[Owasp-board] Profit Sharing Discussion

Michael Coates michael.coates at owasp.org
Mon Nov 26 17:07:09 UTC 2012


Meeting ID changed from the calendar invite -
942894438<https://www3.gotomeeting.com/join/942894438>

https://www.owasp.org/index.php/Nov_26,_2012


--
Michael Coates | OWASP | @_mwc
michael-coates.blogspot.com



On Mon, Nov 26, 2012 at 6:33 AM, Dave Wichers <dave.wichers at owasp.org>wrote:

> I am not available for today’s board meeting.****
>
> ** **
>
> *From:* owasp-board-bounces at lists.owasp.org [mailto:
> owasp-board-bounces at lists.owasp.org] *On Behalf Of *Michael Coates
> *Sent:* Sunday, November 25, 2012 8:08 PM
> *To:* Jim Manico
> *Cc:* OWASP Foundation Board List; Eoin Keary
> *Subject:* Re: [Owasp-board] Profit Sharing Discussion****
>
> ** **
>
> We need to nail this down as part of the 2013 finance planning. It will be
> on the agenda for tomorrow.
>
> At this point it's been well socialized and feedback has been received
> from many sources. Everyone should be ready with final thoughts and ready
> for a vote.
>
> -Michael****
>
>
>
> --
> Michael Coates | OWASP | @_mwc
> michael-coates.blogspot.com
>
>
> ****
>
> On Sun, Nov 25, 2012 at 1:59 PM, Jim Manico <jim.manico at owasp.org> wrote:*
> ***
>
> Are we voting on Monday, or on Dev 10th?
>
> https://www.owasp.org/index.php/Dec_10,_2012
>
> - Jim
>
> ****
>
> Request for feedback sent to leaders list.****
>
> ** **
>
> Board,****
>
> Please review the feedback and be ready to vote on this on Monday.****
>
> ** **
>
> ** **
>
> ** **
>
> -Michael****
>
> ** **
>
> ** **
>
> --****
>
> Michael Coates | OWASP | @_mwc****
>
> michael-coates.blogspot.com****
>
> ** **
>
> ** **
>
> ** **
>
> On Tue, Nov 20, 2012 at 12:37 AM, Eoin Keary <eoinkeary at gmail.com> <eoinkeary at gmail.com> wrote:****
>
> ** **
>
> As mentioned a few weeks back, send to leaders for comment.****
>
> They are leaders and deserve input.****
>
> ** **
>
> ** **
>
> Eoin Keary****
>
> Owasp Global Board****
>
> +353 87 977 2988****
>
> ** **
>
> ** **
>
> On 20 Nov 2012, at 03:07, Tom Brennan <tomb at owasp.org> <tomb at owasp.org> wrote:****
>
> ** **
>
> This needs to go for comment to 200+ chapters. Especially chapters that****
>
> would be leveraged for international locations around the world for AppSec****
>
> events. Since the recent announcement neutering committees the only active****
>
> volunteers are the chapters that need to have a clear understanding of this****
>
> shift.****
>
> ** **
>
> As a chapter leader we will see this year how appsec2013 works out now****
>
> that we have a employee based primary team with local volunteer support.****
>
> ** **
>
> The first call it upcoming****
>
> ** **
>
> If anyone else wants to roll up sleeves the action/planning calls are****
>
> ongoing see; http://www.meetup.com/OWASP-NYC/events/86936002/****
>
> ** **
>
> I prefer a flat % 75/25 after expenditures and no caps - chapters earning****
>
> should have simple split not complex that does not translate well or allow****
>
> the system to be gamed rather quickly.****
>
> ** **
>
> As far as our chapter is concerned we need to generate 25k from appsecUSA****
>
> or its not worth the effort.****
>
> ** **
>
> Tom Brennan****
>
> 973-202-0122****
>
> ** **
>
> ** **
>
> On Nov 19, 2012, at 9:45 PM, Michael Coates <michael.coates at owasp.org> <michael.coates at owasp.org>****
>
> wrote:****
>
> ** **
>
> Board,****
>
> ** **
>
> Any other thoughts on the proposed model?  The feedback is all positive****
>
> with a few wording clarifications.  The bigger picture issue that Sarah has****
>
> mentioned is also a good item to consider.****
>
> ** **
>
> Regarding the profit sharing proposal, I don't see any major concerns****
>
> either.  This item will be up for vote during our next meeting. Please make****
>
> sure to familiarize yourself with the details.  I'd like to get any****
>
> concerns out for discussion now so we can dig into these ideas before the****
>
> next board meeting.****
>
> ** **
>
> ** **
>
> ** **
>
> Sarah - thanks for the financial analysis and thoughts. Very helpful.****
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> --****
>
> Michael Coates | OWASP | @_mwc****
>
> michael-coates.blogspot.com****
>
> ** **
>
> ** **
>
> ** **
>
> On Wed, Nov 14, 2012 at 10:09 AM, Sarah Baso <sarah.baso at owasp.org> <sarah.baso at owasp.org> wrote:****
>
> ** **
>
> Board Members -****
>
> ** **
>
> My thoughts on the new proposed policy and long term success of the****
