[Owasp-leaders] What would you change about OWASP?

Andy Lewis alewis at owasp.org
Wed Jun 6 19:17:06 UTC 2012

Hi Eoin - first allow me to thank you for the time you've taken over
the years to maintain OWASP's momentum.

What I'd change:
1. Have a virtual meeting for Chapter Leaders periodically.  Make it a
forum for ongoing improvement - mentoring new leaders, providing tips,
discussing what's hot, pending global changes, etc.  Voluntary and
targeted at 30 mins (likely to go 60, but 30's the target).

2. Encourage existing leaders to serve as mentors/buddies.  Some times
when you're new to an organization it REALLY helps to have a single
POC to whom you can ask stupid questions :-)

3. Ask questions like this and figure out how to put action behind the
answers.  Because we all have day jobs, OWASP is a labor of love.
Sometimes it feel unrequited.  Putting action in is more often about
finding the right person with the right passion and sufficient time to
make progress.  Find those people and encourage THEIR projects so that
we're DELIVERING (whether or not it's of earth-shattering
significance).  A great example is Cam Morris's Passfault project -
GREAT action from a PASSIONATE individual who SHARED the project and
who's ultimately helping himself, OWASP, and the world (without
shattering it).  Coordinate help if needed, and as a Board (and
veterans of this industry), find the projects with the greatest
potential impact and actively recruit for them.

4. Send Board Members to Chapter Meetings.  A part of my frustration
over the years involves not understanding "your" world and knowing
that "you" don't understand mine.  Figure out how to make Board
Members available on "the circuit" with very cool topics, and budget
enough time to sit down w/Chapter Leaders over beers (or breakfast) to
impart awareness of OWASP resources and to receive first-hand
understanding of what's happening locally.  The trick is the same
every month - find a place, find someone to sponsor, find someone with
a compelling topic/hands-on, and put people in the chairs.  If the
Board Members (or Chapter Leaders) can establish a rotation of sorts,
hopefully the compelling topic problem is solved and the rest is just
logistics and communications.

5. Fix the dawgone mail server.  We're now encouraging people to join
LinkedIn and follow us on Twitter.  Neither is as well monitored as
the no-kidding inbox I have to read every day at my job.

6. One thing I really, really like is that we ALL have a voice and
even though I've said some pretty stupid things on this list in the
past, I've never been soul-crushed out of spite :-)  Maintain the

7. Consider an Awards system.  "Best regional con", "best sponsor
management", "best AppSec contribution/project", "best general ITSec
contribution/project", etc.  Have winners and runners-up publish what
they're doing right.  Some times it's a lot easier to read/locate what
champions are doing than it is to chase "best practices."

Thanks again.  Back to the day job...

On Wed, Jun 6, 2012 at 2:46 AM, Eoin <eoin.keary at owasp.org> wrote:
> Hello leaders,
> I was thinking about the good and bad aspects of OWASP. Sometimes I think there is too much "process" and not enough action.
> Other times I think we don't do enough relevant activities and are not addressing the core issues.
> So, with that said, what would you change about OWASP? (any idea, suggestion is "fair game").
> Eoin.
> Eoin Keary
> BCC Risk Advisory
> Owasp Global Board
> +353 87 977 2988
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

More information about the OWASP-Leaders mailing list