Difference between revisions of "2013 Board Elections"

Jump to: navigation, search
(2013 Board Candidates: changed the Abbas Naderi description text)
Line 59: Line 59:
|align="center"| Abbas Naderi Afooshteh||align="center"|Honorary Member||align="center"|Abbas Naderi Afooshteh is a renowned security expert in the middle east, he has ranked first in many national and global CTFs and has been in the field for more than 8 years. He is the current Iran Chapter Leader at OWASP, and has 5 years of activity in OWASP resulting in many projects such as OWASP RBAC Project, OWASP PHP Security Project, OWASP WebGoatPHP Project and etc. He has participated in many other projects such as Cheat Sheets and ESAPI.
|align="center"| Abbas Naderi Afooshteh||align="center"|Honorary Member||align="center"|Abbas Naderi Afooshteh is a renowned security expert in the middle east, he has ranked first in many national and global CTFs and has been in the field for more than 8 years. He is the current Iran Chapter Leader at OWASP, and has 5 years of activity in OWASP resulting in many projects such as OWASP RBAC Project, OWASP PHP Security Project, OWASP WebGoatPHP Project and etc. He has participated in many other projects such as Cheat Sheets and ESAPI.
Abbas has studied software engineering and information technology in his BS and MS and is now going to CMU to study Information Security for MS+PhD. He will also be joining the PPP team.
Abbas has studied software engineering and information technology in his BS and MS and is now going to CMU to study Information Security for MS+PhD. He spends many hours daily leading OWASP projects and mentoring new enthusiastics that join projects, as well as shaping bright ideas into OWASP projects.
More can be found at abiusx.com/cv
More can be found at https://abiusx.com/cv
|align="center"|I have watched OWASP evolve in many years, and inspected how greatly it has impacted the world of web security. Security has grown rapidly these years, and people look up to OWASP to feed them what they need.
|align="center"|I have watched OWASP evolve in many years, and inspected how greatly it has impacted the world of web security. Security has grown rapidly these years, and people look up to OWASP to feed them what they need.
On top of that, OWASP has been my open source haven. The way it operates, people contributing without wanting back, everyone sharing and decisions made in public; I have never seen a community more selfless and more productive in any of the open source communities I've worked in.
On top of that, OWASP has been my open source haven. The way it operates, people contributing without wanting back, everyone sharing and decisions made in public; I have never seen a community more selfless and more productive in any of the open source communities I've worked in.
Line 283: Line 283:
=== Honorary Membership ===
=== Honorary Membership ===

Revision as of 14:04, 22 August 2013

2013 Board ELECTION-BANNER2.jpg

Candidate Submission Link

Board Candidate Submission Form

2013 OWASP International Board of Directors Election

The OWASP Foundation was established in 2001 as an open community and software security resource. Since then, OWASP has grown to be globally recognized as a credible source for application security standards (see industry citations). Individuals typically find OWASP when searching the internet for information about software security - and they are happy to find a reliable source of knowledge built by an extremely open and passionate community. OWASP is open to anyone. Anyone can attend OWASP's vendor agnostic local chapter meetings, participate in regional and global conferences, and contribute to the many OWASP projects. And anyone can start a new project, form a new chapter, or lend their expertise to help an OWASP Global Committee.

The OWASP Foundation Board of Directors consists of six elected volunteers. These unpaid volunteers dedicate themselves to the organizational mission and playing a pivotal role in the software security community. OWASP conducts democratic elections of its Board Members to enable bottom-up advancement of its mission.

Learn about OWASP

  • Read the OWASP Foundation bylaws - Click Here - Review the Monthly Board meetings, voting history and topics - Click Here

Watch a current video about OWASP:

  • Click here to watch an interview with Tom Brennan, OWASP Board Member 2007-Current
  • Click here to watch an interview with Jeff Williams, OWASP Board Member 2004-2011

Or to see OWASP from the beginning, visit the WayBack Machine.

International Board of Directors Primary Responsibilities

Seated members of the Board of Directors attend and contribute to monthly meetings. See Archive. Additionally, they:

  1. Create and review a statement of mission and purpose that articulates the organization's goals, means, and primary constituents served globally. They then support that mission and purpose.
  2. Support all employees. The Board should ensure that the employees have the moral and professional support needed to further the goals of the organization.
  3. Ensure effective planning. The Board must actively participate in the overall planning process for the organization and assist in implementing and monitoring the organization's goals.
  4. Monitor and strengthen programs and services. The Board's responsibility is to determine which programs are consistent with the organization's mission and monitor their effectiveness.
  5. Ensure adequate financial resources. One of the Board's foremost responsibilities is to secure adequate resources for the organization to fulfill its mission.
  6. Protect assets and provide proper financial oversight. The Board must assist in developing the annual budget and ensuring that proper financial controls are in place.
  7. Build a competent Board. The Board has a responsibility to articulate prerequisites for candidates, orient new members, and periodically and comprehensively evaluate their own performance.
  8. Ensure legal and ethical integrity. The Board is ultimately responsible for adherence to legal standards and ethical norms.
  9. Enhance the organization's public standing. The Board should clearly articulate the organization's mission, accomplishments, and goals to the public and garner support from the community.

