[Owasp-leaders] Full time OWASP evangelist...

Jerry Hoff jerry at owasp.org
Fri Dec 14 19:14:10 UTC 2012


Not a fan of that - should be a global discussion - not just a discussion for whomever comes to the summit.

Let's keep it going...

Jerry

On Dec 14, 2012, at 2:06 PM, "Dennis Groves" <dennis.groves at owasp.org> wrote:

> All,
> 
> This is a great discussion point for an OWASP summit, or perhaps at AppSec?
> 
> 
> Dennis
> 
> -- 
> [Dennis Groves](http://about.me/dennis.groves), MSc
> [Email me](mailto:dennis.groves at owasp.org) or [schedule a meeting](http://goo.gl/8sPIy).
> 
> *This email is licensed under a [CC BY-ND 3.0](http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB) license.*
> 
> **Please do not send me Microsoft Office/Apple iWork documents.**
> Send [OpenDocument](http://fsf.org/campaigns/opendocument/) instead!
> Stand up for your freedom to install [free software](http://www.fsf.org/campaigns/secure-boot/statement).
> 
> On 14 Dec 2012, at 18:43, Tom Brennan wrote:
> 
>> All,
>> 
>> If you had about 1M dollars to manage for the mission ("The mission of the
>> Organization is to make application security visible, so that people and
>> organizations can make informed decisions about true application security
>> risks".)  of OWASP how would you do it?
>> 
>> Here is a link to the DRAFT 2013 Budget in case you missed it:
>> 
>> https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AhI4iTO_QojvdEVpZXU4WDRVbFhvM2FuLTU1Mlg3a1E#gid=0
>> 
>> Copy below if you can't view the working draft above
>> 
>> https://docs.google.com/spreadsheet/ccc?key=0AhtB029bdcxGdDFDcVJnb2hqUG0zRFFZdF9xeDhZM2c
>> 
>> ===
>> 
>> OWASP Tax filings are at:
>> https://www.owasp.org/index.php/About_OWASP#Tax_Filings
>> 
>> Most current 2011 taxes @
>> https://www.owasp.org/images/9/9b/2011_Tax_Return.pdf
>> 
>> ===
>> 
>> In addition to the discussion on the thread that is AWESOME BTW the next
>> scheduled meeting is 2013-Jan not posted yet but stay tuned if you want to
>> dial in
>> 
>> https://www.owasp.org/index.php/OWASP_Board_Meetings
>> 
>> ========================
>> 
>> Note for 2013 the roles of the board have been decided and will be as
>> follows:
>> 
>> https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#2013_Global_Board_Members
>> 
>> Enjoy the holiday break 2013 is going to be the year of software security!
>> 
>> 
>> 
>> On Fri, Dec 14, 2012 at 12:39 PM, Steve Kosten <steve.kosten at owasp.org>wrote:
>> 
>>> All,
>>> 
>>> I also think OWASP has done amazingly well in educating the community on
>>> application security with extremely limited dedicated resources.  As Jerry
>>> stated, while we have a motivated and very talented volunteer base, perhaps
>>> more is needed to achieve the mission of the organization.  And as Dennis
>>> pointed out, there are *so* many areas where we have function while being
>>> woefully understaffed.
>>> 
>>> I think we need to ask ourselves, in terms of our mission, where do we
>>> want to be in 5 years?  Do we see OWASP operating much as it is today with
>>> dedicated support staff reporting to the board (as this is my current
>>> understanding).  Or do we see dedicated full time leadership running the
>>> OWASP day to day activities with support staff while still reporting to the
>>> board.  Perhaps other options.
>>> 
>>> While I have not been exposed to the finances of OWASP, I would expect, as
>>> Jerry stated, that a full-time leadership position could rapidly pay for
>>> himself/herself and would put us on a stronger foundation for achieving our
>>> stated mission through the next five years.  By leveraging existing work
>>> and progress, such a leader could develop additional revenue for the
>>> organization through training and other means, all of which would be
>>> actions towards fulfilling our mission.  Sure, we would need revenue
>>> through sponsorship or other means initially, but I believe we can sell a
>>> vision that would be rapidly attainable.
>>> 
>>> To quickly list a few things off, I could see:
>>> 
>>> - More training for outreach that also funds the organization
>>> - More support for chapters in lining up speakers for meetings
>>> - More regional conferences that help fund local chapters and the
>>> organization
>>> - Very strong project management and project oversight to help ensure
>>> our projects are successful in fulfilling our mission goals
>>> 
>>> My humble thoughts (and always willing to help w/ any of this).
>>> 
>>> Steve Kosten (Denver chapter lead)
>>> 
>>> 
>>> 
>>> ------------------------------------------------------
>>> 
>>> On Fri, Dec 14, 2012 at 5:34 AM, Sherif Koussa <sherif.koussa at owasp.org>wrote:
>>> 
>>>> I 100% agree that OWASP need immediate administrative services, project
>>>> management, designers, etc more so than an evangelist. However, I think
>>>> this is a brilliant idea, because if the evangelist is doing a good job in
