[Owasp-board] 2014 Board Meeting Dates

Tom Brennan tomb at owasp.org
Thu Dec 19 15:01:00 UTC 2013

Sorry been working... not checking OWASP emails but here is my reply
to various points made on this thread;

All board meetings are OPEN to anyone to attend via webex/telconf we
keep a attendance list and mins., from the meeting or in person.
There will be meetings blocks that are CLOSED and limited to the
elected board members without attendance of employees however outcomes
will be documented and are typically for sensitive matters including
HR, Law Enforcement, "Special Meetings" per the bylaws or others as
the elected Chair deems appropriate if available.

They are also recorded in attempt to over document and provide
on-demand transparency for the spirit of the discussion.


I believe this is sufficient in the decentralized world we live in.


We voted for a adjustment of the amount of TIME on board meetings to
be increased to get the work done as we never have enough time to
properly discuss and debate have a consensus on monthly 1hr board
meetings.  Purpose of proposed voted and approved focused meetings
being quarterly with a 3 ~ 6 hr duration agenda is to be effective in
debate and discussion on important issues from various perspectives.
If every topic is even discussed round-table with 7 people taking only
5 mins each every agenda needs to block 35mins per "topic" to have a
complete discussion. Having board meetings monday-friday (excluding
holidays that include Sundays and Saturdays for some) is also simply
good practice.  Like others have expressed - I treasure time with
family MORE then OWASP and day job hence will not be available for
non-business hour meetings either and I am lucky that my employer
allows me to invest time in volunteer efforts if I did not have that
relationship I would have to step-down from those activities in
several associations.

There are many many other times when discussions happen -- sometimes
daily when needed at OWASP.   The "Board Meetings" are the formal
meetings that are scheduled to review as a group -- no surprises are
expected but could bubble up as new business.  If your only touchpoint
is 4 meetings in a year -- something is wrong ;)  If you don't have a
pet project that your working on for the greater benefit of the
organization and providing a status on it -- something is wrong OR
your not clear on where your help is needed - discuss with the Chair.

In 2014 +we the board needs to sync with itself first -- then the
staff -- adjusting fire as needed but everyone should have a focus on
this Board Top 10

1 - Determine the Organization’s Mission and Purpose (and keep it on track)
2 - Select the Executive Director
3 - Support the Executive and Review His/Her Performance
4 - Ensure Effective Organizational Planning
5 - Ensure Adequate Resources
6 - Manage Resources Effectively
7 - Determine and Monitor the Organization’s Programs and Services
8 - Enhance the Organization’s Public Image
9 - Serve as a Court of Appeal
10 - Assess its Own Performance

"All organization undergo a metamorphosis over time that calls for
periodic review, fine tuning, and sometimes major overhaul of their
governance structure. Organizational performance, like human
performance, is cyclical in effectiveness and in need of renewal as it
evolves overtime."  There is no question that since 2007 - 2013 this
has happened at OWASP and will continue.

That is it as the board "role" -- that's it.

Read attached for each item and measure your aspirations and
pre-conceived notions as well as the board pre-req materials as a
guide further noted here:


In addition if the individuals have cycles for OTHER activities
Projects, Chapters, Out-Reach initiatives they should NOT be confused
with doing "board duties" and treated and measured separately by there
own set of criteria.

It was recommended to always have a board meeting at a AppSec event as
a session open to the public.  The problem with that is that not
everyone can NOT be at every appsec hence the logistics involved would
be difficult and detract from the focus of the fund-raising
conferences.  People also don't need to PAY to join a OWASP Board
Meeting Session.    Elephant in the room is that OWASP is not going to
be flying elected board members all over the world so they can attend
conferences (or every staff member) however a annual off-site board
meeting paid for (Travel/Lodging) by the association for the business
purpose of review of the the Top 10 Board focuses and related
discussions.  If it happens to be at the annual AppSec fund raiser
like we did at AppSecUSA this year that is great!  I do however
encourage this to be done in Q1 of every year so budgets, strategic
and tactical items can be on the agenda and then execution of them can
happen in sync with terms of office.

The unique perspective of each of the board members as Project
leaders, Chapter leaders, Technical resources, Trainers, etc is why
you/they were elected to a (24) month term and (12) month role and to
represent by PROXY the people that elected them. Meetings about
meetings are a waste of time -- lets get back to work and in January
hash out the important agenda items

1. Welcome of new board and affirmation of pre-reqs., and role (re:
2. Meeting for 2014 when and where/how (remote/in-person)
3. Report from the ED(and staff) on 2013 vs. 2012 and 2011 activities
with metrics of progress trends and early warnings.

4. Affirmation of budget, goals and initiatives for 2014
5. NEW BUSINESS - from any member of OWASP who wants to propose a
topic at the board meeting

On Thu, Dec 19, 2013 at 4:06 AM, Bil Corry <bil.corry at owasp.org> wrote:
> I should have been more clear, I was referring to keeping the in-person BoD meeting date closer to the talks-portion of the conference, which has the majority of attendance.
> - Bil
> -----Original Message-----
> From: Jim Manico [mailto:jim.manico at owasp.org]
> Sent: Wednesday, December 18, 2013 6:22 PM
> To: Bil Corry
> Cc: Tobias; michael.coates at owasp.org; josh.sokol at owasp.org; owasp-board at lists.owasp.org
> Subject: Re: [Owasp-board] 2014 Board Meeting Dates
> I think the dates you are quoting are off good sir. For both AppSecEU and USA, the board meeting was the day before or after the conference.
> So yes, I'm with you Bil but I think we already do this...
> Aloha,
> --
> Jim Manico
> @Manicode
> (808) 652-3805
>> On Dec 18, 2013, at 2:11 AM, Bil Corry <bil.corry at owasp.org> wrote:
>> I was looking at the BoD attendance for 2013:
>> https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNd
>> I noticed the Staff attends regularly, are they required to attend these Saturday meetings?
>> As for the AppSec meetings, the board meeting at AppSecEU was on Monday, but the conference wasn't until Thursday.  As a community member, I would have attended but couldn't justify flying out Monday, then spending several days in Hamburg waiting for the conference to start.  Can the board meeting occur the day before, during, or the day after the actual AppSec conference?
>> - Bil
>> -----Original Message-----
>> From: owasp-board-bounces at lists.owasp.org
>> [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Jim Manico
>> Sent: Wednesday, December 18, 2013 7:36 AM
>> To: Tobias; michael.coates at owasp.org; josh.sokol at owasp.org
>> Cc: owasp-board at lists.owasp.org
>> Subject: Re: [Owasp-board] 2014 Board Meeting Dates
>>> Personally, I like both: shorter more frequent meetings and 1-2 long
>>> meetings during the AppSecs in US and EU. I have hesitations with
>>> long (aka 4hours+) meetings, where everybody is only on the phone.
>> Works for me!
>>> I also like Eoin's idea of 2 3hr meetings (1 weekday, 1 weekend)
>>> Maybe we can find a good mix?
>>> E.g. let's say 3 meetings of 2-3 hours every 2 months in the first
>>> half, then a long meeting during AppSecEU, then if need be one 2-3 hr
>>> meeting, then long meeting at AppSecUS, then one or two 2-3hr
>>> meetings before year-end.
>> This works for me, too. I like the variety.
>> - Jim
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Purpose-of-Board.pdf
Type: application/pdf
Size: 131159 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20131219/4df4d0cb/attachment-0001.pdf>

More information about the Owasp-board mailing list