[Owasp-leaders] [balint:7415] Re: [OWASP-chapters] Proposal for OWASP Global Chapters Committee

Timur 'x' Khrotko [owasp] timur at owasp.org
Fri Sep 14 15:37:26 UTC 2018


Matt, i hope i answered your questions. Also could you. please react to my
questions and doubts below, imo the questions are important in general.
Thanks!
Timur

On Fri, 14 Sep 2018 at 01:21, Timur 'x' Khrotko [owasp] <timur at owasp.org>
wrote:

> Dear Matt,
>
> I wasn't saying that Dawn had anything against the Hungary chapter in
> particular. In this regard i can only mention that: While she did shut down
> our wiki page for its (apparent for her) deadness in January I in May
> (months later) also reviewed the European chapters on the wiki while i was
> looking for email addresses of the active chapters. As a byproduct i found
> around 3 chapter pages much more dead than ours may have looked. Why
> weren't those disactivated?
>
> Also it took like 3-4 hrs for me to "review" all the European chapters at
> owasp.org in May . Well if you asked me to do this dead simple
> formalistic review i could create a report in 2 hrs with comments and
> suggested actions. So probably i could do this type of review with global
> scope in a week. So why the review of Latam chapters was an excuse to
> postpone anything?
>
> Regarding the January shutdown of the Hungary chapter: a) The last year
> the requirement was 2 meetups per year as far as i know. b) Wouldn't it be
> appropriate to first contact me before the shutdown?!
>
> Maybe the process of shutting down chapters should be formally regulated
> so that Dawn can follow a decent/civilized guide!?
>
>
> Regarding the current year i clearly stated that it's true that we haven't
> had meetups yet. For different reasons. (Does that mean we won't catch up
> soon?)
>
> What i point to is: If the foundation sees in August that there is a
> problematic chapter the community manager should first ask how could it be
> fixed. Right?! Speaking about civilized procedures. Cause what happend
> recently was a letter stating that we don't seem to comply so we will be
> killed, Goodby!
>
> Then: Is it really the state of the art metric that a good chapter does x
> things that they call meetups and the foundation is happy. I would rather
> call it a bureaucracy approach. Making a thing that looks like a meetup
> isn't that difficult for those who wants to show off at LinkedIn.
>
> Wouldn't it be proper to help chapters with ideas what meetups they could
> do or even provide materials for that? That could be the value of the
> community and the foundation. Today the meetup market is quite full.
>
> Finally i plan to do like two-three meetups till the end of the year. Will
> you shut down the chapter for not having four? Does it make sense? Is it a
> good long term strategy and proper utilisation of your/Dawn's/foundation
> limited resources?
>
> PS. It's one of the requirements regarding the community manager to
> communicate clearly - in case of Ramiro it didn't work seemingly.
>
> Cheers,
> Timur
>
>
> On Fri, 14 Sep 2018 at 00:09, Matt Tesauro <matt.tesauro at owasp.org> wrote:
>
>> Ramiro,
>>
>> To be frank, your post is completely inappropriate and violates at least
>> this item in OWASP's code of ethics
>> <https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Code_of_Ethics>
>> :
>>
>>
>>    - Not intentionally injure or impugn the professional reputation of
>>    practice of colleagues, clients, or employers;
>>
>>
>> I will not tolerate posts of this nature to anyone in the OWASP community
>> - *and staff is part of the community*.  I expect to see your future
>> posts to the leaders list be civil and constructive.
>>
>> To answer your unfortunately worded post:  It would appear you didn't
>> understand her reply.  Let me rephrase it so that you may better understand
>> what Dawn is currently working on with my full knowledge and approval:
>>
>> We are going through the inventory of chapters and cleaning
>> up/de-activating chapters which do not meet the minimal requirements per
>> the chapter handbook - principally having fewer then 4 meetings per year.
>>
>> While she is doing this work, we are not accepting new chapters in the
>> regions that haven't been audited.  So far, she's completed the US and EU -
>> the geographical regions with the most chapters.
>>
>> Her email simply stated that she's currently working on aka _auditing_
>> the Latin America region and not opening any chapters until the audit of
>> that region is complete.
>>
>> Obviously she knows that Ecuador is in Latin America since the fact that
>> she's auditing that region is an issue with handling your request.
>>
>> If you'd like me to further explain the reasons for conducting the
>> audit/review of existing chapters, I'd be happy to discuss it further
>> assuming you can be civil and abide by the OWASP Code of Ethics.
>>
>> Cheers!
