[Owasp-board] Budget for FY17

Andrew van der Stock vanderaj at owasp.org
Fri Sep 9 06:10:29 UTC 2016


Tom,

It seems like a lot of work for smaller chapters to do, so I think we
should maintain the current status quo. My main goal here is to not cut off
money supply to chapters, but to gather requirements from *all* of the
Board for their strategic initiatives and desired budget, and to come
together with budget requests. We then work out what gets what funding over
the course of the next few months with a final approval in December's Board
meeting for a kick off on January 1.

This means, I am looking for initiatives from Josh on chapter initiatives
that needs funding in 2017. I put up a straw man that said $0, but we're a
Board not me as dictator. Let's make it work :)

Thanks,
Andrew

On Thu, Sep 8, 2016 at 3:41 AM, Tom Brennan - OWASP <tomb at owasp.org> wrote:

> Just to be clear Johanna, I do not currently support that for OWASP
> Chapters and have been against doing it since 2007'.  I am asking if
> that is perhaps his position as I would have asked at the Board
> Meeting for clarity.
>
> So please allow Andrew to respond on this list.
>
>
> On Wed, Sep 7, 2016 at 1:30 PM, johanna curiel curiel
> <johanna.curiel at owasp.org> wrote:
> >>>Andrew do you support allowing Chapters to spin off and create their own
> >>> 501(c)3 Non-Profits and then this is removed from the P&L of the OWASP
> >>> Foundation running their own chapters with a master governance/policy?
> >
> > Agree with Tom, ISACA does the same for chapters around the world and it
> > turns out to be a great way to manage it
> >
> > On Wed, Sep 7, 2016 at 12:59 PM, Tom Brennan - OWASP <tomb at owasp.org>
> wrote:
> >>
> >> Also like the pie idea with some questions..
> >>
> >> Andrew do you support allowing Chapters to spin off and create their own
> >> 501(c)3 Non-Profits and then this is removed from the P&L of the OWASP
> >> Foundation running their own chapters with a master governance/policy?
> >>
> >> Many associations with chapters do this exact model  ISC2 ISSA ISACA
> >> etc..etc..
> >>
> >> Example;
> >>
> >> https://www.isc2.org/uploadedfiles/(isc)2_member_
> content/chapters/(isc)2-chapter-guidelines.pdf
> >>
> >> I just want to understand your thinking here -- item for discussion
> >> certainly that email can't capture but I don't think you want to split
> the
> >> organization from (3) legal entities (USA, EU, Norway
> >> https://www.owasp.org/index.php/About_The_Open_Web_
> Application_Security_Project#Other_Financial_Documents)
> >> to several hundred is that correct?
> >>
> >>
> >>
> >>
> >> On Wed, Sep 7, 2016 at 12:32 PM, Josh Sokol <josh.sokol at owasp.org>
> wrote:
> >> > Andrew,
> >> >
> >> > If I am understanding correctly, you are suggesting that we should
> >> > allocate
> >> > $0 to Chapter funding.  While I understand that there are chapters
> that
> >> > have
> >> > money in their accounts, there are many chapters who do not.  The
> >> > funding
> >> > bucket that you are looking to eliminate is what enables new chapters
> to
> >> > get
> >> > started, previous chapters to get restarted, and chapters with no
> money
> >> > in
> >> > their accounts to do things.  Chapters are a huge part of OWASP's
> >> > outreach
> >> > mission and should be tied to it.  We can certainly discuss "how
> much",
> >> > but
> >> > I'm not comfortable shafting 100+ chapters based on the fact that some
> >> > chapters have money.  I was with you on the budget approach until this
> >> > was
> >> > proposed.
> >> >
> >> > ~josh
> >> >
> >> > On Tue, Sep 6, 2016 at 1:06 AM, Andrew van der Stock
> >> > <vanderaj at owasp.org>
> >> > wrote:
> >> >>
> >> >> Hi all,
> >> >>
> >> >> I want to start the process for the FY17 budget now, so that we have
> an
> >> >> entire quarter to get it right and approved in concert with the new
> >> >> incoming
> >> >> Board members in December, so we can hit the ground running in 2017.
> >> >>
> >> >> This year, the biggest change I need us to make is a pie based budget
> >> >> instead of just adjusting last year's numbers, as last year's numbers
> >> >> reflect the strategic goals of 2013, not what we want to do.
> >> >>
> >> >> I propose two pies, for 501 (c) 3 reasons:
> >> >>
> >> >> Administrative pie, capped at 10% of our total budget
> >> >> Mission pie, capped at 90% of our total budget
> >> >>
> >> >> This means that it becomes possible for us to show that we are
> spending
> >> >> a
> >> >> goodly amount of our budget on mission, and capping administrative
> back
> >> >> office costs at 10% of our overall budget. This will require staff
> who
> >> >> are
> >> >> currently paid from general revenue to be allocated within the budget
> >> >> to a
> >> >> specific strategic goal, with truly only OWASP Foundation core staff
> >> >> (Kate
> >> >> and Alison, primarily) paid from the administrative budget.
> >> >>
> >> >> We as a Board need to make decisions around the makeup of the mission
> >> >> pie:
> >> >>
> >> >> Education
> >> >> Outreach
> >> >> Conferences
> >> >> Projects
