October 2021 Global Board Meeting Minutes

Meeting Details

Agenda

CALL TO ORDER

Board Members

  • Sherif Mansour
  • Vandana Verma
  • Grant Ongers
  • Bil Corry
  • Martin Knobloch
  • Owen Pendlebury

Guests

  • Andrew van der Stock
  • Tom Pappas
  • Dawn Aitken
  • Harold Blankenship
  • Kelly Santalucia
  • Lisa Jones (late)
  • Lauren Thomas

CHANGES TO THE AGENDA

n/a

APPROVAL OF MINUTES

Vote

  • Martin Knobloch - Yes
  • Owen Pendlebury - Yes
  • Grant Ongers - Yes
  • Vandana Verma - Yes
  • Bil Corry - Yes
  • Sherif Mansour - Yes

Passed: 6-0

REPORTS

Staff reports, including Executive Director and Finance can be found after the agenda.

Organizational Reports

This month I am trying something new to provide greater transparency for the Board. Individual dashboards can be found in the staff reports section.

Finance Dashboard

Finance Summary

e-Votes to read into minutes

There are no e-votes to be read into minutes.

NEW BUSINESS

There is no new business this month.

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

ADJOURNMENT

Adjournment motion

The next general Board meeting is on November 23, at 12 pm US Eastern Time.

“It is moved, and seconded to adjourn. Those in favor, say “aye””

Sponsor: Sherif Mansour Second: Martin Knobloch

Please note this is in the week of Thanksgiving in the USA, and so there might be limited staff and US Board member attendance.


Staff Reports

Executive Director

This will necessarily be a shorter report than normal due to recent ill health. I am on the mend. I am thankful for Sherif signing contracts, Tom Pappas submitting payroll and so on, and Grant to approving payables. I will be finished with the course of medicine that stops me from being able to sign by the time of this upcoming Board meeting.

We recently crossed the 5000 financial member threshold, which was my true stretch goal for membership this year. Thank you to all our new and renewing members! I think this clearly demonstrates the benefits of a clear community focused policy reform agenda as well as an engaged staff and Board that is responsive to community concerns. We will continue to work on the value proposition of member benefits.

Our 20th Anniversary was a smashing success, with associate upsides for our finances. This could lead us back into over reliance on event income, but it does demonstrate that our community is still very interested in events that are relevant and have interest for them. Most streams had over 200 watchers, which compared to in person rooms at major events is comparable.

Once I get back out of my backlog, I will continue to work on the operating plan. One of the identified critical issues in the Operating Plan 2022, is one we continue to suffer from recently is again the lack of a functional association management platform. I believe it is so critical that I will be bringing forward the implementation earlier. I don’t believe our current platform had any business requirements or analysis conducted, and thus it doesn’t meet our operational requirements. I’ve given the current platform sufficient time to mature to cope with our requirements, but it’s clear to me that no amount of investment of additional time or code fixes will address the severe and ongoing issues with simply maintaining our membership and other key functions.

As just one of the struggles we’ve had with our current set up is identifying the electors, including corporate members, without duplicates, and send them a ballot. This should take no more than a few minutes for any normal AMS. So far, we have spent more than two FTE weeks, and it is still somewhat inaccurate, which is unacceptable for any election. More than half way through the election, it was found that some corporate members had not received their vote per the bylaws, and we had 70 duplicate electors. None have voted twice, and the missing corporate member votes have been sent. This type of issue cannot continue.

I am working with the staff to document and prioritize OWASP’s business requirements. I will lead a search for a new AMS platform that is more suited, that will hopefully simply, reduce the total number of platforms we currently use, and reduce our costs. We will then create a plan to migrate our organization to something that should not only be much cheaper, but free up Harold to work primarily on project related work, project management, and grant seeking rather than constantly fix code. No AMS has everything we need, especially our current situation. If the best AMS that meets most of our requirements is found, we will work through the gaps compared to our operational business requirements, bylaws, and policies and work with the Board to identify if we modify the bylaws or policies, or come up with manual workarounds, or try to automate them to address the gaps in question.

I am working on new reporting mechanisms for this month’s Board meeting, so please provide feedback on anything you’d like to see improved or made more transparent.

Finance

Below is the PRELIMINARY write up for Sept 2021.

Attached please find the preliminary OWASP Combined (Converted to USD for all reports) financial pkg for Sept 2021 which represents financial performance through the 8th month of Fiscal year 2021. I have included the 2021 Approved budget which I have spread on a monthly basis.