>>
>> --
>> -- Matt Tesauro
>> *OWASP Foundation*
>> Director of Community and Operations
>> matt.tesauro at owasp.org
>>
>> Consider giving back, and supporting the open source community by
>> becoming a member <https://www.owasp.org/index.php/Membership> or making
>> a donation <https://www.owasp.org/index.php/Donate> today!
>>
>>
>> Join us at AppSec USA 2018 <https://2018.appsecusa.org/> 8-12 October in
>> San Jose, CA!
>>
>> On Thu, Sep 13, 2018 at 3:33 PM <ramiro.pulgar at owasp.org> wrote:
>>
>>> Hi all,
>>>
>>>
>>>
>>> Dawn doesn’t know where countries are.
>>>
>>>
>>>
>>> I asked her since January that I want to restart Ecuador chapter, and
>>> she sent me an email that she is working first on Latinamerica and then she
>>> will solve my request…. Ecuador is in Latinamerica!!!!!!!!!!
>>>
>>>
>>>
>>> “Dear Ramiro:
>>>
>>> Thank you for reaching out, we are currently working on the Latin
>>> America region and once that is completed we will reach out to the
>>> community.
>>>
>>> Thank you.
>>>
>>> Dawn Aitken
>>>
>>> Community Manager
>>>
>>> (973) 658-6186”
>>>
>>>
>>>
>>> I think that Dawn doesn´t have interest to attend our requests.
>>>
>>>
>>>
>>> Please, I recommend that a Community Manager have to be a OWASP leader
>>> or a Community lover that shares our interests.
>>>
>>>
>>>
>>> Saludos Cordiales,
>>>
>>> Ramiro Pulgar
>>> OWASP Ecuador Chapter Leader
>>>
>>> Linkedin: http://www.linkedin.com/in/ramiropulgar
>>> Whatsapp: +593 99 275 1705
>>>
>>> [image: https://www.owasp.org/images/a/a0/Owasp-logo-250.png]
>>>
>>>
>>> PublicKeyID: 0x0BAA7B2D http://pool.sks-keyservers.net |
>>> http://keyserver.pgp.com
>>> Fingerprint: 4096R/0BAA7B2D 4C7E 5264 F07A CFFA 3987 18CF DBD6 C750 0BAA
>>> 7B2D
>>>
>>>
>>> URL Site: http://www.owasp.org/index.php?title=Ecuador
>>> Mailing List: http://lists.owasp.org/listinfo/owasp-ecuador
>>> Twitter: @owaspec <https://twitter.com/owaspec>
>>>
>>>
>>> Disclaimer: The information contained in this e-mail is confidential and
>>> intended only for the use of the person or company to which it is
>>> addressed. This information is considered provisional and referential; it
>>> can not be totally or partially distributed nor copied by any media without
>>> the authorization from the sender. The sender does not assume
>>> responsibility about this information, opinions or criteria contented in
>>> this e-mail.
>>>
>>>
>>>
>>>
>>>
>>> *From:* owasp-leaders-bounces+ramiro.pulgar=owasp.org at lists.owasp.org
>>> <owasp-leaders-bounces+ramiro.pulgar=owasp.org at lists.owasp.org> *On
>>> Behalf Of *Timur 'x' Khrotko [owasp]
>>> *Sent:* Thursday, September 13, 2018 1:25 PM
>>> *To:* Ofer Maor <ofer.maor at owasp.org>
>>> *Cc:* Tom Brennan <Tom.Brennan at owasp.org>; OWASP Board List <
>>> owasp-board at lists.owasp.org>; owasp-chapters at lists.owasp.org;
>>> owasp-leaders <owasp-leaders at lists.owasp.org>
>>> *Subject:* Re: [Owasp-leaders] [balint:7407] Re: [OWASP-chapters]
>>> Proposal for OWASP Global Chapters Committee
>>>
>>>
>>>
>>> Ofer, while there maybe an issue that there are some cases of people
>>> parazitizing on the owasp goodwill. But how high is this issue on the list
>>> of the current owasp issues? I hear voices that owasp/foundation is/are in
>>> crises, and there are high priority/critical issues to deal with.
>>>
>>> On the other hand what does foundation do in addressing the problem you
>>> mentioned? My experience is that Dawn did shut down the Hungary chapter
>>> around christmas wo any prior notice. The notice came from wiki that our
>>> page was deactivated. Formally they didn't see recent meetups on the wiki
>>> page. Practically they didn't click on the meetup.com link there to see
>>> the meetup activity. And it was only Tiffany who apologized for that.
>>>
>>> Now i had a formal letter from Dawn that our chapter will be shut down
>>> as we didn't do any meetups this year (true). Maybe she could ask first how
>>> may the foundation help us in doing meetups?!
