[Owasp-leaders] [Request for Feedback] New Profit Sharing Model Proposal

Tom Brennan tomb at owasp.org
Thu Nov 22 17:29:52 UTC 2012


Here is another example that people can use for 2013 simply.

Local chapter wants to raise money for local chapter.  They decide to hold
a paid training event $500per ticket, $450 for owasp members)

Local chapter locates trainers for software security topic(s) and materials
when applicable
- https://www.owasp.org/index.php/OWASP_Training
- https://www.owasp.org/index.php/OWASP_Trainers_Database
- https://www.owasp.org/index.php/Category:OWASP_Speakers_Project
- puts out a a CFT

Local chapter works with OWASP Foundation staff and sets up RegOnline to
process online payments or purchase orders etc.. OWASP Foundation also
issues a insurance certificate for the event if required by the venue as
example.

Local chapter markets the event and does the logistics of renting the
venue, food, set-up, breakdown etc...

After the event, Trainers are PAID standard 60 OWASP/40 Trainer split
example attached from AppSecUSA2012 attached

So, follow the money...

+ $10,000 Raised in ticket sales per seat
- 4000 paid to trainer on the 40% split agreement (this is before
expenditures)
- 2500 venue rental, food, logistics

$3500 profit from the event
- 3150 pr 90% to local chapter
- 350 or 10% to OWASP Foundation

In summary the local chapter has raised revenue of $3150.00 - the trainer
$4000.00 and OWASP Foundation $350.00
The chapter funds can then be used for things as defined in:
https://www.owasp.org/index.php/Chapter_Handbook  -  Spending Guidelines

Run a multiple trainer event and you can double, triple that.

Questions?

Finally - if this was a OWASP Foundation initiative the local chapter would
receive the $350 as the local chapter.




On Thu, Nov 22, 2012 at 10:54 AM, Michael Coates
<michael.coates at owasp.org>wrote:

