[Owasp-board] [Owasp-leaders] Vote by email: Establishing OWASP Regional Security Councils

Ahmed Neil ahmed.neil at owasp.org
Thu Jan 7 09:23:54 UTC 2016


Agree with Andrew
On Jan 7, 2016 11:21 AM, "Azzeddine Ramrami" <azzeddine.ramrami at owasp.org>
wrote:

> Yes for me
>
> On Thu, Jan 7, 2016 at 5:28 AM, Andrew van der Stock <vanderaj at owasp.org>
> wrote:
>
>> As you can tell from my discussion, in it's current form and without it
>> being seconded or discussed, it would be a no from me at this stage. This
>> is *not* my formal vote on this matter, as I believe it can be shaped into
>> a voting package with a bit of work to define what it really is.
>>
>> Let's work on it a bit more as I'm roughly supportive of your initiative
>> and I think your heart is in the right place. Let's just make it better so
>> it can succeed before we plow on to a vote.
>>
>> Anything like this that comes up for a Board vote should be sent to the
>> board list for openness and transparency reasons. We had so many
>> unnecessary OTR conversations last year, when only a tiny handful really
>> required us to be circumspect in our public handling of the discussion. Can
>> we as a Board please ensure that we use the Board list unless it's
>> absolutely necessary to go offline?
>>
>> thanks,
>> Andrew
>>
>> On Thu, Jan 7, 2016 at 2:07 PM, Tom Brennan <tomb at proactiverisk.com>
>> wrote:
>>
>>> Is your vote No or abstain?
>>>
>>>
>>> On Wednesday, January 6, 2016, Andrew van der Stock <vanderaj at owasp.org>
>>> wrote:
>>>
>>>> Tom,
>>>>
>>>> Beyond the strategic focus of projects, there's not a lot of governance
>>>> in this at all; we don't want to create mini-boards, nor more rudderless
>>>> committees that have failed in the past.
>>>>
>>>> I'd like to see:
>>>>
>>>> What they are responsible for, specifically? If they are just projects
>>>> and not community or outreach, let's make that clear. I think given that
>>>> many projects are worldwide, delegating down to regional levels is not
>>>> really going to work. ASVS has leadership in the Australia (Asia Pac), UK
>>>> (Europe), and US (North America). Many projects would struggle with this
>>>> alignment.
>>>>
>>>> Secondly, you miss a critical regional OWASP super power - India. India
>>>> is almost always squished into EMEA or Asia Pac by western firms, but it's
>>>> not really a part of either grouping, and it's so big it pretty much
>>>> deserves to be on its own. I would like to hear from Indian chapter and
>>>> project leaders to see how we can make this work for them, if they would
>>>> prefer to be part of EMEA or AsiaPac, or their own thing.
>>>>
>>>> If are delegating our responsibility over projects, who do they report
>>>> to? In my view, it must be Claudia, who reports to Paul who reports to us.
>>>> If they report to us, that bypasses the Foundation staff's role of doing
>>>> stuff and is a vote of no confidence in our staff. I would like it very
>>>> much if it was made clear as how the lines of reporting work, and to make
>>>> sure Claudia can manage and delegate work off to the regional committees so
>>>> that they work on strategically aligned things rather than any old random
>>>> thing.
>>>>
>>>>
>>>>    - What they are doing is measurable? How do we measure success?
>>>>    - What they are doing is actionable? What specific steps are
>>>>    required for success?
>>>>    - What they are doing is realistic? Volunteer time is incredibly
>>>>    valuable, and they tend to work on things that appeal to them. Is it
>>>>    realistic to expect folks to work on things that they may not enjoy doing
>>>>    as a precursor to global board eligibility?
>>>>    - What they are doing is either time boxed or at least not open
>>>>    ended. This is the mistake we had last time, it was BAU make work that
>>>>    failed because no one wants to do BAU make work.
>>>>    - What sort of funding envelope will they have at their disposal?
>>>>    If it's the CEF and Projects budget, how does that impact project autonomy?
>>>>
>>>>
>>>> I'm keen to try out anything that really helps at a regional level, but
>>>> it can't just be the creation of more committees who don't know what they
>>>> are doing other than "do first, ask for forgiveness later". That's how all
>>>> of our previous committees failed. Let's not make the mistakes of the past.
>>>> Let's make it better with a bit more detail around the edges so they can
>>>> succeed.
