[Owasp-leaders] Action plans for chapters

Tony Clarke tony.clarke at owasp.org
Wed Nov 2 14:54:39 UTC 2016


Hi Andrew,

That is good to hear and I'd love to attend the next board meeting.

I would agree that 5 is too many for a not-for-profit organisation and
would think that 3 would sound about right. I would agree with you on
training & education being a goal but I think it doesn't always make sense
for OWASP to reinvent the wheel by being another organisation completing
for peoples time. We see this time and time again at a local level and I
think we should collaborate with other groups/institutions where possible
e.g. ISACA, CoderDoJo, ISC2, etc and look at sustained and strategic areas
for collaboration that suits all groups e.g. encouraging more women into
appsec/cybersecurity. It makes sense also as it will further OWASP's reach,
cross pollinate audiences and to avoid competing for the same audience at a
local level.

In terms of metrics and measurement, I think for each of the goals (at URL
below) we should define a specific outcome we want, which is measurable
e.g. what does good look like in relation to "Education & Training" and
define KPI's that measure that goal and local chapters could aim for. For
example, with "education and training" we could split out metrics that give
an overall measurement of success (and potentially weight some metrics more
than others), so perhaps one metric would be to train more people at a
specific level (e.g. high school, industry), or perhaps to train more
people of a specific category (e.g. reach more developers, architects,
alight education & training activities so time is spent 50% between
builders/breakers activities, etc), or have 20% more women delivering
training activities from previous year, or numbers of training/education
activities co-delivered with other organisations, etc, etc. Obviously with
the aim of not being overly complex or bureaucratic.

If we did it right they could even be measured from the CRM and the goals
would filter down to a local level and we could try to meet these and see
what chapters contributed most to meeting these goals. Some of the metrics
outlined on the goals page (IMO) are not metrics or really measurable
e.g. "Design
new curriculum and produce series of video trainings."

https://www.owasp.org/index.php/OWASP_Strategic_Goals

Thanks,

Tony



On Wed, Nov 2, 2016 at 11:13 AM, Andrew van der Stock <vanderaj at owasp.org>
wrote:

