[Owasp-leaders] Vote by email: Establishing OWASP Regional Security Councils

Tom Brennan - OWASP tomb at owasp.org
Wed Jan 6 18:58:16 UTC 2016

*Board Members:*

A vote by email has been requested per *section 3.09 *Foundation Bylaws

Approve the establishment of Regional Representation of OWASP Foundation to
focus on the core projects and efforts of the foundation to be known as:

*-- Asia-Pacific Security Council (APSC) -- North America Security Council
(NASC) -- Europe Middle East and Africa Security Council (ESC) -- Latin
America Security Council (LASC) *

VOTES (please reply-all with your vote)
Tom - Motion / Yes
Jim -
Tobias -
Matt -
Anthony -
Michael -
Josh -

*On Background:*

*OWASP is built on self-organized efforts bottom up.*  Regional and
cultures are different around the world... never mind time zones.  OWASP
needs to reenergize regional coordination of projects activities, events,
summits, etc.  The motion is requesting a formal approval process to
establish regional advisory councils/committees as the first order of
business for our community volunteers in 2016. Each committee should be
8-12 people.  Since we have "45,000" people in the community should not be
to hard to pick +/- 40 from the membership of 2508 as of today.

Once approved OWASP has highlighted and empowered more volunteers to
self-organize and participate on core aspects of OWASP Foundation and
recognition of their time investment, locally and raises visibility
globally in key regions.

*How do we then fill the Councils with members?*

*Step #2 is simple*, the board will ask for self nominations, solicit and
appoint interested parties vetted with assistance of community members and
staff associated with industry users and/or leaders of projects to be
appointed for a (1) year term to these advisory boards. *This creates quick
and swift action and energy around the world aligned to the mission of the
charity and the strategic goals of 2016.*

*But isn't that why Committee 2.0 was created?*

Yes, but it needs help to get off the ground and implementation. So to jump
start it, you must start off with one year appointment of task forces then
we can follow Committee 2.0
https://owasp.org/index.php/Governance/OWASP_Committees and adjust as
needed.  This fantastic guidance document has had unfortunately no action
taken by the community so we need to *JUMP START IT *and the community will
evolve bottom up.

*How do we know what they are working on?*
Not a big fan of micro management.. but I agree that if it is worth doing,
funding then metrics should be measured. Requesting a summary roll-up
report from each committee chairman simply outlining PLANS for next three
months, PROGRESS from last three months and PROBLEMS that they may need the
board to noodle on and help with.  This should be supplied starting with Q2
board meeting to update on any efforts that they have self organized and to
demonstrate the cascading communication (
https://www.owasp.org/index.php/OWASP_Strategic_Goals) of strategic goals

In edition to encouraging virtual meetings, the groups will self regulate
and will likely rally at min.,  2x per year. 1x locally at regional project
summary  and 1x at global project summit off-site.  This will self level.

*What are the roles of the OWASP staff in these groups?*
The councils are self-organized by the regional members. Employees aka:
OWASP Foundation Operations provide support to EVERYONE so if a council
needs something they can request it just like everyone does everyday
example: https://www.tfaforms.com/308703 and the requests will be responded
to or escalated as needed.  We are establishing working committees and
leaders in regional groups, this is going back to basics and helping to
drive regional coordination and advisory status.

*Who do you think should be appointed Tom?*

IMHO Tip of my tongue are the candidates from 2015/2014 elections in their
regions of the world have already stated the "why me" lets not lose that
energy rather encourage it!

Abbas Naderi Afooshteh
Jonathan Carter
Bill Corry
Nigel Phair
Milton Smith
Timur Khrotko
Tahir Khan
<insert others that are regionally recognized by their peers have expressed
they want to help the OWASP Mission>

*We need a taskforce or a committee for X this will mess that up...*
When a defined need is established for a short or long term taskforce,
project, committee etc...etc.. the first thing we do is ask each of these
councils to represent their region of the world and take a active part in
the discussion.  If that does not fit then it does not limit a additional *"get
things done committee"* to work on and as we know is true it will be a
collection of people that have time to volunteer and that is OPEN to

If we do this will it upset the annual election process?
*It will enhance it actually..... *This model provides a pool of 40+ vetted
people in the community that if they want to serve on a regional board and
then run for a global board they have a proven track record of getting
things done.

If more discussion is needed happy to discuss on the NEXT board meeting OR
if you prefer to discuss it more just call me to understand the spirit of
the end goal.

Skype: proactiverisk
Phone: 973-506-9304

Tom Brennan
Global Board Member
OWASP Foundation

The information contained in this message and any attachments may be 
privileged, confidential, proprietary or otherwise protected from 
disclosure. If you, the reader of this message, are not the intended 
recipient, you are hereby notified that any dissemination, distribution, 
copying or use of this message and any attachment is strictly prohibited. 
If you have received this message in error, please notify the sender 
immediately by replying to the message, permanently delete it from your 
computer and destroy any printout.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160106/92c558c0/attachment-0001.html>

More information about the OWASP-Leaders mailing list