[Owasp-leaders] Let's not lose Sarah Baso too (22.5k USD needed)

Stephen Craig Evans stephencraig.evans at gmail.com
Thu Apr 8 13:40:34 EDT 2004


Tobias,

"From that point of view, if a candidate would be related to OWASP
leaders in any way should actually rather be seen as a disadvantage
instead of an advantage, as it could cast doubt by outsiders on our
ability to conduct a professional and fair selection process. "

So if you are hiring for your company and you get a referral from an
employee, then that would be a mark against a candidate?

You don't think that an employer can view a person's very productive
part-time or consulting work and then want to hire them as a permanent
employee so they don't lose that person?

Are you for real?

Stephen

On Sun, Aug 21, 2011 at 6:46 PM, Tobias <tobias.gondrom at owasp.org> wrote:
> +1
>
> I like to support Martin's statement here.
>
> Going forward with our organisation we need to be very clear in avoiding
> favourtism or any perception of it. So giving a contract for USD45.000 per
> year to a person must be done following due process and an objective
> selection process by the board. And furthermore with all due respect, I also
> like to point out that this amount is no little money for OWASP, nor for any
> qualified candidate.
>
> We also should separate the two independent issues and discuss them
> individually:
> 1. Do we need/want to hire a permanent FTE resource (instead of contract
> work) to assist with the operation of OWASP and how much money do we want to
> and can invest in that?
> 2. Who would be the best person for the task?
>
> I can imagine to allocate a budget for this depending on advice and
> judgement from the board. Though in my personal opinion, I think due to the
> nature of the work, seasonally varying workloads and our organisation, a
> contractor would be better suited for us than a FTE.
> However, in either case, if we allocate such a budget we must use a proper
> and open hiring process and actually be very careful to avoid any
> misconduct. I.e. the process should result in a set of good viable
> candidates to choose from. Even the perception of possible favourtism should
> be avoided if at all possible. From that point of view, if a candidate would
> be related to OWASP leaders in any way should actually rather be seen as a
> disadvantage instead of an advantage, as it could cast doubt by outsiders on
> our ability to conduct a professional and fair selection process.
>
> Best regards, Tobias
>
>
> Ps.: btw. as a remark: it can be seen as rather problematic to raise the
> question of the employment of any person/candidate with that candidate
> reading and taking part in the whole communication (as is the case with
> Sarah on the leaders list). E.g. in my organisation this would open all
> kinds of legal problems and be seen as a fundamentally unprofessional hiring
> process.
>
>
>
> On 19/08/11 11:23, Martin Knobloch wrote:
>
> No personal offence....and sorry if I am the rude German, but what is this
> discussion about?
>
>                Sarah is a OWASP contractor, hired on a hourly basis.
>
> Yes, I do aprechiate what Sarah does, but if we are talking business, we
> have to consider a lot more and be aware of an open and transparent process!
> We are a Open community. If we are hiring, we should to this on a fair
> process and basis. Right?
>
> I do not understand those emotional emails when it comes to business! Sorry
> Dinis, but I do not appreciate those panic emails!
> Making things more complicated, are we as non-profit organisation allowed to
> hire Sarah, as she is a friend to many and her husband being a chapter
> leader?
> ..we have made errors on that before, by hiring Dinis' wife and friends of
> Dinis for the OWASP summit.
> This is in the past and I will not discus the way this has happen, but we do
> not want to have conflicting interests again.
> So, anyone can give us legal advice on this?
>
> Anyhow...
> We need a clear statement of the tasks, estimate work load (is there enough
> for a full FTE?) and then go from there!
> As far as I know, Sarah and Kate where discussing on what tasks Sarah can
> support Kate.
> If we do need a FTE for tasks, currently performed by Sarah, we should see a
> open process to hire a FTE. This, as she has the OWASP and task experience,
> would be most likely Sarah, but is not bound to Sarah.
>
> This matter should be discussed by those who steering OWASP, the Foundation
> Board and committees!
>
> Cheers,
> -Martin
>
>
> On Fri, Aug 19, 2011 at 6:42 AM, <Venkatesh.Jagannathan at cognizant.com>
> wrote:
>>
>> I second this move. Let us make it a point that every chapter leader
>> contributes minimum US$20 or US$50 to keep people like Sarah. I mean, 20$ is
>> not too much to ask for right?
>>
>>
>> Thanks & Regards,
>> Venkatesh Jagannathan (Venki) | Digital Security Practice |: +91-91766
>> VENKI |: 448462 |: +91-44-42098462 | : http://www.cognizant.com |:
>> http://www.linkedin.com/in/heyvenki
>>  Avoid plastics. Use recycled paper bags. Save Trees. Avoid Printing.
>>
>> +----------------------------------------------------------------------------+
>> | Thinking is the Capital, Enterprise is the way, Hard Work is the
>> solution. |
>> |                       Avul Pakir Jainulabdeen Abdul Kalam - Ignited
>> Minds. |
>>
>> +----------------------------------------------------------------------------+
>>
