[Owasp-leaders] Vote by email: Establishing OWASP Regional Security Councils

johanna curiel curiel johanna.curiel at owasp.org
Sat Jan 9 19:54:08 UTC 2016


HI Noreen

I completely agree with many of your statements however I would like to add
that for some regions, like in the caribbean, community is really small and
interest in the  subject is also very limited.

In the past I tried creating these meetings but since the amount/percentage
statistically speaking of people interested is so small it was not worth
it. The subject is not as mature as it happens in Europe and in US for
example where security is a big priority for many businesses. Right now I
have one on one ,meetings with people interested in talking and discussing
about security.

No surprise the caribbean region's chapters are all inactive. And does not
surprise me that in Latin America this is quite limited with exceptions of
some countries that are doing quite well like Argentina and Chile for
example, but compare to US and EU still in their infancy.

So I think it is not only about having advice for mature chapters but the
statistics and maturity level of Security Industry in that country plays
also a major role.

Regards

Johanna



On Sat, Jan 9, 2016 at 2:56 PM, Noreen Whysel <noreen.whysel at owasp.org>
wrote:

> Here is what I have learned from just over a year as community manager:
>
> Many chapters especially in developing areas are starting literally from
> scratch. There may be rampant security issues and little understanding or
> process from within the application developer community. In those cases we
> have lone warriors attempting to create a space for cybersecurity education
> and combatting attacks on web applications.
>
> Successful, new chapters reach out to universities to engage computer
> science students in these topics, incorporate OWASP training materials into
> the curriculum and develop a new generation of security aware
> professionals. Some go further to involve the local government, law
> enforcement, and NGOs in cybersecurity awareness programs. Eventually,
> awareness campaigns will increase chapter membership, allocations from the
> Foundation help to cover startup meeting costs, and eventually corporate
> sponsorship becomes a viable and important addition to chapter activities.
> Over time, larger membership means a larger pool from which to draw new
> leaders.
>
> Mature chapters can draw on their experience to educate and mentor other,
> newer chapters and we have seen some country and regional leaders emerge to
> take on this role. I think formulating a regional committee as a mentoring
> role, not just as oversight, will result in stronger local chapters.
>
> Noreen Whysel
> Community Manager
> OWASP Foundation
>
> On Jan 9, 2016, at 11:34 AM, John Patrick Lita <
> john.patrick.lita at owasp.org> wrote:
>
>
> Thank Josh for the Comment..if that so you have a point, i think we are
> still in the beginning establishing the name of our foundation here in
> philippines, we start introducing the foundation in school, and the next
> step is on the corporate side, i hope that someday i can find someone who
> is fit to continue what i started...
>
> On Sat, Jan 9, 2016 at 8:13 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
>
>> 1) Jim: The motion has not been seconded and no vote can take place until
>> that happens.
>>
>> 2) John Patrick Lita: I hear what you're saying and I agree 100% that
>> there needs to be leadership established and ready to take over if someone
>> can't do it any longer, but no regional council will be able to do that for
>> you.  It is solely in the chapter leaders hands to try and identify and
>> develop their replacement.  In Austin, we handle this situation by having a
>> large leadership team around the official chapter leader.  The current
>> leader will pass the baton to a new leader every two years.  Knowing this
>> in advance means that you are actively involving others to make that
>> transition as seamless as possible because it's not a question of "if" and,
>> in fact, you know "when".
>>
>> ~josh
>>
>> On Sat, Jan 9, 2016 at 4:50 AM, John Patrick Lita <
>> john.patrick.lita at owasp.org> wrote:
>>
>>> i think we need to create this to avoid Chapter Abandonment, and replace
>>> it with Chapter Leader Replacement,
>>> with this Regional Council, It can help continue the chapter to be
>>> active and working. i was thinking about this when i started reviving the
>>> OWASP Manila Chapter, what will happen if i want to take down my hand being
>>> a chapter leader?
>>>
>>> What happen to all the efforts that we did here,? if there is someone
>>> that can take over to my place there will be no problem, but what if there
>>> is no one can continue the awareness project??
>>>
>>> If we can create a council here in Philippines we can Create more
>>> chapters and volunteers, and chapters will continue.
