March 2024 In Person Meeting Day 1

Meeting Details

  • Date: 18 March 2024
  • Time: 0900 US Eastern, UTC 1300 convert
  • Location: JFK Marriott, New York, NY
  • Call-in: Zoom Meeting

Agenda

CALL TO ORDER

The following members were present:

  • Avi Douglen
  • Bil Corry
  • Kevin Johnson
  • Matt Tesauro
  • Ricardo Griffith
  • Steve Springett
  • Sam Stepanyan
  • Andrew van der Stock

CONFLICT OF INTEREST AND ANTI-TRUST STATEMENT

As the Board consists of individuals from many competing organizations, OWASP and its Board shall abide by all applicable anti-trust and competition laws. To avoid any perceived or actual conflict of interest, or anti-trust concerns under US federal, state, or regulations, only the published agenda shall be discussed or voted upon, or amended as below. If there are any conflicts of interest, Board members are expected to disclose the conflict of interest and must recuse themselves from discussion and voting.

“The record reflects that Matt Tesauro and Kevin Johnson have declared a potential conflict of interest due to their associations as corporate supporters of OWASP.”

CHANGES TO THE AGENDA

Changes to the agenda - unless otherwise prohibited by anti-trust or competition laws - including adding, altering, or tabling of motions is permitted by following Roberts Rules of Order (RONR 12th Ed) 41:63, which requires an affirmative two-thirds vote.

Aligned Focus

Updated strategy map

“The Chair posed inquiries to the newly elected board members concerning their queries or particular interests arising from the mind-map and discussion conducted in the meeting of September of the preceding year. For reference, the mind-map can be accessed via the shared link: https://xmind.ai/share/RgM6tXUS.”

Starting with Guiding Principles

Core Principles Discussed:

Adoption of objectives under the Open World-wide Application Security Project framework. Commitment to establishing a globally accessible open community dedicated to enhancing software security through educational resources, tools, and collaborative efforts. Promotion of a welcoming and inclusive environment that encourages collaboration among practitioners, researchers, and various stakeholders, aiming to foster a community of belonging. This includes sharing knowledge, developing projects, and contributing to the advancement of software security.

Initiatives on Diversity, Equality, and Inclusion

Initial Charter Proposal by Bil:

“Bil recommended the board lead the drafting of the initial charter. This document is to define the scope and objectives of the initiatives on Diversity, Equality, and Inclusion.”

Continuation of Dialogue:

“Kevin highlighted the need for additional conversation on this matter, suggesting Wednesday for this purpose. Avi agreed, thereby scheduling the extended discussion for Wednesday.”

Funding Summary

The board evaluated various funding avenues for the organization, identifying key areas for further exploration:

  • Donations were pinpointed as a critical funding source, with an emphasis on improving strategies to increase donations.
  • Licensing agreements were recognized as a potential revenue stream.
  • Sales of organizational products or services were considered for their revenue-generating potential.
  • A discussion on Membership as a source of funding was planned for later today.
  • Additionally, the board highlighted two other potential sources of funding: revenue from Certification exams offered as part of professional development, and a paid job board service to connect professionals with job opportunities, both aimed at supporting the organization’s funding.

Marketing and Communications Committee Update During the recent board meeting, significant updates regarding the marketing strategy were shared, highlighting the current status and future directions of the organization’s marketing efforts.

Marketing Plan Status

“Marketing Plan Overview by Andrew: Andrew provided an insightful update on the current marketing plan, emphasizing that while a comprehensive plan is in place, its implementation is on hold. The immediate focus is directed towards preparing for a brand refresh. This strategic pause is to ensure that all future marketing efforts are fully aligned with the refreshed brand identity, optimizing the impact of the organization’s outreach and engagement initiatives.

This update underscores the committee’s strategic approach to marketing, prioritizing brand consistency and alignment before rolling out extensive marketing campaigns.”

Membership Recruitment and Growth Discussion

Session Timing

Time: 10:34 AM - 11:25 AM

During this focused session, board members engaged in a comprehensive discussion aimed at identifying strategies to enhance membership growth and engagement.

