[Global_conference_committee] Chapter Revenue Share From OWASP events

Richard Greenberg richard.greenberg at owasp.org
Wed Dec 22 12:08:38 EST 2010


So much for speaking at a high level.

I believe most of us have a conflict of interest, as we are involved in
local chapters. Please don't get caught up in process at the expense of our
goals. I think it is a reasonable assumption that we all would like to see a
thriving and expanding LA Chapter; it really should not matter that other
successful chapters have achieved success one way or another. In my day job,
I need to deliver on goals. I find a way to do that, and that can be
difficult oftentimes in a government bureaucracy.

My limited time on the GCC really has nothing to do with my perspective; I
am obligated to look at all issues through both sets of lenses: local
chapter and the OWASP mother ship.

BTW, there are plenty of sparks in the LA generator.

Happy holidays to all.

On Wed, Dec 22, 2010 at 11:10 AM, Kate Hartmann <kate.hartmann at owasp.org>wrote:

> I have pulled this discussion off of most of the mailing lists and dropped
> it back on Conferences’ plate.  I am really trying to be objective here, but
> honestly, I’m getting frustrated by the comments I’m reading.  I really try
> in most situations to allow the community to be the driver, but as this
> topic will affect the viability of the foundation (mothership), 160+ local
> chapters, and 20,000+ members of the owasp all mailing list I need to try to
> get EVERYONE to think globally on this issue.  We are, after all, the
> conference committee.  According to the Conference committee website:  *The
> Global Conferences Committee was created during the OWASP EU Summit in
> Portugal 2008. The primary purpose of this Global Conferences Committee is:
> determine location, frequency and to oversee and direct global conferences,
> speakers and training.*
>
> It says nothing about allowing chapters build their revenue through hosting
> OWASP GLOBAL APP SEC EVENTS.
>
>
>
> Please, guys, let’s stay focused on what we need to do.  If chapters feel
> they need more funding, then they should go through the Global chapter
> committee to make that happen.
>
>
>
> Richard, my comments on your email are below:
>
>
>
> As both an LA Chapter Board Member and GCC member, I am well positioned
> (I'd better be) to weigh in on this passionate discussion.
>
>
>
> I am not discounting your efforts, but as the Operational director of
> OWASP, I have been involved with EVERY chapter Globally and every committee
> for the past two years…Your activity has been within the past 6 months,
> limited to LA, and 6 weeks on the GCC.  I have seen new chapters grow from 1
> or 2 dedicated, passionate chapter leaders to participation of hundreds.  In
> this discussion, I think that your role as a chapter leader is actually a
> conflict of interest.
>
>
>
> Look at the success New York OWASP has been having. LA needs to be at that
> level!
>
>
>
> New York had been successful without AppSec funding.  They drive the
> mission with membership.  AppSec US 2008 was held in NYC and the local
> chapter did not receive any of those profits.  They finance with energy
> directed towards corporate memberships ($2,000 each to the local chapter).
>
>
>
> Let's remember not to covet others riches, but to respect the capacity of
> each Chapter to build and spread the OWASP concepts to as many
> people/companies as possible.
>
> Let’s not hoard either, but help the organization as a whole to succeed.
>
>
>
> Richard, I’m not suggesting elimination of the share, but am trying to help
> drive the organization as a whole.  I agree that LA is a metropolis, and if
> the goal is to become as active as NY, then great!
>
>
>
> I am trying to point out that a chapter’s longevity will be with
> membership.  AppSec should be viewed as an energy boost for an already
> active chapter, not as a mechanism to start a dead battery.
>
>
>
>
>
> Kate Hartmann
>
> Operations Director
>
> 301-275-9403
>
> www.owasp.org
>
> Skype:  Kate.hartmann1
>
>
>
> *From:* Richard Greenberg [mailto:richard.greenberg at owasp.org]
> *Sent:* Wednesday, December 22, 2010 10:00 AM
> *To:* Kate Hartmann
> *Cc:* Tin Zaw; global_conference_committee;
> global_chapter_committee at lists.owasp.org; Lucas Ferreira;
> Global_membership_committee at lists.owasp.org; Eoin
> *Subject:* Re: [Global_conference_committee] [Global_chapter_committee]
> [Global_membership_committee] Conference/Chapter Revenue Splitting
>
>
>
> As both an LA Chapter Board Member and GCC member, I am well positioned
> (I'd better be) to weigh in on this passionate discussion. I have not yet
> read a false statement from anyone, which means we are all speaking at a
> high level. Of course, there must be some resolution to this hot issue, so
> here are my thoughts.
>
> Any local chapter that takes on the responsibility for a local hosting of a