Additional Responsibilities that the International Board of Directors must adhere to can be found here Board of Directors

Eligibility Requirements for Board Candidates

You need to be an OWASP member. NOT just paid members, but an active project and chapter contributors are eligible. All candidates must be in good standing for a twelve (12) month period of time prior to 30-September 2013. Candidates are required to submit a bio, current membership number and note if you are a paid or honorary member. You will be contacted shortly after your response for an audio interview/podcast. If you are interesting in running for the board then please submit your intention along with the requirements listed above to: Call for Candidates

2013 Board Candidates

Candidate Membership Status Bio Why Me? Country Of Residence
Abbas Naderi Afooshteh Honorary Member Abbas Naderi Afooshteh is a renowned security expert in the middle east, he has ranked first in many national and global CTFs and has been in the field for more than 8 years. He is the current Iran Chapter Leader at OWASP, and has 5 years of activity in OWASP resulting in many projects such as OWASP RBAC Project, OWASP PHP Security Project, OWASP WebGoatPHP Project and etc. He has participated in many other projects such as Cheat Sheets and ESAPI.

Abbas has studied software engineering and information technology in his BS and MS and is now going to CMU to study Information Security for MS+PhD. He spends many hours daily leading OWASP projects and mentoring new enthusiastics that join projects, as well as shaping bright ideas into OWASP projects. More can be found at https://abiusx.com/cv

I have watched OWASP evolve in many years, and inspected how greatly it has impacted the world of web security. Security has grown rapidly these years, and people look up to OWASP to feed them what they need.

On top of that, OWASP has been my open source haven. The way it operates, people contributing without wanting back, everyone sharing and decisions made in public; I have never seen a community more selfless and more productive in any of the open source communities I've worked in. Unfortunately in recent years (specially last year), this trend was changed somehow. Many decisions were made at the board level, that leaders and active members greatly dislike. Many things were done that were not transparent at all. This trend has unmotivated a great many of OWASP participants, and I hate to see that happen any further. The board is there to take the load on OWASP, not to take the spirit away. It is solely there to make decisions when everybody else is busy doing actual worthy stuff, so I strongly believe that when the board works on a decision that will impact everybody in the community, and is not sure that (almost) everybody will like it, it has an obligation to ask and make sure before making that decision. I'm also strongly against the board members empowering their respective chapters, and leaving others behind. The rapid growth of OWASP is bound to introduction of new chapters, and supporting them. I see a lot of chapter with a handful of enthusiastics and they just need a kick-start to add a hundred new active members to our community, yet small influential chapters are taking all the credit and juice to them. The board are the elective body of the community, not their chapters. So on top of making the board activities much more transparent, and supportive other chapters, I plan to involve other influential bodies in the infosec world (namely companies and universities) and get them to financially and academically support new and bright OWASP projects so that they can prosper more rapidly. If we're going to stick what we had 5 years ago as our projects, people will turn away in time. We have a lot of potential and we ought to make it happen.

Kelvin Arcelay Current Paid Member Transformational Information Technology and IT Risk Management executive with extensive expertise in the payments processing and manufacturing industries including operating regulations, supply chain and vertical integration management, discrete and process manufacturing, payment processing platforms and, domestic and international deployments. Core competencies include:
  • Strategy
  • Implementation Scope and Plan
  • Project Management
  • Capacity Planning
  • Security and Risk Management
  • Internal Controls
  • M&A Due Diligence
  • Multi-Nationals
  • Business Continuity Planning
  • Disaster Recovery
Performance-focused executive with more than 25 years of successes managing reliable and secure IT operations. Offers Fortune 100 experience, consistent record of realizing multimillion-dollar cost savings, proven blend of business and technical expertise. Hands-on approach to leadership and change management including ensuring compliance, maintaining quality assurance, optimizing processes, and driving strategic alignment.

Experienced in advisory services for clients with international and domestic operations, collaboration efforts with external auditors, optimization of governance processes and delivering significant optimization programs capable of netting his clients several million dollars in cost savings. Highly analytic, adaptable style of decision-making and problem solving management style proven in the corporate realm, delivering IT services management in global enterprises, M&A portfolio integration management, consolidation of business operations and services, turning around “runaway” ERP initiatives, and, establishing industry standards capable of achieving highly integrated management processes and financial data accuracy.

Ezendu Ariwa Current Paid Member Professor Ezendu Ariwa, FBCS, CITP, SMIEEE, FHEA

