[Owasp-board] FW: Tix to Irvine

dinis cruz dinis.cruz at owasp.org
Mon Aug 23 15:51:04 UTC 2010

This is very disappointing, since from my point of view we are not even
addressing the real issues here, for example:
 - try to get some energy into our community,
 - get more leaders to participate in our conferences and
 - find innovative ways to promote the OWASP message/activities inside the
organisations that gravitate around OWASP.

I would say that NOT covering Tony's expenses should NOT even be on the
table. Once me and another OWASP Board members commits to an expense (within
reason) to one of our leaders, then it should be accepted. And if there are
any issues with it, they should be raised at the next board meeting (and if
there is a problem, there should be a vote against it (with lessons learned
for the future))

And for the record, I did ask Tony to ask first what if there was a model in
place, but my original answer to his question "...Hey can OWASP leaders also
attend the classes at the OWASP Conferences..." was "...well not sure if
there is a precedent, but I don't think they should pay... talk to kate...".
That said, by now Tony is committed so we can't back down. He is also
motivated to work on the 'bring an Developer to an OWASP conference' which
is a key new development for OWASP.

So here is what I committed with Tony (Kate and Alison please cover these):
* Training at Irvine
* 2x 1000USD as a MAX amount to spend per developer to bring them to
conference (this was including the full price of the conference, so the real
dollar amount for OWASP is going to be smaller). The only reason I did this
was because Tony's chapter only has 300ish USD in their local budget, and I
needed to find a way to motivate him to find a couple local developers (so
that we would have at least one example of how the model should work (with
the idea that the other chapters would use their funds))

Finally, I want this decision to vote down my idea to be on the record and
on the wiki since I want to blog about it.

... If you ever question yourself why things don't move at OWASP... here is
a great example....we're are talking about 500 USD and 2000USD amounts
here... this is why none of you (and the other leaders who have budgets)
make financial decisions... why bother when one has to spend hours
justifying it :(

Let's continue at Irvine....


On 23 Aug 2010, at 16:25, Kate Hartmann <kate.hartmann at owasp.org> wrote:

We have Dave, Eoin, Matt, and Tom vote no

Jeff suggests “stand by”

Seba is on vacation for another week

Dinis is very much a Yes

I will recommend that since this has already been promised to Tony we pay
the trainer fees out of Dinis’ budget for Tony’s class and then discuss in
CA ways to reward our chapter leaders for their efforts in the future.
Would like to get Seba’s input on the progress of the restart of the chapter

I think we agree that the chapter leaders are the heart and soul of the
foundation.  I’m disappointed that the chapter committee faded away because
this is where the chapter leaders will have their voice and can initiate a
program to reward themselves and their peers.

With all due respect, any business (which OWASP ultimately is) can only
reward their “employees” when business is profitable.  With the exception of
the banking industry in the US (i.e. economic meltdown) when the company
breaks even or loses money during any given fiscal year, the entire
organization needs to tighten their belts and work on recovery.  Once that
recovery is made (and not before) is it time to once again dole out the

2009 was not a good year for OWASP.  2010 is much better, but is not

I think I can confidently say that no one is looking to punish the chapter
leaders or increase their burden of responsibility.  There is no caveat that
even implies that the position will be rewarded.  Our chapter leaders, our
members, and our community join up because they are passionate about what
they do and because they want to make a difference by supporting the mission

That being said, and returning to the single point of this thread, it is not
about providing freebies to our chapter leaders.  Conference admission is
free.  However, unless we have a revenue source other than conferences,
training, and membership or one of these can compensate for the other, then
we are risking our own stability to reverse a revenue stream.  By providing
“free conference training” to our chapter leaders (this is training offered
at conferences provided by commercial trainers) we not only risk plugging up
a very important source of funding for our mission, but actually turning a
source of revenue into an expense since we are obligated to pay the

Kate Hartmann

Operations Director



Skype:  Kate.hartmann1

*From:* dinis cruz [mailto:dinis.cruz at owasp.org]
*Sent:* Monday, August 23, 2010 7:05 AM
*To:* Dave Wichers
*Cc:* Kate Hartmann; OWASP Foundation Board List
*Subject:* Re: [Owasp-board] FW: Tix to Irvine

Wow, what about making our leaders pay a fee for the priviledge of being an
owasp leader and doing all that work for free!!! That would also be a
revenue source!

And Dave, how much money do you want to make from the conferences? I thought
that 118k from the EU conference was pretty good.

What is the profit number that will make you consider sharing some of that
with our hard working leaders? 250k? 500k? 1M? Never?

Sorry for the rant, but sometimes it is hard to be the only one around here
that (on the record) is trying to look after our owasp leaders (who are the
heart and soul of this organization). It really hurts when I have to justify
issues like this to the board

Dinis Cruz

On 23 Aug 2010, at 04:08, Dave Wichers <dave.wichers at owasp.org> wrote:

I vote no. That we do NOT comp OWASP leaders to our commercially provided
training events. These are intended to be significant revenue generators for


*From:* owasp-board-bounces at lists.owasp.org [mailto:
owasp-board-bounces at lists.owasp.org] *On Behalf Of *Kate Hartmann
*Sent:* Friday, August 20, 2010 5:02 PM
*To:* OWASP Foundation Board List
*Subject:* [Owasp-board] FW: Tix to Irvine
*Importance:* High

Board, can we vote on this?  Perhaps this is an exception to be made pending
a universal decision?

I will go to the trainer and see if he will comp Tony’s class, but in case
he will not, we will be paying him.

Kate Hartmann

Operations Director



Skype:  Kate.hartmann1

*From:* Tony UV [mailto:tonyuv at owasp.org]
*Sent:* Friday, August 20, 2010 1:05 AM
*To:* 'Kate Hartmann'
*Subject:* Tix to Irvine

Morning Kate,

Just wanted to see if there was an official word on whether or not I can
attend the training since I need to finalize my travel for that week.
Thanks so much for checking in to this and hope that it won’t be a problem.

Thanks for all your efforts on the org’s behalf.


Tony UcedaVelez, CISM, CISA, GSEC

*Chapter Lead*

*OWASP Atlanta*


Twitter: *@versprite*

Owasp-board mailing list
Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100823/ace5ed0b/attachment-0002.html>

More information about the Owasp-board mailing list