[Governance] [Owasp-leaders] Requesting Community Feedback on Virtual Management

Jason Johnson jason.johnson at owasp.org
Thu Jun 19 11:46:23 UTC 2014


Christian, you just suck. "You mad bro"

Jason Johnson
OWASP
Oklahoma City, OK
 On Jun 19, 2014 1:00 AM, "Michael Coates" <michael.coates at owasp.org> wrote:

> These comments are not appropriate, are against our code of ethics and
> should not continue. While you may be weaving valid points of discussion
> into your email that is not an excuse to make comments the way you do here
> or in other threads that we've recently seen.
>
> I will move further conversation off list as no one wants to see an email
> trail. On governance I will ask for the blocking off this email address.
>
>
> --
> Michael Coates
> @_mwc
>
>
>
> On Wed, Jun 18, 2014 at 10:18 PM, Christian Heinrich <
> christian.heinrich at cmlh.id.au> wrote:
>
>> Josh,
>>
>> Based on the ongoing political circle jerk between Dennis, Samantha,
>> Sarah, Jim, you (Josh), Yvan, Michael, Eoin, etc I believe that an
>> independent view that may oppose the intent of Sarah vs OWASP Board is in
>> the best interests of OWASP.
>>
>> If the OWASP Board are not intending to appoint an interim Executive
>> Director until a suitable candidate is found or promoted and there is no
>> cost saving in outsourcing these functions then *the OWASP Board are
>> attempting to cease complete control again* to return to the days of
>> Aspect Security, Trustwave, the ongoing Jeff Williams and Dinis Cruz
>> homoerotic relationship which drove members of the community from OWASP
>> i.e.
>> http://lists.owasp.org/pipermail/owasp-board/2011-January/009563.html
>>
>> Stephanie Fohn has an extensive business leadership background without
>> the webappsec conflict of interest, such as a patent or product, since she
>> is no longer employed by http://blog.whitehatsec.com/iceo/
>>
>> Since WhiteHat Security are more aligned with WASC then OWASP and
>> therefore Stephanie would provide an independent auditor's view of what
>> Sarah and the Board believe OWASP wants vs needs.
>>
>> I also heard from two WhiteHat Security employees that she resisted the
>> appointment of Tom Brennan to WhiteHat Security while Sarah Baso has
>> "spread her legs" for him based on the fact that Jim Manico was upset with
>> "Teflon Tommy" due to his "crush" on Sarah Baso i.e.
>> http://lists.owasp.org/pipermail/owasp-leaders/2014-June/012017.html,
>> ensuring that the better man i.e. "Adam Baso" was listed as a contributor
>> to the OWASP Top Ten 2013, etc.
>>
>> For the record, I dislike OWASP, Jermiah Grossman and WhiteHat Security
>> but it doesn't dispute the fact that my recommendation is driven by *Stephanie
>> Fohn has an extensive business leadership background without the associated
>> webappsec conflict of interest*, such as a patent or product.  Therefore
>> her [possible] appointment is in the best interest of OWASP due to the
>> recent political climate of "when push comes to shove".
>>
>> If her final independent (of the OWASP Board) recommendation is to
>> outsource to Virtual Management Inc and this does not result in the OWASP
>> Board having more "unchecked "power and yields significant OPEX and CAPEX
>> saving with a higher SLA then what OWASP has today then no one should have
>> any further issues.
>>
>> Since my own agenda is to watch OWASP "burn" due to
>> https://www.owasp.org/index.php/OWASP_Inquiries/Google_Hacking_Project
>> then I will support the outsourcing to Virtual Management Inc so that more
>> people leave OWASP for other webappsec groups e.g. SAFECode, WASC, etc as
>> the absolute power of the OWASP Board corrupts absolutely.
>>
>>
>>
>> On Thu, Jun 19, 2014 at 1:52 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>
>>> Christian,
>>>
>>> I suppose we could do that.  Mind expanding on the perceived benefits in
>>> doing so?  I'm thinking that between Sarah and the Board we have a far
>>> better handle on what we need than Stephanie would.
>>>
>>> This would have absolutely nothing to do with cost savings.  Its a
>>> strategic decision that we need to make based on Sarah's pending
>>> resignation.
>>>
>>> ~josh
>>> On Jun 18, 2014 5:52 PM, "Christian Heinrich" <
>>> christian.heinrich at cmlh.id.au> wrote:
>>>
>>>> Josh,
>>>>
>>>> Can you hire http://www.linkedin.com/pub/stephanie-fohn/0/49/80a or
>>>> someone else with similar experience in business itself (not just
>>>> webappsec) to consult on what to do about the Executive Director?
>>>>
>>>> Also what are the cost savings (both CAPEX and OPEX) and associated
>>>> SLA in outsourcing to Virtual Management Inc, etc?
>>>>
>>>>
>>>> On Thu, Jun 19, 2014 at 8:41 AM, Josh Sokol <josh.sokol at owasp.org>
>>>> wrote:
>>>> > That, in all honesty, was my first impression as well.  But then I
>>>> started
>>>> > thinking about OWASP as a company with finances, hr, operations, and
>>>> other
>>>> > concerns.  For most of us here, InfoSec is our core competency and
>>>> not those
>>>> > things.  We've made due with our Whistleblower Policies and Employee
>>>> > Handbooks, but we owe it to all of our stakeholders to take a more
>>>> > professional approach here and elsewhere in our business.  I'd much
>>>> rather
>>>> > see the Board and volunteers focus on our mission of AppSec and leave
>>>> that
>>>> > other stuff to their respective professionals.  That said, I'm very
