I’m writing this blog post to explain briefly why I chose to accept the BSides board position, what my goals are, and provide a brief status report.
Why I joined the BSides board
Over the years, I’ve come to respect the work of everyone in the BSides community. I’m amazed and continually reminded of how many people BSides has positively influenced and the vibrant community they’ve created. I’ve been to three events, and during my tenure at Tripwire, we became one of the first global sponsors. I’ve always loved the people who congregate there, and I’m grateful for how it's reconnected me with old colleagues and friends. I proudly consider myself a part of the BSides community.
In mid-December, I was asked by Mike Dahn and Jack Daniel to join them on the BSides board. I first admitted to them that I’ve primarily been a beneficiary of everyone’s hard work, and that there are countless people who have contributed far more than me. But after talking with them, I told them that it was a privilege to be asked and that I would be happy to serve for a one-year term and help in any way I could.
My goal is to help ensure that BSides succeeds in its mission: to continue to help more information security practitioners achieve their fullest potential, both now and in the future.
Clearly there have been some growing pains. To paraphrase Bill Brenner, this is really an opportunity to "make a better BSides." Our goal as a board is to help BSides grow, become more effective and accountable, as well as more transparent.
A brief status report
Mike, Jack and I started having nearly daily, now weekly, phone calls. The top issues we're working on are the following:
- Create a timeline to complete all the filings necessary for BSides to become officially a 501c3 not for profit corporation
- Create a timeline to retain an outside bookkeeper and release audited financials, going all the way back to the first events, to show that all account balances and values are exactly as they should be, and that all the money went where it was supposed to
- Create a communication calendar so that we regularly release information on what we’ve promised and how we’re doing on those promises, in order to earn back any lost trust with the community
On the 501c3 front, the team continues to move towards the official filing. BSides remains a California public benefit S corporation. As such, there is no official board, but we’ve started to organize and adopt all the structures and processes required for when we have official 501c3 status.
Part of this is getting regular financial reports released that are audited by an independent third party. The team has spent two weeks interviewing firms to take over the daily bookkeeping operations, as well as a CPA firm who can attest to the accuracy of the financials. I’m particularly pleased that as soon as BSides completes the transition to a 501c3, the CPA firm that opines on the financials of the widely-revered Electronic Frontier Foundation (EFF) will do the same for BSides.
While I've studied the SecurityErrata post, based on my analysis, I believe that any financial reporting errors found will be small. My biggest concern is that volunteers sometimes paid event suppliers out of their own pockets, due to BSides cash flow issues -- these transactions may not have been recorded or repaid properly. Of course, we will fix any issues we find.
And finally, on the communications front, this will be the first of many communications you’ll see from the team to make you aware of what we’re focused on, and how we’re doing on the commitments we’ve made.
Some last thoughts
Mike and Jack have been terrific to work with, and I’m confident that we’ll have more positive information to share throughout January and February. From there, the focus of the board will be to discuss the structure that will best serve the BSides mission and community.
I want to thank the many people who took the time to give me advice, provide recommendations on trusted bookkeepers and accountants, and much more. I particularly want to acknowledge Branden Williams, Brian Costello, Matt Hixson, Todd Butson and Bob McCarthy and countless others for their help, for which I’m very grateful.