[Owasp-leaders] Full time OWASP evangelist...

Andrew van der Stock vanderaj at owasp.org
Sat Dec 15 04:58:55 UTC 2012

I think comparing the corporate structures of for profit entities like SANS or IO Active versus the organisational structures of not for profit volunteer organisations is not helpful. A for profit is there solely for the financial benefit of shareholders and that's not OWASP's model. For a start, we are much, much, much larger than SANS or any other firm we might compare ourselves to. The input of every one of our contributors is lower because its not our day job, but there are way more of us. 

We need to learn from and compare ourselves and our challenges to other highly successful not for profits with open source and many projects and volunteers. Apache. Linux foundation. 

Personally I think most projects don't need a project manager, but a mentor. No one judges the state of play of 99.99% of the projects on Google Code or GitHub. I don't think it is possible to scale project management to cover all ~ 300 projects, and it's not worth the heartache to try. I'd prefer setting quality bars and project evaluation criteria and allow self assessment with a quality check by the mentor to keep our processes lightweight particularly for projects that are dormant or abandoned. 

However, the larger projects each need a project manager who is not the project lead. Someone who who will hold the team members accountable and work out velocity and have access to a project management tool. Such projects are what OWASP is famous for, and we need a much higher quality bar for these projects. 

Fwiw, I don't believe the chicken or pig situation should be on whether you can attend a conference. It's the output you achieve. I for one would love to have a job where I can attend all the major conferences and present at them, but instead I have a job where I have to look after 10 folks, I have a terrible work/life balance and none of my customers go to OWASP conferences, so it's not possible to invest that sort of time in visiting another country. My job allows me to occasionally invest time in creating OWASP materials, pays the rent, and keeps us in food and clothing. I should not be excluded because I am not in a position - at all - to attend conferences. 


More information about the OWASP-Leaders mailing list