[Owasp-board] Another OWASP Hire?
dave.wichers at owasp.org
Tue Feb 12 15:27:32 UTC 2008
Given the seniority of the person we'd be trying to hire here, I think both
part time, and a try before you buy model would make it very difficult to
attract the right person, and keep their attention focused on OWASP and not
other things. So I really think we need to hire someone full time, and on a
permanent basis. We can always let someone go if they can't produce, but
that would be bad, so we really need to find the right guy who has great
referrals from within OWASP or that we know already somehow.
From: Dinis Cruz [mailto:dinis at ddplus.net]
Sent: Tuesday, February 12, 2008 10:14 AM
To: jeff.williams at owasp.org
Cc: Dave Wichers; OWASP Foundation Board List
Subject: Re: [Owasp-board] Another OWASP Hire?
well, I think one of the problems WE (board members) have is the fact
that we don't get direct payments from OWASP (not that I am saying we
should have those payments in the short term (let's wait for OWASP to
reach the 1M$ turnover)). So there are numerous occasions where we get
pulled from OWASP activities by super busy paid work schedule.
I think that the 50% is a good bet, and keeping with the tradition of
the SoC (Seasons of Code) if they don't deliver (or cannot commit the
time) then we don't pay. For example with the 50% model we can TODAY
already allocate 2 or 3 guys for the next 6 months.
On 2/12/08, Jeff Williams <jeff.williams at owasp.org> wrote:
> I think the 50% plan is dangerous as it is too easy for most people to
> ignore their less formal (OWASP) commitment. This is true of every one of
> us. I want someone who can focus on making OWASP great without
> -----Original Message-----
> From: owasp-board-bounces at lists.owasp.org
> [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Dinis Cruz
> Sent: Tuesday, February 12, 2008 8:42 AM
> To: Dave Wichers
> Cc: OWASP Foundation Board List
> Subject: Re: [Owasp-board] Another OWASP Hire?
> I also think that these are good ideas.
> I would go for Paulo ASAP (david's option #3) and would propose that
> we get #1 (the most experienced person) for 50% of the time (i.e.
> somebody that spends 2 1/2 days a week (10 days a month)) on OWASP.
> I think the 50% / 50% rule for more experienced and expensive
> contracts has quite a number of benefits:
> - it ensures that that individual continues to be very active in this
> - It will be easier to get the type of quality that we need (since
> that person will not need to leave his job to join OWASP)
> - It shields OWASP from making bad hiring decisions (I would strongly
> recommend that this person is hired under a 'six month contract
> valued at (for example) 75,000 USD') and would be a good working model
> for the future. In fact we should tie this with the Seasons of Code
> and add a special project requesting applications for it (i.e. the WoC
> could have a special category which would be 'Join OWASP team,
> Evangelist, and work on key projects - $75,000')
> - this would allow us to have 2 of these now (50% of Pravir and 50%
> of somebody else)
> and some drawbacks
> - That person would not be full time with OWASP and his other time
> commitments could make him/her lose focus.
> On 2/11/08, Dave Wichers <dave.wichers at owasp.org> wrote:
> > Guys,
> > OWASP currently has almost $400K at the moment, and revenue/momentum is
> > continuing to build. I'd suggest we consider another hire.
> > There are three positions I think OWASP should consider, but my
> > recommendation is to go after the more expensive but most significant of
> > three.
> > 1) OWASP Chief Evangelist / Leader / Possibly eventual chair - I
> > hiring someone similar in status to an existing board members that can
> > evangelize, help recruit corporate members, and really push the growth
> > organization of OWASP is critical to our success. - Any of us
> > in a new job? This would be expensive (maybe $125K-$175K) including
> > benefits but could really be the catalyst to get things moving even
> > with OWASP.
> > 2) OWASP Developer - Having someone who can work on our key
> > help make them all easy to install/run, merge together similar tools,
> > generating many more production quality projects at OWASP would be
> > 3) OWASP Project Manager - Someone like Paulo who has been managing
> > season of Code Projects who would be responsible for managing ALL OWASP
> > projects, both season of code and standard OWASP projects.
> > Each of these gets less expensive, but is not necessarily
> > less important.
> > If it was me, I'd try to hire #1, then #3, then #2 if I had to pick an
> > order.
> > What do you guys think. If you agree that we should consider investing
> > hiring a senior team member, we should initiate an executive search. Two
> > example people come to my mind, Pravir Chandra (from Cigital) and
> > Sutton (from HP/SPI), but all senior executives like Jack Danahy (Ounce)
> > Kevin Kiernan (Was from Secure Software) would be great. Now I'm pretty
> > Jack/Kevin are not available but they might be able to help us find the
> > right person. In fact, we could contact the Sr. executives of a number
> > OWASP members to see if they can help us find candidates. I don't know
> > broad/public we want to make this search but it's pretty critical to get
> > right.
> > Your thoughts?
> > -Dave
> > _______________________________________________
> > Owasp-board mailing list
> > Owasp-board at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-board
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
More information about the Owasp-board