[Owasp-board] Profit Sharing Discussion

Michael Coates michael.coates at owasp.org
Tue Nov 20 15:52:36 UTC 2012

Request for feedback sent to leaders list.

Please review the feedback and be ready to vote on this on Monday.


Michael Coates | OWASP | @_mwc

On Tue, Nov 20, 2012 at 12:37 AM, Eoin Keary <eoinkeary at gmail.com> wrote:

> As mentioned a few weeks back, send to leaders for comment.
> They are leaders and deserve input.
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
> On 20 Nov 2012, at 03:07, Tom Brennan <tomb at owasp.org> wrote:
> This needs to go for comment to 200+ chapters. Especially chapters that
> would be leveraged for international locations around the world for AppSec
> events. Since the recent announcement neutering committees the only active
> volunteers are the chapters that need to have a clear understanding of this
> shift.
> As a chapter leader we will see this year how appsec2013 works out now
> that we have a employee based primary team with local volunteer support.
> The first call it upcoming
> If anyone else wants to roll up sleeves the action/planning calls are
> ongoing see; http://www.meetup.com/OWASP-NYC/events/86936002/
> I prefer a flat % 75/25 after expenditures and no caps - chapters earning
> should have simple split not complex that does not translate well or allow
> the system to be gamed rather quickly.
> As far as our chapter is concerned we need to generate 25k from appsecUSA
> or its not worth the effort.
> Tom Brennan
> 973-202-0122
> On Nov 19, 2012, at 9:45 PM, Michael Coates <michael.coates at owasp.org>
> wrote:
> Board,
> Any other thoughts on the proposed model?  The feedback is all positive
> with a few wording clarifications.  The bigger picture issue that Sarah has
> mentioned is also a good item to consider.
> Regarding the profit sharing proposal, I don't see any major concerns
> either.  This item will be up for vote during our next meeting. Please make
> sure to familiarize yourself with the details.  I'd like to get any
> concerns out for discussion now so we can dig into these ideas before the
> next board meeting.
> Sarah - thanks for the financial analysis and thoughts. Very helpful.
> --
> Michael Coates | OWASP | @_mwc
> michael-coates.blogspot.com
> On Wed, Nov 14, 2012 at 10:09 AM, Sarah Baso <sarah.baso at owasp.org> wrote:
>> Board Members -
>> My thoughts on the new proposed policy and long term success of the
>> Foundation and Global AppSec "brand":
>> *Overall - I think the new policy is ok, as currently drafted*.
>>    - I would recommend a modification similar to what Josh and Dave
>>    discussed in their comments.  *"2.  All other events not classified
>>    as one of the Global AppSec Events will realize a 10/90 revenue split
>>    (Foundation/chapter) up to $5,000 USD.  Any profits above the $5K will
>>    recognize the standard 60/40 split. (Foundation/Chapter)." *
>> * * *For larger chapters that want to run a local or regional event on a
>> yearly basis, we should have an avenue for them to recognize a larger
>> profit. Also, they are doing all (or  *
>> * most of) the work then they should be able to get most of the profits.
>> I would say that a chapter can request up to an additional $5000 by
>> submitting both a chapter budget *
>> * and event budget to be approved by staff.*
>> * *
>> *Bigger picture issues:*
>> *
>> *
>> As we look at the need for the Global AppSecs to serve as major
>> fundraisers to support the other goals/initiatives of the foundation - I
>> think we need to consider the possibility of a different approach to the
>> model.  Many of the issues with the funding & conference planning model(s)
>> that have been used in the past and proposed for the future surround the
>> dichotomy that 1) we need a model that will raise money for the foundation
>> and support our GLOBAL initiatives (i.e. Money generated from AppSec USA
>> supports outreach in APAC, Latam, and Europe), 2) chapters/volunteers want
>> proper control, recognition and "funds" for their input and efforts in
>> creating and driving the conference.
>> A few  examples:
>>    - *Profit distribution:* What portion of the profits should a chapter
>>    get that raises almost $150,000 for the foundation and has MANY volunteers
>>    dedicating their nights and weekends for months to make a successful event?
>>     How should the profits differ for  another chapter that only has 2
>>    volunteers that contribute all of their time, but only raise $5000 for the
>>    foundation?  What about a third scenario where there is virtually no help
>>    from the local chapter and the event raises $10,000 due to contributions of
>>    a global volunteer base and OWASP Staff efforts?
>>    - *Content:* How do we build a professional call for papers or call
>>    for training system that gives local volunteers the control and input they
>>    want but also accommodates regional needs (Standard conference vs. Research
>>    driven conference), building the OWASP Brand (promoting OWASP Projects),