> Global AppSec conference does so with the understanding that they are the
> ones who are in charge and must bear the responsibility for the success or
> failure of the conference, both in terms of content and financially. We in
> SoCal spent countless hours on all the conference planning tasks, from venue
> issues to reception planning, from spreading the word for and vetting
> speakers to getting sponsorships (and I personally got a number of these).
> We are not paid OWASP employees, but of course all have other jobs, that we
> put in much more than a 40 hour work week to be successful. Yet we still all
> found the time to indeed make the conference a success. Why did we do this?
> No, it was never directly about the money. Yes, it involved the money, but
> solely to build the LA Chapter. LA is the largest megalopolis in the
> country, yet its participation at OWASP meetings is not proportional to
> this. We are using AppSec as a beacon to light the way for the development
> and appsec community to come into the OWASP fold. Word of mouth is
> important, but much of the efforts require cold hard cash, the kind that was
> brought in from AppSec. Los Angeles is often looked at as a driving force in
> initiatives for the rest of the country, and we are setting our goals
> appropriately. Look at the success New York OWASP has been having. LA needs
> to be at that level!
>
> Stepping up a level, any local chapter that takes on the hosting
> responsibility should receive the funding it needs for it's initiatives,
> provided it has generated that income for both OWASP and the chapter itself.
> It should not be the role of OWASP to dictate what the chapter must do with
> its money, unless there is a clear misuse or poorly chosen direction. We
> have highly motivated , intelligent, and resourceful Chapter Leaders that
> have that responsibility. Let's remember not to covet others riches, but to
> respect the capacity of each Chapter to build and spread the OWASP concepts
> to as many people/companies as possible.
>
> On Wed, Dec 22, 2010 at 9:26 AM, Kate Hartmann <kate.hartmann at owasp.org>
> wrote:
>
> Tin, I am really not picking on you, individually, but need to really speak
> up on this subject since it is a very critical one for the foundation as an
> organization.
>
>
>
> Tin, please be careful when you bring in phrases like, “this is the core of
> the matter here.”  Really, I disagree with that statement.  The idea is not
> that simple – guilt.
>
> We are working on a global solutions to the chapter funding.  Not every
> chapter can host an AppSec and the regional events do not bring in that much
> revenue.  We need to think about the message we send to EVERYONE.
>
> Hosting an AppSec or any conference should really not be about the money.
> In fact, until very recently, the local chapter did not receive ANY split
> and we still had lots of chapters asking to host the conference.  In 2008,
> as a result of the first Summit, the Membership model was modified to
> provide local chapter’s a 40% share of incoming membership fees.  This means
> that a corporate supporter attached to a local chapter would generate $2K.
> There are many chapters who have used this “seed money” to drive membership,
> participation, and bring in additional chapter revenue through corporate
> supporters.
>
>
>
> Looking  at the first paragraph about OWASP on the website, at the mission
> of OWASP, it reads:
>
>
>
> “The Open Web Application Security Project (OWASP) is a 501c3
> not-for-profit worldwide charitable organization focused on improving the
> security of application software. Our mission is to make application
> security visible, so that people and organizations can make informed
> decisions about true application security risks. Everyone is free to
> participate in OWASP and all of our materials are available under a free and
> open software license. “
>
>
>
> It is MY OPINION based on what I have seen Globally, energy spent on
> Membership is more financially rewarding in the long term, and, hour for
> hour, provides a greater return on investment.  The profits for an AppSec
> conference are really the result of turning the membership relationships
> into sponsorships.
>
>
>
> Tin, really, I challenge you to look at the sponsorship revenue from AppSec
> US and point to the *local* companies that stepped up to sponsor the
> event.  Most of them are Corporate sponsors at the foundation level that I
> was able to connect with to generate sponsorship for the event.
> Additionally, it was the mailing lists created by the foundation and the
> blasts that generated a good portion of the attendance for the conference.
>
>
>
> The conferences committee is debating an opportunity to essentially reward
> the local chapter for their investment in time with the equivalent of 2 or 3
> corporate membership splits as funds to continue the efforts in that
