[Owasp-leaders] OWASP's New Executive Director - process?

Eoin eoin.keary at owasp.org
Sun Apr 14 19:01:08 UTC 2013


Thanks Gregory.
Again, if there is a negative aspect on what was done,  I speak for the board in saying we'd love to hear it.




Eoin Keary
Owasp Global Board
+353 87 977 2988


On 14 Apr 2013, at 18:08, Gregory Disney <gregory.disney at owasp.org> wrote:

> If it's a promotion there doesn't have to be a open call for candidates such as in Sarah case(she works hella hard for owasp). Lastly this is a good thing every other foundation has a executive director. OWASP needs direction to keep progression and as a incubator of innovation.  
> That's my 2 cents.
> 
> 
> On Sun, Apr 14, 2013 at 1:07 PM, Gregory Disney <gregory.disney at owasp.org> wrote:
>> Seems to be going well besides a few things here and there; how about you? 
>> oops sorry that was meant to be foward on that thread.
>> 
>> 
>> On Sun, Apr 14, 2013 at 12:37 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>> Thank you good sir!
>>> 
>>> All well with you?
>>> 
>>> Aloha,
>>> --
>>> Jim Manico
>>> @Manicode
>>> (808) 652-3805
>>> 
>>> On Apr 14, 2013, at 12:17 PM, Gregory Disney <gregory.disney at owasp.org> wrote:
>>> 
>>>> If it's a promotion there doesn't have to be a open call for candidates such as in Sarah case(she works hella hard for owasp). Lastly this is a good thing every other foundation has a executive director. OWASP needs direction to keep progression and as a incubator of innovation.  
>>>> That's my 2 cents.
>>>> 
>>>> On Apr 14, 2013 11:06 AM, "Jim Manico" <jim.manico at owasp.org> wrote:
>>>>> Rory,
>>>>> 
>>>>> I think your comment below is a fair interpretation of events.
>>>>> 
>>>>> Our intention was really innocent. We finally had the job details and job listing complete for Sarah, and so we posted it to the blog the day we sent her a copy. Then, she accepted. Which was not a given. We then published that she took the job a few days later (90 hours later).
>>>>> 
>>>>> There was no ill will here, but I can understand the perception of ill will.
>>>>> 
>>>>> One more note, there is some controversy around not having an "open listing" for this position and a call for candidates. I think that is a fair complaint.
>>>>> 
>>>>> I can only hope the members of the board have earned some trust from the OWASP community. I think that is why I (and others on the board) were elected. I truly feel that Sarah is the right person for the job. It would be impossible to find someone with her credentials knowing that we only can afford a modest salary.
>>>>> 
>>>>> If Sarah did not accept the position, I would have tried to initiate an open call for candidates. But she did accept, and I feel that OWASP will become stronger for it.
>>>>> 
>>>>> I (and the board) are very happy to answer other questions about this matter. I hope these emails clear up some of the confusion.
>>>>> 
>>>>> Respectfully,
>>>>> Jim Manico
>>>>> OWASP Board Member
>>>>> @Manicode
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> > FWIW My 0.02,
>>>>> >
>>>>> > As far as I can see the only issue is a slight perception problem around
>>>>> > the announcement process.
>>>>> >
>>>>> > The first message that went out could have been read as "OWASP has decided
>>>>> > to have an executive director position and we'll be looking start the
>>>>> > process of filling it"
>>>>> >
>>>>> > which meant that the great news of Sarah appointment 4 days later seem
>>>>> > potentially odd (i.e. if there was going to be a process of finding a
>>>>> > candidate for the role and filling it, it would have taken more than 4 days)
>>>>> >
>>>>> > What might have worked better is if the announcements of the creation of
>>>>> > the role and Sarah's appointment had been part of the same message or if
>>>>> > the first message had made it clear that the board already had someone in
>>>>> > mind for the role at that point.
>>>>> >
>>>>> > So to summarize I don't think (at least as far as I've read) has any
>>>>> > question about the robustness of the process or about who has been
>>>>> > appointed to the role, just that the communications left a gap for a level
