March 2020 Minutes

CALL TO ORDER

Board Members Present

  • Owen Pendlebury, Chairperson
  • Sherif Mansour, Vice Chair
  • Vandana Verma, Treasurer
  • Gary Robinson, Secretary
  • Richard Greenberg, Member at Large
  • Martin Knobloch, Member at Large
  • Grant Ongers, Member at Large

Guests

  • Mike McCamon
  • Harold Blankenship
  • Emily Berman
  • Kelly Santalucia
  • Dawn Aitken
  • Tom Pappas
  • various community members
CHANGES TO THE AGENDA
APPROVAL OF MINUTES

Motion: approval of February 2020 minutes, Owen Pendlebury motioned, Sherif Mansour second.

  • Vote:
  • Martin Knoboch - Yes
  • Vandana Verma - Yes
  • Sherif Mansour - Yes
  • Richard Greenberg - Yes
  • Grant Ongers - Yes
  • Gary Robinson - Yes
  • Owen Pendlebury - Yes

Passed: 7-0

 OUT-OF-CYCLE MOTIONS 

As reported by the Chair

March 16, 2020

Motion: Resolved that the AppSec California 2020 event organizing team can, at their sole discretion, pay individual membership dues for any paid attendee of AppSec California 2020. Funds shall be deducted from internal accounting event profits. Names shall be provided to staff no later than March 31, 2020.

Vote:

  • Vandana Verma - Yes
  • Owen Pendlebury - Yes
  • Grant Ongers - Yes
  • Sherif Mansour - Yes

Passes: 4-0

March 12, 2020

Motion: To postone the Global AppSec Conference in Dublin to the week of February 15, 2021.

Vote:

  • Martin Knobloch - Yes
  • Gary Robinson - Yes
  • Grant Ongers - Yes
  • Owen Pendlebury - Yes

Passes: 4-0

REPORTS

Organizational KPIs

  • Membership 2,710 (62 decrease from Last Month)
  • Momentum: 597K vistiors to website (619K compared to 2019; decrease of 3.6%)
  • Operations:
    • 100% of Service Desk tickets closed within SLA (better from 90.1% last month)
    • 94.2% of Non-Funding tickets were closed within SLA (worse from 95.8% last month)
    • Money: $1.260M Cash on hand. YTD Net income is $88.6K (compared to budget -$90.1K which is better by $178.7K).

Financial Reports

Revenue: On an accrual basis, total revenue, YTD was $627.5K as compared to the budget of $619K. The results are BETTER by $8.5K, with Conference income being $100.1K ahead of the 2020 budget, offsetting the other revenue lines that were under budget

Expenses: Total spending YTD 2020 is LESS than budget by $170.2K due to under spending in most of the depts. (Conference expenses are under budget by $33.6K, though I am not sure that all the Apsec Cali 2020 bills as well as the Feb Summit bill, are in at this point.

Net Income/Loss: YTD 2020 Net income, on a combined Accrual basis is $88.6K which is BETTER than the YTD 2020 budget of negative -$90.1K by $178.7K.

Chapter Funds: US bal is $817.2K which is down $3.2K from the Jan 20 bal of $820.4K. EU Ch bal is $59.3K. Also US Proj bal is $178.9K. (which is UP $5K from Jan 20). EU Proj bal is $-5K ( this will be offset into the US Proj balances for the final YE close as will the EU Ch balances)

With regard to Operating cash, the Liabilities (AP, accrued expenses, accrued Payroll, Apsec EU deferred revenue of $109.6K etc) of $187.7K added to the $1,050.4K of Ch/Proj balances is $1,238.1K , as compared to the $1,260.8K of cash, leaves us Positive Oper. Cash of $22.7K, for the time being(which is $33.7K better than Jan 20). Also Open AR is $280K which is down $30K from the Jan 20 balance of $310K. So if they were all to be collected we would have about $302.7K of Oper cash exclusive of what is owed to Chapters, and on avg our monthly expenses are about $135K which is just over 2 months of Oper cash reserve exclusive of the $1,260.8K we have in cash in the bank on 2.29.20.

Executive Director Report

(see detailed report below)

OLD BUSINESS

(1) Motion approve the Signatory Policy Version 2.

Motion - approve the Signatory Policy Version 2, Owen Pendlebury motions, Martin Knobloch seconds.

Vote:

  • Grant Ongers - Yes
  • Martin Knobloch - Yes
  • Richard Greenberg - Yes
  • Gary Robinson - Yes
  • Vandana Verma - Yes
  • Sherif Mansour - Yes
  • Owen Pendlebury - Yes

Passes: 7-0

(2) OWASP Foundation ED & Staff to present Global AppSec Events key milestones and event health indicators. This is based on lessons learned from 2019 - Foundation also need to provide info on what where the major operational savings and overall challenges for the previous events. Tabled with no actions.

(3) Update the Mission Statement(DRAFT): https://docs.google.com/document/d/1ZZiE-lHKvk8_IWzG04Kjcbp0cr5J23B2CjOVokRilPo/edit Tabled with no actions.

