Greg Anderson 2017 Bio & Why Me?

Greg Anderson

About Greg: Greg Anderson is a security professional with diverse experience ranging from vulnerability assessments to intrusion detection and root cause analysis post-mortem. Greg’s recent work has focused on advanced security automation to get the most out of application security programs.

His previous work, which was featured at DEFCON, focused on unconventional attack vectors and how to maximize their impact while avoiding detection.

Greg is the creator of OWASP DefectDojo and was a Chapter Leader of OWASP San Antonio for two years.

Feel free to chat him up about anything and everything. Why Me?: As a current project leader, former chapter leader, and regular speaker, I have an in-depth understanding of how OWASP functions and where our current pain points are as a community. In addition to being a security professional, I have professional experience with accounting and business development.

If elected, I will make meaningful improvements to OWASP while accurately representing the community.

On the Board

While the board operates at a high level to address accounting, strategy, and represent the community, the best way to keep a pulse on the community is to actually spend time with its members. I am an avid attendee of OWASP conferences. This year I presented at AppSec EU and will be presenting at AppSec USA in September. As a board member I would continue to regularly attend events and listen to your thoughts about OWASP, turning the community’s input into a consolidated direction for the organization.

On Chapters

Since 2016, chapter leaders have reinvented the chapter platform to increase their reach and engagement through successful innovations such as live-streams and CTFs. However, we can do more. One innovation the community has discussed at length is setting up a global MeetUp account to make it easier for chapters to create and manage events. As your advocate, I would get this project off the Ops Blog and into implementation. Furthermore, we should continue to assess additional technologies (as suggested from the community) to increase chapter reach, participation, and reduce the burden of running individual chapters.

On Projects

The recent work OWASP has done to better support projects has paid major dividends for the community. I discovered during the Project Summit at AppSec EU that prior to 2016, even flagship projects were not sure OWASP was the right place for their open-source software. That is no longer the case. The project health and maturity process has taken major strides. As a board member, I would continue these efforts and assess what else we can do to further enhance our project graduation practices to take the program from great to world-renowned.

Our community has also long requested an official download page to provide the latest releases of projects. This is because for the many organizations with strict firewall policies, GitHub is not accessible. If elected, I would pursue an official page, which would significantly broaden the audience for projects and accurately track downloads.

Ultimately, we should continue to improve support for projects through technology, providing incentives for projects to mature, and increasing ease-of-use / accessibility to our community.

With all that said, I kindly ask for your support and vote in the 2017 OWASP Board Election.

Questions?

Please feel free to ask me anything, greg.anderson@owasp.org.