[Owasp-board] Strategic Goals _Deliverables - Invitation to edit

Tom Brennan tomb at owasp.org
Sat Nov 12 18:23:50 UTC 2016

This is a really useful opinion of how to approach the 2017 year, thank
you Andrew (cc the global community since there is no HR or Legal issues on
this thread) all OWASP projects, chapter leaders and individual and
corporate members should take this opportunity to review, comment and
attend the upcoming meetings to voice there concerns, questions directly
publicly to where we are and where we are going as a organization before
the ship leaves for the next 12 month tour.

I disagree with the website comment as that is a core business function and
NOT a OWASP project in the typical sense.

Nov 30th is your next opportunity to attend the monthly public
business meeting see:

In edition we need everyone to RECRUIT for the CEO of OWASP Foundation who
will lead the business, manage the staff and make AppSec great!


On Thursday, November 10, 2016, Andrew van der Stock <vanderaj at owasp.org>

> I would like us to move to a pie based budget this year, so it is more
> obvious that we have a dedicated pool of budgeted funds. For example, every
> one of those budgeted requests has a $ figure with it, but at this moment,
> I don't know how much we actually have to spend. What I'd like to do is
> have an agreement on the percentage given to each strategic goal (once
> we've agreed what they are), which will then flow to each budget request.
> My three strategic goals are:
> Chapters, Community, Membership, and Outreach
> Education, Conferences, Training and Awareness
> Projects, OWASP as a service (Infrastructure & Website)
> I think 5 goals was too much and we didn't achieve these goals this year,
> 4 is not going to be much better, and we need to think long term about how
> we can actually DO the goal, grow the funding and make each of the areas a
> profit centre.
> Currently, Chapters and membership are profitable strategic goals, as is
> Conferences and Training (in fact, this is the majority of OWASP income,
> which is then spread to G&A, chapters, projects, and all the other things
> we do).
> This leaves sponsorship, fund raising, donations, grant writing (something
> I think we should do more of), and specific project or chapter income. The
> reason I bundle OWASP as a service into Projects, is that I think it
> belongs to Matt Tesauro, and he should be doing the website re-do as an
> OWASP project, and I'd like to see an OWASP in a box (basically a virtual
> machine or a cloudformation script or dockerfile) ready for people to bug
> bounty locally, so we can open up all of OWASP to bug bounties without
> harming our production environments. Again, a project.
> Once we have agreed and selected strategic goals, we need to pick a % of
> the expense bucket to give each goal. It might be at first blush be easy to
> say 33% each, but we also have to fund G&A, which is currently running at
> around $100k per month, or $1.2m per year. Our overall income is $2m per
> year. I will know roughly how much 2016 will be in mid December as there's
> not a lot of additional funds coming in at that point.
> For example, once we get closer to the end of the year, it will become
> obvious how much we actually have to spend next year. I was hoping that Tom
> Pappas would have supplied a November financial package, but that didn't
> happen, so I might to go delve in there myself. Most of the AppSec USA
> expenses have now gone out, so we should have a better picture of our
> overall health.
> G&A will be a certain amount, which is a fixed overhead. I've gone through
> it with a fine tooth comb, and basically, there's not much fat in there at
> all. Additionally, we have to give some low paid staff an immediate pay
> rise to cope with the federal minimum wage laws. This also applies to
> Kelly, whom we either have to convert to full time salary or give her a
> significant raise on top of collecting commission. That's going to happen
> in the next day or so I hope as otherwise we'll be fined.
> So let's say we have $800k to play with (a likely sum).
> Chapters will most likely end up with $300k of that just $800k through
> their standard chapter methods of income. I'd like to allocate $50k to the
> CEF to give to Tiffany as her budget to hand out to worthy community
> causes, outreach (which includes swag). How much do we need for
> co-marketing agreements, if any? $350k total
> Conferences and Training bring in money, but they also require a
> substantial float. It's no secret that this float generally comes from
> dipping into the "chapter" funds. Until we go to a true P&L model, this is
> not a problem, as conferences make money hand over fist. We currently allow
> for carrying AppSec Cali for about $100k for up to a year. We made a
> booking for them in February this year for $27k for example, AppSec EU
> about $250-400k for about 6-9 months, and AppSec USA we carry up to half a
> million dollars in hotel booking reservations alone, usually it tips the
> scales at around $600k before we start receiving funds from sponsorships
> and early bird registrations for training. I'm looking for about $100k this
> coming year to work on two projects - a training portal / service similar
> to PluralSight or Lynda.com (or even using them), and secondly, to develop
> a workable tertiary education syllabus, which I believe will take several
> meetings by academics to get done. $100k total
> Projects is in dire need of funding. Dinis Cruz has asked for $150k -
> $250k for his project summit. We normally provide Claudia with $20k per
> AppSec Summit (so $40k), and this is not totally spent each time. Tom B is
> leading the web site re-design, and I believe this will take at least
> $150k, and I want it done, so let's allocate that and if it takes less,
> great. I've asked Matt T to provide a list of all the servers he wants to
> replace, and to provide a buy in and cloud based model, but let's assume
> $50k. $390k - $490k
> Total so far (and think of how few things I have planned out) $840 -
> $940k, which is $40k more than we probably have to hand.
> thoughts very welcome. I don't have all the answers, and I don't have all
> the budget requests. Please send them in.
> thanks,
> Andrew
> On Fri, Nov 11, 2016 at 12:02 AM johanna curiel curiel (via Google Sheets)
> <drive-shares-noreply at google.com
> <javascript:_e(%7B%7D,'cvml','drive-shares-noreply at google.com');>> wrote:
>> johanna curiel curiel
>> <javascript:_e(%7B%7D,'cvml','johanna.curiel at owasp.org');> has invited
>> you to *edit* the following spreadsheet:
>> Strategic Goals _Deliverables
>> <https://docs.google.com/a/owasp.org/spreadsheets/d/1YFeS9kEMGIeowteiMPowqH4xZivg3JO_HGQ0Mp9aMvI/edit?usp=sharing_eixpa_nl&ts=58246fce>
>> Open in Sheets
>> <https://docs.google.com/a/owasp.org/spreadsheets/d/1YFeS9kEMGIeowteiMPowqH4xZivg3JO_HGQ0Mp9aMvI/edit?usp=sharing_eixpa_np&ts=58246fce>
>> Google Sheets: Create and edit spreadsheets online.
>> Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
>> You have received this email because someone shared a spreadsheet with
>> you from Google Sheets. [image: Logo for Google Sheets]
>> <https://drive.google.com>

Tom Brennan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20161112/a884a778/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IMG_6242.JPG
Type: image/jpeg
Size: 438489 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20161112/a884a778/attachment-0001.jpe>

More information about the Owasp-board mailing list