[Owasp-leaders] OWASP Podcast Series

Andrew van der Stock vanderaj at owasp.org
Tue Dec 23 23:06:59 EST 2008


I'm from an enterprise architecture background, having done security  
architecture of several largish projects.

I wouldn't mind being in on PodCast #5 with James if that makes any  


On Dec 13, 2008, at 2:09 PM, Jim Manico wrote:

> James,
> 	I have been a fan of your blog and writings for some time, and I
> feel that you would be a great addition to the OWASP podcast series.
> Perhaps we can talk offline regarding scheduling you in for podcast  
> #5.
> 	By the same token, I'm a little taken aback by your comments
> below. I feel there are plenty of other speakers besides yourself who
> can bring an Enterprise perspective to application security, and  
> it's my
> intention to include them in the series.
> 	But I do agree with you 100% - we need more than just
> consultants and vendors and I will try to move in that direction as  
> the
> series matures.
> 	Here is where I'm at so far with scheduling.
> 	#1 - Jeff Williams, Arshan and J Grossman (done, Nov 21)
> 	#2 - TSSCI (Andre and Marcin) (probably will be an anti-WAF
> talk) (end December)
> 	#3 - I'm hoping to find someone who supports WAF technology, to
> balance out the bloodbath that will be #2 :) (1st week January)
> 	#4 - Marco Morana (OWASP as an international organization) (2nd
> week January)
> 	#5 - Hopefully, the illustrious James McGovern regarding
> Enterprise-wide AppSec issues (hopefully, 3rd week in January)
> 	#6 - I'm hoping to land Michal Zalewski regarding
> http://browsersec.googlecode.com (4th week in January)
> 	#7 - TBD
> 	As you all are as well, I'm a very busy lad. The effort to
> schedule, record and produce this podcast series is significant and  
> I am
> doing this for the glory of OWASP (not the glory of Aspect). In the
> spirit of the Java Posse, if someone would like to participate, it's
> just a matter of scheduling.
> 	Please note, the only reason that I am the host is because I
> have drawn my sword and am charging up the hill. If anyone wishes to
> join me in the charge (ie: record + take on the host roll, help
> schedule, help produce to podcast) I am very open to concrete real- 
> world
> assistance.
> 	I am also hoping to start each podcast with a brief 10 minute
> AppSec news section, fyi. Perhaps someone could take on that small
> segment, record on their own, and send me the file weekly to include  
> in
> the podcast? It's very easy to record just a single onsite voice with
> good quality.
> 	Anyhow, I am truly doing my best to be of service to the OWASP
> community. If I am off the mark, let me know.
> 	- Jim
> -----Original Message-----
> From: owasp-leaders-bounces at lists.owasp.org
> [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of McGovern,
> James F (HTSC, IT)
> Sent: Friday, December 12, 2008 8:59 AM
> To: Owasp-Leaders at Lists.Owasp
> Subject: Re: [Owasp-leaders] OWASP Podcast Series
> My take says that we should prioritize speakers based on their name
> recognition. Sadly, known names within the US may not be known outside
> the US. Of course, I would like to be a participant as well in this
> podcast to bring more of an enterprise perspective as I suspect there
> will be no others. If the podcasts reflect more diversity and aren't
> just software vendors and consultants, it will help our community
> immensely.
> -----Original Message-----
> From: owasp-leaders-bounces at lists.owasp.org
> [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Jim Manico
> Sent: Thursday, December 11, 2008 6:40 PM
> To: Andre Gironda; Owasp-Leaders at Lists.Owasp
> Subject: Re: [Owasp-leaders] OWASP Podcast Series
> Andre,
> I have a somewhat complex answer for you here:
> 1) Jeremiah Grossman is someone who although I might not agree with  
> all
> the times, is a rather respectful member of the AppSec community. He  
> is
> trying his best and I felt grateful that he participated in the  
> podcast.
> 2) I want to make sure we invite a wide range of speakers to the  
> podcast
> series. This is a new industry and we all have a lot to learn -  
> getting
> different perspectives will be of service to the community, IMO.
> 3) I'm a fan of your blog, and I'd like to interview you someday for  
> the
> series. But really, how does trashing Jeremiah (or anyone, really)  
> help
> the cause? We have better ways to spend our valuable energy. I hope  
> that
> if we interview you, that we can find a way to approach this topic  
> in a
> positive light, even when we disagree with others.
> -Jim
> -----Original Message-----
> From: Andre Gironda [mailto:andreg at gmail.com]
> Sent: Thursday, December 11, 2008 4:15 PM
> To: Owasp-Leaders at Lists.Owasp
> Cc: Jim Manico; Laurence Casey
> Subject: Re: [Owasp-leaders] OWASP Podcast Series
> On Thu, Dec 11, 2008 at 12:35 PM, Jim Manico
> <jim.manico at aspectsecurity.com> wrote:
>> 3)      The first OWASP podcast was recorded on November 21st and is
> located
>> on my personal account at http://www.manico.net/final.mp3 - please do
> not
>> pass this url around, but feel free to listen in and provide  
>> feedback.
> The
>> audio quality is not great, this is just my first attempt, and it  
>> will
> get
>> better.
> Jim,
> It was awesome!  I listened to it a few weeks ago and was really
> impressed with the whole podcast.  Arshan and Jeff were great, as
> always.
> Just one question, though.  Who is Jeremiah Grossman?  He didn't  
> really
> seem qualified to answer any of your questions and couldn't really  
> keep
> up with the conversation.  I was kind of surprised that you  
> interviewed
> some no-namer who didn't know much about the subject matter.  Maybe  
> you
> can prep your guests more ahead of time?
> Cheers,
> Andre
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> ************************************************************
> This communication, including attachments, is for the exclusive use of
> addressee and may contain proprietary, confidential and/or privileged
> information.  If you are not the intended recipient, any use, copying,
> disclosure, dissemination or distribution is strictly prohibited.  If
> you are not the intended recipient, please notify the sender  
> immediately
> by return e-mail, delete this communication and destroy all copies.
> ************************************************************
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

Andrew van der Stock
Lead Author, OWASP Guide and OWASP Top 10

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2458 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-leaders/attachments/20081223/ea458654/attachment.bin 

More information about the OWASP-Leaders mailing list