[Owasp-board] [Owasp-leaders] [Committees-chairs] Removal of Regional/Local event oversight from Conferences Committee

Mark Bristow mark.bristow at owasp.org
Fri Jun 24 15:14:46 UTC 2011


Martin,

FYI this has been resurrected in the form of the OWASP track (
https://www.owasp.org/index.php/OWASP_Track) and OWASP Speakers Group (
https://www.owasp.org/index.php/OWASP_Speakers_Group).  We'll be launching
our first lineup at AppSec North America this year.

-Mark

On Fri, Jun 24, 2011 at 7:35 AM, Martin Knobloch
<martin.knobloch at owasp.org>wrote:

> Christian,
>
> I am totally in with you, but disagree this to be a committee thing.
> Also we do not have, and I doubt it is to be wanted, sub-committees!
>
> As committees should be enabling, projects executing, I once addressed this
> as a possible project:
> https://www.owasp.org/index.php/Speakers_Bureau_Project
> Unfortunately, I did not get many reply nor help and the project went into
> a stall.
> There is a list of speakers available. So, we have a nice start!
> https://www.owasp.org/index.php/Category:OWASP_Speakers_Project
>
> Budget to get speakers for you local event / chapter meetings is enabled
> via the OWASP on the move project:
> https://www.owasp.org/index.php/OWASP_on_the_Move
> Those this answer your proposal?
>
> Cheers,
> -Martin
> On Tue, Jun 21, 2011 at 12:06 PM, Christian Heinrich <
> christian.heinrich at owasp.org> wrote:
>
>> Tin,
>>
>> For the second item from the top on your list can I recommend that
>> events which include international speakers, i.e. those requiring a
>> passport, presenting at an event organised by the chapters within the
>> specific country which the international speaker is entering fall
>> within the scope of the GCC (i.e. Conference)?
>>
>> Furthermore, can I raise the idea of the "Speakers Sub-Committee",
>> i.e. the thread starts at
>>
>> https://lists.owasp.org/pipermail/global_conference_committee/2011-March/001083.html
>> ,
>> for consideration by the OWASP Board since it is relevant to this
>> discussion also?
>>
>> On Tue, Jun 21, 2011 at 2:34 PM, Tin Zaw <tin.zaw at owasp.org> wrote:
>> > I am confused. I thought the board voted to put 4 Global AppSec
>> > conferences under support and policies of Conf. Committee and the rest
>> > under Chapter Committee. And Jeff's email sounded like that too.
>> >
>> > Here is what Chapter Committee (mostly, Seba and me) is discussing to
>> > propose -- the details.
>> >
>> > * GLOBAL AppSec's will be under policies and support of Conference
>> Committee.
>> > * For the rest of the conferences, the conference organizers can
>> > choose to call upon help of either Conference or Chapter Committee.
>> > * Conf. Comm. provides bigger help, with bigger budget, subject to
>> > split and cap rules.
>> > * Chapter Comm. provides smaller help, with smaller budget, subject to
>> > policies set by Chapter Comm.
>> >
>> > The original proposal for vote by the board was not put together by
>> > the Chapter Committee. With all good intentions, Kate proposed it.
>> >
>> > Chapter Committee's official stance is that we can take this new
>> > responsibility after this issue -- of which conference under what
>> > committee -- has been fully resolved by the board.
>> >
>> > Thanks.
>> >
>> >
>> > On Mon, Jun 20, 2011 at 9:02 PM, Tom Brennan <tomb at owasp.org> wrote:
>> >>
>> >>
>> >> For those watching at home... todays monthly board meeting had a few
>> items
>> >> on it, lasted about 1.5 hrs actually.  Thank you Mark for appealing
>> your
>> >> item as I believe the "vote" was a bit unclear as presented.  Having a
>> >> passionate volunteer like Mark craft emails as an appeal in addition to
>> >> having a new child enter the world today..  shows how passioned filled
>> he is
>> >> to the core mission - In addition Congratulations Mark, welcome to the
>> other
>> >> club Dad --  Boy(s) or Girl(s)  -- you will not forget when fathers day
>> is
>> >> anymore now it will be your kids birthday weekend!!
>> >> Let's rewind and visit the request from today, click on the below URL
>> and
>> >> read it or scroll to the end of my reply to see the content.
>> >> =====================================================
>> >> = https://www.owasp.org/index.php/June_6,_2011#BOARD_VOTE_REQUESTED====
>> >> =====================================================
>> >> So after reading both sides of the arguments the written rational and
>> the
>> >> counter arguments -  I agree (YES) with a adjustment to the current
>> model.
