May 2020 Minutes

CALL TO ORDER

Board Members Present

  • Owen Pendlebury, Chairperson
  • Sherif Mansour, Vice Chair
  • Vandana Verma, Treasurer
  • Gary Robinson, Secretary
  • Richard Greenberg, Member at Large
  • Martin Knobloch, Member at Large
  • Grant Ongers, Member at Large

Guests

  • Mike McCamon, Executive Director
  • Harold Blankenship
  • Emily Berman
  • Kelly Santalucia
  • Tom Pappas, Chief Financial Officer
  • Lisa Jones
  • BIl COrry
  • Mark Hoopes

Agenda

APPROVAL OF MINUTES

Previous Meeting Minutes

Motion: approval of April 2020 minutes, Sherif Mansour motioned, Martin Knobloch second.

Vote:

  • Gary Robinson - Yes
  • Martin Knoboch - Yes
  • Sherif Mansour - Yes
  • Richard Greenberg - Yes
  • Grant Ongers - Yes
  • Vandana Verma - Yes
  • Owen Pendlebury - Yes

Passed: 7-0

REPORTS

Organizational KPIs

  • Membership 3,172 (234 increase from Last Month)
  • Momentum: 611K visitors to website (652K compared to 2019; decrease of 6.3%). Of note wiki traffic is now only 5.3% of all traffic
  • Operations:
    • 96% of Service Desk tickets closed within SLA (same as last month)
    • 85.7% of Non-Funding tickets were closed within SLA (worse from 86.6% last month)
  • Money: $1.4M Cash on hand. YTD Net income is -$35K (compared to budget -$213K which is better by $178K).

Financial

Attached please find the preliminary OWASP Combined (Converted to USD for all reports) financial pkg for Apr 2020 which represents financial performance for the 4th month of Fiscal year 2020. I have included the 2020 approved budget. All amounts are combined with the EU and converted to USD in these reports. This report is PRELIMINARY as we will be going through and Audit for 2019 and as is customary we will keep the books open for a few months to capture and trailing items:

One other note, while through Apr 2020 from a Net Income perspective, the Foundation is doing very well, specifically due to the efforts of Mike and the team pulling off the very successful online event, this will not continue due to the uncertain and turbulent nature of the world, which is why the Z forecast, voted in at the last board meeting, will start in May 2020. This is particularly evident with the Pandemic effects, as we have noted many times for the past 6 years the Foundation has become an events driven organization and relies heavily on the income from them and with the Pandemic halting travel and in person meetings we need to be VERY cautious as to how we spend the funds of the Foundation as revenue will most certainly trail expenses for the remainder of FY20.

Income Statement:

Revenue: On an accrual basis, total revenue, YTD was $932.9K as compared to the budget of $876.5K. The results are BETTER by $56.4K, with Conference income being $279.2K ahead of the 2020 budget, offsetting the other revenue lines that were under budget

Expenses: Total spending YTD 2020 is LESS than budget by $121.4K due to under spending in most of the depts. ( Conference expenses are over budget by $62.3K(Apsec Cali 20, 20 Snofroc , 20 NZ Day and 20 Seasides , and offset by the $25K underspending on the Summit.

Net Income/Loss: YTD 2020 Net income, on a combined Accrual basis is <-$35K which is BETTER than the YTD 2020 budget of negative -$213K by $178K.

Chapter Funds: US bal is $829K which is UP $12K from the Mar 20 bal of $817K. EU Ch bal is $59K. Also US Proj bal is $185K. (which is UP $5K from Mar 20). EU Proj bal is $-5K

POINTS of NOTE:

With regard to Operating cash, the Liabilities (AP, accrued expenses, accrued Payroll, deferred revenue for events such as Apsec EU, Lascon, Apsec US etc that may not happen) of $632K added to the $1,068K of Ch/Proj balances is $1,700K , as compared to the $1,392K of cash, leaves us a Negative Oper. Cash balance of $308K, if all the Chapters and Projects spent all their funds. Also Open AR is $177K which is down $12K from the Mar balance of $189K.

At this point in the year with all that is going on while we are $178K ahead of budget but that will not hold and is why we approved the “Z” forecast to begin in May 2020. Once we close May and compare that to the “Z” forecast will give us a much better picture of truly how we are tracking.

Executive Director Report

(see detailed report below)

Events Report

(see detailed report below)

OLD BUSINESS

(1) Chief Finanical Officer Tom Pappas reported on tools available to resolve the EU transactions matter. He reminded the Board of the open action to resolve the European banking signatories.

(2) Exeucutive Director Mike McCamon shared a draft of the Community Review Process

(3) Exeucutive Director Mike McCamon confirmed that upcoming Global Event commitments for 2021 offer flexibility if postponed to 2022.

(4) Director Vandana Verma shared a brief report following her review of the 2020 Budget Z Model.

(5) Exeucutive Director Mike McCamon shared a draft of the 2H20 Marketing Plan Abstract and solicited Directors for feedback.

NEW BUSINESS

(1) Motion: Direct the Executive Director to engage the OWASP Foundation with BoardSource for their BoD Training and Assessment Services.

Following a brief discussion, this motion was Tabled.

(2) Motion: Due to COVID-19 global pandemic and to protect the personal safety of our community, the OWASP Foundation is banning all in-person OWASP Chapter Meetings and community gatherings of over ten people until the latter of September 1, 2020 or local authority restrictions. The Board encourages Chapters to host virtual meetings. Furthermore, during the ban any and all Chapter expenses will be denied.

Sherif Mansour made the motion and was seconded by Grant Ongers. Following a brief discussion, this motion was Tabled. The Executive Director took the action to rewrite this motion and forward to the Board for electronic voting.