> Tony,
>
> This is an excellent idea. I did a bit of a announcement of all the things
> the Board was actively doing a fair few months ago, and I think that would
> be a good thing to do regularly as we're usually pretty busy doing stuff
> behind the scenes which is not often seen in public.
>
> https://plus.google.com/+AndrewvanderStock/posts/HHuS1gqK3hS?sfc=true
>
> We actually have had strategic goal setting for the last few years, and
> despite our best efforts to measure success, this has eluded us. I had a
> discussion with Matt Konda about hiring a goal setting expert to help the
> incoming Board with setting workable and measurable strategic goals that
> stretch and challenge us. My sense is that (5) five is too many. We've
> never done them all, and so a more manageable set of goals should be
> sought, but how do we measure "success" when we select say three or four
> new goals?
>
> Personally, I would love to see community involvement in setting the
> strategic goals, and it happens around this time every year. Feel free to
> attend the next few Board meetings, as I think this should be a good topic
> item for November's meeting as it necessarily has to lead into December and
> January's approval of them. I am not sure if I am on the incoming Board at
> this point (I think we find out later this week), but even if not elected,
> I would still like to help in setting them as I feel strongly about the
> education and training initiative should be a first class goal, as should
> community, outreach and chapters, membership, and projects.
>
> thanks
> Andrew
>
>
> On Wed, Nov 2, 2016 at 9:52 PM <tony.clarke at owasp.org> wrote:
>
>> Hi Andrew,
>>
>> I think this is a good idea from many perspectives, not least of which is
>> that having funds sitting in a bank account doing nothing benefits anyone.
>> However, for clarity and transparency I think it would be helpful if the
>> board also developed an action plan and timelines for 2017 which could be
>> shared with everyone and outlined important milestones (areas of focus) and
>> where funds are being spent/redirected. I don't think I've ever seen a high
>> level strategy document for a calendar year like this from the board and I
>> think would make sense if we're asking for local chapters to do the same.
>>
>> Also at the end of the calendar year it would be good to see how much
>> we've moved the dial in relation to meeting goals and objectives over the
>> previous 12 months.
>>
>> Many Thanks,
>>
>> Tony
>>
>> Dublin Chapter
>>
>> Sent from my iPhone
>>
>> On 2 Nov 2016, at 04:05, Andrew van der Stock <vanderaj at owasp.org> wrote:
>>
>> Hi folks,
>>
>> In December, I will be following through with the Board's vote in October
>> 2015 to sweep dormant funds that are over $5k in chapters to general
>> revenue, which will affect 30 chapters out of 252 currently hold 79% ($582k
>> of the $741k) of all chapter funds. Last year, I received one action plan,
>> and so we didn't sweep funds. This year is going to be different.
>>
>> Chapter leaders with balances over $5k can avoid this sweep by:
>>
>>    - Define an action plan for using the funds in a strategic fashion.
>>    You can definitely do more than one thing
>>    - Define an associated budget for when and how you intend to spend
>>    the funds
>>    - How this aligns with OWASP strategic goals
>>    - Benefits to local (chapter), regional, and global members
>>
>> For those of you who may already be spending at a reasonable rate
>> compared to your overall balance (and I'm looking at the chapters with
>> between $5 and $20k here), and have a plan to continue do so, in which
>> case, simply demonstrate this by pointing out your current expenses in your
>> action plan, chapters such as LA, Austin and NYC/NJ are in this category.
>> Carry on, you're doing exactly what the Board intended to have chapters do
>> with their funds - active month on month spending, strategic activities
>> such as local and regional events, and holding meetings every month - if
>> not more frequently.
>>
>> But for chapters with large balances and/or no recent activity, it's
>> critical we get that money to be spent on mission. We have hit the minimums
>> for close inspection by Charity Navigator and others like them, and to have
>> a large and growing cash on hand on and NOT spending it on mission is
>> really difficult for us to explain, which will drive away potential donors
>> and make fund raising more difficult. In FY17, I am looking to do major
>> fundraising and grant writing initiatives, as it's an area that OWASP has
>> not previously engaged in, so we need to get this balance right.
>>
>> *Plans should be strategic* in the sense that they are aligned with one
>> of our current (5) strategic goals, think global, and act local. So
>> consider plans that can help OWASP out, such as running a regional or local
>> event, helping another strategic goal, such as outreach or education,
>> donating to a project, or helping with key chapter focused activities, such
>> as a global IoT lab, or similar will be well regarded. Gold plating your
>> chapter, hiring staff, or other forms of sand bagging will be denied.
>>
>> *The spending period does not need to be complete in FY17, nor end with a
>> $0 balance*, I'm not looking for chapters to spend it on the basis of
>> "use it or lose it", but to spend strategically on things that are useful
>> for OWASP both in your local area, as well as globally. For example, buying
>> a $40k lab of computers that can only be used by your local members is not
>> strategic, and causes those items to go on our depreciation schedule, which
>> requires inventory control in your chapter. It's much better to work with
>> our Senior Tech Coordinator to build out a global IoT lab that everyone can
>> do research with. Hiring staff is not strategic and actually causes us
>> problems as we need to offer benefits and minimum pay in many places around
>> the world, so will be denied. If you wish to have a helper, please consider
>> banding together with many similar chapters to fund a position out of the
>> OWASP Foundation to assist our Community Manager, as that's a strategic
>> outcome.
>>
>> *I don't have time for this, or it's way too hard*
>>
>> Here are a few different default choices that could really help OWASP out:
>>
>>    - *Donate to the OWASP website redevelopment projec*t. We are
>>    currently looking for $150k to get this project moving and finished. 10
>>    donations of $15k apiece will get this done. Your chapter will be credited
>>    for assisting in this effort.
>>    - *Donate to the proposed DevOps Summit in the UK in April 2017*.
>>    This is currently completely unfunded, and is looking for $150-250k. 20
>>    donations of $7.5k will get this done. I'm sure that the event organisers
>>    can work out some form of sponsorship attribution
>>    - *Donate to the OWASP infrastructure renewal project*. We have a lot
>>    of older, fully depreciated, and donated servers in our Rackspace
>>    environment. We need to renew these. I don't have a budget for this at the
>>    moment, but would appreciate it if you could work with Matt Tesauro to
>>    understand if a donation from your chapter could buy a new server or
>>    something he needs to make our Internet presence better or more secure.
>>    Your chapter will become an infrastructure sponsor.
>>    - *Default choice*. You can nominate an amount that you don't need
>>    (say if you have a balance of $50k and want to keep $10k, just let me know
>>    $40k is for OWASP's mission). Your donation will be put towards OWASP's
>>    FY17 strategic goals and will be publicly credited. If you are interested
>>    in helping define these, we tend to discuss these in December of each year,
>>    and try to have them approved by January each year. We can do so much more
>>    for OWASP's core mission - run more conferences, get training up and
>>    running, establish education and academic outreach, projects, and more
>>    regional and global events in your area.  The default choice is amazing,
>>    and will help us prove that we are spending on mission.
>>
>>
>> *Who is affected*
>> Chapter leaders receive an e-mail every month with their current account
>> balance, but in case you're not aware of your current balance, it can be
>> found here:
>> https://docs.google.com/spreadsheets/u/3/d/11acTOmtmBGq6-
>> 5CIGsjlEByU8POSGqda0r23VNnhEGQ/pub?hl=en_US&hl=en_US&output=html
>>
>> The following 30 chapter leaders should submit a plan for FY17:
>>
>> <pasted1.png>
>>
>>
>> *What do to next?*
>>
>> Please work with Tiffany your community manager, Laura Grau our events
>> manager if you want to run a regional event, and Matt Tesauro for any
>> technical or project related strategic goals that you want to help out
>> with. I want you to be supported in all of this, so please ask the Board
>> (or me privately if so inclined) about the best way to use the funds.
>>
>> Please send your action plans to me by November 30, 2016. Any chapters
>> who do not submit plans will have their funds swept to general revenue by
>> no later than the Board meeting in December, as I need to be able to
>> publish a workable budget for FY17 at that Board meeting.
>>
>> *What happens then?*
>>
>> All chapters who contribute in some way to our strategic goals will get
>> public credit for donating to the strategic goals. All chapters who have a
>> spending plan in place, will be assessed a few times in FY17 to make sure
>> things are actually moving in the right direction. Any chapters who do not
>> respond in some way will simply have $5k at the beginning of December. So I
>> implore affected chapter leaders to get on this.
>>
>> If you have any questions, please don't hesitate to ask me.
>>
>> thanks
>> Andrew
>>
>> _______________________________________________
>>
>>
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20161102/558a3a78/attachment-0001.html>


More information about the OWASP-Leaders mailing list