[Owasp-leaders] OWASP's New Executive Director - process?

Jim Manico jim.manico at owasp.org
Sun Apr 14 15:08:10 UTC 2013


I think your comment below is a fair interpretation of events.

Our intention was really innocent. We finally had the job details and job listing complete for Sarah, and so we posted it to the blog the day we sent her a copy. Then, she accepted. Which was not a given. We then published that she took the job a few days later (90 hours later).

There was no ill will here, but I can understand the perception of ill will.

One more note, there is some controversy around not having an "open listing" for this position and a call for candidates. I think that is a fair complaint.

I can only hope the members of the board have earned some trust from the OWASP community. I think that is why I (and others on the board) were elected. I truly feel that Sarah is the right person for the job. It would be impossible to find someone with her credentials knowing that we only can afford a modest salary. 

If Sarah did not accept the position, I would have tried to initiate an open call for candidates. But she did accept, and I feel that OWASP will become stronger for it.

I (and the board) are very happy to answer other questions about this matter. I hope these emails clear up some of the confusion.

Jim Manico
OWASP Board Member

> FWIW My 0.02,
> As far as I can see the only issue is a slight perception problem around
> the announcement process.
> The first message that went out could have been read as "OWASP has decided
> to have an executive director position and we'll be looking start the
> process of filling it"
> which meant that the great news of Sarah appointment 4 days later seem
> potentially odd (i.e. if there was going to be a process of finding a
> candidate for the role and filling it, it would have taken more than 4 days)
> What might have worked better is if the announcements of the creation of
> the role and Sarah's appointment had been part of the same message or if
> the first message had made it clear that the board already had someone in
> mind for the role at that point.
> So to summarize I don't think (at least as far as I've read) has any
> question about the robustness of the process or about who has been
> appointed to the role, just that the communications left a gap for a level
> of confusion.
> Rory
> On Sun, Apr 14, 2013 at 3:19 PM, Eoin <eoin.keary at owasp.org> wrote:
>> Leaders, if required I believe anyone with a strong view either way could
>> attend a conference call to go through the process of hiring our new exec.
>> On a board level, when this role was suggested there were sceptics,
>> supporters etc. and the issues were worked through to the final decision
>> and outcome. So this was a robust process.
>> I think this new role and structure should improve things for the better
>> such as supporting chapters, defining accountability, having an official
>> spokesperson etc.
>> I'd like to ask what are the perceived nagative issues?
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988
>> On 13 Apr 2013, at 23:48, Jim Manico <jim.manico at owasp.org> wrote:
>>> I meant 90 hours; but you get my point. :) These are good questions
>>> and I'm endeavoring to answer them as directly and honestly as I can.
>>> Aloha,
>>> --
>>> Jim Manico
>>> @Manicode
>>> (808) 652-3805
>>> On Apr 13, 2013, at 6:47 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>>>> Thank you for the information and clarification. I see.
>>>> Best regards, Tobias
>>>> Ps.: btw. it seems you might have misread my email: the time from
>>>> announcement of the role to filling it was 90 hours, not 90 days. ;-)
>>>> On 13/04/13 23:39, Jim Manico wrote:
>>>>> There was no selection process. As stated below, the board met in
>>>>> private (because this was a staffing matter). After several rounds of
>>>>> discussion by the board, and after an official unanimous vote, we
>>>>> voted to promote Sarah Baso to Executive Director.
>>>>> This transpired over several weeks, not 90 days.
>>>>> --
>>>>> Jim Manico
>>>>> @Manicode
>>>>> (808) 652-3805
>>>>> On Apr 13, 2013, at 6:30 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>>>>>> Jim,
>>>>>> hm, thanks for the answer to my question #2.
>>>>>> I read your answer as: at the current moment a replacement hire for
>>>>>> Sarah's previous role is not planned.
>>>>>> And not sure whether your first part of your email is intended to be
>> an
