Ofer Maor 2019 Bio and Why me

About Ofer
I’m a passionate cybersecurity professional with 25 years of experience in the industry, 20 of which in the AppSec field. I’ve been part of OWASP for 17 years, (almost) since its inception, and I currently serve on its Board of Directors. I've also held multiple roles in OWASP, including Chapter Leader, Global AppSec Event Co-Chair, Global Committee Member and more...

At the same time, I’ve also had the opportunity to work in various roles in the security industry, ranging from pen-testing, consulting, research, support, development, product management and all the way up to founding and managing several companies in this space. I’ve been a Breaker, a Builder and a Defender. I’ve been as hands-on and technical as it gets, but also had the chance to see how things operate on the larger scale.

Deep inside, I’m still a (ethical) hacker at heart, and I’m still an idealist about the the notion of community and open source at large, and OWASP specifically, yet at the same time I understand how organizations operate and what they need to do to thrive, and I believe this balance is what I bring to the OWASP Board. Since the beginning of the year, I have worked with the foundation staff to help grow and improve OWASP so that it can better support the community.

Today, after only a little over half a year on the board, I feel like we are starting to make a progress, and I would like to stay on the board to make sure that I can help drive those changes through.

Link to my Video here:

Why Me?
I’m passionate about OWASP, and especially about its community. I’ve been working with OWASP for a long time, and have always cared for it. I’ve met some of the best people along my professional career through the OWASP community, and many of them became long lasting friends. Through my entire time with OWASP, the community is what drives me forward, and driving this community forward is what I can bring to the table.

Rather than "Why Me?", someone recently asked me "Why Now?". These questions are related. Over the course of 16 years with OWASP, the thought of submitting my candidacy for the board has crossed my mind several times. At times I felt there were already candidates with more experience than I had, at other times I was too occupied by running my own company to allow for the time commitment that the OWASP board entails, but I feel now is the right time where I can contribute the most.

OWASP is going through growing pains, that are natural at this time and place, yet still immensely challenging. OWASP has a growing financial pressure to support its growth, and at the same time has growing industry pressures, with vendors looking to influence the industry standards that it set. These pressures present great challenges for OWASP, both on the foundation and on the community, generating friction and frustration. Last year we’ve witnessed such a disconnect and miscommunication, which nearly ripped the community apart. During that time, I’ve worked with the board, the foundation and the community, to smooth things out, find the right solution, and prevent the rip.

Seeing which challenges we are facing, and the contribution I can offer, allowed me to make up my mind that now is the time and place for me to become part of the board, and do the best I can to contribute to OWASP.

Focus
I plan to focus on the fine balance between the community, the financial constraints and the industry as a whole, to make sure OWASP stays true to its spirit, yet is allowed to grows and evolve to its next phase, reaching new audiences and making a greater impact on the software industry as a whole.

Some key areas I plan to focus on include:
 * Chapters: I believe there’s room to reform the chapters structure – make it easier to kick off meetups and community activities, while reducing the administrative burden from the foundation.  As a board member I will initiate activities, together with the community, to find a more efficient structure that will serve us better.
 * Membership: I believe our current membership structure, both at the individual and corporate levels, makes it hard to increase membership revenue to the foundation, as it is not always clear what is the membership value. As a board member I will work with the foundation and the community to build new membership offerings that could help increase membership revenue, while recognizing community contribution.
 * Committees: I believe Global Committees can be a great way to drive more initiatives by people in community, who are eager to do more and need the right framework. As a board member I will support initiatives that offer the community the framework to do more, especially around Chapters, Projects, and Education (and work to make sure they function better this time).
 * Vendor Neutrality: Throughout my entire OWASP roles, I’ve always put great emphasize on vendor neutrality (despite working for one or another throughout this entire time). I believe the only way to keep OWASP relevant and valuable, is by making sure the content we produce in projects, conferences and education is neutral - focusing on best practices and practical knowledge, and not on marketing pitches and sales activities.   As a board member I promise to vigorously fight against any attempt to externally influence OWASP as a whole, or any of its projects or conferences, in favor of specific vendor, whether it is financial gain or by taking control of an activity.

Relevant Experience
I’ve been part of OWASP for 17 years, (almost) since its inception, and I’ve had the opportunity of being involved in various activities: Outside of OWASP, I’ve had the chance of working in various roles in the industry. I’ve also had the chance of founding and running my own companies – first an AppSec consulting company, followed by an AppSec product company (both later acquired and still alive). I’ve been on the Board of several companies (including a publicly traded company in NYSE/Euronext), and I’ve had the chance to define, manage and review budgets and financial management of companies.
 * I've been on the Global Board of OWASP since January 2019, serving as the Secretary of the Board. As part of this role I am working with the staff on driving changes both to corporate and individual membership, to help OWASP become more professional as well as stabilize its financials. I'm also working on driving other initiatives for making the board interactions and meetings more professional, delivering better outcomes.
 * I've been the co-Chair of Global AppSec Tel Aviv that took place in 2019. We had a great turnaround of people and sponsors in a location that has never before had a Global AppSec Event. We've also managed to make Global AppSec Tel Aviv more inclusive than ever with over 30% female speakers!
 * I’ve been on the board of OWASP Israel for 10 years, of which I was the chair for 4 years. During this time OWASP Israel has grown considerably and transformed from a small chapter with no funding (and a single board member) to one of the largest communities in OWASP with a proper board and volunteer base.
 * For the past decade we’ve been running the OWASP AppSec IL conference every year, growing it from a half-day, single-track event with 90 attendees to a multi-day conference with trainings and over 700 attendees. Today, OWASP AppSec IL is one of the most attended OWASP events every year. I’ve had the chance of running the conference as a chair for several years and took on other roles later, including content committee (speaker selection), sponsorships (driving revenue to the conference), and more.
 * I’ve also been part of the Global Membership Committee (before the committees were disassembled). In this role we drove initiatives to increase OWASP membership (and thus revenue) for both individuals and corporates.

For more information about my professional experience you are welcome to visit my LinkedIn Profile: https://www.linkedin.com/in/ofermaor/

You can also listen to my latest podcast recording from AppSec EU 2018 by Chris Romeo from the Application Security Podcast, where I share some of my history, my current work and my intention to run for the OWASP Board at: https://www.securityjourney.com/blog/a-pen-testers-transition-to-appsec-vote-for-ofer/

Contact Me
If you'd like to know more - feel free to reach out to me:
 * Mail: ofer.maor@owasp.org
 * Twitter: @OferMaor