[Owasp-board] Profit Sharing Discussion

Jim Manico jim.manico at owasp.org
Sun Nov 25 21:59:15 UTC 2012


Are we voting on Monday, or on Dev 10th?

https://www.owasp.org/index.php/Dec_10,_2012

- Jim


> Request for feedback sent to leaders list.
>
> Board,
> Please review the feedback and be ready to vote on this on Monday.
>
>
>
> -Michael
>
>
> --
> Michael Coates | OWASP | @_mwc
> michael-coates.blogspot.com
>
>
>
> On Tue, Nov 20, 2012 at 12:37 AM, Eoin Keary <eoinkeary at gmail.com> wrote:
>
>> As mentioned a few weeks back, send to leaders for comment.
>> They are leaders and deserve input.
>>
>>
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988
>>
>>
>> On 20 Nov 2012, at 03:07, Tom Brennan <tomb at owasp.org> wrote:
>>
>> This needs to go for comment to 200+ chapters. Especially chapters that
>> would be leveraged for international locations around the world for AppSec
>> events. Since the recent announcement neutering committees the only active
>> volunteers are the chapters that need to have a clear understanding of this
>> shift.
>>
>> As a chapter leader we will see this year how appsec2013 works out now
>> that we have a employee based primary team with local volunteer support.
>>
>> The first call it upcoming
>>
>> If anyone else wants to roll up sleeves the action/planning calls are
>> ongoing see; http://www.meetup.com/OWASP-NYC/events/86936002/
>>
>> I prefer a flat % 75/25 after expenditures and no caps - chapters earning
>> should have simple split not complex that does not translate well or allow
>> the system to be gamed rather quickly.
>>
>> As far as our chapter is concerned we need to generate 25k from appsecUSA
>> or its not worth the effort.
>>
>> Tom Brennan
>> 973-202-0122
>>
>>
>> On Nov 19, 2012, at 9:45 PM, Michael Coates <michael.coates at owasp.org>
>> wrote:
>>
>> Board,
>>
>> Any other thoughts on the proposed model?  The feedback is all positive
>> with a few wording clarifications.  The bigger picture issue that Sarah has
>> mentioned is also a good item to consider.
>>
>> Regarding the profit sharing proposal, I don't see any major concerns
>> either.  This item will be up for vote during our next meeting. Please make
>> sure to familiarize yourself with the details.  I'd like to get any
>> concerns out for discussion now so we can dig into these ideas before the
>> next board meeting.
>>
>>
>>
>> Sarah - thanks for the financial analysis and thoughts. Very helpful.
>>
>>
>>
>>
>> --
>> Michael Coates | OWASP | @_mwc
>> michael-coates.blogspot.com
>>
>>
>>
>> On Wed, Nov 14, 2012 at 10:09 AM, Sarah Baso <sarah.baso at owasp.org> wrote:
>>
>>> Board Members -
>>>
>>> My thoughts on the new proposed policy and long term success of the
>>> Foundation and Global AppSec "brand":
>>>
>>> *Overall - I think the new policy is ok, as currently drafted*.
>>>
>>>     - I would recommend a modification similar to what Josh and Dave
>>>     discussed in their comments.  *"2.  All other events not classified
>>>     as one of the Global AppSec Events will realize a 10/90 revenue split
>>>     (Foundation/chapter) up to $5,000 USD.  Any profits above the $5K will
>>>     recognize the standard 60/40 split. (Foundation/Chapter)." *
>>>
>>> * * *For larger chapters that want to run a local or regional event on a
>>> yearly basis, we should have an avenue for them to recognize a larger
>>> profit. Also, they are doing all (or  *
>>> * most of) the work then they should be able to get most of the profits.
>>> I would say that a chapter can request up to an additional $5000 by
>>> submitting both a chapter budget *
>>> * and event budget to be approved by staff.*
>>> * *
>>>
>>> *Bigger picture issues:*
>>> *
>>> *
>>> As we look at the need for the Global AppSecs to serve as major
>>> fundraisers to support the other goals/initiatives of the foundation - I
>>> think we need to consider the possibility of a different approach to the
>>> model.  Many of the issues with the funding & conference planning model(s)
>>> that have been used in the past and proposed for the future surround the
>>> dichotomy that 1) we need a model that will raise money for the foundation
>>> and support our GLOBAL initiatives (i.e. Money generated from AppSec USA
>>> supports outreach in APAC, Latam, and Europe), 2) chapters/volunteers want
>>> proper control, recognition and "funds" for their input and efforts in
>>> creating and driving the conference.
>>>
>>> A few  examples:
>>>
>>>     - *Profit distribution:* What portion of the profits should a chapter
>>>     get that raises almost $150,000 for the foundation and has MANY volunteers
>>>     dedicating their nights and weekends for months to make a successful event?
>>>      How should the profits differ for  another chapter that only has 2
>>>     volunteers that contribute all of their time, but only raise $5000 for the
>>>     foundation?  What about a third scenario where there is virtually no help
>>>     from the local chapter and the event raises $10,000 due to contributions of
>>>     a global volunteer base and OWASP Staff efforts?
>>>     - *Content:* How do we build a professional call for papers or call
>>>     for training system that gives local volunteers the control and input they
>>>     want but also accommodates regional needs (Standard conference vs. Research
