Ofer Maor 2018 Bio and Why me
I’m a passionate cybersecurity professional with 25 years of experience in the industry, 20 of which in the AppSec field. I’ve been part of OWASP for 16 years, (almost) since its inception, and I’ve had the opportunity to take part of different activities and wear different hats with OWASP through those years, seeing how OWASP has grown and evolved over the years from a tiny idea to what drives the industry standard in application security today.
At the same time, I’ve also had the opportunity to work in various roles in the security industry, ranging from pen-testing, consulting, research, support, development, product management and all the way up to founding and managing several companies in this space. I’ve been a Breaker, a Builder and a Defender. I’ve been as hands-on and technical as it gets, but also had the chance to see how things operate on the larger scale.
Deep inside, I’m still a (ethical) hacker at heart, and I’m still an idealist about the the notion of community and open source at large, and OWASP specifically, yet at the same time I understand how organizations operate and what they need to do to thrive, and I believe this balance is what I can bring to the OWASP Board. I will strive to help the foundation to grow and improve so that it can better support the community which OWASP has always been and should be. I will work to keep this balance, so that OWASP can become even better than it is today.
I’ve been part of OWASP for 16 years, (almost) since its inception, and I’ve had the opportunity of being involved in various activities:
- I’ve been on the board of OWASP Israel for 9 years, of which I was the chair for 4 years. During this time OWASP Israel has grown considerably and transformed from a small chapter with no funding (and a single board member) to one of the largest communities in OWASP with a proper board and volunteer base.
- For the past decade we’ve been running the OWASP AppSec IL conference every year, growing it from a half-day, single-track event with 90 attendees to a multi-day conference with trainings and over 700 attendees. Today, OWASP AppSec IL is one of the most attended OWASP events every year. I’ve had the chance of running the conference as a chair for several years and took on other roles later, including content committee (speaker selection), sponsorships (driving revenue to the conference), and more.
- I’ve also been part of the Global Membership Committee (before the committees were disassembled). In this role we drove initiatives to increase OWASP membership (and thus revenue) for both individuals and corporates.
Outside of OWASP, I’ve had the chance of working in various roles in the industry. I’ve also had the chance of founding and running my own companies – first an AppSec consulting company, followed by an AppSec product company (both later acquired and still alive). I’ve been on the Board of several companies (including a publicly traded company in NYSE/Euronext), and I’ve had the chance to define, manage and review budgets and financial management of companies.
For more information about my professional experience you are welcome to visit my LinkedIn Profile: https://www.linkedin.com/in/ofermaor/
You can also listen to my latest podcast recording from AppSec EU 2018 by Chris Romeo from the Application Security Podcast, where I share some of my history, my current work and my intention to run for the OWASP Board at: https://www.securityjourney.com/blog/a-pen-testers-transition-to-appsec-vote-for-ofer/
I’m passionate about OWASP, and especially about its community. I’ve been working with OWASP for a long time, and have always cared for it. I’ve met some of the best people along my professional career through the OWASP community, and many of them became long lasting friends. Through my entire time with OWASP, the community is what drives me forward, and driving this community forward is what I can bring to the table.
Rather than "Why Me?", someone recently asked me "Why Now?". These questions are related. Over the course of 16 years with OWASP, the thought of submitting my candidacy for the board has crossed my mind several times. At times I felt there were already candidates with more experience than I had, at other times I was too occupied by running my own company to allow for the time commitment that the OWASP board entails, but I feel now is the right time where I can contribute the most.
OWASP is going through growing pains, that are natural at this time and place, yet still immensely challenging. OWASP has a growing financial pressure to support its growth, and at the same time has growing industry pressures, with vendors looking to influence the industry standards that it set. These pressures present great challenges for OWASP, both on the foundation and on the community, generating friction and frustration. Last year we’ve witnessed such a disconnect and miscommunication, which nearly ripped the community apart. During that time, I’ve worked with the board, the foundation and the community, to smooth things out, find the right solution, and prevent the rip.
Seeing which challenges we are facing, and the contribution I can offer, allowed me to make up my mind that now is the time and place for me to become part of the board, and do the best I can to contribute to OWASP.
I plan to focus on the fine balance between the community, the financial constraints and the industry as a whole, to make sure OWASP stays true to its spirit, yet is allowed to grows and evolve to its next phase, reaching new audiences and making a greater impact on the software industry as a whole.
Some key areas I plan to focus on include:
- Chapters: I believe there’s room to reform the chapters structure – make it easier to kick off meetups and community activities, while reducing the administrative burden from the foundation. As a board member I will initiate activities, together with the community, to find a more efficient structure that will serve us better.
- Membership: I believe our current membership structure, both at the individual and corporate levels, makes it hard to increase membership revenue to the foundation, as it is not always clear what is the membership value. As a board member I will work with the foundation and the community to build new membership offerings that could help increase membership revenue, while recognizing community contribution.
- Committees: I believe Global Committees can be a great way to drive more initiatives by people in community, who are eager to do more and need the right framework. As a board member I will support initiatives that offer the community the framework to do more, especially around Chapters, Projects, and Education (and work to make sure they function better this time).
- Vendor Neutrality: Throughout my entire OWASP roles, I’ve always put great emphasize on vendor neutrality (despite working for one or another throughout this entire time). I believe the only way to keep OWASP relevant and valuable, is by making sure the content we produce in projects, conferences and education is neutral - focusing on best practices and practical knowledge, and not on marketing pitches and sales activities. As a board member I promise to vigorously fight against any attempt to externally influence OWASP as a whole, or any of its projects or conferences, in favor of specific vendor, whether it is financial gain or by taking control of an activity.
If you'd like to know more - feel free to reach out to me:
- Mail: firstname.lastname@example.org
- Twitter: @OferMaor