[Owasp-leaders] Full time OWASP evangelist...

Tom Brennan tomb at owasp.org
Fri Dec 14 18:43:19 UTC 2012


All,

If you had about 1M dollars to manage for the mission ("The mission of the
Organization is to make application security visible, so that people and
organizations can make informed decisions about true application security
risks".)  of OWASP how would you do it?

Here is a link to the DRAFT 2013 Budget in case you missed it:

https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AhI4iTO_QojvdEVpZXU4WDRVbFhvM2FuLTU1Mlg3a1E#gid=0

Copy below if you can't view the working draft above

https://docs.google.com/spreadsheet/ccc?key=0AhtB029bdcxGdDFDcVJnb2hqUG0zRFFZdF9xeDhZM2c

===

OWASP Tax filings are at:
https://www.owasp.org/index.php/About_OWASP#Tax_Filings

Most current 2011 taxes @
https://www.owasp.org/images/9/9b/2011_Tax_Return.pdf

===

In addition to the discussion on the thread that is AWESOME BTW the next
scheduled meeting is 2013-Jan not posted yet but stay tuned if you want to
dial in

https://www.owasp.org/index.php/OWASP_Board_Meetings

========================

Note for 2013 the roles of the board have been decided and will be as
follows:

https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#2013_Global_Board_Members

Enjoy the holiday break 2013 is going to be the year of software security!



On Fri, Dec 14, 2012 at 12:39 PM, Steve Kosten <steve.kosten at owasp.org>wrote:

