[Owasp-leaders] Let's not lose Sarah Baso too (22.5k USD needed)

Tobias tobias.gondrom at owasp.org
Thu Apr 8 09:40:11 EDT 2004


I like to support Martin's statement here.

Going forward with our organisation we need to be very clear in avoiding 
favourtism or any perception of it. So giving a contract for USD45.000 
per year to a person must be done following due process and an objective 
selection process by the board. And furthermore with all due respect, I 
also like to point out that this amount is no little money for OWASP, 
nor for any qualified candidate.

We also should separate the two independent issues and discuss them 
1. Do we need/want to hire a permanent FTE resource (instead of contract 
work) to assist with the operation of OWASP and how much money do we 
want to and can invest in that?
2. Who would be the best person for the task?

I can imagine to allocate a budget for this depending on advice and 
judgement from the board. Though in my personal opinion, I think due to 
the nature of the work, seasonally varying workloads and our 
organisation, a contractor would be better suited for us than a FTE.
However, in either case, if we allocate such a budget we must use a 
proper and open hiring process and actually be very careful to avoid any 
misconduct. I.e. the process should result in a set of good viable 
candidates to choose from. Even the perception of possible favourtism 
should be avoided if at all possible. From that point of view, if a 
candidate would be related to OWASP leaders in any way should actually 
rather be seen as a disadvantage instead of an advantage, as it could 
cast doubt by outsiders on our ability to conduct a professional and 
fair selection process.

Best regards, Tobias

Ps.: btw. as a remark: it can be seen as rather problematic to raise the 
question of the employment of any person/candidate with that candidate 
reading and taking part in the whole communication (as is the case with 
Sarah on the leaders list). E.g. in my organisation this would open all 
kinds of legal problems and be seen as a fundamentally unprofessional 
hiring process.