>>>>
>>>> thanks,
>>>> Andrew
>>>>
>>>>
>>>>
>>>>
>>>> On Thu, Jan 7, 2016 at 10:38 AM, Bev Corwin <bev.corwin at owasp.org>
>>>> wrote:
>>>>
>>>>> Yes
>>>>>
>>>>> On Wed, Jan 6, 2016 at 1:58 PM, Tom Brennan - OWASP <tomb at owasp.org>
>>>>> wrote:
>>>>>
>>>>>> *Board Members:*
>>>>>>
>>>>>> A vote by email has been requested per *section 3.09 *Foundation
>>>>>> Bylaws
>>>>>>
>>>>>> https://www.owasp.org/images/e/e1/OWASPByLawsOfficial-25Sept2015CLEAN.pdf
>>>>>>
>>>>>> *Motion:*
>>>>>> Approve the establishment of Regional Representation of OWASP
>>>>>> Foundation to focus on the core projects and efforts of the foundation to
>>>>>> be known as:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> *-- Asia-Pacific Security Council (APSC) -- North America Security
>>>>>> Council (NASC) -- Europe Middle East and Africa Security Council (ESC) --
>>>>>> Latin America Security Council (LASC) *
>>>>>>
>>>>>> VOTES (please reply-all with your vote)
>>>>>> Tom - Motion / Yes
>>>>>> Jim -
>>>>>> Tobias -
>>>>>> Matt -
>>>>>> Anthony -
>>>>>> Michael -
>>>>>> Josh -
>>>>>>
>>>>>> *On Background:*
>>>>>>
>>>>>> *OWASP is built on self-organized efforts bottom up.*  Regional and
>>>>>> cultures are different around the world... never mind time zones.  OWASP
>>>>>> needs to reenergize regional coordination of projects activities, events,
>>>>>> summits, etc.  The motion is requesting a formal approval process to
>>>>>> establish regional advisory councils/committees as the first order of
>>>>>> business for our community volunteers in 2016. Each committee should be
>>>>>> 8-12 people.  Since we have "45,000" people in the community should not be
>>>>>> to hard to pick +/- 40 from the membership of 2508 as of today.
>>>>>> https://docs.google.com/spreadsheets/d/1-yoQ0XTBPfmZEvVSvXey0w3nGZXG2Ctbn3o_mXL7dAU/edit
>>>>>> <https://docs.google.com/spreadsheets/d/1-yoQ0XTBPfmZEvVSvXey0w3nGZXG2Ctbn3o_mXL7dAU/edit>
>>>>>>
>>>>>> Once approved OWASP has highlighted and empowered more volunteers to
>>>>>> self-organize and participate on core aspects of OWASP Foundation and
>>>>>> recognition of their time investment, locally and raises visibility
>>>>>> globally in key regions.
>>>>>>
>>>>>> *FAQ1*
>>>>>> *How do we then fill the Councils with members?*
>>>>>>
>>>>>> *Step #2 is simple*, the board will ask for self nominations,
>>>>>> solicit and appoint interested parties vetted with assistance of community
>>>>>> members and staff associated with industry users and/or leaders of projects
>>>>>> to be appointed for a (1) year term to these advisory boards. *This
>>>>>> creates quick and swift action and energy around the world aligned to the
>>>>>> mission of the charity and the strategic goals of 2016.*
>>>>>>
>>>>>> *FAQ2*
>>>>>> *But isn't that why Committee 2.0 was created?*
>>>>>>
>>>>>> Yes, but it needs help to get off the ground and implementation. So
>>>>>> to jump start it, you must start off with one year appointment of task
>>>>>> forces then we can follow Committee 2.0
>>>>>> https://owasp.org/index.php/Governance/OWASP_Committees and adjust
>>>>>> as needed.  This fantastic guidance document has had unfortunately no
>>>>>> action taken by the community so we need to *JUMP START IT *and the
>>>>>> community will evolve bottom up.
>>>>>>
>>>>>> *FAQ3*
>>>>>> *How do we know what they are working on?*
>>>>>> Not a big fan of micro management.. but I agree that if it is worth
>>>>>> doing, funding then metrics should be measured. Requesting a summary
>>>>>> roll-up report from each committee chairman simply outlining PLANS for next
>>>>>> three months, PROGRESS from last three months and PROBLEMS that they may
>>>>>> need the board to noodle on and help with.  This should be supplied
>>>>>> starting with Q2 board meeting to update on any efforts that they have self
>>>>>> organized and to demonstrate the cascading communication (
>>>>>> https://www.owasp.org/index.php/OWASP_Strategic_Goals) of strategic
>>>>>> goals globally
>>>>>>
>>>>>> In edition to encouraging virtual meetings, the groups will self
>>>>>> regulate and will likely rally at min.,  2x per year. 1x locally at
>>>>>> regional project summary  and 1x at global project summit off-site.  This
>>>>>> will self level.
