[Owasp-leaders] In Samantha's words: "Why I resigned my role at OWASP"

Dinis Cruz dinis.cruz at owasp.org
Mon Jun 16 12:08:12 UTC 2014

In her own words (I made no changes to the text), please find below
Samantha's version of why she left OWASP.

I'm posting this email on her behalf because she doesn't have access to her
OWASP email anymore.

My view is that we should use the current environment to change OWASP (for
the better), since the current system has lots of good intentions, but
tends to push great and honest OWASP leaders to behave in damaging ways
(i.e its the system that is broken, not the people (as well described in
the The USA is Lesterland <http://lesterland.lessig.org> concept)). For me,
the key problem is the 'Myth of the OWASP leader', which I've written about
at On the unrealistic expectations on OWASP board members, and the 'myth of
the OWASP Board member'
<http://blog.diniscruz.com/2014/04/on-unrealistic-expectations-on-owasp.html> ,
and creates situations like the ones described below

Samantha is being very brave and courageous: by sharing her feeling like
this, by offering an olive branch and by making requests that ultimately
will help OWASP (an entity and group that she clearly still loves). I'm
very proud of her.

Please read the email carefully, and if you can, please help in wrapping
this up, in an positive way for all parties involved.

Dinis Cruz
(just an OWASP leader that cares about OWASP)

------------------BEGIN OF SAMANTHA'S POST-----------------------------

*Title: Why I resigned my role at OWASP*

Hello Leaders,

Quite a few of you have reached out to me and have asked me why I made the
decision to leave OWASP. I have received over 150 e-mails expressing shock,
distress, and concern over my resignation. Many of you thought I was moving
on to another job, and others were concerned that I resigned under duress.
I really didn’t want to have to give a full explanation surrounding the
details of my departure, but a very good friend convinced me to tell my
story. He let me know that my departure was so sudden, that I owed it to
the community (many of you my close friends) to tell the truth from my
perspective. So here it is:

I did resign under duress. I resigned without having anything to fall back
on. I am at risk of losing my home because of it, and I have gone through
some very difficult financial hardships as a result. I knew this would
happen going into it, but I just could not take the abusive behavior I was
enduring anymore from several members of the board of directors. I felt
backed into a corner so I did what any person would do under this amount of
stress. I sought help. The individuals that helped me encouraged me to
press charges against these people, so I did. I pressed charges against Jim
Manico, Josh Sokol, and Eoin Keary with the Federal Equal Employment
Opportunity Commission law enforcement agency of the United States. They
took my case, and they began moving forward with the investigation. Below
is the timeline of events I shared with them. I have left out some of the
more embarrassing details as my point is not to shame anyone, but to tell
the truth from my perspective.



October 2013: I discovered, due to the nature of my job which is managing
projects, that a member of the Board of Directors, Eoin, was mis-managing
project funds. I brought this to his attention one year prior to the first
incident, thinking it was simply an oversight. He did not take action for a
year, and when pushed to produce the funds, I let him know that they did
not exist as I mentioned to him one year prior. He then proceeded to blame
me for the mis-management of funds on public forums.

November 2013: At a very high profile, public conference (AppSec USA 2013)
which I was one of the planners for, Jim Manico used sexually aggressive
and offensive, gender specific language against me in front of my
co-workers, other board members, and volunteers. I believe it was a direct
result of the conflict that arose with his business partner, Eoin, one
month prior. It is not the first time Jim has used this type of language
against a female staff member in public.

March 2014: Jim Manico began the public accusations surrounding my work
performance. He submitted statements on public lists that go out to 42,000
sponsors, partners, and volunteers. He claimed that I was not doing my job,
despite the Executive Director letting him know that his statements were
false as I have excellent performance reviews. He continued these public
accusations, made without evidence, for the next 3 months.

April 2014: Jim Manico continued to make public accusations surrounding my
work performance despite having been made aware that his statements were
inaccurate by my direct supervisor and the Executive Director of the
company. Another Board Member, Josh Sokol, then began to echo his
accusations of my performance on public lists.

April 07, 2014: I received a call from a very prominent project sponsor,
letting me know that Jim Manico directly called him to discuss my
performance as this sponsor and I were working together on a large project.
Keep in mind, Jim is not my supervisor. He is a volunteer and does not have
authority to manage foundation staff. The sponsor called me as he thought
Jim’s call was very unprofessional, and we subsequently lost the
opportunity because of it. The sponsor and I had been working on this
opportunity for 6 months.

April 30th, 2014: I submitted a formal complaint about Jim’s behavior to
the Executive Director and the Chairman of the Board of Directors. It was
accepted and acknowledged.

