November 2020 Videoconference

Meeting Details

  • Time: November 24, 12PM US Eastern, UTC 1700 convert
  • Location: Remote
  • Recording

Agenda

CALL TO ORDER

Board Members

  • Gary Robinson
  • Grant Ongers
  • Martin Knobloch
  • Owen Pendlebury
  • Richard Greenberg
  • Sherif Mansour
  • Vandana Verma Sehgal

Incoming board

  • Joubin Jabbari
  • Bil Cory (late arrival, but 75% attendance of meeting met)

Guests

  • Andrew van der Stock
  • Tom Pappas
  • Lisa Jones
  • Sam Stepanyari

CHANGES TO THE AGENDA

APPROVAL OF MINUTES

Vandana asked to be included in the attendance list, as she was there, as demonstrated by various votes. This was accepted and has been changed in the official record.

Second: Sherif Mansour

  • Grant Ongers: Yes
  • Sherif Mansour: Yes
  • Gary Robinson: Yes
  • Richard Greenberg: Yes
  • Martin Knobloch: Yes
  • Vandana Verma: Yes (with 1 amendment to include her in the attendance list)
  • Owen Pendlebury: Yes

Passes: 7-0

Events Special Board meeting minutes could not be found, will be approved by Doodle at a later time.

REPORTS

Organizational KPIs

KPI	            November        Delta
Members         3,291           1.85%
Visitors        573,558         -9.19%
OSD SLA met     60.40%          -54.14%
NSFR SLA met    71.10%          8.16%
YTD net income  $200,148        $516,593
Cash assets     $1,714,329      $14,118

KPI Summary

e-Votes to read into minutes

e-Vote to approve reviewed policies

This motion is to approve the virtual elements of the events strategy, which intends to spend up to $41,500 with gross income of $259,000, likely netting $217,500 profit.

Motion: “Resolved, the Foundation is permitted to plan and run the virtual component of the events strategy, with an approved budget of $41,500 to run the nominated events throughout 2021.”

  • Sponsor: Sherif Mansour
  • Second: Vandana Verma

Vote: https://doodle.com/poll/9q33naxg4kug9n6n

  • Owen Pendlebury: YAY
  • Sherif Mansour: YAY
  • Vandana Verma: YAY
  • Richard Greenberg: YAY
  • Martin Knobloch: YAY
  • Grant Ongers: YAY

Gary Robinson did not vote in this poll.

Result: PASSED (6 YAY, 1 Did not vote)

e-Vote to decide on a date for January’s special meeting

This is not a motion, but a vote to decide on the best two days for the special meeting. 8 participated, 5 from the next board, Tom Pappas, and Dawn Aitken. As the new Board has not been convened, and three participants are not on the board, this is not a formal vote of this Board.

Vote: https://doodle.com/poll/q82463txp5im7mkk

Result: Two x 2 hour meetings will be held on January 13 - 14 2021 at midday US EST / 5 pm GMT.

NEW BUSINESS

Motion to approve reviewed policies

Note: The following policy was approved in October, but it may not have been clear that the top part of the policy had been through the community policy review process.

Motion: “Resolved, that the following reviewed policies are approved. The Foundation shall upload the approved text within 5 days of this vote to the OWASP policy website:

Feedback for these policies has been published to the global-board list in addition to the above.

Sponsor: Vandana Verma Second: Owen Pendlebury

Tabled for e-vote as feeback was not found.

Motion to approve Global AppSec Australia 2021 and establish an Australian entity

Motion: “Resolved, the Foundation is directed to run an in person Global AppSec in Australia, which requires setting up an Australian entity. The proposed budget is $290k in income, $234k in expenses, for a projected net profit of $55k.”

Sponsor: Vandana Verma Second: Owen Pendlebury

Vote:

  • Grant Ongers: Yes
  • Sherif Mansour: Yes
  • Gary Robinson: Yes
  • Richard Greenberg: Yes
  • Martin Knobloch: Yes
  • Vandana Verma: Yes
  • Owen Pendlebury: Yes

Passes: 7-0

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

Information on events as requested by the Board

Information relating to the questions on notice that the Board sought at the Special events meeting will be presented to the Board. Hopefully, this can lead to putting the two votes currently in the December meeting forward as e-Votes.

