[Owasp-board] Another OWASP Hire?

Sebastien Deleersnyder seba at deleersnyder.eu
Tue Feb 12 07:08:02 UTC 2008



Absolutely good idea. This could really push OWASP further into a
professional organisation.

Side note: ideally the 1) person would have an 'open source' project on his
resume besides being able to talk to CxO level. 








From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Jeff Williams
Sent: maandag 11 februari 2008 23:02
To: 'OWASP Foundation Board List'
Subject: Re: [Owasp-board] Another OWASP Hire?


I strongly support this idea.  I agree with the priorities Dave put
suggested (1,3,2).  One of the goals I set back in 2004 was to get OWASP to
a place where we could afford to do this, and I'm thrilled we're finally





From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Dave Wichers
Sent: Monday, February 11, 2008 1:34 PM
To: 'OWASP Foundation Board List'
Subject: [Owasp-board] Another OWASP Hire?




OWASP currently has almost $400K at the moment, and revenue/momentum is
continuing to build.  I'd suggest we consider another hire.


There are three positions I think OWASP should consider, but my
recommendation is to go after the more expensive but most significant of the


1)      OWASP Chief Evangelist / Leader / Possibly eventual chair - I think
hiring someone similar in status to an existing board members that can
evangelize, help recruit corporate members, and really push the growth and
organization of OWASP is critical to our success.   -  Any of us interested
in a new job?   This would be expensive (maybe $125K-$175K) including all
benefits but could really be the catalyst to get things moving even faster
with OWASP.

2)      OWASP Developer - Having someone who can work on our key projects,
help make them all easy to install/run, merge together similar tools, start
generating many more production quality projects at OWASP would be great.

3)      OWASP Project Manager - Someone like Paulo who has been managing the
season of Code Projects who would be responsible for managing ALL OWASP
projects, both season of code and standard OWASP projects.


Each of these gets less expensive, but is not necessarily correspondingly
less important.


If it was me, I'd try to hire #1, then #3, then #2 if I had to pick an


What do you guys think. If you agree that we should consider investing in
hiring a senior team member, we should initiate an executive search. Two
example people come to my mind, Pravir Chandra (from Cigital) and Michael
Sutton (from HP/SPI), but all senior executives like Jack Danahy (Ounce) or
Kevin Kiernan (Was from Secure Software) would be great. Now I'm pretty sure
Jack/Kevin are not available but they might be able to help us find the
right person. In fact, we could contact the Sr. executives of a number of
OWASP members to see if they can help us find candidates.  I don't know how
broad/public we want to make this search but it's pretty critical to get it


Your thoughts?



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20080212/3bbc60e6/attachment-0002.html>

More information about the Owasp-board mailing list