Chair, IEEE Consumer Electronics & Broadcast Technology Chapter, UKRI Visiting Professor, Gulf University, Bahrain Visiting Professor, University of Lagos, Nigeria Professor of Business Enterprise Consultancy/Non-Executive Director, ELITSER IT SOLUTIONS INDIA PVT LTD Research Professor for Enterprise Projects/Director - Technical, Sun Bio IT Solutions Pvt. Ltd, India London Metropolitan University, UK Ezendu holds the position of Visiting Professor, Gulf University, Bahrain, Visiting Professor, University of Lagos, Nigeria and Visiting Professor, Kano State Polytechnics, Nigeria as well as Visiting Affiliate of the Green IT Observatory, RIMT University, Australia and Visiting Affiliate of ICT University, USA. He also holds the position of Director - Technical and Non-Executive Director and Research Professor for Enterprise Projects at Sun Bio IT Solutions Pvt. Ltd, India; and Non-Executive Director and Professor of Business Enterprise Consultancy of ELITSER IT SOLUTIONS INDIA PVT LTD, Hyderabad – 500 038 Andhra Pradesh INDIA. He is also the Chair for the IEEE Consumer Electronics Chapter, United Kingdom & Republic of Ireland (UKRI) and Chair for the IEEE Broadcast Technology Chapter, UKRI. He is a Senior Member of Institute of Electrical & Electronic Engineers (SMIEE); Chartered FELLOW of the British Computer Society (CITP, FBCS), Fellow of the Institute of Information Technology Training (FIITT) and Fellow of the Higher Education Academy (FHEA). He is also a Fellow of the Higher Education Academy of United Kingdom (FHEA), member of the Elite Group of The British Computer Society (BCS), member of British Institute of Facilities Management and Fellow of Global Strategic Management, Inc., Michigan, USA and Member of the UK Council for Health Informatics Professions and Fellow of the Higher Education Academy. He is also the Co-ordinator of the Digital Enterprise Research Group (DERG), African Research in Business Group (ARBG) and working with the team to achieve African Business and Enterprise Research Observatory (ABERO) at the London Metropolitan Business School. The ABERO achieved good collaboration with multicultural SMEs in the United Kingdom, with respect to mentoring and working on joint professional development enterprise programmes. He has experience of doctoral research supervision as well as doctoral external examiner for various Universities both in the UK and internationally. He has a good research profile and the Founding Editor-in-Chief of the International Journal of Green Computing (IJGC), Editor-in-Chief of the International Journal of Computing and Digital Systems (IJCDS), Journal of E-Technology, and the Associate Editor of the International Journal of E-Politics and the Associate Editor of International Journal of Distributed Systems and Technologies (IJDST). He is a member of Policy Co-ordination Committee of the International Research Foundation for Development (A Corporation of NGO in special Consultative status with the Economic and Social Council of the United Nations). His research interest includes: Green Technology and Corporate Sustainability, Strategic Information Systems, E-Learning and Knowledge Management, Consumer Electronics and Broadcast Technology, ICT for Development and Facilities Management, Knowledge Transfer in Developing Economy, Open Learning and Social Enterprise, Green Communications and Corporate Social Responsibility, Renewable Energy and Climate Change, Social Media and Energy Management Systems.

If elected to the Global OWASP Foundation Board of Directors, I will use various international networks including Universities, Colleges, Institutions of Higher Education, Industrial Sectors, Business Sectors, Governmental and Non-governmental outlets to promote and engage with the good work.

I will work with the board of Directors and members closely through regular communication in generate new ideas and collaborations for the positive work of the Global OWASP objectives and mission. In addition, the Global OWASP will be promoted through various conferences, Symposium and web-based publications of events and possible special issues with Guest Editors as part of promoting the Global OWASP and collaborative research projects and workshops With my experience in working with various executive board. editorial board, this will complement forum for promoting the Global OWASP internationally and putting it on the apex of professional organisation for excellence. I have the expertise and experience from University teaching, research and enterprise partnerships in the field of Strategic Information Systems and Knowledge Management; and other Enterprise Systems to working with Business and industrial sectors as well as community groups, on collaborative projects and widening Participation as well as Business Enterprise partnerships using Information and Community Technology (ICT). I am one of the Co-Founders, and Co-ordinator of various positive initiatives such as LMBS African Research in Business Group (ARBG) and the Digital Enterprise Research Group (DERG) which received support from the IEEE URI – Consumer Electronics Chapter for events organised. I also served in voluntary capacity as Council Member of the UK Council of Healthcare Informatics Professionals, Chair for the IEEE UKRI Consumer Electronics Chapter, Chair for the IEEE UKRI Broadcast Technology Chapter, Chair of the Society of Digital Information & Wireless Communications (SDIWC), President/Chair of the Nigerian ICT Professionals in the UK, Former Member of Haringey Council Inspection and Registration Advisory Committee, Former member of the Board of Governor of Homerton University Teaching Hospital, London; Former member of the Board of Governor of Royal National College of the Blind, Hereford. My work experience and involvement ranged from University, Business Sectors, local authority, community groups partnerships within Further Education (FE) and Higher Education (HE); Business and Enterprise Sectors and Industries as well as United Nations Representative on behalf of the International Research Foundation Development (IRFD). At the National and International levels, I have active interest in partnerships and collaborative research with the businesses, industries and Universities. I have organised and chaired various international, national and regional conferences, symposium, forum and focus groups, and sharing information, knowledge and communication framework tailored towards digital enterprise and widening participation agenda. This model was geared towards knowledge dissemination through publications, improving performance and ensuring that service levels are improved using cost effective and benefit models in order to achieve best practice. I have developed both national and international network through publications and contributions through meetings where briefing and positive agenda were discussed. I am an efficient and effective person in terms of completing customer satisfaction reports, feedback and time management at cost savings facet within the faculty and the university levels. These factors were used to address gaps in service delivery and provisions with reference to my Green Computing and Energy Savings research in 2008 which focused on the Tower Building (Technology Tower) with positive results in terms of energy savings of £18, 000 per year using the Carbon Trust indicators. I have positive drive and competence that I am always sharing with team members for the advancement of work and developmental target. I am a good listener and active member of a team, and value contribution from reflective team members. I have very good communication skills, both written and oral. I have experience in presentation, reports, and representation using various interface mechanisms. I am skilful in dealing with impartiality, integrity and objectivity, as I am focused on developing positive business enterprise, collaborative research, KTP agenda, and Income Generation. I respect equal opportunity, and wider participation in business and work. In the nutshell, I have in-depth knowledge in the business applications and hope to provide a balance to competitive benchmarking and quality assurance. I have good record of Consultancy and practical achievement at professional, business, industrial and institutional levels. I successfully completed the following consultancy programmes: Design and Development (KTP) with Hug Engineering UK and Austria Working on the GreenTrac – Energy Savings proposals (with UK Company) The British Council Knowledge Management projects for Developing Economies on the following: Record Management Systems for Nigerian Universities and Polytechnics E-Learning Programmes for USA University (Collaborative work) Business Process RE-Engineering & Management for University in Bangladesh ICT Archiving Systems for Iraqi Parliament (In discussion) with the ICT Minister In summary, my experience from University collaborative partnership, community involvement, widening participation and network development programmes; and University research potentials using information systems and financial services expertise will complement my practical orientation and act as valuable asset towards effective Leadership service delivery and customer relationship management . I serve in academic, business and community forum groups for University Diversity Directorate; and I hold the following Visiting Professorship and Editorial positions: Visiting Professor University of Lagos, Nigeria; Visiting Professor Gulf University, Bahrain; Visiting Professor [European School of Economics, London Campus], Editorial Advisory Board Member and Executive Peer Reviewer for Educational Technology & Society responsible for the review of Journal of International Forum of Educational Technology & Society and IEEE Learning Technology Task Force, Reviewer of Computing Reviews/ACM Journals and Assistant Editor of The International Journal of Applied Human Resource Management. I am currently a member of Policy Co-ordination Committee of the International Research Foundation for Development (A Corporation of NGO in SPECIAL Consultative status with the Economic and Social Council of the United Nations). I was member of Homerton University Hospital NHS Trust Board, UK and currently member of the UK Council for Healthcare Informatics Professionals (UKCHIP) and Committee member of the British Computer Society (BCS) – Information Security Specialist Group (ISSG). These skills will bring valuable experience and expertise dissemination in the position of member of the Global OWASP Foundation Board of Directors