>>>
>>> So my observation is that besides many great things )) the foundation
>>> also makes nonsense repressive moves, sends nonsense long replies, and they
>>> send some of our requests to dev/null.
>>>
>>> Respect,
>>> Timur
>>>
>>>
>>>
>>> On Thu, 13 Sep 2018 at 15:32, Ofer Maor <ofer.maor at owasp.org> wrote:
>>>
>>> Hey Tony,
>>>
>>> There have been some issues where chapters were created, a lot of work
>>> was done, funds were drawn, but no actual progress was made. I don't think
>>> I can tell what were the reasons behind each such incident. I am pretty
>>> sure in some cases it is just poor execution, but at the same time it feels
>>> as if there are cases were people are more after the "title" on their
>>> LinkedIn page than about driving the community. In any case - even if its
>>> all good intent but with no actual followup, this creates a burden on the
>>> Foundation staff, without helping the cause. Therefore there is room for a
>>> "meritocracy" type of structure - where you first do something, and only
>>> then get others to carry some of the weight. When I became the chapter
>>> leader of #Israel a decade ago or so, I didn't even rely on the Foundation
>>> for funds - we did originally everything by getting each sponsor to pay for
>>> something, only later we've went to the foundation to manage funds and
>>> sponsorships. Those were different times, and the Foundation today can
>>> provide more support than back then, but I'd still like to see the
>>> community driving this thing forward first, and rely on the foundation for
>>> support, than the other way around.
>>>
>>>
>>>
>>> Anyway - just my .02...
>>>
>>>
>>>
>>> Ofer.
>>>
>>>
>>>
>>>
>>>
>>> On Thu, Sep 13, 2018 at 1:55 PM, Tony Turner <tony.turner at owasp.org>
>>> wrote:
>>>
>>> Ofer, is that really a problem that needs to be solved? Bogus chapters I
>>> mean. I hadn’t heard that was an issue. I’m not sure I’m crazy about that
>>> much governance around forming chapters. We need to make it easy, not
>>> create restrictions around the process.
>>>
>>> Tony Turner | OWASP Orlando Chapter Lead
>>>
>>>
>>> On Sep 12, 2018, at 2:30 PM, Ofer Maor <ofer.maor at owasp.org> wrote:
>>>
>>> Hey All,
>>>
>>> Jumping in a little late into this discussion (but having read through
>>> most of it....) - a few of my thoughts:
>>>
>>> Yes, OWASP was easier to manage in the "good old days" when we were
>>> smaller, more idealistic, and less commercial. But that type of
>>> reminiscence will not get us anywhere today. OWASP Has grown, considerably,
>>> and as any other organization, as it grows, and more money gets involved,
>>> there are more and more pressures on it, and this means we need the right
>>> structure to support that, finding the way to keep the community spirit and
>>> vendor neutrality, while managing pressures - both financially and
>>> "politically". I am all in favor for Josh's call for Committee. I know the
>>> previous committees have "derailed" into insufficient progress, but I think
>>> they had their good times too, and I think there's room to bring them back
>>> to life.
>>>
>>> Moreover, pulling from some of the discussion we had on the slack
>>> channel, I think as the organization grows, and as the "value" of being a
>>> "Chapter Leader" is growing (people want that on their resume now....), we
>>> need to find a better way to vet new chapters. One of my suggestions (which
>>> of course needs more hashing out from its initial thought) is to create a
>>> tiered, merit based approach, where people will have some framework to
>>> create a "chapter candidate" - which requires them to put in effort and
>>> deliver results (i.e. create meetings with enough attendance etc), but
>>> without giving them too much credit upfront, and without invoking the
>>> "heavy" operational side. These chapter-candidates will not have a budget,
>>> they can not have members allocate it to them, nor will they get any
>>> financial support. They will only get some basic rights to use the name and
>>> logo of OWASP for the meetup. Once they have passed through certain barrier
>>> requirements (to be defined by the chapters committee and approved by the
>>> board if needed), they will be able to become a chapter.
>>>
>>>
>>>
>>> This will provide individuals, from one hand, an easier way to start-up
>>> a local OWASP activity without going through the entire process, but will
>>> also limit the load on the foundation staff, and also make it harder for
>>> people to abuse the system for their personal gain (free conference
>>> admission, bogus titles, etc.).
>>>
>>> Bottom line - I'm all for it.
>>>
>>> Ofer.
