[Owasp-board] Fwd: Request for 150K USD seed fund for the OWASP-DevSecCon Summit in April 2017 in the UK

Andrew van der Stock vanderaj at owasp.org
Tue Nov 22 22:32:14 UTC 2016


ALL - and I mean ALL - regional and global events must be organised through
our Events Coordinator, because the sums involved are more than just a
simple investment in a sponsorship or outreach. This means you need to
start filling out the event checklist and have an event budget worked out.
The usual lead time for an event is 12 months to allow for proper planning,
booking hotels (i.e. getting decent room rates, free conference facilities,
good deals on food) and such like. You need at least six months to make
sure people save the date and turn up.

We need to understand the co-marketing agreement with the other
organisation. Co-marketing agreements work best when both parties benefit,
and not just one or the other.

You need to work out what hotel you want to be in TODAY and see if they
have rooms, and get a quote for the event. If you don't do this you will
not have a hotel, and therefore, no event. Laura will be the Board's
delegated authority for inspecting hotel contracts, and as it's over $10k,
you will need both Matt Konda and I to countersign.

If this is just $150k in sunk costs with no chance of replenishment, which
I will be able to tell from filling out the events budget spreadsheet, I
will not be supportive of this event. If OWASP is the bank for another
organisation, I will not be supportive - that's not the point of OWASP. Due
to good results from AppSec USA and restraint throughout the year, we
finally look like we are going to make a decent profit this year, so I will
be supportive of a properly planned and budgeted event, but ad hoc requests
for large sums of money, just no.

Please work with Laura on getting and filling in the event checklist and
work up a budget of WHEN and how much you need funds. We have to make sure
that all checks and balances are in place, and that's why we work through
our Events Coordinator.

thanks,
Andrew


On Wed, Nov 23, 2016 at 7:19 AM Tiffany Long <tiffany.long at owasp.org> wrote:

> Hey Tom,
>
> The Nov. 30th meeting says that it is an optional place holder but it
> takes place three weeks after the last meeting and three weeks before the
> next one.
>
> What makes it optional?
>
> Best,
> Tiffany
>
>
> Tiffany Long
> Community Manager
>
> On Tue, Nov 22, 2016 at 7:26 AM, Tom Brennan <tomb at owasp.org> wrote:
>
> Thanks, my only questions based on what I read so far is:
>
> Is DecSecCon another registered non-profit business?
>
> Will DevSecCon also be putting up 150k or is OWASP taking all the risk
> here acting as the funding vehicle?
>
>
>
> On Tue, Nov 22, 2016 at 9:52 AM, Seba <seba at owasp.org> wrote:
> > Hi Tom
> >
> > Can the timing be adapted, I cannot make the middle of the night ?
> >
> > Yes, this is a joint organisation from OWASP & DevSecCon.
> >
> > I will reach out to Andrew with the draft budget (with our current
> > assumptions)
> >
> > Seba
> >
> >
> > On Tue, Nov 22, 2016 at 3:46 PM Tom Brennan <tomb at owasp.org> wrote:
> >>
> >> Next meeting is the 30th see:
> >> https://www.owasp.org/index.php/Board#tab=Agenda_for_2016_Meetings
> >>
> >> re: the request this is a request for 150k from OWASP.  This
> >> relationship with another legal entity sounds like a partnership not a
> >> 100% summit or owasp regional event.. can you provide some clarity
> >> around that?  Andrew is the treasurer you might want to start a thread
> >> with him on it
> >>
> >> On Tue, Nov 22, 2016 at 2:58 AM, Seba <seba at owasp.org> wrote:
> >> > hi Tom,
> >> >
> >> > I listened to the recording, my notes below
> >> > recording -
> >> > https://drive.google.com/file/d/0B0yxedKRQADib3RmSHBBMmVfMXM/view
> >> > (starts
> >> > around 13', ends at 18')
> >> >
> >> > notes board meeting 8  - Nov on summit, notes
> >> >
> >> > aim for revenue neutral?
> >> > this is what owasp should be doing, but should be budget neutral
> >> > need more details in writing for the next board meeting
> >> > involve at least one board member to "own" this.
> >> > start with a lower seed fund?
> >> > chapter funds will also be called upon.
> >> >
> >> > As stated below, I am available for a call on the 30th (possibly
> joined
> >> > by
> >> > Dinis & Francois)
> >> > I can do 20h30 CET -
> >> >
> >> >
> https://www.timeanddate.com/worldclock/fixedtime.html?msg=summit+seed+fund+call&iso=20161130T2030&p1=48&am=30
> >> >
> >> > regards
> >> >
> >> > Seba
> >> >
> >> > On Wed, Nov 9, 2016 at 7:58 AM Seba <seba at owasp.org> wrote:
> >> >>
> >> >> Hi Tom,
> >> >>
> >> >> I will listen to the recordings, respond to questions and push this
> >> >> further towards a successful summit (together with the team).
> >> >> I can join a call on the 30th, assuming it is on a CET-timezone
> >> >> friendly
> >> >> time :-)
> >> >> Preferably 21h30 CEST / 3:30pm EST ?
> >> >>
> >> >> regards
> >> >>
> >> >> Seba
> >> >>
> >> >>
> >> >>
> >> >> On Wed, Nov 9, 2016 at 3:12 AM Tom Brennan - OWASP <tomb at owasp.org>
> >> >> wrote:
> >> >>>
> >> >>> @ Dinis and Seba listen to the board meeting recording/mins., about
> >> >>> the
> >> >>> request for over 100k for joint effort with another business.  Based
> >> >>> on the
> >> >>> current model it actually falls under a joint-event and would
> require
> >> >>> a
> >> >>> co-marketing agreement and seed-money.
> >> >>>
> >> >>> https://www.owasp.org/index.php/November_8,_2016 (when link is
> >> >>> available)
> >> >>>
> >> >>> You guys have been board members you know what it is like to have
> >> >>> something vague on the agenda a motion to approve money and
> questions
> >> >>> from
> >> >>> attendees members of the public, staff and board on the submission.
> >> >>> Without
> >> >>> anyone from your team to speak to the initiative or a staff member
> or
> >> >>> board
> >> >>> member briefed it unfortunately gets pushed and without a motion, a
> >> >>> second
> >> >>> or a vote to make it happen.
> >> >>>
> >> >>> So that it can be approved by a majority vote (4) people for 2017
> >> >>> would
> >> >>> someone from your team who is going to LEAD the effort answer
> >> >>> questions and
> >> >>> be available on the 30th?
> >> >>>
> >> >>> Would that person be Francois or one of you guys?
> >> >>> https://www.linkedin.com/in/francoisraynaud
> >> >>>
> >> >>>
> >> >>>
> >> >>> On Tue, Nov 8, 2016 at 3:32 PM, Matt Konda <matt.konda at owasp.org>
> >> >>> wrote:
> >> >>>>
> >> >>>> Seba,
> >> >>>>
> >> >>>> Is there someone attending the board meeting that can speak to this
> >> >>>> in
> >> >>>> more detail?
> >> >>>>
> >> >>>> In general, I like the idea.  I have questions ...
> >> >>>>
> >> >>>> How many people do we expect to reach for the investment?
> >> >>>> What would be the outcome?
> >> >>>> What kind of organizational (events) support are you hoping for?
> >> >>>>
> >> >>>> As someone who was never part of the previous summits, I wonder if
> >> >>>> they
> >> >>>> are as open and inclusive as we would need them to be to justify
> >> >>>> almost 10%
> >> >>>> of our yearly budget to fund it.
