[Owasp-leaders] OWASP's New Executive Director - process?

Jim Manico jim.manico at owasp.org
Sat Apr 13 22:48:39 UTC 2013

I meant 90 hours; but you get my point. :) These are good questions
and I'm endeavoring to answer them as directly and honestly as I can.

Jim Manico
(808) 652-3805

On Apr 13, 2013, at 6:47 PM, Tobias <tobias.gondrom at owasp.org> wrote:

> Thank you for the information and clarification. I see.
> Best regards, Tobias
> Ps.: btw. it seems you might have misread my email: the time from
> announcement of the role to filling it was 90 hours, not 90 days. ;-)
> On 13/04/13 23:39, Jim Manico wrote:
>> There was no selection process. As stated below, the board met in
>> private (because this was a staffing matter). After several rounds of
>> discussion by the board, and after an official unanimous vote, we
>> voted to promote Sarah Baso to Executive Director.
>> This transpired over several weeks, not 90 days.
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805
>> On Apr 13, 2013, at 6:30 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>>> Jim,
>>> hm, thanks for the answer to my question #2.
>>> I read your answer as: at the current moment a replacement hire for
>>> Sarah's previous role is not planned.
>>> And not sure whether your first part of your email is intended to be an
>>> answer to my first question of "Would you mind to share some information
>>> about the process you used for this?"
>>> Actually, although I don't like "private meetings" too much, I am less
>>> concerned about them as such, as long as the process itself is clear and
>>> is being communicated openly and allows community input (e.g. the JD and
>>> required qualifications and responsibilities and on the process, not the
>>> individual candidates). In this case I was quite surprised by how fast
>>> we moved from creation of the ED role to announcement of filling it. You
>>> did this in just 90 hours. Which is probably the fastest I have ever
>>> seen and makes me quite curious to find out what process you used. I
>>> have hired a number of people in the past and so far this is the fastest
>>> process I have ever seen, which raises a few simple questions:
>>> - at that speed, was there some kind of selection process already before
>>> the announcement of the new role and what was that?
>>> - did you have a JD (job description) with the outlined needed
>>> qualifications, experience, skills? (I saw the role description with the
>>> responsibilities of the role, but that doc didn't have any information
>>> on what person you are looking for), did you have a certain salary range
>>> in mind? etc.
>>> - How many candidates did you consider? (and were there any applications
>>> from the community in these 90hours?)
>>> - And depending on the number of applications you had, how did you
>>> determine the match and for what reason did you choose to not ask for
>>> further applications from the community?
>>> - How many interviews did you conduct, how many board members were
>>> involved in the interview process?
>>> I find your last sentence about the distribution of power interesting.
>>> And that seizing of new power sounds an alarm for you. Maybe a thought:
>>> taking a step back it seems what just happened is that in fact we did
>>> concentrate power from a group of elected people (the board) to one
>>> individual (the ED), and note: our other staff's power has probably also
>>> been reduced in relationship to the ED. I am not debating whether this
>>> is right or wrong in this case (as one might argue that the board needs
>>> to choose to delegate this power due to time constraints and/or lack of
>>> own personal capability). But using your own concept, as we concentrated
>>> power in one individual role, we should be very careful and as open as
>>> possible (of course within the legal boundaries) with the process of
>>> doing so?
>>> So I would be really interested to learn a little bit about the process
>>> OWASP used in the selection.
>>> Best wishes, Tobias
>>> Ps.: and again: Let me be clear I am making no statement about the
>>> decision itself or Sarah's qualification for this role.
>>> On 13/04/13 22:26, Jim Manico wrote:
>>>> Tobias,
>>>> We were not seeking candidates for this role. We (unanimously)
>>>> promoted Sarah to Executive Director. Because these board conversation
>>>> were about employee matters, we had those conversations in private.
>>>> It's the •only• private board discussion that I have seen in 2013
>>>> during my term. It's the primary role of the board to hire staff
>>>> As Executive Director, it's now Sarahs job to rearrange the staff as
>>>> she sees fit or hire someone new (if the budget allows).
>>>> So the answer is, we shall see!
>>>> Last note, I am very wary regarding "private board discussions". If
>>>> the board has private discussions that lead to seizing of new power,
>>>> that's a huge alarm. But the opposite happened here. We removed
>>>> operational leadership from the board and passed it to Sarah and the
>>>> staff. It's the boards job to keep watch over this, but I'm personally
>>>> really thrilled about this change in OWASP's organizational structure.
>>>> Aloha,
>>>> --
>>>> Jim Manico
>>>> @Manicode
>>>> (808) 652-3805
>>>> On Apr 13, 2013, at 5:17 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>>>>> As OWASP created the new ED position and Sarah got promoted into this. Do we now intend to hire a new person to take over Sarah's previous role?

More information about the OWASP-Leaders mailing list