[Owasp-board] Fwd: Request for 150K USD seed fund for the OWASP-DevSecCon Summit in April 2017 in the UK

Seba seba at owasp.org
Sun Nov 27 15:29:26 UTC 2016


hi Bill,

1) yes, and other external sponsors
2) we are doing this together with devseccon, because they managed to rally
a lot of DevOps people that care about security. this helps us in bringing
together these 2 communities.

Seba

On Fri, Nov 25, 2016 at 5:39 PM Bil Corry <bil.corry at owasp.org> wrote:

> Are all sources of funding coming from OWASP, either the global org or an
> affiliated chapter/project?
>
> It sounds like OWASP is funding the brand-building of a for-profit company
> and I wonder why OWASP can't do a similar event with a name it owns and
> controls?
>
> - Bil
>
> On Nov 25, 2016, at 6:19 AM, Seba <seba at owasp.org> wrote:
>
> Hi Andrew, All,
>
> We already submitted this summit in OCMS weeks ago and we are working on
> the budget together with Laura.
> We are very much aware of the timing and tasks at hand, the 3 of us have
> organized these and other successful events before :-)
>
> Next week we will have the summit week decided (probably in June 2017) and
> we are currently visiting and talking with multiple venues.
> As soon as we have the final timing we will contract the venue together
> with Laura, Matt and yourself (and involve you in the process).
>
> Let's be clear: we do not ask for 150 as a sunk cost or as a blank cheque.
>
> We will tap into several sources of income to organize this summit:
> 1) people coming to the summit will be asked to cover their own
> travel/accommodation. We will only sponsor invited people that do not have
> support from their own organisation.
> 2) we will ask the participating projects for seed funds: e.g. SAMM
> already donated 10.000 USD
> 3) we will ask chapters to sponsor the summit with the budget they have
> available (potentially 750K+ USD)
> 4) we will create sponsor packages for our regular OWASP sponsors to
> support this summit
>
> I do not expect that we will be making a profit, and that is not our goal.
> But we will definitely want to break-even with the above sources of income
> (like we already did with the SAMM summits in previous years).
> We see the 150K seed fund as our "starting capital" to assure that we can
> book the venue and start the logistics.
> And, of course, we will involve you and the staff on any major steps that
> would impact the financial bottom-line.
>
> What do we get out of this, or what is our "ROI"?
> It all starts with getting the right people together working on the right
> content.
> So our main goal is to organize workshops, sessions & sprints at the
> summit driven by both DevOps and AppSec people & principles.
> The first list and (active) collaboration is already starting here:
> https://github.com/OWASP/owasp-devseccon-summit/tree/master/Workshops.
> Our objective is to make a big impact and productivity boost on our
> projects and community by getting the main DevOps and AppSec people in one
> venue for 5 days 24/7 in "summit-mode". We are getting very positive
> feedback and people that indicated that they will come.
>
> So: yes we will make sure "to hop through the necessary hoops" to assure
> this will be a professional event without "losing" (too much) money for
> OWASP
> But our main success will be measured by the impact we will make with our
> summit deliverables and the impact on our projects & the community.
>
> Kind regards,
>
> Seba
>
> On Tue, Nov 22, 2016 at 11:33 PM Andrew van der Stock <vanderaj at owasp.org>
> wrote:
>
> ALL - and I mean ALL - regional and global events must be organised
> through our Events Coordinator, because the sums involved are more than
> just a simple investment in a sponsorship or outreach. This means you need
> to start filling out the event checklist and have an event budget worked
> out. The usual lead time for an event is 12 months to allow for proper
> planning, booking hotels (i.e. getting decent room rates, free conference
> facilities, good deals on food) and such like. You need at least six months
> to make sure people save the date and turn up.
>
> We need to understand the co-marketing agreement with the other
> organisation. Co-marketing agreements work best when both parties benefit,
> and not just one or the other.
>
> You need to work out what hotel you want to be in TODAY and see if they
> have rooms, and get a quote for the event. If you don't do this you will
> not have a hotel, and therefore, no event. Laura will be the Board's
> delegated authority for inspecting hotel contracts, and as it's over $10k,
> you will need both Matt Konda and I to countersign.
