[Owasp-board] [Owasp-leaders] Requesting Community Feedback on Virtual Management

Josh Sokol josh.sokol at owasp.org
Thu Jun 19 16:10:26 UTC 2014


Excellent questions!

1) The duration is originally scoped for an initial transition period up
until Sarah leaves followed by a period of assessment and improvement
culminating sometime tentatively in Q4 2014.  At that time we will
re-evaluate to determine how to proceed.  Maybe it's create a committee to
find a new ED.  Maybe we determine that we want to keep Virtual around in
this role longer-term.  I think that's TBD.

2) It would be an initial $6k fee for the transition period and $8k/mo for
the duration.  We only need to give them a 30 day notice of cancellation.

3) Yes, we gave consideration to a couple other similar companies, but this
was the only one we actively interviewed.

4-7) The company would focus on internal processes and would likely spend
most of their time with our staff and the Board.  Here is the originally
proposed scope document though I believe we determined that in this
scenario Michael would be working with our staff to provide consistency,
rather than Virtual.

I hope that answers your questions, but please feel free to ask anything
else that comes to mind.


On Jun 18, 2014 6:21 PM, "johanna curiel curiel" <johanna.curiel at owasp.org>

> I got some questions:
>    - Is this a temporary solution or long term solution?
>    - How much does it costs a year?
>    - Were other companies also researched and considered?
>    - How much time will the team members make available to communicate
>    with OWASP Board /Volunteers?
>    - How would the communication be managed between OWASP as community
>    and the VM team?
>    - What are the tasks/goals that this team will have?
>    - what will be the decision power the team will have and over which
>    specific aspects?
> On Wed, Jun 18, 2014 at 6:41 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>> That, in all honesty, was my first impression as well.  But then I
>> started thinking about OWASP as a company with finances, hr, operations,
>> and other concerns.  For most of us here, InfoSec is our core competency
>> and not those things.  We've made due with our Whistleblower Policies and
>> Employee Handbooks, but we owe it to all of our stakeholders to take a more
>> professional approach here and elsewhere in our business.  I'd much rather
>> see the Board and volunteers focus on our mission of AppSec and leave that
>> other stuff to their respective professionals.  That said, I'm very
>> interested in seeing where your head is at once you've had an opportunity
>> to research and give further consideration.
>> ~josh
>> On Jun 18, 2014 5:22 PM, "(P7N) Jason Johnson" <jason.johnson at p7n.net>
>> wrote:
>>> I have been quiet for sometime just watching as things happen as they
>>> usually do. Farming out the management duties to a third party sounds like
>>> some office space stuff. Sounds strange to me but I will research this and
>>> reply back with further disbelief. Meetings with the Bobs..."Well bob I say
>>> I do about 25 min of actual work a week" (officespace)
>>> On June 18, 2014 4:24:44 PM CDT, Josh Sokol <josh.sokol at owasp.org>
>>> wrote:
>>>> OWASP Community,
>>>> As you already know, our Executive Director, Sarah Baso, recently
>>>> announced
>>>> <http://lists.owasp.org/pipermail/owasp-leaders/2014-June/012007.html>
>>>> that she will be leaving OWASP in August in order to spend quality time
>>>> with the coming addition to her family.  Since she initially notified us of
>>>> her intent, the Board and Sarah began the conversation of how OWASP would
>>>> move forward in her absence.  I think we all are aware that Sarah has made
>>>> some amazing contributions to our organization and her absence will not go
>>>> unnoticed.  That said, it is important for us to think about a short-term
>>>> transition plan as well as a long-term vision for the role of Executive
>>>> Director at OWASP.
>>>> No decisions have been made yet, but the Board believes that there may
>>>> be significant value in working with a third-party professional management
>>>> firm with experience in global finance, human resources, and non-profit
>>>> growth in order to help us to assess where we are today and where we would
>>>> like to get to with the Foundation.  The goal would be to use them to
>>>> transition many of Sarah's current responsibilities, leverage their
>>>> expertise to determine if there are areas that we can improve upon, and
>>>> then reassess our options at that time (tentatively Q4 2014).  We could
>>>> elect to keep them around, conduct a search for a new Executive Director,
>>>> or whatever we all feel makes sense as we push forward.
>>>> After researching several such services, we have all been very
>>>> impressed with a company called Virtual Management Inc.
>>>> <http://www.virtualmgmt.com/manage-your-association/>  Their support
>>>> would include time from Greg Kohn
>>>> <https://www.linkedin.com/profile/view?id=9724195> as the Team Lead, Tom
>>>> Pappas <https://www.linkedin.com/profile/view?id=23028879> for Finance
>>>> and Grants, and Janice Carroll
>>>> <https://www.linkedin.com/profile/view?id=37004151> for Operations.
>>>> They have a large volume of experience working with non-profit
>>>> organizations similar to our own and received a positive review for their
>>>> current work with the Apache Software Foundation.
>>>> * QUESTION: Has anyone had a business relationship with: Virtual
>>>> Management Inc. or Wakefield, MA or any of its employees? Website:
>>>> http://www.virtualmgmt.com/ <http://www.virtualmgmt.com/> Linkedin:
>>>> https://www.linkedin.com/company/50550
>>>> <https://www.linkedin.com/company/50550>*
>>>> We are conducting our due diligence and are looking for anyone who has
>>>> had either GOOD or BAD experiences with Virtual.  OWASP Community, if you
>>>> have any feedback regarding Virtual, we would love to hear your comments.
>>>> Please, if you have any thoughts, feel free to respond back to this
>>>> message, send us an e-mail in private, or call any of us up.  We have a
>>>> contract from Virtual, but wanted to make sure that there were no
>>>> significant concerns from the community before signing.  We've set a soft
>>>> deadline of 5:00 PM PST on Friday, June 20th to try and collect all
>>>> feedback and make a decision on how to proceed.  Thank you very much in
>>>> advance for anything that you can add to this conversation!
>>>> Sincerely,
>>>> The OWASP Board of Directors
>>>> ------------------------------
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> Jason Johnson
>>> Projectseven
>>> e: Jason.Johnson at p7n.net
>>> c: **DATAMAN
>>> --
>>> On the phone. Please excuse my brevity.
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140619/32b3435a/attachment-0001.html>

More information about the Owasp-board mailing list