I have also altered the Board summary to match the categories that the new FY 21 budget highlights.

Income Statement:

  • Revenue: On an accrual basis, total revenue, YTD was $802.7K (an increase of $309.5K) as compared to the budget of $576.8K. The results are Better by $225.9K, with Conference, Memberships and Donations, being over budget by $212.6K and $44.7K and $30.8K, respectively. While Merchandise, and Trademark income were a combined <$63K> below budget YTD. On a quarterly basis combined Revenue Actual was Higher than budget by $119.4K due to the 20th anniversary revenue, which was budgeted at $50K but finished at over $210K in revenue with minimal expenses. There is a timing issue though as the 20th was budgeted in Oct but happened in Sep 2021, but this is VERY good news that we budgeted $50K in revenue and $45K for expenses and the Actual Revenue was over $210K with the expenses estimated to be less than $40K. The Net income has VERY positive variance of $5K budget vs $170K actual or plus $165K, which will help offset OWASP LASCON and AppSec Global Australia, which is not happening but was budgeted for.

  • Expenses: Total spending YTD 2021 is $735.6K which is LESS than they YTD Expense budget of $901.3K by $165.7K with only G&A over Budget by $24.4K due to Underbudgeting Benefits/Taxes/Insperity fee, Legal fees, Unbudgeted Professional Development. However this has been mitigated with the PPP forgiveness of $112.7K

  • Net Income/Loss: YTD 2021 Net income, on a combined Accrual basis is now a POSITIVE $67.2K compared to the Negative $145.9K, as of Aug 2021 and which is Better than the YTD 2021 APPROVED budget of negative <$324.5K> by $391.7K, which give us a cushion to finish out 2021 with .

  • Project Funds: US balance is $221.5K , EU balance is $-13.7K.

POINTS of NOTE:

With regard to the 2021 AppSec Global US we have $220.4K of Sponsorship, $35.6K of Registration and $7.4K of Training for a total as of 10.21.21 $263.4K vs a total revenue budget of $350K so we need about $90K more in Revenue. On the Expense side the Budget is $75K and it is not expected to exceed that but rather come in a bit lower than that.

With regard to cash reserves as of 9.30.21 our cash position was $1,296.7K which is UP from 8.31.21 cash balance of $1,199.9K, by $96.8K or one additional month of operational reserve. Our avg monthly spend for operations is roughly $98K including all payroll, which is still roughly about 13.2 months of reserve, which is very good in the current environment. If we remove AP which totals $30.6K (which is about a third of a month of reserve taking, us to an estimated 13 months of operating reserve, again a good number, if we factor in the $175K of open AR that takes us to over 14 months. If we also factor in the $200K of Projects that is roughly 2 months of Operating reserves leaving at the end of Sept 2021 with 12 months of Operating reserve, or a bit better than previous months On a better note, Through Sept 2021 we are tracking a better than budgeted Net income by $391.7K, which gives us a VERY good chance to not only achieve our year end net income goal of $-99K but to actually show a POSITIVE net income for 2021. we need to keep working on revenue while keeping costs down, while we are still in this no travel environment.

Action: 990 is completed (Andrew and Grant reviewed) and once Andrew signs it, Tomm will submit it to the IRS.

Chapters

  • 264 chapters this year, exceeding our goal of 250 chapters
  • 16 Student chapters (14 in India and 2 in the United States)

Membership

Total Members: 5,056 (this Month: 430)

  • One-year: 3,204
  • Two-year: 1,050
  • Lifetime: 739
  • Complimentary: 63
  • Student: 0

Events and Corporate Support

Operations

  • Awards have been shipped for the Distinguished Lifetime Members
  • Waspy awards will be shipped by Monday
  • Andrew is the process interviewing all winners and once that is completed we will announced winners on social media accounts.
  • Voting is now open for the 2021 Global Board of Directors election.

Voter participation is low. We would like the Board to reach out to the members and leaders to help promote the election. Reminder emails will go out as planned.

Projects and Technology

Projects:

  • Total projects: 232
  • Within the Last 60 days: 5

Projects Promoted to Lab: 3

  • Threat Dragon
  • SamuraiWTF
  • pytm

ModSecurity discussions awaiting

Technology

  • Member Portal benefits update
  • Email Cleanup to begin again next week
  • Administration portal evaluation