User:Owen Pendlebury



Owen is the current Vice-Chair of the OWASP global Board of Directors.

Owen graduated in 2009 from Dundalk Institute of Technology, with a degree in Computer Applications and Support and an honours degree in IT Management specialising in web application development and networking. In 2009, Owen completed an MSc in Security & Forensic Computing from Dublin City University.

Owen has been involved in the OWASP Foundation since 2009. He started out attending OWASP Dublin meetings and helping to facilitate chapter meetings and security workshops. Eventually, he took on the role of Dublin board member and led the Dublin Chapter of the Open Web Application Security Project (OWASP) organisation. In 2017 was elected to its Global Board of Directors where he held the role of Secretary and recently Vice-Chair of the global foundation. In 2016, Owen was awarded an OWASP Web Application Person of the Year (WASPY) award for Innovation and Sharing.

Some of the projects that Owen has been involved in include, AppSec EU 2016/2017/2018/2019 Committee/ Training/ Speaker Committee chair, DaggerCon, Cyber Startup Summit, Source Dublin, Advanced Threat Intelligence Seminars, speaking on behalf of OWASP at BlackHat USA and EU, Cyber Security Summer Camp for school kids and OWASP Women in AppSec Committee/ mentoring.

Owen has over 10 years’ experience in penetration testing and red teaming, working as part of several global Attack and Penetration Teams at “Big 4” professional service firms. He currently leads the penetration testing and red teaming teams for Deloitte Ireland and has in-depth experience of application, network, wireless and device penetration testing, having served numerous local and global institutions as clients in this area. Within Deloitte, Owen acts as vulnerability management lead for the EMEA region, setting the strategic direction, quality standards and deliverables for vulnerability management across EMEA. As part of this role, Owen has brought his colleagues from both EMEA and across the globe together to collaborate on innovative projects as well as client pitches.

He also lectures and sits on the computer science program boards at the National College of Ireland (NCI) in web application, network security, and secure application development. In 2017, Owen was approached to architect a MSc, Degree and HDip in cyber security for NCI and has been working actively in supporting the bridge between academia and industry. He is also a keen advocate of diversity in cyber security and takes an active role in supporting the OWASP Women in AppSec group through mentoring and working with those who are trying to get into the field.

Answers to 2019 Global Board of Directors Questions/ Answers
Link to Video - https://youtu.be/Gr0bZLz1o3Y

1. What are the 3 biggest challenges you think OWASP is facing and how do you think we can solve them? '''2. Many say the "O" in OWASP stands for "Open", and that we must remain "open" at all costs. In the past this has resulted in allowing known-bullies to persist within our community. Do you feel that remaining "open" is more/less/equally important to ensuring a safe, respectful and harassment free community? And why.'''
 * Economies of scale - I think as a global community we are facing a lot of challenges, one of which is how can we bring OWASP and our conferences to more economically challenged areas. To combat this, we on the board of directors have been discussing introducing an economy of scales for locations like this.
 * Diversity – we have an extremely big community but one thing we need to put a lot of effort into is, reaching out to the minorities. We have been doing this already through WIA and outreach programs such as Defcon/ BlackHat. We need to put more emphasis into our outreach to these minorities.
 * Staying relevant – OWASP is nothing without our community, who create the content/ projects that makes OWASP what it is. If we do not put the time and effort into making OWASP the place to be to work on these projects, what’s to stop another organisation from competing with us. We need to ensure that OWASP is where people want to come to collaborate and further our mission of improving software security.

I think in my tenure on the board of directors we have not stood for this behaviour. We are all adults, we all have to act as the professionals and treat people how we would want to be treated. There is a line where we have to interpret peoples culture, whether it is misinterpreted as part of an email which is read in the heat of the moment or whether people are just being plain inappropriate. There is no place for this behaviour in OWASP and if re-elected I will maintain my stance of a safe, respectful and harassment free community. In the end the community is OWASP, and we need to make it a safe place for all the cool people that make OWASP what it is.

3. How do you hope/plan to improve OWASP's financial situation?

This is one of those hard to answer questions. In the past few years we have struggled as a foundation to maintain the standards expected of an organisation our size due to fluctuation at an ED level. Now that we have consistency in the form of Mike we are able to pick out the pain points within the foundation and start to improve on them. One of which is our conferences, im not going to lie this is our main source of revenue, although every time we run a conference we are starting from scratch each time. By creating a solid baseline for the foundation to grow from, I believe the financial situation will continue to improve

4. How do you hope/plan to better support and encourage the OWASP projects, chapters, and staff?

By being there for them, whether it be for a coffee, an email or a call I will always have been and will be available for all three groups. As I mentioned before OWASP is the community and projects, chapters and staff are all part of our community, we should all work together for our common goal.

'''5.  How do you hope/plan to improve OWASP's community? We have had some angry chapters, projects and community members, how do you hope/plan to improve community relations and relationships?'''

By enabling them to provide feedback and prompt change. With the committee 2.0 model the community has a structure to enable change. None of us are perfect but if we all work together then we can really make a difference. One of the issues I’ve noticed over the past two years on the board is that information is communicated via email which can be misconstrued, maybe it’s time to make these communications via live town halls to enable the community to have an input.

'''6. How do you hope/plan to draw a more diverse group of newcomers to OWASP? Women, people of colour, non-binary, students, second-career, LGBT, people with disabilities, and other groups that are under represented both in our industry and in our community. How do you hope/plan to attract them to our community, events, foundation, projects and chapters?'''

We need to provide a platform for each. WIA is a great example of our diversity outreach program, another is the funds we are putting into scholarships for those to attend a global appsec conference. One idea I proposed at a recent board meeting and on social media was the idea of OWASP enabling college students to complete internships reporting directly into the project leader.

'''7. How do you hope/plan to improve the AppSec Global events? Do you feel they need improving?'''

We need to standardise our conferences, as previously mentioned every time we run a conference, we start as if we have never done it before. Everything needs to be documented and we need to run conferences as a conference in a box approach. We also need to promote our conferences earlier as well as encourage a more diverse audience/ speakers through scholarships and initiatives.

'''8.  How do you plan to handle the  massive stress, time and responsibility of being an OWASP Board member on top of your other professional duties? How many hours a week do you plan to dedicate specifically to the role of OWASP board member?'''

This is something that’s very volatile. In my first year on the global board I took up the secretary board role and in my second-year vice-chair. Both have involved putting in a lot of hours both in the evenings and on weekends to fulfil the roles. As vice chair I have at least 3 calls a week generally Monday- Wednesday with ad-hoc calls with staff and the chair when required. I’ve really enjoyed my role on the board and do not see it as a burden but a challenge to make something great, even better.