>
> If this is just $150k in sunk costs with no chance of replenishment, which
> I will be able to tell from filling out the events budget spreadsheet, I
> will not be supportive of this event. If OWASP is the bank for another
> organisation, I will not be supportive - that's not the point of OWASP. Due
> to good results from AppSec USA and restraint throughout the year, we
> finally look like we are going to make a decent profit this year, so I will
> be supportive of a properly planned and budgeted event, but ad hoc requests
> for large sums of money, just no.
>
> Please work with Laura on getting and filling in the event checklist and
> work up a budget of WHEN and how much you need funds. We have to make sure
> that all checks and balances are in place, and that's why we work through
> our Events Coordinator.
>
> thanks,
> Andrew
>
>
> On Wed, Nov 23, 2016 at 7:19 AM Tiffany Long <tiffany.long at owasp.org>
> wrote:
>
> Hey Tom,
>
> The Nov. 30th meeting says that it is an optional place holder but it
> takes place three weeks after the last meeting and three weeks before the
> next one.
>
> What makes it optional?
>
> Best,
> Tiffany
>
>
> Tiffany Long
> Community Manager
>
> On Tue, Nov 22, 2016 at 7:26 AM, Tom Brennan <tomb at owasp.org> wrote:
>
> Thanks, my only questions based on what I read so far is:
>
> Is DecSecCon another registered non-profit business?
>
> Will DevSecCon also be putting up 150k or is OWASP taking all the risk
> here acting as the funding vehicle?
>
>
>
> On Tue, Nov 22, 2016 at 9:52 AM, Seba <seba at owasp.org> wrote:
> > Hi Tom
> >
> > Can the timing be adapted, I cannot make the middle of the night ?
> >
> > Yes, this is a joint organisation from OWASP & DevSecCon.
> >
> > I will reach out to Andrew with the draft budget (with our current
> > assumptions)
> >
> > Seba
> >
> >
> > On Tue, Nov 22, 2016 at 3:46 PM Tom Brennan <tomb at owasp.org> wrote:
> >>
> >> Next meeting is the 30th see:
> >> https://www.owasp.org/index.php/Board#tab=Agenda_for_2016_Meetings
> >>
> >> re: the request this is a request for 150k from OWASP.  This
> >> relationship with another legal entity sounds like a partnership not a
> >> 100% summit or owasp regional event.. can you provide some clarity
> >> around that?  Andrew is the treasurer you might want to start a thread
> >> with him on it
> >>
> >> On Tue, Nov 22, 2016 at 2:58 AM, Seba <seba at owasp.org> wrote:
> >> > hi Tom,
> >> >
> >> > I listened to the recording, my notes below
> >> > recording -
> >> > https://drive.google.com/file/d/0B0yxedKRQADib3RmSHBBMmVfMXM/view
> >> > (starts
> >> > around 13', ends at 18')
> >> >
> >> > notes board meeting 8  - Nov on summit, notes
> >> >
> >> > aim for revenue neutral?
> >> > this is what owasp should be doing, but should be budget neutral
> >> > need more details in writing for the next board meeting
> >> > involve at least one board member to "own" this.
> >> > start with a lower seed fund?
> >> > chapter funds will also be called upon.
> >> >
> >> > As stated below, I am available for a call on the 30th (possibly
> joined
> >> > by
> >> > Dinis & Francois)
> >> > I can do 20h30 CET -
> >> >
> >> >
> https://www.timeanddate.com/worldclock/fixedtime.html?msg=summit+seed+fund+call&iso=20161130T2030&p1=48&am=30
> >> >
> >> > regards
> >> >
> >> > Seba
> >> >
> >> > On Wed, Nov 9, 2016 at 7:58 AM Seba <seba at owasp.org> wrote:
> >> >>
> >> >> Hi Tom,
> >> >>
> >> >> I will listen to the recordings, respond to questions and push this
> >> >> further towards a successful summit (together with the team).
> >> >> I can join a call on the 30th, assuming it is on a CET-timezone
> >> >> friendly
> >> >> time :-)
> >> >> Preferably 21h30 CEST / 3:30pm EST ?
