[Owasp-leaders] My views on Sarah's appointment

Eoin eoin.keary at owasp.org
Thu May 30 20:51:47 UTC 2013


Can I just say....

Voting in a paid staff member may not result in a desired outcome: reason being that Voting in general is a popularity contest. 

People may be popular, but are they the best person for the vacant role? The exec director role pretty much devolved the boards power and now the board serve as stewards. This is a great thing. 

A full time leader for the organisation who's working day consists of growing and bettering the organisation, no commercial or self serving push and pull. This is exactly what the foundation needs. 

Some people don't like change, which is curious given our industry is nothing but :)



Eoin Keary
Owasp Global Board
+353 87 977 2988


On 30 May 2013, at 17:01, Jon Molesa <rjmolesa at owasp.org> wrote:

> I feel the need to weigh in here. I can see both sides of the issue having been involved at the executive level of other organizations in the past.
> 
> First, the board is democratically elected and as such are supposed to represent the views, opinions, and visions of the members who nominated and elected them to power. Executive boards generally have been given the power to make decisions that they believe are the best for the organization without having to run every decision by the entire body. Trusting in our elected leaders to fulfill their promises and exercise good judgment is why we as a body have the board in place. Having to run every decision past the general population defeats much of the purpose of having a board in place.
> 
> However, there are times when decisions they make can be seen in a way not as intended. This usually occurs, in my experience and opinion, where money is involved. Because the resources belong to the entire membership, who in many cases helped raise the funds, it can be viewed as the board acting on self-serving interests. It also commonly happens around appointments of power.
> 
> An example from my past is when a board met at a Wendy's and approved the allocation of a large sum of money without the knowledge or consent from the organizations members. It was viewed as a reckless and careless act by the members. The ironic thing is that the boards approval did go to vote by the membership and it was passed. Later, however, it was discovered that many folks didn't understand what they were voting on and became very upset that it wasn't discussed. Following that event there was a lot of discussion and proposed amendments to the Constitution and By-laws to limit what the board could do. I found the whole thing somewhat amusing because generally the members didn't pay attention, follow along, or even discuss issues. Most people try to avoid conflict. And it did in fact somewhat negate even having a board. Ultimately I left that organization due to the politics become too much to effectively navigate. Most of the meetings revolved around appropriate use of power and money rather than the stated mission of the organization.
> 
> In this case, at OWASP, I believe the board acted within the confines of their delegated power and authority. The decision for the position of Executive Director was discussed for some time on this list as I recall. I don't recall any serious objections to the idea. However, that doesn't seem to be the issue. The issue seems to be around the selection of the person to fill that roll. Again, I don't believe the board acted outside of their delegated authority. Though there is a perception that the selection was not fair and democratic. I do not know what if any written rules or guidelines are in place as to how the position is to be filled, but at this time it's almost a moot point.
> 
> My suggestion going forward is that is that if a majority of the population feels the board acted inappropriately in this matter and there isn't any clearly written rules that dictate how the role is filled, selection criteria, hiring and firing is to be handled, then some should be drafted. If they do exist then review the actions of the board against the documentation. If they acted inappropriately, nominate and elect candidates that better represent the vision of the population.
> 
> I do want to warn though that it would be very unproductive for the person in any staff position to be replaced any time there is a new board. It would be difficult for anyone to complete a task or goal. They would also have little motivation to  act on OWASP's behalf if they believed their efforts were not valued and were going to be replaced with the next board.
> 
> I don't know if I'm making sense or not or if anyone really cares. It just reminds me of something that occurred in the past that had devastating effects on the organization. A friend of mine says that perception is reality. I don't always agree with that sentiment, but in many cases it happens to be true. We always view reality through our own filters. If people believe that the board acted inappropriately on any matter, weather they did or not, there's a perception management issue that needs to be addressed. 
> 
> My .02.
> 
> 
> On Fri, May 24, 2013 at 12:05 PM, Dinis Cruz <dinis.cruz at owasp.org> wrote:
>> Well I have written a model I like on An Idea of a new model for OWASP , which if you look at it is based on an OWASP structure:
>> 
>> a) driven by the OWASP leaders energy, activities and actions
>> b) supported by a strong, cohesive, motivated and empowered OpsTeams (i.e OWASP employees)
>> c) kept in check by a group (which you can call a 'Board' if you want) that mainly deals with community/cultural issues
>>  
>> And I quite like your reference of Ricardo Semmlers and its Industrial democracy , and if more organizations (like OWASP implement similar models, then it will stop becoming an outlier model :)  )
>> 
>> I also agree that what is done is done and nothing can be done about it, which is why I proposed a number of solutions in my blog post specially the first two, which are aimed at fixing the new OpsTeam model that break the b) point made above
>> 
>> My key problem with the current OWASP structure is that we evolved into a model where there is a huge amount of really talented OWASP leaders spent on 'organisational and political' stuff, which frankly should be handled and delegate to the OPsTeam. We need energy spent on getting stuff done and fixing application security challenges, not be involved in political fights.
>> 
>> Dinis Cruz
>> 
>> On 24 May 2013 16:17, David (dmalloc) <dmalloc at users.sourceforge.net> wrote:
>>> mparsons at parsonsisconsulting.com wrote:
>>> > +1 Dinis
>>> 
>>> I do not get the point of this thread nor the blog entry. If I was to
>>> break out my Lean hat, I would consider this a waste.
>>> 
>>> We can argue the moral implications of the selection process for the
>>> next few years and we would not find a consensus. As much as I think
>>> Dinis wants to create an organization in Ricardo Semmlers image, I also
>>> know that his success was probably a statistical outlier. Otherwise
>>> there would be thousands of organizations right now where everyone is
>>> equal and all is done by consent.
>>> 
>>> I wish you luck in that endevour, Dinis I applaud your passion and vigour.
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> 
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> 
> 
> -- 
> Jon Molesa
> rjmolesa at owasp.org
> 
> Aoccdrnig to rscheearch at an Elingsh uinervtisy, it deosn't mttaer in waht
> oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the frist
> and lsat ltteer are in the rghit pclae. The rset can be a toatl mses  and
> you can sitll raed it wouthit a porbelm. Tihs is bcuseae we do not raed
> ervey lteter by it slef but the wrod as a wlohe and the biran fguiers it
> out aynawy.
> 
> ... so please excuse me for every typo in the email above.
> 
> Reference: https://github.com/Ettercap/ettercap/blob/master/README
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130530/4614745c/attachment-0001.html>


More information about the OWASP-Leaders mailing list