>
> Foundation and Global AppSec "brand":****
>
> ** **
>
> *Overall - I think the new policy is ok, as currently drafted*.****
>
> ** **
>
>    - I would recommend a modification similar to what Josh and Dave****
>
>    discussed in their comments.  *"2.  All other events not classified****
>
>    as one of the Global AppSec Events will realize a 10/90 revenue split****
>
>    (Foundation/chapter) up to $5,000 USD.  Any profits above the $5K will****
>
>    recognize the standard 60/40 split. (Foundation/Chapter)." *****
>
> ** **
>
> * * *For larger chapters that want to run a local or regional event on a****
>
> yearly basis, we should have an avenue for them to recognize a larger****
>
> profit. Also, they are doing all (or  *****
>
> * most of) the work then they should be able to get most of the profits.****
>
> I would say that a chapter can request up to an additional $5000 by****
>
> submitting both a chapter budget *****
>
> * and event budget to be approved by staff.*****
>
> * *****
>
> ** **
>
> *Bigger picture issues:*****
>
> *****
>
> *****
>
> As we look at the need for the Global AppSecs to serve as major****
>
> fundraisers to support the other goals/initiatives of the foundation - I****
>
> think we need to consider the possibility of a different approach to the****
>
> model.  Many of the issues with the funding & conference planning model(s)****
>
> that have been used in the past and proposed for the future surround the****
>
> dichotomy that 1) we need a model that will raise money for the foundation****
>
> and support our GLOBAL initiatives (i.e. Money generated from AppSec USA****
>
> supports outreach in APAC, Latam, and Europe), 2) chapters/volunteers want****
>
> proper control, recognition and "funds" for their input and efforts in****
>
> creating and driving the conference.****
>
> ** **
>
> A few  examples:****
>
> ** **
>
>    - *Profit distribution:* What portion of the profits should a chapter****
>
>    get that raises almost $150,000 for the foundation and has MANY volunteers****
>
>    dedicating their nights and weekends for months to make a successful event?****
>
>     How should the profits differ for  another chapter that only has 2****
>
>    volunteers that contribute all of their time, but only raise $5000 for the****
>
>    foundation?  What about a third scenario where there is virtually no help****
>
>    from the local chapter and the event raises $10,000 due to contributions of****
>
>    a global volunteer base and OWASP Staff efforts?****
>
>    - *Content:* How do we build a professional call for papers or call****
>
>    for training system that gives local volunteers the control and input they****
>
>    want but also accommodates regional needs (Standard conference vs. Research****
>
>    driven conference), building the OWASP Brand (promoting OWASP Projects),****
>
>    and maintains a professional selection process that is communicated to the****
>
>    larger community and pool of applicants?****
>
>    - *Sponsorships: *While moving locations from year to year brings in****
>
>    a new crowd of attendees local to that area, this also comes with many****
>
>    "unknowns" for sponsors.  What will the vendor space look like, what will****
>
>    the sponsor's availability to attendees be, how will their sales team****
>
>    generate leads?  From the perspective of building relationships with the****
>
>    sponsors and giving them a consistent expectation from year to year - it****
>
>    would be best for us to be able to lay out specifications/guidelines for****
>
>    the global event planners (and clearly outline to the sponsors what they****
>
>    can expect for their money).  This sometimes runs in conflict with what the****
>
>    local event planners think would be best for their individual event.****
>
> ** **
>
> ** **
>
> A suggestion for 2014 that Kate and I have discussed is to *move the the****
>
> Global AppSecs to a static location from year to year*. In this model,****
>
> the employees would work with a team of volunteers (not necessarily local)****
>
> to plan an implement the conference. The model would change from one that****
>
> is trying to make money for one chapter and control of the decisions for****
>
> that chapter to one that is more global.  I think creating an event****
>
> template with many re-usable parts (not to mention service providers -****
>
> venue, catering, AV, etc) would be much easier and allow us to focus on****
