[Governance] [Owasp-leaders] Requesting Community Feedback on Virtual Management

johanna curiel curiel johanna.curiel at owasp.org
Thu Jun 19 12:08:45 UTC 2014


This is my respond to these kind of comments:

https://www.youtube.com/watch?v=eJrBUrty7vE


On Thu, Jun 19, 2014 at 7:46 AM, Jason Johnson <jason.johnson at owasp.org>
wrote:

> Christian, you just suck. "You mad bro"
>
> Jason Johnson
> OWASP
> Oklahoma City, OK
>  On Jun 19, 2014 1:00 AM, "Michael Coates" <michael.coates at owasp.org>
> wrote:
>
>> These comments are not appropriate, are against our code of ethics and
>> should not continue. While you may be weaving valid points of discussion
>> into your email that is not an excuse to make comments the way you do here
>> or in other threads that we've recently seen.
>>
>> I will move further conversation off list as no one wants to see an email
>> trail. On governance I will ask for the blocking off this email address.
>>
>>
>> --
>> Michael Coates
>> @_mwc
>>
>>
>>
>> On Wed, Jun 18, 2014 at 10:18 PM, Christian Heinrich <
>> christian.heinrich at cmlh.id.au> wrote:
>>
>>> Josh,
>>>
>>> Based on the ongoing political circle jerk between Dennis, Samantha,
>>> Sarah, Jim, you (Josh), Yvan, Michael, Eoin, etc I believe that an
>>> independent view that may oppose the intent of Sarah vs OWASP Board is in
>>> the best interests of OWASP.
>>>
>>> If the OWASP Board are not intending to appoint an interim Executive
>>> Director until a suitable candidate is found or promoted and there is no
>>> cost saving in outsourcing these functions then *the OWASP Board are
>>> attempting to cease complete control again* to return to the days of
>>> Aspect Security, Trustwave, the ongoing Jeff Williams and Dinis Cruz
>>> homoerotic relationship which drove members of the community from OWASP
>>> i.e.
>>> http://lists.owasp.org/pipermail/owasp-board/2011-January/009563.html
>>>
>>> Stephanie Fohn has an extensive business leadership background without
>>> the webappsec conflict of interest, such as a patent or product, since she
>>> is no longer employed by http://blog.whitehatsec.com/iceo/
>>>
>>> Since WhiteHat Security are more aligned with WASC then OWASP and
>>> therefore Stephanie would provide an independent auditor's view of what
>>> Sarah and the Board believe OWASP wants vs needs.
>>>
>>> I also heard from two WhiteHat Security employees that she resisted the
>>> appointment of Tom Brennan to WhiteHat Security while Sarah Baso has
>>> "spread her legs" for him based on the fact that Jim Manico was upset with
>>> "Teflon Tommy" due to his "crush" on Sarah Baso i.e.
>>> http://lists.owasp.org/pipermail/owasp-leaders/2014-June/012017.html,
>>> ensuring that the better man i.e. "Adam Baso" was listed as a contributor
>>> to the OWASP Top Ten 2013, etc.
>>>
>>> For the record, I dislike OWASP, Jermiah Grossman and WhiteHat Security
>>> but it doesn't dispute the fact that my recommendation is driven by *Stephanie
>>> Fohn has an extensive business leadership background without the associated
>>> webappsec conflict of interest*, such as a patent or product.
>>>  Therefore her [possible] appointment is in the best interest of OWASP due
>>> to the recent political climate of "when push comes to shove".
>>>
>>> If her final independent (of the OWASP Board) recommendation is to
>>> outsource to Virtual Management Inc and this does not result in the OWASP
>>> Board having more "unchecked "power and yields significant OPEX and CAPEX
>>> saving with a higher SLA then what OWASP has today then no one should have
>>> any further issues.
>>>
>>> Since my own agenda is to watch OWASP "burn" due to
>>> https://www.owasp.org/index.php/OWASP_Inquiries/Google_Hacking_Project
>>> then I will support the outsourcing to Virtual Management Inc so that more
