Richard Greenberg 2018 Bio and Why Me



About Richard:

Richard Greenberg, CISSP is the current Chapter Lead for Los Angeles. He has been a selfless and tireless volunteer for OWASP, helping to grow both the OWASP Los Angeles and Orange County chapters. He has been an instrumental force in uniting the information security community in the Southern California region. He has been involved in a multitude of projects and events, increasing awareness of OWASP and secure development and helping to grow membership.

When Richard joined the OWASP LA Chapter, meetings were attracting 12-15 attendees. His marketing efforts and work with the vendor community to help sponsor meetings has driven attendance to 80-100 each month. There are currently 1,531 OWASP LA Meetup members.

When the Orange County Chapter stopped meeting, Richard worked with the International Board and local volunteers in OC to reinvigorate the OC Chapter. It now meets monthly and has 1,145 Meetup members.

Richard was a member of the OWASP Global Conferences Committee, lending his years of experience in putting together successful conferences, from the perspective of quality of speakers, smoothness and professionalism of the events, and profit.

Richard has a wide vision, and has reached out far from just the Development community to indoctrinate many IT and InfoSec professionals in Southern California with the philosophy and beliefs of OWASP. He is also President of ISSA-LA, and has been ensuring collaboration between these two leading SoCal organizations for many years, resulting in a large increase of both awareness and attendance at both organization's meetings. Richard has organized joint meetings also with CSA (the Cloud Security Alliance), ISACA, AITP, MESA, and HTCIA (High Technology Crime Investigation Association).

Richard was a Co-Chair of the highly successful AppSec USA in 2010 in Irvine, California, and has been Co-Chair of the highly acclaimed AppSec California from its inception in 2014 to the present, conferences that have provided possibly the best speaker line-ups anywhere.

Richard also speaks at conferences and moderates panels on InfoSec and Secure Development, most recently at Shellcon in Sept 2018. He has worked with ISSA International to bring secure development talks into the general InfoSec community, including presentations to CISOs and at the ISSA International Conference.

If we are going to affect change and help to get companies to take seriously the release of secure software, we cannot continue to just "preach to the choir", but must reach all those who can have a say in company policies. Collaboration is the key, and Richard is a strong proponent of this, using so much of his waking hours (fortunately he only needs 4-5 hours of sleep a night) to bring folks together to learn and share information.

How I can Help OWASP:

My experience as a CISO involve many of the things that are crucial for OWASP right now: vision, budget, strategic planning, communication, marketing, project management, and policies. There has been a lot of turnover in OWASP management staff, a number of hot button issues have occurred in the past few years, and the organization is having financial issues. OWASP needs a leader who has the wealth of years addressing challenges not unlike what we are facing today.

The current OWASP Global Board is comprised of dedicated volunteers who believe in the mission of OWASP. I hope to join them. There has been much discussion in the community about transparency and communication, and I can help increase both of these important aspects that inspire trust and support. Those who know me can attest to my strong beliefs in an open and honest management style, and one that supports constant communication and dialogue.

I have been the OWASP Los Angeles Chapter Leader for almost six years. During that time, I tripled monthly attendance, increased sponsorship revenue, brought in great world-class speakers, and started (with Neil Matatall) AppSec California, one of the most successful OWASP conferences in the world. Now in its sixth year, AppSec Cali is a showcase in how to build and run a top conference, with great content, a sizable profit, and a fun and rewarding experience for all attendees. As a previous member of the Global Conferences Committee, I helped craft the OWASP Conference Project Plan that has been the bible for how to manage a successful conference.

I am a strong believer in the enablement and sharing of knowledge and experience with chapters. The chapters are our boots on the ground, doing all the heavy lifting, and must be supported as best as we can. The paid management team doesn't just work for the OWASP Foundation, but also for the chapters. I had put forth a proposal to the Executive Director to create a tiered support plan that would be offered to all chapters running a conference. The split of the profits would be based on the level of support that OWASP management provides; the more support, the greater the % for the OWASP Foundation. This would address one of the hot topics currently being discussed in the community. I also propose a special hybrid sponsorship for regional events, which would include a sponsorship at both the regional event and a corporate Foundation sponsorship. This can hep generate badly needed revenue for the Foundation, without taking away from chapter funds.

I propose an Advisory Board to address pressing topics and issues. The Global Board is a volunteer board, and thus incapable of handling everything that needs attention, and the management team is just too small. There just isn't enough money to hire more staff. We will just have to do it ourselves. Reinstating the various Committees, such as the Chapter and Conferences, is also crucial for the Foundation to move forward. The Advisory Board and Committees would be comprised of dedicated proven chapter leaders, and can serve as a proving ground for future Global Board members.

One of the core areas of OWASP worldwide is the development of tools and apps: our Projects. We need to continue to support projects, and help get resources to enable our brothers and sisters who are giving so much of their time. It is great that we have Harold Blankenship aboard to support our projects; we must ensure he gets the resources he needs to be successful at his job. Projects need to be a priority moving forward. More money needs to be earmarked to help projects continue to be developed. That means more oversight on the budget, which I am well qualified to help manage.

Lastly, I am an avid supporter and believer in a more diverse InfoSec and Development workforce. Finding skilled people in these fields is hard enough, and it will get worse soon. Women and minorities need a welcoming and supportive environment and OWASP must take an active roll in creating vehicles to support this. We need to ensure all of our events worldwide operate under a zero tolerance policy. We need to extend what I am doing at AppSec California in January and AppSec USA is also doing, which is offering Diversity Scholarships to allow diverse groups to get attendance and travel sponsored at these wonderful events.

Contact Info: richard.greenberg@owasp.org

https://www.linkedin.com/in/richardagreenberg/