>>>> spreading the word around, hiring for those positions will be much
>>>> more attainable goal, because more people will get to know OWASP, like
>>>> OWASP, use OWASP and support OWASP which is more likely to turn in more
>>>> revenue (training, individual and corporate memberships) that could be used
>>>> to hire more people.
>>>> 
>>>> And the job could definitely be called something else for sure.
>>>> 
>>>> Regards,
>>>> Sherif
>>>> 
>>>> 
>>>> On Fri, Dec 14, 2012 at 2:56 AM, Dinis Cruz <dinis.cruz at owasp.org> wrote:
>>>> 
>>>>> They are different things, and yeah we need those too :)
>>>>> 
>>>>> PS Jim: http://csharp-repl.apphb.com/36
>>>>> 
>>>>> Dinis Cruz
>>>>> 
>>>>> 
>>>>> On 14 December 2012 07:38, Jim Manico <jim.manico at owasp.org> wrote:
>>>>> 
>>>>>> Jerry,
>>>>>> 
>>>>>> If we substitute "evangelist" with "Marketing Director" or "community
>>>>>> coordinator" or "volunteer coordinator" or "developer community liaison" -
>>>>>> would that still work for you?
>>>>>> 
>>>>>> Let's try a different name to skirt around Dinis' indifference for the
>>>>>> term "evangelist" even though you were talking about:
>>>>>> http://en.wikipedia.org/wiki/**Evangelism_marketing<http://en.wikipedia.org/wiki/Evangelism_marketing>- right?
>>>>>> 
>>>>>> Cheers, Jerry.
>>>>>> - Jim
>>>>>> 
>>>>>> PS Dinis:  NTdkZTVkOTcxOTAxOGYwMmVhYzc4Yz**k1OTZmNTlkMDY=
>>>>>> 
>>>>>> 
>>>>>> We already have that, it's the OWASP leaders (and we should be
>>>>>>> investing in supporting them better)
>>>>>>> 
>>>>>>> In terms of hiring staff, there are a lot of other roles that are
>>>>>>> needed first (sysadmin, tech editors, more project management, event
>>>>>>> organisers, designer, reviewers, video/audio editors, etc)
>>>>>>> 
>>>>>>> And btw, the term 'evangelize' really doesn't work outside the US and
>>>>>>> has a lot of religious connotations.
>>>>>>> 
>>>>>>> That said, if you know of a company that wants to pay somebody to have
>>>>>>> that role, them that's great :)
>>>>>>> 
>>>>>>> Dinis Cruz
>>>>>>> 
>>>>>>> On 14 Dec 2012, at 04:52, Jerry Hoff <jerry at owasp.org> wrote:
>>>>>>> 
>>>>>>> Esteemed Board and Leaders,
>>>>>>>> 
>>>>>>>> I've been doing a lot of thinking about OWASP and our mission - and I
>>>>>>>> really think we need a little more balance.
>>>>>>>> 
>>>>>>>> We obviously have a strong volunteer base consisting of many of the
>>>>>>>> most experienced and motivated web app sec pros on the planet.
>>>>>>>> 
>>>>>>>> However, I think we also need more full time owasp employees to
>>>>>>>> evangelize, coordinate and guide us as we experience sustained growth,
>>>>>>>> attention and involvement.
>>>>>>>> 
>>>>>>>> We want to make appsec more visible, to inform as many stakeholders
>>>>>>>> as possible of the security issues that plague web and application
>>>>>>>> development.
>>>>>>>> 
>>>>>>>> To better achieve these ends I move to start a petition / movement to
>>>>>>>> hire a full time evangelist.
>>>>>>>> 
>>>>>>>> Ideally this would be a position filled by a vocal advocate for OWASP
>>>>>>>> and appsec who can take our message and advance it out to the developer
>>>>>>>> community at large.
>>>>>>>> 
>>>>>>>> This role could also assist the other full time owasp employees shape
>>>>>>>> and guide the organization and its outreach efforts.
>>>>>>>> 
>>>>>>>> Along with owasp, I've been highly involved with toastmasters - what
>>>>>>>> they have done as an organization can easily serve as an organizational
>>>>>>>> template for us.
>>>>>>>> 
>>>>>>>> I have deep love and respect for OWASP and everyone who volunteers -
>>>>>>>> I'm extremely confident that investing in a full time evangelist will reap
>>>>>>>> huge returns and cement OWASP even more firmly in the development world.
>>>>>>>> 
>>>>>>>> Leaders, what do you think? Would love to hear from those who agree /
>>>>>>>> disagree. Anyone interested in full time OWASP evangelizing?
>>>>>>>> 
>>>>>>>> In the meantime I'm going to be working towards getting corporate
>>>>>>>> sponsorship to fund more full timers.
>>>>>>>> 
>>>>>>>> Distinti saluti,
>>>>>>>> Jerry
>>>>>>>> ______________________________**_________________
>>>>>>>> OWASP-Leaders mailing list
>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>> https://lists.owasp.org/**mailman/listinfo/owasp-leaders<https://lists.owasp.org/mailman/listinfo/owasp-leaders>
>>>>>>>> 
>>>>>>> ______________________________**_________________
>>>>>>> OWASP-Leaders mailing list
>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>> https://lists.owasp.org/**mailman/listinfo/owasp-leaders<https://lists.owasp.org/mailman/listinfo/owasp-leaders>
>>>>>>> 
>>>>>> 
>>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>> 
>>>>> 
>>>> 
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> 
>>>> 
>>> 
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> 
>>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders


More information about the OWASP-Leaders mailing list