[Owasp-leaders] Feedback

Steve Kosten steve.kosten at owasp.org
Tue May 9 16:39:41 UTC 2017


Thank you for sharing your experiences regarding your interactions with the
OWASP Staff.  I have had similar experiences as you (overwhelmingly
positive interactions with OWASP Staff and getting desired results).  I
think it is clear the Brooklyn Chapter has had issues with their
interactions and I was very happy to see Johanna reach out to Bev for a
call to address Bev's concerns.  Hopefully all gets straightened out.  I'll
look forward to Bev's meeting on the Chapter Leader Handbook at the end of

Steve Kosten
OWASP Denver Chapter Leader

On Tue, May 9, 2017 at 9:26 AM, Liam Smit <liam.smit at gmail.com> wrote:

> Hi Bev
> What I do find strange about your experience with OWASP is that it is the
> opposite of what our chapter has experienced.
> Whenever our chapter has reached out to the staff we have received a
> helpful response. For example on the multiple occasions that we have:
> * Requested $500 for banners, t-shirts and stickers so that OWASP will
> have a presence at a local security conference.
> * Asked for print quality artwork.
> * Suggested an improvement to OWASP's security.
> * Requested Google Apps changes.
> * Claimed Meetup.com fees as expenses.
> As such I would like to take the opportunity to state my appreciation for
> the good work that the staff do and the guidance that the board provides.
> I hardly need to point out that when you write things like "they are a
> systematic failure and a cultural failure, most likely due to chronic lack
> of leadership" that this is both insulting to and potentially demoralising
> to the hardworking staff and leadership of OWASP.
> I myself believe in lightweight processes i.e. where there is just enough
> process to prevent chaos and ensure good governance e.g. through checks and
> balances. I also believe that policies, processes and procedures can become
> out of date as things change and grow. In such a case it becomes necessary
> to tweak the process through minor updates i.e. the least change for the
> most benefit because constantly changing processes are difficult to
> navigate.
> If you feel that there are one or more specific problems then please raise
> these and if at all possible please suggest improvements as it goes without
> saying that is far easier to find fault in the work of others than it is to
> come up with a better way.
> I look forward to the suggested improvements that come out of the meeting
> that you have arranged.
> Regards,
> Liam
> On Tue, May 9, 2017 at 4:08 PM, Bev Corwin <bev.corwin at owasp.org> wrote:
>> Hi Johanna,
>> Happy to schedule a call to discuss and go over the various complex
>> issues. I realize that we are all human, and encourage OWASP leadership and
>> staff to take that into consideration, as well, especially when creating
>> and imposing burdensome authoritarian unproductive workflows for Chapter
>> Leaders and Members without any end user feedback or process for adoption /
>> votes to accept them. We are all adults, professionals, and volunteers, and
>> the OWASP Board and Staff should respect and remember this. We have a
>> gotomeeting on the OWASP Calendar on Friday May 26, 10am ET (USA NY) to
>> discuss and document concerns, and will deliver to leadership's thoughtful
>> consideration. All are welcome to participate and share their comments on
>> the shared documents, links available on the calendar invitation. These
>> problems are not caused any one staff person - they are a systematic
>> failure and a cultural failure, most likely due to chronic lack of
>> leadership and lack of community engagement / communication / feedback
>> mechanisms.
>> Sincerely,
>> Bev
>> On Mon, May 8, 2017 at 7:00 PM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>>> Hi Bev,
>>> We should definitely acknowledge that there are issues based on your
>>> strong feedback to the staff and the entire organization. I feel your
>>> frustration and clear you have expressed this clearly multiple times.
>>> I just hope you bare in mind that OWASP is definitely far from perfect,
>>> and yes, there are communication issues, especially when we consider a
>>> staff having to handle a Global community, working remotely, trying to
>>> please everyone. Also board members that have a fulltime jobs and have
>>> taken the responsibility to lead a ship called OWASP and might be too
>>> absorb in their issues.
>>> I'm at appsec talking to the staff and trying to understand the issues
>>> they are facing. Many people are clueless how much works takes to handle a
>>> Global community across the globe and trying to be available 24x7.
>>> Please, bear in mind that for some members of the staff like Tiffany,
>>> this community is particularly new to them, especially, I think, she is
>>>  just trying to get the work done and also with the pressure to have
>>> guidelines ready.
>>> I would like very much to have a call with you and try  to clarify the
>>> issues you as part of the community are confronting.
>>> Lets see how can we use that feedback to improve things and how can we
>>> make sure that volunteers like you are aware of the work done by the staff
>>> with realistic expectations on the actual situation.
>>> We are just people trying to make the web a better place, but let's see
>>> how can we work together to reach that goal.
>>> Email me in private, would like very much to talk to you and see how can
>>> we make improve the communication , but also everyone should be aware that
>>> OWASP is not a corp and far from it.
>>> Help us improve and use your experience to advise us how but also based
>>> on the actual resources and real situation.
>>> Best regards
>>> Johanna
>>> >> Sounds like OWASP Staff are revolting against local chapters and
>>> making the OWASP Global staff the new "kings" of OWASP Chapters. Do you
>>> think that this this appropriate?
>>> >>There are many flaws. Also, staff, chapter leaders and board need
>>> some training in user experience, member experience, and grassroots
>>> communications outreach.
>>> >>My biggest complaint is the fact that it was not put up for vote by
>>> the community before being adopted. Also, that I was not able to comment on
>>> the draft that you shared
>>> >> I am also very disappointed in "bottlenecking" or creating
>>> unnecessary, burdensome costly, wasteful bureaucracy when it is not needed,
>>> or welcome. It is one thing to try to organize things, it is another to
>>> make it harder for chapter leaders and project leaders.
>>> >>You said that the draft was open for comments and *all* comments were
>>> incorporated. I know that this is a false statement because I submitted
>>> comments and they were not incorporated, in fact, they were completely
>>> ignored. Where are these comments documented? I do not think that the
>>> entire community was aware of this opportunity to comment. If they were, I
>>> think that you would have heard more comments like mine, that we need to
>>> develop an integrated local to global workflow for projects and chapter
>>> memberships, sponsors, events and co-marketing arrangements, since it is
>>> too much for staff to do on their own. Also, this document claims funding
>>> options, and our chapter submitted a number of funding requests that were
>>> also ignored. This bottlenecking is holding local chapters back, waiting on
>>> staff, who often times do not come through for them, ignore them, and place
>>> unrealistic responsibilities on them. This needs to change.
>>> >>There is a serious lack of productivity, and performance. Plain and
>>> simple. Staff and board are responsible. Period. Someone needs to state the
>>> facts here. Local chapters are being limited, too. It hurts local and
>>> global. Need to wake up and face the facts.
>>> --
>>> Johanna Curiel
>>> OWASP Volunteer
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170509/aabc0939/attachment-0001.html>

More information about the OWASP-Leaders mailing list