[Owasp-board] Budget for FY17

Bev Corwin bev.corwin at owasp.org
Fri Sep 9 10:19:23 UTC 2016


Hi all, I'm just adding my 2 cents here, I, like Tom, am not fond of the
idea of incorporating a bunch of mini OWASP Chapter non profits. The
current model works well IMHO. I would like to see a funding model where
more of the membership funds go directly to chapters, and the same for any
grants, sponsorships, etc. I'd prefer to see a model where 10% go to
administrative, and 90% go directly to chapters or project funding.

Bev

On Fri, Sep 9, 2016 at 2:10 AM, Andrew van der Stock <vanderaj at owasp.org>
wrote:

> Tom,
>
> It seems like a lot of work for smaller chapters to do, so I think we
> should maintain the current status quo. My main goal here is to not cut off
> money supply to chapters, but to gather requirements from *all* of the
> Board for their strategic initiatives and desired budget, and to come
> together with budget requests. We then work out what gets what funding over
> the course of the next few months with a final approval in December's Board
> meeting for a kick off on January 1.
>
> This means, I am looking for initiatives from Josh on chapter initiatives
> that needs funding in 2017. I put up a straw man that said $0, but we're a
> Board not me as dictator. Let's make it work :)
>
> Thanks,
> Andrew
>
> On Thu, Sep 8, 2016 at 3:41 AM, Tom Brennan - OWASP <tomb at owasp.org>
> wrote:
>
>> Just to be clear Johanna, I do not currently support that for OWASP
>> Chapters and have been against doing it since 2007'.  I am asking if
>> that is perhaps his position as I would have asked at the Board
>> Meeting for clarity.
>>
>> So please allow Andrew to respond on this list.
>>
>>
>> On Wed, Sep 7, 2016 at 1:30 PM, johanna curiel curiel
>> <johanna.curiel at owasp.org> wrote:
>> >>>Andrew do you support allowing Chapters to spin off and create their
>> own
>> >>> 501(c)3 Non-Profits and then this is removed from the P&L of the OWASP
>> >>> Foundation running their own chapters with a master governance/policy?
>> >
>> > Agree with Tom, ISACA does the same for chapters around the world and it
>> > turns out to be a great way to manage it
>> >
>> > On Wed, Sep 7, 2016 at 12:59 PM, Tom Brennan - OWASP <tomb at owasp.org>
>> wrote:
>> >>
>> >> Also like the pie idea with some questions..
>> >>
>> >> Andrew do you support allowing Chapters to spin off and create their
>> own
>> >> 501(c)3 Non-Profits and then this is removed from the P&L of the OWASP
>> >> Foundation running their own chapters with a master governance/policy?
>> >>
>> >> Many associations with chapters do this exact model  ISC2 ISSA ISACA
>> >> etc..etc..
>> >>
>> >> Example;
>> >>
>> >> https://www.isc2.org/uploadedfiles/(isc)2_member_content/
>> chapters/(isc)2-chapter-guidelines.pdf
>> >>
>> >> I just want to understand your thinking here -- item for discussion
>> >> certainly that email can't capture but I don't think you want to split
>> the
>> >> organization from (3) legal entities (USA, EU, Norway
>> >> https://www.owasp.org/index.php/About_The_Open_Web_Applicati
>> on_Security_Project#Other_Financial_Documents)
>> >> to several hundred is that correct?
>> >>
>> >>
>> >>
>> >>
>> >> On Wed, Sep 7, 2016 at 12:32 PM, Josh Sokol <josh.sokol at owasp.org>
>> wrote:
>> >> > Andrew,
>> >> >
>> >> > If I am understanding correctly, you are suggesting that we should
>> >> > allocate
>> >> > $0 to Chapter funding.  While I understand that there are chapters
>> that
>> >> > have
>> >> > money in their accounts, there are many chapters who do not.  The
>> >> > funding
>> >> > bucket that you are looking to eliminate is what enables new
>> chapters to
>> >> > get
>> >> > started, previous chapters to get restarted, and chapters with no
>> money
>> >> > in
>> >> > their accounts to do things.  Chapters are a huge part of OWASP's
>> >> > outreach
>> >> > mission and should be tied to it.  We can certainly discuss "how
>> much",
>> >> > but
>> >> > I'm not comfortable shafting 100+ chapters based on the fact that
>> some
>> >> > chapters have money.  I was with you on the budget approach until
>> this
>> >> > was
>> >> > proposed.
>> >> >
>> >> > ~josh
>> >> >
>> >> > On Tue, Sep 6, 2016 at 1:06 AM, Andrew van der Stock
>> >> > <vanderaj at owasp.org>
>> >> > wrote:
>> >> >>
>> >> >> Hi all,
>> >> >>
>> >> >> I want to start the process for the FY17 budget now, so that we
>> have an
>> >> >> entire quarter to get it right and approved in concert with the new
>> >> >> incoming
>> >> >> Board members in December, so we can hit the ground running in 2017.
>> >> >>
>> >> >> This year, the biggest change I need us to make is a pie based
>> budget
>> >> >> instead of just adjusting last year's numbers, as last year's
>> numbers
>> >> >> reflect the strategic goals of 2013, not what we want to do.
>> >> >>
>> >> >> I propose two pies, for 501 (c) 3 reasons:
>> >> >>
>> >> >> Administrative pie, capped at 10% of our total budget
>> >> >> Mission pie, capped at 90% of our total budget
>> >> >>
>> >> >> This means that it becomes possible for us to show that we are
>> spending
>> >> >> a
>> >> >> goodly amount of our budget on mission, and capping administrative
>> back
>> >> >> office costs at 10% of our overall budget. This will require staff
>> who
>> >> >> are
>> >> >> currently paid from general revenue to be allocated within the
>> budget
>> >> >> to a
>> >> >> specific strategic goal, with truly only OWASP Foundation core staff
>> >> >> (Kate
