[Owasp-board] Profit Sharing Discussion

Eoin eoin.keary at owasp.org
Mon Nov 26 17:45:38 UTC 2012


Sorry can make today. Feeling very ill.
I vote to pass the profit sharing proposal as per the way Dave and Seba have defined it.


Eoin Keary
Owasp Global Board
+353 87 977 2988


On 26 Nov 2012, at 17:07, Michael Coates <michael.coates at owasp.org> wrote:

> Meeting ID changed from the calendar invite - 942894438
> 
> https://www.owasp.org/index.php/Nov_26,_2012
> 
> 
> --
> Michael Coates | OWASP | @_mwc
> michael-coates.blogspot.com
> 
> 
> 
> On Mon, Nov 26, 2012 at 6:33 AM, Dave Wichers <dave.wichers at owasp.org> wrote:
>> I am not available for today’s board meeting.
>> 
>>  
>> 
>> From: owasp-board-bounces at lists.owasp.org [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Michael Coates
>> Sent: Sunday, November 25, 2012 8:08 PM
>> To: Jim Manico
>> Cc: OWASP Foundation Board List; Eoin Keary
>> Subject: Re: [Owasp-board] Profit Sharing Discussion
>> 
>>  
>> 
>> We need to nail this down as part of the 2013 finance planning. It will be on the agenda for tomorrow.
>> 
>> At this point it's been well socialized and feedback has been received from many sources. Everyone should be ready with final thoughts and ready for a vote.
>> 
>> -Michael
>> 
>> 
>> 
>> --
>> Michael Coates | OWASP | @_mwc
>> michael-coates.blogspot.com
>> 
>> 
>> 
>> On Sun, Nov 25, 2012 at 1:59 PM, Jim Manico <jim.manico at owasp.org> wrote:
>> 
>> Are we voting on Monday, or on Dev 10th?
>> 
>> https://www.owasp.org/index.php/Dec_10,_2012
>> 
>> - Jim
>> 
>> 
>> Request for feedback sent to leaders list.
>>  
>> Board,
>> Please review the feedback and be ready to vote on this on Monday.
>>  
>>  
>>  
>> -Michael
>>  
>>  
>> --
>> Michael Coates | OWASP | @_mwc
>> michael-coates.blogspot.com
>>  
>>  
>>  
>> On Tue, Nov 20, 2012 at 12:37 AM, Eoin Keary <eoinkeary at gmail.com> wrote:
>>  
>> As mentioned a few weeks back, send to leaders for comment.
>> They are leaders and deserve input.
>>  
>>  
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988
>>  
>>  
>> On 20 Nov 2012, at 03:07, Tom Brennan <tomb at owasp.org> wrote:
>>  
>> This needs to go for comment to 200+ chapters. Especially chapters that
>> would be leveraged for international locations around the world for AppSec
>> events. Since the recent announcement neutering committees the only active
>> volunteers are the chapters that need to have a clear understanding of this
>> shift.
>>  
>> As a chapter leader we will see this year how appsec2013 works out now
>> that we have a employee based primary team with local volunteer support.
>>  
>> The first call it upcoming
>>  
>> If anyone else wants to roll up sleeves the action/planning calls are
>> ongoing see; http://www.meetup.com/OWASP-NYC/events/86936002/
>>  
>> I prefer a flat % 75/25 after expenditures and no caps - chapters earning
>> should have simple split not complex that does not translate well or allow
>> the system to be gamed rather quickly.
>>  
>> As far as our chapter is concerned we need to generate 25k from appsecUSA
>> or its not worth the effort.
>>  
>> Tom Brennan
>> 973-202-0122
>>  
>>  
>> On Nov 19, 2012, at 9:45 PM, Michael Coates <michael.coates at owasp.org>
>> wrote:
>>  
>> Board,
>>  
>> Any other thoughts on the proposed model?  The feedback is all positive
>> with a few wording clarifications.  The bigger picture issue that Sarah has
>> mentioned is also a good item to consider.
>>  
>> Regarding the profit sharing proposal, I don't see any major concerns
>> either.  This item will be up for vote during our next meeting. Please make
>> sure to familiarize yourself with the details.  I'd like to get any
>> concerns out for discussion now so we can dig into these ideas before the
>> next board meeting.
>>  
>>  
>>  
>> Sarah - thanks for the financial analysis and thoughts. Very helpful.
>>  
>>  
>>  
>>  
>> --
>> Michael Coates | OWASP | @_mwc
>> michael-coates.blogspot.com
>>  
>>  
>>  
