This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "August 23, 2016"

From OWASP
Jump to: navigation, search
(Old Business)
m (Notice of Recording)
 
(27 intermediate revisions by 8 users not shown)
Line 20: Line 20:
 
*Notice to all attendees - board meetings are recorded and publicly available as of March, 2013
 
*Notice to all attendees - board meetings are recorded and publicly available as of March, 2013
 
*Joining the call acknowledges your awareness of recording and consent to be recorded and public dissemination of the recording.
 
*Joining the call acknowledges your awareness of recording and consent to be recorded and public dissemination of the recording.
 +
*[https://drive.google.com/a/owasp.org/file/d/0B0yxedKRQADiUHh5d1V2cHZwTVE/view?usp=sharing Meeting Recording]
  
 +
=== Meeting Minutes===
  
=== Meeting Minutes===
+
::- [https://docs.google.com/document/d/1vGtDOkRKD_NcL29p5__etthCePwdLYrXNQOIBpo-gCw/edit July 27, 2016 Meeting Minutes]
July 27, 2016 Meeting Minutes
 
::-
 
  
 
= Reading Material  =
 
= Reading Material  =
 
'''''It is a requirement as a board member to fully read all material prior to the start of the meeting'''''
 
'''''It is a requirement as a board member to fully read all material prior to the start of the meeting'''''
  
* OWASP Website Project draft report - post comments on the draft
+
* [https://docs.google.com/document/d/19r7GC5kQPKFCLKts1n8egeGXihicPCoeqFbSPQp-604/edit AppSec USA 2016 Report as of August 16, 2016 (private link available to Board only)]
https://docs.google.com/document/d/1OWo4Er61iK2ySwoJsuCHw9ManGHjiMURuRiQUmMVSuY/edit?usp=sharing
+
 
 +
* July financial package
 +
 
 +
::- [[File:2016_07_OWASP_July_Financial_Report_submitted_8.18.16.xlsx|200px|thumb|left|July 2016 Financial Report]]
 +
::- [[File:7.16_YTD_US_P%26L_vs_Bud.pdf|200px|thumb|left|July 2016 Profit & Loss vs Budget]]
 +
::- [[File:7.16_US_BS.pdf|200px|thumb|left|July 2016 Balance Sheet]]
 +
::- [[File:7.16_APSEC_EU_P&L.pdf|thumb|left|AppSec EU Profit and Loss as of July 2016]]
  
 
= Meeting Agenda =
 
= Meeting Agenda =
Line 38: Line 44:
 
== Reports ==
 
== Reports ==
 
=== Chair's Report - Matt Konda ===
 
=== Chair's Report - Matt Konda ===
* Developer Initiatives:  Chicago Coder Conference, Goto; Chicago, TechNexus Panel on Security, Chicago FTW Start with Security Panel
+
* Staff OKR
 
* Staff meetings
 
* Staff meetings
* Bill payments / Contract Approvals
+
* Bill payments / Taxes / Contract Approvals (Many)
* Staff OKR
+
* Thinking size and growing the sponsor space for AppSecUSA
 +
* Pursuing software dev companies to be sponsors, connecting recruiting arms to recruiting event
 +
* AppSecUSA Developer Summit
  
 
=== Vice Chair's Report - Josh Sokol ===
 
=== Vice Chair's Report - Josh Sokol ===
Line 60: Line 68:
 
At the moment, things are both good and concerning:
 
At the moment, things are both good and concerning:
  
Good - we have $225k USD more than we thought by regaining access to our PayPal account, sweeping funds from AppSec EU into our bank account during August. This will be reflected in August's numbers, which are due in our October face to face Board meeting. This makes a decision around hiring a replacement Executive Director possible. I personally would be comfortable if we spend a great deal of time finding the right person, and hiring towards the end of the year to make sure we understand where AppSec USA settles. Which leads me to...
+
'''Good''' - we have $225k USD more than we thought by regaining access to our PayPal account, sweeping funds from AppSec EU into our bank account during August. This will be reflected in August's numbers, which are due in our October face to face Board meeting. This makes a decision around hiring a replacement Executive Director possible. I personally would be comfortable if we spend a great deal of time finding the right person, and hiring towards the end of the year to make sure we understand where AppSec USA settles. Which leads me to...
  
Concerning - AppSec USA training is off target due to a website error that stops people registering (!), and as of last week we are behind all conferences but 2012's, which is just not where we need to be, as we budgetted for a larger conference, and booked accordingly. We will get an update from Laura during the Board meeting, and hopefully we can take sufficient corrective action to turn a (hopefully large) profit this time around.  
+
'''Concerning''' - AppSec USA training is off target due to a website error that stops people registering (!), and as of last week we are behind all conferences but 2012's, which is just not where we need to be, as we budgetted for a larger conference, and booked accordingly. We will get an update from Laura during the Board meeting, and hopefully we can take sufficient corrective action to turn a (hopefully large) profit this time around.  
  