> >> >>>>
> >> >>>> I definitely want to hear more - great work!
> >> >>>>
> >> >>>> Thanks,
> >> >>>> Matt
> >> >>>>
> >> >>>> On Tue, Nov 8, 2016 at 2:13 PM, Tobias Gondrom
> >> >>>> <tobias.gondrom at owasp.org> wrote:
> >> >>>>>
> >> >>>>> I support this initiative.
> >> >>>>>
> >> >>>>> This would be good to do!
> >> >>>>>
> >> >>>>> Best, Tobias
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> From: owasp-board-bounces+tobias.gondrom=
> owasp.org at lists.owasp.org
> >> >>>>>
> >> >>>>> [mailto:owasp-board-bounces+tobias.gondrom=
> owasp.org at lists.owasp.org] On
> >> >>>>> Behalf Of Seba
> >> >>>>> Sent: Monday, November 7, 2016 09:17
> >> >>>>> To: Michael Coates <michael.coates at owasp.org>
> >> >>>>> Cc: dinis <dinis at owasp.org>; OWASP Foundation Board List
> >> >>>>> <owasp-board at lists.owasp.org>; Francois <francois at devseccon.com>
> >> >>>>> Subject: Re: [Owasp-board] Fwd: Request for 150K USD seed fund for
> >> >>>>> the
> >> >>>>> OWASP-DevSecCon Summit in April 2017 in the UK
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> hi,
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> I have added this as an extra topic on the agenda:
> >> >>>>>
> >> >>>>> https://www.owasp.org/index.php/November_8,_2016
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> In the coming weeks I will create a detailed budget plan together
> >> >>>>> with
> >> >>>>> the team and Andrew/Laura.
> >> >>>>>
> >> >>>>> At this state we are looking for the approval under the condition
> >> >>>>> that
> >> >>>>> a detailed budget will be provided by the next board call.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Available for questions on Skyp/mobile in the coming days.
> >> >>>>>
> >> >>>>> I will not be able to join the call, as it will be midnight for me
> >> >>>>> then
> >> >>>>> ...
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Kind regards,
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Seba
> >> >>>>>
> >> >>>>> On Tue, Oct 25, 2016 at 9:52 PM Michael Coates
> >> >>>>> <michael.coates at owasp.org> wrote:
> >> >>>>>
> >> >>>>> Acknowledged. We've got it now via the thread history.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> The correct list is
> >> >>>>>
> >> >>>>> OWASP Foundation Board List <owasp-board at lists.owasp.org>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> In a previous email you sent it to a defunct owasp.org address
> that
> >> >>>>> I
> >> >>>>> believe was created as part of gmail. I don't recall why.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> --
> >> >>>>> Michael Coates | @_mwc
> >> >>>>>
> >> >>>>> OWASP Global Board
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> On Tue, Oct 25, 2016 at 2:40 AM, Seba <seba at owasp.org> wrote:
> >> >>>>>
> >> >>>>> Got an email that this is the correct email address?
> >> >>>>> Weird, as I already sent this to the email below.
> >> >>>>> Can hou confirm reception of this email?
> >> >>>>>
> >> >>>>> Thx!
> >> >>>>> Seba
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> ---------- Forwarded message ---------
> >> >>>>> From: Seba <seba at owasp.org>
> >> >>>>>
> >> >>>>> Date: Mon, 24 Oct 2016 at 14:00
> >> >>>>> Subject: Request for 150K USD seed fund for the OWASP-DevSecCon
> >> >>>>> Summit
> >> >>>>> in April 2017 in the UK
> >> >>>>> To: Laura Grau <laura.grau at owasp.org>, owasp-board at owasp.org
> >> >>>>> <owasp-board at owasp.org>
> >> >>>>> Cc: dinis <dinis at owasp.org>, psiinon <psiinon at gmail.com>,
> Francois
> >> >>>>> <francois at devseccon.com>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Dear Laura, Board,
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Last week I attended DevSecCon in London together with a couple of
> >> >>>>> other OWASP leaders (Dinis, Simon) and was excited about the
> >> >>>>> positive
> >> >>>>> atmosphere, content, workshops and attendees (both from
> development
> >> >>>>> as from
> >> >>>>> security backgrounds).
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Together with Francois Raynaud (founder of DevSecCon, in cc) we
> >> >>>>> would
> >> >>>>> like to organise a summit with as main focus and theme: grouping
> the
> >> >>>>> DevOps,
> >> >>>>> Security and OWASP communities to work on actionable and automated
> >> >>>>> solutions
> >> >>>>> for secure development and operations of software.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> We submitted the following event as Summit in OCMS as proposal for
> >> >>>>> next
> >> >>>>> year.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Owasp-DevSecCon Summit, England, April 2017
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> OWASP is joining forces with DevSecCon to create a Summit focused
> on
> >> >>>>> the collaboration between
> >> >>>>>
> >> >>>>> Developers and Application Security.
> >> >>>>>
> >> >>>>> This is not a conference with uni-directional presentations, this
> is
> >> >>>>> a
> >> >>>>> working summit with working sessions on areas like: Secure Coding,