> region.  One of the proposals on the table is to use the remaining split of
> the profits to assist other, smaller, newer chapters who otherwise would not
> have the funds to secure a venue, print flyers, bring in speakers, or find
> other ways to promote OWASP.
>
> I am sorry if it seem like I’m being harsh on you.  I see OWASP from the
> center and therefore very often try to find a compromise that benefits the
> entire organization.
>
>
>
> Kate Hartmann
>
> Operations Director
>
> 301-275-9403
>
> www.owasp.org
>
> Skype:  Kate.hartmann1
>
>
>
> *From:* global_conference_committee-bounces at lists.owasp.org [mailto:
> global_conference_committee-bounces at lists.owasp.org] *On Behalf Of *Tin
> Zaw
> *Sent:* Tuesday, December 21, 2010 10:47 PM
> *To:* Mark Bristow
> *Cc:* global_chapter_committee at lists.owasp.org; Eoin; Lucas Ferreira;
> Global_membership_committee at lists.owasp.org; global_conference_committee
> *Subject:* Re: [Global_conference_committee] [Global_chapter_committee]
> [Global_membership_committee] Conference/Chapter Revenue Splitting
>
>
>
> Mark, you do not need to snip anything. I said it on the record and I stand
> by it.
>
>
>
> And I agree, OWASP's needs come first, hence 75% of the proceeds, and the
> local chapter's needs come second, hence 25% of the proceeds. In this case,
> the local chapters over-fund OWASP, not the other way around.
>
>
>
> After such split, with OWASP being first, local chapters should have
> certain freedom, within OWASP guidelines, on how they allocate their funds.
> They should not feel guilty for it. In case it is not noticed, this is the
> core of the matter here.
>
>
>
> As I mentioned for the Summit cost, I am willing to negotiate, and I
> believe Kate and Dinis have made some good arguments on why spending chapter
> funds for the Summit is a good idea.
>
> We could go a long way if we all collaborate.
>
>
>
> Cheers!
>
>
>
>
>
> On Tue, Dec 21, 2010 at 6:52 PM, Mark Bristow <mark.bristow at owasp.org>
> wrote:
>
> This to me is a great example of why we should not over-fund chapters....
>
>
>
> Some context, this chapter is proposing that, even tho they have ample
> funds to send some of their leaders to the summit, that they split the cost
> 50/50 with the foundation even after Tom's call for "donations" to the
> summit fund from local chapter funds.  Clearly the summit is a huge priority
> for OWASP, however in the isolation of this chapter, it's not as important.
>
>
>
> <snip>
>
> As for local chapter funds, I have not been informed of, nor do I subscribe
> to the notion that funds are to be used for next calendar year. Our plans
> for chapter funds are for 2011 and beyond, with recognition that we will not
> be hosting AppSec -- and enjoy its proceeds -- anytime soon. Our current
> plans include more local outreach, support for local university chapters,
> and potential rental expenses for chapter meetings or mini-conferences when
> we outgrow space. In addition, I plan to leave the chapter in a better
> financial shape when I step down one day.
>
>
>
> I hope my points are understandable. I also understand that OWASP plans to
> bring as many people as possible, and if and when it comes down to financial
> necessity, I am willing to negotiate other options.
>
> </snip>
>
>
>
> While I've snipped out the bits that identify the chapter, the message is
> almost perfectly intact.  It's pretty clear to me that the foundation could
> really use some of these funds currently, however the chapter disagrees and
> therefore we have to hunt for funds elsewhere.
>
>
>
> I agree it's a TON of work to organize a conference, I've done it directly
> 2 years in a row.  But the motivation for doing so should not be a financial
> one and the needs of the foundation should always come first, because in the
> end, it was an OWASP event, not a chapter one.
>
>
>
> On Sun, Dec 19, 2010 at 2:58 AM, dinis cruz <dinis.cruz at owasp.org> wrote:
>
> The Samy tour is a great example of what happens when you remove from the
> Chapters the responsibility to make the initial decision (and some of the
> financial cost).
>
>
>
> John's email below is spot on, when I talk about 'financial paralysis' and
> the inability from our chapter leaders to spend (or ask) for money, that is
> exactly what I'm talking about. If (in the curent model) John W. doesn't
> feel confortable in asking for money, then who is?
>
>
> Our current OWASP culture, doesn't promote a 'spending proactivity' of our
> projects and chapter leaders. In fact, it is not even enough to say *'here
> is money, we trust you, go and spend it'* (as we see with the 30k
> allocated to Projects, Committees and Chapters which has barely been used).
>
>
>
> I think that this is a reflection of the normal non-OWASP world where there
> are always very strong controls on the use of financial resources.
>
>
>
> Add to that a *"I don't need the headache of having to justify why I need
