[Owasp-leaders] Full time OWASP evangelist...

Fri Dec 14 19:06:14 UTC 2012

All,

This is a great discussion point for an OWASP summit, or perhaps at 
AppSec?

Dennis

-- 
[Dennis Groves](http://about.me/dennis.groves), MSc
[Email me](mailto:dennis.groves at owasp.org) or [schedule a 
meeting](http://goo.gl/8sPIy).

*This email is licensed under a [CC BY-ND 
3.0](http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB) license.*

**Please do not send me Microsoft Office/Apple iWork documents.**
Send [OpenDocument](http://fsf.org/campaigns/opendocument/) instead!
Stand up for your freedom to install [free 
software](http://www.fsf.org/campaigns/secure-boot/statement).

On 14 Dec 2012, at 18:43, Tom Brennan wrote:

> All,
>
> If you had about 1M dollars to manage for the mission ("The mission of 
> the
> Organization is to make application security visible, so that people 
> and
> organizations can make informed decisions about true application 
> security
> risks".)  of OWASP how would you do it?
>
> Here is a link to the DRAFT 2013 Budget in case you missed it:
>
> https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AhI4iTO_QojvdEVpZXU4WDRVbFhvM2FuLTU1Mlg3a1E#gid=0
>
> Copy below if you can't view the working draft above
>
> https://docs.google.com/spreadsheet/ccc?key=0AhtB029bdcxGdDFDcVJnb2hqUG0zRFFZdF9xeDhZM2c
>
> ===
>
> OWASP Tax filings are at:
> https://www.owasp.org/index.php/About_OWASP#Tax_Filings
>
> Most current 2011 taxes @
> https://www.owasp.org/images/9/9b/2011_Tax_Return.pdf
>
> ===
>
> In addition to the discussion on the thread that is AWESOME BTW the 
> next
> scheduled meeting is 2013-Jan not posted yet but stay tuned if you 
> want to
> dial in
>
> https://www.owasp.org/index.php/OWASP_Board_Meetings
>
> ========================
>
> Note for 2013 the roles of the board have been decided and will be as
> follows:
>
> https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#2013_Global_Board_Members
>
> Enjoy the holiday break 2013 is going to be the year of software 
> security!
>
>
>
> On Fri, Dec 14, 2012 at 12:39 PM, Steve Kosten 
> <steve.kosten at owasp.org>wrote:
>
>> All,
>>
>> I also think OWASP has done amazingly well in educating the community 
>> on
>> application security with extremely limited dedicated resources.  As 
>> Jerry
>> stated, while we have a motivated and very talented volunteer base, 
>> perhaps
>> more is needed to achieve the mission of the organization.  And as 
>> Dennis
>> pointed out, there are *so* many areas where we have function while 
>> being
>> woefully understaffed.
>>
>> I think we need to ask ourselves, in terms of our mission, where do 
>> we
>> want to be in 5 years?  Do we see OWASP operating much as it is today 
>> with
>> dedicated support staff reporting to the board (as this is my current
>> understanding).  Or do we see dedicated full time leadership running 
>> the
>> OWASP day to day activities with support staff while still reporting 
>> to the
>> board.  Perhaps other options.
>>
>> While I have not been exposed to the finances of OWASP, I would 
>> expect, as
>> Jerry stated, that a full-time leadership position could rapidly pay 
>> for
>> himself/herself and would put us on a stronger foundation for 
>> achieving our
>> stated mission through the next five years.  By leveraging existing 
>> work
>> and progress, such a leader could develop additional revenue for the
>> organization through training and other means, all of which would be
>> actions towards fulfilling our mission.  Sure, we would need revenue
>> through sponsorship or other means initially, but I believe we can 
>> sell a
>> vision that would be rapidly attainable.
>>
>> To quickly list a few things off, I could see:
>>
>> - More training for outreach that also funds the organization
>> - More support for chapters in lining up speakers for meetings
>> - More regional conferences that help fund local chapters and the
>> organization
>> - Very strong project management and project oversight to help ensure
>> our projects are successful in fulfilling our mission goals
>>
>> My humble thoughts (and always willing to help w/ any of this).
>>
>> Steve Kosten (Denver chapter lead)
>>
>>
>>
>> ------------------------------------------------------
>>
>> On Fri, Dec 14, 2012 at 5:34 AM, Sherif Koussa 
>> <sherif.koussa at owasp.org>wrote:
>>
>>> I 100% agree that OWASP need immediate administrative services, 
>>> project
>>> management, designers, etc more so than an evangelist. However, I 
>>> think
>>> this is a brilliant idea, because if the evangelist is doing a good 
>>> job in
>>> spreading the word around, hiring for those positions will be much