>>>>> > of confusion.
>>>>> >
>>>>> >
>>>>> > HTH
>>>>> >
>>>>> > Rory
>>>>> >
>>>>> >
>>>>> > On Sun, Apr 14, 2013 at 3:19 PM, Eoin <eoin.keary at owasp.org> wrote:
>>>>> >
>>>>> >> Leaders, if required I believe anyone with a strong view either way could
>>>>> >> attend a conference call to go through the process of hiring our new exec.
>>>>> >>
>>>>> >> On a board level, when this role was suggested there were sceptics,
>>>>> >> supporters etc. and the issues were worked through to the final decision
>>>>> >> and outcome. So this was a robust process.
>>>>> >>
>>>>> >> I think this new role and structure should improve things for the better
>>>>> >> such as supporting chapters, defining accountability, having an official
>>>>> >> spokesperson etc.
>>>>> >>
>>>>> >> I'd like to ask what are the perceived nagative issues?
>>>>> >>
>>>>> >> Eoin Keary
>>>>> >> Owasp Global Board
>>>>> >> +353 87 977 2988
>>>>> >>
>>>>> >>
>>>>> >> On 13 Apr 2013, at 23:48, Jim Manico <jim.manico at owasp.org> wrote:
>>>>> >>
>>>>> >>> I meant 90 hours; but you get my point. :) These are good questions
>>>>> >>> and I'm endeavoring to answer them as directly and honestly as I can.
>>>>> >>>
>>>>> >>> Aloha,
>>>>> >>> --
>>>>> >>> Jim Manico
>>>>> >>> @Manicode
>>>>> >>> (808) 652-3805
>>>>> >>>
>>>>> >>> On Apr 13, 2013, at 6:47 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>>>>> >>>
>>>>> >>>> Thank you for the information and clarification. I see.
>>>>> >>>> Best regards, Tobias
>>>>> >>>>
>>>>> >>>> Ps.: btw. it seems you might have misread my email: the time from
>>>>> >>>> announcement of the role to filling it was 90 hours, not 90 days. ;-)
>>>>> >>>>
>>>>> >>>>
>>>>> >>>>
>>>>> >>>> On 13/04/13 23:39, Jim Manico wrote:
>>>>> >>>>> There was no selection process. As stated below, the board met in
>>>>> >>>>> private (because this was a staffing matter). After several rounds of
>>>>> >>>>> discussion by the board, and after an official unanimous vote, we
>>>>> >>>>> voted to promote Sarah Baso to Executive Director.
>>>>> >>>>>
>>>>> >>>>> This transpired over several weeks, not 90 days.
>>>>> >>>>> --
>>>>> >>>>> Jim Manico
>>>>> >>>>> @Manicode
>>>>> >>>>> (808) 652-3805
>>>>> >>>>>
>>>>> >>>>> On Apr 13, 2013, at 6:30 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>>>>> >>>>>
>>>>> >>>>>> Jim,
>>>>> >>>>>>
>>>>> >>>>>> hm, thanks for the answer to my question #2.
>>>>> >>>>>> I read your answer as: at the current moment a replacement hire for
>>>>> >>>>>> Sarah's previous role is not planned.
>>>>> >>>>>>
>>>>> >>>>>> And not sure whether your first part of your email is intended to be
>>>>> >> an
>>>>> >>>>>> answer to my first question of "Would you mind to share some
>>>>> >> information
>>>>> >>>>>> about the process you used for this?"
>>>>> >>>>>>
>>>>> >>>>>> Actually, although I don't like "private meetings" too much, I am less
>>>>> >>>>>> concerned about them as such, as long as the process itself is clear
>>>>> >> and
>>>>> >>>>>> is being communicated openly and allows community input (e.g. the JD
>>>>> >> and
>>>>> >>>>>> required qualifications and responsibilities and on the process, not
>>>>> >> the
>>>>> >>>>>> individual candidates). In this case I was quite surprised by how fast
>>>>> >>>>>> we moved from creation of the ED role to announcement of filling it.
>>>>> >> You
>>>>> >>>>>> did this in just 90 hours. Which is probably the fastest I have ever
>>>>> >>>>>> seen and makes me quite curious to find out what process you used. I
>>>>> >>>>>> have hired a number of people in the past and so far this is the
>>>>> >> fastest
>>>>> >>>>>> process I have ever seen, which raises a few simple questions:
>>>>> >>>>>> - at that speed, was there some kind of selection process already
>>>>> >> before
>>>>> >>>>>> the announcement of the new role and what was that?
>>>>> >>>>>> - did you have a JD (job description) with the outlined needed
>>>>> >>>>>> qualifications, experience, skills? (I saw the role description with
>>>>> >> the
>>>>> >>>>>> responsibilities of the role, but that doc didn't have any information
>>>>> >>>>>> on what person you are looking for), did you have a certain salary
>>>>> >> range