> Kostas,
>
> I think you may be interpreting the proposed policy incorrectly.
>
>
> "All other events not classified as one of the Global AppSec Events will
> realize a 10/90 revenue split (Foundation/chapter) up to $5,000 USD.  Any
> profits above the $5K will recognize the standard 60/40 split.
> (Foundation/Chapter)."
>
> *(from your email)
> *
> *1. The 5k limit for local events might actually be high for a small
> chapter. I'll have to work hard to make a 5k profit from a small local
> event, only to put aside $500 instead of $1250 or even more. On this
> matter, I'll have to ask what Dinis just asked: why are we changing this?
> Maybe we need a different policy based on chapter size, current funds and
> budget. *
>
> A few points of clarification:
> 1. This policy is not saying that local or regional events are expected to
> make any specific amounts of profit.  Run your events as you choose. If
> they break even, then that's great.
> 2. Your analysis on the profit distribution is not right. Here are a few
> scenarios to illustrate how your chapter would benefit from this policy.
> Scenario A (for non-global appsec event)
>
>
>   Scenario A (for non-global appsec event)
>  Total Profits $0  Amount to Foundation (10%) $0  Amount to Chapter (90%)
> $0
>
>  Scenario B (for non-global appsec event)
>  Total Profits $2,500  Amount to Foundation (10%) $250  Amount to Chapter
> (90%) $2,250
>
>
>
>  Scenario C (for non-global appsec event)
>  Total Profits $5,000  Amount to Foundation (10%) $500  Amount to Chapter
> (90%) $4,500
>
>
>
>  Scenario D (for non-global appsec event)
>  Total Profits $7,500  Amount to Foundation (10% of $5k + 60% of
> (total-$5k) ) $2,000  Amount to Chapter (90% of 5k + 40% of (total-$5k) )
> $5,500
>
>
> *(from your email)*
>
> *2. Targets for global conferences may be realistic for some regions but
> not for others. This might result in the organizing team entering a money
> race to get above target and ignoring other equally important or even more
> important aspects of organizing a global conference.  *
>
> The target goals will not be equal for all regions. We have historical
> data to show the revenue and profits from previous global appsec events and
> the budget are created accordingly.  However, it is important as we grow to
> recognize how we fund and sustain our organization. A significant portion
> of our current fundation budget comes from the global appsec events.  To
> help ensure quality and consistency of our global events while also
> maintaining financial responsiblitiy and good planning we need to set
> expectations. Also, we have Sarah Baso, one of our talented OWASP
> Directors, who focuses on OWASP global conferences.  Her involvement
> ensures our global appsec conferences meet the expectations we have set
> forth in our conferences handbook, the event is financially planned for,
> coordinates global scheduling of the various global appsec events, brings
> forward lessons learned from each event, and much (much) more.
>
>
> Kostas, hopefully this information addresses your concerns. Please let me
> know if you have additional thoughts after reviewing this info.
>
>
> -Michael
>
>
>
> --
> Michael Coates | OWASP | @_mwc
> michael-coates.blogspot.com
>
>
>
> On Tue, Nov 20, 2012 at 2:10 PM, Konstantinos Papapanagiotou <
> Konstantinos at owasp.org> wrote:
>
>> Mainly two concerns:
>> 1. The 5k limit for local events might actually be high for a small
>> chapter. I'll have to work hard to make a 5k profit from a small local
>> event, only to put aside $500 instead of $1250 or even more. On this
>> matter, I'll have to ask what Dinis just asked: why are we changing this?
>> Maybe we need a different policy based on chapter size, current funds and
>> budget.
>>
>> 2. Targets for global conferences may be realistic for some regions but
>> not for others. This might result in the organizing team entering a money
>> race to get above target and ignoring other equally important or even more
>> important aspects of organizing a global conference.
>>
>> Kostas
>>
>>
>> On Tue, Nov 20, 2012 at 6:11 PM, Dinis Cruz <dinis.cruz at owasp.org> wrote:
>>
>>> Hi Michael,
>>>
>>> Is there a place where I can see/read the current objectives and
>>> rational behind the profit sharing?
>>>
>>> Basically:
>>>  - why it is done?
>>>  - what are the objectives that we are trying to achieve?
>>>  - based on the past 12 months (and what happened with the use of those
>>> funds), have those objectives been meet?
>>>   - what is working and what is not working? (with the current profit
>>> sharing model)
>>>  - what is the % of the funds allocated that have been spent in the last
>>> 12 months?
>>>  - where have those $$$ been used for?
>>>
>>> Also, can you point me to an analysis (or list) of all the expenses made
>>> by the chapters that received a $$$ share? (and their balances)
>>>
>>> Thx
>>>
>>> Dinis Cruz
>>>
>>> On 20 Nov 2012, at 15:52, Michael Coates <michael.coates at owasp.org>
>>> wrote:
>>>
>>> Leaders,
>>>
>>>
>>> The profit sharing model used in past years has been in need of a revamp