> All,
>
> I also think OWASP has done amazingly well in educating the community on
> application security with extremely limited dedicated resources.  As Jerry
> stated, while we have a motivated and very talented volunteer base, perhaps
> more is needed to achieve the mission of the organization.  And as Dennis
> pointed out, there are *so* many areas where we have function while being
> woefully understaffed.
>
> I think we need to ask ourselves, in terms of our mission, where do we
> want to be in 5 years?  Do we see OWASP operating much as it is today with
> dedicated support staff reporting to the board (as this is my current
> understanding).  Or do we see dedicated full time leadership running the
> OWASP day to day activities with support staff while still reporting to the
> board.  Perhaps other options.
>
> While I have not been exposed to the finances of OWASP, I would expect, as
> Jerry stated, that a full-time leadership position could rapidly pay for
> himself/herself and would put us on a stronger foundation for achieving our
> stated mission through the next five years.  By leveraging existing work
> and progress, such a leader could develop additional revenue for the
> organization through training and other means, all of which would be
> actions towards fulfilling our mission.  Sure, we would need revenue
> through sponsorship or other means initially, but I believe we can sell a
> vision that would be rapidly attainable.
>
> To quickly list a few things off, I could see:
>
>    - More training for outreach that also funds the organization
>    - More support for chapters in lining up speakers for meetings
>    - More regional conferences that help fund local chapters and the
>    organization
>    - Very strong project management and project oversight to help ensure
>    our projects are successful in fulfilling our mission goals
>
> My humble thoughts (and always willing to help w/ any of this).
>
> Steve Kosten (Denver chapter lead)
>
>
>
> ------------------------------------------------------
>
> On Fri, Dec 14, 2012 at 5:34 AM, Sherif Koussa <sherif.koussa at owasp.org>wrote:
>
>> I 100% agree that OWASP need immediate administrative services, project
>> management, designers, etc more so than an evangelist. However, I think
>> this is a brilliant idea, because if the evangelist is doing a good job in
>> spreading the word around, hiring for those positions will be much
>> more attainable goal, because more people will get to know OWASP, like
>> OWASP, use OWASP and support OWASP which is more likely to turn in more
>> revenue (training, individual and corporate memberships) that could be used
>> to hire more people.
>>
>> And the job could definitely be called something else for sure.
>>
>> Regards,
>> Sherif
>>
>>
>> On Fri, Dec 14, 2012 at 2:56 AM, Dinis Cruz <dinis.cruz at owasp.org> wrote:
>>
>>> They are different things, and yeah we need those too :)
>>>
>>> PS Jim: http://csharp-repl.apphb.com/36
>>>
>>> Dinis Cruz
>>>
>>>
>>> On 14 December 2012 07:38, Jim Manico <jim.manico at owasp.org> wrote:
>>>
>>>> Jerry,
>>>>
>>>> If we substitute "evangelist" with "Marketing Director" or "community
>>>> coordinator" or "volunteer coordinator" or "developer community liaison" -
>>>> would that still work for you?
>>>>
>>>> Let's try a different name to skirt around Dinis' indifference for the
>>>> term "evangelist" even though you were talking about:
>>>> http://en.wikipedia.org/wiki/**Evangelism_marketing<http://en.wikipedia.org/wiki/Evangelism_marketing>- right?
>>>>
>>>> Cheers, Jerry.
>>>> - Jim
>>>>
>>>> PS Dinis:  NTdkZTVkOTcxOTAxOGYwMmVhYzc4Yz**k1OTZmNTlkMDY=
>>>>
>>>>
>>>>  We already have that, it's the OWASP leaders (and we should be
>>>>> investing in supporting them better)
>>>>>
>>>>> In terms of hiring staff, there are a lot of other roles that are
>>>>> needed first (sysadmin, tech editors, more project management, event
>>>>> organisers, designer, reviewers, video/audio editors, etc)
>>>>>
>>>>> And btw, the term 'evangelize' really doesn't work outside the US and
>>>>> has a lot of religious connotations.
>>>>>
>>>>> That said, if you know of a company that wants to pay somebody to have
>>>>> that role, them that's great :)
>>>>>
>>>>> Dinis Cruz
>>>>>
>>>>> On 14 Dec 2012, at 04:52, Jerry Hoff <jerry at owasp.org> wrote:
>>>>>
>>>>>  Esteemed Board and Leaders,
>>>>>>
>>>>>> I've been doing a lot of thinking about OWASP and our mission - and I
>>>>>> really think we need a little more balance.
>>>>>>
>>>>>> We obviously have a strong volunteer base consisting of many of the
>>>>>> most experienced and motivated web app sec pros on the planet.
>>>>>>
>>>>>> However, I think we also need more full time owasp employees to
>>>>>> evangelize, coordinate and guide us as we experience sustained growth,
>>>>>> attention and involvement.
>>>>>>
>>>>>> We want to make appsec more visible, to inform as many stakeholders
>>>>>> as possible of the security issues that plague web and application
>>>>>> development.
>>>>>>
>>>>>> To better achieve these ends I move to start a petition / movement to
>>>>>> hire a full time evangelist.
>>>>>>
>>>>>> Ideally this would be a position filled by a vocal advocate for OWASP
>>>>>> and appsec who can take our message and advance it out to the developer
>>>>>> community at large.
>>>>>>
>>>>>> This role could also assist the other full time owasp employees shape
>>>>>> and guide the organization and its outreach efforts.
>>>>>>
>>>>>> Along with owasp, I've been highly involved with toastmasters - what
>>>>>> they have done as an organization can easily serve as an organizational
>>>>>>  template for us.
>>>>>>
>>>>>> I have deep love and respect for OWASP and everyone who volunteers -
>>>>>> I'm extremely confident that investing in a full time evangelist will reap
>>>>>> huge returns and cement OWASP even more firmly in the development world.
>>>>>>
>>>>>> Leaders, what do you think? Would love to hear from those who agree /
>>>>>> disagree. Anyone interested in full time OWASP evangelizing?
>>>>>>
>>>>>> In the meantime I'm going to be working towards getting corporate
>>>>>> sponsorship to fund more full timers.
>>>>>>
>>>>>> Distinti saluti,
>>>>>> Jerry
>>>>>> ______________________________**_________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/**mailman/listinfo/owasp-leaders<https://lists.owasp.org/mailman/listinfo/owasp-leaders>
>>>>>>
>>>>> ______________________________**_________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/**mailman/listinfo/owasp-leaders<https://lists.owasp.org/mailman/listinfo/owasp-leaders>
>>>>>
>>>>
>>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20121214/a75ac684/attachment.html>


More information about the OWASP-Leaders mailing list