>>>
>>> On Sat, Jan 9, 2016 at 6:28 PM, Eoin Keary <eoin.keary at owasp.org> wrote:
>>>
>>>> I thought chapters were regional representation. Just sayin :)
>>>>
>>>> Eoin Keary
>>>> OWASP Volunteer
>>>> @eoinkeary
>>>>
>>>>
>>>>
>>>> On 9 Jan 2016, at 07:15, Jim Manico <jim.manico at owasp.org> wrote:
>>>>
>>>> Tom,
>>>>
>>>> I vote yes. To
>>>>
>>>> I think it's important to support experimentation.
>>>>
>>>> To some degree I do not think we should need to vote; just do it.
>>>>
>>>> If a new structure causes more people to get together and talk about
>>>> security and making OWASP better then awesome.
>>>>
>>>> - Jim
>>>>
>>>>
>>>>
>>>>>> On Wed, Jan 6, 2016 at 1:58 PM, Tom Brennan - OWASP <tomb at owasp.org>
>>>>>> wrote:
>>>>>>
>>>>>>> *Board Members:*
>>>>>>>
>>>>>>> A vote by email has been requested per *section 3.09 *Foundation
>>>>>>> Bylaws
>>>>>>>
>>>>>>> https://www.owasp.org/images/e/e1/OWASPByLawsOfficial-25Sept2015CLEAN.pdf
>>>>>>>
>>>>>>> *Motion:*
>>>>>>> Approve the establishment of Regional Representation of OWASP
>>>>>>> Foundation to focus on the core projects and efforts of the foundation to
>>>>>>> be known as:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> *-- Asia-Pacific Security Council (APSC)  -- North America Security
>>>>>>> Council (NASC)  -- Europe Middle East and Africa Security Council (ESC)  --
>>>>>>> Latin America Security Council (LASC) *
>>>>>>>
>>>>>>> VOTES (please reply-all with your vote)
>>>>>>> Tom - Motion / Yes
>>>>>>> Jim -
>>>>>>> Tobias -
>>>>>>> Matt -
>>>>>>> Anthony -
>>>>>>> Michael -
>>>>>>> Josh -
>>>>>>>
>>>>>>> *On Background:*
>>>>>>>
>>>>>>> *OWASP is built on self-organized efforts bottom up.*  Regional and
>>>>>>> cultures are different around the world... never mind time zones.  OWASP
>>>>>>> needs to reenergize regional coordination of projects activities, events,
>>>>>>> summits, etc.  The motion is requesting a formal approval process to
>>>>>>> establish regional advisory councils/committees as the first order of
>>>>>>> business for our community volunteers in 2016. Each committee should be
>>>>>>> 8-12 people.  Since we have "45,000" people in the community should not be
>>>>>>> to hard to pick +/- 40 from the membership of 2508 as of today.
>>>>>>> https://docs.google.com/spreadsheets/d/1-yoQ0XTBPfmZEvVSvXey0w3nGZXG2Ctbn3o_mXL7dAU/edit
>>>>>>> <https://docs.google.com/spreadsheets/d/1-yoQ0XTBPfmZEvVSvXey0w3nGZXG2Ctbn3o_mXL7dAU/edit>
>>>>>>>
>>>>>>> Once approved OWASP has highlighted and empowered more volunteers to
>>>>>>> self-organize and participate on core aspects of OWASP Foundation and
>>>>>>> recognition of their time investment, locally and raises visibility
>>>>>>> globally in key regions.
>>>>>>>
>>>>>>> *FAQ1*
>>>>>>> *How do we then fill the Councils with members?*
>>>>>>>
>>>>>>> *Step #2 is simple*, the board will ask for self nominations,
>>>>>>> solicit and appoint interested parties vetted with assistance of community
>>>>>>> members and staff associated with industry users and/or leaders of projects
>>>>>>> to be appointed for a (1) year term to these advisory boards. *This
>>>>>>> creates quick and swift action and energy around the world aligned to the
>>>>>>> mission of the charity and the strategic goals of 2016.*
>>>>>>>
>>>>>>> *FAQ2*
>>>>>>> *But isn't that why Committee 2.0 was created?*
>>>>>>>
>>>>>>> Yes, but it needs help to get off the ground and implementation. So
>>>>>>> to jump start it, you must start off with one year appointment of task
>>>>>>> forces then we can follow Committee 2.0
>>>>>>> <https://owasp.org/index.php/Governance/OWASP_Committees>
>>>>>>> https://owasp.org/index.php/Governance/OWASP_Committees and adjust
>>>>>>> as needed.  This fantastic guidance document has had unfortunately no
>>>>>>> action taken by the community so we need to *JUMP START IT *and the
>>>>>>> community will evolve bottom up.
>>>>>>>
>>>>>>> *FAQ3*
>>>>>>> *How do we know what they are working on?*
>>>>>>> Not a big fan of micro management.. but I agree that if it is worth
>>>>>>> doing, funding then metrics should be measured. Requesting a summary
>>>>>>> roll-up report from each committee chairman simply outlining PLANS for next
>>>>>>> three months, PROGRESS from last three months and PROBLEMS that they may
>>>>>>> need the board to noodle on and help with.  This should be supplied
>>>>>>> starting with Q2 board meeting to update on any efforts that they have self
>>>>>>> organized and to demonstrate the cascading communication (
>>>>>>> <https://www.owasp.org/index.php/OWASP_Strategic_Goals>
>>>>>>> https://www.owasp.org/index.php/OWASP_Strategic_Goals) of strategic
>>>>>>> goals globally
>>>>>>>
>>>>>>> In edition to encouraging virtual meetings, the groups will self
>>>>>>> regulate and will likely rally at min.,  2x per year. 1x locally at
>>>>>>> regional project summary  and 1x at global project summit off-site.  This