>> >> Of the proposed adjustments the one that I support is actually counter
>> >> proposal B.
>> >> OWASP Local chapters should not be required to run chapter events or
>> chapter
>> >> meetings via the Conferences Committee/OCMS approval system.  However,
>> if a
>> >> conference/event is going to be marketed as anything other than a local
>> >> chapter meeting/working session such as "Regional Event, AppHacker2012,
>> >> Build/Break2012, etc.." and use of the OWASP Foundation/EU brand,
>> resources,
>> >> insurance, backoffice employees, funds then the CC/OCMS system and be
>> >> managed by the established polices of the Global Conferences Committee
>> to do
>> >> so ensuring a min., level of quality is prerequisite and the
>> professional
>> >> brand is maintained.
>> >> It is REALLY important that people reading this understand what is a
>> >> "OCMS" what is was purpose built
>> >> for see:
>> https://www.owasp.org/index.php/Owasp_Conference_Management_System
>> >> +10 here (i used it just yesterday)
>> >> The conferences committee volunteers like all committees are managed by
>> >> volunteers to foster growth without malice as the regional
>> representatives
>> >> for around the world - the day-to-day process and administration of
>> best
>> >> practice should then be mapped and managed by owasp employees and
>> >> contractors when possible to enable for scale of a repeatable and
>> measurable
>> >> process.
>> >> 2nd item on the above URL;
>> >> Chapter Finance Policy and Procedure, this item was NOT part of the
>> vote
>> >> today. For the record, I DO support this model of sweeping funds from
>> local
>> >> chapters back to the OWASP Foundation. There is currently $94,000.00 in
>> >> funds set-aside for chapters see:
>> >>  https://www.owasp.org/index.php/Donation_Scoreboard   However, once a
>> >> ratified 201X  chapter handbook is produced as a deliverable from the
>> >> conferences committee and is then agreed to by each chapter team as
>> >> governance or suggested guideline document (*NOTE* these are two very
>> >> different terms)  But note, chapter leaders in any country, state or
>> region
>> >> have with or without signature today agreed to run a local chapter as
>> acting
>> >> as a extension and agent of the foundation including its ethics and
>> >> principals as volunteers. So lets make it really easy for them and
>> future
>> >> ones to foster collaboration of quality under the flag of OWASP
>> Foundation.
>> >>  A chapter measured only by quantity of attendees of meetings is not a
>> very
>> >> good measurement - quality first and always, experiment locally,
>> promote
>> >> success globally, people will come if the core is a solid group of
>> >> professionals in it for the right reasons = community and the mission.
>> >> So just to be very clear, I voted YES, continue to vote YES but to
>> Counter
>> >> Proposal B this provides the best flexibility globally, provides
>> chapters
>> >> with additional responsibility that they have to manage not only for XX
>> >> events per year but also they need to get there hands around the 70+
>> active
>> >> chapters.
>> >> Test Cases:
>> >>
>> >> Chapter A Chapter wants to hold a training event - this does NOT
>> >> require conferences committee/OCMS
>> >> Chapter A + Chapter B  wants to hold a training event and IS requesting
>> >> resources of monetary support - requires conferences committee/OCMS
>> >> Chapter A + Chapter C  wants to hold a training event and does NOT
>> >>  requesting resources of monetary support - this does
>> >> not  require conferences committee/OCMS
>> >> Chapter A  wants to hold a meeting in that will bring in
>> 50,100,150,200+
>> >> attendees as part of its regular meeting schedule, does not require
>> OCMS
>> >> Chapter A  wants to hold a meeting in Madison Square Garden and utilize
>> the
>> >> resources of its employees and contractors and enter into agreements
>> etc...
>> >> YES it needs the Conferences Committee to understand what is going on
>> >> BIG APPLE SECURITY CONFERENCE (aka: Chapter A, Chapter B, Chapter C
>> >> & Chapter D) want to do a event together utilize the resources of its
>> >> employees and contractors and enter into agreements etc... = this would
>> be
>> >> an example of a regional event and YES it needs to the conferences
>> >> committeee
>> >> Chapter A + Chapter Z wants to do a virtual event - this does NOT
>> >> require conferences committee/OCMS
>> >> Chapter X gets really tired of  the perception of a bureaucratic,
>> >> rule-based, control -- they want to do there own thing include
>> Software,
>> >> Midgets, and Costumes call it <insert cool name> - if it does not pass
>> the
>> >> established review process to keep quality events and after a meeting
>> with
>> >> the chapter/conference organizators it could be negotiated or
>> completely
>> >> rejected and if needed appealed.