 
I'm also heartened that for the first time in a long time, chapters are spending more than they take in. However, we have had several issues with chapters asking for all sorts of payments, such as one chapter who had nothing in their chapter funds. I approved that expense this one time, but I've asked Tiffany to keep on top of these expenses as we are not a cash piñata to be tapped with a stick every time someone wants money. Additionally, I've been watching chapters looking to pay expenses. One area for improvement is that we should ask all chapters who submit expenses that they are branded only as OWASP, and not a combined meeting (like "Cyber security meetup" or "ISSA and OWASP meetup"). We can address individual chapters who do have combined meetings as a proper co-marketing arrangement, so that OWASP contributes as much as all the other involved organisations.
 
I'm also heartened that for the first time in a long time, chapters are spending more than they take in. However, we have had several issues with chapters asking for all sorts of payments, such as one chapter who had nothing in their chapter funds. I approved that expense this one time, but I've asked Tiffany to keep on top of these expenses as we are not a cash piñata to be tapped with a stick every time someone wants money. Additionally, I've been watching chapters looking to pay expenses. One area for improvement is that we should ask all chapters who submit expenses that they are branded only as OWASP, and not a combined meeting (like "Cyber security meetup" or "ISSA and OWASP meetup"). We can address individual chapters who do have combined meetings as a proper co-marketing arrangement, so that OWASP contributes as much as all the other involved organisations.
Line 70: Line 78:
 
== Financial information ==
 
== Financial information ==
  
* June financial package
+
* July financial package
  
 
::- [[File:2016_07_OWASP_July_Financial_Report_submitted_8.18.16.xlsx|200px|thumb|left|July 2016 Financial Report]]
 
::- [[File:2016_07_OWASP_July_Financial_Report_submitted_8.18.16.xlsx|200px|thumb|left|July 2016 Financial Report]]
Line 77: Line 85:
 
::- [[File:7.16_APSEC_EU_P&L.pdf|thumb|left|AppSec EU Profit and Loss as of July 2016]]
 
::- [[File:7.16_APSEC_EU_P&L.pdf|thumb|left|AppSec EU Profit and Loss as of July 2016]]
  
* 2016 Draft Budget
+
=== Secretary Report -Tobias Gondrom ===
::- https://docs.google.com/spreadsheets/d/1tCD2IDtDneI0ZzDeSBehXpaSzTantftUrp_b5YUWsVE/edit#gid=616181681
 
 
 
=== Secretary Report - ########## ===
 
 
 
  
 
=== Governance report ===
 
=== Governance report ===
Line 90: Line 94:
 
* Coates - Chapters
 
* Coates - Chapters
  
* Gondrom - Governance
+
* Carter - Governance
  
 
* Brennan - Projects
 
* Brennan - Projects
  
==Reports==
+
==Staff Reports==
* Executive Director/Operations Update - [https://docs.google.com/a/owasp.org/document/d/1gMcPLK_zC_HJJKmqd72bOP66W0XzvAGjMzRabGW6N7M/edit?usp=sharing Rollup Report]
+
* Director/Operations Update (Kate) - TBA
** Financial Update - [Link| Board Summary Combined] [Link| Combined Balance Sheet]
+
** Financial Update - Andrew/Tom - See above
** Director Update - Kate Hartmann - see rollup report above
+
** [https://docs.google.com/a/owasp.org/document/d/195QybBHpWhYxXQ5Q6ydAN08AQr-qaGVKZWYyXaUmktU/edit?usp=sharing Conference Manager Report] and [https://drive.google.com/a/owasp.org/file/d/0BxOGWXgQrDndX2FvTEVydVh3YWc/view?usp=sharing AppSec USA 2016 Report 08/23] - Laura Grau
** Project Coordinator Update -DRAFT[https://docs.google.com/a/owasp.org/presentation/d/1jeTYCaTRw-lqJV0q3OpYiTZCrAwf4T9fKiMjqHccm44/edit?usp=sharing| Claudia Aviles Casanovas Update]
+
** [https://docs.google.com/a/owasp.org/presentation/d/16III5sOo06KLyjdG2HEa7cA8hOSf9SKsuWbzbgD467s/edit?usp=sharing Project Coordinator Update] - Claudia Casanovas & Matt Tesauro
** Membership Update - [https://www.owasp.org/index.php/May_2016_Membership_Report Membership Report] Kelly Santalucia Update]
+
** [https://docs.google.com/document/d/1-4fIJfiLa8l02Hf1XBMqRYEiY2z6g4qwln-_ZLQ6GIs/edit Community Initiative Reports] - Tiffany Long - TBA
** [Link| Conference Manager Report] - Laura Grau
+
** [https://www.owasp.org/index.php/July_2016_Membership_Report Membership Update] - Kelly Santalucia  
** IT Update - [Link| IT Status Report as of 2016-05-17] - Matt Tesauro
+
** IT Update - TBA - TBA
 
