[Owasp-board] [Owasp-leaders] Removal of Regional/Local event oversight from Conferences Committee

Kate Hartmann kate.hartmann at owasp.org
Mon Jun 20 23:12:58 UTC 2011


Jason, you have summarized the role of the committees well:  Committees exist to solely to facilitate and grow their respective areas of responsibility, NOT to "oversee" or "govern" these areas.  From this perspective, why the heck does it matter who's "jurisdiction" it falls under?!?

The chapters committee had a great discussion on the next steps this afternoon.  This is not about governance, but about which group might be able to offer the best support.  It's also not about creating silos, but about trying to create the best possible support for leaders who want to take their chapters to the next level.

One of the discussion threads from today's chapter call was to allow the planners the option to aim big by aligning their event with the conferences committee.  I also have no reason to believe that OCMS would no longer be required.  On the contrary, it is such a remarkable accomplishment that it is now a critical step in the planning process.

The chapter committee is composed of leaders who have faced the challenges of hosting a one day event or a large scale meeting.  I am confident that their perspective along with the support of the conference team's global conference experience will strengthen our outreach efforts.  

Kate Hartmann
OWASP Operations Director


On Jun 20, 2011, at 4:56 PM, Jason Li <jason.li at owasp.org> wrote:

> Board/Committee Chairs,
> 
> I apologize that I could not speak up more clearly on this issue during the Board call due to my bad connection from Morocco.
> 
> Having watched the threads, the whole local/regional/global event debate seems to me to be a proxy war for one issue: profit sharing via the chapter/conference split.
> 
> Committees exist to solely to facilitate and grow their respective areas of responsibility, NOT to "oversee" or "govern" these areas.  From this perspective, why the heck does it matter who's "jurisdiction" it falls under?!?
> 
> As Eoin alluded to on the conference call, the idea of sticking an artificial wall between the chapters committee and the conferences committee is ludicrous. Local and regional event planners should be able to leverage the respective knowledge and experience of both the Chapters Committee and the Conferences Committee!
> 
> Remove the split debate and I see absolutely no logical reason for any of this whole event "governance" discussion at all. If anything, this should be an amazing opportunity for a joint committee initiative to pursue some of the ideas Jeff referred to in terms of growing chapters.
> 
> It seems to me that it only matters when it comes to who gets to decide how to "divide up the money". 
> 
> I agree with Mark that I think part of the discussion has been charged with the undertones of revenue split. If we don't solve that issue, the next flash point will simply be what gets considered a "regional event" versus a "global conference".
> 
> I believe that most of Mark's points are legitimate concerns about the financial situation of OWASP as a whole, and the organization's dependence on revenue from all OWASP *events*.
> 
> While it would be nice if we could support every local chapter event to grow the organization, the reality is that someone has to make the decision on whether to fund events and I do not believe that it should be the decision of any one committee. So I think the Board, the Chapters Committee, and the Conferences Committee need to sit down together and distill their conversation to the real point of the matter which is: what happens to money that comes into OWASP? 
> 
> And as it will be a long heated disucssion, it's a conversation that I *DON"T* think should happen on the leader's list :)
>  
> -Jason
> 
> On Mon, Jun 20, 2011 at 8:13 PM, Jeff Williams <jeff.williams at owasp.org> wrote:
> Hi Mark,
> 
>  
> 
> Congrats on the newborn – I understand those things can be time consuming J
> 
>  
> 
> I support the board’s decision today because we want the Global Chapters Committee to grow into supporting the needs of chapters that want to put on local events.  I think there’s a good argument that these events *are* different than global events, and have different support needs.
> 
>  
> 
> We want the Global Conferences Committee to focus on large-scale international events – can you support an AppSec for every development platform?  On every continent?  With thousands of attendees?  How about new kinds of events – open-space conferences, more OWASP Summits, training events, college events, etc… There are 15 million developers in the world and we are only reaching a few hundred of them today.  You’ve done a great job with our existing style of conference…  Can you take it to the next level?
> 
>  
> 
> I think you’re exactly right that over time we will have to work out which are “Global” events and “Local” events. To me, the decision should be made by the folks organizing the conference – in collaboration with folks on both the Chapters and Conferences committees.  I hope that they’ll get different support and the event will come out differently.
> 
>  
> 
> I’d like to make it perfectly clear that this vote wasn’t a referendum on the performance of the Global Conferences Committee by any means.  You and your team have done a great job of establishing infrastructure and managing all sorts of events.  The financial information you provided was greatly appreciated and is a perfect example of the work you’ve done.
> 
>  
> 
> Thank you for all your hard work!
> 
>  
> 
> --Jeff
> 
>  
> 
>  
> 
> From: owasp-board-bounces at lists.owasp.org [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Mark Bristow
> Sent: Monday, June 20, 2011 2:50 PM
> To: OWASP Foundation Board List
> Cc: owasp-global-chapter-committee; global_conference_committee; owasp-leaders at lists.owasp.org
> Subject: [Owasp-board] Removal of Regional/Local event oversight from Conferences Committee
> 
>  
> 
> OWASP Board,
> 
> I apologize for not being able to make the meeting today but having a newborn at home simply had to take priority.  After reviewing the meeting minutes I was very sorry to see that you decided to take up this very important topic without my participation despite my request not to do so, I had made arrangements to attend the original meeting on June 6th but unfortunately the board postponed and I could not attend today.   I was very troubled to see the results of your decision to "Move local and regional events from umbrella of conferences committee to chapters committee, effective July 31, 2011" supported by "Tom, Seba, Eoin, Jeff, Dave" and frankly am somewhat bewildered at this change.  