>> >>
>> >> So where does this put ME?  Is this a FLIP FLOP to a NO or Abstain
>> vote??
>> >> No..... clearly the YES of ALL attending board members to the presented
>> >> materials suggests that there needs to be an adjustment in providing a
>> >> threshold for the chapters committee for the good of the global
>> foundation -
>> >> the extent is what needs to be defined clearly.  I would suggest that a
>> >> committee chair meeting is held to discuss and nail down a
>> collaborative
>> >> solution that effects not any individual volunteer, but rather the
>> >> committees look at the management of the workflow for the good of the
>> >> organization and in the spirit of evolution, outreach and and
>> >> experimentation. and provide a acceptable resolution by next board
>> meeting
>> >> that can be managed by OWASP staff.
>> >> Interested in the other fun and exciting behind the curtain results be
>> sure
>> >> to visit:  https://www.owasp.org/index.php/OWASP_Board_Meetings  (note
>> that
>> >> the 6-June meeting is the 20-June meeting)
>> >> Psssst hey Mark its 11:55am EST you will be getting up shortly to feed
>> the
>> >> new baby ;) thank you and your team - be aware that Chapters is here
>> also to
>> >> do heavy lifting too.  This also is a good example of what you as the
>> reader
>> >> should review and get behind a candidate for the forthcoming election:
>> >>
>> https://www.owasp.org/index.php/Membership/2011Election#Self-Nominated_2012_Candidates
>> >>  see WHY ME
>> >> Semper Fi,
>> >> Brennan
>> >> Tel: 973-202-0122
>> >> Skype: proactiverisk
>> >>
>> >> -----For those that did not click the above link below is the
>> information we
>> >> are talking about------------
>> >>
>> >> BOARD VOTE REQUESTED
>> >>
>> >> Updates and Changes to Conference Supervision by Committees
>> >>
>> >> 1. Global AppSec Events will remain under the Supervision of the Global
>> >> Conference Committee.
>> >>
>> >> 2. Partner Events and Outreach (representation) will remain under the
>> >> Supervision of the Global Conference Committee.
>> >>
>> >> 3. Local and Regional Events will move underneath the umbrella of the
>> Global
>> >> Chapter Committee.
>> >>
>> >> Additional Documentation
>> >>
>> >> Rational - Counter Argument
>> >>
>> >> Chapter Finance Policy and Procedure
>> >>
>> >> OCMS
>> >>
>> >> Counter proposal A
>> >>
>> >> Updates and Changes to Conference Supervision by Committees (counter
>> >> proposal)
>> >>
>> >> Conferences and Chapters will continue their existing roles.
>> >> Conferences will work to bolster support for local events and define
>> events.
>> >>
>> >> Committee Supervison of Events Rational
>> >>
>> >> Counter proposal B
>> >>
>> >> Events expecting over 100 attendees* shall remain under the Supervision
>> of
>> >> the Global Conference Committee.
>> >> Events expecting less than 100 will move underneath the umbrella of the
>> >> Global Chapter Committee.
>> >> Partner Events and Outreach (representation) will remain under the
>> >> Supervision of the Global Conference Committee.
>> >>
>> >> * With the exception of regular chapter meetings which on very few
>> occasions
>> >> will be larger than this, I believe only NY/NJ has this issue currently
>> >>
>> >> -------------------
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> On Jun 20, 2011, at 8:17 PM, Mark Bristow wrote:
>> >>
>> >> Kate,
>> >> (sorry for the text wall, as you can tell I am passionate about this
>> topic
>> >> which is why I signed up for the conferences committee in the first
>> place)
>> >>
>> >> Respectfully to you and Jason, I disagree.  I DO agree however that the
>> >> Committees exist to facilitate and grow their areas of responsibility
>> >> however sometimes this is done by setting guidelines/rules/policies to
>> >> facilitate this.  If it doesn't matter who's "jurisdiction" things fall
>> >> under, then why was it transfered from the Conferences to Chapter
>> >> committees?
>> >> Of course it matters, and it matters for several reasons.  As OWASP has
>> >> grown there has been a need to share the load of organizing our
>> activities.
>> >>  In OWASP 1.0 there was just a loose collection of "leaders" who would
>> >> organize projects, events, chapters et all in a somewhat organic way
>> with
>> >> little structure, then as we grew in notoriety, membership and became a
>> >> 501c, OWASP 2.0 we added a board who's job it was to provide oversight
>> and
>> >> be the caretakers of OWASP, resolve conflicts and help steer the
>> >> organization.  As of 2008, OWASP 3.0, the Global Committees were formed
>> as
>> >> the individual tasks of facilitating, growing, coordinating and
>> organizing
>> >> Chapters, Education, Conferences, Projects, Membership, Industry and
>> >> Connections became too much for a single group of 6-7 people to
>> coordinate.