NEW BUSINESS

(1) Follwing a brief discussion on the Vice-Chair’s OWASP Community Review Proccess no motion was presented. Action item for staff was documented.

(2) Vice Chair requested Board members to revieww and provide feedback on the following policies. No motion was presented.

(3) Various other discussions without Board Motions

  • Encourage chapters to use Google Meet as alternative to in-person chapter meetings during the COVID-19 outbreak.
  • Improve mechanisms to track discussions about requests and opinions from the community.
  • Strong desire for a Marketing Plan
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

PRELIMINARY Member Survey Reports

ACTION ITEMS

(1) Staff to formalize project plan to increase revenue. (2) Staff to develop a plan and budget due to COVID-19 including the possiblity of SF cancellation. (3) Staff will develop a Community Feedback process for significant OWASP policy changes (4) Staff to add Outreach Committee to Committees landing page

ADJOURNMENT

Executive Director Report

Website

As usual, work continues on various website projects. Our Events Tool launched for Dublin as scheduled and we were taking live registrations until then event’s postponement. There are several small features yet to complete with this project and we will look to offer it to regional events in the back half of the year.

The last week of February the main site’s proxy server had some issues that prevented the site from serving pages. Technically it would eventually serve the pages, but we mark 30sec page load as an outage. Harold, and Matt Tesaro (member and project leader) triaged the site and there is an active staff project to remediate this issue with a new scalable proxy server configuration. More details can be found https://owasp.org/www-staff/projects/202003-DNS-VM-migration.html

Additionally we have added public monitoring of our web site status and performance at http://stats.pingdom.com/q0cazn7mmdfs. As of this morning, the past seven days avg response time is <460ms for our main site which is very respectable.

We have a new Global Events template design which has been launched with Global AppSec San Francisco https://sf.globalappec.org. It is a design which more closely aligns with our corporate site which gives us greater brand continuity and it’s data structure more closely aligns with our other repos. Of note, Harold designed this template to make it trivial for us to stand up future event sites without the need of using Wordpress or Eventbrite in the future.

Harold has also been working on a variety of automations that are possible with our normalized data structure. As you have already seen by going to owasp.org/chapters and owasp.org/projects you can see which have yet to migrate. Harold just added https://owasp.org/chapters/status/ that allows you to see which chapters have recently migrated. Also you can visit https://owasp.org/chapters/leaders/ and https://owasp.org/projects/leaders/ to find current leadership of our chapters and projects respectively.

Projects Summit

Logistically the Projects Summit was a complete success. Unfortunately only seven project members attended the event. Given the low attendance, the COVID-19 crisis, and the backloading of events into Fall/Winter, staff is considering CANCELLING the planned Summer Summit until further notice. We had already slowed down the venue selection process due to low interest, and are under no financial obligations at this time.

Conferences

The Dublin event has been postponed until February 15-19, 2021. The website has been updated, sponsors for 2020 notified, and refunds issued for registants. Sponsorship revenue for Dublin is €119,899 of which €54,924 has already been paid. https://owasp.org/www-staff/projects/202102-GlobalAppSec-Dublin.html

San Francisco Program Team has opened the CfT and CfP. Kelly has already been actively selling the event and has $398,245 contracted revenue against a budget of $725,000. We are tracking to plan on key milestones which can be found, along with contracted sponsors at https://owasp.org/www-staff/projects/202010-Global-AppSec-SF

Lisa submitted our DEFCON application. Last year’s volunteer coordinator has been unresponsive. Plans for BlackHat US are underway for August 1-6 and BlackHat Asia has been rescheduled to September 29 - October 2, 2020. OWASP will be participating in both events.

COVID-19 Chapter Meeting Alternatives

Staff has been researching tools to accommodate hosting virtual chapter meetings during the coronavirus pandemic. We are nearing a close to this research but the factors include (1) cost - primarily focused on free solutions if possible, (2) flexibility - the crisis will pass so we don’t want to lock into a long-term arrangement or setup, (3) Credentials - we want to avoid having ALL chapter leaders share a limited number of paid accounts (like Zoom webinar) due to date/time collisions, and (4) Scalability to as many as 200 attendees per meeting. Harold has recommended we use Google Meet until July 1 https://owasp.org/remote-meetings/

Member Survey

The member survey closed February 22nd. Preliminary reports are attached to this month’s board meeting agenda. Over the next few weeks I will prepare a narrative and compare the findings to 2019. PLEASE NOTE, there are two different survey participant groups: members and non-members. The first is labeled Member Survey with the sample being members of record 13-February-2020, and the second is labeled Community Survey which is comprised of our entire email list (~50K) that excluded the Member list.

IT Retooling

Earlier this month we terminated our contract with Fonteva. Since 2013, the OWASP Foundation has used this software embedded into SalesForce to handle membership. With our new system we were able to move away from this software product. At the same time, we are migrating to a more modern, and less complicated CRM for staff. CopperCRM tightly integrates with G-Suite and is simple to customize for our needs. Harold and I are working to complete this project by the end of March 2021. We do not anticipate any major issues with this migration.

Miscellaneous