Dear friends,

We started Security B-Sides (BSides) to do something different. We wanted to create a platform to help the security community achieve things together that we could never do alone, and expand everyone’s opportunities.

Thanks to the incredible support of all our volunteers and sponsors, over the past two and a half years, the community organizers have held 37 conferences across four continents involving over 100 organizers, and thousands of participants. I am so proud to be a part of this, seeing people help each other and doing things they would never have done otherwise.

However, this week, some criticisms were published about BSides. As the person named in some of these statements, I want to set the record straight on items that are factually incorrect, as well as address some of the growing pains I mentioned above. BSides, as a community organization, has a responsibility to our community and our sponsors.

Not-For-Profit Status

BSides is not yet a not-for-profit (NFP) organization. It is true that I initially included language stating this on the website and Facebook page because that is the spirit in which the organization was developed. This has since been removed. We have not misrepresented ourselves as a NFP to any sponsors or vendors, nor have we provided them with a receipt claiming such.

We are in fact pursuing NFP status. Please know this: I took the initiative to file for California state acceptance, which is the first step to filing Federal 501c3. The state filing was approved this year after many cycles. Due to state budget cuts, we waited months for each reply.

I have recently engaged a third-party company who specializes in these types of organizations to walk us through the process of selecting Board members, drafting bylaws, and completing our Federal application.

I admit that I might’ve taken more time than needed to address some of these important administrative details, but this delay was never out of malicious intent; getting caught up in the growth of the organization delayed this process. The foundation of BSides was never lost along the way.

In the spirit of growth, and to further that foundation, I’m happy to announce that the three initial board of director members for BSides will be: Jack Daniel, Gene Kim, and myself. Gene is the newest member of the team, and is an experienced executive and well-respected member of the information security industry and has served as an adviser and board member for many organizations.

Financials

Regarding the financials and banking issues, quick factual clarification. Shortly after forming BSides I applied for an Employee Identification Number (EIN) with the IRS. I then opened a separate bank account for BSides into which we deposited funds received. Since some sponsors wished to pay via credit card we used PayPal to accept these funds. I linked the PayPal account to the BSides bank account to be able to transfer funds.

This quarter we engaged a third-party bookkeeper to review the bank account and help us create an event-by-event accounting of all funds received and expenditures made. Let me emphasize, all BSides funds have gone directly to the events, to cover administrative costs, or were donated to charitable organizations. To go a step further, neither myself, nor Amber, have received any compensation for our time or effort and all of the funds have been kept in a separate account from our personal funds.

Another important piece to the financials is the management of events. When we had 5-10 events spread out over the year, it was easy to manage all invoices and all accounts from one central location. This process broke down and we ended up paying for one event using funds raised from the last as we tried to collect on committed funds. Going forward, we have discontinued the “global” sponsorship and will require each event to raise their own funds and cover all expenses. There will be no co-mingling of finances.

Responsibility and Accountability

Although we are not yet a NFP and not required to publish financials, we will publish a report in accordance with typical NFP practices. We are diligently working on this and our hope is to have it completed in the next couple of weeks. If any sponsor would like to know how their funds were used, we are also ready to provide a full itemized accounting details for them.

I am not perfect, and many of the changes that occurred in the last two years came from extreme growth and change. I agree with Bill Brenner that this is an opportunity to build something better. We learn, we evolve, we move on. We now have a formal board of directors, a third party bookkeeper, an organization that will help us complete the 501c3 paperwork and filings. We have new processes for each event operating independently. I think the good we have created should not be abused or ignored.

The Future of BSides

My main concern is what the future holds for the many event organizers whose sponsors may question their involvement in BSides. I will continue to assure our sponsors that BSides remains a worthy investment and that we are laser focused on making this a better and more transparent organization for the benefit of the security community and broader industry.

I would like to encourage others to continue to be collaborative, and help each other do good things. If you want to volunteer and participate in our improvement, please contact me at mike@securitybsides.org or join the BSides Google group.

If you have any questions about BSides or any of the accusations, please email me. In the spirit of total transparency, I will attempt to reply to all of your questions.

Going forward, I hope the community can help itself heal, band together, and continue to help others do together what they could not do alone.

Sincerely yours,
Mike Dahn