[Owasp-leaders] OWASP Podcast Series

Jim Manico jim.manico at aspectsecurity.com
Sat Dec 13 14:09:30 EST 2008


	I have been a fan of your blog and writings for some time, and I
feel that you would be a great addition to the OWASP podcast series.
Perhaps we can talk offline regarding scheduling you in for podcast #5.

	By the same token, I'm a little taken aback by your comments
below. I feel there are plenty of other speakers besides yourself who
can bring an Enterprise perspective to application security, and it's my
intention to include them in the series.

	But I do agree with you 100% - we need more than just
consultants and vendors and I will try to move in that direction as the
series matures.

	Here is where I'm at so far with scheduling.

	#1 - Jeff Williams, Arshan and J Grossman (done, Nov 21)
	#2 - TSSCI (Andre and Marcin) (probably will be an anti-WAF
talk) (end December)
	#3 - I'm hoping to find someone who supports WAF technology, to
balance out the bloodbath that will be #2 :) (1st week January)
	#4 - Marco Morana (OWASP as an international organization) (2nd
week January)
	#5 - Hopefully, the illustrious James McGovern regarding
Enterprise-wide AppSec issues (hopefully, 3rd week in January)
	#6 - I'm hoping to land Michal Zalewski regarding
http://browsersec.googlecode.com (4th week in January)
	#7 - TBD

	As you all are as well, I'm a very busy lad. The effort to
schedule, record and produce this podcast series is significant and I am
doing this for the glory of OWASP (not the glory of Aspect). In the
spirit of the Java Posse, if someone would like to participate, it's
just a matter of scheduling.
	Please note, the only reason that I am the host is because I
have drawn my sword and am charging up the hill. If anyone wishes to
join me in the charge (ie: record + take on the host roll, help
schedule, help produce to podcast) I am very open to concrete real-world
	I am also hoping to start each podcast with a brief 10 minute
AppSec news section, fyi. Perhaps someone could take on that small
segment, record on their own, and send me the file weekly to include in
the podcast? It's very easy to record just a single onsite voice with
good quality.

	Anyhow, I am truly doing my best to be of service to the OWASP
community. If I am off the mark, let me know.

	- Jim


-----Original Message-----
From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of McGovern,
James F (HTSC, IT)
Sent: Friday, December 12, 2008 8:59 AM
To: Owasp-Leaders at Lists.Owasp
Subject: Re: [Owasp-leaders] OWASP Podcast Series

 My take says that we should prioritize speakers based on their name
recognition. Sadly, known names within the US may not be known outside
the US. Of course, I would like to be a participant as well in this
podcast to bring more of an enterprise perspective as I suspect there
will be no others. If the podcasts reflect more diversity and aren't
just software vendors and consultants, it will help our community

-----Original Message-----
From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Jim Manico
Sent: Thursday, December 11, 2008 6:40 PM
To: Andre Gironda; Owasp-Leaders at Lists.Owasp
Subject: Re: [Owasp-leaders] OWASP Podcast Series


I have a somewhat complex answer for you here:

1) Jeremiah Grossman is someone who although I might not agree with all
the times, is a rather respectful member of the AppSec community. He is
trying his best and I felt grateful that he participated in the podcast.

2) I want to make sure we invite a wide range of speakers to the podcast
series. This is a new industry and we all have a lot to learn - getting
different perspectives will be of service to the community, IMO.

3) I'm a fan of your blog, and I'd like to interview you someday for the
series. But really, how does trashing Jeremiah (or anyone, really) help
the cause? We have better ways to spend our valuable energy. I hope that
if we interview you, that we can find a way to approach this topic in a
positive light, even when we disagree with others.


-----Original Message-----
From: Andre Gironda [mailto:andreg at gmail.com]
Sent: Thursday, December 11, 2008 4:15 PM
To: Owasp-Leaders at Lists.Owasp
Cc: Jim Manico; Laurence Casey
Subject: Re: [Owasp-leaders] OWASP Podcast Series

On Thu, Dec 11, 2008 at 12:35 PM, Jim Manico
<jim.manico at aspectsecurity.com> wrote:
> 3)      The first OWASP podcast was recorded on November 21st and is
> on my personal account at http://www.manico.net/final.mp3 - please do
> pass this url around, but feel free to listen in and provide feedback.
> audio quality is not great, this is just my first attempt, and it will
> better.


It was awesome!  I listened to it a few weeks ago and was really
impressed with the whole podcast.  Arshan and Jeff were great, as

Just one question, though.  Who is Jeremiah Grossman?  He didn't really
seem qualified to answer any of your questions and couldn't really keep
up with the conversation.  I was kind of surprised that you interviewed
some no-namer who didn't know much about the subject matter.  Maybe you
can prep your guests more ahead of time?

OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
This communication, including attachments, is for the exclusive use of
addressee and may contain proprietary, confidential and/or privileged
information.  If you are not the intended recipient, any use, copying,
disclosure, dissemination or distribution is strictly prohibited.  If
you are not the intended recipient, please notify the sender immediately
by return e-mail, delete this communication and destroy all copies.

OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org

More information about the OWASP-Leaders mailing list