[Owasp-board] Budget for FY17

johanna curiel curiel johanna.curiel at owasp.org
Fri Sep 9 11:07:33 UTC 2016


My 2 cents too ;-P

>>Hi all, I'm just adding my 2 cents here, I, like Tom, am not fond of the
idea of incorporating a bunch of mini OWASP Chapter non profits. The
current model works well IMHO.

It might work well for US chapters. Chapters in other parts of the world
struggle, and thats the reason why I stopped the Curacao Chapter a year ago.
If OWASP is global, we need the entire picture of all chapters and analyse
which ones are struggling and why.

I'm part of ISACA and so far it works quite well for a small chapter on
this island. Why? Because we have an official non-profit established in our
country and people trust how things are being locally managed.

I also get that OWASP can lose control if you handle over this to other
chapters and have no idea what they actually do with the funds and how they
manage them, and if everything is transparent. But, that all can be
arranged as part of rules of running an OWASP chapter just as ISACA does.
Auditing and control by a certifying authority is necessary.

I get that for less formal chapters this can be heavy. I mean, an
individual running a chapter in a very informal way is ok, but he will
never be able to accomplish any serious budget and sponsors running it that
way, without a proper and official organisation.

Please don't assume because OWASP is in US that every single other country
will send sponsor deals and money to an american foundation. That is not
the case in my country. In fact, now as part of ISACA, I have been able to
accomplish a lot more than I struggle in my own waiting for the help of US
HQ.

Let's also be very aware that OWASP has right now no control on what
exactly does a chapter in another part of the world . DO we do any sort of
auditing on activities ? If a chapter has to set a non-profit foundation,
it forces them to establish proper arrangements, because having foundation
and not doing things properly will only bring you  into problems. Also, a
foundation requires an official board. The mor people involved in an
official board , the less risk of corruption.


>>I would like to see a funding model where more of the membership funds go
directly to chapters, and the same for any grants, sponsorships, etc. I'd
prefer to see a model where 10% go to administrative, and 90% go directly
to chapters or project funding.

Agree with Bev, but processing payments for smaller chapters especially if
they will like to be as active as in the US is not simple.
If we plan to provide better financial support at this stage, we might need
more staff or services able to manage finances and auditing financial
transactions much better.

On Fri, Sep 9, 2016 at 6:19 AM, Bev Corwin <bev.corwin at owasp.org> wrote:

> Hi all, I'm just adding my 2 cents here, I, like Tom, am not fond of the
> idea of incorporating a bunch of mini OWASP Chapter non profits. The
> current model works well IMHO. I would like to see a funding model where
> more of the membership funds go directly to chapters, and the same for any
> grants, sponsorships, etc. I'd prefer to see a model where 10% go to
> administrative, and 90% go directly to chapters or project funding.
>
> Bev
>
> On Fri, Sep 9, 2016 at 2:10 AM, Andrew van der Stock <vanderaj at owasp.org>
> wrote:
>
>> Tom,
>>
>> It seems like a lot of work for smaller chapters to do, so I think we
>> should maintain the current status quo. My main goal here is to not cut off
>> money supply to chapters, but to gather requirements from *all* of the
>> Board for their strategic initiatives and desired budget, and to come
>> together with budget requests. We then work out what gets what funding over
>> the course of the next few months with a final approval in December's Board
>> meeting for a kick off on January 1.
>>
>> This means, I am looking for initiatives from Josh on chapter initiatives
>> that needs funding in 2017. I put up a straw man that said $0, but we're a
>> Board not me as dictator. Let's make it work :)
>>
>> Thanks,
>> Andrew
>>
>> On Thu, Sep 8, 2016 at 3:41 AM, Tom Brennan - OWASP <tomb at owasp.org>
>> wrote:
>>
>>> Just to be clear Johanna, I do not currently support that for OWASP
>>> Chapters and have been against doing it since 2007'.  I am asking if
>>> that is perhaps his position as I would have asked at the Board
>>> Meeting for clarity.
>>>
>>> So please allow Andrew to respond on this list.
>>>
>>>
>>> On Wed, Sep 7, 2016 at 1:30 PM, johanna curiel curiel
>>> <johanna.curiel at owasp.org> wrote:
>>> >>>Andrew do you support allowing Chapters to spin off and create their
>>> own
>>> >>> 501(c)3 Non-Profits and then this is removed from the P&L of the
>>> OWASP
>>> >>> Foundation running their own chapters with a master
>>> governance/policy?
>>> >
>>> > Agree with Tom, ISACA does the same for chapters around the world and
>>> it
>>> > turns out to be a great way to manage it
>>> >
>>> > On Wed, Sep 7, 2016 at 12:59 PM, Tom Brennan - OWASP <tomb at owasp.org>
>>> wrote:
>>> >>
>>> >> Also like the pie idea with some questions..
>>> >>
>>> >> Andrew do you support allowing Chapters to spin off and create their
>>> own
>>> >> 501(c)3 Non-Profits and then this is removed from the P&L of the OWASP
>>> >> Foundation running their own chapters with a master governance/policy?
>>> >>
>>> >> Many associations with chapters do this exact model  ISC2 ISSA ISACA
>>> >> etc..etc..
>>> >>
>>> >> Example;
>>> >>
>>> >> https://www.isc2.org/uploadedfiles/(isc)2_member_content/cha
>>> pters/(isc)2-chapter-guidelines.pdf
>>> >>
>>> >> I just want to understand your thinking here -- item for discussion
>>> >> certainly that email can't capture but I don't think you want to
>>> split the
>>> >> organization from (3) legal entities (USA, EU, Norway
>>> >> https://www.owasp.org/index.php/About_The_Open_Web_Applicati
>>> on_Security_Project#Other_Financial_Documents)
>>> >> to several hundred is that correct?
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> On Wed, Sep 7, 2016 at 12:32 PM, Josh Sokol <josh.sokol at owasp.org>
>>> wrote:
>>> >> > Andrew,
>>> >> >
>>> >> > If I am understanding correctly, you are suggesting that we should
>>> >> > allocate
>>> >> > $0 to Chapter funding.  While I understand that there are chapters
>>> that
>>> >> > have
>>> >> > money in their accounts, there are many chapters who do not.  The
>>> >> > funding
>>> >> > bucket that you are looking to eliminate is what enables new
>>> chapters to
>>> >> > get
>>> >> > started, previous chapters to get restarted, and chapters with no
>>> money
>>> >> > in
>>> >> > their accounts to do things.  Chapters are a huge part of OWASP's
>>> >> > outreach
>>> >> > mission and should be tied to it.  We can certainly discuss "how
>>> much",
>>> >> > but
>>> >> > I'm not comfortable shafting 100+ chapters based on the fact that
>>> some
>>> >> > chapters have money.  I was with you on the budget approach until
>>> this
>>> >> > was
>>> >> > proposed.
>>> >> >
>>> >> > ~josh
>>> >> >
>>> >> > On Tue, Sep 6, 2016 at 1:06 AM, Andrew van der Stock
>>> >> > <vanderaj at owasp.org>
>>> >> > wrote:
>>> >> >>
>>> >> >> Hi all,
>>> >> >>
>>> >> >> I want to start the process for the FY17 budget now, so that we
>>> have an
>>> >> >> entire quarter to get it right and approved in concert with the new
>>> >> >> incoming
>>> >> >> Board members in December, so we can hit the ground running in
>>> 2017.
>>> >> >>
>>> >> >> This year, the biggest change I need us to make is a pie based
>>> budget
>>> >> >> instead of just adjusting last year's numbers, as last year's
>>> numbers
>>> >> >> reflect the strategic goals of 2013, not what we want to do.
>>> >> >>
>>> >> >> I propose two pies, for 501 (c) 3 reasons:
>>> >> >>
>>> >> >> Administrative pie, capped at 10% of our total budget
>>> >> >> Mission pie, capped at 90% of our total budget
>>> >> >>
>>> >> >> This means that it becomes possible for us to show that we are
>>> spending
>>> >> >> a
>>> >> >> goodly amount of our budget on mission, and capping administrative
>>> back
>>> >> >> office costs at 10% of our overall budget. This will require staff
>>> who
>>> >> >> are
>>> >> >> currently paid from general revenue to be allocated within the
>>> budget
>>> >> >> to a
>>> >> >> specific strategic goal, with truly only OWASP Foundation core
>>> staff
>>> >> >> (Kate
>>> >> >> and Alison, primarily) paid from the administrative budget.
