[Owasp-leaders] What would you change about OWASP?

Tom Brennan tomb at owasp.org
Wed Jun 6 22:52:18 UTC 2012

Well said even with today's web appsec headlines of BigPenis 


Semper Fi Andy ;)- see you at #defcon 

Tom Brennan
Trustwave, SpiderLabs
(t) 973-202-0122
(e) tbrennan at trustwave.com
(w) http://www.trustwave.com

On Jun 6, 2012, at 3:17 PM, Andy Lewis <alewis at owasp.org> wrote:

> Hi Eoin - first allow me to thank you for the time you've taken over
> the years to maintain OWASP's momentum.
> What I'd change:
> 1. Have a virtual meeting for Chapter Leaders periodically.  Make it a
> forum for ongoing improvement - mentoring new leaders, providing tips,
> discussing what's hot, pending global changes, etc.  Voluntary and
> targeted at 30 mins (likely to go 60, but 30's the target).
> 2. Encourage existing leaders to serve as mentors/buddies.  Some times
> when you're new to an organization it REALLY helps to have a single
> POC to whom you can ask stupid questions :-)
> 3. Ask questions like this and figure out how to put action behind the
> answers.  Because we all have day jobs, OWASP is a labor of love.
> Sometimes it feel unrequited.  Putting action in is more often about
> finding the right person with the right passion and sufficient time to
> make progress.  Find those people and encourage THEIR projects so that
> we're DELIVERING (whether or not it's of earth-shattering
> significance).  A great example is Cam Morris's Passfault project -
> GREAT action from a PASSIONATE individual who SHARED the project and
> who's ultimately helping himself, OWASP, and the world (without
> shattering it).  Coordinate help if needed, and as a Board (and
> veterans of this industry), find the projects with the greatest
> potential impact and actively recruit for them.
> 4. Send Board Members to Chapter Meetings.  A part of my frustration
> over the years involves not understanding "your" world and knowing
> that "you" don't understand mine.  Figure out how to make Board
> Members available on "the circuit" with very cool topics, and budget
> enough time to sit down w/Chapter Leaders over beers (or breakfast) to
> impart awareness of OWASP resources and to receive first-hand
> understanding of what's happening locally.  The trick is the same
> every month - find a place, find someone to sponsor, find someone with
> a compelling topic/hands-on, and put people in the chairs.  If the
> Board Members (or Chapter Leaders) can establish a rotation of sorts,
> hopefully the compelling topic problem is solved and the rest is just
> logistics and communications.
> 5. Fix the dawgone mail server.  We're now encouraging people to join
> LinkedIn and follow us on Twitter.  Neither is as well monitored as
> the no-kidding inbox I have to read every day at my job.
> 6. One thing I really, really like is that we ALL have a voice and
> even though I've said some pretty stupid things on this list in the
> past, I've never been soul-crushed out of spite :-)  Maintain the
> openness.
> 7. Consider an Awards system.  "Best regional con", "best sponsor
> management", "best AppSec contribution/project", "best general ITSec
> contribution/project", etc.  Have winners and runners-up publish what
> they're doing right.  Some times it's a lot easier to read/locate what
> champions are doing than it is to chase "best practices."
> Thanks again.  Back to the day job...
> Andy
> On Wed, Jun 6, 2012 at 2:46 AM, Eoin <eoin.keary at owasp.org> wrote:
>> Hello leaders,
>> I was thinking about the good and bad aspects of OWASP. Sometimes I think there is too much "process" and not enough action.
>> Other times I think we don't do enough relevant activities and are not addressing the core issues.
>> So, with that said, what would you change about OWASP? (any idea, suggestion is "fair game").
>> Eoin.
>> Eoin Keary
>> BCC Risk Advisory
>> Owasp Global Board
>> +353 87 977 2988
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

More information about the OWASP-Leaders mailing list