Sergei Belokamen Not a Member, Melbourne Chapter Leader Sergei has over 10 years of experience in providing Application Security, Information Security and IT services to high profile and prominent companies in Australia and internationally. He's recognised within the industry as someone with impeccable reputation, who has helped his clients establish leading strategies around Information Security. In his current role, Sergei is a CTO and a founder of Bugcrowd - Crowdsourced Security Testing. Bugcrowd runs managed bug bounty programs.

Some of my past achievements include: - Current chapter lead for OWASP Melbourne, Australia. - OWASP PHP Project lead. Though the project is now defunct. - Working on large scale secure software development lifecycle methodology and processes; development and deployment. - Developing Information Security strategy, controls and low level APIs for online user behaviour monitoring, malicious activity monitoring and ecommerce fraud minimisation. - Bugcrowd being accepted into 2013 intake of the Startmate Tech Accelerator program. 
Sergei has also worked on a number of short, medium and long term security consulting engagements, providing application security, ethical hacking, application security architecture, source code security review for a wide range of clients across most industries; contributed and been recognised within Google's security bounty programme; and long standing involvement with OWASP.

I have been involved with OWASP for the last eight years. From attending chapter meetings and events to leading a project and chapter lead for the Melbourne OWASP chapter. 
The friends I made through OWASP have helped me grow both personally and professionally and have ultimately influenced and assisted my career transition to focus exclusively on application security.

I feel that OWASP has a lot of potential and I would like to play a role in influencing making OWASP a single, most recognised, global resource for application security. I would like to leverage my experience and network to improve the visibility of application security and contribute to it's evolution. Some of the areas I would like to influence are: - Improving the quality and adoption of OWASP standards through tighter integration with standards bodies such as ISO, NIST and PCI. - Improving the project management office within OWASP to boost the quality of materials, response times and streamlining the overall process. - Establish 'OWASP reputation' for high quality and high volume contributors, where individuals can apply for funding to move along research or development. - Establish a funding mechanism that allows OWASP to pay key contributors like Linux Foundation - Establishing a review project for all materials on the OWASP website. - Work on making OWASP a more inclusive 'application security' resource with less focus on 'web application' security exclusively to mirror the evolution of the industry and ensure that OWASP remains the preeminent and relevant body for application security. For example mobile application, APIs, etc.

Fabio Cerullo Current Paid Member, Ireland-Dublin Chapter Leader Fabio has over 12 years of experience in the information security field gained across a diverse range of industries. As CEO & Founder of Cycubix, he helps customers around the globe by assessing the security of applications developed in-house or by third parties, defining policies and standards, implementing risk management initiatives, as well as providing training on the subject to developers, auditors, executives and security professionals.

As a member of the OWASP Foundation, Fabio is usually involved in raising application security awareness among businesses, governments and educational institutions. He organised the OWASP AppSec Europe 2011 conference in Dublin, the OWASP Latam & European Tours, and is part of the OWASP Ireland Chapter Board since early 2010. He also represents OWASP in the Google Summer of Code since 2012 making sure students and mentors alike could collaborate and work together in OWASP projects. He holds a Msc in Computer Engineering from UCA and has been granted the CISSP & CSSLP certificates by (ISC)2.

My main motivations to join the Global OWASP Foundation Board of Directors could be summarised as follows:

- Increase OWASP presence in emerging regions. - Promote development of new/existing OWASP projects. - Build relationships with industry, government, and educational institutions. - Support the overall OWASP community and its various activities.

Michael Coates Honorary Member Michael Coates is the Director of Security Assurance at Mozilla. In this role, Michael sets the strategy for security across Mozilla and leads security operational initiatives. Michael leads a team of talented security experts from around the world that focus on securing Mozilla’s technologies including: Firefox, Firefox OS, Web applications, services and the infrastructure and systems that power Mozilla. Michael was recently featured as one of SC Magazine’s 2012 Influential IT security minds and often speaks on Web security at open source conferences and security events throughout the world. Michael holds a M.S. in Computer, Information and Network Security from DePaul University and a B.S in Computer Science from the University of Illinois.