> >> >>
> >> >> regards
> >> >>
> >> >> Seba
> >> >>
> >> >>
> >> >>
> >> >> On Wed, Nov 9, 2016 at 3:12 AM Tom Brennan - OWASP <tomb at owasp.org>
> >> >> wrote:
> >> >>>
> >> >>> @ Dinis and Seba listen to the board meeting recording/mins., about
> >> >>> the
> >> >>> request for over 100k for joint effort with another business.  Based
> >> >>> on the
> >> >>> current model it actually falls under a joint-event and would
> require
> >> >>> a
> >> >>> co-marketing agreement and seed-money.
> >> >>>
> >> >>> https://www.owasp.org/index.php/November_8,_2016 (when link is
> >> >>> available)
> >> >>>
> >> >>> You guys have been board members you know what it is like to have
> >> >>> something vague on the agenda a motion to approve money and
> questions
> >> >>> from
> >> >>> attendees members of the public, staff and board on the submission.
> >> >>> Without
> >> >>> anyone from your team to speak to the initiative or a staff member
> or
> >> >>> board
> >> >>> member briefed it unfortunately gets pushed and without a motion, a
> >> >>> second
> >> >>> or a vote to make it happen.
> >> >>>
> >> >>> So that it can be approved by a majority vote (4) people for 2017
> >> >>> would
> >> >>> someone from your team who is going to LEAD the effort answer
> >> >>> questions and
> >> >>> be available on the 30th?
> >> >>>
> >> >>> Would that person be Francois or one of you guys?
> >> >>> https://www.linkedin.com/in/francoisraynaud
> >> >>>
> >> >>>
> >> >>>
> >> >>> On Tue, Nov 8, 2016 at 3:32 PM, Matt Konda <matt.konda at owasp.org>
> >> >>> wrote:
> >> >>>>
> >> >>>> Seba,
> >> >>>>
> >> >>>> Is there someone attending the board meeting that can speak to this
> >> >>>> in
> >> >>>> more detail?
> >> >>>>
> >> >>>> In general, I like the idea.  I have questions ...
> >> >>>>
> >> >>>> How many people do we expect to reach for the investment?
> >> >>>> What would be the outcome?
> >> >>>> What kind of organizational (events) support are you hoping for?
> >> >>>>
> >> >>>> As someone who was never part of the previous summits, I wonder if
> >> >>>> they
> >> >>>> are as open and inclusive as we would need them to be to justify
> >> >>>> almost 10%
> >> >>>> of our yearly budget to fund it.
> >> >>>>
> >> >>>> I definitely want to hear more - great work!
> >> >>>>
> >> >>>> Thanks,
> >> >>>> Matt
> >> >>>>
> >> >>>> On Tue, Nov 8, 2016 at 2:13 PM, Tobias Gondrom
> >> >>>> <tobias.gondrom at owasp.org> wrote:
> >> >>>>>
> >> >>>>> I support this initiative.
> >> >>>>>
> >> >>>>> This would be good to do!
> >> >>>>>
> >> >>>>> Best, Tobias
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> From: owasp-board-bounces+tobias.gondrom=
> owasp.org at lists.owasp.org
> >> >>>>>
> >> >>>>> [mailto:owasp-board-bounces+tobias.gondrom=
> owasp.org at lists.owasp.org] On
> >> >>>>> Behalf Of Seba
> >> >>>>> Sent: Monday, November 7, 2016 09:17
> >> >>>>> To: Michael Coates <michael.coates at owasp.org>
> >> >>>>> Cc: dinis <dinis at owasp.org>; OWASP Foundation Board List
> >> >>>>> <owasp-board at lists.owasp.org>; Francois <francois at devseccon.com>
> >> >>>>> Subject: Re: [Owasp-board] Fwd: Request for 150K USD seed fund for
> >> >>>>> the
> >> >>>>> OWASP-DevSecCon Summit in April 2017 in the UK
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> hi,
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> I have added this as an extra topic on the agenda:
> >> >>>>>
> >> >>>>> https://www.owasp.org/index.php/November_8,_2016
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> In the coming weeks I will create a detailed budget plan together
> >> >>>>> with
> >> >>>>> the team and Andrew/Laura.
