[Owasp-board] Proposal to Eliminate "At Large" Board Positions

Andrew van der Stock vanderaj at owasp.org
Fri Nov 6 02:57:42 UTC 2015

We have to remember we're the board, and not operationally focussed. All of
these proposals smack of the desire to make us DO stuff, rather than LEAD
stuff. We need to be champions and enablers, not necessarily do-ers.

Generally, boards will have the following committees, because they are the
only people with the oversight and governance responsibilities:

Remuneration committee
Risk committee
Finance committee
Audit committee

Many organizations also have a nominations committee, which looks into
introducing new board members, particularly as they relate to independent
directors, which can be captured if they are truly not independent.

We don't have these committees, but we probably should do so. Considering
our size, I think it might make sense to have a GRC committee that takes in
the risk, finance and audit committees until such a time that we have
significant operational risk in having these functions together, and still
look at the remuneration committee, as we need to be able to confidentially
agree to KPI's, performance management, pay rise pools, and so on.


On Fri, Nov 6, 2015 at 11:41 AM, Josh Sokol <josh.sokol at owasp.org> wrote:

> Matt,
> I agree, mostly.  I think that it doesn't necessarily make sense to write
> in those specific initiative positions into the Bylaws.  They will change
> over time and with new strategic goals and it would be silly to have to
> modify the Bylaws each time the goals change.  That said, here's the
> official Bylaw definition of "Board member at large" split up by individual
> items:
>    - regularly attends board meetings and important related meetings
>    - volunteers for and willingly accepts assignments and completes them
>    thoroughly and on time
>    - stays informed about committee matters
>    - prepares themselves well for meetings and reviews and comments on
>    minutes and reports
>    - gets to know other committee members and builds a collegial working
>    relationship that contributes to consensus
>    - is an active participant in the committee's annual evaluating and
>    planning efforts
>    - participates in fundraising for the organization.
> I dunno.  Is this what we want "At Large" Board Members to be working on?
> The Committee stuff feels fairly irrelevant at this point.  Most of what is
> on there I feel should be expected of all Board members.  The only one that
> stands out to me is the last one and I'll give credit to Michael on that
> based on his work with AppSecUSA, but I'm not sure the extent of others
> fundraising (myself included).  So, basically, with the exception of
> fundraising, "At Large" members are expected to show up and vote and maybe
> volunteer for something every once in a while?  I'd like to see us give
> them more direction than that.  Maybe call them "Goaltenders" and direct
> them to help guide a strategic goal.  Call them "Moneychasers" and direct
> them to figure out new and creative ways to fund the Foundation.  I'm very
> open to the *what* they do at this point, but I'm feeling like the
> expectations need to be set at something more appropriate than "At Large".
> Does that make sense?
> ~josh
> On Thu, Nov 5, 2015 at 11:52 AM, Matt Konda <matt.konda at owasp.org> wrote:
>> Josh,
>> I've been thinking more about this and I wonder if it makes more sense to
>> combine the discussion around board roles and strategic goals.  It may
>> sound crazy but bear with me a minute here.
>> I get that "at-large" is ambiguous and that projects, chapters and
>> governance are three areas that are foundational and intuitively require
>> ongoing attention.  I would argue that membership, sponsors, IT, events and
>> developer evangelism could all be equally important responsibilities that
>> board members, along with community and staff take on and work at
>> tirelessly.  I'm sure there are others.
>> To me, if we do a good job defining strategic goals and treat those as
>> projects (not OWASP Projects, but projects with a plan and milestones,
>> etc.) then hold one board member accountable for understanding the plan and
>> reporting progress against it, it accomplishes a similar objective while
>> being flexible to the defined strategic goals each year.