> >> >>>>> Security
> >> >>>>> Testing/TDD, DevOps, Threat Modeling, Mobile Security, IoT, Risk &
> >> >>>>> Governance, Privacy & CTO/CISO requirements, Secure Design,
> >> >>>>> Bug-bounties,
> >> >>>>> Browser Security, AI for Attack & Defence, DDoS, Cyber Warfare,
> >> >>>>> AppSec
> >> >>>>> Standards; and of course, working sessions on popular OWASP
> projects
> >> >>>>> (lead
> >> >>>>> by its leaders) such as: Zap, Top 10, Dependency Checker,
> OwaspSAMM,
> >> >>>>> OWASP
> >> >>>>> Guides (Testing, ASVS, Core Review), AppSensor and dozens more.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Using the same model as the past two OWASP Summits in Portugal,
> this
> >> >>>>> 5
> >> >>>>> day event will be a 16h day high energy experience, where the
> >> >>>>> attendees are
> >> >>>>> expected to work and collaborate really hard. Every working
> session
> >> >>>>> will be
> >> >>>>> thoroughly prepared and focused on actionable outcomes.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> If you care about Application Security and want to collaborate
> with
> >> >>>>> the
> >> >>>>> key players in this industry, this is the event to be.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> The Summit will occur in England, April 2017, with an entry ticket
> >> >>>>> of
> >> >>>>> $2000 (covering travel + hotel + accommodation + event fee). OWASP
> >> >>>>> is
> >> >>>>> funding a large number of its leaders and other deserving
> >> >>>>> individuals to
> >> >>>>> attend, so if you feel you can't afford this fee, or your company
> is
> >> >>>>> not in
> >> >>>>> a position to sponsor you, please contact the event organisers.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> In terms of budget we ask for a seed fund of 150K USD (first draft
> >> >>>>> budget attached in the OCMS request).
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Our objective is to lower the financial impact (and possibly get
> >> >>>>> this
> >> >>>>> to 0 or even make it a budget positive event) through sponsoring
> >> >>>>> (externally
> >> >>>>> and from projects/chapters) and have participant's organisations
> >> >>>>> cover the
> >> >>>>> costs.
> >> >>>>>
> >> >>>>> Nevertheless, we ask this seed fund to get the ball rolling and
> >> >>>>> focus
> >> >>>>> on content, speakers, workshops and tracks. In parallel we will
> >> >>>>> involve
> >> >>>>> Laura, the staff and our community to co-organize this as a
> >> >>>>> professional
> >> >>>>> event and submit a detailed budget in the following cycles.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Our main question is:
> >> >>>>>
> >> >>>>> 1) your approval to reserve this summit seed fund (either by email
> >> >>>>> or
> >> >>>>> on your next board meeting 9-November).
> >> >>>>>
> >> >>>>> + your support to make this a great summit!
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Available for any questions/remarks thru email or other means.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Thank you
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Kind regards
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Seba
> >> >>>>>
> >> >>>>> OWASP SAMM project
> >> >>>>>
> >> >>>>> OWASP Belgium chapter
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> _______________________________________________
> >> >>>>> Owasp-board mailing list
> >> >>>>> Owasp-board at lists.owasp.org
> >> >>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
> >> >>>>>
> >> >>>>>
> >> >>>>> _______________________________________________
> >> >>>>> Owasp-board mailing list
> >> >>>>> Owasp-board at lists.owasp.org
> >> >>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
> >> >>>>>
> >> >>>>
> >> >>>>
> >> >>>> _______________________________________________
> >> >>>> Owasp-board mailing list
> >> >>>> Owasp-board at lists.owasp.org
> >> >>>> https://lists.owasp.org/mailman/listinfo/owasp-board
> >> >>>>
> >> >>>
> >> >>>
> >> >>> The information contained in this message and any attachments may be
> >> >>> privileged, confidential, proprietary or otherwise protected from
> >> >>> disclosure. If you, the reader of this message, are not the intended
> >> >>> recipient, you are hereby notified that any dissemination,
> >> >>> distribution,
> >> >>> copying or use of this message and any attachment is strictly
> >> >>> prohibited. If
> >> >>> you have received this message in error, please notify the sender
> >> >>> immediately by replying to the message, permanently delete it from
> >> >>> your
> >> >>> computer and destroy any
> >> >>> printout._______________________________________________
> >> >>> Owasp-board mailing list
> >> >>> Owasp-board at lists.owasp.org
> >> >>> https://lists.owasp.org/mailman/listinfo/owasp-board
> >>
> >>
> >>
> >> --
> >> Tom Brennan
> >> 973-202-0122
>
>
>
> --
> Tom Brennan
> 973-202-0122
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20161122/399e609d/attachment-0001.html>


More information about the Owasp-board mailing list