[Owasp-leaders] My views on Sarah's appointment

Jon Molesa rjmolesa at owasp.org
Thu May 30 23:51:50 UTC 2013


Jon Molesa
On May 30, 2013 4:51 PM, "Eoin" <eoin.keary at owasp.org> wrote:

> Can I just say....
> Voting in a paid staff member may not result in a desired outcome: reason
> being that Voting in general is a popularity contest.
> People may be popular, but are they the best person for the vacant role?
> The exec director role pretty much devolved the boards power and now the
> board serve as stewards. This is a great thing.
> A full time leader for the organisation who's working day consists of
> growing and bettering the organisation, no commercial or self serving push
> and pull. This is exactly what the foundation needs.
> Some people don't like change, which is curious given our industry is
> nothing but :)
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
> On 30 May 2013, at 17:01, Jon Molesa <rjmolesa at owasp.org> wrote:
> I feel the need to weigh in here. I can see both sides of the issue having
> been involved at the executive level of other organizations in the past.
> First, the board is democratically elected and as such are supposed to
> represent the views, opinions, and visions of the members who nominated and
> elected them to power. Executive boards generally have been given the power
> to make decisions that they believe are the best for the organization
> without having to run every decision by the entire body. Trusting in our
> elected leaders to fulfill their promises and exercise good judgment is why
> we as a body have the board in place. Having to run every decision past the
> general population defeats much of the purpose of having a board in place.
> However, there are times when decisions they make can be seen in a way not
> as intended. This usually occurs, in my experience and opinion, where money
> is involved. Because the resources belong to the entire membership, who in
> many cases helped raise the funds, it can be viewed as the board acting on
> self-serving interests. It also commonly happens around appointments of
> power.
> An example from my past is when a board met at a Wendy's and approved the
> allocation of a large sum of money without the knowledge or consent from
> the organizations members. It was viewed as a reckless and careless act by
> the members. The ironic thing is that the boards approval did go to vote by
> the membership and it was passed. Later, however, it was discovered that
> many folks didn't understand what they were voting on and became very upset
> that it wasn't discussed. Following that event there was a lot of
> discussion and proposed amendments to the Constitution and By-laws to limit
> what the board could do. I found the whole thing somewhat amusing because
> generally the members didn't pay attention, follow along, or even discuss
> issues. Most people try to avoid conflict. And it did in fact somewhat
> negate even having a board. Ultimately I left that organization due to the
> politics become too much to effectively navigate. Most of the meetings
> revolved around appropriate use of power and money rather than the stated
> mission of the organization.
> In this case, at OWASP, I believe the board acted within the confines of
> their delegated power and authority. The decision for the position of
> Executive Director was discussed for some time on this list as I recall. I
> don't recall any serious objections to the idea. However, that doesn't seem
> to be the issue. The issue seems to be around the selection of the person
> to fill that roll. Again, I don't believe the board acted outside of their
> delegated authority. Though there is a perception that the selection was
> not fair and democratic. I do not know what if any written rules or
> guidelines are in place as to how the position is to be filled, but at this
> time it's almost a moot point.
> My suggestion going forward is that is that if a majority of the
> population feels the board acted inappropriately in this matter and there
> isn't any clearly written rules that dictate how the role is filled,
> selection criteria, hiring and firing is to be handled, then some should be
> drafted. If they do exist then review the actions of the board against the
> documentation. If they acted inappropriately, nominate and elect candidates
> that better represent the vision of the population.
> I do want to warn though that it would be very unproductive for the person
> in any staff position to be replaced any time there is a new board. It
> would be difficult for anyone to complete a task or goal. They would also
> have little motivation to  act on OWASP's behalf if they believed their
> efforts were not valued and were going to be replaced with the next board.
> I don't know if I'm making sense or not or if anyone really cares. It just
> reminds me of something that occurred in the past that
> had devastating effects on the organization. A friend of mine says that
> perception is reality. I don't always agree with that sentiment, but in
> many cases it happens to be true. We always view reality through our own
> filters. If people believe that the board acted inappropriately on any
> matter, weather they did or not, there's a perception management issue that
> needs to be addressed.
> My .02.
> On Fri, May 24, 2013 at 12:05 PM, Dinis Cruz <dinis.cruz at owasp.org> wrote:
>> Well I have written a model I like on An Idea of a new model for OWASP<http://blog.diniscruz.com/2012/10/an-idea-of-new-model-for-owasp.html> ,
>> which if you look at it is based on an OWASP structure:
>> a) driven by the OWASP leaders energy, activities and actions
>> b) supported by a strong, cohesive, motivated and empowered OpsTeams (i.e
>> OWASP employees)
>> c) kept in check by a group (which you can call a 'Board' if you want)
>> that mainly deals with community/cultural issues
>> And I quite like your reference of Ricardo Semmlers<http://en.wikipedia.org/wiki/Ricardo_Semler>and its Industrial
>> democracy <http://en.wikipedia.org/wiki/Industrial_democracy> , and if
>> more organizations (like OWASP implement similar models, then it will
>> stop becoming an outlier model :)  )
>> I also agree that what is done is done and nothing can be done about it,
>> which is why I proposed a number of solutions in my blog post<http://blog.diniscruz.com/2013/05/sarah-baso-as-owasp-executive-director.html> specially
>> the first two, which are aimed at fixing the new OpsTeam model that break
>> the b) point made above
>> My key problem with the current OWASP structure is that we evolved into a
>> model where there is a huge amount of really talented OWASP leaders spent
>> on 'organisational and political' stuff, which frankly should be handled
>> and delegate to the OPsTeam. We need energy spent on getting stuff done and
>> fixing application security challenges, not be involved in political fights.
>> Dinis Cruz
>> On 24 May 2013 16:17, David (dmalloc) <dmalloc at users.sourceforge.net>wrote:
>>> mparsons at parsonsisconsulting.com wrote:
>>> > +1 Dinis
>>> I do not get the point of this thread nor the blog entry. If I was to
>>> break out my Lean hat, I would consider this a waste.
>>> We can argue the moral implications of the selection process for the
>>> next few years and we would not find a consensus. As much as I think
>>> Dinis wants to create an organization in Ricardo Semmlers image, I also
>>> know that his success was probably a statistical outlier. Otherwise
>>> there would be thousands of organizations right now where everyone is
>>> equal and all is done by consent.
>>> I wish you luck in that endevour, Dinis I applaud your passion and
>>> vigour.
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> --
> Jon Molesa
> rjmolesa at owasp.org
> Aoccdrnig to rscheearch at an Elingsh uinervtisy, it deosn't mttaer in waht
> oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the frist
> and lsat ltteer are in the rghit pclae. The rset can be a toatl mses  and
> you can sitll raed it wouthit a porbelm. Tihs is bcuseae we do not raed
> ervey lteter by it slef but the wrod as a wlohe and the biran fguiers it
> out aynawy.
> ... so please excuse me for every typo in the email above.
> Reference: https://github.com/Ettercap/ettercap/blob/master/README
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130530/142c32e1/attachment-0001.html>

More information about the OWASP-Leaders mailing list