[Owasp-board] Another OWASP Hire?

Dinis Cruz dinis at ddplus.net
Tue Feb 12 15:14:22 UTC 2008


well, I think one of the problems WE (board members)  have is the fact
that we don't get direct payments from OWASP (not that I am saying we
should have those payments in the short term (let's wait for OWASP to
reach the 1M$ turnover)). So there are numerous occasions where we get
pulled from OWASP activities by super busy paid work schedule.

I think that the 50% is a good bet, and keeping with the tradition of
the SoC (Seasons of Code) if they don't deliver (or cannot commit the
time) then we don't pay.  For example with the 50% model we can TODAY
already allocate  2 or 3 guys for the next 6 months.

Dinis

On 2/12/08, Jeff Williams <jeff.williams at owasp.org> wrote:
> I think the 50% plan is dangerous as it is too easy for most people to
> ignore their less formal (OWASP) commitment. This is true of every one of
> us.  I want someone who can focus on making OWASP great without distraction.
>
> --Jeff
>
> -----Original Message-----
> From: owasp-board-bounces at lists.owasp.org
> [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Dinis Cruz
> Sent: Tuesday, February 12, 2008 8:42 AM
> To: Dave Wichers
> Cc: OWASP Foundation Board List
> Subject: Re: [Owasp-board] Another OWASP Hire?
>
> I also think that these are good ideas.
>
> I would go for Paulo ASAP (david's option #3) and would propose that
> we get #1 (the most experienced person) for 50% of the time (i.e.
> somebody that spends 2 1/2 days a week (10 days a month)) on  OWASP.
>
> I think the 50% / 50% rule for more experienced and expensive
> contracts has quite a number of benefits:
>
>  - it ensures that that individual continues to be very active in this
> 'profession/role'
>  - It will be easier to get the type of quality that we need (since
> that person will not need to leave his job to join OWASP)
>  - It shields OWASP from making bad hiring decisions (I would strongly
> recommend that this person is hired  under a 'six month contract
> valued at (for example) 75,000 USD') and would be a good working model
> for the future. In fact we should tie this with the Seasons of Code
> and add a special project requesting applications for it (i.e. the WoC
> could have a special category which would be 'Join OWASP team,
> Evangelist,  and work on key projects - $75,000')
>  - this would allow us to have 2 of these now (50% of Pravir and 50%
> of somebody else)
>
> and some drawbacks
>
>  - That person would not be full time with OWASP and his other time
> commitments could make him/her lose focus.
>
> Dinis
>
>
>
> On 2/11/08, Dave Wichers <dave.wichers at owasp.org> wrote:
> >
> >
> >
> >
> > Guys,
> >
> >
> >
> > OWASP currently has almost $400K at the moment, and revenue/momentum is
> > continuing to build.  I'd suggest we consider another hire.
> >
> >
> >
> > There are three positions I think OWASP should consider, but my
> > recommendation is to go after the more expensive but most significant of
> the
> > three.
> >
> >
> >
> > 1)      OWASP Chief Evangelist / Leader / Possibly eventual chair - I
> think
> > hiring someone similar in status to an existing board members that can
> > evangelize, help recruit corporate members, and really push the growth and
> > organization of OWASP is critical to our success.   -  Any of us
> interested
> > in a new job?   This would be expensive (maybe $125K-$175K) including all
> > benefits but could really be the catalyst to get things moving even faster
> > with OWASP.
> >
> > 2)      OWASP Developer - Having someone who can work on our key projects,
> > help make them all easy to install/run, merge together similar tools,
> start
> > generating many more production quality projects at OWASP would be great.
> >
> > 3)      OWASP Project Manager - Someone like Paulo who has been managing
> the
> > season of Code Projects who would be responsible for managing ALL OWASP
> > projects, both season of code and standard OWASP projects.
> >
> >
> >
> > Each of these gets less expensive, but is not necessarily correspondingly
> > less important.
> >
> >
> >
> > If it was me, I'd try to hire #1, then #3, then #2 if I had to pick an
> > order.
> >
> >
> >
> > What do you guys think. If you agree that we should consider investing in
> > hiring a senior team member, we should initiate an executive search. Two
> > example people come to my mind, Pravir Chandra (from Cigital) and Michael
> > Sutton (from HP/SPI), but all senior executives like Jack Danahy (Ounce)
> or
> > Kevin Kiernan (Was from Secure Software) would be great. Now I'm pretty
> sure
> > Jack/Kevin are not available but they might be able to help us find the
> > right person. In fact, we could contact the Sr. executives of a number of
> > OWASP members to see if they can help us find candidates.  I don't know
> how
> > broad/public we want to make this search but it's pretty critical to get
> it
> > right.
> >
> >
> >
> > Your thoughts?
> >
> >
> >
> > -Dave
> > _______________________________________________
> > Owasp-board mailing list
> > Owasp-board at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-board
> >
> >
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>



More information about the Owasp-board mailing list