Haral Tsitsivas has been involved with OWASP since 2009, is the current Chapter Leader for Orange County since 2015 and is an organizer and co-chair of the successful AppSec California conference. He has been instrumental to building up membership of the Orange County (OC) Chapter meetup to over 1350 members, holding regular meetings, and increasing attendance of OC chapter meetings by 4 to 5 times. Haral is also a senior member of ISSA, and has worked with Webster University and the local chapters of ISSA, ISACA and IEEE to hold rotating monthly meetings, thus continually expanding the reach of the OWASP OC chapter.
Haral is a seasoned security professional with strong software development and analytical skills, experienced in developing security policy, and securing networks, systems and applications. His work experience ranges from system administration, to software development, to Security Champion and mentor. His current activities include being an S-SDL (secure software development lifecycle) evangelist, incorporating Threat Modeling, Product Security Reviews and Assessments, Security Testing and Penetration Testing to the software development lifecycle.
My varied experience in the software development and product security trenches help me appreciate OWASP's reach and role in helping improve companies' security readiness & posture. Over the years, I have seen a few changes of direction within OWASP, however, the Foundation has been unable to get on a solid financial footing and as a result has been unable to effectively and efficiently carry out its role and responsibility to its members, projects and chapters. After many years in the industry and in various roles, working in wide ranges of environments, from small startups, to government agencies and contractors, and to large corporations, I believe that I have learned to deal with many roles and tasks and can manage stress effectively. I intend to dedicate whatever time is necessary to ensure that OWASP can reach its goals and create new paths to success.
My first priority would be to help strengthen the Foundation financially, without forgetting that the Foundation’s strength stems from successful projects and strong local chapters. The Foundation cannot be strong if the Chapters are weak and vice versa. I'd like to help define the Foundation's role and strengthen its reach and finances, while at the same time supporting and maintaining strong chapters, in order to reduce conflict and improve our reputation. Over the years, as the OWASP community has grown, the Foundation staff has not, which has led to delays in getting things done and unhappy members. Attempts to increase funding by pushing through proposals without community agreement, such as the recently proposed conference allocations on corporate sponsors, have led to more friction. In order to facilitate more successful conferences and reward both the local chapters that make the conferences happen and the Foundation for providing support services, I’d propose a tiered support plan should be implemented that allocates profits according to the effort and support provided by the local chapters and the Foundation staff.
The Global Board is a volunteer board that can only handle so many tasks among competing priorities. An advisory board can work with the Global Committees to address pressing issues and advice or offload work from the Global Board and Foundation staff. I intend to seek input from everyone, and leverage pain points as a starting place to solutions.
We need to continue supporting projects by providing them with the needed resources to make them successful, as that only helps OWASP's name and reputation. We also need to continue being relevant by expanding the range of supported projects to technologies relevant to today’s world, such as the IoT Project and the resulting IoT Top 10. Ensuring the establishment and empowerment of the Projects Committee is essential in assuring that projects are led by involved and productive leaders.
With a strong Foundation, there should be more seed money to help chapters get started and maintain activities and regular meetings that should lead to more sponsors getting on-board and helping chapters succeed. The W in OWASP stands for Web, however, this should not be a limiting factor going forward. Our meetings in Orange County are about all aspects of security, from end-point security, to detection and response, to authentication, to Web, to mobile, and to IoT. This helps attracts a larger cross-segment of members and strengthens our chapter.
There have been several discussions that became heated in our community in the past, with people getting overly excited by an issue and going from well thought discussion and arguments to bullying and harassment. Doing so crosses the line and will not be tolerated.
We also need to support a more diverse workforce by welcoming and providing a nurturing environment to women, minorities and generally, people with diverse backgrounds and cultures. That starts by adapting a zero tolerance policy and by offering diversity scholarships to expand conference attendance to more diverse workforce groups. Towards that goal, the 2019 AppSec California conference awarded 8 diversity scholarships to deserving individuals, in order to travel and attend the conference. Our local chapter meetings are attended by a diverse group that includes all levels of expertise, from students, to security novices, to managers , and to experienced security professionals such as researchers and pen-testers. It’s my opinion, that this is a successful model that can help other chapters and the OWASP community as a whole.