[Owasp-leaders] In Samantha's words: "Why I resigned my role at OWASP"

Josh Sokol josh.sokol at owasp.org
Mon Jun 16 14:40:40 UTC 2014

One quick point of clarification:

"In addition, while severance is typically reserved for those who are
terminated or laid off, we attempted to thank Samantha by offering her an
additional week of pay for her just less than two years of service to

This was one week of pay for EACH year of her just less than two years of
service for a total of TWO weeks of pay.


On Mon, Jun 16, 2014 at 9:25 AM, Josh Sokol <josh.sokol at owasp.org> wrote:

> While a lot of this is tied up in the legal situation that Samantha
> initiated, I'm going to speak up as much as I can in regards to this
> situation.  As Eoin pointed out, this puts us in an incredibly difficult
> position.  As much as we all would like to think that Samantha is a brave
> whistleblower who is trying to right the wrongs of our organization, this
> letter is effectively a "Plan B" of slander when her prior attempt at
> extortion and blackmail is failing due to a lack of supporting evidence.
> While she claims to have a "Civil Case" that was "dropped", the OWASP
> Foundation has still yet to see anything more than a threat accompanied by
> a demand for money.  My guess is that it was never initiated to begin with
> because her lawyer advised her that there wasn't any evidence to support
> her claims.  To the contrary, her claims of filing an EEOC complaint are
> true, but the claim is filled with fantasy and she had to lie to them to
> even get it "accepted".  OWASP is preparing a response and our lawyers
> believe that it will be dismissed.
> It's difficult to follow Samantha at this point because her claims keep
> evolving.  At first, it was a complaint made against Jim (to Michael and
> Sarah) for his public lashings of her performance on the Leaders list.
> This complaint was escalated to the Board and in true OWASP fashion we
> suggested mediation at the upcoming AppSecEU conference between Jim and
> Samantha by a professional, third-party, mediator.  That solution was
> accepted by both parties and we were quite excited that our open, honest,
> and peaceful OWASP-way would prevail.  Shortly thereafter, Samantha
> submitted her resignation and mitigation was no longer an option.  At this
> point, the complaint has been turned over to our compliance officer (Martin
> Knobloch).  He is tasked with investigating the claims in the complaint and
> providing a recommendation to the Board.  It is certainly not any of our
> desires to have this issue dropped or ignored.
> Since that time, Samantha brought myself and Eoin into the equation.
> Where I am concerned, this is the first time I've heard the complaint that
> "Another Board Member, Josh Sokol, then began to echo his accusations of my
> performance on public lists."  Being that our lists are public, I'd
> challenge you all to find any evidence to support this claim.  If you can
> find it, then I'll gladly take my lashings, but I suspect that Samantha
> provides no evidence to support her claim because it does not exist.  As
> for the situation that Samantha claims of me on May 20th, this was a
> private e-mail sent to a limited number of people where the topic of
> discussion was ways to improve OWASP projects.  I will happily provide you
> with my e-mail so that you may judge my actions:
> https://docs.google.com/document/d/1HcVSBPju2q08EK7d-kBU3ATO4sRvLePEy5ScyHldVhY/edit?usp=sharing
> Look closely and you'll see that I was actually quite complimentary of the
> work that Samantha has done so far.  That said, I don't think that Samantha
> was working in the role that best utilized her particular skill set and
> talents.  I fail to see where Samantha saw "demotion" here, because that
> was clearly not my intent, but a realignment with skills, absolutely.  I
> make no apology for that as 1) It was simply my opinion stated in a topical
> discussion and 2) its these types of decisions that I believe that the
> Board is elected to make.  I'd ask you if we would be a good employer if we
> continue to let our employees struggle in an insurmountable situation?
> I've included Samantha's response to my e-mail as I think it sheds light
> on her state-of-mind at that point in time.  This was meant to be a
> discussion with the hopes of finding an agreeable way to move forward.
