[Owasp-board] Event Approval

Matt Tesauro matt.tesauro at owasp.org
Tue Sep 12 01:10:07 UTC 2017


Answering inline...

On Mon, Sep 11, 2017 at 1:41 PM, Seba <seba at owasp.org> wrote:

> hi Matt & Matt,
>
> how will categorization as an appsec global change the decision to sign
> the contract?
>

Categorization at a Global AppSec level is less about signing a contract
and more about being clear about the amount of support the Foundation is
preparing to provide the event.

For regional events, the Foundation has indirect support and most of the
planning, logistics, CFP/CFT, etc is left to the organizing team.
Generally, regional events don't require any seed funds, and are single or
2 day events whose primary audience is within a small geographic region
(generally speaking)

Global AppSec's represent a significant event drawing attendees from a
large region (continent) if not internationally.  They also represent a
significant investment of staff time/resources.  Since they involve greater
resources, liabilities and opportunity costs, Global AppSec level have been
decided at the board level including budgeting for the events in the global
budget.


> Who did ask you to leave this to the board?
>

Primarily my general sense of how much a single person can decide in
isolation for the Foundation.  Additionally, you indicated the desire to
have greater staff involvement and to classify the Summit as a Global
AppSec event.  Those plus the fact that last years event included 6 figure
budgets makes signing this contract very different then signing the ~3,500
USD contract for a LASCON speaker dinner.


>
> the process of getting contracts signed for events is not clear to me:
>

You are asking the Senior Technical Project Coordinator for the OWASP
Foundation (this is officially my HR title) to decide about an event that
includes 6 figure liabilities.  It seems only sensible to involve more then
myself in this decision.

Yes, I have taken the mantle of "Operations Director" out of fiat - the
board hasn't been clear about the best way to handle Kate's departure, who
is in charge and even the board approved "Operations and Administration"
committee has been generally treated as non-entity.  However, the business
of the Foundation needs to move forward and I've taken it upon myself to
become the de facto signature authority for the Foundation as I assumed
Kate's duties out of necessity.  I have yet to have the board either
confirm or deny my authority to act on behalf of the Foundation.

Under such circumstances, you can see why I would not easily sign of this
magnitude.


> we prepared this for several months and everybody was involved from the
> beginning (the contract was send for signature on 1-Aug-2017)
> we have the same venue as the previous time we organized this (it was
> similarly difficult to get the contract signed)
>
> Does the staff now propose (and defend) this for the next board meeting or
> do you expect the organizer to do this?
>

I am not intimately familiar with this event but will gladly provide
feedback on what I know about it if asked by a board member.


>
> Do you do the same for all similar events (like e.g. the appsecusa project
> summit)?
>

The Project Summits at both AppSec events represents an already budgeted
$50k expense that has been on the books for several years running.  It's
also, by design, an activity at an existing event - not an event in and of
itself.


>
> thank you for your clarification
>

Glad to help as much as I can.

Cheers!

