[Owasp-leaders] Lessons from being on the OWASP Board

Sherif Mansour sherif.mansour at owasp.org
Mon Feb 4 02:35:16 UTC 2019

Hey everyone,

I've been thinking for a while of writing down some thoughts on some
lessons from last year.

First I'll say that I am very excited about 2019 on the board and what we
can accomplish for the community.  We have already had an offsite, and now
the ED & staff are working on a proposed plan based on the priorities we
have set and we'll build a budget based on said plan.

This is great.

Here are some lessons I have learned from passing some motions - including
having more than two global OWASP events & having Tel Aviv in 2019:


   Discuss the issue with the community: Be transparent, rip the band-aid,
   and show courage. Articulate the problem and ask for solutions (It is what
   it is).

   Discuss the issue with the staff: The staff are the ones who implement a
   lot (almost all) of this work so without their buy-in or proposed options -
   even if the vote passes - may not get done. It would be even better if the
   motion makes their life easier too.

   Work with the board out in the open on a proposed solution - you'd be
   surprised who turns up to lend a hand, and they ideas you get - just don't
   be to precious about your ideas - pick what is best for the community.

   Give the board time to review - I usually present the board with a draft
   solution to discuss, but only vote on it in the following month to give
   people time to digest and ask questions.

   Respect and take your peers feedback to heart - No one has the exact
   perspective as you, be considerate, understand what people's red-lines are
   and craft a proposal that keeps that in mind.

So - with buy-in and feedback from both the community and staff - BoD
members would have some confidence in the motion - by being transparent and
giving board members time to think about it, it could cause limited issues
during the vote - and finally if you factor the board members concerns in
the motion (or as best as you can) then you should be fine.

Keep in mind that anything we do - we have to do it as 7 people and not one.

This is sometimes the challenge I have seen in the past as a source of

All 7 of us have different perspectives on what will help the foundation
the most - and each has different interests. So not all of us will have the
same level of enthusiasm for the same thing (naturally), but it's important
to push each other forward, be constructive and think of the foundation's
best interest.

I should know, I've put one or two motions last year.

Many times in the past a board member would place a major change (that they
feel strongly about ) a few days before a vote -  and because the rest of
the board haven't had a chance to review it, it feels a bit "hey! let's do
this today" - The discussion would take too long, confusion would rise and
the motion wouldn't get voted on. Beyond that it would cause frustration
for the board member who worked on it. That also does not even include
vocal community members nor if the staff have the bandwidth to implement a
motion (or know how to do it) even if it gets voted on.

As I look back at this email I am guessing some of you might be exhausted
just thinking about it. I'll be honest by heart sank when Tanya decided not
to run, because I thought she would (and still can be) amazing as a board
member. However the rewards are worth it.


Sherif Mansour
OWASP Global Board Member & OWASP London Chapter Leader
Site: https://www.owasp.org/index.php/London
Email: sherif.mansour at owasp.org
Follow OWASP London Chapter on Twitter: @owasplondon
"Like" us on Facebook: https://www.facebook.com/OWASPLondon
Subscribe to our (lightweight) mailing list:

Consider giving back, and supporting the open source community by becoming
a member <https://www.owasp.org/index.php/Membership> or making a donation
<https://www.owasp.org/index.php/Donate> today!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20190204/f36d8ba1/attachment.html>

More information about the OWASP-Leaders mailing list