[Owasp-leaders] What would you change about OWASP?
tomb at owasp.org
Wed Jun 6 22:52:18 UTC 2012
Well said even with today's web appsec headlines of BigPenis
Semper Fi Andy ;)- see you at #defcon
(e) tbrennan at trustwave.com
On Jun 6, 2012, at 3:17 PM, Andy Lewis <alewis at owasp.org> wrote:
> Hi Eoin - first allow me to thank you for the time you've taken over
> the years to maintain OWASP's momentum.
> What I'd change:
> 1. Have a virtual meeting for Chapter Leaders periodically. Make it a
> forum for ongoing improvement - mentoring new leaders, providing tips,
> discussing what's hot, pending global changes, etc. Voluntary and
> targeted at 30 mins (likely to go 60, but 30's the target).
> 2. Encourage existing leaders to serve as mentors/buddies. Some times
> when you're new to an organization it REALLY helps to have a single
> POC to whom you can ask stupid questions :-)
> 3. Ask questions like this and figure out how to put action behind the
> answers. Because we all have day jobs, OWASP is a labor of love.
> Sometimes it feel unrequited. Putting action in is more often about
> finding the right person with the right passion and sufficient time to
> make progress. Find those people and encourage THEIR projects so that
> we're DELIVERING (whether or not it's of earth-shattering
> significance). A great example is Cam Morris's Passfault project -
> GREAT action from a PASSIONATE individual who SHARED the project and
> who's ultimately helping himself, OWASP, and the world (without
> shattering it). Coordinate help if needed, and as a Board (and
> veterans of this industry), find the projects with the greatest
> potential impact and actively recruit for them.
> 4. Send Board Members to Chapter Meetings. A part of my frustration
> over the years involves not understanding "your" world and knowing
> that "you" don't understand mine. Figure out how to make Board
> Members available on "the circuit" with very cool topics, and budget
> enough time to sit down w/Chapter Leaders over beers (or breakfast) to
> impart awareness of OWASP resources and to receive first-hand
> understanding of what's happening locally. The trick is the same
> every month - find a place, find someone to sponsor, find someone with
> a compelling topic/hands-on, and put people in the chairs. If the
> Board Members (or Chapter Leaders) can establish a rotation of sorts,
> hopefully the compelling topic problem is solved and the rest is just
> logistics and communications.
> 5. Fix the dawgone mail server. We're now encouraging people to join
> LinkedIn and follow us on Twitter. Neither is as well monitored as
> the no-kidding inbox I have to read every day at my job.
> 6. One thing I really, really like is that we ALL have a voice and
> even though I've said some pretty stupid things on this list in the
> past, I've never been soul-crushed out of spite :-) Maintain the
> 7. Consider an Awards system. "Best regional con", "best sponsor
> management", "best AppSec contribution/project", "best general ITSec
> contribution/project", etc. Have winners and runners-up publish what
> they're doing right. Some times it's a lot easier to read/locate what
> champions are doing than it is to chase "best practices."
> Thanks again. Back to the day job...
> On Wed, Jun 6, 2012 at 2:46 AM, Eoin <eoin.keary at owasp.org> wrote:
>> Hello leaders,
>> I was thinking about the good and bad aspects of OWASP. Sometimes I think there is too much "process" and not enough action.
>> Other times I think we don't do enough relevant activities and are not addressing the core issues.
>> So, with that said, what would you change about OWASP? (any idea, suggestion is "fair game").
>> Eoin Keary
>> BCC Risk Advisory
>> Owasp Global Board
>> +353 87 977 2988
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
More information about the OWASP-Leaders