>>> to better serve our growing organizational needs.  The proposed policy was
>>> drafted with input from board members and committee members.  It has been
>>> discussed initially at the board and has also been socialized with
>>> committees for their feedback.
>>>
>>> We'd like to also gather feedback from the OWASP leaders list.  Please
>>> review the below material and provide any feedback via this thread.  We're
>>> accepting feedback today through Saturday, Nov 24th. This item is on the
>>> board meeting agenda* for a vote on Monday, Nov 26th.
>>>
>>> * https://www.owasp.org/index.php/OWASP_Board_Meetings
>>>
>>>
>>> Thanks,
>>> Michael
>>>
>>> --
>>> Michael Coates | OWASP | @_mwc
>>>
>>>
>>>
>>> michael-coates.blogspot.com
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> *New Profit Sharing Proposal*
>>>
>>>
>>> https://docs.google.com/a/owasp.org/document/d/159bD2oeAmM2yfPNeq5wHvIvHcl10Hl-c3Um2GXAW81Y/edit
>>>
>>>
>>> (Thanks to Sarah Baso for pulling together the below comparison
>>> information and notes).
>>>
>>> *First for reference, here is the current policy in place:*
>>> *
>>> *
>>> Local host chapters will share in OWASP event profits under the
>>> following schedule. In the case of multiple host chapters, the host
>>> chapters will be responsible for determining the division before the event.
>>>
>>>    - Global AppSec Conference - 25% of event profits with a $5,000 USD
>>>    cap ($10,000 for multi-chapter events)
>>>    - Regional/Theme Events - 30% of event profits with a $4,000 USD cap
>>>    - Local Events - 50% of profits with a $3000 USD cap
>>>
>>>
>>>
>>>  *Budgeting Implications*
>>> Under the new plan, there is a opportunity for the local chapter to earn
>>> much more than that listed below if they surpass the profit target, but
>>> just using the profit target as a guideline... here are the numbers....
>>> (note these are examples numbers used for 2013 and don't reflect profits
>>> or loss from 2012)
>>> *
>>> *
>>> *<image.png>
>>> *
>>>
>>>
>>> *Comments from Conferences Committee Call & Mailing List Thread*
>>> From July 18, 2012 Conference Committee Call:
>>>
>>> *
>>>
>>>
>>>    - Request for Comment: proposed policy for profit sharing and
>>>    financial oversight of future OWASP events:
>>>    https://docs.google.com/a/owasp.org/document/d/159bD2oeAmM2yfPNeq5wHvIvHcl10Hl-c3Um2GXAW81Y/edit
>>>
>>>
>>> The Board intends to finalize this policy at their next meeting
>>> (scheduled for August 13, 2012), and have requested that you submit any
>>> comments, questions, or concerns for their consideration by that time.
>>>
>>>
>>>    - “Any amount above the profit target will be allocated 60/40 to the
>>>    local chapter.” Need to clarify that 60 is to Foundation and  40 is to
>>>    local chapter.
>>>    - Should we have different policies for different areas of the world
>>>    to reflect the different culture/mindset in different areas (US, Europe,
>>>    etc.)
>>>    - No perspective on how we continuously evolve and better the Global
>>>    AppSec Conference in that region next year.  For instance, how can we use
>>>    the profits from AppSec EU research this year to benefit AppSec EU (and the
>>>    European region) next year.
>>>    - Current policy is focused 2 things: on local chapter and
>>>    foundation as a whole.  However there are other considerations such as
>>>    regional development/outreach.
>>>    - Are we adjusting the policy to only accommodate needs in the US,
>>>    but not the rest of the world?
>>>    - This policy also doesn’t take into account any corporate
>>>    supporters/membership dues that come in during a conference.
>>>    - What are chapters doing with their conference proceeds? What is
>>>    their motivation for keeping a “stock pile” in their chapter accounts?
>>>    - Ralph - “The current proposed model is great!”
>>>
>>> *
>>>
>>> Email Request to Conference Committee mailing list<http://lists.owasp.org/pipermail/global_conference_committee/2012-July/002659.html>
>>>
>>>    - *Response from Josh Sokol*
>>>
>>> 1. The point about when the profit target is determined is unclear.  Does
>>> this mean for the US event that we are determining the target after the
>>> event has taken place or is this for the next year's event?  Why are we
>>> using the US event to determine the timing for other events.  IMHO, we
>>> should be able to set the profit target for the following year's event
>>> within 60 days of the completion of the current year's event.
>>>
>>> 2. I am fine with the percentage splits here, but do not agree with the
>>> $5,000 value at which they happen.  This is more than enough for a smaller
>>> chapter holding an event, but for a larger chapter, such as my Austin
>>> chapter, our event would have to profit $18,750 in order for us to raise
>>> our annual budget of roughly $10,000.  In other words, this $5,000 number
>>> does not allow us to scale profit splits well as chapter sizes grow.  My
>>> suggestion would be to make $5,000 the base number here UNLESS a chapter
>>> running an event has submitted a budget showing annual expenses greater
>>> than that amount, in which case they are allowed up to that amount at the