> the money"* to a *"If I'm doing this for OWASP and I have the track
> record, why should I even have to justify it"* to a *"I really like OWASP
> and don't want to spend the resources badly"*  to a *"What are the rules
> for engagement if it doesn't work out as well as I would like it to?"* you
> have a perfect storm for inaction
>
> Dinis Cruz
>
>
>
> On 17 December 2010 12:21, John Wilander <john.wilander at owasp.org> wrote:
>
> Gosh, some heavy emailing going on here.
>
>
>
> Just a short one to answer Mark's request for examples of chapters being
> denies funding.
>
>
>
> I think this is not a case of chapters asking for money and being denied.
> No such examples to my knowledge. I think the case is "we have no money so
> we don't do X and Y". Chapters don't feel empowered or comfortable to write
> an email to Mark or Kate and ask for $. Instead they strive in mediocracy
> and skip doing better events.
>
>
>
> In concrete terms ... Samy Kamkar's talks at several European chapters were
> a huge success. But they were *not* initiated by empowered chapters. It
> was a *central* OWASP initiative with a *central* funding solution in
> place. Now OWASP Sweden wants to pursue this path and invite Mario
> Heiderich, Gareth Heyes, Dinis Cruz etc. Great! But have we written an email
> to Mark yet? No. Not even I, being a member of the GCC, feel comfortable
> asking for the foundation's money to run a local event.
>
>
>
> In this case OWASP Sweden actually has money. Why? Because we got a share
> of the revenue from OWASP AppSec in Stockholm. So we're going to fly Mario
> Heiderich in and build upon the success with Samy. We already have more than
> 500 members and we asked them what we should use the chapter's money for.
> Answer: More international experts giving talks and tutorials. This is what
> the chapter members want.
>
> (Of course we will try to find sponsors to lower the chapter's costs and we
> will try to cooperate with OWASP Finland and Norway so we can share travel
> costs.)
>
>
>
>    Regards, John
>
>
>
>
>
> 2010/12/16 L. Gustavo C. Barbato <lgbarbato at owasp.org>
>
>
>
>
> I also defend the idea of collaboration between chapters in order to
> achieve great conferences results - when I say collaboration I do mean
> collaborate <http://dictionary.reference.com/browse/collaborate> (*to
> work, one with another; cooperate, as on a literary work*), in other
> words, without having profits in mind.
>
> However, aiming to compensate the collaboration on conferences and have a
> fair support of OWASP, I do defend the idea of having conferences in
> different cities yearly according to local chapters locations. Nevertheless,
> we can't forget the hard work necessary of local chapters to host a
> conference -- I know that because after the AppSec Brazil 2010 (last month),
> I don't stop thinking and working on AppSec 2011 -- it's already being
> time-consuming.
>
> L. *Gustavo* C. *Barbato*, Ph.D.
> Chapter Leader, OWASP Porto Alegre / *Brazil*
> Global Chapter Committee Member
> http://www.owasp.org/index.php/User:Gustavo_Barbato
>
>
> On 12/15/2010 12:29 PM, Mark Bristow wrote:
>
> Comments forwarded on Lucas's behalf (he's on vacation and can't send as
> the right user.....)
>
>
>
> =======
>
> I don't like the idea of having one chapter getting so more funds then
> others. For AppSec Brasil, we will have people from multiple chapters
> involved and it would not be nice to have one chapter getting all the
> money. Having to decide a split amongst chapters would need energy
> that could be better used somewhere else.
>
> In principle, I don't like the idea of having chapters "fighting" for
> money, and we may have this in the future if the chapter split is too
> high. I'm afraid collaboration may decrease in the long run. On the
> oher hand, I'd like to see a solution that increases the involvement
> of chapter leader in our conferences, specially to have people from
> different chpaters to collaborate in conference teams.
>
> I think that having many chapters with some money is better than
> having a few chapters with a lot of money. I think we should invest
> more in getting more active chapters than making a few chapters more
> active.
>
> The fund idea seams a good solution to me.
>
> Regards,
>
> Lucas
>
> On Tue, Dec 14, 2010 at 7:19 PM, Neil Matatall <neil at owasp.org> wrote:
>
> Well this thread has become epic and unfortunately I haven't been able
> to catch all of the ideas.  I really hope I can catch up, but why
> don't we have a conference call or discuss this at the summit (those
> not in attendance will have to be accommodated somehow)?
>
> Times like these make me wish my phone has an "threaded" email view :(
>
>
> On Tue, Dec 14, 2010 at 12:13 PM, Jason Li <jason.li at owasp.org> wrote:
> > So taking Michael's suggestion of starting fresh, I've cleared the long
> > quote of the thread.
> > As an observer to the thread, I'm going to capture what I think has been
