[Owasp-leaders] [Owasp-board] Where are the boardmembers?

Josh Sokol josh.sokol at owasp.org
Sun May 14 16:51:39 UTC 2017


Johanna,

In November 2015 you wrote an email to the OWASP Leaders list with the
subject of "Good bye OWASP leaders - time to leave the hornet
<http://lists.owasp.org/pipermail/owasp-leaders/2015-November/015652.html>"
in reaction to a differing of opinions between yourself and others on the
OWASP Benchmark project.  I was quick to jump into the discussion to share
my thoughts on the issue, and the result was getting accused of "stinging"
you myself.  You took it a step further and insinuated that I was somehow
"bought" by Jeff Williams and Contrast, which couldn't be further from the
truth.  I can't speak for the other Board members, but your response to me
forced me to re-evaluate how I interact on the OWASP mailing lists.  I
detailed some of my personal thoughts and feelings, at the time, on the
"ivory tower" that you mention in a blog post here:

http://www.webadminblog.com/index.php/2015/12/01/the-owasp-board-ivory-tower-dilemma/

This leads me back to the "Ivory Tower" dilemma.  If my desire is to
> actively be a part of the community, then I place myself directly in a
> position of potential conflict when I speak.  I'm not allowed to speak as
> Josh, the community member, because the perception is that I am always
> speaking with my Board member hat on.  And I have a strong feeling that
> this perception of Board members speaking authoritatively is what leads a
> person on the other side to feel marginalized.  Definitely not intended, at
> least on my part, but that's what I've started to gather from some of the
> feedback that I've received.  So if that's the case, then I begin to wonder
> if the situation would have been better off had I held my tongue and
> refrained from jumping into the discussion in order to let our community
> continue to fight it out or to let another Board member, our Executive
> Director, or somebody else communicate the Board's analysis and actions.
> But, if I do that, aren't I now perpetuating the stereotype of the OWASP
> Board being an "Ivory Tower"?


Personally, I hate feeling like my opinion has been marginalized to the
point that it only matters when the Board is in quorum, but that is what
has happened, and it is a direct result of your interactions with myself
and others on the mailing lists.  I absolutely hate the idea of the "Ivory
Tower", but biting my tongue and saving my opinion for the Board meetings
(on certain things) has resulted in far less accusations of "stinging".
Johanna, do you really want to hear the opinions of myself and other Board
members, even if they may not agree with your own?  Or will engaging with
you, as you express the desire for, actually result in a recurrence of the
conflicts we've seen in the past?

~josh


On Sun, May 14, 2017 at 2:14 AM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> @Bev
> I believe that community members have the right to express discontentment
> or disappointment . Complaint might sound negative but is not. Receiving a
> complaint is an opportunity to understand what is wrong, especially if
> there can be a discussion. Of course as long as those complains focus on
> issues with the purpose of changing the situation, but those complaining
> should also analyse the situation.
>
> Different community members have expressed their sentiment regarding OWASP
> board leaders not attending the APPSEC EU this year and some board members
> have expressed clearly their POV. But most have not even reacted.
>
> I mean, we are 7 members and only 3 have reacted to this list. This is the
> major problems with every single thing when it comes to a discussion with
> the board. Most of these members are disengaged, they hardly react on
> emails or issues that require discussion and want to play nice with
> everyone and when the Board meeting takes place, we don't even get the time
> to finalize all what we should (like the bloody Budget), so the efficiency
> of the board is very low. Thats why we(the community) should not go and
> blame the staff of any inefficiencies because the biggest is us, THE BOARD.
>
> When I have complaint myself at board meetings that we are doing a
> horrible job as a board, the reactions are very defensive. To me the board
> is the biggest bottleneck because:
>
>    - Crucial decisions that are needed for employees to move forward are
>    delayed due to multiple reasons
>    - The staff cannot move properly forward without those decision taken
>    place
>    - We meet once a month but we are not communication properly during
>    the month to move forward
>    - Some board members have been completely absence of discussions and
>    their roles, is like they do even exist just to vote at board meetings
>    - Most board members have jobs that do not really allow them to be
>    engaged or more deeply involved
>
>
> So yes we have too many captains in this ship call OWASP and every single
> board meeting has been a struggle to get things approved and done.
>
> Now, maybe the whole thing with EU is that the amount of EU OWASP members
> is lower that US and therefore less important? Or is it that the EU income
> generation conference leaves less revenue therefore less important?
>
> I have no freaking idea but I wish that those dormant board members wake
> up and take at least some time to listen and go over of where this ship is
> heading and especially , if they were the ones that decided to be board
> members to make time for OWASP .
>
>  We are volunteers but we still are TRUSTEES and accountable for the
> situation at OWASP.
>
> The Board Member’s First Duty: Accountability
> https://www.snpo.org/samples/V180613.pdf
>
> Board members != Volunteers ==> we are accountable and if you don't have
> time to be a board members , please, then think very well about it
>
>
> Regards
>
> Johanna
>
>
>
>
> On Sun, May 14, 2017 at 2:32 AM, Bev Corwin <bev.corwin at owasp.org> wrote:
>
>> @johanna Thanks for sharing the article. I'll forward to the WIA list.
>> Valuable feedback. I agree, unfortunately, often the only response we get
>> is no response. Re: board issues - In my past experiences with non profits,
>> boards are typically expected to lead fundraising, set strategy and
>> oversight for the organization. You mentioned the problem of a disengaged
>> board. Yes, It is a serious problem. I also see a problem of a board that
>> is spinning its wheels, not able to keep up the momentum and productivity
>> for the growing needs of the organization. Would be nice to see both board
>> members and staff engage in "listening" more to the needs of the community
>> to help inspire improvements. However, I do not see general conversations
>> or so called "complaining" as a particularly negative thing. To me, it is
>> foundation of a normal active healthy communication process which is
>> necessary for a community to grow, learn and refine improvements.
>> Interpreting comments in a positive way is important too, especially in a
>> global diverse organization. I agree that assuming things negatively is
>> discriminatory, though sharing different viewpoints isn't, and a sense of
>> humor is always useful too. Thank you for all the good work that you do.
>> Best of luck with your board responsibilities! Let me know how I can help.
>> Cheers, Bev
>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
> --
> Johanna Curiel
> OWASP Volunteer
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170514/cc97594f/attachment.html>


More information about the OWASP-Leaders mailing list