Vandana Verma

Vandana is a seasoned security professional with over a decade worth of experience ranging from application security to infrastructure and now dealing with DevSecOps and Cloud Security.

Vandana is a global speaker and Women in Cyber Security Advocate. She received Global cybersecurity influencer Award among IFSEC Global's "Top Influencers in Security and Fire" Category for 2019. She recently received Cybersecurity Women of the year award by Women Cyberjutsu Society in the Category “Secure Coder”. She has also been listed as one of the top women leaders in this field of technology and cybersecurity in India by Instasafe.

She works with various communities (InfoseGirls, OWASP, WoSec and null) and is passionate about increasing female participation in Infosec space. She has trained over 400 Diversity Participants around the globe on Web Application Security.

Community Associations:-
●   Chapter at OWASP Bangalore

●   Asia Lead and Secretary OWASP Women in AppSec(WiA)

●   Heading Infosecgirls

●   India Lead WoSec (Women of Security)

●   Volunteer at Null Community

Speaker
●   Defcon - AppSec Village (August, 2019)

●   Diana Initiative (August, 2019)

●   RootConf, Bangalore 2019 (Developers Conference)

●   Security Guild 2019 - Link

●   Owasp ApSec EU (July 2018)

●   Kids Glove at c0c0n (Kerala Police Conference), 2017

Trainer
●   Nullcon, Goa 2017

●   BSides Delhi, 2018

●   AppSec USA (October 2018)

●   AppSec California (January 2019)

●   Training for St. Cloud University, Minnesota (January 2019)

●   Training for Cairo University, Egypt (February 2019)

●   Owasp Seasides (March 2019)

●   Global AppSec Tel Aviv (May 2019)

●   Assistant Trainer at Blackhat USA (August, 2019)

Paper Review Committee
●     Global AppSec Tel Aviv 2019

●     Grace Hopper USA 2019 (Security/Privacy Review Track)

●     Grace Hopper India 2019 (Security/Privacy Review Track)

●     BSides Ahmedabad

International Award and Honours
●     Cybersecurity Women of the year award by Women Cyberjutsu Society in the Category “Secure Coder”

●      Counted as Top #5 Global cybersecurity influencer among IFSEC Global's "Top Influencers in Security and Fire" Category for 2019:

●      listed as one of the top women leaders in this field of technology and cybersecurity in India

●     Appreciation Letter from Head of the Cyber Security Department, St. Cloud University, Minnesota

Upcoming Speaking Engagements:-
●     11th September - Keynote Speaker at Global AppSec DC -  https://dc.globalappsec.org/

●     06th November - All Day DevOps (Online Conference)- (https://www.alldaydevops.com/addo-speakers)

Mentions:-
Hacker Stories with Kim Crawley on Peerlyst (https://www.peerlyst.com/posts/hacker-heroes-vandana-verma-kimberly-crawley)

HackInterview - https://medium.com/bugbountywriteup/hackinterview-with-vandana-document-your-learning-in-the-form-of-blogs-3b265ec03be1

Owasp hacker Kids :- (Interview on the event)

 CTF Winner 
 * WINJA at Nullcon, Goa 2015

Social Media:-
Twitter:- InfosecVandana

Linkedin:- Vandana Verma

Email : Vandana.verma@owasp.org

1. What are the 3 biggest challenges you think OWASP is facing and how do you think we can solve them?
- Bring a Sense of Purpose and Mission back by bringing cultural change. Over the years, many community members and leaders have either quit OWASP or have stopped participating because they did not feel the purpose and mission being served, we need to bring fundamental cultural change which will not only encourage old members to join us again but also bring new participation

- New Research (OWASP is widely used and known for its flagship projects such as ASVS, ZAP, Top 10, Testing Guide, etc. The teams producing these projects are awesome. We need to work to see how can we enable more such individuals and teams to work on areas in Web Application Security where we may not have done much work for example - client side security )

- Decentralization - OWASP is a huge community and it is simply not possible to entirely run it from a single place by a handful of staff and board members. We need to empower the community at large and help them make decisions at a regional level keeping larger OWASP principles in mind. Controlling and Governing a community which has around 20 flagship projects and 200+ chapters with thousands of people from various regions of the world is not a good idea in my opinion

==== 2. Many say the "O" in OWASP stands for "Open", and that we must remain "open" at all costs. In the past this has resulted in allowing known-bullies to persist within our community. Do you feel that remaining "open" is more/less/equally important to ensuring a safe, respectful and harassment free community? And why. ==== - Yes. Remaining Open as well as ensuring a safe, respectful and harassment free community are equally important in my opinion. By being open we enable the purpose and mission of OWASP which will lead to the best minds in the Web Application Security space to come and contribute as well participate with OWASP in making the web a safer place. However, it is equally important to ensure that the community is free from bullies, there should be no tolerance for inappropriate behaviour. It should be of the utmost priority that every opinion must be heard and taken into consideration while making any decisions. One such inappropriate behaviour causes many individuals the discomfort to not being able to participate in the community which I think is totally unacceptable. There should be an open environment where people should be comfortable asking questions as well as answering those. Most often bullies are stopping people from participating, and that's twice as bad. I will try to ensure an environment free from bullying and other negative behavior.

