[Owasp-board] Profit Sharing Discussion
michael.coates at owasp.org
Tue Nov 20 15:52:36 UTC 2012
Request for feedback sent to leaders list.
Please review the feedback and be ready to vote on this on Monday.
Michael Coates | OWASP | @_mwc
On Tue, Nov 20, 2012 at 12:37 AM, Eoin Keary <eoinkeary at gmail.com> wrote:
> As mentioned a few weeks back, send to leaders for comment.
> They are leaders and deserve input.
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
> On 20 Nov 2012, at 03:07, Tom Brennan <tomb at owasp.org> wrote:
> This needs to go for comment to 200+ chapters. Especially chapters that
> would be leveraged for international locations around the world for AppSec
> events. Since the recent announcement neutering committees the only active
> volunteers are the chapters that need to have a clear understanding of this
> As a chapter leader we will see this year how appsec2013 works out now
> that we have a employee based primary team with local volunteer support.
> The first call it upcoming
> If anyone else wants to roll up sleeves the action/planning calls are
> ongoing see; http://www.meetup.com/OWASP-NYC/events/86936002/
> I prefer a flat % 75/25 after expenditures and no caps - chapters earning
> should have simple split not complex that does not translate well or allow
> the system to be gamed rather quickly.
> As far as our chapter is concerned we need to generate 25k from appsecUSA
> or its not worth the effort.
> Tom Brennan
> On Nov 19, 2012, at 9:45 PM, Michael Coates <michael.coates at owasp.org>
> Any other thoughts on the proposed model? The feedback is all positive
> with a few wording clarifications. The bigger picture issue that Sarah has
> mentioned is also a good item to consider.
> Regarding the profit sharing proposal, I don't see any major concerns
> either. This item will be up for vote during our next meeting. Please make
> sure to familiarize yourself with the details. I'd like to get any
> concerns out for discussion now so we can dig into these ideas before the
> next board meeting.
> Sarah - thanks for the financial analysis and thoughts. Very helpful.
> Michael Coates | OWASP | @_mwc
> On Wed, Nov 14, 2012 at 10:09 AM, Sarah Baso <sarah.baso at owasp.org> wrote:
>> Board Members -
>> My thoughts on the new proposed policy and long term success of the
>> Foundation and Global AppSec "brand":
>> *Overall - I think the new policy is ok, as currently drafted*.
>> - I would recommend a modification similar to what Josh and Dave
>> discussed in their comments. *"2. All other events not classified
>> as one of the Global AppSec Events will realize a 10/90 revenue split
>> (Foundation/chapter) up to $5,000 USD. Any profits above the $5K will
>> recognize the standard 60/40 split. (Foundation/Chapter)." *
>> * * *For larger chapters that want to run a local or regional event on a
>> yearly basis, we should have an avenue for them to recognize a larger
>> profit. Also, they are doing all (or *
>> * most of) the work then they should be able to get most of the profits.
>> I would say that a chapter can request up to an additional $5000 by
>> submitting both a chapter budget *
>> * and event budget to be approved by staff.*
>> * *
>> *Bigger picture issues:*
>> As we look at the need for the Global AppSecs to serve as major
>> fundraisers to support the other goals/initiatives of the foundation - I
>> think we need to consider the possibility of a different approach to the
>> model. Many of the issues with the funding & conference planning model(s)
>> that have been used in the past and proposed for the future surround the
>> dichotomy that 1) we need a model that will raise money for the foundation
>> and support our GLOBAL initiatives (i.e. Money generated from AppSec USA
>> supports outreach in APAC, Latam, and Europe), 2) chapters/volunteers want
>> proper control, recognition and "funds" for their input and efforts in
>> creating and driving the conference.
>> A few examples:
>> - *Profit distribution:* What portion of the profits should a chapter
>> get that raises almost $150,000 for the foundation and has MANY volunteers
>> dedicating their nights and weekends for months to make a successful event?
>> How should the profits differ for another chapter that only has 2
>> volunteers that contribute all of their time, but only raise $5000 for the
>> foundation? What about a third scenario where there is virtually no help
>> from the local chapter and the event raises $10,000 due to contributions of
>> a global volunteer base and OWASP Staff efforts?