>>> more attainable goal, because more people will get to know OWASP, 
>>> like
>>> OWASP, use OWASP and support OWASP which is more likely to turn in 
>>> more
>>> revenue (training, individual and corporate memberships) that could 
>>> be used
>>> to hire more people.
>>>
>>> And the job could definitely be called something else for sure.
>>>
>>> Regards,
>>> Sherif
>>>
>>>
>>> On Fri, Dec 14, 2012 at 2:56 AM, Dinis Cruz <dinis.cruz at owasp.org> 
>>> wrote:
>>>
>>>> They are different things, and yeah we need those too :)
>>>>
>>>> PS Jim: http://csharp-repl.apphb.com/36
>>>>
>>>> Dinis Cruz
>>>>
>>>>
>>>> On 14 December 2012 07:38, Jim Manico <jim.manico at owasp.org> wrote:
>>>>
>>>>> Jerry,
>>>>>
>>>>> If we substitute "evangelist" with "Marketing Director" or 
>>>>> "community
>>>>> coordinator" or "volunteer coordinator" or "developer community 
>>>>> liaison" -
>>>>> would that still work for you?
>>>>>
>>>>> Let's try a different name to skirt around Dinis' indifference for 
>>>>> the
>>>>> term "evangelist" even though you were talking about:
>>>>> http://en.wikipedia.org/wiki/**Evangelism_marketing<http://en.wikipedia.org/wiki/Evangelism_marketing>- 
>>>>> right?
>>>>>
>>>>> Cheers, Jerry.
>>>>> - Jim
>>>>>
>>>>> PS Dinis:  NTdkZTVkOTcxOTAxOGYwMmVhYzc4Yz**k1OTZmNTlkMDY=
>>>>>
>>>>>
>>>>> We already have that, it's the OWASP leaders (and we should be
>>>>>> investing in supporting them better)
>>>>>>
>>>>>> In terms of hiring staff, there are a lot of other roles that are
>>>>>> needed first (sysadmin, tech editors, more project management, 
>>>>>> event
>>>>>> organisers, designer, reviewers, video/audio editors, etc)
>>>>>>
>>>>>> And btw, the term 'evangelize' really doesn't work outside the US 
>>>>>> and
>>>>>> has a lot of religious connotations.
>>>>>>
>>>>>> That said, if you know of a company that wants to pay somebody to 
>>>>>> have
>>>>>> that role, them that's great :)
>>>>>>
>>>>>> Dinis Cruz
>>>>>>
>>>>>> On 14 Dec 2012, at 04:52, Jerry Hoff <jerry at owasp.org> wrote:
>>>>>>
>>>>>> Esteemed Board and Leaders,
>>>>>>>
>>>>>>> I've been doing a lot of thinking about OWASP and our mission - 
>>>>>>> and I
>>>>>>> really think we need a little more balance.
>>>>>>>
>>>>>>> We obviously have a strong volunteer base consisting of many of 
>>>>>>> the
>>>>>>> most experienced and motivated web app sec pros on the planet.
>>>>>>>
>>>>>>> However, I think we also need more full time owasp employees to
>>>>>>> evangelize, coordinate and guide us as we experience sustained 
>>>>>>> growth,
>>>>>>> attention and involvement.
>>>>>>>
>>>>>>> We want to make appsec more visible, to inform as many 
>>>>>>> stakeholders
>>>>>>> as possible of the security issues that plague web and 
>>>>>>> application
>>>>>>> development.
>>>>>>>
>>>>>>> To better achieve these ends I move to start a petition / 
>>>>>>> movement to
>>>>>>> hire a full time evangelist.
>>>>>>>
>>>>>>> Ideally this would be a position filled by a vocal advocate for 
>>>>>>> OWASP
>>>>>>> and appsec who can take our message and advance it out to the 
>>>>>>> developer
>>>>>>> community at large.
>>>>>>>
>>>>>>> This role could also assist the other full time owasp employees 
>>>>>>> shape
>>>>>>> and guide the organization and its outreach efforts.
>>>>>>>
>>>>>>> Along with owasp, I've been highly involved with toastmasters - 
>>>>>>> what
>>>>>>> they have done as an organization can easily serve as an 
>>>>>>> organizational
>>>>>>> template for us.
>>>>>>>
>>>>>>> I have deep love and respect for OWASP and everyone who 
>>>>>>> volunteers -
>>>>>>> I'm extremely confident that investing in a full time evangelist 
>>>>>>> will reap
>>>>>>> huge returns and cement OWASP even more firmly in the 
>>>>>>> development world.
>>>>>>>
>>>>>>> Leaders, what do you think? Would love to hear from those who 
>>>>>>> agree /
>>>>>>> disagree. Anyone interested in full time OWASP evangelizing?
>>>>>>>
>>>>>>> In the meantime I'm going to be working towards getting 
>>>>>>> corporate
>>>>>>> sponsorship to fund more full timers.
>>>>>>>
>>>>>>> Distinti saluti,
>>>>>>> Jerry
>>>>>>> ______________________________**_________________
>>>>>>> OWASP-Leaders mailing list
>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>> https://lists.owasp.org/**mailman/listinfo/owasp-leaders<https://lists.owasp.org/mailman/listinfo/owasp-leaders>
>>>>>>>
>>>>>> ______________________________**_________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/**mailman/listinfo/owasp-leaders<https://lists.owasp.org/mailman/listinfo/owasp-leaders>
>>>>>>
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders