[Owasp-board] UPDATE FOR 14-DEC board meeting (WAS: input for Board meeting tomorrow 30-Nov - 150K seed fund request for summit 2017)

Josh Sokol josh.sokol at owasp.org
Thu Dec 8 03:36:14 UTC 2016


The dates and times for the Board meetings are determined at the beginning
of the year and are really difficult to move a week before the date.
Personally, I was much happier when these meetings were earlier in the day,
but that made it more difficult for Andrew to attend.  That said, I
understand the rationale behind the request for a more
Euro-timezone-friendly meeting time.  The feedback from the last Board
meeting, based on the issue of representation, was that the planning team
should try to get a representative involved in order to have someone who
can push this forward, if you aren't able to make it to do that.

Thinking out loud here, I think that part of the problem is that the Board
is focused on some other major things right now and this is lower on the
list of priorities.  I know that sounds bad, given that AppSec is our
mission, but the OWASP Foundation can't move forward without a budget or
strategic goals, but this summit is a very recent addition to the agenda.
All of this is compounded by the fact that we don't have an ED to align us
operationally, which just stresses the need to fill that void so much more.

I think that the hesitation here is because of the size of this request.
If it was "We need $20k of seed money", that would be a very simple vote,
at least IMHO.  $150k, however, is a VERY significant portion of our annual
budget.  Which means that it must be budgeted.  Which goes back to what I
said in the last paragraph about needing the time to focus on the budget so
we can move forward.  If you press this, my vote will be "no", because we
don't have the budget figured out to support it.  If you give us the time
to figure out the budget, then my inclination is to figure out a way to
make it happen.  It's a good time for this request, but something of this
size can't be forced, it must be planned.  Please give us some time.


On Tue, Dec 6, 2016 at 1:22 AM, Seba <seba at owasp.org> wrote:

> hi,
> As the board meeting on 30-Nov was cancelled, I added this to the 14-dec
> board meeting as topic.
> https://www.owasp.org/index.php/December_14,_2016
> 1) We really would like to have any *questions or concerns raised during
> the coming days?*
> We can then use the remaining days prior to the board call to respond to
> your questions and hopefully have your approval on the Dec 14th.
> 2) Can the timing of the board meeting be put somewhat earlier to make it
> more European time-zone friendly (and maybe put this early in the agenda)?
> We can then participate during the call.
> We see a lot of interest and enthusiasm from people that want to
> participate from inside and outside our community.
> Check out the list of 70+ people here http://doodle.com/poll/
> e8d4p955rc8guuru
> You should probably also add the dates you could make it?
> Kind regards,
> Seba
> On Mon, Nov 28, 2016 at 8:58 PM Seba <seba at owasp.org> wrote:
> hi Board,
> We have prepared extra information and our first draft budget (being
> reviewed by Laura/Andrew) here (and beow)-
> https://github.com/OWASP/owasp-devseccon-summit/blob/
> master/Logistics/FundRequest.md
> The timing does not allow me to participate in the call (midnight for CET
> timezone).
> You can contact us for any further questions or remarks.
> Hoping for an approval to push the summit forward and keep our momentum
> going!
> Kind regards
> Seba
> Our draft budget is available here: https://github.com/
> OWASP/owasp-devseccon-summit/blob/master/Budget/owasp-
> devseccon-summit-budget.xlsx We will further refine and improve this
> together with Laura and Andrew in the coming days.
> We already submitted the summit in OCMS. Which is being followed-up by the
> OWASP staff.
> Next week we will have the summit week decided (probably in June 2017) and
> we are currently visiting and talking with multiple venues.
> As soon as we have the final timing we will contract the venue together
> with Laura, Matt and Andrew.
> Let's be clear: we do not ask for 150 as a sunk cost or as a blank cheque.
> We will tap into several sources of income to organize this summit:
>    1. people coming to the summit will be asked to cover their own
>    travel/accommodation. We will only sponsor invited people that do not have
>    support from their own organisation.
>    2. we will ask the participating projects for seed funds: e.g. SAMM
>    already donated 10.000 USD
>    3. we will ask chapters to sponsor the summit with the budget they
>    have available (potentially 750K+ USD)
>    4. we will create sponsor packages for our regular OWASP sponsors to
>    support this summit
> We do not expect that we will be making a profit, and that is not our
> goal.  But we will definitely want to break-even with the above sources of
> income (like we already did with the SAMM summits in previous years). We
> see the 150K seed fund as our "starting capital" to assure that we can book
> the venue and start the logistics. And, of course, we will involve you and
> the staff on any major steps that would impact the financial bottom-line.
> <https://github.com/OWASP/owasp-devseccon-summit/blob/master/Logistics/FundRequest.md#what-do-we-get-out-of-this-or-what-is-our-roi>What
> do we get out of this, or what is our "ROI"?
> It all starts with getting the right people together working on the right
> content.  So our main goal is to organize workshops, sessions & sprints at
> the summit driven by both DevOps and AppSec people & principles. The first
> list and (active) collaboration is already starting here:
> https://github.com/OWASP/owasp-devseccon-summit/tree/master/Workshops.
> Our objective is to make a big impact and productivity boost on our
> projects and community by getting the main DevOps and AppSec people in one
> venue for 5 days 24/7 in "summit-mode". We are getting very positive
> feedback and people that indicated that they will come (see the Doodle here
>  http://doodle.com/poll/e8d4p955rc8guuru).
> The Summit success will be measured by the impact we will make with our
> summit deliverables and the impact on OWASP projects & the community.
> Seba, Dinis, Francois 27-Nov-2016
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20161207/b75fd1d5/attachment.html>

More information about the Owasp-board mailing list