-- Matt Tesauro


>
> kind regards
>
> Seba
>
> On Mon, Sep 11, 2017 at 7:01 PM Matt Tesauro <matt.tesauro at owasp.org>
> wrote:
>
>> Seba,
>>
>> If you recall, Matt Konda + the board is reviewing this.  Considering the
>> potential expense/liability and the need to categorize this as similar to a
>> Global AppSec, its up to the board to decide on signing that contract or
>> not.
>>
>> I've been asked to leave this to the board so, while I can sign contracts
>> for the Foundation, I cannot in this specific case.
>>
>> Sorry.
>>
>> --
>> -- Matt Tesauro
>> Operations Director, OWASP Foundation
>>
>>
>> On Mon, Sep 11, 2017 at 11:52 AM, Laura Grau <laura.grau at owasp.org>
>> wrote:
>>
>>> Hello Seba,
>>>
>>> Thanks for reaching out.
>>>
>>> I will ask Matt Tesauro on this and get back to you as soon as possible.
>>>
>>> Please let me know if I can be of any assistance.
>>>
>>> Laura Grau
>>>
>>> *Global Conference Manager*
>>> *OWASP Foundation*
>>> *laura.grau at owasp.org <laura.grau at owasp.org>*
>>>
>>>
>>>
>>>
>>> On Mon, Sep 11, 2017 at 2:12 AM, Seba <seba at owasp.org> wrote:
>>>
>>>> hi Laura,
>>>>
>>>> created Case # 00011002  for followup
>>>> can you let us know when to expect the signed contract?
>>>>
>>>> thanks
>>>>
>>>> Seba
>>>>
>>>> On Sun, Sep 10, 2017 at 5:55 PM Laura Grau <laura.grau at owasp.org>
>>>> wrote:
>>>>
>>>>> Hello Seba,
>>>>>
>>>>> Please bear in mind that the event has been approved to be posted on
>>>>> the wiki and so I did.
>>>>>
>>>>> Any other approval regarding budget requests, contract signature,
>>>>> sponsorships, etc. has to be requested separately using the contact us form.
>>>>>
>>>>> In addition to that, I can not sign contracts on behalf of OWASP. Matt
>>>>> Tesauro do the signing now.
>>>>>
>>>>> Please let me know if you need any further assistance,
>>>>>
>>>>> Best Regards,
>>>>>
>>>>>
>>>>> Laura Grau
>>>>> Global Conference Manager
>>>>> OWASP Foundation
>>>>> laura.grau at owasp.org
>>>>> +1 510 529 9563 <(510)%20529-9563>
>>>>>
>>>>> On Sep 10, 2017, at 2:39 AM, Seba <seba at owasp.org> wrote:
>>>>>
>>>>> hi Laura,
>>>>>
>>>>> With the event approved, can you have the venue contract signed?
>>>>>
>>>>> thanks!
>>>>>
>>>>> Seba
>>>>>
>>>>> On Fri, Sep 8, 2017 at 9:50 PM Laura Grau <laura.grau at owasp.org>
>>>>> wrote:
>>>>>
>>>>>> Dear Seba,
>>>>>>
>>>>>>
>>>>>>
>>>>>> I am pleased to let you know that the OWASP Summit 2018 event has
>>>>>> been approved to be posted on our OWASP Wikipage.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Please note any request for funding or resource support must be
>>>>>> approved separately. If your event is soliciting sponsorships, please
>>>>>> remember that all contracts must be sent from the Foundation. Submit those
>>>>>> requests via our Contact Us link on the OWASP Wiki homepage.
>>>>>>
>>>>>>
>>>>>> Should you need any assistance, please do not hesitate to contact me.
>>>>>> I will be your Point of Contact for this event.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Sincerely,
>>>>>>
>>>>>> Laura Grau
>>>>>>
>>>>>> *Global Conference Manager*
>>>>>> *OWASP Foundation*
>>>>>> *laura.grau at owasp.org <laura.grau at owasp.org>*
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> ---------- Forwarded message ----------
>>>>>> Date: Thu, Sep 7, 2017 at 7:30 AM
>>>>>> Subject: New Event
>>>>>> To: "laura.grau at owasp.org" <laura.grau at owasp.org>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> A New Event has been submitted.  Be sure to login and approve it.
>>>>>>
>>>>>> Event Name:  OWASP Summit 2018
>>>>>>
>>>>>> Start Date:  Mon Apr 23 04:00:00 GMT 2018
>>>>>>
>>>>>> https://na12.salesforce.com/a2o0B00000242JAQAY
>>>>>>
>>>>>> ====
>>>>>> Disclaimer: OWASP does not endorse or recommend commercial products
>>>>>> or services allowing our community to remain vendor neutral with the
>>>>>> collective wisdom of the best minds in application security worldwide.
>>>>>> ====
>>>>>>
>>>>>>
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20170911/b9090b00/attachment-0001.html>


More information about the Owasp-board mailing list