>>> people leave OWASP for other webappsec groups e.g. SAFECode, WASC, etc as
>>> the absolute power of the OWASP Board corrupts absolutely.
>>>
>>>
>>>
>>> On Thu, Jun 19, 2014 at 1:52 PM, Josh Sokol <josh.sokol at owasp.org>
>>> wrote:
>>>
>>>> Christian,
>>>>
>>>> I suppose we could do that.  Mind expanding on the perceived benefits
>>>> in doing so?  I'm thinking that between Sarah and the Board we have a far
>>>> better handle on what we need than Stephanie would.
>>>>
>>>> This would have absolutely nothing to do with cost savings.  Its a
>>>> strategic decision that we need to make based on Sarah's pending
>>>> resignation.
>>>>
>>>> ~josh
>>>> On Jun 18, 2014 5:52 PM, "Christian Heinrich" <
>>>> christian.heinrich at cmlh.id.au> wrote:
>>>>
>>>>> Josh,
>>>>>
>>>>> Can you hire http://www.linkedin.com/pub/stephanie-fohn/0/49/80a or
>>>>> someone else with similar experience in business itself (not just
>>>>> webappsec) to consult on what to do about the Executive Director?
>>>>>
>>>>> Also what are the cost savings (both CAPEX and OPEX) and associated
>>>>> SLA in outsourcing to Virtual Management Inc, etc?
>>>>>
>>>>>
>>>>> On Thu, Jun 19, 2014 at 8:41 AM, Josh Sokol <josh.sokol at owasp.org>
>>>>> wrote:
>>>>> > That, in all honesty, was my first impression as well.  But then I
>>>>> started
>>>>> > thinking about OWASP as a company with finances, hr, operations, and
>>>>> other
>>>>> > concerns.  For most of us here, InfoSec is our core competency and
>>>>> not those
>>>>> > things.  We've made due with our Whistleblower Policies and Employee
>>>>> > Handbooks, but we owe it to all of our stakeholders to take a more
>>>>> > professional approach here and elsewhere in our business.  I'd much
>>>>> rather
>>>>> > see the Board and volunteers focus on our mission of AppSec and
>>>>> leave that
>>>>> > other stuff to their respective professionals.  That said, I'm very
>>>>> > interested in seeing where your head is at once you've had an
>>>>> opportunity to
>>>>> > research and give further consideration.
>>>>> >
>>>>> > ~josh
>>>>> >
>>>>> > On Jun 18, 2014 5:22 PM, "(P7N) Jason Johnson" <
>>>>> jason.johnson at p7n.net>
>>>>> > wrote:
>>>>> >>
>>>>> >> I have been quiet for sometime just watching as things happen as
>>>>> they
>>>>> >> usually do. Farming out the management duties to a third party
>>>>> sounds like
>>>>> >> some office space stuff. Sounds strange to me but I will research
>>>>> this and
>>>>> >> reply back with further disbelief. Meetings with the Bobs..."Well
>>>>> bob I say
>>>>> >> I do about 25 min of actual work a week" (officespace)
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >> On June 18, 2014 4:24:44 PM CDT, Josh Sokol <josh.sokol at owasp.org>
>>>>> wrote:
>>>>> >>>
>>>>> >>> OWASP Community,
>>>>> >>>
>>>>> >>> As you already know, our Executive Director, Sarah Baso, recently
>>>>> >>> announced that she will be leaving OWASP in August in order to
>>>>> spend quality
>>>>> >>> time with the coming addition to her family.  Since she initially
>>>>> notified
>>>>> >>> us of her intent, the Board and Sarah began the conversation of
>>>>> how OWASP
>>>>> >>> would move forward in her absence.  I think we all are aware that
>>>>> Sarah has
>>>>> >>> made some amazing contributions to our organization and her
>>>>> absence will not
>>>>> >>> go unnoticed.  That said, it is important for us to think about a
>>>>> short-term
>>>>> >>> transition plan as well as a long-term vision for the role of
>>>>> Executive
>>>>> >>> Director at OWASP.
>>>>> >>>
>>>>> >>> No decisions have been made yet, but the Board believes that there
>>>>> may be
>>>>> >>> significant value in working with a third-party professional
>>>>> management firm
>>>>> >>> with experience in global finance, human resources, and non-profit
>>>>> growth in