3. How do you hope/plan to improve OWASP's financial situation?
Healthy financial situation of the foundation is key towards its success. I personally believe if the community functions at its best working towards its mission and purpose, producing awesome projects, evangelizing appsec through our chapters and events, we would be in a situation where in we can garner more financial support from the industry. Our ED is already doing some great work in creating custom packages for events and corporate sponsorships and I would like to help build on that work. We will also reach out to the places in industry where we might not have in the past and seeks funds and grants. I will work closely with staff on finances and ensure we will do what is best in the interest of community and the effective functioning of OWASP

4. How do you hope/plan to better support and encourage the OWASP projects, chapters, and staff?
- Staff: We need to consider a handful of staff as one of the most important part and key enablers of the OWASP community. We will review and ensure staff does the most important enabling works for the community such as handling the foundation tasks, finance, event management, facilitating and supporting projects and chapters with resources required, etc. Anything and everything which the community can step up and help we will ensure, that is done. Be it by forming committees or workgroups or anything necessary

- Chapters: Chapter management definitely needs to improve. A handful of staff or one community manager is simply unable to handle 200+ different chapters in different geographical regions with different dynamics and cultures. We definitely need to empower regional groups (volunteers) to oversee effective chapter management and help the staff in supporting them so that the chapters can continue advocating OWASP in their region

- Projects: Projects are one of the most important areas we need to work in. I want to create an environment where the project leaders/teams should only have to worry about developing the project (be it by coding or writing, etc.). OWASP should be able to provide the necessary tools, and resources for the project and also should provide platforms for advocacy. We have some awesome projects and we need to invest more in advocating them, which in turn can bring more contribution towards them

5.  How do you hope/plan to improve OWASP's community? We have had some angry chapters, projects and community members, how do you hope/plan to improve community relations and relationships?
-The first and foremost step in this process is to reach out and listen. In my experience, we have had situations in the past, when leaders and community members wanted to express their concerns and never had the opportunity to be listened well, which in turn turned them into angry members. It is important to listen to their concerns and their perspective, and then trying to fix one thing at a time. Identifying the things which affect the highest number of leaders and community members, working together to reach a solution and then moving to the next thing. It is a big community and board members should be more empathetic to the community which as a result brings the community closer to each other and speak out their concerns and address them in a healthy manner.

==== 6. How do you hope/plan to draw a more diverse group of newcomers to OWASP? Women, people of colour, non-binary, students, second-career, LGBT, people with disabilities, and other groups that are under represented both in our industry and in our community. How do you hope/plan to attract them to our community, events, foundation, projects and chapters? ==== - Diversity has been one of my major focus areas throughout my work in the community over the last few years. I am deeply committed to working towards ensuring we have a truly diverse community in all aspects. We have been already working through a lot of initiatives for increasing women participation and I want to focus on attracting all other groups to participate in OWASP by creating an environment where all opinions are mattered and everyone feels comfortable, which is free of abuse and rolling out initiatives to attract participation from all groups and then ensuring they are a part of the larger community

7. How do you hope/plan to improve the AppSec Global events? Do you feel they need improving?
The current board and the ED have already worked in the last few years in improving the overall AppSec Global events format and the sponsorship models which I think is a great work by them. Having said that we always have areas of improvement. I want to bring more focus to our projects in these global appsec events, with project specific events and engage with the larger community by ensuring the content in these conferences are top class. We also need to provide great value to our sponsors at these events without compromising on the overall vendor neutral content and quality which is important for our financial growth too. I want to encourage regional events and provide the ecosystem to make those happen

==== 8.  How do you plan to handle the  massive stress, time and responsibility of being an OWASP Board member on top of your other professional duties? How many hours a week do you plan to dedicate specifically to the role of OWASP board member? ==== - One of the things, I have as a principle in my life is to never shy away from responsibilities. I decide carefully which responsibility I want to take and then fulfil it with complete dedication. My professional work has been kind enough to offer me a flexible work environment. Due to the time zone differences, it is easy for me to spare a couple of hours every day for being on OWASP related meetings and calls along with any other task which needs my attention. Also, I can provide a few hours on weekends. I have managed my time over the last few years by being a part of a lot of other volunteering efforts and I am confident I will be able to do justice to the role of board member in OWASP as well if elected.

References:-
Are you a registered member of @owasp? I am.And I am planning to vote for @InfosecVandana in the upcoming Board of Directors Election. So many reasons...She is a long time supporter of all InfoSec communities and people, including women and children. - "Tanya Janca"

Seconded. Voting for @InfosecVandana is one of the easiest decisions - she is pure @owasp, and exactly what @owasp needs. She does SO much for @owasp and the entire community, and she also happens to be brilliant and and an incredible ethical mind. - "Avi Douglen"

I would like to full heartedly endorse the very amazing @InfosecVandana for the @OWASP board. She’s a wise and intelligent leader. The foundation would be fortunate to have her board level service. - "Jim Manico"

@InfosecVandana is an excellent choice for an @owasp Board member. She is a true leader, who builds so much for security and the community. She always has the community’s best interest in mind and is a role model to us all. - "Zoe Braiterman"

One more vote goes to @InfosecVandana. I fully endorse her, please support her in the coming @owasp board election. - Mark Felegyhazi