>>>
>>>
>>>
>>>
>>>
>>> On Sun, Sep 2, 2018 at 12:28 AM, Josh Sokol <josh.sokol at owasp.org>
>>> wrote:
>>>
>>> Dear OWASP Leaders,
>>>
>>>
>>>
>>> As per the OWASP Committees 2.0 Operational Model
>>> <https://www.owasp.org/index.php/Governance/OWASP_Committees>, approved
>>> by a vote of the OWASP Board of Directors on July 16, 2014, I would like to
>>> formally propose the creation of a new "OWASP Global Chapters Committee".
>>>
>>>
>>>
>>> My rationale for the creation of this new committee is that our
>>> community has made a number of observations about inadequacies in the ways
>>> our Chapters interact with the OWASP Foundation, it's Staff, and the
>>> Board.  This committee would serve as a new form of governance within the
>>> OWASP Foundation, cutting red tape and empowering our chapter leaders to
>>> better serve the mission of OWASP while still adhering to the OWASP Core
>>> Values of openness, innovation, being a global community, and integrity.
>>> We will focus on strengthening the OWASP Chapters through education,
>>> networking, and driving value to our members.
>>>
>>>
>>>
>>> Topics that are within scope for the OWASP Global Chapters Committee
>>> include, but are not limited to:
>>>
>>>    - *Leadership Requirements: *The committee will be responsible for
>>>    defining requirements for new chapter leaders and create a community
>>>    vetting process.
>>>    - *Activity Requirements: *The committee will be responsible for
>>>    defining the minimum activity requirements for chapters and will
>>>    periodically review chapters for meeting those minimum requirements.
>>>    - *Mentorship: *Programs will be created to pair new chapter leaders
>>>    together with more experienced ones.  Budgets will be established in order
>>>    to facilitate mentees attendance of mentor chapter meetings.
>>>    - *Projects Partnership Tours: *To emphasize the importance of
>>>    projects, a budget will be established for projects to hold regional tours
>>>    of chapters where they will speak and show off their projects.
>>>    - *Budgets: *The committee will be a resource for OWASP policies and
>>>    procedures when it comes to the budget process and ensuring that it is
>>>    being followed.  The committee will help identify opportunities for chapter
>>>    leaders to spend their money.
>>>    - *Policy: *The committee will review and revise the Chapter Leader
>>>    Handbook on a periodic basis.  They will assess gaps in existing policies
>>>    and help to create new policies or redefine existing policies to address
>>>    gaps.
>>>    - *Guidance: *The committee will serve to help guide other leaders
>>>    with any questions that they have.  They will assist with finding
>>>    speakers.  They will help to recommend topics for presentations.
>>>    - *Feedback: *The committee will survey chapter leadership on
>>>    pertinent topics and be a listening outlet for chapter needs.
>>>    - *Conflict Resolution: *The committee will serve as a tribunal for
>>>    conflicts among and between chapters.
>>>    - *Local and Regional Events: *The committee will help to guide
>>>    chapter leaders on how to start and run local and regional events.  A
>>>    "startup" budget will be formed from existing event revenues in order to
>>>    seed investment in more events, helping additional chapters to be able to
>>>    raise enough money to cover their expenses and innovate.
>>>    - *Board Guidance: *The committee will work with the Board on any
>>>    initiatives they have as they relate to chapter policies, governance,
>>>    budgets, or otherwise.
>>>
>>> This scoping was developed by myself and Tiffany Long in an effort to
>>> cover many of the issues our chapters face on a routine basis.  It is not a
>>> comprehensive list and I'd certainly welcome suggestions from others in our
>>> community.  Moreso, it is my hope that others will be interested in
>>> participating in and contributing to this committee.
>>>
>>>
>>>
>>> Per the Committee Creation section of the Committees 2.0 Operational
>>> Model, this is now up for a community discussion with a Board vote to
>>> follow.  I hereby formally request that this be added as a topic for vote
>>> at the September 19th OWASP Board meeting.  Thank you.
>>>
>>>
>>>
>>> Sincerely,
>>>
>>>
>>>
>>> Josh Sokol
>>>
>>>
>>>
>>> OWASP Board Member 2014-2017
>>>
>>> OWASP Austin Chapter Leader
>>>
>>> OWASP LASCON Conference Co-Founder
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>> _______________________________________________
>>> Owasp-chapters mailing list
>>> Owasp-chapters at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-chapters
>>>
>>>
>>>
>>>
>>>
>>> This message may contain confidential information - you should handle it
>>> accordingly.
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>> --
>>>
>>>
>>>
>>> secmachine․net #wepowersecdev
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>
>> This message may contain confidential information - you should handle it
>> accordingly.
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
> --
>
> secmachine․net #wepowersecdev
>
-- 

secmachine․net #wepowersecdev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20180914/950f242d/attachment-0001.html>


More information about the OWASP-Leaders mailing list