Membership Growth Plan

Background: We are not growing our membership at the rate that we should, and we have not had great success historically with reaching all the community participants and convincing them to become official members and contributors.

Proposal for Free Memberships

  • Presented by Kevin: Leading the charge, Kevin put forth a proposal to introduce free individual memberships as a strategic move to increase membership numbers. He highlighted the importance of analyzing current barriers impeding membership sales and the necessity of setting clear, achievable goals for membership expansion.

Insights from Membership Survey

  • Shared by Andrew: To add a data-driven perspective to the conversation, Andrew presented findings from a recent survey. These insights aimed to shed light on the current sentiments and expectations of the membership base, providing valuable context for strategy development.

Enhancing Member Feedback Collection

Immediate Survey Feedback Suggestion

  • Suggested by Avi: Building on the discussion, Avi proposed integrating a direct link to the survey as part of the membership joining process. Facilitated by Andrew, this step would aim to capture immediate feedback from new members, offering real-time insights that could guide future membership growth and engagement strategies.

Membership and Leadership Discussion

“During the recent organizational meeting, the board tackled pressing issues surrounding Membership and Leadership, with a particular focus on the challenges of membership renewal and the principle of leadership membership. The alarming statistic of a 90% non-renewal rate among members in California was highlighted as a significant concern, signaling a broader issue of member retention within the organization. This discussion was enriched by Kevin’s personal account of not receiving a renewal notice, pointing to a systemic issue in the organization’s communication and engagement strategies.”

“In response to these challenges, the board proposed the development of enhanced metrics to better understand membership dynamics and the reasons behind the low renewal rates. A strategic initiative was suggested, involving a survey targeted at individuals who did not renew their memberships. This survey aims to gather feedback on the reasons for departure and to express the organization’s regret for their loss, thereby providing critical insights that could inform improvements in membership engagement and retention strategies.”

Motion on Leader Membership Requirement

Motion Presented:
Kevin Johnson proposed a motion to mandate that all Chapter, Project, and Event Leaders maintain a formal membership with the OWASP Foundation. According to the motion:

Resolution:
“It is resolved that all Chapter, Project, and Event Leaders are required to hold formal membership within the OWASP Foundation. This membership may be either paid or complimentary. Leaders are granted a one-month grace period to establish or renew their membership. The policy becomes effective immediately, with enforcement beginning on September 30, 2024. Necessary updates to relevant policies will be made to reflect this requirement.”

Motion Support:
First: Kevin Johnson
Second: Matt Tesauro

Voting Outcome:

  • Avi Douglen: Yes
  • Bil Corry: Yes
  • Kevin Johnson: Yes
  • Matt Tesauro: Yes
  • Ricardo Griffith: Yes
  • Steve Springett: Yes
  • Sam Stepanyan: Yes

Motion Result:
The motion was unanimously passed with a vote of 7-0.

Member Benefits

Collaboration Request on Membership Benefits

“Avi requested that Andrew collaborate with the marketing team to enhance and work on the benefits provided to members. This initiative aims to enrich the membership experience and ensure that the value proposition aligns with members’ expectations and needs.”

Note on Community Building

“It was noted that community builders play a crucial role in creating programs that not only increase the love and reach among members but also add significant value to membership. Such efforts are instrumental in enhancing the community’s cohesion and attraction. Reference was made to Orbit.love as an example of principles and practices that could be applied to foster community engagement and growth.”

Corporate Supporters: Recruiting and Growth Strategies

Discussion Points:

  • Change in Benefits and Tier Adjustments by Sam: Sam highlighted that benefits originally provided to corporate supporters have been shifted to a higher pricing tier, impacting two companies that were previously contributing $5,000, now being asked to contribute $15,000 for similar benefits.
  • Inquiry on Benefits by Avi: Avi raised a question regarding the types of benefits that should be offered to corporate supporters to enhance value and support growth.