From 2011-2013 Michael was elected to the OWASP global board and served as the chair of the board. Michael is also the founder of the OWASP AppSensor project which is now featured by the Department of Homeland Security as a core approach to building resilient software and was the subject of an article within the Department of Defense Cross Talk magazine.

Over the first term on the global board I worked to bring maturity and structure to our growing organization. We established OWASP as a platform for security experimentation and growth. This included experimenting with new outreach channels such as the Security 101 mailing list and the 2012 monthly security blitz. In addition, I helped advance the OWASP foundation with a strong focus on budget planning and fiscal responsibility. We formalized board meetings with clear agendas and recorded archives and also created an Executive Director full time position to adapt to the growing size and needs of OWASP.

Throughout these two years I was also a public advocate for OWASP which included OWASP specific talks at RSA 2012, the Department of Defense and at Oracle. I also conducted interviews for CNN and SCMagazine related to OWASP topics and security. Throughout my tenure I've always tried to bring a positive and community oriented spirit to OWASP discussions. If the OWASP community would like to see me continue on the OWASP board I will focus on the following items in 2013-2015: - Expansion of OWASP to Technology Startups - Numerous technology startups are looking for guidance on how to build the framework and foundation of the security programs. Through my consultation with them I wish to work with the OWASP community to build an OWASP program focused on their needs. This will bring new organizations to OWASP and spread our mission to new technologies at the birth of their design. - Growth of OWASP within Government - Now more then ever the issue of security is in the spotlight of legislation. OWASP can provide independent guidance and resources to help educate key policy makers and tools and projects that can be used by implementors. - OWASP Community Platform: I've been working with our operations team to introduce recognition programs to our community. This would be in the form of digital badges, promotion of key activities by OWASP volunteers, creation of a central OWASP directory software to promote and build the OWASP community and more. I believe the OWASP community is the true power of OWASP. I'm committed to continuing to build a structure at OWASP that empowers individuals to take risks, experiment and learn. OWASP is a platform for security research and an independent voice of reason in the growingly complex field of security.

Bil Corry Current Paid Member OWASP has grown and will continue to grow, ad-hoc processes do not scale well. I plan to focus on maturing the organization - clarifying the bylaws, documenting ad-hoc processes, creating guidelines in various areas of contention, improving the general web experience, and other much needed refining. USA
Tobias Gondrom Current Paid Member, Germany Chapter Leader Running Thames Stanley, a boutique Global CISO and Information Security & Risk Management Advisory based in Hong Kong, United Kingdom and Germany.

About 15 yrs of experience in software development, application security, cryptography, electronic signatures and global standardization organizations working for independent software vendors and large global corporations in the financial, technology and government sector. My background is in the industry and corporate side of web application security. Over the years, have run a coprorate info sec team and trained and advised dozens of CISOs and senior information security leaders around the globe. And in addition to my technical background, also have a management degree from London Business School, which helps with the governance and financial bit and pieces. And over the years gained some governance experience in a few global organisations and boards. OWASP related: Have volunteered for a few projects and chapter leadership roles since 2007. - Currently, as a member of the OWASP London chapter board and visiting a number of OWASP chapters in Asia as a guest speaker. - project lead for the OWASP CISO Report and Survey project and contributor to some other bits and pieces. - and given some CISO training days at our AppSec conferences. previously: - chapter lead OWASP Germany for a couple of months (until I moved to London). - volunteered for the Global Industry Committee. Beyond OWASP: - Since 2003, the chair of working groups of the IETF (www.ietf.org), a member of the IETF security directorate, and since 2010 chair of the web security WG at the IETF. - written some security RFCs and co-authored books on „Secure Electronic Archiving“ and a frequent presenter at conferences and publication of articles (e.g. AppSec, IETF, ISSE, ...). - Board member of the CSA Hong Kong and Macau chapter. - ISC2 CSSLP and CISSP Instructor.

I feel very passionate about our mission and our goals for an open community to advance web and application security globally.

In the past that has inspired me to help with some ground work here and there, but not so much seeking a board election. However, in the last year, there were a few board decisions and activities, where I felt they were executed not in the best way for our community. And as a consequence, I gave myself the challenge to either shut up and accept things as they are or spend the time and effort and try to do it better. So am now trying the latter and volunteering for the board. ;-) There are a few things that I would like to look at on the board: 1. Increase reach out to developers and industry: I like to extend our OWASP reach much more towards industry and developers. (so to speak "where the rubber meets the road") We have so much expertise and knowledge in our community with all our great security experts and projects, but we need to get it out there and bring this more into the developer community and industry who actually build the applications in the first place, to increase our impact and help reduce the most common vulnerabilities. E.g. I find it is a shame that we are still looking at so many (too many) basic vulnerabilities, like e.g. SQL injection vulns, which could with some basic developer training be avoided. 2. Membership: I also like to extend corporate memberships towards industry and "consuming" companies as well. Today most of our corporate members are consulting and pen testing companies, I would like to also work to gain more industry corporate members. 3. Governance: advance the maturity of OWASP as an open community organisation. E.g. review some of the oversight and governance questions: I think we can be more transparent and open in how we do things, and even if it's just to be open and document processes how we make decisions. 4. Revisit the transition away from the global committees. I fear that a few things fell in the cracks when we shut down the committees and were not picked up yet.