>>> 10/90 split.  A subtle change, but one which I believe is necessary in
>>> order for this policy to scale appropriately.
>>>
>>> 3. I agree that the Chapters committee should be responsible for monitoring
>>> chapter accounts, budgets, and expenses as necessary.
>>>
>>> 4. I agree that the Chapters committee will need to establish new
>>> guidelines similar to those of the Conferences committee for local and
>>> regional events held by the chapters.
>>>
>>>
>>>    - *Response from Mark Bristow*
>>>
>>> I agree with josh on #1.  The profit targets should be set in outyear
>>> budget planning with it locked in at the beginning of each OWASP FY.  The
>>> mechanics of this as proposed are a bit odd.  My only point is that the
>>> targets should be set BEFORE the CFP goes out so applicants have clear
>>> expectations set.
>>>
>>> Otherwise I'm personally fine with this as written.  I'm not in favor of
>>> Josh's proposed changes in #2.  As written this provides an avenue for
>>> chapters to raise significant funds from events while ensuring that the
>>> foundation also recovers it's capital investments/costs in a "chapters
>>> first" model.  IMO this is a good balance of the priorities.
>>>
>>>
>>>
>>>    - *Response from Dave Wichers*
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> The target is done in advance, not after the event. We use the U.S. event as
>>> the date after which we figure out next year's targets because it is the
>>> biggest single revenue source for OWASP, so it affects the entire next
>>> year's budget in a significant way.
>>>
>>>
>>>
>>> However, I could see that we could come with an estimate for each event
>>> right after the previous event, and then potentially adjust it right after
>>> OWASP AppSec USA, with the goal that it NOT be adjusted if possible. That
>>> way conference planning generally know almost a year in advance the revenue
>>> target primarily based on the revenue generated the previous year.
>>>
>>>
>>>
>>> Regarding the $5K threshold, I think some potential for adjustment above $5K
>>> is reasonable to consider for the larger chapters. I might not agree to have
>>> the 10/90 go up to their entire target budget, because chapters raise
>>> revenue in other ways  too, like encouraging memberships, etc. And if they
>>> go way over their target, then the chapter could be significantly overfunded
>>> because they get 40% of the overage too. And we should also consider the
>>> amount of $ the chapter already has in their account as well. I.e., if you
>>> plan to spend $10K but have $5K already there, then maybe $5K is a more
>>> appropriate target.
>>>
>>>
>>>
>>> The good news, from your reply is that you seem to be OK with the entire
>>> policy except for this one specific point, which I think is BIG progress.
>>> Hopefully others feel similar so we are approaching closure on this.
>>>
>>>
>>>
>>> Thanks for reviewing this.
>>>
>>>
>>>
>>>    - *Again from Josh Sokol*
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Sure there are other ways to raise revenue, but that's not really the
>>> point.  The point is that a chapter should be able to raise the operational
>>> funds it needs via whichever method it desires.  Membership revenue is
>>> limited and will in all likelihood not make up that gap.  And not every
>>> chapter is fortunate to be able to land a big company to sponsor them.
>>> Also, chapters having a little bit more money than they need is not
>>> necessarily a bad thing and is a reward for running a successful event.
>>> Having some extra funds available also breeds innovation.  As an example,
>>> it's having extra funds that got the Austin Chapter to start doing these
>>> monthly webinars as part of our meetings and that translates directly to a
>>> wider reach for the OWASP organization.  Perhaps the compromise here is to
>>> take the chapters annual budget minus the money currently in the chapters
>>> account?
>>>
>>>
>>>    - *From Tin Zaw*
>>>
>>> First of all, thank you for all who worked on this draft proposal. I
>>> think we are getting somewhere with this.
>>>
>>> Secondly, thank you Sarah for kindly attaching the document for those
>>> of us who cannot access Google Docs (at work).
>>>
>>> 1. I understand Dave's explanation. I would suggest we make it clear
>>> that such number is communicated well in above so that event planners
>>> (the host chapter) know what they need to deliver, preferably before
>>> submitting a proposal.
>>>
>>> 2. I am OK with $5000 limit before 60/40 split kicks in, assuming that
>>> $5000 is the profit that goes to the chapter under 10/90. I would like
>>> to see it states explicitly that $5000 is the profit portion for the
>>> chapter, not overall profit or income.
>>>
>>> The rest, I agree.
>>>
>>> Great job guys!
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20121122/4d367d64/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mtesauro-signed-training-agreement.pdf
Type: application/pdf
Size: 402665 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20121122/4d367d64/attachment-0001.pdf>


More information about the OWASP-Leaders mailing list