heads around it better
> if its at a set date every year. Also we can easily advertise/remind the
> leaders list each time that window roles around.
>
>
>
> Workload-wise it might be better to have this on a rolling basis.  That way
> it could be a recurring task (“we need to review these applications by the
> first of the month”) rather than a huge project (“review ALL the
> applications by Nov 1”)  Also I believe that there will be increased OWASP
> activity for most folks just before their renewals come up and it would be
> better to have that spread throughout the year rather than centered at one
> point on the calendar.
>
>
>
> Good point on the ramp up of OWASP activity that might occur prior to the
> deadline.  I'm for the rolling model, we just need to make sure we have a
> good tracking system in place and have several methods to contact each
> individual.
>
>
>
>
>
> In terms of the review period, what do you think of making it smaller, i.e:
> at least every 6 months?
>
>
>
> Benefits: Cause individuals to reevaluate their contributions more often.
> Possibly leading to people doing more work for OWASP.
>
> Negatives: More work for individuals, more work for reviewers (committees
> analyzing these docs).  May frustrate people to keep filling out these docs.
> Also, sometimes people just get busy at work and have to do less OWASP.  Not
> sure how they'd feel to loose their Honorary Status.
>
>
>
> Might make sense to start with an annual model and increase the tempo if we
> think it will increase involvement and it won’t overload the folks doing the
> reviewing.
>
>
>
> I'm for starting this on an annual basis too.
>
>
>
> -Michael
>
>
> _______________________________________________
> Global_membership_committee mailing list
> Global_membership_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_membership_committee
>
>
>
>
> --
> Mark Bristow
> (703) 596-5175
> mark.bristow at owasp.org
>
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> AppSec DC Organizer - https://www.appsecdc.org
>
>
>
>
> --
> Mark Bristow
> (703) 596-5175
> mark.bristow at owasp.org
>
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> AppSec DC Organizer - https://www.appsecdc.org
>
>
> _______________________________________________
> Global_membership_committee mailing list
> Global_membership_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_membership_committee
>
>
>
> _______________________________________________
> Global_conference_committee mailing list
> Global_conference_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>
>


-- 
Mark Bristow
(703) 596-5175
mark.bristow at owasp.org

OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
AppSec DC Organizer - https://www.appsecdc.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_conference_committee/attachments/20101213/2febfda6/attachment-0001.html 


More information about the Global_conference_committee mailing list