>>>     driven conference), building the OWASP Brand (promoting OWASP Projects),
>>>     and maintains a professional selection process that is communicated to the
>>>     larger community and pool of applicants?
>>>     - *Sponsorships: *While moving locations from year to year brings in
>>>     a new crowd of attendees local to that area, this also comes with many
>>>     "unknowns" for sponsors.  What will the vendor space look like, what will
>>>     the sponsor's availability to attendees be, how will their sales team
>>>     generate leads?  From the perspective of building relationships with the
>>>     sponsors and giving them a consistent expectation from year to year - it
>>>     would be best for us to be able to lay out specifications/guidelines for
>>>     the global event planners (and clearly outline to the sponsors what they
>>>     can expect for their money).  This sometimes runs in conflict with what the
>>>     local event planners think would be best for their individual event.
>>>
>>>
>>> A suggestion for 2014 that Kate and I have discussed is to *move the the
>>> Global AppSecs to a static location from year to year*. In this model,
>>> the employees would work with a team of volunteers (not necessarily local)
>>> to plan an implement the conference. The model would change from one that
>>> is trying to make money for one chapter and control of the decisions for
>>> that chapter to one that is more global.  I think creating an event
>>> template with many re-usable parts (not to mention service providers -
>>> venue, catering, AV, etc) would be much easier and allow us to focus on
>>> things like content and the OWASP message rather than logistics.
>>> Additionally, I think this type of model is more sustainable
>>> and scale-able for long term growth for our brand and fundraising
>>> objectives.
>>>
>>> A static location would also allow for more planning in advance.  Right
>>> now we do the call for conferences a year out. The idea that these events
>>> (especially as they grow in size) should start planning more than a year in
>>> advance has come up a few different times on conference committee calls and
>>> discussions.  The problem remains that the submissions/location proposals
>>> are driven by local chapter leaders (ideally teams), and planning a global
>>> app sec is a large investment in time an energy.  Many people would
>>> probably argue "too large" which is one of the reasons we don't get more
>>> proposals in our call for locations.  To ask conference planners to submit
>>> even more in advance is often difficult as they don't know their schedule
>>> or where there life will be that far in advance.  Once again, having static
>>> locations and planning process that is more centralized will help overcome
>>> these obstacles.
>>>
>>> If others are in support of considering this new static location model,
>>> there are certainly a lot of details to work out including: where will
>>> these static locations be, how do we solicit and reward volunteers
>>> (especially if we aren't allowing the chapter in the static location to
>>> reap profits), etc.
>>>
>>> I certainly don't think this is the ONLY option for us, but it is
>>> something to consider as our events and organizational needs continue to
>>> grow. I wasn't "sold" on this idea initially, but the more I think about
>>> it, the more it seems like plausible option for us.  Consider that as we
>>> are able to do more fundraising centrally, we also can empower
>>> local/regional event planners to focus on outreach rather than income...
>>> which also supports our community and the mission.
>>>
>>>
>>> Looking forward to hearing thoughts and input on this new model.
>>>
>>> Regards,
>>> Sarah Baso
>>> *
>>> *
>>>
>>>
>>>
>>>
>>> On Wed, Nov 14, 2012 at 9:11 AM, Sarah Baso <sarah.baso at owasp.org> wrote:
>>>
>>>> Michael et al -
>>>>
>>>> *First for reference, here is the current policy in place:*
>>>> *
>>>> *
>>>> Local host chapters will share in OWASP event profits under the
>>>> following schedule. In the case of multiple host chapters, the host
>>>> chapters will be responsible for determining the division before the event.
>>>>
>>>>     - Global AppSec Conference - 25% of event profits with a $5,000 USD
>>>>     cap ($10,000 for multi-chapter events)
>>>>     - Regional/Theme Events - 30% of event profits with a $4,000 USD cap
>>>>     - Local Events - 50% of profits with a $3000 USD cap
>>>>
>>>>
>>>>
>>>>   *Budgeting Implications*
>>>> Under the new plan, there is a opportunity for the local chapter to earn
>>>> much more than that listed below if they surpass the profit target, but
>>>> just using the profit target as a guideline... here are the numbers....
>>>> *
>>>> *
>>>> *<image.png>
>>>> *
>>>>
>>>>
>>>> *Comments from Conferences Committee Call & Mailing List Thread*
>>>>  From July 18, 2012 Conference Committee Call:
>>>>
>>>> *
>>>>
>>>>
>>>>     - Request for Comment: proposed policy for profit sharing and
>>>>     financial oversight of future OWASP events:
>>>>     https://docs.google.com/a/owasp.org/document/d/159bD2oeAmM2yfPNeq5wHvIvHcl10Hl-c3Um2GXAW81Y/edit
>>>>
>>>> *
>>>>
>>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20121125/4e27b0b5/attachment.html>


More information about the Owasp-board mailing list