>> - *Content:* How do we build a professional call for papers or call
>> for training system that gives local volunteers the control and input they
>> want but also accommodates regional needs (Standard conference vs. Research
>> driven conference), building the OWASP Brand (promoting OWASP Projects),
>> and maintains a professional selection process that is communicated to the
>> larger community and pool of applicants?
>> - *Sponsorships: *While moving locations from year to year brings in
>> a new crowd of attendees local to that area, this also comes with many
>> "unknowns" for sponsors. What will the vendor space look like, what will
>> the sponsor's availability to attendees be, how will their sales team
>> generate leads? From the perspective of building relationships with the
>> sponsors and giving them a consistent expectation from year to year - it
>> would be best for us to be able to lay out specifications/guidelines for
>> the global event planners (and clearly outline to the sponsors what they
>> can expect for their money). This sometimes runs in conflict with what the
>> local event planners think would be best for their individual event.
>> A suggestion for 2014 that Kate and I have discussed is to *move the the
>> Global AppSecs to a static location from year to year*. In this model,
>> the employees would work with a team of volunteers (not necessarily local)
>> to plan an implement the conference. The model would change from one that
>> is trying to make money for one chapter and control of the decisions for
>> that chapter to one that is more global. I think creating an event
>> template with many re-usable parts (not to mention service providers -
>> venue, catering, AV, etc) would be much easier and allow us to focus on
>> things like content and the OWASP message rather than logistics.
>> Additionally, I think this type of model is more sustainable
>> and scale-able for long term growth for our brand and fundraising
>> A static location would also allow for more planning in advance. Right
>> now we do the call for conferences a year out. The idea that these events
>> (especially as they grow in size) should start planning more than a year in
>> advance has come up a few different times on conference committee calls and
>> discussions. The problem remains that the submissions/location proposals
>> are driven by local chapter leaders (ideally teams), and planning a global
>> app sec is a large investment in time an energy. Many people would
>> probably argue "too large" which is one of the reasons we don't get more
>> proposals in our call for locations. To ask conference planners to submit
>> even more in advance is often difficult as they don't know their schedule
>> or where there life will be that far in advance. Once again, having static
>> locations and planning process that is more centralized will help overcome
>> these obstacles.
>> If others are in support of considering this new static location model,
>> there are certainly a lot of details to work out including: where will
>> these static locations be, how do we solicit and reward volunteers
>> (especially if we aren't allowing the chapter in the static location to
>> reap profits), etc.
>> I certainly don't think this is the ONLY option for us, but it is
>> something to consider as our events and organizational needs continue to
>> grow. I wasn't "sold" on this idea initially, but the more I think about
>> it, the more it seems like plausible option for us. Consider that as we
>> are able to do more fundraising centrally, we also can empower
>> local/regional event planners to focus on outreach rather than income...
>> which also supports our community and the mission.
>> Looking forward to hearing thoughts and input on this new model.
>> Sarah Baso
>> On Wed, Nov 14, 2012 at 9:11 AM, Sarah Baso <sarah.baso at owasp.org> wrote:
>>> Michael et al -
>>> *First for reference, here is the current policy in place:*
>>> Local host chapters will share in OWASP event profits under the
>>> following schedule. In the case of multiple host chapters, the host
>>> chapters will be responsible for determining the division before the event.
>>> - Global AppSec Conference - 25% of event profits with a $5,000 USD
>>> cap ($10,000 for multi-chapter events)
>>> - Regional/Theme Events - 30% of event profits with a $4,000 USD cap
>>> - Local Events - 50% of profits with a $3000 USD cap
>>> *Budgeting Implications*
>>> Under the new plan, there is a opportunity for the local chapter to earn
>>> much more than that listed below if they surpass the profit target, but
>>> just using the profit target as a guideline... here are the numbers....
>>> *Comments from Conferences Committee Call & Mailing List Thread*
>>> From July 18, 2012 Conference Committee Call:
>>> - Request for Comment: proposed policy for profit sharing and
>>> financial oversight of future OWASP events:
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board