[Owasp-leaders] Why OWASP can't pay OWASP Leaders

Eoin eoin.keary at owasp.org
Wed Apr 11 13:34:53 UTC 2012

Hey Antonio,

Leaders should not contribute to projects?
Most projects exist because because of the leaders contributions.
Sorry if I am not understanding you correctly? :)

On 11 April 2012 14:27, Antonio Fontes <antonio.fontes at owasp.org> wrote:

> I agree with Dinis, leaders should not be paid.
> Basically, the inner concept of a leader doing the actual work is
> basically wrong. If leaders want to work on guides or tools or
> whatsoever OWASP project (or chapter), then they should consider
> resigning from their position as leaders and instead become
> contributors, or reviewers, or developers, or whatsoever title they may
> find attractive. As leaders, I personaly believe that these actually do
> more harm to OWASP projects than they help.
> This applies to chapter leaders also. At both summits I attended, I
> heard several chapters leaders reporting that organizing local meetings
> takes too much of their time. While investing lots of their personal
> time in literaly doing all the work may sound honorable, it's not the
> reason why they are (or should be) elected as leaders.
> To the contrary, a leader must emphasize on:
> - ensuflating the inspiration and motivation in the contributors of a
> project
> - identifying, locating, contacting, planing, organising, inspiring,
> motivating and managing (or surrounding him-herself with) the most
> appropriate resources who can help him/her achieve the mission.
> In a project leadership position, this practically translates into:
> - Defining the project mission statement with clear and easy words,
> understanding and expressing the need that is being answered and the
> response to this need, defining the deliverables that would satisfy this
> need and how the leader sees a path towards the construction and the
> delivery of these deliverables.
> - Looking for end-users (sometimes, it would be the project leader
> itself) and contributors (designers, coders, reviewers/testers,
> documenters, etc.) that may benefit from participating in such a project
> (also known as looking for win-win situations) in other ways than just
> earning some cash.
> - Driving these end-users and contributors in such a way that it meets
> the project mission and deliverables.
> Most projects that stale right now are either led by people:
> - who don't use the tool anymore and who were its original user
> - who created an ecosystem in which their actual work is necessary to
> keep the project alive, hence its death when the leader suddenly starts
> working at a real job
> - who dreamed of receiving the glorious title of "OWASP Project Leader"
> (and all its benefits) and who actually have no clue on where to go next
> - who have a vision but don't know how to turn it into real stuff <---
> these guys DEFINITELY NEED HELP/SUPPORT from a project manager (which
> rebounds to another discussion on the need for dedicated professional
> support inside OWASP).
> This also applies to chapter meetings. Being a chapter leader mostly
> requires organizing meetings. This translates to:
> - Envisioning the meeting itself: its size, its venue, its agenda, its
> date, etc.
> - Looking for people who want to help. Believe me: a lot of people
> actually want to help you FOR FREE. There are people who want to help
> you find a venue, others who want to help you find speakers, other who
> want to help you manage the registrations, etc. Even some others who
> want to financialy support your meeting just to allow them to appear
> anywhere in it.
> As a leader, whether on a project or chapter, two major skills are
> required and they have nothing to do with application security:
> - the ability to connect people from different backgrounds and make them
> work together to turn a vision into real stuff.
> - the ability to recognize that they no longer do they job and should
> reconsider transfering their responsibility to someone else.
> More practically, being a leader MOSTLY results in:
> - sending emails to the right people
> - answering emails from these people
> - attending a few conference calls through skype
> If your vision of a leader's duties include much more work than that,
> then there is a high probability that you are doing the work that
> someone else wants to do, for free, just because he/she wants to help
> you or benefits from helping you.
> A little thought to those who still don't believe we need to hire people
> at OWASP: a not-for-profit organization means a not-for-profit
> organization. In now way does it mean "unrewarded workers", it just
> means that whatever the revenue, it remains strictly invested in
> achieving the mission and nothing else, whether that revenue be 10$ or
> 10m$. OWASP needs some core resources to be hired as professionals to
> make sure that the entire ecosystem of volounteers can actually do their
> work in the best conditions. These professionals do not need to
> understand anything about application security: if you work for a
> security company which employs an accountant, just ask her/him to list
> you at least one item from the OWASP Top 10. I am sure you would not
> fire her/him for being such an ignorant, would you? These people should
> earn a normal salary, neither lower nor higher than elsewhere, that is
> entirely and stricly disconnected from any incentive to increase yearly
> revenue but rather making sure it is allocated the smartest way.
> Considering that I am not a project leader myself, I understand I may be
> completly out of bounds in some parts of my reply. I sincerely apologize
> if I hurt someone with this, please consider it just as a proposition
> resulting from a "personal view on things".
> Finally, I am also in the SHAMEFUL situation of a Chapter Leader who
> hasn't been doing his job for the last months and I sincerely hope that
> writing this email will have the retro-consequence of kicking up my own
> a.s!
> Antonio
> --
> Antonio Fontes
> OWASP Switzerland, board member
> OWASP Geneva, chapter leader
>  skype: antonio.fontes
> On 11.04.2012 03:41, vanderaj vanderaj wrote:
> > Dinis,
> >
> > So essentially, the only folks who can't get paid are those who do. the.
> > work.
> >
> > No worries. Loud and clear.
> >
> > I must remember that the next time I think I want to sign up to sit in
> > my office for months on end away from my family and friends.
> >
> > thanks,
> > Andrew
> >
> >
>  > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

Eoin Keary
OWASP Global Board Member (Vice Chair)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120411/e339dbe8/attachment.html>

More information about the OWASP-Leaders mailing list