>> >>  The organization elected by nomination, volunteers with the skills,
>> >> expertise and experience necessary to execute on the more focused
>> committee
>> >> missions with the board providing final oversight.  I know
>> >> we occasionally pine for the days were things were loosely coordinated
>> and
>> >> organized but that was before OWASP had international recognition, a
>> >> budget, complex infrastructure, full time staff members, summits, and
>> >> thousands of members.
>> >> We are not who we were in OWASP 1.0, to deny this is to deny ourselves,
>> >> we've accomplished much and grown tremendously since then.  The key
>> however
>> >> is to be OWASP 3.0 in a way that keeps the spirit of OWASP 1.0's
>> innovation,
>> >> community and volunteerism.
>> >> With OWASP 3.0 we realized that we NEED a bit more structure at the
>> bottom
>> >> (In my view the membership is always at the top of the pyramid and the
>> board
>> >> at the top of the bottom) in order to ensure that OWASP continues to
>> >> function in a coordinated way.    I'm sure you remember Conferences in
>> 2008,
>> >> they were a hot mess.  We had a great event in NY but were having
>> trouble
>> >> extending that success into other events and keeping that institutional
>> >> knowledge.  Events were "popping out of the woodwork"
>> with overzealous event
>> >> planners with big dreams asking for significant financial resources in
>> order
>> >> host their own events in their city (I remember I was one of them).
>>  No-one
>> >> was coordinating the schedules of the events, and thus, everyone
>> >> had their events at nearly the same time of year, making
>> >> our volunteers, speakers and sponsors weary.  Limited funds were not
>> >> prioritized, tracked, ensured we could back them up.  I remember being
>> told
>> >> as an ASDC09 planner by allison that we needed to hold off on one of
>> our big
>> >> ticket items because the OWASP card was totally maxed out this month
>> (much
>> >> angering our catering people as I recall).  No one was keeping track if
>> the
>> >> events were making any money or not, we had the "wait and see" approach
>> for
>> >> profitability even as OWASP was taking on full time staff and having
>> >> ever increasing overhead costs to support things like the summit,
>> conference
>> >> bridges, website support and staff.  In short it was a mess that worked
>> by
>> >> the skin of it's teeth and personal heroics.
>> >> While not all gone, we don't have these problems anymore.  Why?  The
>> >> Conferences Committee was put in place to provide just an ounce of
>> oversite
>> >> and set some really basic rules about how events were put on and to
>> provide
>> >> a TON of guidance (I dare you to look at the history of the how to host
>> a
>> >> conference page), templates, ops support, financial support etc
>> >> from those who knew how to run successful OWASP events.  We changed how
>> we
>> >> coordinated events, evened out the schedule a bit relieving some of the
>> >> financial pressures on the foundation, helped events get sponsors, do
>> CFPs
>> >> and CFTs, negotiate contracts, and now we are sending people to help on
>> the
>> >> ground at the larger events.  Conferences run a lot smoother now and
>> this is
>> >> because they are being coordinated/overseen in addition to fostered and
>> >> grown.  This managed growth has allowed us to host more events, in more
>> >> places (AppSec China Anyone, Brazil twice) and pop up a myriad of
>> regional
>> >> and local events, all while turning better profit for the foundation to
>> >> support things like projects, infrastructure, loss-leader events (aka
>> free),
>> >> supply budgets to committees, sponsor leader travel, the list goes on
>> and
>> >> on.  This year we even started sharing some of these profits directly
>> with
>> >> the host chapters, although some decided to take this as a "limitation"
>> >> rather than an improvement.