> >> >> Website redesign
> >> >>
> >> >>
> >> >> I personally think that the above strategic goals should each get
> 22.5%
> >> >> each of the pie, with 10% of the remaining budget for the website
> >> >> redesign.
> >> >> Conferences, being a profitable area for us should look to increase
> the
> >> >> number of global events to four in 2017, and increase the number of
> >> >> regional
> >> >> events. If anything, giving conferences a budget is more like a float
> >> >> rather
> >> >> than a spending requirement, as they return funds to the
> organisation,
> >> >> which
> >> >> I also hope training will do one day, too.
> >> >>
> >> >> So how big is this pie? We need to make a budget that stretches us to
> >> >> make
> >> >> $3m in FY17, which means we need to look at all sources of income,
> and
> >> >> what
> >> >> we need to do to make that a reality. Our revenue in 2015 was
> >> >> $2,478,184. If
> >> >> we say we can do $2.7m this year (possible, depends on AppSec USA
> >> >> profitability), $3m is within our grasp. So 10% is $300,000
> >> >> administrative
> >> >> costs, and then $610k each for education, outreach, conferences,
> >> >> projects,
> >> >> and up to $270k for the website. That is with no contingency, and
> >> >> assumes
> >> >> AppSec USA is at least 10% more profitable than last year's.
> >> >>
> >> >> Income measures will require a properly planned membership drive,
> >> >> particularly in desired outreach groups (developers), a proper
> >> >> marketing
> >> >> campaign to encourage donations and sponsorships, and I think we
> should
> >> >> invest in a grant writer to get funds for projects, and use some of
> the
> >> >> project funds to do a grant linked work program. We should also be
> >> >> looking
> >> >> at using our contacts as a Board to develop relations with other
> large
> >> >> organisations, to properly fund us as we look to grow to $5m per year
> >> >> in a
> >> >> few years.
> >> >>
> >> >> Chapters have many existing sources of income, and they continue to
> do
> >> >> well without additional funds being allocated to them, so I propose
> >> >> that
> >> >> none of the mission pie is redirected to chapters as they have more
> >> >> than 75%
> >> >> of the available funds already. In fact, the spending pie above does
> >> >> not
> >> >> take into account the fact that chapters will be getting funds before
> >> >> anyone
> >> >> else.
> >> >>
> >> >> So I *would* like us to enforce our already approved vote to force
> >> >> chapters with large balances to come up with plans to spend the cash,
> >> >> or to
> >> >> sweep it back into general revenue, so we can use those unused funds
> to
> >> >> grow
> >> >> the organisation in meaningful ways. This affects a tiny fraction of
> >> >> all
> >> >> chapters. Denver is already taking measures to spend their funds on a
> >> >> local
> >> >> lab.
> >> >>
> >> >> So for those of you on the Board who are the champions of a
> particular
> >> >> strategic goal, I'd like you to come up with a plan of action for
> 2017,
> >> >> with
> >> >> associated costs. Let's put it into the budget, and get it done.
> >> >>
> >> >> thanks,
> >> >> Andrew
> >> >>
> >> >>
> >> >>
> >> >> _______________________________________________
> >> >> Owasp-board mailing list
> >> >> Owasp-board at lists.owasp.org
> >> >> https://lists.owasp.org/mailman/listinfo/owasp-board
> >> >>
> >> >
> >> >
> >> > _______________________________________________
> >> > Owasp-board mailing list
> >> > Owasp-board at lists.owasp.org
> >> > https://lists.owasp.org/mailman/listinfo/owasp-board
> >> >
> >>
> >> The information contained in this message and any attachments may be
> >> privileged, confidential, proprietary or otherwise protected from
> >> disclosure. If you, the reader of this message, are not the intended
> >> recipient, you are hereby notified that any dissemination, distribution,
> >> copying or use of this message and any attachment is strictly
> prohibited. If
> >> you have received this message in error, please notify the sender
> >> immediately by replying to the message, permanently delete it from your
> >> computer and destroy any printout.
> >> _______________________________________________
> >> Owasp-board mailing list
> >> Owasp-board at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-board
> >>
> >
> >
> >
> > --
> > Johanna Curiel
> > OWASP Volunteer
>
> --
> The information contained in this message and any attachments may be
> privileged, confidential, proprietary or otherwise protected from
> disclosure. If you, the reader of this message, are not the intended
> recipient, you are hereby notified that any dissemination, distribution,
> copying or use of this message and any attachment is strictly prohibited.
> If you have received this message in error, please notify the sender
> immediately by replying to the message, permanently delete it from your
> computer and destroy any printout.
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20160909/e54f2b17/attachment-0001.html>


More information about the Owasp-board mailing list