>>    and maintains a professional selection process that is communicated to the
>>    larger community and pool of applicants?
>>    - *Sponsorships: *While moving locations from year to year brings in
>>    a new crowd of attendees local to that area, this also comes with many
>>    "unknowns" for sponsors.  What will the vendor space look like, what will
>>    the sponsor's availability to attendees be, how will their sales team
>>    generate leads?  From the perspective of building relationships with the
>>    sponsors and giving them a consistent expectation from year to year - it
>>    would be best for us to be able to lay out specifications/guidelines for
>>    the global event planners (and clearly outline to the sponsors what they
>>    can expect for their money).  This sometimes runs in conflict with what the
>>    local event planners think would be best for their individual event.
>> A suggestion for 2014 that Kate and I have discussed is to *move the the
>> Global AppSecs to a static location from year to year*. In this model,
>> the employees would work with a team of volunteers (not necessarily local)
>> to plan an implement the conference. The model would change from one that
>> is trying to make money for one chapter and control of the decisions for
>> that chapter to one that is more global.  I think creating an event
>> template with many re-usable parts (not to mention service providers -
>> venue, catering, AV, etc) would be much easier and allow us to focus on
>> things like content and the OWASP message rather than logistics.
>> Additionally, I think this type of model is more sustainable
>> and scale-able for long term growth for our brand and fundraising
>> objectives.
>> A static location would also allow for more planning in advance.  Right
>> now we do the call for conferences a year out. The idea that these events
>> (especially as they grow in size) should start planning more than a year in
>> advance has come up a few different times on conference committee calls and
>> discussions.  The problem remains that the submissions/location proposals
>> are driven by local chapter leaders (ideally teams), and planning a global
>> app sec is a large investment in time an energy.  Many people would
>> probably argue "too large" which is one of the reasons we don't get more
>> proposals in our call for locations.  To ask conference planners to submit
>> even more in advance is often difficult as they don't know their schedule
>> or where there life will be that far in advance.  Once again, having static
>> locations and planning process that is more centralized will help overcome
>> these obstacles.
>> If others are in support of considering this new static location model,
>> there are certainly a lot of details to work out including: where will
>> these static locations be, how do we solicit and reward volunteers
>> (especially if we aren't allowing the chapter in the static location to
>> reap profits), etc.
>> I certainly don't think this is the ONLY option for us, but it is
>> something to consider as our events and organizational needs continue to
>> grow. I wasn't "sold" on this idea initially, but the more I think about
>> it, the more it seems like plausible option for us.  Consider that as we
>> are able to do more fundraising centrally, we also can empower
>> local/regional event planners to focus on outreach rather than income...
>> which also supports our community and the mission.
>> Looking forward to hearing thoughts and input on this new model.
>> Regards,
>> Sarah Baso
>> *
>> *
>> On Wed, Nov 14, 2012 at 9:11 AM, Sarah Baso <sarah.baso at owasp.org> wrote:
>>> Michael et al -
>>> *First for reference, here is the current policy in place:*
>>> *
>>> *
>>> Local host chapters will share in OWASP event profits under the
>>> following schedule. In the case of multiple host chapters, the host
>>> chapters will be responsible for determining the division before the event.
>>>    - Global AppSec Conference - 25% of event profits with a $5,000 USD
>>>    cap ($10,000 for multi-chapter events)
>>>    - Regional/Theme Events - 30% of event profits with a $4,000 USD cap
>>>    - Local Events - 50% of profits with a $3000 USD cap
>>>  *Budgeting Implications*
>>> Under the new plan, there is a opportunity for the local chapter to earn
>>> much more than that listed below if they surpass the profit target, but
>>> just using the profit target as a guideline... here are the numbers....
>>> *
>>> *
>>> *<image.png>
>>> *
>>> *Comments from Conferences Committee Call & Mailing List Thread*
>>> From July 18, 2012 Conference Committee Call:
>>> *
>>>    - Request for Comment: proposed policy for profit sharing and
>>>    financial oversight of future OWASP events:
>>>    https://docs.google.com/a/owasp.org/document/d/159bD2oeAmM2yfPNeq5wHvIvHcl10Hl-c3Um2GXAW81Y/edit
>>> *
>> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20121120/eb8bcdb6/attachment-0001.html>

More information about the Owasp-board mailing list