[Owasp-board] Another OWASP Hire?

Dave Wichers dave.wichers at owasp.org
Tue Feb 12 15:17:21 UTC 2008

I agree.

-----Original Message-----
From: Jeff Williams [mailto:jeff.williams at owasp.org] 
Sent: Tuesday, February 12, 2008 10:01 AM
To: 'Dinis Cruz'; 'Dave Wichers'
Cc: 'OWASP Foundation Board List'
Subject: RE: [Owasp-board] Another OWASP Hire?

I think the 50% plan is dangerous as it is too easy for most people to
ignore their less formal (OWASP) commitment. This is true of every one of
us.  I want someone who can focus on making OWASP great without distraction.


-----Original Message-----
From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Dinis Cruz
Sent: Tuesday, February 12, 2008 8:42 AM
To: Dave Wichers
Cc: OWASP Foundation Board List
Subject: Re: [Owasp-board] Another OWASP Hire?

I also think that these are good ideas.

I would go for Paulo ASAP (david's option #3) and would propose that
we get #1 (the most experienced person) for 50% of the time (i.e.
somebody that spends 2 1/2 days a week (10 days a month)) on  OWASP.

I think the 50% / 50% rule for more experienced and expensive
contracts has quite a number of benefits:

 - it ensures that that individual continues to be very active in this
 - It will be easier to get the type of quality that we need (since
that person will not need to leave his job to join OWASP)
 - It shields OWASP from making bad hiring decisions (I would strongly
recommend that this person is hired  under a 'six month contract
valued at (for example) 75,000 USD') and would be a good working model
for the future. In fact we should tie this with the Seasons of Code
and add a special project requesting applications for it (i.e. the WoC
could have a special category which would be 'Join OWASP team,
Evangelist,  and work on key projects - $75,000')
 - this would allow us to have 2 of these now (50% of Pravir and 50%
of somebody else)

and some drawbacks

 - That person would not be full time with OWASP and his other time
commitments could make him/her lose focus.


On 2/11/08, Dave Wichers <dave.wichers at owasp.org> wrote:
> Guys,
> OWASP currently has almost $400K at the moment, and revenue/momentum is
> continuing to build.  I'd suggest we consider another hire.
> There are three positions I think OWASP should consider, but my
> recommendation is to go after the more expensive but most significant of
> three.
> 1)      OWASP Chief Evangelist / Leader / Possibly eventual chair - I
> hiring someone similar in status to an existing board members that can
> evangelize, help recruit corporate members, and really push the growth and
> organization of OWASP is critical to our success.   -  Any of us
> in a new job?   This would be expensive (maybe $125K-$175K) including all
> benefits but could really be the catalyst to get things moving even faster
> with OWASP.
> 2)      OWASP Developer - Having someone who can work on our key projects,
> help make them all easy to install/run, merge together similar tools,
> generating many more production quality projects at OWASP would be great.
> 3)      OWASP Project Manager - Someone like Paulo who has been managing
> season of Code Projects who would be responsible for managing ALL OWASP
> projects, both season of code and standard OWASP projects.
> Each of these gets less expensive, but is not necessarily correspondingly
> less important.
> If it was me, I'd try to hire #1, then #3, then #2 if I had to pick an
> order.
> What do you guys think. If you agree that we should consider investing in
> hiring a senior team member, we should initiate an executive search. Two
> example people come to my mind, Pravir Chandra (from Cigital) and Michael
> Sutton (from HP/SPI), but all senior executives like Jack Danahy (Ounce)
> Kevin Kiernan (Was from Secure Software) would be great. Now I'm pretty
> Jack/Kevin are not available but they might be able to help us find the
> right person. In fact, we could contact the Sr. executives of a number of
> OWASP members to see if they can help us find candidates.  I don't know
> broad/public we want to make this search but it's pretty critical to get
> right.
> Your thoughts?
> -Dave
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
Owasp-board mailing list
Owasp-board at lists.owasp.org

More information about the Owasp-board mailing list