> 
> Over the past 2 years under the Conferences Committee’s leadership, we’ve seen OWASP grow from having one, perhaps two global events each year to having a Global AppSec Conference in North America, South America, Europe and Asia every year in addition to increasing the number of regional and local events we participate in worldwide. In the last year the GCC has instituted clear, concise policies to govern events that were previously in a state of disarray causing significant internal conflict, developed a system for managing events automatically as well as streamline the event management process, and launched a new Global Sponsorship initiative to help OWASP better attract sponsors to events.   We have instituted new programs to better support events, streamline processes for getting promotional merchandise and booth support to non-OWASP events, attempted to streamline the contracting process and purchased common equipment to save OWASP money in running events.  The committee has grown from 3 to 11 members, and hired part time operations support giving us the additional bandwidth and support we need to get all of these done and done well.  While we are not perfect I'd argue you'd be hard pressed to find a more ambitious and successful global committee at OWASP.  
> 
> I don't know if this was discussed but it's not clear to me that the board has a full understanding of the financial implications that this change may reflect for OWASP.  Last year conference income accounted for 77% of OWASP's annual income and brought in a total profit of $240,399.71 (up 151% from 2009 under the conferences committee's oversight).  Regional and local event income totaled $295,845.52 representing 40% of OWASP's conference income.  Moving these responsibilities to an untested committee who is not focused on or experienced in running events could put OWASP in significant financial jeopardy.  To give you some perspective the regional and local event income is 149% more than the $198,620.74 that the foundation spent on the Summit last year.  Despite these operational, support and financial sucesses, it's unfortunate that the board has obviously lost confidence in our ability manage OWASP Events, by reducing our oversight, as was defined in our recently re-approved (by the board) mission statement
> 
> I will not pretend that there are not some areas where the Conferences Committee needs to improve. I agree with the sentiment that we do not clearly define the differences between the "type" of event or level support between Global AppSec, Regional and Local events. We also need to continue our work of spreading out the OWASP Global Event Calendar as we are still very heavy in the second part of the year. I will also admit that not every decision the Global Conferences Committee has made has been popular however sometimes unpopular or difficult decisions need to be made for the greater good, this is why the committees exist. I will say that all of the decisions made by the conferences committee have been conducted in the most open and democratic way possible. We conduct almost all of our business on the mailing list for all to see and contribute and we vote on almost every decision so that those who have been validated by their peers to serve on the committee can have their say in the process. The conferences committee was even the first to develop a self governance document which was adopted in part or in whole by several of the other committees, including chapters. Considering the massive responsibility placed on the conferences committee in both leading the outreach effort and in ensure the foundation has sufficient operating income to continue it’s existence I’d say the Global Conferences Committee is doing a great job and don’t see the reason or rationale for making any move that would obstruct them from continuing to do great work on behalf of OWASP. 
> 
> I will concede however that if the board feels that local events, involving only 1 or 2 chapters or under a certain size, would be better served under the responsibility of the Chapters Committee, I would understand that.  To support these smaller events we mostly provide foundation funds, guidance when asked and leave the vast majority of the planning to the local team, something that the Chapters Committee could take on.  Additionally these events have a less significant impact to the foundation as a whole and in general do not generate significant income (last year they represented 0.88% or $2065.07 of total event income, many local events don't charge and we think that's GREAT!). However, the Conferences Committee has the experts for running larger events such as Regional (such as AppSec DC and LASCON, which can have hundreds of attendees) and Global AppSec events and I'm not sure I see the wisdom or logic in moving their oversight, especially for Regional events, to a committee who is not focused on events and does not have the expertise in this area. 
> 
> I have a suspicious feeling that this initiative is really a different venue for a small number of individuals who object to one and only one of the GCC policies on profit sharing (see https://www.owasp.org/index.php/Confernece_Profit_Sharing_Split_Rationale for some hard facts on that issue) what was voted on by the GCC and ratified by the board.  If so, then this entire issue should be dropped and those individuals should challenge the policy not the committee that oversees events.  The committees are there to make tough decisions and this decision was based on significant community input, conducted in a fair and open manor, and was set specifically to allow the most OWASP outreach possible, be fiscally responsible for OWASP as a whole and eliminate the creation of rich/poor OWASP chapters.  Opponents of the policy suggest a system that last year would have allocated an additional $35,976 to only 2 chapters leaving almost every other chapter unchanged.
> 
> Again I apologize for not being able to make the meeting, however if someone could outline the board's rationale for this decision I would certainly appreciate it.
> 
> Regards,
> 
> -- 
> Mark Bristow
> (703) 596-5175
> mark.bristow at owasp.org
> 
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> AppSec DC Organizer - https://www.appsecdc.org
> 
> 
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
> 
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110620/b8163601/attachment-0002.html>


More information about the Owasp-board mailing list