>>
>> -----Original Message-----
>> From: owasp-leaders-bounces at lists.owasp.org
>> [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Stephen Craig
>> Evans
>> Sent: Friday, August 19, 2011 9:40 AM
>> To: Dinis Cruz
>> Cc: owasp-leaders at lists.owasp.org
>> Subject: Re: [Owasp-leaders] Let's not lose Sarah Baso too (22.5k USD
>> needed)
>>
>> Hi Dinis,
>>
>> I'll put in $100 USD. Tell me where to send the check and how to
>> direct it in order to pay Sarah.
>>
>> While that I can stand on the soapbox, I will say this:
>>
>> Being a lurker these last couple of years on the OWASP leaders list,
>> IMHO we need to pay and keep a core group of people to keep it going.
>> There are 3 types of OWASPers, the super-people who are always there
>> (I don't want to name names and risk leaving somebody off the list);
>> the contributors who are constant; and, in my case, the contributors
>> that put in bursts when they have the time.
>>
>> We can't rely on the super-people to be there forever; we have to pay
>> a core group to keep the lights on. Has this core group been
>> identified yet? I know Kate & Paolo, and now we have ex-Larry (sorry
>> if I missed somebody else).
>>
>> As a former member of the membership committee, I pushed for cutting
>> the funds to the chapters whenever the "Mother Ship" needed the
>> funding. To me, chapters "getting a cut of the action" is a
>> nice-to-have, whereas keeping the core is a need-to-have.
>>
>> If anybody is wondering, even though my participation in OWASP has
>> been minimal the last 2 years, I pay my annual dues.
>>
>> Just my opinion,
>> Stephen
>>
>>
>> --
>> http://www.linkedin.com/in/stephencraigevans
>>
>> On Thu, Aug 18, 2011 at 5:55 AM, Dinis Cruz <dinis at ddplus.net> wrote:
>> > On the topic of OWASP administrative/support resources (following on
>> > from Larry's thread), let's not lose Sarah Baso too.
>> >
>> > I'm going to assume that most of you (by now) have seen Sarah Baso in
>> > action and understand that it would be a catastrophic error for OWASP to
>> > lose her (if you have questions please raise them, and I'm sure that there
>> > will be enough stories and comments to change your mind)
>> >
>> > To cut a long story short, after Sarah's amazing performance at the last
>> > Summit, the idea was to hire Sarah as a Full Time OWASP contractor/employee.
>> >
>> > In terms of compensation Sarah (who has a degree in Law btw), took into
>> > account OWASP's financial situation and how much she loves our community,
>> > and asked for a very modest and reasonable 20 USD per hour. This would be
>> > the equivalent of 160 USD per day (8h day), 800 USD per week and 3,600 a
>> > month and 43,200 a year). Of course that Sarah will work (on average) more
>> > than 8h a day, so anywhere you look at this it is a great deal for OWASP.
>> >
>> > The problem is that since the OWASP board has devolved the funds to the
>> > OWASP committees and chapters (which is a good thing) there are not enough
>> > central funds to cover this cost, and so far, the ones with funds have not
>> > come together and created a solution for this.
>> >
>> > So here is my request, for the ones with funds available (committees and
>> > chapters),  PLEASE come together and commit 22,500 USD (25.500 USD in some
>> > parts of the world :) ) to cover for 6 months of Sarah's salary (and create
>> > time for a more permanent solution). I would propose that this would be from
>> > the 1st of July till the 31st of December (since Sarah has been already
>> > putting the hours since).
>> >
>> > Sarah SHOULD not be seen as a volunteer. She provides admin and
>> > infrastructure support which NEEDS to be paid.
>> >
>> > FYI, this thread started at BlackHat last week week when I realised to
>> > my horror that Sarah's contractual situation was still not resolved (I think
>> > at the time there was only 5k USD been made available for specific work on a
>> > couple committees). I spoke to her at length, and she is still very
>> > motivated to work for OWASP. She has great  ideas for how OWASP could be
>> > organised and where she can help, BUT, after asking too many times, she has
>> > given up in asking for a solution (she is also happy to have this 'personal'
>> > conversation in public). The ball is on our court, so let's make this
>> > happen!
>> >
>> > Finally, there are other ways to raise this 22.5k USD, but before we go
>> > down those roads, we need to know how much funds can OWASP commit to Sarah.
>> >
>> > Let's not lose Sarah too.....
>> >
>> > Dinis Cruz
>> > _______________________________________________
>> > OWASP-Leaders mailing list
>> > OWASP-Leaders at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> >
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>> This e-mail and any files transmitted with it are for the sole use of the
>> intended recipient(s) and may contain confidential and privileged
>> information.
>> If you are not the intended recipient, please contact the sender by reply
>> e-mail and destroy all copies of the original message.
>> Any unauthorized review, use, disclosure, dissemination, forwarding,
>> printing or copying of this email or any action taken in reliance on this
>> e-mail is strictly prohibited and may be unlawful.
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>



-- 
http://www.linkedin.com/in/stephencraigevans


More information about the OWASP-Leaders mailing list