[Owasp-leaders] Action plans for chapters

tony.clarke at owasp.org tony.clarke at owasp.org
Wed Nov 2 10:52:15 UTC 2016

Hi Andrew,

I think this is a good idea from many perspectives, not least of which is that having funds sitting in a bank account doing nothing benefits anyone. However, for clarity and transparency I think it would be helpful if the board also developed an action plan and timelines for 2017 which could be shared with everyone and outlined important milestones (areas of focus) and where funds are being spent/redirected. I don't think I've ever seen a high level strategy document for a calendar year like this from the board and I think would make sense if we're asking for local chapters to do the same.

Also at the end of the calendar year it would be good to see how much we've moved the dial in relation to meeting goals and objectives over the previous 12 months.

Many Thanks,


Dublin Chapter 

Sent from my iPhone

> On 2 Nov 2016, at 04:05, Andrew van der Stock <vanderaj at owasp.org> wrote:
> Hi folks,
> In December, I will be following through with the Board's vote in October 2015 to sweep dormant funds that are over $5k in chapters to general revenue, which will affect 30 chapters out of 252 currently hold 79% ($582k of the $741k) of all chapter funds. Last year, I received one action plan, and so we didn't sweep funds. This year is going to be different. 
> Chapter leaders with balances over $5k can avoid this sweep by:
> Define an action plan for using the funds in a strategic fashion. You can definitely do more than one thing
> Define an associated budget for when and how you intend to spend the funds
> How this aligns with OWASP strategic goals
> Benefits to local (chapter), regional, and global members
> For those of you who may already be spending at a reasonable rate compared to your overall balance (and I'm looking at the chapters with between $5 and $20k here), and have a plan to continue do so, in which case, simply demonstrate this by pointing out your current expenses in your action plan, chapters such as LA, Austin and NYC/NJ are in this category. Carry on, you're doing exactly what the Board intended to have chapters do with their funds - active month on month spending, strategic activities such as local and regional events, and holding meetings every month - if not more frequently. 
> But for chapters with large balances and/or no recent activity, it's critical we get that money to be spent on mission. We have hit the minimums for close inspection by Charity Navigator and others like them, and to have a large and growing cash on hand on and NOT spending it on mission is really difficult for us to explain, which will drive away potential donors and make fund raising more difficult. In FY17, I am looking to do major fundraising and grant writing initiatives, as it's an area that OWASP has not previously engaged in, so we need to get this balance right. 
> Plans should be strategic in the sense that they are aligned with one of our current (5) strategic goals, think global, and act local. So consider plans that can help OWASP out, such as running a regional or local event, helping another strategic goal, such as outreach or education, donating to a project, or helping with key chapter focused activities, such as a global IoT lab, or similar will be well regarded. Gold plating your chapter, hiring staff, or other forms of sand bagging will be denied.   
> The spending period does not need to be complete in FY17, nor end with a $0 balance, I'm not looking for chapters to spend it on the basis of "use it or lose it", but to spend strategically on things that are useful for OWASP both in your local area, as well as globally. For example, buying a $40k lab of computers that can only be used by your local members is not strategic, and causes those items to go on our depreciation schedule, which requires inventory control in your chapter. It's much better to work with our Senior Tech Coordinator to build out a global IoT lab that everyone can do research with. Hiring staff is not strategic and actually causes us problems as we need to offer benefits and minimum pay in many places around the world, so will be denied. If you wish to have a helper, please consider banding together with many similar chapters to fund a position out of the OWASP Foundation to assist our Community Manager, as that's a strategic outcome. 
> I don't have time for this, or it's way too hard
> Here are a few different default choices that could really help OWASP out:
> Donate to the OWASP website redevelopment project. We are currently looking for $150k to get this project moving and finished. 10 donations of $15k apiece will get this done. Your chapter will be credited for assisting in this effort. 
> Donate to the proposed DevOps Summit in the UK in April 2017. This is currently completely unfunded, and is looking for $150-250k. 20 donations of $7.5k will get this done. I'm sure that the event organisers can work out some form of sponsorship attribution
> Donate to the OWASP infrastructure renewal project. We have a lot of older, fully depreciated, and donated servers in our Rackspace environment. We need to renew these. I don't have a budget for this at the moment, but would appreciate it if you could work with Matt Tesauro to understand if a donation from your chapter could buy a new server or something he needs to make our Internet presence better or more secure. Your chapter will become an infrastructure sponsor. 
> Default choice. You can nominate an amount that you don't need (say if you have a balance of $50k and want to keep $10k, just let me know $40k is for OWASP's mission). Your donation will be put towards OWASP's FY17 strategic goals and will be publicly credited. If you are interested in helping define these, we tend to discuss these in December of each year, and try to have them approved by January each year. We can do so much more for OWASP's core mission - run more conferences, get training up and running, establish education and academic outreach, projects, and more regional and global events in your area.  The default choice is amazing, and will help us prove that we are spending on mission. 
> Who is affected
> Chapter leaders receive an e-mail every month with their current account balance, but in case you're not aware of your current balance, it can be found here:
> https://docs.google.com/spreadsheets/u/3/d/11acTOmtmBGq6-5CIGsjlEByU8POSGqda0r23VNnhEGQ/pub?hl=en_US&hl=en_US&output=html
> The following 30 chapter leaders should submit a plan for FY17:
> <pasted1.png>
> What do to next?
> Please work with Tiffany your community manager, Laura Grau our events manager if you want to run a regional event, and Matt Tesauro for any technical or project related strategic goals that you want to help out with. I want you to be supported in all of this, so please ask the Board (or me privately if so inclined) about the best way to use the funds. 
> Please send your action plans to me by November 30, 2016. Any chapters who do not submit plans will have their funds swept to general revenue by no later than the Board meeting in December, as I need to be able to publish a workable budget for FY17 at that Board meeting. 
> What happens then?
> All chapters who contribute in some way to our strategic goals will get public credit for donating to the strategic goals. All chapters who have a spending plan in place, will be assessed a few times in FY17 to make sure things are actually moving in the right direction. Any chapters who do not respond in some way will simply have $5k at the beginning of December. So I implore affected chapter leaders to get on this. 
> If you have any questions, please don't hesitate to ask me. 
> thanks
> Andrew
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20161102/aac51411/attachment.html>

More information about the OWASP-Leaders mailing list