(3) Motion: In accordance with Section 4.02 of the OWASP Foundation Bylaws, the Board of Directors hereby grants a one year Honorary Membership effective today to Chetan Karande, Luiseduardo, Walter Martín Villalba, and Aldo Salas for having provided a benefit to the organization deserving of membership.

Sherif Mansour made the motion and was seconded by Grant Ongers. Following a brief discussion, this motion was Tabled. Staff was requested to provide credentials of individuals listed above.

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS
  • DEFCON and BlackHat have been cancelled by the organizers.
  • OWASP Foundation welcomes Alonna Stock as Senior Events Manager
  • OWASP Foundation thanks Sibah Poebe for her services as Events Coordinator
ADJOURNMENT

Executive Director Report

Conferences

Virtual AppSec Days was a very big success. The conference had 1,248 Conference attendee registrants, 371 Training registrations, and 161 CtF registrations. Our marketing has led to over 19K visitors to the registration site. The event grossed $164,530 using the custom-build registration tool that reliably processed registrations and saved the Foundation $5,594 compared to having used our previous provider or Eventbrite.

Staff is working with the Tiger Team to plan the Virtual AppSec Summer of Security repeating the training format in June, July, and August. We have yet to make a decision on the Conference and Capture the Flag activities. The Call for Trainers is now closed with 73 submissions.

The Global AppSec SF program is coming together and staff is preparing to launch the Registration website on June 1. Two of our Keynote speakers have already been confirmed and have signed the speaker agreement. We have executed the Global AppSec SF 2021 event contract and expect the contract for Berlin 2022 to be received shortly.

DEFCON and BlackHat have been cancelled by the organizers.

Staffing

Alonna Stock, Sr. Events Manager will be starting on June 1. She will be working with Emily on our event planning and execution. Initially she will be the lead on Regional and Local events while heavily assisting Emily on Global Events. The Foundation elected to not renew Sibah Poede’s contract.

Website

SEO engagement ended the first week of May. Final changes to our broken link analysis has further reduced our offsite traffic (going to wiki) to only 5.3% of site traffic.

Content migration by Chapters and Projects is ongoing with 133 of 283 Chapters (46.9%) and 91 of 152 (59.9%) Projects yet to migrate. Chapter page migration, along with new chapter activity can be monitored at https://owasp.org/chapters/status/

Responding to community feedback, we have implemented alternate footers that can be selected per page of the website. The issue was a few members of the community didn’t like the size of the footer that recognized our Corporate Supporters. The new design uses less vertical space and an alternate design removes the spotlight company.

Event P&Ls

Dawn has been given the task to close all 2019 Event P&Ls. This has been a longtime outstanding item and I’m grateful Dawn has stepped up to work with Virtual on resolving this matter.

GDPR

This project is ongoing and we had hoped to launch this effort at the beginning of the month. As you may know, our primary email address has nearly 50,000 names on it. While this is impressive, unfortunately there is no record of subscriber opt-in to the list. This is a very big risk for the Foundation. We intend to have run a two-week campaign to that list requesting the opt-in for future emails from the Foundation.

IT Retooling

We continue to find automation opportunities with Copper and our workflows. The team has implemented several new processes for handling sales that are increasing efficiency and reducing our costs. The Foundation has started processing invoices through Stripe. This change will offer greater flexibility for our partners when paying the Foundation including secure credit card payment.

Harold and I have been brainstorming integrations between our website and Meetup. We have also been discussing a backup plan for replacing Meetup if their business model continues to change. It is also notable that Meetup currently costs ~$32K per year so even today it is not trivial.

Miscellaneous

  • As always, most major staff projects are all listed with milestones at https://owasp.org/www-staff/

Events Report

Virtual Events

  • Summer of Security
    • June 23 - 24
    • July 28 - 29
    • August 25 - 26
  • 5 sponsorships sold so far (goal is 10)
  • Call for trainers closed Friday (over 50 submissions)
  • Website will launch Monday June 1
  • Goal is to have at least 10 training per month
  • Schedule will be announced the week of June 1
  • The team is still exploring other possible talks and contests to hold during these weeks

San Francisco Global AppSec

  • Trainer acceptance letters went out on Friday
    • 8 trainings were accepted
    • Program team has list of other highly graded trainings that we can add of we go virtual
  • Presenter acceptances will go out this Friday
  • All presenters and trainers were alerted that the conference may go virtual and they were asked to confirm they are comfortable with that format.
  • Keynotes have been selected
    • John Steven,
    • Masha Sedova
    • Andrew Clay Schafer
    • Colleen Coolidge
    • We are in the process of collecting their info and the website should be updated by the end of the month
  • Registration will open the second week of June in or order to not overlap the Summer of Security registration launch
  • We have contracted with an AV company that has a virtual solution should we decide to go that route
  • I have been researching price points for a virtual conference as well as viewing demos for virtual trade-show floors
  • Kelly, MIke, and I have been researching how to deliver sponsors value in a virtual environment.

Dublin Global AppSec

  • The new timeline for CfP/CfT is as follows:
    • Reopen call for papers August 1
    • Reclose CfP September 20
  • Announce full schedule October 19 (during the Global AppSec)
  • Recommending we revisit the feasibility of an in-person conference in November (Nov 20th?) which will give us plenty of time to cancel our hotel contract penalty-free and explore options with CCD.
  • Force majeure penalty-free cancelation
  • Potential deferment to 2023

Future Global AppSec 2021

  • San Francisco: October 18-22, 2021
  • Dublin: February 15-19, 2021

Global AppSecs 2022

  • Berlin: May 2-6 2022
  • North America: TBD
  • Full 18 month project will be presented at the June board meeting, this will apply to events in 2022 and beyond as the next 18 months are still too uncertain to and we must remain agile during these times.