>> On Wed, Nov 14, 2012 at 10:09 AM, Sarah Baso <sarah.baso at owasp.org> wrote:
>>  
>> Board Members -
>>  
>> My thoughts on the new proposed policy and long term success of the
>> Foundation and Global AppSec "brand":
>>  
>> *Overall - I think the new policy is ok, as currently drafted*.
>>  
>>    - I would recommend a modification similar to what Josh and Dave
>>    discussed in their comments.  *"2.  All other events not classified
>>    as one of the Global AppSec Events will realize a 10/90 revenue split
>>    (Foundation/chapter) up to $5,000 USD.  Any profits above the $5K will
>>    recognize the standard 60/40 split. (Foundation/Chapter)." *
>>  
>> * * *For larger chapters that want to run a local or regional event on a
>> yearly basis, we should have an avenue for them to recognize a larger
>> profit. Also, they are doing all (or  *
>> * most of) the work then they should be able to get most of the profits.
>> I would say that a chapter can request up to an additional $5000 by
>> submitting both a chapter budget *
>> * and event budget to be approved by staff.*
>> * *
>>  
>> *Bigger picture issues:*
>> *
>> *
>> As we look at the need for the Global AppSecs to serve as major
>> fundraisers to support the other goals/initiatives of the foundation - I
>> think we need to consider the possibility of a different approach to the
>> model.  Many of the issues with the funding & conference planning model(s)
>> that have been used in the past and proposed for the future surround the
>> dichotomy that 1) we need a model that will raise money for the foundation
>> and support our GLOBAL initiatives (i.e. Money generated from AppSec USA
>> supports outreach in APAC, Latam, and Europe), 2) chapters/volunteers want
>> proper control, recognition and "funds" for their input and efforts in
>> creating and driving the conference.
>>  
>> A few  examples:
>>  
>>    - *Profit distribution:* What portion of the profits should a chapter
>>    get that raises almost $150,000 for the foundation and has MANY volunteers
>>    dedicating their nights and weekends for months to make a successful event?
>>     How should the profits differ for  another chapter that only has 2
>>    volunteers that contribute all of their time, but only raise $5000 for the
>>    foundation?  What about a third scenario where there is virtually no help
>>    from the local chapter and the event raises $10,000 due to contributions of
>>    a global volunteer base and OWASP Staff efforts?
>>    - *Content:* How do we build a professional call for papers or call
>>    for training system that gives local volunteers the control and input they
>>    want but also accommodates regional needs (Standard conference vs. Research
>>    driven conference), building the OWASP Brand (promoting OWASP Projects),
>>    and maintains a professional selection process that is communicated to the
>>    larger community and pool of applicants?
>>    - *Sponsorships: *While moving locations from year to year brings in
>>    a new crowd of attendees local to that area, this also comes with many
>>    "unknowns" for sponsors.  What will the vendor space look like, what will
>>    the sponsor's availability to attendees be, how will their sales team
>>    generate leads?  From the perspective of building relationships with the
>>    sponsors and giving them a consistent expectation from year to year - it
>>    would be best for us to be able to lay out specifications/guidelines for
>>    the global event planners (and clearly outline to the sponsors what they
>>    can expect for their money).  This sometimes runs in conflict with what the
>>    local event planners think would be best for their individual event.
>>  
>>  
>> A suggestion for 2014 that Kate and I have discussed is to *move the the
>> Global AppSecs to a static location from year to year*. In this model,
>> the employees would work with a team of volunteers (not necessarily local)
>> to plan an implement the conference. The model would change from one that