On 19/08/11 11:23, Martin Knobloch wrote:
> No personal offence....and sorry if I am the rude German, but what is 
> this discussion about?
>                Sarah is a OWASP contractor, hired on a hourly basis.
> Yes, I do aprechiate what Sarah does, but if we are talking business, 
> we have to consider a lot more and be aware of an open and transparent 
> process! We are a Open community. If we are hiring, we should to this 
> on a fair process and basis. Right?
> I do not understand those emotional emails when it comes to business! 
> Sorry Dinis, but I do not appreciate those panic emails!
> Making things more complicated, are we as non-profit organisation 
> allowed to hire Sarah, as she is a friend to many and her husband 
> being a chapter leader?
> ..we have made errors on that before, by hiring Dinis' wife and 
> friends of Dinis for the OWASP summit.
> This is in the past and I will not discus the way this has happen, but 
> we do not want to have conflicting interests again.
> So, anyone can give us legal advice on this?
> Anyhow...
> We need a clear statement of the tasks, estimate work load (is there 
> enough for a full FTE?) and then go from there!
> As far as I know, Sarah and Kate where discussing on what tasks Sarah 
> can support Kate.
> If we do need a FTE for tasks, currently performed by Sarah, we should 
> see a open process to hire a FTE. This, as she has the OWASP and task 
> experience, would be most likely Sarah, but is not bound to Sarah.
> This matter should be discussed by those who steering OWASP, the 
> Foundation Board and committees!
> Cheers,
> -Martin
> On Fri, Aug 19, 2011 at 6:42 AM, <Venkatesh.Jagannathan at cognizant.com 
> <mailto:Venkatesh.Jagannathan at cognizant.com>> wrote:
>     I second this move. Let us make it a point that every chapter
>     leader contributes minimum US$20 or US$50 to keep people like
>     Sarah. I mean, 20$ is not too much to ask for right?
>     Thanks & Regards,
>     Venkatesh Jagannathan (Venki) | Digital Security Practice |?:
>     +91-91766 VENKI |??: 448462 |?: +91-44-42098462
>     <tel:%2B91-44-42098462> | ?: http://www.cognizant.com |?:
>     http://www.linkedin.com/in/heyvenki
>     ? Avoid plastics. Use recycled paper bags. Save Trees. Avoid Printing.
>     +----------------------------------------------------------------------------+
>     | Thinking is the Capital, Enterprise is the way, Hard Work is the
>     solution. |
>     |                       Avul Pakir Jainulabdeen Abdul Kalam -
>     Ignited Minds. |
>     +----------------------------------------------------------------------------+
>     -----Original Message-----
>     From: owasp-leaders-bounces at lists.owasp.org
>     <mailto:owasp-leaders-bounces at lists.owasp.org>
>     [mailto:owasp-leaders-bounces at lists.owasp.org
>     <mailto:owasp-leaders-bounces at lists.owasp.org>] On Behalf Of
>     Stephen Craig Evans
>     Sent: Friday, August 19, 2011 9:40 AM
>     To: Dinis Cruz
>     Cc: owasp-leaders at lists.owasp.org
>     <mailto:owasp-leaders at lists.owasp.org>
>     Subject: Re: [Owasp-leaders] Let's not lose Sarah Baso too (22.5k
>     USD needed)
>     Hi Dinis,
>     I'll put in $100 USD. Tell me where to send the check and how to
>     direct it in order to pay Sarah.
>     While that I can stand on the soapbox, I will say this:
>     Being a lurker these last couple of years on the OWASP leaders list,
>     IMHO we need to pay and keep a core group of people to keep it going.
>     There are 3 types of OWASPers, the super-people who are always there
>     (I don't want to name names and risk leaving somebody off the list);
>     the contributors who are constant; and, in my case, the contributors
>     that put in bursts when they have the time.
>     We can't rely on the super-people to be there forever; we have to pay
>     a core group to keep the lights on. Has this core group been
>     identified yet? I know Kate & Paolo, and now we have ex-Larry (sorry
>     if I missed somebody else).
>     As a former member of the membership committee, I pushed for cutting
>     the funds to the chapters whenever the "Mother Ship" needed the
>     funding. To me, chapters "getting a cut of the action" is a
>     nice-to-have, whereas keeping the core is a need-to-have.
>     If anybody is wondering, even though my participation in OWASP has
>     been minimal the last 2 years, I pay my annual dues.
>     Just my opinion,
>     Stephen
>     --
>     http://www.linkedin.com/in/stephencraigevans
>     On Thu, Aug 18, 2011 at 5:55 AM, Dinis Cruz <dinis at ddplus.net
>     <mailto:dinis at ddplus.net>> wrote:
>     > On the topic of OWASP administrative/support resources
>     (following on from Larry's thread), let's not lose Sarah Baso too.
>     >
>     > I'm going to assume that most of you (by now) have seen Sarah
>     Baso in action and understand that it would be a catastrophic
>     error for OWASP to lose her (if you have questions please raise
>     them, and I'm sure that there will be enough stories and comments
>     to change your mind)
>     >
>     > To cut a long story short, after Sarah's amazing performance at
>     the last Summit, the idea was to hire Sarah as a Full Time OWASP
>     contractor/employee.
>     >
>     > In terms of compensation Sarah (who has a degree in Law btw),
>     took into account OWASP's financial situation and how much she
>     loves our community, and asked for a very modest and reasonable 20
>     USD per hour. This would be the equivalent of 160 USD per day (8h
>     day), 800 USD per week and 3,600 a month and 43,200 a year). Of
>     course that Sarah will work (on average) more than 8h a day, so
>     anywhere you look at this it is a great deal for OWASP.
>     >
>     > The problem is that since the OWASP board has devolved the funds
>     to the OWASP committees and chapters (which is a good thing) there
>     are not enough central funds to cover this cost, and so far, the
>     ones with funds have not come together and created a solution for
>     this.
>     >
>     > So here is my request, for the ones with funds available
>     (committees and chapters),  PLEASE come together and commit 22,500
>     USD (25.500 USD in some parts of the world :) ) to cover for 6
>     months of Sarah's salary (and create time for a more permanent
>     solution). I would propose that this would be from the 1st of July
>     till the 31st of December (since Sarah has been already putting
>     the hours since).
>     >
>     > Sarah SHOULD not be seen as a volunteer. She provides admin and
>     infrastructure support which NEEDS to be paid.
>     >
>     > FYI, this thread started at BlackHat last week week when I
>     realised to my horror that Sarah's contractual situation was still
>     not resolved (I think at the time there was only 5k USD been made
>     available for specific work on a couple committees). I spoke to
>     her at length, and she is still very motivated to work for OWASP.
>     She has great  ideas for how OWASP could be organised and where
>     she can help, BUT, after asking too many times, she has given up
>     in asking for a solution (she is also happy to have this
>     'personal' conversation in public). The ball is on our court, so
>     let's make this happen!
>     >
>     > Finally, there are other ways to raise this 22.5k USD, but
>     before we go down those roads, we need to know how much funds can
>     OWASP commit to Sarah.
>     >
>     > Let's not lose Sarah too.....
>     >
>     > Dinis Cruz
>     > _______________________________________________
>     > OWASP-Leaders mailing list
>     > OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>     > https://lists.owasp.org/mailman/listinfo/owasp-leaders
>     >
>     _______________________________________________
>     OWASP-Leaders mailing list
>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>     This e-mail and any files transmitted with it are for the sole use
>     of the intended recipient(s) and may contain confidential and
>     privileged information.
>     If you are not the intended recipient, please contact the sender
>     by reply e-mail and destroy all copies of the original message.
>     Any unauthorized review, use, disclosure, dissemination,
>     forwarding, printing or copying of this email or any action taken
>     in reliance on this e-mail is strictly prohibited and may be unlawful.
>     _______________________________________________
>     OWASP-Leaders mailing list
>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20040408/1761a6cb/attachment.html 

More information about the OWASP-Leaders mailing list