>>>>>> answer to my first question of "Would you mind to share some
>> information
>>>>>> about the process you used for this?"
>>>>>> Actually, although I don't like "private meetings" too much, I am less
>>>>>> concerned about them as such, as long as the process itself is clear
>> and
>>>>>> is being communicated openly and allows community input (e.g. the JD
>> and
>>>>>> required qualifications and responsibilities and on the process, not
>> the
>>>>>> individual candidates). In this case I was quite surprised by how fast
>>>>>> we moved from creation of the ED role to announcement of filling it.
>> You
>>>>>> did this in just 90 hours. Which is probably the fastest I have ever
>>>>>> seen and makes me quite curious to find out what process you used. I
>>>>>> have hired a number of people in the past and so far this is the
>> fastest
>>>>>> process I have ever seen, which raises a few simple questions:
>>>>>> - at that speed, was there some kind of selection process already
>> before
>>>>>> the announcement of the new role and what was that?
>>>>>> - did you have a JD (job description) with the outlined needed
>>>>>> qualifications, experience, skills? (I saw the role description with
>> the
>>>>>> responsibilities of the role, but that doc didn't have any information
>>>>>> on what person you are looking for), did you have a certain salary
>> range
>>>>>> in mind? etc.
>>>>>> - How many candidates did you consider? (and were there any
>> applications
>>>>>> from the community in these 90hours?)
>>>>>> - And depending on the number of applications you had, how did you
>>>>>> determine the match and for what reason did you choose to not ask for
>>>>>> further applications from the community?
>>>>>> - How many interviews did you conduct, how many board members were
>>>>>> involved in the interview process?
>>>>>> I find your last sentence about the distribution of power interesting.
>>>>>> And that seizing of new power sounds an alarm for you. Maybe a
>> thought:
>>>>>> taking a step back it seems what just happened is that in fact we did
>>>>>> concentrate power from a group of elected people (the board) to one
>>>>>> individual (the ED), and note: our other staff's power has probably
>> also
>>>>>> been reduced in relationship to the ED. I am not debating whether this
>>>>>> is right or wrong in this case (as one might argue that the board
>> needs
>>>>>> to choose to delegate this power due to time constraints and/or lack
>> of
>>>>>> own personal capability). But using your own concept, as we
>> concentrated
>>>>>> power in one individual role, we should be very careful and as open as
>>>>>> possible (of course within the legal boundaries) with the process of
>>>>>> doing so?
>>>>>> So I would be really interested to learn a little bit about the
>> process
>>>>>> OWASP used in the selection.
>>>>>> Best wishes, Tobias
>>>>>> Ps.: and again: Let me be clear I am making no statement about the
>>>>>> decision itself or Sarah's qualification for this role.
>>>>>> On 13/04/13 22:26, Jim Manico wrote:
>>>>>>> Tobias,
>>>>>>> We were not seeking candidates for this role. We (unanimously)
>>>>>>> promoted Sarah to Executive Director. Because these board
>> conversation
>>>>>>> were about employee matters, we had those conversations in private.
>>>>>>> It's the •only• private board discussion that I have seen in 2013
>>>>>>> during my term. It's the primary role of the board to hire staff
>>>>>>> As Executive Director, it's now Sarahs job to rearrange the staff as
>>>>>>> she sees fit or hire someone new (if the budget allows).
>>>>>>> So the answer is, we shall see!
>>>>>>> Last note, I am very wary regarding "private board discussions". If
>>>>>>> the board has private discussions that lead to seizing of new power,
>>>>>>> that's a huge alarm. But the opposite happened here. We removed
>>>>>>> operational leadership from the board and passed it to Sarah and the
>>>>>>> staff. It's the boards job to keep watch over this, but I'm
>> personally
>>>>>>> really thrilled about this change in OWASP's organizational
>> structure.
>>>>>>> Aloha,
>>>>>>> --
>>>>>>> Jim Manico
>>>>>>> @Manicode
>>>>>>> (808) 652-3805
>>>>>>> On Apr 13, 2013, at 5:17 PM, Tobias <tobias.gondrom at owasp.org>
>> wrote:
>>>>>>>> As OWASP created the new ED position and Sarah got promoted into
>> this. Do we now intend to hire a new person to take over Sarah's previous
>> role?
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders

More information about the OWASP-Leaders mailing list