>>>>>>
>>>>>> *FAQ4*
>>>>>> *What are the roles of the OWASP staff in these groups?*
>>>>>> The councils are self-organized by the regional members. Employees
>>>>>> aka: OWASP Foundation Operations provide support to EVERYONE so if a
>>>>>> council needs something they can request it just like everyone does
>>>>>> everyday example: https://www.tfaforms.com/308703 and the requests
>>>>>> will be responded to or escalated as needed.  We are establishing working
>>>>>> committees and leaders in regional groups, this is going back to basics and
>>>>>> helping to drive regional coordination and advisory status.
>>>>>>
>>>>>> *FAQ5*
>>>>>> *Who do you think should be appointed Tom?*
>>>>>>
>>>>>> IMHO Tip of my tongue are the candidates from 2015/2014 elections in
>>>>>> their regions of the world have already stated the "why me" lets not lose
>>>>>> that energy rather encourage it!
>>>>>>
>>>>>> Abbas Naderi Afooshteh
>>>>>> Jonathan Carter
>>>>>> Bill Corry
>>>>>> Nigel Phair
>>>>>> Milton Smith
>>>>>> Timur Khrotko
>>>>>> Tahir Khan
>>>>>> <insert others that are regionally recognized by their peers have
>>>>>> expressed they want to help the OWASP Mission>
>>>>>>
>>>>>> *FAQ6*
>>>>>> *We need a taskforce or a committee for X this will mess that up...*
>>>>>> When a defined need is established for a short or long term
>>>>>> taskforce, project, committee etc...etc.. the first thing we do is ask each
>>>>>> of these councils to represent their region of the world and take a active
>>>>>> part in the discussion.  If that does not fit then it does not limit a
>>>>>> additional *"get things done committee"* to work on and as we know
>>>>>> is true it will be a collection of people that have time to volunteer and
>>>>>> that is OPEN to everyone.
>>>>>>
>>>>>> *FAQ7*
>>>>>> If we do this will it upset the annual election process?
>>>>>> *It will enhance it actually..... *This model provides a pool of 40+
>>>>>> vetted people in the community that if they want to serve on a regional
>>>>>> board and then run for a global board they have a proven track record of
>>>>>> getting things done.
>>>>>>
>>>>>> *FAQ8*
>>>>>> If more discussion is needed happy to discuss on the NEXT board
>>>>>> meeting OR if you prefer to discuss it more just call me to understand the
>>>>>> spirit of the end goal.
>>>>>>
>>>>>> Skype: proactiverisk
>>>>>> Phone: 973-506-9304
>>>>>>
>>>>>> Tom Brennan
>>>>>> Global Board Member
>>>>>> OWASP Foundation
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> The information contained in this message and any attachments may be
>>>>>> privileged, confidential, proprietary or otherwise protected from
>>>>>> disclosure. If you, the reader of this message, are not the intended
>>>>>> recipient, you are hereby notified that any dissemination, distribution,
>>>>>> copying or use of this message and any attachment is strictly prohibited.
>>>>>> If you have received this message in error, please notify the sender
>>>>>> immediately by replying to the message, permanently delete it from your
>>>>>> computer and destroy any printout.
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>> --
>>>
>>> Tom Brennan
>>> ProactiveRISK | www.proactiverisk.com
>>> 973-506-9304
>>>
>>> Need to book time with me to discuss an existing or a future project
>>> click on my virtual calendar https://secure.scheduleonce.com/TomBrennan
>>>
>>>
>>> The information contained in this message and any attachments may be
>>> privileged, confidential, proprietary or otherwise protected from
>>> disclosure. If you, the reader of this message, are not the intended
>>> recipient, you are hereby notified that any dissemination, distribution,
>>> copying or use of this message and any attachment is strictly prohibited.
>>> If you have received this message in error, please notify the sender
>>> immediately by replying to the message, permanently delete it from your
>>> computer and destroy any printout.
>>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
> --
> Azzeddine RAMRAMI
> +33 6 65 48 90 04.
> Enterprise Security Architect
> OWASP Leader (Morocco Chapter)
> Mozilla Security Projects Mentor
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20160107/a2e81dac/attachment-0001.html>


More information about the Owasp-board mailing list