>>>>> >>> order to help us to assess where we are today and where we would
>>>>> like to get
>>>>> >>> to with the Foundation.  The goal would be to use them to
>>>>> transition many of
>>>>> >>> Sarah's current responsibilities, leverage their expertise to
>>>>> determine if
>>>>> >>> there are areas that we can improve upon, and then reassess our
>>>>> options at
>>>>> >>> that time (tentatively Q4 2014).  We could elect to keep them
>>>>> around,
>>>>> >>> conduct a search for a new Executive Director, or whatever we all
>>>>> feel makes
>>>>> >>> sense as we push forward.
>>>>> >>>
>>>>> >>> After researching several such services, we have all been very
>>>>> impressed
>>>>> >>> with a company called Virtual Management Inc.  Their support would
>>>>> include
>>>>> >>> time from Greg Kohn as the Team Lead, Tom Pappas for Finance and
>>>>> Grants, and
>>>>> >>> Janice Carroll for Operations.  They have a large volume of
>>>>> experience
>>>>> >>> working with non-profit organizations similar to our own and
>>>>> received a
>>>>> >>> positive review for their current work with the Apache Software
>>>>> Foundation.
>>>>> >>>
>>>>> >>> QUESTION:
>>>>> >>>
>>>>> >>> Has anyone had a business relationship with:
>>>>> >>>
>>>>> >>> Virtual Management Inc. or Wakefield, MA or any of its employees?
>>>>> >>> Website: http://www.virtualmgmt.com/
>>>>> >>> Linkedin: https://www.linkedin.com/company/50550
>>>>> >>>
>>>>> >>> We are conducting our due diligence and are looking for anyone who
>>>>> has
>>>>> >>> had either GOOD or BAD experiences with Virtual.  OWASP Community,
>>>>> if you
>>>>> >>> have any feedback regarding Virtual, we would love to hear your
>>>>> comments.
>>>>> >>> Please, if you have any thoughts, feel free to respond back to
>>>>> this message,
>>>>> >>> send us an e-mail in private, or call any of us up.  We have a
>>>>> contract from
>>>>> >>> Virtual, but wanted to make sure that there were no significant
>>>>> concerns
>>>>> >>> from the community before signing.  We've set a soft deadline of
>>>>> 5:00 PM PST
>>>>> >>> on Friday, June 20th to try and collect all feedback and make a
>>>>> decision on
>>>>> >>> how to proceed.  Thank you very much in advance for anything that
>>>>> you can
>>>>> >>> add to this conversation!
>>>>> >>>
>>>>> >>> Sincerely,
>>>>> >>>
>>>>> >>> The OWASP Board of Directors
>>>>> >>>
>>>>> >>> ________________________________
>>>>> >>>
>>>>> >>> OWASP-Leaders mailing list
>>>>> >>> OWASP-Leaders at lists.owasp.org
>>>>> >>>
>>>>> >>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>> >>
>>>>> >>
>>>>> >> Jason Johnson
>>>>> >> Projectseven
>>>>> >> e: Jason.Johnson at p7n.net
>>>>> >> c: **DATAMAN
>>>>> >> --
>>>>> >> On the phone. Please excuse my brevity.
>>>>> >
>>>>> >
>>>>> > _______________________________________________
>>>>> > Governance mailing list
>>>>> > Governance at lists.owasp.org
>>>>> > https://lists.owasp.org/mailman/listinfo/governance
>>>>> >
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Regards,
>>>>> Christian Heinrich
>>>>>
>>>>> http://cmlh.id.au/contact
>>>>>
>>>>
>>>
>>>
>>> --
>>> Regards,
>>> Christian Heinrich
>>>
>>> http://cmlh.id.au/contact
>>>
>>> _______________________________________________
>>> Governance mailing list
>>> Governance at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/governance
>>>
>>>
>>
>> _______________________________________________
>> Governance mailing list
>> Governance at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/governance
>>
>>
> _______________________________________________
> Governance mailing list
> Governance at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/governance
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20140619/9c7a1555/attachment-0001.html>


More information about the Governance mailing list