> Samantha's response was that she will not accept my "demotion".  She went
> on to tell us that we can either "work with the team or leave" and that she
> was not open to discussing her position any more.  To be honest, this is
> the first time I had ever said anything about her position and it was
> prompted by feedback from others who had served on her projects team in the
> past who had stated that they felt abused by her lack of faith in their
> ideas.  I saw our projects heading in a bad direction and chose to speak up
> about it.  The lashing I received in return shut down any chance of finding
> an agreeable solution.  At this point, I decided that a response would only
> cause more problems and I asked Sarah to speak with her.  I wasn't privy to
> that conversation, but I highly doubt that Sarah said anything about her
> being fired.
> It was shortly, thereafter, that Samantha elected to resign her position
> at OWASP.  Now, ask yourself if you were (hypothetically) about to be
> fired, would the smart thing to do be to resign?  For one, you waive all
> right to unemployment benefits if you decide to leave instead of getting
> fired.  For two, if you're trying to build a case for some sort of
> "retaliation", do you instead quit and lose your "evidence"?  This has
> never added up in my mind and I hope that you will give it some thought too.
> It is true that Samantha offered to stay on for two months when she
> resigned.  That said, take a look at her response to my e-mail and ask
> yourself if that's the kind of employee that you want hanging around your
> company for two months?  She's angry, unwilling to take advice or feedback,
> and did I mention that she added every single member of the OWASP staff to
> this response as well?  In my opinion, Samantha was trying to poison the
> well with our other employees and it had gone from a constructive situation
> to a destructive one.  The Board unanimously agreed that two weeks was
> sufficient for Samantha to transition her work and that two months was
> unnecessary.  In addition, while severance is typically reserved for those
> who are terminated or laid off, we attempted to thank Samantha by offering
> her an additional week of pay for her just less than two years of service
> to OWASP.  We used a boilerplate letter that, yes, also included some
> verbiage about waiving her right to sue.  Nobody thought to remove it since
> it was Samantha's choice to resign.  Samantha then elected not to take what
> was offered, and escalated to a formal legal letter demanding "a more
> realistic severance package that would cover all the time I invested at
> OWASP" along with punitive damages, the removal of Board members, and the
> ability for staff to remove Board members, among other things.  This is
> where things have been left in the hands of our lawyers.
> Samantha has a lot to say, and her story keeps changing, but the one thing
> that it is constantly lacking is actual evidence of her claims.  It's just
> one fabrication after another and while I've been encouraged to keep quiet
> while the lawyers work things out, now that she's chosen to make a public
> slander of my name and reputation, I'm no longer content with that as an
> option.  Leaders, I will state, on record, that I don't feel that the Board
> has done anything wrong in this situation.  Remember, we are a Board of
> seven people and every activity taken has happened with unanimous support.
> While I certainly regret the outcome, the escalation to lawyers was done by
> Samantha, not the Board.  In addition, Martin is actively investigating
> Samantha's various claims.  I think that I've said everything that I can
> without breaching confidentiality, but this e-mail is wrong on so many
> levels it's disgusting.  I'll leave it to others to determine what they
> will or will not share here, but I can't stand by listening to these lies
> anymore.
> ~josh
> On Mon, Jun 16, 2014 at 8:04 AM, Arturo 'Buanzo' Busleiman <
> buanzo at buanzo.com.ar> wrote:
>> I am listening to the others involved if they can/want to tell their
>> story.
>> Yes. I got in just to say this.
>> Something happened on the way to owasp-heaven. Those I met and befriended
>> 6, 7 years ago can probably say the same.
>> On Jun 16, 2014 9:56 AM, "Dinis Cruz" <dinis.cruz at owasp.org> wrote:
>>> Well, I think the affected parties should now present their side of the
>>> story.
>>> Also Samantha as dropped the main legal action, and offered a way out to
>>> deal with the others.
>>> What would be nice is if we could have good visibility into what really
>>> happened (and lets not use legal action as an excuse to have more 'behind
>>> the scenes' threads or conversations (which is one of the root causes of
>>> the current situation)).