>> >> Throughout this all, there has been ONE place to go to get information
>> on
>> >> events, ONE group of people setting high level organizational goals (do
>> any
>> >> of the other committees have posted goals?  we
>> >> do:)
>> https://www.owasp.org/index.php/Global_Conferences_Committee_2011_Plan)
>> >> and one voice to mediate issues, set policies and guidelines to help
>> foster
>> >> great OWASP events.  When you start getting two voices, they start
>> getting
>> >> conflicting information and it causes issues (I know you have many
>> examples
>> >> where the committee had set one policy and certain individuals
>> misinformed
>> >> people about that policy when asked instead of re-directing the inquiry
>> to
>> >> the committee), you need a "one stop shop" so everything is clear.  Our
>> >> wildly enthusiastic volunteers are to thank for these successes, but
>> every
>> >> once in a while, having someone there asking "why" before they write a
>> $100k
>> >> check has been a good thing.  Unfortunately OWASP does not have
>> unlimited
>> >> resources and occasionally we cant support everything everyone wants to
>> do
>> >> (although we almost never say no, just not now, or perhaps in a
>> different
>> >> way)
>> >> This is not unique to conference, almost every committee has some set
>> of
>> >> "policies".  Projects define project criteria and set standards for
>> >> active/inactive projects, Chapters have the chapter leader handbook and
>> set
>> >> rules for participation, openness, and frequency.  Membership sets the
>> >> prices of membership levels, defines codes of conduct and manages
>> voting
>> >> rights.  Each committee has to define some level of "oversight" and
>> >> "policies", to deny that eiteer Conferences or Chapters needs to do so
>> is
>> >> just well, terrible management practice.
>> >> I think that the small one day, local events that perhaps don't charge
>> a fee
>> >> or cost less than $1000 to run, essentially large chapter meetings,
>> could
>> >> and should absolutely be managed by the chapters committee.  But when
>> it
>> >> comes to hosting the bigger Regional and Global AppSec events,
>> >> with hundreds of guests, venue contracts, catering,
>> travel, transportation,
>> >> training these are the things that the Conference committee does best.
>>  I've
>> >> not heard a single criticism that the committee was not doing this
>> well.
>> >>  Why stop us from doing our jobs?  Lets continue to grow and
>> investigate new
>> >> ideas for events, new ways to reach more developers (I still owe the
>> GPC a
>> >> Secure the Flag Competition) but in the mean time, we still need people
>> who
>> >> have done successful events to help mentor and guide those just
>> starting
>> >> out, that's what the Conferences Committee is here to do.
>> >> On Mon, Jun 20, 2011 at 7:12 PM, Kate Hartmann <
>> kate.hartmann at owasp.org>
>> >> wrote:
>> >>>
>> >>> Jason, you have summarized the role of the committees well:
>>  Committees
>> >>> exist to solely to facilitate and grow their respective areas of
>> >>> responsibility, NOT to "oversee" or "govern" these areas.  From this
>> >>> perspective, why the heck does it matter who's "jurisdiction" it falls
>> >>> under?!?
>> >>> The chapters committee had a great discussion on the next steps this
>> >>> afternoon.  This is not about governance, but about which group might
>> be
>> >>> able to offer the best support.  It's also not about creating silos,
>> but
>> >>> about trying to create the best possible support for leaders who want
>> to
>> >>> take their chapters to the next level.
>> >>> One of the discussion threads from today's chapter call was to allow
>> the
>> >>> planners the option to aim big by aligning their event with the
>> conferences
>> >>> committee.  I also have no reason to believe that OCMS would no longer
>> be
>> >>> required.  On the contrary, it is such a remarkable accomplishment
>> that it
>> >>> is now a critical step in the planning process.
>> >>> The chapter committee is composed of leaders who have faced the
>> challenges
>> >>> of hosting a one day event or a large scale meeting.  I am confident
>> that
>> >>> their perspective along with the support of the conference team's
>> global
>> >>> conference experience will strengthen our outreach efforts.
>> >>> Kate Hartmann
>> >>> OWASP Operations Director
>> >>>
>> >>> On Jun 20, 2011, at 4:56 PM, Jason Li <jason.li at owasp.org> wrote:
>> >>>
>> >>> Board/Committee Chairs,
>> >>> I apologize that I could not speak up more clearly on this issue
>> during
>> >>> the Board call due to my bad connection from Morocco.
>> >>> Having watched the threads, the whole local/regional/global event
>> debate
>> >>> seems to me to be a proxy war for one issue: profit sharing via the
>> >>> chapter/conference split.
>> >>> Committees exist to solely to facilitate and grow their respective
>> areas
>> >>> of responsibility, NOT to "oversee" or "govern" these areas.  From
>> this
>> >>> perspective, why the heck does it matter who's "jurisdiction" it falls
>> >>> under?!?
>> >>> As Eoin alluded to on the conference call, the idea of sticking an
>> >>> artificial wall between the chapters committee and the conferences
>> committee
>> >>> is ludicrous. Local and regional event planners should be able to
>> leverage
>> >>> the respective knowledge and experience of both the Chapters Committee
>> and
>> >>> the Conferences Committee!
>> >>> Remove the split debate and I see absolutely no logical reason for any
>> of
>> >>> this whole event "governance" discussion at all. If anything, this
>> should be
>> >>> an amazing opportunity for a joint committee initiative to pursue some
>> of
>> >>> the ideas Jeff referred to in terms of growing chapters.
