[Owasp-leaders] Full time OWASP evangelist...

Steve Kosten steve.kosten at owasp.org
Fri Dec 14 17:39:59 UTC 2012


I also think OWASP has done amazingly well in educating the community on
application security with extremely limited dedicated resources.  As Jerry
stated, while we have a motivated and very talented volunteer base, perhaps
more is needed to achieve the mission of the organization.  And as Dennis
pointed out, there are *so* many areas where we have function while being
woefully understaffed.

I think we need to ask ourselves, in terms of our mission, where do we want
to be in 5 years?  Do we see OWASP operating much as it is today with
dedicated support staff reporting to the board (as this is my current
understanding).  Or do we see dedicated full time leadership running the
OWASP day to day activities with support staff while still reporting to the
board.  Perhaps other options.

While I have not been exposed to the finances of OWASP, I would expect, as
Jerry stated, that a full-time leadership position could rapidly pay for
himself/herself and would put us on a stronger foundation for achieving our
stated mission through the next five years.  By leveraging existing work
and progress, such a leader could develop additional revenue for the
organization through training and other means, all of which would be
actions towards fulfilling our mission.  Sure, we would need revenue
through sponsorship or other means initially, but I believe we can sell a
vision that would be rapidly attainable.

To quickly list a few things off, I could see:

   - More training for outreach that also funds the organization
   - More support for chapters in lining up speakers for meetings
   - More regional conferences that help fund local chapters and the
   - Very strong project management and project oversight to help ensure
   our projects are successful in fulfilling our mission goals

My humble thoughts (and always willing to help w/ any of this).

Steve Kosten (Denver chapter lead)

On Fri, Dec 14, 2012 at 5:34 AM, Sherif Koussa <sherif.koussa at owasp.org>wrote:

> I 100% agree that OWASP need immediate administrative services, project
> management, designers, etc more so than an evangelist. However, I think
> this is a brilliant idea, because if the evangelist is doing a good job in
> spreading the word around, hiring for those positions will be much
> more attainable goal, because more people will get to know OWASP, like
> OWASP, use OWASP and support OWASP which is more likely to turn in more
> revenue (training, individual and corporate memberships) that could be used
> to hire more people.
> And the job could definitely be called something else for sure.
> Regards,
> Sherif
> On Fri, Dec 14, 2012 at 2:56 AM, Dinis Cruz <dinis.cruz at owasp.org> wrote:
>> They are different things, and yeah we need those too :)
>> PS Jim: http://csharp-repl.apphb.com/36
>> Dinis Cruz
>> On 14 December 2012 07:38, Jim Manico <jim.manico at owasp.org> wrote:
>>> Jerry,
>>> If we substitute "evangelist" with "Marketing Director" or "community
>>> coordinator" or "volunteer coordinator" or "developer community liaison" -
>>> would that still work for you?
>>> Let's try a different name to skirt around Dinis' indifference for the
>>> term "evangelist" even though you were talking about:
>>> http://en.wikipedia.org/wiki/**Evangelism_marketing<http://en.wikipedia.org/wiki/Evangelism_marketing>- right?
>>> Cheers, Jerry.
>>> - Jim
>>> PS Dinis:  NTdkZTVkOTcxOTAxOGYwMmVhYzc4Yz**k1OTZmNTlkMDY=
>>>  We already have that, it's the OWASP leaders (and we should be
>>>> investing in supporting them better)
>>>> In terms of hiring staff, there are a lot of other roles that are
>>>> needed first (sysadmin, tech editors, more project management, event
>>>> organisers, designer, reviewers, video/audio editors, etc)
>>>> And btw, the term 'evangelize' really doesn't work outside the US and
>>>> has a lot of religious connotations.
>>>> That said, if you know of a company that wants to pay somebody to have
>>>> that role, them that's great :)
>>>> Dinis Cruz
>>>> On 14 Dec 2012, at 04:52, Jerry Hoff <jerry at owasp.org> wrote:
>>>>  Esteemed Board and Leaders,
>>>>> I've been doing a lot of thinking about OWASP and our mission - and I
>>>>> really think we need a little more balance.
>>>>> We obviously have a strong volunteer base consisting of many of the
>>>>> most experienced and motivated web app sec pros on the planet.
>>>>> However, I think we also need more full time owasp employees to
>>>>> evangelize, coordinate and guide us as we experience sustained growth,
>>>>> attention and involvement.
>>>>> We want to make appsec more visible, to inform as many stakeholders as
>>>>> possible of the security issues that plague web and application development.
>>>>> To better achieve these ends I move to start a petition / movement to
>>>>> hire a full time evangelist.
>>>>> Ideally this would be a position filled by a vocal advocate for OWASP
>>>>> and appsec who can take our message and advance it out to the developer
>>>>> community at large.
>>>>> This role could also assist the other full time owasp employees shape
>>>>> and guide the organization and its outreach efforts.
>>>>> Along with owasp, I've been highly involved with toastmasters - what
>>>>> they have done as an organization can easily serve as an organizational
>>>>>  template for us.
>>>>> I have deep love and respect for OWASP and everyone who volunteers -
>>>>> I'm extremely confident that investing in a full time evangelist will reap
>>>>> huge returns and cement OWASP even more firmly in the development world.
>>>>> Leaders, what do you think? Would love to hear from those who agree /
>>>>> disagree. Anyone interested in full time OWASP evangelizing?
>>>>> In the meantime I'm going to be working towards getting corporate
>>>>> sponsorship to fund more full timers.
>>>>> Distinti saluti,
>>>>> Jerry
>>>>> ______________________________**_________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/**mailman/listinfo/owasp-leaders<https://lists.owasp.org/mailman/listinfo/owasp-leaders>
>>>> ______________________________**_________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/**mailman/listinfo/owasp-leaders<https://lists.owasp.org/mailman/listinfo/owasp-leaders>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20121214/475ab45a/attachment-0001.html>

More information about the OWASP-Leaders mailing list