>>>> > interested in seeing where your head is at once you've had an
>>>> opportunity to
>>>> > research and give further consideration.
>>>> >
>>>> > ~josh
>>>> >
>>>> > On Jun 18, 2014 5:22 PM, "(P7N) Jason Johnson" <jason.johnson at p7n.net
>>>> >
>>>> > wrote:
>>>> >>
>>>> >> I have been quiet for sometime just watching as things happen as they
>>>> >> usually do. Farming out the management duties to a third party
>>>> sounds like
>>>> >> some office space stuff. Sounds strange to me but I will research
>>>> this and
>>>> >> reply back with further disbelief. Meetings with the Bobs..."Well
>>>> bob I say
>>>> >> I do about 25 min of actual work a week" (officespace)
>>>> >>
>>>> >>
>>>> >>
>>>> >> On June 18, 2014 4:24:44 PM CDT, Josh Sokol <josh.sokol at owasp.org>
>>>> wrote:
>>>> >>>
>>>> >>> OWASP Community,
>>>> >>>
>>>> >>> As you already know, our Executive Director, Sarah Baso, recently
>>>> >>> announced that she will be leaving OWASP in August in order to
>>>> spend quality
>>>> >>> time with the coming addition to her family.  Since she initially
>>>> notified
>>>> >>> us of her intent, the Board and Sarah began the conversation of how
>>>> OWASP
>>>> >>> would move forward in her absence.  I think we all are aware that
>>>> Sarah has
>>>> >>> made some amazing contributions to our organization and her absence
>>>> will not
>>>> >>> go unnoticed.  That said, it is important for us to think about a
>>>> short-term
>>>> >>> transition plan as well as a long-term vision for the role of
>>>> Executive
>>>> >>> Director at OWASP.
>>>> >>>
>>>> >>> No decisions have been made yet, but the Board believes that there
>>>> may be
>>>> >>> significant value in working with a third-party professional
>>>> management firm
>>>> >>> with experience in global finance, human resources, and non-profit
>>>> growth in
>>>> >>> order to help us to assess where we are today and where we would
>>>> like to get
>>>> >>> to with the Foundation.  The goal would be to use them to
>>>> transition many of
>>>> >>> Sarah's current responsibilities, leverage their expertise to
>>>> determine if
>>>> >>> there are areas that we can improve upon, and then reassess our
>>>> options at
>>>> >>> that time (tentatively Q4 2014).  We could elect to keep them
>>>> around,
>>>> >>> conduct a search for a new Executive Director, or whatever we all
>>>> feel makes
>>>> >>> sense as we push forward.
>>>> >>>
>>>> >>> After researching several such services, we have all been very
>>>> impressed
>>>> >>> with a company called Virtual Management Inc.  Their support would
>>>> include
>>>> >>> time from Greg Kohn as the Team Lead, Tom Pappas for Finance and
>>>> Grants, and
>>>> >>> Janice Carroll for Operations.  They have a large volume of
>>>> experience
>>>> >>> working with non-profit organizations similar to our own and
>>>> received a
>>>> >>> positive review for their current work with the Apache Software
>>>> Foundation.
>>>> >>>
>>>> >>> QUESTION:
>>>> >>>
>>>> >>> Has anyone had a business relationship with:
>>>> >>>
>>>> >>> Virtual Management Inc. or Wakefield, MA or any of its employees?
>>>> >>> Website: http://www.virtualmgmt.com/
>>>> >>> Linkedin: https://www.linkedin.com/company/50550
>>>> >>>
>>>> >>> We are conducting our due diligence and are looking for anyone who
>>>> has
>>>> >>> had either GOOD or BAD experiences with Virtual.  OWASP Community,
>>>> if you
>>>> >>> have any feedback regarding Virtual, we would love to hear your
>>>> comments.
>>>> >>> Please, if you have any thoughts, feel free to respond back to this
>>>> message,
>>>> >>> send us an e-mail in private, or call any of us up.  We have a
>>>> contract from
>>>> >>> Virtual, but wanted to make sure that there were no significant
>>>> concerns
>>>> >>> from the community before signing.  We've set a soft deadline of
>>>> 5:00 PM PST
>>>> >>> on Friday, June 20th to try and collect all feedback and make a
>>>> decision on
>>>> >>> how to proceed.  Thank you very much in advance for anything that
>>>> you can
>>>> >>> add to this conversation!
>>>> >>>
>>>> >>> Sincerely,
>>>> >>>
>>>> >>> The OWASP Board of Directors
>>>> >>>
>>>> >>> ________________________________
>>>> >>>
>>>> >>> OWASP-Leaders mailing list
>>>> >>> OWASP-Leaders at lists.owasp.org
>>>> >>>
>>>> >>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> >>
>>>> >>
>>>> >> Jason Johnson
>>>> >> Projectseven
>>>> >> e: Jason.Johnson at p7n.net
>>>> >> c: **DATAMAN
>>>> >> --
>>>> >> On the phone. Please excuse my brevity.
>>>> >
>>>> >
>>>> > _______________________________________________
>>>> > Governance mailing list
>>>> > Governance at lists.owasp.org
>>>> > https://lists.owasp.org/mailman/listinfo/governance
>>>> >
>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>> Christian Heinrich
>>>>
>>>> http://cmlh.id.au/contact
>>>>
>>>
>>
>>
>> --
>> Regards,
>> Christian Heinrich
>>
>> http://cmlh.id.au/contact
>>
>> _______________________________________________
>> Governance mailing list
>> Governance at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/governance
>>
>>
>
> _______________________________________________
> Governance mailing list
> Governance at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/governance
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20140619/dcdce942/attachment.html>


More information about the Governance mailing list