Andrew van der Stock 2016 Bio & Why Me?

About Andrew:

Andrew van der Stock is a long time contributor to OWASP dating back to late 2002 / early 2003. He was the project lead and lead author of the OWASP Developer Guide 2.0, OWASP's original project, the OWASP Top 10 2007, which established the methodology used to this day, and led the creation of the ESAPI for PHP project, and is currently the project lead of the OWASP Application Security Verification Standard. He has been on the OWASP Board since 2015, and became OWASP's Treasurer in 2016.

His research interests include proactive security - building application security into the development process, empirically debunking mythical "leading" practices, and modern responsive JavaScript / TypeScript web applications. He lives in Geelong, Australia with his wife, daughter and psycho cat.

Why I would like to be elected to the Global OWASP Foundation Board of Directors

I ask for your vote for three reasons:

Increased outreach outside of the echo chamber. We have reached nearly everyone in the infosec community. It's more than past time to get back to OWASP's original roots and have inspired conversations with developers and the business. We can't be in the business of telling people what to do, it's important to OWASP to reach out to developers to find out how to enable secure business.

Maturing OWASP as a platform. I want to help OWASP be the best place to host application security projects, chapters and outreach. As part of this, I think it is important for OWASP to find a sustainable way to fund OWASP Fellowships, where key individuals - whether project, chapter or outreach, can be funded to work on OWASP activities full time.

Increased diversity. I am working on ensuring that OWASP will no longer have all male keynotes and panels, but draw from high quality speakers no matter their gender. To this end, I encourage women to not only nominate for the Board, but to participate in our conferences, projects, chapters and outreach.

Financial and audit. OWASP has crossed the $2m per year threshold for non-profits, which means to maintain our 503 (c) 1 status as a non-profit, we need to demonstrate good financial record keeping practices, as well as demonstrably spend Members' funds on our strategic goals - outreach, projects and chapters. Within the year, we are due to go for an external audit, and I have pushed through reform to establish an audit committee.

For these reasons, I would like the opportunity to continue pushing OWASP in the wider community, and to break through the $5m barrier, which is only possible by ensuring that we as Board members empower our members and volunteers to deliver high quality projects, run extraordinary chapters throughout the world, and to ensure that we do more outreach, like sponsoring booths at developer conferences, such as JavaOne.