Action Item:

  • Brainstorming Session by Sam: Sam is tasked with brainstorming additional ideas for benefits that could enhance the attractiveness of corporate support. One suggestion was to explore potential benefits that could be offered through partnerships, such as with GitHub, to provide added value to OWASP members.

Community Engagement:

  • Town Hall Series: It was proposed to host a series of Town Hall meetings for the community, to be promoted via the OWASP Slack channel and email. The purpose of these meetings is to engage with the community directly, soliciting feedback on the types of benefits they would like to see offered to corporate supporters.

Corporate Growth Plan Discussion

Kevin Johnson spearheaded the discussion on the plan for corporate growth, focusing on strategies to enhance engagement and support from corporate entities.

Website Click-Through Statistics for Supporters:

Kevin presented statistics related to website click-through rates for supporters, providing insights into current engagement levels and the effectiveness of online visibility efforts.

Strategy for Marketing and Outreach:

The consensus on the general approach to corporate growth emphasized the importance of marketing and outreach. These efforts are deemed essential in expanding the organization’s reach and enhancing the value proposition for current and potential corporate supporters.

Summary of Discussion on Corporate “Personas”

“Steve spearheaded a vital conversation on crafting and engaging corporate “personas” to enhance OWASP’s strategic interaction with corporate entities. The discussion underscored the necessity of marketing prioritization to effectively target and connect with these corporations. There was a consensus on the need to empower marketing resources, granting them the autonomy to pursue innovative and creative strategies to engage these personas. Furthermore, Steve introduced the idea of experimenting with a Premium Supporters program, suggesting the creation of an Industry Advisory Council and a Technical Advisory Council to foster deeper relationships with corporate supporters. As a concrete step forward, Steve took on the responsibility of developing two distinct policies to clearly define the approaches for engaging corporate “personas” and to establish the framework for the Premium Supporters program.”

Relationship Plan Update

Discussion on Updated Corporate Supporter Packages

Presented by Kelly:

At 2:38 PM, Kelly led a presentation focused on the revision of the packages offered to corporate supporters. The core of the discussion revolved around tailoring these packages more effectively to meet the OWASP community’s needs and interests, aiming for a mutual benefit scenario.

Key Discussion Points:

  • Tailoring Corporate Benefits: A significant question was raised about the possibility of customizing corporate benefits to align more closely with the community’s specific interests, ensuring these adjustments also deliver value to the corporate supporters.

Next Steps:

  • Action Item Assigned to Andrew: Andrew has taken the responsibility to share the slideshow containing the proposed updates to the corporate supporter packages with the Directors. This is aimed at facilitating further review and constructive discussions to finalize the adjustments.

Summary: Request to Table Advertising Option and Benefit Changes Clarification

Kevin’s Proposal:

Kevin suggested pausing the discussion on introducing an advertising option to give the Directors time for a detailed review. Additionally, he highlighted the necessity for clear procedures in modifying corporate supporter benefits, advocating for transparency and board involvement in these changes.

Agreed Upon Next Steps:

  1. Process Transparency: The team concurred on the importance of making the process for changing corporate supporter benefits more visible and transparent to all involved parties.
  2. Board Involvement: It was emphasized that any changes to corporate supporter packages should be promptly communicated to the board. This ensures the board’s ongoing awareness and contribution to discussions impacting corporate relations.
  3. Marketing Strategy Enhancement: Recognizing the critical role of marketing, there was a consensus on the need to refine marketing efforts. Enhanced marketing strategies are vital for effectively conveying OWASP’s value to potential corporate supporters and optimizing the benefits of supporter packages.

Grants Discussion Summary

Presented by Jason C. McDonald via Zoom:

From 16:00 to 17:30, Jason shared insights into OWASP’s grants plan, emphasizing the approach for identifying and applying for grants to further OWASP’s mission. The team also requested a copy of Jason’s presentation for deeper analysis.

Highlights of the Discussion:

  • Grant Preparation: Jason detailed the steps OWASP is taking to position itself as a compelling candidate for grant funding, such as developing media kits.
  • Exploring Grant Sources: The potential for tapping into both private and corporate grants was examined, discussing the pros and cons associated with each.

Action Items Agreed Upon:

  1. Grants Policy Development: Avi encouraged those passionate about OWASP’s grant-seeking strategy to aid in policy crafting. Steve volunteered to help, with Jason taking the lead on drafting the initial policy document.
  2. Community Survey Insights: Andrew tasked Jason with creating a presentation based on the Community Survey’s findings to better shape the grant strategy.
  3. Member Benefits Enhancement Research: Sam and Jason will collaborate on researching ways to improve member benefits, aiming to bolster OWASP’s grant applications by enhancing its value proposition.

Other Fundraising Strategies Discussion

Sam’s Industry Engagement Proposal

Sam emphasized the potential for OWASP to actively engage with the Payment Card Industry (PCI) standards. This strategic involvement aims to position OWASP as a pivotal stakeholder in defining security standards, thereby opening new avenues for fundraising through industry collaborations and sponsorships.

Comprehensive Fundraising Strategy Exploration

Initiatives by Andrew van der Stock and Team:

A collaborative effort, led by Andrew van der Stock along with other board members, will explore a diverse range of fundraising ideas aimed at expanding OWASP’s revenue sources. This includes traditional methods and new initiatives like a paid Job Board proposed by Sam, to enhance the organization’s financial sustainability.

Proposed Fundraising Ideas:

  • Exclusive Black Tie Dinners: Hosting gala events as fundraising opportunities, targeting major corporate stakeholders for donations.
  • Giving Tuesday Campaigns: Utilizing Giving Tuesday as a key fundraising moment, with plans for a live donation stream and community engagement activities.
  • Dedicated Donation Platform: Evaluating the effectiveness of giving.owasp.org since its 2022 launch, with discussions on boosting its visibility and donation process.
  • Volunteer Involvement: Kevin and three staff members have committed to dedicating their time to support fundraising efforts.
  • Setting Fundraising Targets: Tasking Andrew with establishing clear targets to focus and measure the success of fundraising campaigns.
  • Donation Encouragement Strategies: Sam suggests implementing a “donate” button on key OWASP webpages and offering recognition to donors, such as logo visibility, to incentivize contributions.

This strategic discussion sets the foundation for a multi-faceted approach to fundraising, aiming to diversify and strengthen OWASP’s financial resources through innovative and traditional methods.

Andrew van der Stock is poised to broaden OWASP’s fundraising strategies beyond traditional means with innovative ideas, including the proposal by Sam to launch a paid Job Board. This initiative is part of a comprehensive plan aiming to diversify revenue through various activities, such as exclusive black-tie dinners, targeted corporate donations, and dynamic Giving Tuesday campaigns, complemented by the use of giving.owasp.org for donations. Kevin has pledged volunteer support from himself and three staff members to bolster these efforts. Additionally, the introduction of a “donate” button on OWASP’s website and offering visibility for donors on project pages are strategies to enhance donation inflows, with Andrew responsible for setting clear fundraising targets to measure success.

Discussion on Implementing a Paid Job Board

“In a focused discussion led by Sam and Bill between 17:40 and 19:00, a proposal to transition job postings from Slack to a dedicated section on the OWASP website was put forth, taking inspiration from platforms like CNCF and Indeed. The plan involves engaging with job platform providers for a potential white-labeled site and prioritizing job seeker notifications. Andrew is assigned to spearhead an action plan with OWASP staff. Bill introduced ideas to boost engagement and fundraising, including monthly app sec calls, connecting corporate sponsors with OWASP experts, organizing dine-with-peers events, advocating for lower event ticket prices for better attendance, and offering unique member swag. Sam proposed highlighting in-kind donation opportunities and arranging dinners with the board for sponsors, while Matt suggested offering members early access to conference recordings as a benefit, with a later public release on YouTube, underscoring a multifaceted strategy to improve OWASP’s fundraising and member engagement efforts.”

ADJOURNMENT

Adjournment motion

“It is moved, and seconded to adjourn. Those in favor, say “aye””

Sponsor: Chair Second: Bil Corry