The Board has been presented with survey results, which are discussed on the call. Due to privacy reasons, these are not included here. If you wish to see the survey results, please review the recording.

Budget update & finance reform discussion

Andrew van der Stock will show a presentation on the current state of finance policy reform, which will hopefully lead into discussion:

  • Balances
  • Expense reform
  • Event reform
  • Grant reform
  • Awards and Scholarships
  • Sponsors and Bartering reform

Slides:

ADJOURNMENT

Owen moves to adjourn. Gary seconds. Meeting finishes at 13.50


Staff Reports

Financial

Attached please find the preliminary OWASP Combined (Converted to USD for all reports) financial pkg for Oct 2020 which represents financial performance for the 10th month of Fiscal year 2020. I have included the 2020 approved budget for the first 4 months and the approved Zforecast for May, June, July, August, Sept and now Oct. All amounts are combined with the EU and converted to USD in these reports.

September 2020 Financial Packages

Books were not closed in October as meeting was early

October 2020 Financial Packages

So I want to point this out early in the Report. I have included a detail P&L for the APSEC SF/Oct Virtual event. My question as you will see in the work book are, can we recognize all the revenue we had in the deferred account ($196K for Reg and $431K for sponsorship or will some of that be recognized in the 2021 APSEC US). Second the AV exp of $60K says first installment, will there be more bills? This is why this is preliminary. If we can recognize it all then we are in GREAT shape. If I have to put some or all of the Deferred revenue back on the balance sheet that will significantly impact the Oct 2020 close. I am sending the APSEC SF 2020 work book to Kelly and Emily for their input. With that please see the narrative with all of the Deferred and Prepaid expenses for APSEC US 2020 SF recognized at this point.

Income Statement:

Revenue: On an accrual basis, total revenue, YTD was $2,165.5K as compared to the budget of $1,623.4K. The results are BETTER by $542.1K, with Conference income being $623.7K ahead of the 2020 budget/Zforecast, offsetting the other revenue lines that were under budget (Membership and Donations). This is due to recognizing the Deferred Revenue for the 2020 OCT APSEC SF this month. If we need to move some or all of it back to recognize it will alter the Oct 2020 close.

  • Expenses: Total spending YTD 2020 is MORE than budget by $66K due to Conference expenses are over budget by $237.6K (Apsec Cali 20, 20 Snofroc , 20 NZ Day and 20 Seasides) as well as Professional fees (Trade Mark and legal expense, Audit fees) , offset by the underspending in Chapter expenses (down $117.7K), Travel costs($110.4K) and Project spending ($94.9K).

  • Net Income/Loss: YTD 2020 Net income, on a combined Accrual basis is $200.2K which is BETTER than the YTD 2020 budget/Zforecast of negative -<275.9K> by $476.1. However if we were to remove the $501.5K of net income that we recognized in October for the APSEC US SF, then we would be at a Negative Net Income of $301.3K or $25.4K WORSE than the Bud/Zforecast. This is the worse case if we have to return all of the Deferred revenue to the Balance sheet, which I do not believe we will, but we need to do that due diligence. I have sent a copy of the detail P&L for APSEC SF 2020 to Kelly and Emily to see what if any of the sponsorship we need to move back to the balance sheet. I hope to have that answer by Tues for the Board call.

Chapter Funds: US bal is $830.1K EU Ch bal is $59.9K. US Proj bal is $186.3K. EU Proj bal is $-8.4K

POINTS of NOTE:

Continuing the narrative theme from last month, as of 10.31.20 our cash position was $1,360.2K. Our avg monthly spend for operations is roughly $100K including all payroll, which is still roughly about 13.6 months of reserve, which is very good in the current environment. If we remove AP, PPP loan that is $242K which is just under 2.5 months of reserve taking us to an estimated 11 months, again a good number. Now the concern is the $1,067.9.K of Ch/Proj balances.

