[Owasp-board] IT support contractor

Matt Tesauro matt.tesauro at owasp.org
Mon May 14 18:49:28 UTC 2012

Thanks for the update.  Here's what I can add to your questions:

1. We need a call with rackspace - what support are they providing, what
does our contract currently provide?

@ a call with Rackspace: As soon as I have an account manager for our
managed migration determined, I'll setup a Doodle for a meeting time for
any interested party to get attend.  Since we're on public cloud, we don't
have an account manager as such but are one of many thousand public cloud

@ current support provided: We are currently on Rackspace's public cloud
using the "Cloud Servers" product.  Our contact with Rackspace is the same
as all other public cloud accounts.  Basically, Rackspace provides
connectivity and "power" to servers.  They also provide a simple way to
create new hosts on demand.

>From here
The SLA adopted for Cloud Servers is just as aggressive as the one
Rackspace provides for traditional hosted servers. It provides remedies for
any downtime event caused by the network, data center infrastructure, the
physical host server, or the migration of your instance from one physical
host to another (should that be required). Be sure to see our SLA in detail
and take a look at how we support Cloud Servers.
The legal-ese is here: http://www.rackspace.com/cloud/legal/sla/  (look at
the Cloud Server tab)

When we move hosts to managed, the SLA will change drastically.  Rackspace
will be minding the store 24x7x365.  Details and a chart of the differences
between public and managed is here:

We will have an account team assigned as well.  And Rackspace will keep the
server updated, patched, backed up, ...   Details on what they will patch
and keep updated is here:

The managed team could also be used to do Akamai integration as part of the
migration - at least that's on my radar.

2. Should we move forward with IT contractor

I think we should look at getting an IT contractor after we create a job
description and have a good understanding of what they will be doing.  We
can just do the usual, post a job description, gather resume's and vote on
who we think will work best for our needs.  I suspect this will be someone
to handle "IT tickets" generated by that Salesforce deal for areas covered
in their job description.  Also, I would guess this will be very ad hoc and
we'll basically need to get someone "on call" with some sort of an SLA on
response time.

Volunteers would be good for some things but my suspicion is that we'll
want the greater consistency of a contractor rather then volunteers for
what needs to get done in IT.

I would also make a distinction between this role and one of direct
employee support (e.g. Alison can't print).  To me, that is a very
different problem from keeping our servers up and running.

3. Should we expand hosted services

I'm assuming you mean "expand hosted services" on Rackspace's cloud. On a
needs and budget availability basis, sure.  We will have the ability to do
non-production "tests" on the public cloud and launch production aka "real"
things on managed hosts.  The new ESAPI server was launched as a managed

If you don't mean Rackspace cloud, I think its great if we can find
software as a service that fills a need for OWASP.  Saleforce and the
Barracuda email filtering are great examples of where this has worked great
for us in terms of donated services.  Same for pay items like

-- Matt Tesauro
OWASP Board Member
OWASP WTE Project Lead
http://AppSecLive.org - Community and Download site

On Mon, May 14, 2012 at 12:54 PM, Michael Coates
<michael.coates at owasp.org>wrote:

> Update from board meeting -
> No formal offer has been extended. At this point Kevin is helping as a
> volunteer to resolve a specific issue.
> Kevin has expressed interest to provide additional services on a
> contractor/paid situation. No official movement has occurred here yet.
> We need to decide our IT strategy here.  Outstanding issues:
> 1. We need a call with rackspace - what support are they providing, what
> does our contract currently provide?
> 2. Should we move forward with IT contractor
> 3. Should we expand hosted services
> Let's flush this out more on this thread to get some resources aligned.
> -------
> Michael Coates | OWASP
> michael.coates at owasp.org | @_mwc
> On May 7, 2012, at 5:43 PM, Matt Tesauro wrote:
> Kate,
> I understood that we were giving this guy a trial (seeing how he did
> fixing the Mailman bounce notification issue) and then would discuss
> actually hiring him at the next board meeting partially based on his
> performance solving the Mailman bounce issue.
> I assume we'd do what we've done for the other employees: Write up a job
> description and get some sort of agreement/contract in place after the
> board has discussed and approved bringing him on.  I do not think any
> employee should be added to the Foundation's payroll without a board
> discussion and vote.  Its also very hard to judge performance without some
> sort of job description.
> There's the IT list that Tom put up on the Wiki (which I believe was the
> source for your draft agreement) but there items in there that don't make
> sense - e.g. centralized repository of projects aka Sourceforge & Lulu book
> publication administration.  There is also the IT administration gap
> analysis I created for the last board meeting:
> https://docs.google.com/a/owasp.org/document/d/15JrtRNIfSBw4rdJ2xDuEMu6Bnb4U3IU6SddtePe8k2Q/edit
> If we really want to evaluate someone, lets first do a explicit task for a
> fee.
> I'd be game to have someone to the Akamai integration (or something
> similar) for flat fee as an evaluation prior to setting up a yearly
> arrangement.
> I'm meeting with relators this week to get my house listed in preparation
> for a move further south (likely New Braunfels) to get me closer to
> Rackspace's San Antonio office.  Considering the technical nature of this
> opening, I don't think Kate is the one to write up the job description.
> Tom:  Is that something you could knock out?
> --
> -- Matt Tesauro
> OWASP Board Member
> OWASP WTE Project Lead
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
> http://AppSecLive.org - Community and Download site
> On Mon, May 7, 2012 at 4:32 PM, Kate Hartmann <kate.hartmann at owasp.org>wrote:
>> Tom, it looks like the final decision was made to bring Kevin on board as
>> IT support.  I suspect his first “assignment” would be the mailman
>> configuration problems.****
>> ** **
>> What did you discuss with him as far as responsibilities.  Is he now our
>> go-to-guy for all things IT?****
>> ** **
>> Based on the threads I’ve seen, we will just pay him a quarterly
>> stipend.  We will need to discuss some sort of invoice for services – could
>> be simply a log of hours and tasks – to pay.****
>> ** **
>> I have taken a pass at drafting a contract between Kevin and OWASP.  It
>> is attached.****
>> ** **
>> Kate Hartmann****
>> Operations Director****
>> 301-275-9403****
>> www.owasp.org ****
>> Skype:  Kate.hartmann1****
>> ** **
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20120514/0b78ef66/attachment.html>

More information about the Owasp-board mailing list