>> >>> It seems to me that it only matters when it comes to who gets to
>> decide
>> >>> how to "divide up the money".
>> >>> I agree with Mark that I think part of the discussion has been charged
>> >>> with the undertones of revenue split. If we don't solve that issue,
>> the next
>> >>> flash point will simply be what gets considered a "regional event"
>> versus a
>> >>> "global conference".
>> >>> I believe that most of Mark's points are legitimate concerns about the
>> >>> financial situation of OWASP as a whole, and the organization's
>> dependence
>> >>> on revenue from all OWASP *events*.
>> >>> While it would be nice if we could support every local chapter event
>> to
>> >>> grow the organization, the reality is that someone has to make the
>> decision
>> >>> on whether to fund events and I do not believe that it should be the
>> >>> decision of any one committee. So I think the Board, the Chapters
>> Committee,
>> >>> and the Conferences Committee need to sit down together and distill
>> their
>> >>> conversation to the real point of the matter which is: what happens to
>> money
>> >>> that comes into OWASP?
>> >>> And as it will be a long heated disucssion, it's a conversation that I
>> >>> *DON"T* think should happen on the leader's list :)
>> >>>
>> >>> -Jason
>> >>> On Mon, Jun 20, 2011 at 8:13 PM, Jeff Williams <
>> jeff.williams at owasp.org>
>> >>> wrote:
>> >>>>
>> >>>> Hi Mark,
>> >>>>
>> >>>>
>> >>>>
>> >>>> Congrats on the newborn – I understand those things can be time
>> consuming
>> >>>> J
>> >>>>
>> >>>>
>> >>>>
>> >>>> I support the board’s decision today because we want the Global
>> Chapters
>> >>>> Committee to grow into supporting the needs of chapters that want to
>> put on
>> >>>> local events.  I think there’s a good argument that these events
>> *are*
>> >>>> different than global events, and have different support needs.
>> >>>>
>> >>>>
>> >>>>
>> >>>> We want the Global Conferences Committee to focus on large-scale
>> >>>> international events – can you support an AppSec for every
>> development
>> >>>> platform?  On every continent?  With thousands of attendees?  How
>> about new
>> >>>> kinds of events – open-space conferences, more OWASP Summits,
>> training
>> >>>> events, college events, etc… There are 15 million developers in the
>> world
>> >>>> and we are only reaching a few hundred of them today.  You’ve done a
>> great
>> >>>> job with our existing style of conference…  Can you take it to the
>> next
>> >>>> level?
>> >>>>
>> >>>>
>> >>>>
>> >>>> I think you’re exactly right that over time we will have to work out
>> >>>> which are “Global” events and “Local” events. To me, the decision
>> should be
>> >>>> made by the folks organizing the conference – in collaboration with
>> folks on
>> >>>> both the Chapters and Conferences committees.  I hope that they’ll
>> get
>> >>>> different support and the event will come out differently.
>> >>>>
>> >>>>
>> >>>>
>> >>>> I’d like to make it perfectly clear that this vote wasn’t a
>> referendum on
>> >>>> the performance of the Global Conferences Committee by any means.
>> You and
>> >>>> your team have done a great job of establishing infrastructure and
>> managing
>> >>>> all sorts of events.  The financial information you provided was
>> greatly
>> >>>> appreciated and is a perfect example of the work you’ve done.
>> >>>>
>> >>>>
>> >>>>
>> >>>> Thank you for all your hard work!
>> >>>>
>> >>>>
>> >>>>
>> >>>> --Jeff
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>> From: owasp-board-bounces at lists.owasp.org
>> >>>> [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Mark
>> Bristow
>> >>>> Sent: Monday, June 20, 2011 2:50 PM
>> >>>> To: OWASP Foundation Board List
>> >>>> Cc: owasp-global-chapter-committee; global_conference_committee;
>> >>>> owasp-leaders at lists.owasp.org
>> >>>> Subject: [Owasp-board] Removal of Regional/Local event oversight from
>> >>>> Conferences Committee
>> >>>>
>> >>>>
>> >>>>
>> >>>> OWASP Board,
>> >>>>
>> >>>> I apologize for not being able to make the meeting today but having a
>> >>>> newborn at home simply had to take priority.  After reviewing the
>> meeting
>> >>>> minutes I was very sorry to see that you decided to take up this very
>> >>>> important topic without my participation despite my request not to do
>> so, I
>> >>>> had made arrangements to attend the original meeting on June 6th but
>> >>>> unfortunately the board postponed and I could not attend today.   I
>> was very
>> >>>> troubled to see the results of your decision to "Move local and
>> regional
>> >>>> events from umbrella of conferences committee to chapters committee,
>> >>>> effective July 31, 2011" supported by "Tom, Seba, Eoin, Jeff, Dave"
>> and
>> >>>> frankly am somewhat bewildered at this change.