>>> As yes, that story is written from Samantha's point of view, which of
>>> course is biased on her favour (which is why it is important to have
>>> multiple views of the issues raised)
>>>  Dinis
>>> On 16 June 2014 13:47, Eoin Keary <eoin.keary at owasp.org> wrote:
>>>> Hi Dinis,
>>>> This is a bit unfair as its only one side of the issue and is also
>>>> disputed...
>>>> I believe there is legal action being pursued by both sides which your
>>>> email below may cause bias and affect the outcome.
>>>> Eoin Keary
>>>> Owasp Global Board
>>>> +353 87 977 2988
>>>> On 16 Jun 2014, at 13:08, Dinis Cruz <dinis.cruz at owasp.org> wrote:
>>>> In her own words (I made no changes to the text), please find below
>>>> Samantha's version of why she left OWASP.
>>>> I'm posting this email on her behalf because she doesn't have access to
>>>> her OWASP email anymore.
>>>> My view is that we should use the current environment to change OWASP
>>>> (for the better), since the current system has lots of good intentions, but
>>>> tends to push great and honest OWASP leaders to behave in damaging ways
>>>> (i.e its the system that is broken, not the people (as well described in
>>>> the The USA is Lesterland <http://lesterland.lessig.org> concept)).
>>>> For me, the key problem is the 'Myth of the OWASP leader', which I've
>>>> written about at On the unrealistic expectations on OWASP board
>>>> members, and the 'myth of the OWASP Board member'
>>>> <http://blog.diniscruz.com/2014/04/on-unrealistic-expectations-on-owasp.html> ,
>>>> and creates situations like the ones described below
>>>> Samantha is being very brave and courageous: by sharing her feeling
>>>> like this, by offering an olive branch and by making requests that
>>>> ultimately will help OWASP (an entity and group that she clearly still
>>>> loves). I'm very proud of her.
>>>> Please read the email carefully, and if you can, please help in
>>>> wrapping this up, in an positive way for all parties involved.
>>>> Dinis Cruz
>>>> (just an OWASP leader that cares about OWASP)
>>>> ------------------BEGIN OF SAMANTHA'S POST-----------------------------
>>>> *Title: Why I resigned my role at OWASP*
>>>> Hello Leaders,
>>>> Quite a few of you have reached out to me and have asked me why I made
>>>> the decision to leave OWASP. I have received over 150 e-mails expressing
>>>> shock, distress, and concern over my resignation. Many of you thought I was
>>>> moving on to another job, and others were concerned that I resigned under
>>>> duress. I really didn’t want to have to give a full explanation surrounding
>>>> the details of my departure, but a very good friend convinced me to tell my
>>>> story. He let me know that my departure was so sudden, that I owed it to
>>>> the community (many of you my close friends) to tell the truth from my
>>>> perspective. So here it is:
>>>> I did resign under duress. I resigned without having anything to fall
>>>> back on. I am at risk of losing my home because of it, and I have gone
>>>> through some very difficult financial hardships as a result. I knew this
>>>> would happen going into it, but I just could not take the abusive behavior
>>>> I was enduring anymore from several members of the board of directors. I
>>>> felt backed into a corner so I did what any person would do under this
>>>> amount of stress. I sought help. The individuals that helped me encouraged
>>>> me to press charges against these people, so I did. I pressed charges
>>>> against Jim Manico, Josh Sokol, and Eoin Keary with the Federal Equal
>>>> Employment Opportunity Commission law enforcement agency of the United
>>>> States. They took my case, and they began moving forward with the
>>>> investigation. Below is the timeline of events I shared with them. I have
>>>> left out some of the more embarrassing details as my point is not to shame
>>>> anyone, but to tell the truth from my perspective.