>>>>>>> will self level.
>>>>>>>
>>>>>>> *FAQ4*
>>>>>>> *What are the roles of the OWASP staff in these groups?*
>>>>>>> The councils are self-organized by the regional members. Employees
>>>>>>> aka: OWASP Foundation Operations provide support to EVERYONE so if a
>>>>>>> council needs something they can request it just like everyone does
>>>>>>> everyday example: https://www.tfaforms.com/308703 and the requests
>>>>>>> will be responded to or escalated as needed.  We are establishing working
>>>>>>> committees and leaders in regional groups, this is going back to basics and
>>>>>>> helping to drive regional coordination and advisory status.
>>>>>>>
>>>>>>> *FAQ5*
>>>>>>> *Who do you think should be appointed Tom?*
>>>>>>>
>>>>>>> IMHO Tip of my tongue are the candidates from 2015/2014 elections in
>>>>>>> their regions of the world have already stated the "why me" lets not lose
>>>>>>> that energy rather encourage it!
>>>>>>>
>>>>>>> Abbas Naderi Afooshteh
>>>>>>> Jonathan Carter
>>>>>>> Bill Corry
>>>>>>> Nigel Phair
>>>>>>> Milton Smith
>>>>>>> Timur Khrotko
>>>>>>> Tahir Khan
>>>>>>> <insert others that are regionally recognized by their peers have
>>>>>>> expressed they want to help the OWASP Mission>
>>>>>>>
>>>>>>> *FAQ6*
>>>>>>> *We need a taskforce or a committee for X this will mess that up...*
>>>>>>> When a defined need is established for a short or long term
>>>>>>> taskforce, project, committee etc...etc.. the first thing we do is ask each
>>>>>>> of these councils to represent their region of the world and take a active
>>>>>>> part in the discussion.  If that does not fit then it does not limit a
>>>>>>> additional *"get things done committee"* to work on and as we know
>>>>>>> is true it will be a collection of people that have time to volunteer and
>>>>>>> that is OPEN to everyone.
>>>>>>>
>>>>>>> *FAQ7*
>>>>>>> If we do this will it upset the annual election process?
>>>>>>> *It will enhance it actually..... *This model provides a pool of
>>>>>>> 40+ vetted people in the community that if they want to serve on a regional
>>>>>>> board and then run for a global board they have a proven track record of
>>>>>>> getting things done.
>>>>>>>
>>>>>>> *FAQ8*
>>>>>>> If more discussion is needed happy to discuss on the NEXT board
>>>>>>> meeting OR if you prefer to discuss it more just call me to understand the
>>>>>>> spirit of the end goal.
>>>>>>>
>>>>>>> Skype: proactiverisk
>>>>>>> Phone: 973-506-9304
>>>>>>>
>>>>>>> Tom Brennan
>>>>>>> Global Board Member
>>>>>>> OWASP Foundation
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> The information contained in this message and any attachments may be
>>>>>>> privileged, confidential, proprietary or otherwise protected from
>>>>>>> disclosure. If you, the reader of this message, are not the intended
>>>>>>> recipient, you are hereby notified that any dissemination, distribution,
>>>>>>> copying or use of this message and any attachment is strictly prohibited.
>>>>>>> If you have received this message in error, please notify the sender
>>>>>>> immediately by replying to the message, permanently delete it from your
>>>>>>> computer and destroy any printout.
>>>>>>> _______________________________________________
>>>>>>> OWASP-Leaders mailing list
>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>> --
>>>>
>>>> Tom Brennan
>>>> ProactiveRISK | www.proactiverisk.com
>>>> 973-506-9304
>>>>
>>>> Need to book time with me to discuss an existing or a future project
>>>> click on my virtual calendar https://secure.scheduleonce.com/TomBrennan
>>>>
>>>> The information contained in this message and any attachments may be
>>>> privileged, confidential, proprietary or otherwise protected from
>>>> disclosure. If you, the reader of this message, are not the intended
>>>> recipient, you are hereby notified that any dissemination, distribution,
>>>> copying or use of this message and any attachment is strictly prohibited.
>>>> If you have received this message in error, please notify the sender
>>>> immediately by replying to the message, permanently delete it from your
>>>> computer and destroy any printout.
>>>>
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>>
>>> --
>>> Best Regrads
>>> John Patrick Lita
>>> *Chapter Leader OWASP Manila*
>>> FB Page @OwaspManila <https://www.facebook.com/OwaspManila>
>>> https://www.owasp.org/index.php/Manila
>>> <https://lists.owasp.org/mailman/listinfo/owasp-manila>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>
>
> --
> Best Regrads
> John Patrick Lita
> *Chapter Leader OWASP Manila*
> FB Page @OwaspManila <https://www.facebook.com/OwaspManila>
> https://www.owasp.org/index.php/Manila
> <https://lists.owasp.org/mailman/listinfo/owasp-manila>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160109/ad95a753/attachment-0001.html>


More information about the OWASP-Leaders mailing list