> > mentioned so far on the thread.
> >
> > And then I'll weigh in with my humble opinion, keeping in mind that I am
> not
> > involved in the Conferences Committee, Membership Committee, Chapter
> > Committee, or the Board (in other words, I'm a nobody in this
> conversation
> > :)).
> > ----
> > Summary of Problem:
> > Where does Conference revenue go?
> > Points of Concern:
> > 1) Conferences are put on with the assistance of local chapters and
> > coordination/support from the OWASP mothership
> > 2) We want a way to reward local chapters for their help with
> > running/coordinating a conference
> > 3) We want conference attendees the option to get OWASP Memberships
> bundled
> > in with the conference
> > 4) Chapters need money to do things
> > -------
> > Now with that out of the way, my personal thoughts:
> > #4 is completely independent of Conference revenue. There are lots of
> other
> > OWASP sectors that also need money to do things (Projects and Summits for
> > example). If there is a need for Chapters to do something, then this
> should
> > be allocated out of the main OWASP mothership budget and not out of
> > Conference revenue.
> > In my view, conference revenue should go to one of three places:
> > 1) OWASP Mothership fund (where the Board can then re-allocate as needed
> to
> > support Chapters or other initiatives as appropriate)
> > 2) Local Chapter(s) supporting the conference (in order to recognize
> their
> > support)
> > 3) Conferences fund managed by the Conferences Committee
> > I'm not even sure if #3 is really necessary as that could also fall under
> > #1.
> > The only real debate is what proportion of the revenue should go into
> which
> > bucket. That's where I believe this debate originally started. All this
> > other talk about chapter needs and a chapter fund has clouded the
> > discussion.
> > -Jason
>
> > _______________________________________________
> > Global_conference_committee mailing list
> > Global_conference_committee at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/global_conference_committee
> >
> >
>
>
>
> --
>
> --
>
> Neil
>
>
>
>
> --
> Mark Bristow
> (703) 596-5175
> mark.bristow at owasp.org
>
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> AppSec DC Organizer - https://www.appsecdc.org
>
>
>
> _______________________________________________
>
> Global_chapter_committee mailing list
>
> Global_chapter_committee at lists.owasp.org
>
> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>
>
> _______________________________________________
> Global_conference_committee mailing list
> Global_conference_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>
>
>
>
> --
> John Wilander, https://twitter.com/johnwilander
> Chapter co-leader OWASP Sweden, http://owaspsweden.blogspot.com
>
> Co-organizer Global Summit, http://www.owasp.org/index.php/Summit_2011
>
> Conf Comm, http://www.owasp.org/index.php/Global_Conferences_Committee
>
>
>
>
> _______________________________________________
> Global_conference_committee mailing list
> Global_conference_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>
>
>
>
> _______________________________________________
> Global_conference_committee mailing list
> Global_conference_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>
>
>
>
> --
> Mark Bristow
> (703) 596-5175
> mark.bristow at owasp.org
>
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> AppSec DC Organizer - https://www.appsecdc.org
>
>
> _______________________________________________
> Global_chapter_committee mailing list
> Global_chapter_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_chapter_committee
>
>
>
>
> --
> Tin Zaw, CISSP, CSSLP
> Chapter Leader and President, OWASP Los Angeles Chapter
> Google Voice: (213) 973-9295
> LinkedIn: http://www.linkedin.com/in/tinzaw
>
>
> _______________________________________________
> Global_conference_committee mailing list
> Global_conference_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>
>
>
>
> --
> Richard Greenberg, CISSP
> Board of Directors, OWASP Los Angeles, www.owaspla.org<http://www.appsecusa.org/>
> Board of Directors, ISSA Los Angeles, www.issa-la.org<http://www.appsecusa.org/>
> OWASP Global Conference Committee
> LinkedIn:  http://www.linkedin.com/in/richardagreenberg
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *  *
>
>
>
>
>



-- 
Richard Greenberg, CISSP
Board of Directors, OWASP Los Angeles,
www.owaspla.org<http://www.appsecusa.org/>
Board of Directors, ISSA Los Angeles, www.issa-la.org<http://www.appsecusa.org/>
OWASP Global Conference Committee
LinkedIn:  http://www.linkedin.com/in/richardagreenberg
                                                   <#>
<#>
<#>       <#>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_conference_committee/attachments/20101222/ab1b25d3/attachment-0001.html 


More information about the Global_conference_committee mailing list