>
> things like content and the OWASP message rather than logistics.****
>
> Additionally, I think this type of model is more sustainable****
>
> and scale-able for long term growth for our brand and fundraising****
>
> objectives.****
>
> ** **
>
> A static location would also allow for more planning in advance.  Right****
>
> now we do the call for conferences a year out. The idea that these events****
>
> (especially as they grow in size) should start planning more than a year in****
>
> advance has come up a few different times on conference committee calls and****
>
> discussions.  The problem remains that the submissions/location proposals****
>
> are driven by local chapter leaders (ideally teams), and planning a global****
>
> app sec is a large investment in time an energy.  Many people would****
>
> probably argue "too large" which is one of the reasons we don't get more****
>
> proposals in our call for locations.  To ask conference planners to submit****
>
> even more in advance is often difficult as they don't know their schedule****
>
> or where there life will be that far in advance.  Once again, having static****
>
> locations and planning process that is more centralized will help overcome****
>
> these obstacles.****
>
> ** **
>
> If others are in support of considering this new static location model,****
>
> there are certainly a lot of details to work out including: where will****
>
> these static locations be, how do we solicit and reward volunteers****
>
> (especially if we aren't allowing the chapter in the static location to****
>
> reap profits), etc.****
>
> ** **
>
> I certainly don't think this is the ONLY option for us, but it is****
>
> something to consider as our events and organizational needs continue to****
>
> grow. I wasn't "sold" on this idea initially, but the more I think about****
>
> it, the more it seems like plausible option for us.  Consider that as we****
>
> are able to do more fundraising centrally, we also can empower****
>
> local/regional event planners to focus on outreach rather than income...****
>
> which also supports our community and the mission.****
>
> ** **
>
> ** **
>
> Looking forward to hearing thoughts and input on this new model.****
>
> ** **
>
> Regards,****
>
> Sarah Baso****
>
> *****
>
> *****
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> On Wed, Nov 14, 2012 at 9:11 AM, Sarah Baso <sarah.baso at owasp.org> <sarah.baso at owasp.org> wrote:****
>
> ** **
>
> Michael et al -****
>
> ** **
>
> *First for reference, here is the current policy in place:*****
>
> *****
>
> *****
>
> Local host chapters will share in OWASP event profits under the****
>
> following schedule. In the case of multiple host chapters, the host****
>
> chapters will be responsible for determining the division before the event.****
>
> ** **
>
>    - Global AppSec Conference - 25% of event profits with a $5,000 USD****
>
>    cap ($10,000 for multi-chapter events)****
>
>    - Regional/Theme Events - 30% of event profits with a $4,000 USD cap****
>
>    - Local Events - 50% of profits with a $3000 USD cap****
>
> ** **
>
> ** **
>
> ** **
>
>  *Budgeting Implications*****
>
> Under the new plan, there is a opportunity for the local chapter to earn****
>
> much more than that listed below if they surpass the profit target, but****
>
> just using the profit target as a guideline... here are the numbers....****
>
> *****
>
> *****
>
> *<image.png>****
>
> *****
>
> ** **
>
> ** **
>
> *Comments from Conferences Committee Call & Mailing List Thread*****
>
> From July 18, 2012 Conference Committee Call:****
>
> ** **
>
> *****
>
> ** **
>
> ** **
>
>    - Request for Comment: proposed policy for profit sharing and****
>
>    financial oversight of future OWASP events:****
>
>    https://docs.google.com/a/owasp.org/document/d/159bD2oeAmM2yfPNeq5wHvIvHcl10Hl-c3Um2GXAW81Y/edit****
>
> ** **
>
> *****
>
> ** **
>
> _______________________________________________****
>
> Owasp-board mailing list****
>
> Owasp-board at lists.owasp.org****
>
> https://lists.owasp.org/mailman/listinfo/owasp-board****
>
> ** **
>
> ** **
>
> ** **
>
> _______________________________________________****
>
> Owasp-board mailing list****
>
> Owasp-board at lists.owasp.org****
>
> https://lists.owasp.org/mailman/listinfo/owasp-board****
>
> ** **
>
> ** **
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20121126/8a41eef8/attachment-0001.html>


More information about the Owasp-board mailing list