>>>>> >>>>>> in mind? etc.
>>>>> >>>>>> - How many candidates did you consider? (and were there any
>>>>> >> applications
>>>>> >>>>>> from the community in these 90hours?)
>>>>> >>>>>> - And depending on the number of applications you had, how did you
>>>>> >>>>>> determine the match and for what reason did you choose to not ask for
>>>>> >>>>>> further applications from the community?
>>>>> >>>>>> - How many interviews did you conduct, how many board members were
>>>>> >>>>>> involved in the interview process?
>>>>> >>>>>>
>>>>> >>>>>> I find your last sentence about the distribution of power interesting.
>>>>> >>>>>> And that seizing of new power sounds an alarm for you. Maybe a
>>>>> >> thought:
>>>>> >>>>>> taking a step back it seems what just happened is that in fact we did
>>>>> >>>>>> concentrate power from a group of elected people (the board) to one
>>>>> >>>>>> individual (the ED), and note: our other staff's power has probably
>>>>> >> also
>>>>> >>>>>> been reduced in relationship to the ED. I am not debating whether this
>>>>> >>>>>> is right or wrong in this case (as one might argue that the board
>>>>> >> needs
>>>>> >>>>>> to choose to delegate this power due to time constraints and/or lack
>>>>> >> of
>>>>> >>>>>> own personal capability). But using your own concept, as we
>>>>> >> concentrated
>>>>> >>>>>> power in one individual role, we should be very careful and as open as
>>>>> >>>>>> possible (of course within the legal boundaries) with the process of
>>>>> >>>>>> doing so?
>>>>> >>>>>>
>>>>> >>>>>> So I would be really interested to learn a little bit about the
>>>>> >> process
>>>>> >>>>>> OWASP used in the selection.
>>>>> >>>>>>
>>>>> >>>>>> Best wishes, Tobias
>>>>> >>>>>>
>>>>> >>>>>>
>>>>> >>>>>> Ps.: and again: Let me be clear I am making no statement about the
>>>>> >>>>>> decision itself or Sarah's qualification for this role.
>>>>> >>>>>>
>>>>> >>>>>>
>>>>> >>>>>>
>>>>> >>>>>>
>>>>> >>>>>> On 13/04/13 22:26, Jim Manico wrote:
>>>>> >>>>>>> Tobias,
>>>>> >>>>>>>
>>>>> >>>>>>> We were not seeking candidates for this role. We (unanimously)
>>>>> >>>>>>> promoted Sarah to Executive Director. Because these board
>>>>> >> conversation
>>>>> >>>>>>> were about employee matters, we had those conversations in private.
>>>>> >>>>>>> It's the •only• private board discussion that I have seen in 2013
>>>>> >>>>>>> during my term. It's the primary role of the board to hire staff
>>>>> >>>>>>>
>>>>> >>>>>>> As Executive Director, it's now Sarahs job to rearrange the staff as
>>>>> >>>>>>> she sees fit or hire someone new (if the budget allows).
>>>>> >>>>>>>
>>>>> >>>>>>> So the answer is, we shall see!
>>>>> >>>>>>>
>>>>> >>>>>>> Last note, I am very wary regarding "private board discussions". If
>>>>> >>>>>>> the board has private discussions that lead to seizing of new power,
>>>>> >>>>>>> that's a huge alarm. But the opposite happened here. We removed
>>>>> >>>>>>> operational leadership from the board and passed it to Sarah and the
>>>>> >>>>>>> staff. It's the boards job to keep watch over this, but I'm
>>>>> >> personally
>>>>> >>>>>>> really thrilled about this change in OWASP's organizational
>>>>> >> structure.
>>>>> >>>>>>>
>>>>> >>>>>>> Aloha,
>>>>> >>>>>>> --
>>>>> >>>>>>> Jim Manico
>>>>> >>>>>>> @Manicode
>>>>> >>>>>>> (808) 652-3805
>>>>> >>>>>>>
>>>>> >>>>>>> On Apr 13, 2013, at 5:17 PM, Tobias <tobias.gondrom at owasp.org>
>>>>> >> wrote:
>>>>> >>>>>>>
>>>>> >>>>>>>> As OWASP created the new ED position and Sarah got promoted into
>>>>> >> this. Do we now intend to hire a new person to take over Sarah's previous
>>>>> >> role?
>>>>> >>> _______________________________________________
>>>>> >>> OWASP-Leaders mailing list
>>>>> >>> OWASP-Leaders at lists.owasp.org
>>>>> >>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>> >> _______________________________________________
>>>>> >> OWASP-Leaders mailing list
>>>>> >> OWASP-Leaders at lists.owasp.org
>>>>> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>> >>
>>>>> >
>>>>> 
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130414/42d2ba5e/attachment-0001.html>


More information about the OWASP-Leaders mailing list