 
=== Community Initiative Reports  ===
 
  
 
==Old Business==
 
==Old Business==
Line 127: Line 129:
 
==New Business==
 
==New Business==
  
 +
* AppSec USA - Update from Laura
 +
 +
Please go over the last status update from Laura in the reading material, and see for yourselves where we are at in terms of registrations. This last week, registrants paying for their tickets couldn't register for training. Now, I only see 9 training classes, which considering the outstanding success of training profitability in AppSec EU, is going to result in a disappointing profitability for this event. I would like to understand our status as of today, what we can do to fix the registration issue for those 260+ who bought a ticket, but couldn't buy training classes, what we can do to promote the event, and what assistance we can provide the organisers to make this a great event.
 +
 +
* [Johanna Curiel] Discussion on the Sooryen report
 +
 +
Does it comply with it was requested and next steps with regards the wiki and OWASP content
 +
 +
* Projects, Funding and Iran - Matt Tesauro & Claudia Casanovas
 +
 +
We have several projects with leaders or co-leaders located in Iran.  This makes funding those projects problematic due to the OWASP Foundation being a US charity and the economic sanctions imposed by the US.  For background, see the [http://www.state.gov/e/eb/tfs/spi/iran/index.htm US Dept of State Iran Sanction site].  Details of the projects in question are in the Projects  Report for this month, [https://docs.google.com/presentation/d/16III5sOo06KLyjdG2HEa7cA8hOSf9SKsuWbzbgD467s/edit?ts=57bc81b8#slide=id.g112855a4f6_0_14 slide 5].  Since any funding of activities in Iran represents a risk to the Foundation, the staff is asking for the board to determine how the Foundation will interact with any community members or project leaders which are located in Iran.
  
 
== Action Items==
 
== Action Items==

Latest revision as of 19:09, 20 September 2016

Time

  • Date/Time: August,23 2016/6pm-7:30pm CST

Location

Teleconference Information:

https://www3.gotomeeting.com/join/861328838

International Toll Free Calling Information


Attendance Tracker

Board Meeting Attendance Tracker

Notice of Recording

  • Notice to all attendees - board meetings are recorded and publicly available as of March, 2013
  • Joining the call acknowledges your awareness of recording and consent to be recorded and public dissemination of the recording.
  • Meeting Recording

Meeting Minutes

- July 27, 2016 Meeting Minutes

Reading Material

It is a requirement as a board member to fully read all material prior to the start of the meeting

  • July financial package
- File:2016 07 OWASP July Financial Report submitted 8.18.16.xlsx
- File:7.16 YTD US P&L vs Bud.pdf
- File:7.16 US BS.pdf
- File:7.16 APSEC EU P&L.pdf

Meeting Agenda

Call to Order /OWASP Mission

  • Administrative: List of attendees and Agenda bashing (only if last-minute changes to the agenda are needed) (5 min)

Reports

Chair's Report - Matt Konda

  • Staff OKR
  • Staff meetings
  • Bill payments / Taxes / Contract Approvals (Many)
  • Thinking size and growing the sponsor space for AppSecUSA
  • Pursuing software dev companies to be sponsors, connecting recruiting arms to recruiting event
  • AppSecUSA Developer Summit

Vice Chair's Report - Josh Sokol

  • I've got nothing major to report here so let's save the time for some of the bigger discussions that we need to have.

Treasurer Report - Andrew van der Stock

Tom Pappas reports:

  • The combined P&L vs Bud is $59K ahead of bud for Net income YTD ( US + EU $17K vs Bud of -$42K for a plus $59K YTD)
  • As of the end of July 2016, we had combined cash balances of $1,073,853 (which does not include the $225,582 Paypal transfer on 8.15.16 for APSEC EU) which a little more than $90K less than the combined balance at this time last year of $1,164,156. However if the Paypal transfer had taken place on time in July that would have added another $225K so we would have been $135K ahead year over year.
  • Chapter balances decreased over $7K from $728.9K in June to $721.8K
  • When that is taken out of the cash balance it leaves us with $352K ( again had the $225K come in on time the Oper bal would have been $577K) vs the $407K we had at the end of June 2016, and dividing that by the Avg Ops spend it gives us 3.99 months( which is below the 4.56 months, at 6.30.16, but again had the $225K come in on time, it would have been 6.56 months), of Ops reserve exclusive of the event expenses, which is much better than the 2.85 months we had at the end of May
  • In the Cash forecast I have made some notations in red as the Budget is for the combined entity so I have added in the APSEC EU Revenue and expense as well as I have added a tab for the APSEC EU P&L as of 7.31.16
  • I have also added tabs for YTD P&L and BS details in both of the Close pkgs
  • In addition I have included PDF’s to be put up on the web site of the BS , P&L and APSEC P&L [added in financial reports below - ajv]"