>> For example, this year we could see our strategic goals through these
>> lenses and build small teams including board members to work on each:
>> * Website
>> * Chapters
>> * Projects
>> * Developer Outreach
>> * Membership
>> * Sponsors
>> * Operational Efficiency
>> I think I would rather not see explicit bylaw changes to define roles.
>> That just seems heavy weight to me.  I also agree with what Jim said
>> yesterday - that we all need to be advocates for chapters, projects, etc.
>> Also, as I said in the meeting, I think we want to strike a balance
>> between leading and making OWASP seem like a top down board driven
>> organization - when in fact, we are (I know we agree here) really a
>> community driven organization.
>> My two cents.
>> Matt
>> On Sat, Oct 3, 2015 at 2:39 PM, OWASP <tomb at owasp.org> wrote:
>>> Excellent resources available on the topic from Blue
>>> https://www.councilofnonprofits.org/tools-resources/board-roles-and-responsibilities
>>> Tom Brennan
>>> 973-506-9304
>>> On Oct 1, 2015, at 3:11 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>>> A few thoughts:
>>> 1. I would also very much like to see the committees be build by the
>>> community, however, at this point, I get the feeling that this is not
>>> happening. Not quite sure why. But I see this as the reality we have to
>>> accept for the time being.
>>> 2. for the areas, actually, I have a different view, I would be fine for
>>> the board members to be "at large". But I can see a use for certain focus
>>> points to be driven by individual board members. Btw. most boards have
>>> sub-committees (chaired by some of the board members) that focus on
>>> specific areas and develop mature proposals before they are presented to
>>> the whole board for tweaking and approval. In fact that would probably be
>>> useful for us as well as it could improve the maturity of proposal drafts
>>> coming to the board meetings. I don't mind to have a broad discussion, but
>>> in a number of cases, when 2-3 people work on refining a proposal first,
>>> that can later streamline the overall discussion in the board and with the
>>> community.
>>> So I rather not see these focus areas in the hand of one board member,
>>> but could see us have one board member lead a small design team for certain
>>> areas on preparing the drafts to a better quality level. IMHO that does not
>>> mean that each and every board member has to take on one area. Of course, I
>>> would strongly encourage sharing and balancing of work load on these tasks.
>>> My thoughts on this. Not sure that answers your question.
>>> Best regards, Tobias
>>> On 29/09/15 16:58, Josh Sokol wrote:
>>> I have no issues with rebuilding the committees, but I feel that they
>>> should be built by the community, not by the Board.  This is less
>>> operational and more "vision" of the organization in those areas.
>>> ~josh
>>> On Tue, Sep 29, 2015 at 6:33 PM, Matt Konda <matt.konda at owasp.org>
>>> wrote:
>>>> Josh,
>>>> Interesting idea.  I like that it emphasizes projects and chapters
>>>> explicitly.
>>>> What would your thinking be on that versus rebuilding committees and
>>>> asking all board members to be active in at least one committee?
>>>> Matt
>>>> On Tue, Sep 29, 2015 at 3:10 PM, Josh Sokol <josh.sokol at owasp.org>
>>>> wrote:
>>>>> Board,
>>>>> I wanted to make a proposal regarding the positions that are
>>>>> determined at the beginning of the year amongst the new Board members.  The
>>>>> more I think about it, the more I dislike the concept of an "At Large"
>>>>> Board position.  I get it.  It's kind a catch-all for those who don't have
>>>>> a specific role, but I would like to change it to be more specific.  I
>>>>> would like to propose to change the Board positions to:
>>>>> Chair
>>>>> Vice Chair
>>>>> Treasurer
>>>>> Secretary
>>>>> Governance
>>>>> Projects
>>>>> Chapters
>>>>> The idea being that these "At Large" positions are now given specific
>>>>> areas of focus.  They are tasked with providing updates and contemplating
>>>>> initiatives that would provide value in those areas.  We can work on a more
>>>>> formal write-up later, but I wanted to see what others thought about the
>>>>> idea.
>>>>> ~josh
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20151106/04470d05/attachment-0001.html>

More information about the Owasp-board mailing list