(though the Proj balances are just about $177.9K). The Deferred revenue, as we have recognized all of the APSEC US, leaves only APSEC EU and Lascon, and is now $87.4, or one more month of reserve, if all of the APSEC US 2020 can be recognized now. We need to make sure that we fulfill the sponsors value proposition, so we do not lose this revenue. So through 10 months of the year we are tracking way ahead of budget to due to the $501.5K of net income recognized in Oct 2020 for APSEC US which turned into an online event. If we have to remove that as noted above we are only $25.4K worse than the Bud/Zforecast, again not bad all things considered though we do need to pay attention to our liabilities and spending so that we do not veer from where we are now. One other note is APSEC CA has traditionally been a lucrative event, we are not currently planning one, however in order to bridge the gap, I think we seriously need to think about some type of “online” event for Jan 2021.

I have the next board call as Tues Nov 24th 2020 and I will be attending along with Marissa Oakley who has begun to work on the OWASP financials with me. Be safe everyone.

Executive Director Report

The 2021 Board of Director election was run successfully, and Bil Corry and Joubin Jabbari will be joining the Board, with Martin Knobloch continuing. I have met with both Bil and Joubin to discuss their agenda, and how the Foundation may help to progress that. I will endeavor to have the same meeting with Martin in the next couple of weeks. As a Board, you are always welcome to make time with me: https://calend.ly/owasped

A Board strategy meeting for early January has been scheduled for January 13-14, 2021 at 9 am US PST / 12 pm US EST / 5 pm GMT on both days for 2 hours each. A meeting invite has been sent that allows a one hour overrun on both days in case of enthusiastic discussion.

All of the Board meetings in 2021 have been scheduled, and a meeting invite sent to all 2021 Board members. Please accept it, but also remember that Board members are responsible for being at published meetings, and should not rely upon meeting invites from the Foundation alone. The 2021 Board meetings schedule on the OWASP website has been updated.

November has been a busy month for the staff. We have achieved quite a few things, such as implementing complementary membership for active leaders, closing out a successful OWASP AppSec Virtual that will help meet our budget Z forecasts, and moving forward on the 2021 Budget and finance reform. All of the policies enacted by the Board over the last few months, including the bylaw changes that occurred on November 1, have been uploaded and are now in force.

The 2021 Budget draft should be ready in time for the December meeting, with an update on progress below.

A sensitive internal matter to the Board is progressing, and should be completed before the end of November.

Events

https://docs.google.com/document/d/1nC4LIHSyztQ6O-Kpsw36T2-7lGk_YCFkWfWZugLto9E/edit?ts=5fb6aff4

Sponsorship

Sponsor Survey

The survey was sent to 15 companies on Tuesday, November 17th. Ten out of the 15 companies who were sent the survey have replied as of today. The results can be found here: https://www.surveymonkey.com/stories/SM-WPP8F6PY/ If you huver of over the question, it will show you the entire question.

I have many companies who are patiently waiting for our 2021 event/activity calendar. With all due respect, I strongly believe the sooner we make a decision the better we will be in 2021.

Global AppSec Australia

  • After speaking with Daniel and Emily last evening, his impression is if this event were to move forward in Oct 2021 it would most likely be a virtual event.

Corporate Membership

  • $55k invoiced for November (so far)

Projects & Technology

  • Proceeding apace to update OWASP automations and data integrity; somewhat delayed due to unforeseen issues with invalid customer deletion process, updates to membership management and zoom provisioning, and implementing a stronger CAPTCHA on donations.
  • Project Graduations are starting to come in from the Project Committee; Project Handbook also being worked on. Other project details at https://owasp.org/projects/status/
  • Event tool will likely see updates prior to the middle of next year to come more in line with Events team and regional event expectations.
  • May not be apparent but there is some fantastic work going on pushing/updating the www-community content with much thanks to Rick Mitchell for keeping that moving forward these past few months.

Operations

  • Onboarding of New Board Members - waiting for the revised agreement to be finalized. We will be asking all Board Members to sign new agreement due to the changes.
  • Reviewed and updated Lascon 2019 and Global AppSec 2019 TelAviv P&L - awaiting Virtual’s to update and finalized. Setup process to receive credit card statements when received my accounting. I will now send them the coding so there be less issues on future P&Ls.
  • Salesforce - running data reports since Salesforce access ends at the end of the year.
  • Researching training videos for Board Members

Chapters and Membership

  • 2 new chapter opened
  • One chapter closed that was on the sanctioned country list Tehran
  • Moratorium on the closing of any chapters till March 31, 2021.
  • 205 new members for Virtual Global AppSec