>>>> ##########################
>>>> *Background:*
>>>> October 2013: I discovered, due to the nature of my job which is
>>>> managing projects, that a member of the Board of Directors, Eoin, was
>>>> mis-managing project funds. I brought this to his attention one year prior
>>>> to the first incident, thinking it was simply an oversight. He did not take
>>>> action for a year, and when pushed to produce the funds, I let him know
>>>> that they did not exist as I mentioned to him one year prior. He then
>>>> proceeded to blame me for the mis-management of funds on public forums.
>>>> November 2013: At a very high profile, public conference (AppSec USA
>>>> 2013) which I was one of the planners for, Jim Manico used sexually
>>>> aggressive and offensive, gender specific language against me in front of
>>>> my co-workers, other board members, and volunteers. I believe it was a
>>>> direct result of the conflict that arose with his business partner, Eoin,
>>>> one month prior. It is not the first time Jim has used this type of
>>>> language against a female staff member in public.
>>>> March 2014: Jim Manico began the public accusations surrounding my work
>>>> performance. He submitted statements on public lists that go out to 42,000
>>>> sponsors, partners, and volunteers. He claimed that I was not doing my job,
>>>> despite the Executive Director letting him know that his statements were
>>>> false as I have excellent performance reviews. He continued these public
>>>> accusations, made without evidence, for the next 3 months.
>>>> April 2014: Jim Manico continued to make public accusations surrounding
>>>> my work performance despite having been made aware that his statements were
>>>> inaccurate by my direct supervisor and the Executive Director of the
>>>> company. Another Board Member, Josh Sokol, then began to echo his
>>>> accusations of my performance on public lists.
>>>> April 07, 2014: I received a call from a very prominent project
>>>> sponsor, letting me know that Jim Manico directly called him to discuss my
>>>> performance as this sponsor and I were working together on a large project.
>>>> Keep in mind, Jim is not my supervisor. He is a volunteer and does not have
>>>> authority to manage foundation staff. The sponsor called me as he thought
>>>> Jim’s call was very unprofessional, and we subsequently lost the
>>>> opportunity because of it. The sponsor and I had been working on this
>>>> opportunity for 6 months.
>>>> April 30th, 2014: I submitted a formal complaint about Jim’s behavior
>>>> to the Executive Director and the Chairman of the Board of Directors. It
>>>> was accepted and acknowledged.
>>>> May 20th, 2014: The public accusations of poor work performance
>>>> continued. Josh Sokol asked me to accept a demotion, because Jim Manico
>>>> claimed I was not qualified for my position. This was done  without any
>>>> evidence or any authority as I did not work for the board of directors. I
>>>> worked for the OWASP community and the Executive Director.
>>>> May 23rd, 2014: I declined the demotion offer. Eoin Keary encouraged me
>>>> to leave OWASP if I didn’t like it. The Executive Director resigned her
>>>> post.
>>>> May 27th, 2014: The Executive Director informed me that the Board of
>>>> Directors intended to dismiss me from my post as they let her know they
>>>> were taking executive control of the organization since she resigned. I
>>>> resigned my post the same day as it was made clear to me by my boss that I
>>>> would be fired very shortly, anyway. No reason was given to me as to why I
>>>> would be fired other than I defended myself against false accusations about
>>>> my performance made by Jim, Josh, and Eoin. I offered a two month
>>>> transition period as I have many projects, grants, events, and staff I
>>>> supervise, to transition after my departure.
>>>> May 28th, 2014: The members of the board asked the Executive Director
>>>> to send me termination agreements where they asked me to waive my rights to
>>>> sue them for damages, and waive my rights to my complaint submitted on
>>>> April 30th, 2014. They also wanted me to remain silent about the details
>>>> listed above. They offered me money in exchange for the waiver of my
>>>> rights. I declined the money and pressed charges. The ED also let me know
>>>> that the board decided that 2 weeks would be sufficient time to transition
>>>> my projects to other staff members.
>>>> ##########################
>>>> This is why I resigned, from my perspective. Just as one board member
>>>> encouraged a volunteer to share her frustrations, I feel I have the same
>>>> right to share mine. I want to stress, that I DO NOT want to dwell on the
>>>> details of what happened. I want us to take this as a learning opportunity
>>>> to move forward in the best interests of the OWASP community.
