[Owasp-leaders] Feedback

Bev Corwin bev.corwin at owasp.org
Tue May 9 15:38:45 UTC 2017

Thank you for the comments Liam, I will include them in the shared
documents. I'm happy to hear that you have had such positive experiences
and that you are willing to share them. However, I must call into question
your incorrect assumption that it is "easier to find fault", which is
simply a false and prejudiced statement, and another example of the
cultural problems at OWASP. I can assure you that I, and the other OWASP
Brooklyn Chapter Leaders have not found it easy to bring these serious
faults to the forefront. In fact, it is truly a pain to have to deal with
these things, and the pitiful pompous backlash, and we do so, because 1)
they are a problem and they are repeatedly dismissed 2) obviously it is not
the experience of *all* of the other chapters which raises serious
questions of "why" only certain chapters 3) refusal to face the problems
leads an intelligent person to suspect prejudice and malpractice.
Sincerely, Bev

On Tue, May 9, 2017 at 11:26 AM, Liam Smit <liam.smit at gmail.com> wrote:

> Hi Bev
> What I do find strange about your experience with OWASP is that it is the
> opposite of what our chapter has experienced.
> Whenever our chapter has reached out to the staff we have received a
> helpful response. For example on the multiple occasions that we have:
> * Requested $500 for banners, t-shirts and stickers so that OWASP will
> have a presence at a local security conference.
> * Asked for print quality artwork.
> * Suggested an improvement to OWASP's security.
> * Requested Google Apps changes.
> * Claimed Meetup.com fees as expenses.
> As such I would like to take the opportunity to state my appreciation for
> the good work that the staff do and the guidance that the board provides.
> I hardly need to point out that when you write things like "they are a
> systematic failure and a cultural failure, most likely due to chronic lack
> of leadership" that this is both insulting to and potentially demoralising
> to the hardworking staff and leadership of OWASP.
> I myself believe in lightweight processes i.e. where there is just enough
> process to prevent chaos and ensure good governance e.g. through checks and
> balances. I also believe that policies, processes and procedures can become
> out of date as things change and grow. In such a case it becomes necessary
> to tweak the process through minor updates i.e. the least change for the
> most benefit because constantly changing processes are difficult to
> navigate.
> If you feel that there are one or more specific problems then please raise
> these and if at all possible please suggest improvements as it goes without
> saying that is far easier to find fault in the work of others than it is to
> come up with a better way.
> I look forward to the suggested improvements that come out of the meeting
> that you have arranged.
> Regards,
> Liam
> On Tue, May 9, 2017 at 4:08 PM, Bev Corwin <bev.corwin at owasp.org> wrote:
>> Hi Johanna,
>> Happy to schedule a call to discuss and go over the various complex
>> issues. I realize that we are all human, and encourage OWASP leadership and
>> staff to take that into consideration, as well, especially when creating
>> and imposing burdensome authoritarian unproductive workflows for Chapter
>> Leaders and Members without any end user feedback or process for adoption /
>> votes to accept them. We are all adults, professionals, and volunteers, and
>> the OWASP Board and Staff should respect and remember this. We have a
>> gotomeeting on the OWASP Calendar on Friday May 26, 10am ET (USA NY) to
>> discuss and document concerns, and will deliver to leadership's thoughtful
>> consideration. All are welcome to participate and share their comments on
>> the shared documents, links available on the calendar invitation. These
>> problems are not caused any one staff person - they are a systematic
>> failure and a cultural failure, most likely due to chronic lack of
>> leadership and lack of community engagement / communication / feedback
>> mechanisms.
>> Sincerely,
>> Bev
>> On Mon, May 8, 2017 at 7:00 PM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>>> Hi Bev,
>>> We should definitely acknowledge that there are issues based on your
>>> strong feedback to the staff and the entire organization. I feel your
>>> frustration and clear you have expressed this clearly multiple times.
>>> I just hope you bare in mind that OWASP is definitely far from perfect,
>>> and yes, there are communication issues, especially when we consider a
>>> staff having to handle a Global community, working remotely, trying to
>>> please everyone. Also board members that have a fulltime jobs and have
>>> taken the responsibility to lead a ship called OWASP and might be too
>>> absorb in their issues.
>>> I'm at appsec talking to the staff and trying to understand the issues
>>> they are facing. Many people are clueless how much works takes to handle a
>>> Global community across the globe and trying to be available 24x7.
>>> Please, bear in mind that for some members of the staff like Tiffany,
>>> this community is particularly new to them, especially, I think, she is
>>>  just trying to get the work done and also with the pressure to have
>>> guidelines ready.
>>> I would like very much to have a call with you and try  to clarify the
>>> issues you as part of the community are confronting.
>>> Lets see how can we use that feedback to improve things and how can we
>>> make sure that volunteers like you are aware of the work done by the staff
>>> with realistic expectations on the actual situation.
>>> We are just people trying to make the web a better place, but let's see
>>> how can we work together to reach that goal.
>>> Email me in private, would like very much to talk to you and see how can
>>> we make improve the communication , but also everyone should be aware that
>>> OWASP is not a corp and far from it.
>>> Help us improve and use your experience to advise us how but also based
>>> on the actual resources and real situation.
>>> Best regards
>>> Johanna
>>> >> Sounds like OWASP Staff are revolting against local chapters and
>>> making the OWASP Global staff the new "kings" of OWASP Chapters. Do you
>>> think that this this appropriate?
>>> >>There are many flaws. Also, staff, chapter leaders and board need
>>> some training in user experience, member experience, and grassroots
>>> communications outreach.
>>> >>My biggest complaint is the fact that it was not put up for vote by
>>> the community before being adopted. Also, that I was not able to comment on
>>> the draft that you shared
>>> >> I am also very disappointed in "bottlenecking" or creating
>>> unnecessary, burdensome costly, wasteful bureaucracy when it is not needed,
>>> or welcome. It is one thing to try to organize things, it is another to
>>> make it harder for chapter leaders and project leaders.
>>> >>You said that the draft was open for comments and *all* comments were
>>> incorporated. I know that this is a false statement because I submitted
>>> comments and they were not incorporated, in fact, they were completely
>>> ignored. Where are these comments documented? I do not think that the
>>> entire community was aware of this opportunity to comment. If they were, I
>>> think that you would have heard more comments like mine, that we need to
>>> develop an integrated local to global workflow for projects and chapter
>>> memberships, sponsors, events and co-marketing arrangements, since it is
>>> too much for staff to do on their own. Also, this document claims funding
>>> options, and our chapter submitted a number of funding requests that were
>>> also ignored. This bottlenecking is holding local chapters back, waiting on
>>> staff, who often times do not come through for them, ignore them, and place
>>> unrealistic responsibilities on them. This needs to change.
>>> >>There is a serious lack of productivity, and performance. Plain and
>>> simple. Staff and board are responsible. Period. Someone needs to state the
>>> facts here. Local chapters are being limited, too. It hurts local and
>>> global. Need to wake up and face the facts.
>>> --
>>> Johanna Curiel
>>> OWASP Volunteer
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170509/8e9da932/attachment.html>

More information about the OWASP-Leaders mailing list