This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Committee Supervison of Events Rational"

From OWASP
Jump to: navigation, search
(Created page with " I believe we need to better define the Global AppSec/Regional/Local break. I'd recommend any event larger than 100 expected attendees (Things that are clearly chapter meeting,...")
 
Line 1: Line 1:
 +
Management and oversight of OWASP Global AppSec and Regional Events should stay under the prevue of the Global Conferences Committee.  The Conferences committee is comprised of members who have the experience, knowledge and experience to ensure that larger OWASP events are run in a manner consistent with the values of the foundation as well as in an open and fiscally responsible manor.  Over the past 2 years under the Conferences Committee’s leadership, we’ve seen OWASP grow from having one, perhaps two global events each year to having a Global AppSec Conference in North America, South America, Europe and Asia every year in addition to growing the number of regional and local events we participate in worldwide.  Under GCC stewardship we have also seen a significant increase in profitability for events that provides the engine to drive OWASP’s activities worldwide. 
  
 +
OWASP Conferences and events are the flagship of our outreach activities and of equal importance are vital to the very existence of OWASP.  It is the revenues that OWASP makes from conferences that allow the foundation to fund all aspects of it’s operations, projects, chapters as well as some of our most successful outreach activities such as the summit. Last year conference income accounted for '''77% of OWASP's annual income''' and brought in a total profit of $240,399.71 (up 151% from 2009).  The conferences committee has demonstrated it’s ability to conduct a significant outreach effort while continuing to ensure that the foundation has the funding it needs to continue executing this mission.  Placing this responsibility in the hands of the chapters committee, who’s mission is to provide support to local chapters, and removing it from the conferences committee, who have the specific expertise in planning and executing events would be in my opinion irresponsible.
  
I believe we need to better define the Global AppSec/Regional/Local breakI'd recommend any event larger than 100 expected attendees (Things that are clearly chapter meeting, such as NY chapter meetings excluded) would be under the Conferences Committee purview.  Events expecting less than 100 attendees would all be classified as local events (unless they are deemed "conferences" for a specific reason), managed by the Chapters Committee and put into OCMS for GCC awareness when working the larger schedule items.
+
I will admit that the majority of the Global Conferences Committee resources and time are focused on the larger events. When it comes to the smaller events we mostly provide foundation funds, guidance when asked and leave the vast majority of the planning to the local team, rarely getting involvedAs smaller events (under 100 attendees) do not have as significant impact to the foundation as a whole and in general do not generate significant income (last year they represented  0.88% or $2065.07 of total event income).  While they are critical to outreach efforts and need to be coordinated with the rest of the OWASP event schedule I believe that the chapters committee may be capable of managing these size events (as they typically only involve a single chapter) however they could also continue to be managed by the conferences committee as well.
  
'''My Rationale:''' the Conferences Committee has the experience and knowledge regarding larger events i.e. conferences and the chapters committee does not have this focus. Larger events (over 100 expected attendees) and would benefit from knowledge and guidance of the conferences committee who has the experience with larger events.
+
There are some areas where the Conferences Committee needs to improve. I agree with the sentiment that we do not clearly define the differences in definition or support between Global AppSec, Regional and Local events.  We also need to continue our work of spreading out the OWASP Global Event Calendar as we are still very heavy in the second part of the year.  I will also admit that not every decision the Global Conferences Committee has made has been popular however sometimes unpopular or difficult decisions need to be made for the greater good. I will say that all of the decisions made by the conferences committee have been conducted in the most open and democratic way possible.  We conduct almost all of our business on the maligning list for all to see and contribute and we vote on almost every decision so that those who have been validated by their peers to serve on the committee can have their say in the processThe conferences committee was even the first to develop a self governance document which was adopted in part or in whole by several of the other committees, including chapters.  Considering the massive responsibility placed on the conferences committee in both leading the outreach effort and in ensure the foundation has sufficient operating income to continue it’s existence I’d say the Global Conferences Committee is doing a great job and don’t see the reason or rationale for making any move that would obstruct them from continuing to do great work on behalf of OWASP.
 
 
Additionally, one of the conferences committee's major goals (and a primary reason for OCMS's existence) is to conflicting scheduling of events.  Larger events, including those with a regional draw need to be carefully managed as we are currently experiencing attendee, speaker, and sponsor fatigue with our schedule that's mostly in the second half of the year.  Local events IMO are more for GConfC awareness and tracking of the "official" event schedule, they rarely cost much (although almost all request some sort of funding/schwag and foundation support) and I can't think of a single local event that's turned a profit (many don't' charge a fee).  Personally I feel that the GChapC would be a fine venue to coordinate these activities so long as the GConfC still get awareness of them (Fore scheduling purposes).
 
