[Owasp-leaders] [Owasp-board] Where are the boardmembers?

johanna curiel curiel johanna.curiel at owasp.org
Sun May 14 20:41:48 UTC 2017

When I say "we" the board are doing a horrible job I'm including myself so
yes, is about improving the communication for the sake of Owasp
I rather hear you opinions even if I don't like them instead of being

On Sunday, May 14, 2017, Josh Sokol <josh.sokol at owasp.org> wrote:

> Johanna,
> In November 2015 you wrote an email to the OWASP Leaders list with the
> subject of "Good bye OWASP leaders - time to leave the hornet
> <http://lists.owasp.org/pipermail/owasp-leaders/2015-November/015652.html>"
> in reaction to a differing of opinions between yourself and others on the
> OWASP Benchmark project.  I was quick to jump into the discussion to share
> my thoughts on the issue, and the result was getting accused of "stinging"
> you myself.  You took it a step further and insinuated that I was somehow
> "bought" by Jeff Williams and Contrast, which couldn't be further from the
> truth.  I can't speak for the other Board members, but your response to me
> forced me to re-evaluate how I interact on the OWASP mailing lists.  I
> detailed some of my personal thoughts and feelings, at the time, on the
> "ivory tower" that you mention in a blog post here:
> http://www.webadminblog.com/index.php/2015/12/01/the-
> owasp-board-ivory-tower-dilemma/
> This leads me back to the "Ivory Tower" dilemma.  If my desire is to
>> actively be a part of the community, then I place myself directly in a
>> position of potential conflict when I speak.  I'm not allowed to speak as
>> Josh, the community member, because the perception is that I am always
>> speaking with my Board member hat on.  And I have a strong feeling that
>> this perception of Board members speaking authoritatively is what leads a
>> person on the other side to feel marginalized.  Definitely not intended, at
>> least on my part, but that's what I've started to gather from some of the
>> feedback that I've received.  So if that's the case, then I begin to wonder
>> if the situation would have been better off had I held my tongue and
>> refrained from jumping into the discussion in order to let our community
>> continue to fight it out or to let another Board member, our Executive
>> Director, or somebody else communicate the Board's analysis and actions.
>> But, if I do that, aren't I now perpetuating the stereotype of the OWASP
>> Board being an "Ivory Tower"?
> Personally, I hate feeling like my opinion has been marginalized to the
> point that it only matters when the Board is in quorum, but that is what
> has happened, and it is a direct result of your interactions with myself
> and others on the mailing lists.  I absolutely hate the idea of the "Ivory
> Tower", but biting my tongue and saving my opinion for the Board meetings
> (on certain things) has resulted in far less accusations of "stinging".
> Johanna, do you really want to hear the opinions of myself and other Board
> members, even if they may not agree with your own?  Or will engaging with
> you, as you express the desire for, actually result in a recurrence of the
> conflicts we've seen in the past?
> ~josh
> On Sun, May 14, 2017 at 2:14 AM, johanna curiel curiel <
> johanna.curiel at owasp.org
> <javascript:_e(%7B%7D,'cvml','johanna.curiel at owasp.org');>> wrote:
>> @Bev
>> I believe that community members have the right to express discontentment
>> or disappointment . Complaint might sound negative but is not. Receiving a
>> complaint is an opportunity to understand what is wrong, especially if
>> there can be a discussion. Of course as long as those complains focus on
>> issues with the purpose of changing the situation, but those complaining
>> should also analyse the situation.
>> Different community members have expressed their sentiment regarding
>> OWASP board leaders not attending the APPSEC EU this year and some board
>> members have expressed clearly their POV. But most have not even reacted.
>> I mean, we are 7 members and only 3 have reacted to this list. This is
>> the major problems with every single thing when it comes to a discussion
>> with the board. Most of these members are disengaged, they hardly react on
>> emails or issues that require discussion and want to play nice with
>> everyone and when the Board meeting takes place, we don't even get the time
>> to finalize all what we should (like the bloody Budget), so the efficiency
>> of the board is very low. Thats why we(the community) should not go and
>> blame the staff of any inefficiencies because the biggest is us, THE BOARD.
>> When I have complaint myself at board meetings that we are doing a
>> horrible job as a board, the reactions are very defensive. To me the board
>> is the biggest bottleneck because:
>>    - Crucial decisions that are needed for employees to move forward are
>>    delayed due to multiple reasons
>>    - The staff cannot move properly forward without those decision taken
>>    place
>>    - We meet once a month but we are not communication properly during
>>    the month to move forward
>>    - Some board members have been completely absence of discussions and
>>    their roles, is like they do even exist just to vote at board meetings
>>    - Most board members have jobs that do not really allow them to be
>>    engaged or more deeply involved
>> So yes we have too many captains in this ship call OWASP and every single
>> board meeting has been a struggle to get things approved and done.
>> Now, maybe the whole thing with EU is that the amount of EU OWASP members
>> is lower that US and therefore less important? Or is it that the EU income
>> generation conference leaves less revenue therefore less important?
>> I have no freaking idea but I wish that those dormant board members wake
>> up and take at least some time to listen and go over of where this ship is
>> heading and especially , if they were the ones that decided to be board
>> members to make time for OWASP .
>>  We are volunteers but we still are TRUSTEES and accountable for the
>> situation at OWASP.
>> The Board Member’s First Duty: Accountability
>> https://www.snpo.org/samples/V180613.pdf
>> Board members != Volunteers ==> we are accountable and if you don't have
>> time to be a board members , please, then think very well about it
>> Regards
>> Johanna
>> On Sun, May 14, 2017 at 2:32 AM, Bev Corwin <bev.corwin at owasp.org
>> <javascript:_e(%7B%7D,'cvml','bev.corwin at owasp.org');>> wrote:
>>> @johanna Thanks for sharing the article. I'll forward to the WIA list.
>>> Valuable feedback. I agree, unfortunately, often the only response we get
>>> is no response. Re: board issues - In my past experiences with non profits,
>>> boards are typically expected to lead fundraising, set strategy and
>>> oversight for the organization. You mentioned the problem of a disengaged
>>> board. Yes, It is a serious problem. I also see a problem of a board that
>>> is spinning its wheels, not able to keep up the momentum and productivity
>>> for the growing needs of the organization. Would be nice to see both board
>>> members and staff engage in "listening" more to the needs of the community
>>> to help inspire improvements. However, I do not see general conversations
>>> or so called "complaining" as a particularly negative thing. To me, it is
>>> foundation of a normal active healthy communication process which is
>>> necessary for a community to grow, learn and refine improvements.
>>> Interpreting comments in a positive way is important too, especially in a
>>> global diverse organization. I agree that assuming things negatively is
>>> discriminatory, though sharing different viewpoints isn't, and a sense of
>>> humor is always useful too. Thank you for all the good work that you do.
>>> Best of luck with your board responsibilities! Let me know how I can help.
>>> Cheers, Bev
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> <javascript:_e(%7B%7D,'cvml','OWASP-Leaders at lists.owasp.org');>
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> --
>> Johanna Curiel
>> OWASP Volunteer
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> <javascript:_e(%7B%7D,'cvml','OWASP-Leaders at lists.owasp.org');>
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders

Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170514/0d724b9b/attachment-0001.html>

More information about the OWASP-Leaders mailing list