> >> >>>>>
> >> >>>>> At this state we are looking for the approval under the condition
> >> >>>>> that
> >> >>>>> a detailed budget will be provided by the next board call.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Available for questions on Skyp/mobile in the coming days.
> >> >>>>>
> >> >>>>> I will not be able to join the call, as it will be midnight for me
> >> >>>>> then
> >> >>>>> ...
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Kind regards,
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Seba
> >> >>>>>
> >> >>>>> On Tue, Oct 25, 2016 at 9:52 PM Michael Coates
> >> >>>>> <michael.coates at owasp.org> wrote:
> >> >>>>>
> >> >>>>> Acknowledged. We've got it now via the thread history.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> The correct list is
> >> >>>>>
> >> >>>>> OWASP Foundation Board List <owasp-board at lists.owasp.org>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> In a previous email you sent it to a defunct owasp.org address
> that
> >> >>>>> I
> >> >>>>> believe was created as part of gmail. I don't recall why.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> --
> >> >>>>> Michael Coates | @_mwc
> >> >>>>>
> >> >>>>> OWASP Global Board
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> On Tue, Oct 25, 2016 at 2:40 AM, Seba <seba at owasp.org> wrote:
> >> >>>>>
> >> >>>>> Got an email that this is the correct email address?
> >> >>>>> Weird, as I already sent this to the email below.
> >> >>>>> Can hou confirm reception of this email?
> >> >>>>>
> >> >>>>> Thx!
> >> >>>>> Seba
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> ---------- Forwarded message ---------
> >> >>>>> From: Seba <seba at owasp.org>
> >> >>>>>
> >> >>>>> Date: Mon, 24 Oct 2016 at 14:00
> >> >>>>> Subject: Request for 150K USD seed fund for the OWASP-DevSecCon
> >> >>>>> Summit
> >> >>>>> in April 2017 in the UK
> >> >>>>> To: Laura Grau <laura.grau at owasp.org>, owasp-board at owasp.org
> >> >>>>> <owasp-board at owasp.org>
> >> >>>>> Cc: dinis <dinis at owasp.org>, psiinon <psiinon at gmail.com>,
> Francois
> >> >>>>> <francois at devseccon.com>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Dear Laura, Board,
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Last week I attended DevSecCon in London together with a couple of
> >> >>>>> other OWASP leaders (Dinis, Simon) and was excited about the
> >> >>>>> positive
> >> >>>>> atmosphere, content, workshops and attendees (both from
> development
> >> >>>>> as from
> >> >>>>> security backgrounds).
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Together with Francois Raynaud (founder of DevSecCon, in cc) we
> >> >>>>> would
> >> >>>>> like to organise a summit with as main focus and theme: grouping
> the
> >> >>>>> DevOps,
> >> >>>>> Security and OWASP communities to work on actionable and automated
> >> >>>>> solutions
> >> >>>>> for secure development and operations of software.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> We submitted the following event as Summit in OCMS as proposal for
> >> >>>>> next
> >> >>>>> year.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Owasp-DevSecCon Summit, England, April 2017
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> OWASP is joining forces with DevSecCon to create a Summit focused
> on
> >> >>>>> the collaboration between
> >> >>>>>
> >> >>>>> Developers and Application Security.