>> is trying to make money for one chapter and control of the decisions for
>> that chapter to one that is more global.  I think creating an event
>> template with many re-usable parts (not to mention service providers -
>> venue, catering, AV, etc) would be much easier and allow us to focus on
>> things like content and the OWASP message rather than logistics.
>> Additionally, I think this type of model is more sustainable
>> and scale-able for long term growth for our brand and fundraising
>> objectives.
>>  
>> A static location would also allow for more planning in advance.  Right
>> now we do the call for conferences a year out. The idea that these events
>> (especially as they grow in size) should start planning more than a year in
>> advance has come up a few different times on conference committee calls and
>> discussions.  The problem remains that the submissions/location proposals
>> are driven by local chapter leaders (ideally teams), and planning a global
>> app sec is a large investment in time an energy.  Many people would
>> probably argue "too large" which is one of the reasons we don't get more
>> proposals in our call for locations.  To ask conference planners to submit
>> even more in advance is often difficult as they don't know their schedule
>> or where there life will be that far in advance.  Once again, having static
>> locations and planning process that is more centralized will help overcome
>> these obstacles.
>>  
>> If others are in support of considering this new static location model,
>> there are certainly a lot of details to work out including: where will
>> these static locations be, how do we solicit and reward volunteers
>> (especially if we aren't allowing the chapter in the static location to
>> reap profits), etc.
>>  
>> I certainly don't think this is the ONLY option for us, but it is
>> something to consider as our events and organizational needs continue to
>> grow. I wasn't "sold" on this idea initially, but the more I think about
>> it, the more it seems like plausible option for us.  Consider that as we
>> are able to do more fundraising centrally, we also can empower
>> local/regional event planners to focus on outreach rather than income...
>> which also supports our community and the mission.
>>  
>>  
>> Looking forward to hearing thoughts and input on this new model.
>>  
>> Regards,
>> Sarah Baso
>> *
>> *
>>  
>>  
>>  
>>  
>> On Wed, Nov 14, 2012 at 9:11 AM, Sarah Baso <sarah.baso at owasp.org> wrote:
>>  
>> Michael et al -
>>  
>> *First for reference, here is the current policy in place:*
>> *
>> *
>> Local host chapters will share in OWASP event profits under the
>> following schedule. In the case of multiple host chapters, the host
>> chapters will be responsible for determining the division before the event.
>>  
>>    - Global AppSec Conference - 25% of event profits with a $5,000 USD
>>    cap ($10,000 for multi-chapter events)
>>    - Regional/Theme Events - 30% of event profits with a $4,000 USD cap
>>    - Local Events - 50% of profits with a $3000 USD cap
>>  
>>  
>>  
>>  *Budgeting Implications*
>> Under the new plan, there is a opportunity for the local chapter to earn
>> much more than that listed below if they surpass the profit target, but
>> just using the profit target as a guideline... here are the numbers....
>> *
>> *
>> *<image.png>
>> *
>>  
>>  
>> *Comments from Conferences Committee Call & Mailing List Thread*
>> From July 18, 2012 Conference Committee Call:
>>  
>> *
>>  
>>  
>>    - Request for Comment: proposed policy for profit sharing and
>>    financial oversight of future OWASP events:
>>    https://docs.google.com/a/owasp.org/document/d/159bD2oeAmM2yfPNeq5wHvIvHcl10Hl-c3Um2GXAW81Y/edit
>>  
>> *
>>  
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>  
>>  
>>  
>> 
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>  
>> 
>>  
>> 
> 
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20121126/d4f39180/attachment-0001.html>


More information about the Owasp-board mailing list