[Owasp-board] 1st OWASP hire - Admin Support?

Dave Wichers dave.wichers at owasp.org
Thu Oct 18 03:57:16 UTC 2007

I'm glad everyone is on board. I was not envisioning this person as a
technical person, thus I don't quite understand your comment about it being
someone recommended by an OWASP contributor. If it's a secretarial type
admin person, I wouldn't imagine that they'd easily be able to recommend
someone from the Baltimore DC area, and I'm also not sure about this whole
voting business either.


Can you explain more your thoughts in this regard? I'm all for free and
open, but I don't think it always makes sense in all cases. (like voting on
who we hire).




From: Dinis Cruz [mailto:dinis at ddplus.net] 
Sent: Wednesday, October 17, 2007 10:01 PM
To: jeff.williams at owasp.org
Cc: Andrew van der Stock; Dave Wichers; OWASP Board
Subject: Re: [Owasp-board] 1st OWASP hire - Admin Support?


I'm ok with that too, and I'm pretty sure we already have the budget for
year 1.


So go for it.


Jeff can you post the job description on a WIKI page, GMail doesn't
understand the new .docx format :) 


It does make sense to be at Aspect offices.


Ideally it would be somebody recommended by an OWASP contributor, and the
hire should be agreed by both owasp-board and owasp-leaders crowd (with a
majority vote (of the ones who vote :) )) 




On 10/18/07, Jeff Williams <jeff.williams at owasp.org
<mailto:jeff.williams at owasp.org> > wrote:

I agree with all of this, and would like to move ahead on this.

The responsibilities for the job are good.  I would add some more content 
creation responsibilities there, like the Monthly Newsletter, audio/video
editing, and updating the front page.  I'd also like them to help with
promotional activities, find contributors for projects, and create 
documentation for tools.

It might also be useful to list some of the characteristics of the person
who would be great at this job.  They have to be outgoing and personable -
willing to talk with lots of people and get stuff organized. If they had 
experience running fundraising efforts, that would be a huge plus.


-----Original Message-----
From: Andrew van der Stock [mailto:vanderaj at greebo.net ]
Sent: Monday, October 15, 2007 10:55 PM
To: Dave Wichers; Jeff Williams; Dinis Cruz
Cc: OWASP Board
Subject: Re: [Owasp-board] 1st OWASP hire - Admin Support?

(sorry for the cross-posting - board e-mails do not work for me at 
the moment)

When I was SAGE-AU President, one of the very first things we did as
soon as I made el Presidente was to offload all the administrivia to
an admin person. Before my presidency, We had a really nice lady 4 
hours a week, and only bumped her hours when the annual conference
became a nightmare. That really wasn't enough and it was hampering
growth. So we made her full time against the wishes of a large
minority on the SAGE-AU executive committee, but it was the best 
thing SAGE AU ever did. Membership jumped from 650 to just under 1000
in the next two years. It's amazing the difference when the executive
board is free to do strategy and leave the execution to others.

I think we need this. Once we have an admin person full time, we can
really concentrate on getting more individual members, and getting
those processed in a timely fashion. More on this point in another
post. I firmly believe without a full time admin person, we cannot 
get the 1000 or so individual memberships we could get (an easy $100k
per year). This position would be self funding if we managed
somewhere in the range of 500-600 memberships. With 1000 renewals and
sending out membership packs, and so on, would swamp our current 
resources, so we do need that person to grow to that point.

(Aspect hat really, really off - OWASP hat firmly ensconced on my
noggin) On the location for this resource, considering three of us
are in the Aspect offices, I think that makes it the best location - 
we can pop our head around the corner and say "hi". This really
helped with the interns. If cost is an issue, much of Europe is more
expensive than the USA, and London even more so. Asia is nice and
cheap, but we don't really have a lot of solid resources in that area
yet. Australia is about the only place I'd support the person if it's
not in the Aspect offices. Justin Derry's company, b-sec, has nice 
offices in Brisbane. We could ask them if they could host our admin
person. However, honestly, it wouldn't be much cheaper than doing it
in the USA (maybe $10-20k per year max) and we'd lose the synergy of 
being able to see the person regularly and making sure they're okay,
have a safe working environment and have adequate resources to do
their thing on OWASP's behalf. Plus, as OWASP is a not for profit, so 
paying someone and coping with their (foreign) taxes in another
country might be a tad difficult without setting up another OWASP
shell company in that country, and we may lose any benefit of our tax
deductibility. I know Australian law is pretty down on charities with 
a single employee (it just doesn't happen).

OWASP just needs this to go to the next level. I am surprised we've
taken this long without having someone on the payroll already. I
strongly urge this course of action, no matter where the person is 


On Oct 15, 2007, at 3:09 PM, Dave Wichers wrote:

> I think it's well past time that OWASP hire a full time
> administrator to do a lot of the stuff that Aspect employees are 
> now doing for OWASP.  Attached is a job description for this position.
> Given the interdependencies of all the various things that Aspect
> currently does, and to smooth the transition, we'd recommend that 
> this person be hired and work out of Aspect's offices.
> We'll plan to set as much up as possible so this person does work
> for OWASP, is paid by OWASP, has benefits provided by OWASP, and 
> only uses Aspect resources when absolutely necessary. For example,
> Aspect can lease a tiny amount of office space to OWASP for this
> person, can share our phone and networking infrastructure, but
> practically everything else can be provided by OWASP itself. My
> goal is to make this as completely independent as possible, which
> would be much more so than the current arrangement where Aspect is
> reimbursed for OWASP support provided by various Aspect admin
> personnel.
> Aspect still plans to provide support to OWASP in the way we do now
> (network admin support, overflow admin support, etc.), but the goal 
> would be for this new hire to take on as much of this work as
> possible. I actually believe that this person will quickly get
> overwhelmed and would still need help from Aspect, but when that
> person got too busy, then we could hire another OWASP employee, 
> etc. This is a way of transitioning to full time OWASP support when
> the quantity of basic support that Aspect has been providing
> becomes too great.
> I'm thinking a base salary in the $30K-$50K range for this 
> position, based on the experience of the person being hired. Plus a
> set of benefits that we would have to define.
> What do you guys think about this idea?
> -Dave
> <OWASP Administrator.docx>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20071017/a13c598f/attachment-0002.html>

More information about the Owasp-board mailing list