Hong Kong
Tahir Khan Current Paid Member My name is Tahir Khan, and I am a highly talented leader with over fifteen years of experience in efficiently managing, securing, designing, deploying and fine tuning enterprise network infrastructures for large-scale governments and businesses. As well as leading and and management fraud and incident response teams in large organizations.

I am currently an adjunct professor at George Mason University for Counter Forensics and Penetration Testing courses at the Masters level. I graduated with a Masters in Computer forensics from George Mason University in 2011.

I feel I will be a valuable additional to the OWASP Foundation Board of directors as I will bring current knowledge and skills to the organization. I have extensive experience leading and managing teams with focus on Web Security as well as developing standards and policies for these teams.

I am driven and have a passion for my field, and will strive to improve the organization, drive membership at the University level and help grow OWASP if elected. Sincerely, Tahir Khan

Timur kHrotko Not a Member, Hungary Chapter Leader I am a 43 yrs old Russian born in Budapest, Hungary. I am resident in Hungary, but I try to short visit Russia 4x a year. My English is quite fluent. It is 10 years now that my professional activity focuses on information security. First years me and my company we developed our own innovative enterprise IAM solutions. The key of innovation was to look at security not as a technical but business/organizational matter. While being quite a tech-savvy in security (from hardening a bsd server to teaching about password internals, advising financial institutions on secure architecture and being regular listener of pauldotcom) I still am a person who looks at problems in organizational perspective (management is my academic topic). I understand well the legal language having my 20 years practice in negotiations and contracting. I understand the managerial decision making not only as software vendor and consultant but as a researcher in organizational studies. All this is important, since I believe we must provide a whole vertical solution in application security: from secure coding guidelines up to corporate appsec policy and down the contractual templates. And we, OWASP have to cover these non-technological areas as good as we did with the development field.

Some years backwards and achievement highlights: 2013 Hungary chapter leader 2012 Hungary chapter founder (one of the founders) 2011 cloudbreaker.co AppSec/EH company started, partner/business relations 2010 Defended PhD at Corvinus University of Budapest (more publications still needed to have the title) 2010 My PhD dissertation is published in English as a book 2008 ITEuropa IT Excellence Award to our innovative Identity Management solution (AZD idED) 2007 Hungarian (IT business) innovation award to our Identity Management solution 2006 GE Money Hungary deploys the Identity Management solution (idED) made on mainly my concept 2003 GE Money Hungary deploys an Access Management solution made with my business-process centric concept 2000 MSc, Finance, Budapest University of Economic Sciences (BKÁE, BUES) 1993 MSc, Business IT Management, Budapest University of Economic Sciences (BKE, BUES)

We have extraordinary security expertise, projects and tools, but a lot of security aware effort brakes on managerial/business and contractual negligence regarding application security. In order to be more successful in our efforts we must package the security aware approach into practices more easily adoptable by profit-oriented business organizations and bureaucratic institutions, practices more accessible for managerial decision making, and requirements controllable by legal instruments. As a Board member I would like to take care of non technological (non development/code/tool related) but rather business management related projects, best practices and vision of application security.

For example application security must be blessed on corporate governance level, implemented on the level of procurement and contracting, and application security must be an aspect in vendor management. As OWASP we already have an authority of the global best practice provider, so using our existing patterns of projects we can provide the solutions for obstacles faced by our mainstream efforts. And there are already existing projects in OWASP regarding the aspect I advocate, so we can move forward fast. Being resident in Eastern Europe and being in my major part Russian I would like to extend the global spirit of the organization, and I would try to make the OWASP "device" more accessible in Russia next year.

Martin Knobloch Current Paid Member Martin has been a Java Developer and Software Architect, until he focused on Software security in 2005. In that year, he set-up an security task force at his former employer and after attending the 2nd OWASP AppSec-Eu conference in 2006, Martin got hooked by OWASP.

Since 2007 Martin has been an active board member in the Netherlands Chapter. He has been involved in several projects and volunteers at AppSec-conferences. Further, he has been an active participator at the OWASP summits in 2008 and 2011 as well as chair of the OWASP Education Committee. Martin has represented OWASP and been a speaker at several OWASP, Developer, Testing and Hacker events in the Netherlands and International. Since February 2011, Martin is a self-employed security consultant and trainer.

With my experience of the OWASP organization, I will help the foundation to continue to grow the organization size and relevance to the wider community whilst maintaining independence and increasing openness towards the community.

Next to that, I will focus on the following: - Increasing the awareness of OWASP outside the security community - Fostering the growing African community - Cultivate the initiatives of OWASP at educational institution as Universities