>> >> >> and Alison, primarily) paid from the administrative budget.
>> >> >>
>> >> >> We as a Board need to make decisions around the makeup of the
>> mission
>> >> >> pie:
>> >> >>
>> >> >> Education
>> >> >> Outreach
>> >> >> Conferences
>> >> >> Projects
>> >> >> Website redesign
>> >> >>
>> >> >>
>> >> >> I personally think that the above strategic goals should each get
>> 22.5%
>> >> >> each of the pie, with 10% of the remaining budget for the website
>> >> >> redesign.
>> >> >> Conferences, being a profitable area for us should look to increase
>> the
>> >> >> number of global events to four in 2017, and increase the number of
>> >> >> regional
>> >> >> events. If anything, giving conferences a budget is more like a
>> float
>> >> >> rather
>> >> >> than a spending requirement, as they return funds to the
>> organisation,
>> >> >> which
>> >> >> I also hope training will do one day, too.
>> >> >>
>> >> >> So how big is this pie? We need to make a budget that stretches us
>> to
>> >> >> make
>> >> >> $3m in FY17, which means we need to look at all sources of income,
>> and
>> >> >> what
>> >> >> we need to do to make that a reality. Our revenue in 2015 was
>> >> >> $2,478,184. If
>> >> >> we say we can do $2.7m this year (possible, depends on AppSec USA
>> >> >> profitability), $3m is within our grasp. So 10% is $300,000
>> >> >> administrative
>> >> >> costs, and then $610k each for education, outreach, conferences,
>> >> >> projects,
>> >> >> and up to $270k for the website. That is with no contingency, and
>> >> >> assumes
>> >> >> AppSec USA is at least 10% more profitable than last year's.
>> >> >>
>> >> >> Income measures will require a properly planned membership drive,
>> >> >> particularly in desired outreach groups (developers), a proper
>> >> >> marketing
>> >> >> campaign to encourage donations and sponsorships, and I think we
>> should
>> >> >> invest in a grant writer to get funds for projects, and use some of
>> the
>> >> >> project funds to do a grant linked work program. We should also be
>> >> >> looking
>> >> >> at using our contacts as a Board to develop relations with other
>> large
>> >> >> organisations, to properly fund us as we look to grow to $5m per
>> year
>> >> >> in a
>> >> >> few years.
>> >> >>
>> >> >> Chapters have many existing sources of income, and they continue to
>> do
>> >> >> well without additional funds being allocated to them, so I propose
>> >> >> that
>> >> >> none of the mission pie is redirected to chapters as they have more
>> >> >> than 75%
>> >> >> of the available funds already. In fact, the spending pie above does
>> >> >> not
>> >> >> take into account the fact that chapters will be getting funds
>> before
>> >> >> anyone
>> >> >> else.
>> >> >>
>> >> >> So I *would* like us to enforce our already approved vote to force
>> >> >> chapters with large balances to come up with plans to spend the
>> cash,
>> >> >> or to
>> >> >> sweep it back into general revenue, so we can use those unused
>> funds to
>> >> >> grow
>> >> >> the organisation in meaningful ways. This affects a tiny fraction of
>> >> >> all
>> >> >> chapters. Denver is already taking measures to spend their funds on
>> a
>> >> >> local
>> >> >> lab.
>> >> >>
>> >> >> So for those of you on the Board who are the champions of a
>> particular
>> >> >> strategic goal, I'd like you to come up with a plan of action for
>> 2017,
>> >> >> with
>> >> >> associated costs. Let's put it into the budget, and get it done.
>> >> >>
>> >> >> thanks,
>> >> >> Andrew
>> >> >>
>> >> >>
>> >> >>
>> >> >> _______________________________________________
>> >> >> Owasp-board mailing list
>> >> >> Owasp-board at lists.owasp.org
>> >> >> https://lists.owasp.org/mailman/listinfo/owasp-board
>> >> >>
>> >> >
>> >> >
>> >> > _______________________________________________
>> >> > Owasp-board mailing list
>> >> > Owasp-board at lists.owasp.org
>> >> > https://lists.owasp.org/mailman/listinfo/owasp-board
>> >> >
>> >>
>> >> The information contained in this message and any attachments may be
>> >> privileged, confidential, proprietary or otherwise protected from
>> >> disclosure. If you, the reader of this message, are not the intended
>> >> recipient, you are hereby notified that any dissemination,
>> distribution,
>> >> copying or use of this message and any attachment is strictly
>> prohibited. If
>> >> you have received this message in error, please notify the sender
>> >> immediately by replying to the message, permanently delete it from your
>> >> computer and destroy any printout.
>> >> _______________________________________________
>> >> Owasp-board mailing list
>> >> Owasp-board at lists.owasp.org
>> >> https://lists.owasp.org/mailman/listinfo/owasp-board
>> >>
>> >
>> >
>> >
>> > --
>> > Johanna Curiel
>> > OWASP Volunteer
>>
>> --
>> The information contained in this message and any attachments may be
>> privileged, confidential, proprietary or otherwise protected from
>> disclosure. If you, the reader of this message, are not the intended
>> recipient, you are hereby notified that any dissemination, distribution,
>> copying or use of this message and any attachment is strictly prohibited.
>> If you have received this message in error, please notify the sender
>> immediately by replying to the message, permanently delete it from your
>> computer and destroy any printout.
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20160909/6807cf79/attachment-0001.html>


More information about the Owasp-board mailing list