>>>> After I resigned, I shared all of this with a handful of friends. One
>>>> of them spent quite a bit of time helping me through all of this. After
>>>> discussing everything that occurred, and talking through the ramifications
>>>> of all of this, he encouraged me to think about what would happen to OWASP
>>>> and all of the people involved in all of the different programs I helped
>>>> create here. So, as a favor to him, I reflected on this for some time
>>>> before taking any further action. I then spoke to my attorney, and after
>>>> some time and hours of discussion, I decided to drop the civil lawsuit I
>>>> was pursuing. I am also willing to drop the charges against Jim, Josh, and
>>>> Eoin, but I need the acceptance of the following from the OWASP Board of
>>>> Directors before I do:
>>>> 1. I want a sincere, public apology from the OWASP Board for your gross
>>>> misconduct against me, your inappropriate, condescending, and outright
>>>> un-justifiably aggressive behavior towards the OWASP staff, and for wasting
>>>> the OWASP community’s time instead of doing what you were elected to do
>>>> which is to set a strategic direction for this company.
>>>> 2. I want an open, RESPECTFUL, discussion about what happened here
>>>> between the OWASP board members, the OWASP community, and the OWASP staff.
>>>> OWASP lost two staff members in the span of a week. That is a HUGE red flag
>>>> to any organization with such a small operations team.
>>>> 3. I also want all parties involved to take the time to check their
>>>> attitudes, and leave any superiority complex, in the rubbish bin. We are a
>>>> huge community, and we are all at different stages in our careers. I know
>>>> this is a taboo subject, but I wanted to make one thing very clear. Your
>>>> title and  paycheck can change at a moments notice. What matters is how you
>>>> treat one another, because as my father has taught me, you never know when
>>>> you are going to need to knock on MY door to ask ME for money, a favor, or
>>>> a job. Be RESPECTFUL to one another. You are ALL the same no matter what
>>>> profession you choose, how much you make, or where you are from.
>>>> If I get an agreement to the items above from all members of the OWASP
>>>> board especially Jim, Josh and Eoin, then I promise to drop the charges I
>>>> filed against you. The ball is in your court, gentlemen. I am offering you
>>>> an olive branch. I suggest you take it.
>>>> I want OWASP to get to a point where we can have open honest
>>>> discussions with one another that are respectful, professional, and devoid
>>>> of malice and vindictiveness. That is the only way this community is going
>>>> to grow and change for the better, I feel.
>>>> In regard to my situation, rest assured, Dennis and I are ok. It will
>>>> take time to recuperate what we have lost, but we are quite a resilient
>>>> partnership that works very well together. Thankfully, lady luck was on my
>>>> side and I was snatched up by a fantastic non-profit foundation shortly
>>>> after my resignation. I am now the Director of Development for this
>>>> organization, and I couldn’t be happier. I guess my work speaks for itself.
>>>> ;-)
>>>> In closing, OWASP Board, I will wait for your agreement to the items
>>>> listed above, Jim, Josh, and Eoin, especially. If we are all willing to
>>>> discuss this openly, then I will do as promised. I will provide you with my
>>>> federal agent’s details if you want confirmation.
>>>> For the rest of the OWASP community… I love you, I wish you the best,
>>>> and please help one another in times of need. You are all a family. Treat
>>>> each other as such. My door (wherever that may be) will always be open to
>>>> you no matter what, even you, Jim, Josh, and Eoin. If you ever need us,
>>>> Dennis and I are just an e-mail away. Please don’t hesitate to reach out.
>>>> So long for now OWASP, and thanks for all the fish.
>>>> With love,
>>>> Samantha
>>>> ------------------END OF SAMANTHA'S POST-----------------------------
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140616/78f8d325/attachment-0001.html>

More information about the OWASP-Leaders mailing list