>>> >> >>
>>> >> >> We as a Board need to make decisions around the makeup of the
>>> mission
>>> >> >> pie:
>>> >> >>
>>> >> >> Education
>>> >> >> Outreach
>>> >> >> Conferences
>>> >> >> Projects
>>> >> >> Website redesign
>>> >> >>
>>> >> >>
>>> >> >> I personally think that the above strategic goals should each get
>>> 22.5%
>>> >> >> each of the pie, with 10% of the remaining budget for the website
>>> >> >> redesign.
>>> >> >> Conferences, being a profitable area for us should look to
>>> increase the
>>> >> >> number of global events to four in 2017, and increase the number of
>>> >> >> regional
>>> >> >> events. If anything, giving conferences a budget is more like a
>>> float
>>> >> >> rather
>>> >> >> than a spending requirement, as they return funds to the
>>> organisation,
>>> >> >> which
>>> >> >> I also hope training will do one day, too.
>>> >> >>
>>> >> >> So how big is this pie? We need to make a budget that stretches us
>>> to
>>> >> >> make
>>> >> >> $3m in FY17, which means we need to look at all sources of income,
>>> and
>>> >> >> what
>>> >> >> we need to do to make that a reality. Our revenue in 2015 was
>>> >> >> $2,478,184. If
>>> >> >> we say we can do $2.7m this year (possible, depends on AppSec USA
>>> >> >> profitability), $3m is within our grasp. So 10% is $300,000
>>> >> >> administrative
>>> >> >> costs, and then $610k each for education, outreach, conferences,
>>> >> >> projects,
>>> >> >> and up to $270k for the website. That is with no contingency, and
>>> >> >> assumes
>>> >> >> AppSec USA is at least 10% more profitable than last year's.
>>> >> >>
>>> >> >> Income measures will require a properly planned membership drive,
>>> >> >> particularly in desired outreach groups (developers), a proper
>>> >> >> marketing
>>> >> >> campaign to encourage donations and sponsorships, and I think we
>>> should
>>> >> >> invest in a grant writer to get funds for projects, and use some
>>> of the
>>> >> >> project funds to do a grant linked work program. We should also be
>>> >> >> looking
>>> >> >> at using our contacts as a Board to develop relations with other
>>> large
>>> >> >> organisations, to properly fund us as we look to grow to $5m per
>>> year
>>> >> >> in a
>>> >> >> few years.
>>> >> >>
>>> >> >> Chapters have many existing sources of income, and they continue
>>> to do
>>> >> >> well without additional funds being allocated to them, so I propose
>>> >> >> that
>>> >> >> none of the mission pie is redirected to chapters as they have more
>>> >> >> than 75%
>>> >> >> of the available funds already. In fact, the spending pie above
>>> does
>>> >> >> not
>>> >> >> take into account the fact that chapters will be getting funds
>>> before
>>> >> >> anyone
>>> >> >> else.
>>> >> >>
>>> >> >> So I *would* like us to enforce our already approved vote to force
>>> >> >> chapters with large balances to come up with plans to spend the
>>> cash,
>>> >> >> or to
>>> >> >> sweep it back into general revenue, so we can use those unused
>>> funds to
>>> >> >> grow
>>> >> >> the organisation in meaningful ways. This affects a tiny fraction
>>> of
>>> >> >> all
>>> >> >> chapters. Denver is already taking measures to spend their funds
>>> on a
>>> >> >> local
>>> >> >> lab.
>>> >> >>
>>> >> >> So for those of you on the Board who are the champions of a
>>> particular
>>> >> >> strategic goal, I'd like you to come up with a plan of action for
>>> 2017,
>>> >> >> with
>>> >> >> associated costs. Let's put it into the budget, and get it done.
>>> >> >>
>>> >> >> thanks,
>>> >> >> Andrew
>>> >> >>
>>> >> >>
>>> >> >>
>>> >> >> _______________________________________________
>>> >> >> Owasp-board mailing list
>>> >> >> Owasp-board at lists.owasp.org
>>> >> >> https://lists.owasp.org/mailman/listinfo/owasp-board
>>> >> >>
>>> >> >
>>> >> >
>>> >> > _______________________________________________
>>> >> > Owasp-board mailing list
>>> >> > Owasp-board at lists.owasp.org
>>> >> > https://lists.owasp.org/mailman/listinfo/owasp-board
>>> >> >
>>> >>
>>> >> The information contained in this message and any attachments may be
>>> >> privileged, confidential, proprietary or otherwise protected from
>>> >> disclosure. If you, the reader of this message, are not the intended
>>> >> recipient, you are hereby notified that any dissemination,
>>> distribution,
>>> >> copying or use of this message and any attachment is strictly
>>> prohibited. If
>>> >> you have received this message in error, please notify the sender
>>> >> immediately by replying to the message, permanently delete it from
>>> your
>>> >> computer and destroy any printout.
>>> >> _______________________________________________
>>> >> Owasp-board mailing list
>>> >> Owasp-board at lists.owasp.org
>>> >> https://lists.owasp.org/mailman/listinfo/owasp-board
>>> >>
>>> >
>>> >
>>> >
>>> > --
>>> > Johanna Curiel
>>> > OWASP Volunteer
>>>
>>> --
>>> The information contained in this message and any attachments may be
>>> privileged, confidential, proprietary or otherwise protected from
>>> disclosure. If you, the reader of this message, are not the intended
>>> recipient, you are hereby notified that any dissemination, distribution,
>>> copying or use of this message and any attachment is strictly prohibited.
>>> If you have received this message in error, please notify the sender
>>> immediately by replying to the message, permanently delete it from your
>>> computer and destroy any printout.
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>


-- 
Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20160909/aa420bda/attachment-0001.html>


More information about the Owasp-board mailing list