 
 
While I will agree that most of the labor is done by the local team (GCC is working on ways to help provide additional "effort" support), all of the financial risk is taken on by the foundation.  It is OWASP Foundation funds that pay for venues, deposits, food, and the foundation that takes on the risk of any loss (which has happened in the past)Conference income accounts for 77% of OWASP's annual income.  In 2010 Conferences brought in a total profit of $240,399.71 (up 151% from 2009 even counting the $34,991.87 of which was allocated directly to local chapters budgets) while OWASP's overall net was $4,972.63.  Conferences and their profits are what make OWASP possible without these funds we could not put on events like the OWASP Summit (total cost to the foundation was $224,799.05, only $44,095.65 came from chapters in the form of donations, individual travel sponsorships, or forfeiture).  While I agree its important to empower chapters and local leaders to make smart decisions and as a result the GCC has provided, for the first time, profit sharing for local chapters for events in 2010The financial benifits of OWASP events is far too crutial to the ongoing support of the OWASP mission to be removed from the oversight and experience of the people who have held sucesseful events in the past and have proven that they can effectively manage these activities.
 
 
 
Additionally, as a Co-Chair of one of the larger regional events, I wholeheartedly agree with keeping the events under the GConfC.  From a foundation perspective I'd argue that AppSec DC uses even less labor resources than LASCON does (at this point, AppSecDC is completely self sufficient other than the need of capital from the foundation to get us started).  However the AppSec DC Team puts on our event for the benefit of Application Security awareness by engaging key stakeholders (the US Government).  We do not do it to bolster our local budget, we did it for the betterment of OWASP and will continue to do so as long as we are allowed.  The Chapters Committee should continue to have oversight of chapter meetings, the chapter handbook, local sponsorships etc but for the larger events, they need the experience of someone who has planned large scale events.  Perhaps number of attendees isn't the best metric to use the GConfC has been using more subjective delineators for over a year now with success, however I felt that might be a way to compromise and clearly define who had oversight of what.
 

Revision as of 14:41, 1 June 2011

Management and oversight of OWASP Global AppSec and Regional Events should stay under the prevue of the Global Conferences Committee. The Conferences committee is comprised of members who have the experience, knowledge and experience to ensure that larger OWASP events are run in a manner consistent with the values of the foundation as well as in an open and fiscally responsible manor. Over the past 2 years under the Conferences Committee’s leadership, we’ve seen OWASP grow from having one, perhaps two global events each year to having a Global AppSec Conference in North America, South America, Europe and Asia every year in addition to growing the number of regional and local events we participate in worldwide. Under GCC stewardship we have also seen a significant increase in profitability for events that provides the engine to drive OWASP’s activities worldwide.

OWASP Conferences and events are the flagship of our outreach activities and of equal importance are vital to the very existence of OWASP. It is the revenues that OWASP makes from conferences that allow the foundation to fund all aspects of it’s operations, projects, chapters as well as some of our most successful outreach activities such as the summit. Last year conference income accounted for 77% of OWASP's annual income and brought in a total profit of $240,399.71 (up 151% from 2009). The conferences committee has demonstrated it’s ability to conduct a significant outreach effort while continuing to ensure that the foundation has the funding it needs to continue executing this mission. Placing this responsibility in the hands of the chapters committee, who’s mission is to provide support to local chapters, and removing it from the conferences committee, who have the specific expertise in planning and executing events would be in my opinion irresponsible.

I will admit that the majority of the Global Conferences Committee resources and time are focused on the larger events. When it comes to the smaller events we mostly provide foundation funds, guidance when asked and leave the vast majority of the planning to the local team, rarely getting involved. As smaller events (under 100 attendees) do not have as significant impact to the foundation as a whole and in general do not generate significant income (last year they represented 0.88% or $2065.07 of total event income). While they are critical to outreach efforts and need to be coordinated with the rest of the OWASP event schedule I believe that the chapters committee may be capable of managing these size events (as they typically only involve a single chapter) however they could also continue to be managed by the conferences committee as well.

There are some areas where the Conferences Committee needs to improve. I agree with the sentiment that we do not clearly define the differences in definition or support between Global AppSec, Regional and Local events. We also need to continue our work of spreading out the OWASP Global Event Calendar as we are still very heavy in the second part of the year. I will also admit that not every decision the Global Conferences Committee has made has been popular however sometimes unpopular or difficult decisions need to be made for the greater good. I will say that all of the decisions made by the conferences committee have been conducted in the most open and democratic way possible. We conduct almost all of our business on the maligning list for all to see and contribute and we vote on almost every decision so that those who have been validated by their peers to serve on the committee can have their say in the process. The conferences committee was even the first to develop a self governance document which was adopted in part or in whole by several of the other committees, including chapters. Considering the massive responsibility placed on the conferences committee in both leading the outreach effort and in ensure the foundation has sufficient operating income to continue it’s existence I’d say the Global Conferences Committee is doing a great job and don’t see the reason or rationale for making any move that would obstruct them from continuing to do great work on behalf of OWASP.

Retrieved from "https://wiki.owasp.org/index.php?title=Committee_Supervison_of_Events_Rational&oldid=111412"