Gregory Disney-Leugers Honorary Member Gregory is the project leader of OWASP Mantra-OS, and the Owner of Seccomp. I believe OWASP is the web standard of web security and has some of the best and the brightest volunteers, of any Open source project. With the constant growth of technology, OWASP needs to grow with these changes and be current with security threats. If I was to be elected I would bring my passion and dedication to OWASP, and do everything in my power to help grow OWASP with the every constant changes. USA
Jason Li Current Paid Member I am a long time OWASP contributor having served actively on the OWASP Global Projects CommitteeI from the birth of the global committees through their disbanding. I am one of the original co-authors of the AntiSamy Java project and the Code of Conduct for Certifying Bodies (the "Red" book). I was part of the core planning committee for the 2011 OWASP Summit along with Lorna Alamri and Sarah Baso. I've also worked behind the scenes supporting OWASP staff by creating the expense reimbursement workflow and new project forms that are still in use. I'm one of the resident OWASP wiki ninjas having created/pioneered many of the wiki templates used in OWASP projects and ultimately copied in other aspects of the wiki. During the day, I work as a Managing Consultant for Aspect Security performing a variety of application security consulting services. In my spare time, I am a social ballroom dancer, indoor rock climber, amateur trapeze artist, Star Trek fan, world traveler, and general adventurer. I believe I will bring a sense of balance and vision to the Board. Having been involved in the organization for many years, I'm keenly aware of our history and of initiatives that have been successful and those that have failed. I would like those experiences and lessons learned to have a voice on the Board. I also believe in taking pragmatic action as opposed to pontificating about ideals. I have history of taking thoughtful action on behalf of OWASP - sometimes I've succeeded, sometimes I've failed - but I believe at some point the endless debate must end and something must simply be done with the best of intentions. USA
Yiannis Pavlosoglou Current Paid Member There is a world of numbers, hiding behind letters, inside computers that stimulates the brain of Yiannis. Currently, he is spending a lot of time in the area of IT risk management and risk control within the finance industry.

Starting from the world of professional penetration testing, Yiannis did focus his career evolution on assisting teams write secure code and implementing an SDLC for large scale projects. For OWASP, Yiannis was the project leader for JBroFuzz and used to chair the Global Industry Committee, having contributed to a number of projects and initiatives listed here: https://www.owasp.org/index.php/User:Yiannis He is on the Application Security Advisory Board of (ISC)2, holds a PhD in information security, is a certified Scrum Master and is also CISSP certified.

"It's not what OWASP can do for you, but it's what you can do being a WASP!"

Despite the above starting as a joke post BlackHat on the leaders mailing list, I think we as an organisation have a small reversal of roles when it comes to way we treat OWASP. I see a lot of people angry on the leaders mailing list, why is that? Do we need to perhaps clear to define the governance on this and other lists? For starters, I haven't been a project or chapter leader for a number of years, yet I am still on it. If I was elected on the board, I would continue building on the foundations of a good governance we have had from previous board members, with the intention of adding more structure to the organisation. Let's be clear this would not be an attempt to challenge the "O" in OWASP, instead provide the right forum for the right level of communication to take place. Experience in other organisations has shown me that you achieve a lot more that way. Vendors, logos, images, agendas, what is going on there? Definitely some work would need to take place to re-affirm the necessary neutrality that OWASP should have when it comes to such matters. An iterative process of re-affirming the level of neutrality required would be a proposal I would put forward for wider adoption. Having being a project leader, I recall the motivation of been granted money to write code, it was so exciting! We need more of that, but in the form of stakeholder management: Let's not kid ourselves there are well known ways to write good software and this industry has but a few good examples of that. Requirements, testing, stakeholder decisions on roadmaps would be on the table to manage and help fund projects. This would also help warrant maturity levels on projects and well, address the motivation behind the sad fact that everybody wants to be a project leader, without always carrying the responsibility. With the work that has been happening on the OWASP main site, I think it's time we started looking at how to clean up the content that is out there. Again, this is not necessarily in the form of archiving, but instead in the form of attempting to make the site simple to navigate. Everything from input validation filters for Java to people's itinerary information is on there. I mean, come on! I would tie this work into the governance piece stated above. Finally, I would invest a lot of time in terms of making sure that our permanent members of staff have a healthy environment of work to operate in. How? By means of establishing run-books, escalation paths and targeting the relevant communication to the right people. This after all would show how healthy we are in terms of processes and structure as an organisation. But before any of this, I would actually sit and listen, collecting feedback from the community on how they see we should change and how we should achieve getting there.

United Kingdom
Ludovic Petit Honorary Member, France Chapter Leader Chief Security Officer with 20 years international experience of Security management within the Telecommunications industry, following 10 years in Information Technology, with a strong balance of business acumen and technical skills gained from working in global and multicultural professional environments. I am a Certified Information Systems Security Professional (CISSP) and Certified Telecommunications Fraud Specialist (CTFS) serving as a trusted leader at board-level.

I am working at Group level with a proven ability of managing global projects and cross-functional teams, and successfully achieving strategic level objectives. I am a relationship builder who enjoys working with others, with the ability to adapt to rapidly changing environments and different cultures. I have both a Technical and a Law Enforcement (Legal & Regulation) background. Chapter Leader and Founding Member OWASP France (2004) I'm also Global Connections Committee Member. A few contributions to OWASP Projects: OWASP 2013 Strategic Goals (with Samantha Groves & Sarah Baso, for the Board) OWASP 2013 Marketing Initiave (with Samantha Groves & Sarah Baso) Translator of the OWASP Top Ten in French (All versions) Application Security Guide For CISOs (with Marco Morana) OWASP Mobile Security Project (with Jack Mannino) OWASP Cloud Top10 Project (with Vinay Bensal) OWASP Secure Coding Practices - Quick Reference Guide (with Keith Turpin) Public LinkedIn profile: linkedin.com/in/lpetit/

I'm member of the OWASP since 2004. I'm actively contributing to the OWASP Top Ten Project as French translator since the first version of 2004, as well as other stuff mentioned above.

As Chapter Leader OWASP France and Global Connections Committee Member, I'd like to modestly propose my profile to continue helping the Foundation spread the Voice of OWASP. I'm convinced the mix of profiles & backgrounds from Board Members could enrich and enhance the way in which things could be done for the Community. My modest wish is trying to bring the great value-added of the knowledge from the Board to local Chapters ecosystems, to streamline knowledge, processes and awareness as much as I could. I have no other wish but to serve the Community. I am transparent... and modest.