> >> >>>>>
> >> >>>>> This is not a conference with uni-directional presentations, this
> is
> >> >>>>> a
> >> >>>>> working summit with working sessions on areas like: Secure Coding,
> >> >>>>> Security
> >> >>>>> Testing/TDD, DevOps, Threat Modeling, Mobile Security, IoT, Risk &
> >> >>>>> Governance, Privacy & CTO/CISO requirements, Secure Design,
> >> >>>>> Bug-bounties,
> >> >>>>> Browser Security, AI for Attack & Defence, DDoS, Cyber Warfare,
> >> >>>>> AppSec
> >> >>>>> Standards; and of course, working sessions on popular OWASP
> projects
> >> >>>>> (lead
> >> >>>>> by its leaders) such as: Zap, Top 10, Dependency Checker,
> OwaspSAMM,
> >> >>>>> OWASP
> >> >>>>> Guides (Testing, ASVS, Core Review), AppSensor and dozens more.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Using the same model as the past two OWASP Summits in Portugal,
> this
> >> >>>>> 5
> >> >>>>> day event will be a 16h day high energy experience, where the
> >> >>>>> attendees are
> >> >>>>> expected to work and collaborate really hard. Every working
> session
> >> >>>>> will be
> >> >>>>> thoroughly prepared and focused on actionable outcomes.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> If you care about Application Security and want to collaborate
> with
> >> >>>>> the
> >> >>>>> key players in this industry, this is the event to be.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> The Summit will occur in England, April 2017, with an entry ticket
> >> >>>>> of
> >> >>>>> $2000 (covering travel + hotel + accommodation + event fee). OWASP
> >> >>>>> is
> >> >>>>> funding a large number of its leaders and other deserving
> >> >>>>> individuals to
> >> >>>>> attend, so if you feel you can't afford this fee, or your company
> is
> >> >>>>> not in
> >> >>>>> a position to sponsor you, please contact the event organisers.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> In terms of budget we ask for a seed fund of 150K USD (first draft
> >> >>>>> budget attached in the OCMS request).
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Our objective is to lower the financial impact (and possibly get
> >> >>>>> this
> >> >>>>> to 0 or even make it a budget positive event) through sponsoring
> >> >>>>> (externally
> >> >>>>> and from projects/chapters) and have participant's organisations
> >> >>>>> cover the
> >> >>>>> costs.
> >> >>>>>
> >> >>>>> Nevertheless, we ask this seed fund to get the ball rolling and
> >> >>>>> focus
> >> >>>>> on content, speakers, workshops and tracks. In parallel we will
> >> >>>>> involve
> >> >>>>> Laura, the staff and our community to co-organize this as a
> >> >>>>> professional
> >> >>>>> event and submit a detailed budget in the following cycles.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Our main question is:
> >> >>>>>
> >> >>>>> 1) your approval to reserve this summit seed fund (either by email
> >> >>>>> or
> >> >>>>> on your next board meeting 9-November).
> >> >>>>>
> >> >>>>> + your support to make this a great summit!
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Available for any questions/remarks thru email or other means.
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Thank you
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Kind regards
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> Seba
> >> >>>>>
> >> >>>>> OWASP SAMM project
> >> >>>>>
> >> >>>>> OWASP Belgium chapter
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> _______________________________________________
> >> >>>>> Owasp-board mailing list
> >> >>>>> Owasp-board at lists.owasp.org
> >> >>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
> >> >>>>>
> >> >>>>>
> >> >>>>> _______________________________________________
> >> >>>>> Owasp-board mailing list
> >> >>>>> Owasp-board at lists.owasp.org
> >> >>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
> >> >>>>>
> >> >>>>
> >> >>>>
> >> >>>> _______________________________________________
> >> >>>> Owasp-board mailing list
> >> >>>> Owasp-board at lists.owasp.org
> >> >>>> https://lists.owasp.org/mailman/listinfo/owasp-board
> >> >>>>
> >> >>>
> >> >>>
> >> >>> The information contained in this message and any attachments may be
> >> >>> privileged, confidential, proprietary or otherwise protected from
> >> >>> disclosure. If you, the reader of this message, are not the intended
> >> >>> recipient, you are hereby notified that any dissemination,
> >> >>> distribution,
> >> >>> copying or use of this message and any attachment is strictly
> >> >>> prohibited. If
> >> >>> you have received this message in error, please notify the sender
> >> >>> immediately by replying to the message, permanently delete it from
> >> >>> your
> >> >>> computer and destroy any
> >> >>> printout._______________________________________________
> >> >>> Owasp-board mailing list
> >> >>> Owasp-board at lists.owasp.org
> >> >>> https://lists.owasp.org/mailman/listinfo/owasp-board
> >>
> >>
> >>
> >> --
> >> Tom Brennan
> >> 973-202-0122
>
>
>
> --
> Tom Brennan
> 973-202-0122
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20161127/5b45b18f/attachment-0001.html>


More information about the Owasp-board mailing list