May 20th, 2014: The public accusations of poor work performance continued.
Josh Sokol asked me to accept a demotion, because Jim Manico claimed I was
not qualified for my position. This was done  without any evidence or any
authority as I did not work for the board of directors. I worked for the
OWASP community and the Executive Director.

May 23rd, 2014: I declined the demotion offer. Eoin Keary encouraged me to
leave OWASP if I didn’t like it. The Executive Director resigned her post.

May 27th, 2014: The Executive Director informed me that the Board of
Directors intended to dismiss me from my post as they let her know they
were taking executive control of the organization since she resigned. I
resigned my post the same day as it was made clear to me by my boss that I
would be fired very shortly, anyway. No reason was given to me as to why I
would be fired other than I defended myself against false accusations about
my performance made by Jim, Josh, and Eoin. I offered a two month
transition period as I have many projects, grants, events, and staff I
supervise, to transition after my departure.

May 28th, 2014: The members of the board asked the Executive Director to
send me termination agreements where they asked me to waive my rights to
sue them for damages, and waive my rights to my complaint submitted on
April 30th, 2014. They also wanted me to remain silent about the details
listed above. They offered me money in exchange for the waiver of my
rights. I declined the money and pressed charges. The ED also let me know
that the board decided that 2 weeks would be sufficient time to transition
my projects to other staff members.


This is why I resigned, from my perspective. Just as one board member
encouraged a volunteer to share her frustrations, I feel I have the same
right to share mine. I want to stress, that I DO NOT want to dwell on the
details of what happened. I want us to take this as a learning opportunity
to move forward in the best interests of the OWASP community.

After I resigned, I shared all of this with a handful of friends. One of
them spent quite a bit of time helping me through all of this. After
discussing everything that occurred, and talking through the ramifications
of all of this, he encouraged me to think about what would happen to OWASP
and all of the people involved in all of the different programs I helped
create here. So, as a favor to him, I reflected on this for some time
before taking any further action. I then spoke to my attorney, and after
some time and hours of discussion, I decided to drop the civil lawsuit I
was pursuing. I am also willing to drop the charges against Jim, Josh, and
Eoin, but I need the acceptance of the following from the OWASP Board of
Directors before I do:

1. I want a sincere, public apology from the OWASP Board for your gross
misconduct against me, your inappropriate, condescending, and outright
un-justifiably aggressive behavior towards the OWASP staff, and for wasting
the OWASP community’s time instead of doing what you were elected to do
which is to set a strategic direction for this company.

2. I want an open, RESPECTFUL, discussion about what happened here between
the OWASP board members, the OWASP community, and the OWASP staff. OWASP
lost two staff members in the span of a week. That is a HUGE red flag to
any organization with such a small operations team.

3. I also want all parties involved to take the time to check their
attitudes, and leave any superiority complex, in the rubbish bin. We are a
huge community, and we are all at different stages in our careers. I know
this is a taboo subject, but I wanted to make one thing very clear. Your
title and  paycheck can change at a moments notice. What matters is how you
treat one another, because as my father has taught me, you never know when
you are going to need to knock on MY door to ask ME for money, a favor, or
a job. Be RESPECTFUL to one another. You are ALL the same no matter what
profession you choose, how much you make, or where you are from.

If I get an agreement to the items above from all members of the OWASP
board especially Jim, Josh and Eoin, then I promise to drop the charges I
filed against you. The ball is in your court, gentlemen. I am offering you
an olive branch. I suggest you take it.

I want OWASP to get to a point where we can have open honest discussions
with one another that are respectful, professional, and devoid of malice
and vindictiveness. That is the only way this community is going to grow
and change for the better, I feel.

In regard to my situation, rest assured, Dennis and I are ok. It will take
time to recuperate what we have lost, but we are quite a resilient
partnership that works very well together. Thankfully, lady luck was on my
side and I was snatched up by a fantastic non-profit foundation shortly
after my resignation. I am now the Director of Development for this
organization, and I couldn’t be happier. I guess my work speaks for itself.

In closing, OWASP Board, I will wait for your agreement to the items listed
above, Jim, Josh, and Eoin, especially. If we are all willing to discuss
this openly, then I will do as promised. I will provide you with my federal
agent’s details if you want confirmation.

For the rest of the OWASP community… I love you, I wish you the best, and
please help one another in times of need. You are all a family. Treat each
other as such. My door (wherever that may be) will always be open to you no
matter what, even you, Jim, Josh, and Eoin. If you ever need us, Dennis and
I are just an e-mail away. Please don’t hesitate to reach out.

So long for now OWASP, and thanks for all the fish.

With love,


------------------END OF SAMANTHA'S POST-----------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140616/edcb1104/attachment.html>

More information about the OWASP-Leaders mailing list