>> >>>>
>> >>>> Over the past 2 years under the Conferences Committee’s leadership,
>> we’ve
>> >>>> seen OWASP grow from having one, perhaps two global events each year
>> to
>> >>>> having a Global AppSec Conference in North America, South America,
>> Europe
>> >>>> and Asia every year in addition to increasing the number of regional
>> and
>> >>>> local events we participate in worldwide. In the last year the GCC
>> has
>> >>>> instituted clear, concise policies to govern events that were
>> previously in
>> >>>> a state of disarray causing significant internal conflict, developed
>> a
>> >>>> system for managing events automatically as well as streamline the
>> event
>> >>>> management process, and launched a new Global Sponsorship initiative
>> to help
>> >>>> OWASP better attract sponsors to events.   We have instituted new
>> programs
>> >>>> to better support events, streamline processes for getting
>> promotional
>> >>>> merchandise and booth support to non-OWASP events, attempted to
>> streamline
>> >>>> the contracting process and purchased common equipment to save OWASP
>> money
>> >>>> in running events.  The committee has grown from 3 to 11 members, and
>> hired
>> >>>> part time operations support giving us the additional bandwidth and
>> support
>> >>>> we need to get all of these done and done well.  While we are not
>> perfect
>> >>>> I'd argue you'd be hard pressed to find a more ambitious and
>> successful
>> >>>> global committee at OWASP.
>> >>>>
>> >>>> I don't know if this was discussed but it's not clear to me that the
>> >>>> board has a full understanding of the financial implications that
>> this
>> >>>> change may reflect for OWASP.  Last year conference income accounted
>> for 77%
>> >>>> of OWASP's annual income and brought in a total profit of $240,399.71
>> (up
>> >>>> 151% from 2009 under the conferences committee's oversight).
>> Regional and
>> >>>> local event income totaled $295,845.52 representing 40% of OWASP's
>> >>>> conference income.  Moving these responsibilities to an untested
>> committee
>> >>>> who is not focused on or experienced in running events could put
>> OWASP in
>> >>>> significant financial jeopardy.  To give you some perspective the
>> regional
>> >>>> and local event income is 149% more than the $198,620.74 that the
>> foundation
>> >>>> spent on the Summit last year.  Despite these operational, support
>> and
>> >>>> financial sucesses, it's unfortunate that the board has obviously
>> lost
>> >>>> confidence in our ability manage OWASP Events, by reducing our
>> oversight, as
>> >>>> was defined in our recently re-approved (by the board) mission
>> statement
>> >>>>
>> >>>> I will not pretend that there are not some areas where the
>> Conferences
>> >>>> Committee needs to improve. I agree with the sentiment that we do not
>> >>>> clearly define the differences between the "type" of event or level
>> support
>> >>>> between Global AppSec, Regional and Local events. We also need to
>> continue
>> >>>> our work of spreading out the OWASP Global Event Calendar as we are
>> still
>> >>>> very heavy in the second part of the year. I will also admit that not
>> every
>> >>>> decision the Global Conferences Committee has made has been popular
>> however
>> >>>> sometimes unpopular or difficult decisions need to be made for the
>> greater
>> >>>> good, this is why the committees exist. I will say that all of the
>> decisions
>> >>>> made by the conferences committee have been conducted in the most
>> open and
>> >>>> democratic way possible. We conduct almost all of our business on the
>> >>>> mailing list for all to see and contribute and we vote on almost
>> every
>> >>>> decision so that those who have been validated by their peers to
>> serve on
>> >>>> the committee can have their say in the process. The conferences
>> committee
>> >>>> was even the first to develop a self governance document which was
>> adopted
>> >>>> in part or in whole by several of the other committees, including
>> chapters.
>> >>>> Considering the massive responsibility placed on the conferences
>> committee
>> >>>> in both leading the outreach effort and in ensure the foundation has
>> >>>> sufficient operating income to continue it’s existence I’d say the
>> Global
>> >>>> Conferences Committee is doing a great job and don’t see the reason
>> or
>> >>>> rationale for making any move that would obstruct them from
>> continuing to do
>> >>>> great work on behalf of OWASP.