Josh Sokol Current Paid Member, Austin Chapter Leader Josh Sokol began his involvement with the OWASP Foundation over six and a half years ago. At the time, he was a newly hired Web Systems Engineer, working at National Instruments, and one of his teammates encouraged him to attend an OWASP meeting due to his active interests around Information Security. After just a single meeting, Josh was hooked. Soon, thereafter, Josh began helping the OWASP Austin Chapter Leader with scheduling and facilitating the meetings at National Instruments. His friend ended up taking over as President of the chapter and Josh became his VP. Several years later his friend was looking for someone to take over as President of the chapter and Josh was the natural choice. After fulfilling his obligations as Treasurer of the Capital of Texas ISSA Chapter, Josh took on the role of President of OWASP Austin. Josh installed a strong leadership team around him and worked with them to grow the chapter from a meeting average of 10-15 people to a consistent 40+, created monthly sponsored happy hours to help the community network, began weekly study groups to aide members in learning different topics, and co-founded the Lonestar Application Security Conference (LASCON) in order to make the OWASP Austin Chapter entirely self-sustaining as well as one of the largest financial contributors to the OWASP Foundation. After two years of serving as the OWASP Austin President, Josh handed the reigns over to another member of his leadership team and joined the OWASP Global Chapter Committee. Within two months of joining, the committee appointed Josh as the Chair. While serving on this committee, Josh fought for the rights of the Chapters. He helped to re-write the Chapter Handbook and created several new initiatives with the goal of helping maximize the potential of all OWASP chapters. Josh served as the Chair of the Global Chapter Committee until the committee structure was eliminated by the OWASP Board in late 2012. Josh continues to be an active member of the OWASP Austin leadership team.

In his professional life, Josh has spent the past three and a half years employed as the Information Security Program Owner at National Instruments where he handles all vulnerability management, risk management, security architecture, security training, and security policies (among many other things) for the company. He has presented on security topics at BlackHat, OWASP AppSec USA, BSides Las Vegas, MISTI InfoSecWorld, and many more and is currently developing a free and open source risk management tool. Josh lives in Austin, TX with his wife and four daughters.

With two exceptions, the current OWASP Board of Directors consists of people who sell security products and services as their day job. But with one of the OWASP Core Values being "vendor neutrality", this presents a very significant conflict of interest. One which I, personally, have witnessed issues with and raised my concerns to the current Board. While I am most definitely a security professional by trade, my company does not currently make any products or sell any services in the security space. I am truly a security practitioner and have no hidden agendas or biases.

Also, with few exceptions, many of the current Board members have no idea what it takes to run a successful OWASP chapter. Recently, they held a vote to remove the 60/40 membership fee split in order to correct a perceived issue with what they refer to as "rich chapters". The problem being, this proposal would have had little effect on those chapters and would effectively wipe out the ability for many of our smaller chapters to make money. Formerly, we had the Chapters Committee to stand up for the rights of our chapters and its leaders, but with the elimination of that committee structure, we have nothing. I frequently monitor the Board list as well as the Governance list and have, on several occasions, engaged the Board on issues that I felt warranted some "chapter leader" intervention, but officially I have no vote in these matters. Since the majority of our members are affiliated with a chapter, I am hoping that you will support me in being your voice. I love OWASP and have been passionate about it from the beginning. I am unbiased in my opinions and unafraid to stand up for what I believe is right. I would sincerely appreciate your vote to put me on the OWASP Board of Directors.


Honorary Membership

Honorary Membership will be granted to the following for the 2013 election:

  • Chapter Leaders
  • Project Leaders

**NOTE** Chapters and Projects must be active. Your leadership position must be on file prior to 30-September 2013 in order to be eligible for 2013 honorary membership. ALL qualified individuals MUST apply for Honorary Membership in order to vote by completing the Honorary Membership Self Nomination Form

Who Can Vote?

OWASP Paid Individual Members, Paid Corporate Members and Honorary Members registered as of 30-September 2013 have one (1) vote per seat (there are 3 seats up for election).

  • Note - this will include all chapter leaders and project leaders on file effective 30-September 2013, you can check the current Member Look UpIf you are not a member yet you are encouraged to do so.
Join Now BlueIcon.JPG

Election Timeline

  1. May 7 - Call for Candidates Candidate Submission Form
  2. August 11 - Call for Candidates Reminder
  3. August 16 - Deadline for Call for Candidates
  4. August 22 - Candidates announced LIVE at AppSecEU 2013 as well as on all social media, in the connector and email to leaders list.
  5. August 25 - Deadline for questions to be submitted for use during interviews. 2013 Election Questions
  6. September 6 - Deadline for interview recordings to be completed
  7. September 30 - Paid & Honorary membership application deadline Honorary Membership Self Nomination Form
  8. October 14 - Voting process begins
  9. October 25 - Voting process ends
  10. October 29 - Election result announcement

Have additional questions about OWASP Membership?

Read the Membershhip FAQ CLICK HERE

Election Frequently Asked Questions

If you have a question about the current election please click here.

Where can I find communication to the OWASP Community about the upcoming election?

Answer: We will try to publish announcements and key milestone reminders to as many communication channels as possible, including the OWASP Blog, OWASP Connector, OWASP Leader's List and this Wiki Page. Please feel free to help us communicate the message, by re-posting, re-tweeting, or sharing with the OWASP Chapter, Project, or Initiatives you may be involved with.

July 16 OWASP Connector posted to Blog and Email to OWASP-all