[Owasp-board] PROPOSAL: Quarterly Updates by ED on Progress Towards Strategic Goals

Sarah Baso sarah.baso at owasp.org
Thu May 22 23:42:48 UTC 2014


All - I will have an update for you on this (YTD) Tuesday. Then the quarter
2 update for the AppSec EU Board meeting.

Sarah


On Fri, May 9, 2014 at 11:13 AM, Sarah Baso <sarah.baso at owasp.org> wrote:

> Yes, got it.
>
>
> On Fri, May 9, 2014 at 8:52 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
>
>> OK, it sounds like everyone who has commented on this (the majority of
>> the Board) is in agreement on this.  Sarah, if you'd like a formal vote, we
>> can do that, but I don't think that's really necessary.  Can you please
>> take this on as an action item for your team?  Specifically:
>>
>>    1. Updates from ED during quarterly meetings should focus on staff
>>    activities as they relate to our strategic goals.  Updates on success
>>    metrics for each goal and the progress made toward each.
>>    2. The Board sponsor for each strategic goal should be actively
>>    involved in the process to execute on these goals to ensure that execution
>>    is in line with strategic goals.
>>    3. Communication plans should be created for our strategic
>>    initiatives with a monthly (minimal) update to the Board on progress.
>>
>> Thanks!
>>
>> ~josh
>>
>>
>> On Fri, May 9, 2014 at 10:37 AM, Michael Coates <michael.coates at owasp.org
>> > wrote:
>>
>>> I'm in agreement here too.
>>>
>>>
>>> --
>>> Michael Coates
>>> @_mwc
>>>
>>>
>>>
>>> On Fri, May 9, 2014 at 8:25 AM, Tobias <tobias.gondrom at owasp.org> wrote:
>>>
>>>>  +1. Agreed.
>>>> - Tobias
>>>>
>>>>
>>>> On 07/05/14 18:14, Tom Brennan - proactiveRISK wrote:
>>>>
>>>> Agreed
>>>>
>>>> ---
>>>> Tom Brennan | 973-298-1160 x799 | tomb at proactiverisk.com
>>>>
>>>>
>>>> On May 7, 2014, at 12:58 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>>>
>>>>    I think that the schedule (doing it in correlation with the
>>>> quarterly meetings) is a good thing.  I guess what I'm really asking is
>>>> more for a focus on how our activities relate to our strategic goals,
>>>> rather than just a list of things that staff has done.  The problem that
>>>> I'm seeing is that the Board set a direction, but we left it up to the
>>>> operations team to determine how to execute on that vision.  We have Board
>>>> members sponsoring these goals that have not been engaged on the ongoing
>>>> activities and when we review, we review as tasks rather than milestones.
>>>> I'd like to see the overall plan.  Here's an example:
>>>>
>>>> For goal X we took the Board's direction and broke it down into the
>>>> following deliverable milestones.  Employee Y completed this milestone on
>>>> this date.  We expect to have the following milestones complete by this
>>>> other date.  We are on target to meet this goal by the specified completion
>>>> date.
>>>>
>>>>
>>>>  To summarize, think of the goals as projects with the metrics of
>>>> success as the milestones.  Think of the Board sponsor as a part of the
>>>> core project team with the other Board members as key stakeholders.
>>>> Develop a communication plan and keep us in the loop.
>>>>
>>>>  Michael, I think a simple "yes, I think I would like quarterly updates
>>>> on strategic goals" or "no, I think it would be a waste of our time" would
>>>> be fine here.  No need to formalize anything.  I'd like more visibility
>>>> into our operations (my fiduciary responsibility) and I feel like this gets
>>>> us there without being overly intrusive.  I'm not asking for a formal Board
>>>> vote.  I'm asking if others feel the same way.
>>>>
>>>>  ~josh
>>>>
>>>>
>>>> On Wed, May 7, 2014 at 11:28 AM, Sarah Baso <sarah.baso at owasp.org>wrote:
>>>>
>>>>> Josh -
>>>>>
>>>>>  I am not sure if this is for me or the rest of the board or both -
>>>>> but i would be happy to put together a status update for you and ensure it
>>>>> is included in future updates.
>>>>>
>>>>>  One piece of clarification regarding reporting that would be helpful
>>>>> - I currently have been preparing reports (and collecting roll up reports
>>>>> from the staff) based on when the board meetings are scheduled.  Is this
>>>>> what you (and everyone else is expecting) or would you like them on a more
>>>>> frequent/different schedule.
>>>>>
>>>>>  Thanks,
>>>>> Sarah
>>>>>
>>>>>
>>>>>  On Wed, May 7, 2014 at 8:54 AM, Josh Sokol <josh.sokol at owasp.org>wrote:
>>>>>
>>>>>>  Back in January, we went through and defined the Board Strategic
>>>>>> Goals for 2014 including metrics of success and Board member sponsors.
>>>>>> Here we are now, in May (4 months later), and I haven't been engaged by our
>>>>>> operations team on my sponsored goal (Strengthening OWASP Chapters), nor
>>>>>> have I heard an update from our Executive Director on progress that our
>>>>>> staff is making towards these goals.  Rather than finding out what we did
>>>>>> after the year is up, I would personally like to see a progress report for
>>>>>> each of the strategic goals as part of our quarterly Board meetings.  I
>>>>>> believe that updating the Board should be the responsibility of our
>>>>>> Executive Director, but it is the Board's responsibility to ensure that our
>>>>>> staff is in alignment (and progressing towards) these goals and a quarterly
>>>>>> touch point would likely help in doing so.  I'd be interested in your
>>>>>> thoughts on this.
>>>>>>
>>>>>>  ~josh
>>>>>>
>>>>>>  _______________________________________________
>>>>>> Owasp-board mailing list
>>>>>> Owasp-board at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>  --
>>>>>  Executive Director
>>>>> OWASP Foundation
>>>>>
>>>>>  sarah.baso at owasp.org
>>>>> +1.312.869.2779
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>   _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>> WARNING: E-mail transmission cannot be guaranteed to be secure or
>>>> error-free as information could be intercepted, corrupted, lost, destroyed,
>>>> arrive late or incomplete, or contain viruses. The sender therefore does
>>>> not accept liability for any errors or omissions in the contents of this
>>>> message, which arise as a result of e-mail transmission. No employee
>>>> or agent is authorized to conclude any binding agreement on behalf of
>>>> proactiveRISK with another party by email.
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>
>
> --
> Executive Director
> OWASP Foundation
>
> sarah.baso at owasp.org
> +1.312.869.2779
>
>
>
>
>


-- 
Executive Director
OWASP Foundation

sarah.baso at owasp.org
+1.312.869.2779
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140522/e259f320/attachment-0001.html>


More information about the Owasp-board mailing list