>> >>>>
>> >>>> I will concede however that if the board feels that local events,
>> >>>> involving only 1 or 2 chapters or under a certain size, would be
>> better
>> >>>> served under the responsibility of the Chapters Committee, I would
>> >>>> understand that.  To support these smaller events we mostly provide
>> >>>> foundation funds, guidance when asked and leave the vast majority of
>> the
>> >>>> planning to the local team, something that the Chapters Committee
>> could take
>> >>>> on.  Additionally these events have a less significant impact to the
>> >>>> foundation as a whole and in general do not generate significant
>> income
>> >>>> (last year they represented 0.88% or $2065.07 of total event income,
>> many
>> >>>> local events don't charge and we think that's GREAT!). However, the
>> >>>> Conferences Committee has the experts for running larger events such
>> as
>> >>>> Regional (such as AppSec DC and LASCON, which can have hundreds of
>> >>>> attendees) and Global AppSec events and I'm not sure I see the wisdom
>> or
>> >>>> logic in moving their oversight, especially for Regional events, to a
>> >>>> committee who is not focused on events and does not have the
>> expertise in
>> >>>> this area.
>> >>>>
>> >>>> I have a suspicious feeling that this initiative is really a
>> different
>> >>>> venue for a small number of individuals who object to one and only
>> one of
>> >>>> the GCC policies on profit sharing (see
>> >>>>
>> https://www.owasp.org/index.php/Confernece_Profit_Sharing_Split_Rationale
>> >>>> for some hard facts on that issue) what was voted on by the GCC and
>> ratified
>> >>>> by the board.  If so, then this entire issue should be dropped and
>> those
>> >>>> individuals should challenge the policy not the committee that
>> oversees
>> >>>> events.  The committees are there to make tough decisions and this
>> decision
>> >>>> was based on significant community input, conducted in a fair and
>> open
>> >>>> manor, and was set specifically to allow the most OWASP outreach
>> possible,
>> >>>> be fiscally responsible for OWASP as a whole and eliminate the
>> creation of
>> >>>> rich/poor OWASP chapters.  Opponents of the policy suggest a system
>> that
>> >>>> last year would have allocated an additional $35,976 to only 2
>> chapters
>> >>>> leaving almost every other chapter unchanged.
>> >>>>
>> >>>> Again I apologize for not being able to make the meeting, however if
>> >>>> someone could outline the board's rationale for this decision I would
>> >>>> certainly appreciate it.
>> >>>>
>> >>>> Regards,
>> >>>>
>> >>>> --
>> >>>> Mark Bristow
>> >>>> (703) 596-5175
>> >>>> mark.bristow at owasp.org
>> >>>>
>> >>>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>> >>>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>> >>>> AppSec DC Organizer - https://www.appsecdc.org
>> >>>>
>> >>>> _______________________________________________
>> >>>> Owasp-board mailing list
>> >>>> Owasp-board at lists.owasp.org
>> >>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>> >>>>
>> >>>
>> >>> _______________________________________________
>> >>> OWASP-Leaders mailing list
>> >>> OWASP-Leaders at lists.owasp.org
>> >>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> >>
>> >>
>> >>
>> >> --
>> >> Mark Bristow
>> >> (703) 596-5175
>> >> mark.bristow at owasp.org
>> >>
>> >> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>> >> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>> >> AppSec DC Organizer - https://www.appsecdc.org
>> >>
>> >> _______________________________________________
>> >> Committees-chairs mailing list
>> >> Committees-chairs at lists.owasp.org
>> >> https://lists.owasp.org/mailman/listinfo/committees-chairs
>> >>
>> >>
>> >> _______________________________________________
>> >> OWASP-Leaders mailing list
>> >> OWASP-Leaders at lists.owasp.org
>> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> >>
>> >>
>> >
>> >
>> >
>> > --
>> > Tin Zaw, CISSP, CSSLP
>> > Chapter Leader and President, OWASP Los Angeles Chapter
>> > Chair, OWASP Global Chapter Committee
>> > Google Voice: (213) 973-9295
>> > LinkedIn: http://www.linkedin.com/in/tinzaw
>> > _______________________________________________
>> > OWASP-Leaders mailing list
>> > OWASP-Leaders at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> >
>>
>>
>>
>> --
>> Regards,
>> Christian Heinrich
>> http://www.owasp.org/index.php/user:cmlh
>>  _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
Mark Bristow
(703) 596-5175
mark.bristow at owasp.org

OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
AppSec DC Organizer - https://www.appsecdc.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110624/296954e1/attachment-0002.html>


More information about the Owasp-board mailing list