Sherif Mansour 2017 Bio & Why Me?
Based in London, UK, I have been an OWASP member for 7 years and I lead the OWASP London chapter. I have worked in Information Security for 13 years, and hold an MSc in Information Security from the Royal Holloway College University of London. Twitter: Kerberosmansour | Linkedin
Board Level Experience
As a chairman and company secretary of a private UK company, I possess over 6 years board experience.
During this time I have helped to shape the company strategy. Taking an active role in the review of the annual returns and accounts, and running the AGMs has given me a comprehensive understanding of the business. Holding a certificate in Company Direction from the Institute of Directors (IoD) gives me valuable certification and experience in this area. I am currently on the path to becoming a Chartered Company Director.
OWASP Community Experience
Building on my community organization experience, I take the role of chapter leader of the OWASP London and Royal Holloway Information Security Alumni Group.
OWASP London have an engaged community and effective marketing strategy. In 2016, we hosted more events than any other chapter, which are typically fully booked within 24 hours.
I'm also an active volunteer for a children's charity cancer hospital in Egypt, where I established a relationship between the hospital and the child's play foundation to donate toys on an annual basis.
Taking an active lead with OWASP ZAP Product Management, I seconded an intern who contributed automation code for ZAP to run in a CI/CD pipeline(see link).
I’ve worked in large tech & finance companies and led the software security program for Expedia Inc. These roles have provided me both product and project management experience, as a scrum (Agile) product owner, in global cybersecurity teams.
During my time as an AppSec engineer, I discovered several undisclosed security vulnerabilities in third-party enterprise software.
To date, Microsoft http://technet.microsoft.com/en-us/security/cc308575#0610(June 2010) and SAP http://scn.sap.com/docs/DOC-8218 (April 2012) have acknowledged my security research work and both companies have listed my work on their websites.
I am also one of two authors of the CIS hardening benchmarks for Apache Tomcat 7 & 8
I would like to be elected to the Global OWASP Board because I am passionate about OWASP, its community and believe I could be useful at the board level.
I would like to bring my board level experience as well as my experience of running one of OWASP's largest chapters and working with various projects to help shape and improve the organisation.
At the London OWASP Chapter a lot of our success is due to listening to our community. This feedback has influenced the talks we put on and led to the hackathon to teach developers how to write security code, and our video record of talks so our community can watch the events even if they missed them or want to listen to a specific part again.
We were one of two principal donors to the OWASP Summit (which helped get the project off the ground). This was an inspiring community effort that resulted in many tangible outcomes including updates to best practices and OWASP Software.
All of this was due to engaging the community and giving them what they want. I want to continue doing that to help OWASP globally and not just in London.
Video: A Thank You from The National Museum of Computing at Bletchley Park
Last year as part of OWASP London I along with a with a few others, helped out with The UK Cyber Security Challenge Extended Project Qualification (EPQ). EPQ provides university credits, much like SATs or AP credits in the US, but specifically for cyber security.
This is an initiative to encourage and reward young people's interest in Infosec and hopefully encourage them to pursue a career in the subject. In 2017 59 have passed and they celebrated their graduation on September the 5th.
Video: Endorsement from ISSA-UK President
ISSA UK President, Gabe Chomic gave me a surprise endorsement for OWASP board during September's OWASP London Chapter meeting.