At the moment, things are both good and concerning:

Good - we have $225k USD more than we thought by regaining access to our PayPal account, sweeping funds from AppSec EU into our bank account during August. This will be reflected in August's numbers, which are due in our October face to face Board meeting. This makes a decision around hiring a replacement Executive Director possible. I personally would be comfortable if we spend a great deal of time finding the right person, and hiring towards the end of the year to make sure we understand where AppSec USA settles. Which leads me to...

Concerning - AppSec USA training is off target due to a website error that stops people registering (!), and as of last week we are behind all conferences but 2012's, which is just not where we need to be, as we budgetted for a larger conference, and booked accordingly. We will get an update from Laura during the Board meeting, and hopefully we can take sufficient corrective action to turn a (hopefully large) profit this time around.

I'm also heartened that for the first time in a long time, chapters are spending more than they take in. However, we have had several issues with chapters asking for all sorts of payments, such as one chapter who had nothing in their chapter funds. I approved that expense this one time, but I've asked Tiffany to keep on top of these expenses as we are not a cash piñata to be tapped with a stick every time someone wants money. Additionally, I've been watching chapters looking to pay expenses. One area for improvement is that we should ask all chapters who submit expenses that they are branded only as OWASP, and not a combined meeting (like "Cyber security meetup" or "ISSA and OWASP meetup"). We can address individual chapters who do have combined meetings as a proper co-marketing arrangement, so that OWASP contributes as much as all the other involved organisations.

Chapters - Michael Coates

Financial information

  • July financial package
- File:2016 07 OWASP July Financial Report submitted 8.18.16.xlsx
- File:7.16 YTD US P&L vs Bud.pdf
- File:7.16 US BS.pdf
- File:7.16 APSEC EU P&L.pdf

Secretary Report -Tobias Gondrom

Governance report

Updated from Members at Large - Tom Brennan, Michael Coates, and Tobias Gondrom

  • Coates - Chapters
  • Carter - Governance
  • Brennan - Projects

Staff Reports

Old Business

All active board proposals are listed here

  • Co-Marketing Agreements with other conferences
- https://www.owasp.org/index.php/Owasp_Conference_Management_System
- https://www.owasp.org/index.php/Category:OWASP_AppSec_Conference
  • Motion to invest a portion of unused funds in a ladder CD arrangement
- https://docs.google.com/document/d/1cZOMYzaRnWW_oQd4ON7kBNQcmlx3V4u33Szm8jH2cgU/edit#
  • Motion to approve changes to FY17 membership rates
- https://docs.google.com/a/owasp.org/document/d/1RBy7yRl-qVo49lDL1JeKmhwLElcazrJ7tY4OO5Wwb6U/edit?usp=sharing
  • Motion to establish a pay anything membership class, eliminate honorary membership and establish an annual Paul Ritchie Memorial Award
- https://docs.google.com/a/owasp.org/document/d/1GTcff47NFDgFCnnFTvaEehdecc-TU2PWjAqc9x470Vw/edit?usp=sharing
  • Motion to create an OWASP open training platform
- https://docs.google.com/document/d/1dZ-6eJyNj5iiTTo9AS5NC77PYwOF0D9aTHz8dmcJGJ0/edit#

New Business

  • AppSec USA - Update from Laura

Please go over the last status update from Laura in the reading material, and see for yourselves where we are at in terms of registrations. This last week, registrants paying for their tickets couldn't register for training. Now, I only see 9 training classes, which considering the outstanding success of training profitability in AppSec EU, is going to result in a disappointing profitability for this event. I would like to understand our status as of today, what we can do to fix the registration issue for those 260+ who bought a ticket, but couldn't buy training classes, what we can do to promote the event, and what assistance we can provide the organisers to make this a great event.

  • [Johanna Curiel] Discussion on the Sooryen report

Does it comply with it was requested and next steps with regards the wiki and OWASP content

  • Projects, Funding and Iran - Matt Tesauro & Claudia Casanovas

We have several projects with leaders or co-leaders located in Iran. This makes funding those projects problematic due to the OWASP Foundation being a US charity and the economic sanctions imposed by the US. For background, see the US Dept of State Iran Sanction site. Details of the projects in question are in the Projects Report for this month, slide 5. Since any funding of activities in Iran represents a risk to the Foundation, the staff is asking for the board to determine how the Foundation will interact with any community members or project leaders which are located in Iran.

Action Items

Announcements

Adjournment

Motion to close meeting