| A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Candidates Name | Brief Bio | Why you would like to be elected to the Global OWASP Foundation Board of Directors? | |||||||||||||||||||||||
2 | Abbas Naderi Afooshteh | Abbas has been an active member of OWASP since the early days, pioneering many projects such as PHP Security Project, PureCaptcha, OWASP RBAC and etc. | I have two major goals: 1. Bring transparency to the board process. Personally as a leader, I've seen multiple instances of transparency issues resulting in many active volunteers and contributors leaving the organization or having mixed feelings regarding the underlying motives of the organization. This has to be dealt with, fast. 2. Empower chapters outside the United States. Though there are international issues, many chapters all around the world have many active individuals that would really like to help and contribute, but are not given a chance to. We have chapters as local as a town in the US, but most international chapters represent a whole country. They need to be empowered, and I believe they can help OWASP reach its goals. | |||||||||||||||||||||||
3 | Tom Brennan | Tom Brennan is the Founder of ProactiveRISK and known for CATScan℠ (Comprehensive Accurate Testing & Scanning), CyberTOOLBELT a investigator framework and his volunteer service to the OWASP Foundation since 2007' most recently as the Global Vice Chairman. Tom is a veteran of the United States Marine Corps and resides in the Rockaway Township, New Jersey with his wife and children. He enjoys building both open source and commercial software solutions, off-roading in his Jeep and flying FPV Drones in his spare time. | As a lifetime paid member #96154835 and volunteer since 2004' Tom Brennan has demonstrated his abilities to assist OWASP Foundation in may roles including; Speaker, Trainer, Project Leader, Chapter Leader and most recently as Global Vice Chairman. His active involvement with the global community and experience with OWASP Foundation as a board member is underlined with his unwavered commitment to (3) important focus areas: Duty of care Has actively participated in organizational planning and decision-making and to make sound and informed judgments. Duty of loyalty Has repeatedly demonstrated when acting on behalf of the organization, putting the interests of the nonprofit before any personal or professional concerns and avoiding potential conflicts of interest. Duty of obedience Has directly ensured that the organization complies with all applicable federal, state, and local laws and regulations, and that it remains committed to its established mission. If elected by my global peers, I will continue to assist the organization on the global mission of raising visibility for software security and in particular lobbying Governments and Industry on the use of secure software. If elected by my global peers, I will streamline administrative staff and advocate to hire (4) dedicated resources for OWASP Projects (2) full-time open-source developers and (2) full-time community project managers. If elected by my global peers, I will push for (4) annual conferences in key cities in North America, South America, EMEA and APAC managed primarily managed by a dedicated 3rd party management team that will operate a hybrid Summit/Conference/Training event for the benefit of the global community. If elected by my global peers, I will immediately establish and provide a operations budget to regional boards of appointed community members comprised of project and chapter leaders in North America, South America, EMEA and APAC reporting quarterly to the global board of directors. References: Top Ten Myths about 501(c)(3) Lobbying and Political Activity http://www.asaecenter.org/Resources/whitepaperdetail.cfm?ItemNumber=12202 OWASP Charity Watch http://www.charitynavigator.org/index.cfm?bay=search.profile&ein=200963503#.VWyKBFxVhBc | |||||||||||||||||||||||
4 | Jonathan Carter | Jonathan Carter is an application security professional with over 15 years of security expertise within Canada, United States, Australia, and England. As a Software Engineer, Jonathan produced software for online gaming systems, payment gateways, SMS messaging gateways, and other solutions requiring a high degree of application security. Jonathan’s technical background in artificial intelligence and static code analysis has lead him to a diverse number of security roles: Enterprise Security Architect, Web Application Penetration Tester, Fortify Security Researcher, and Security Governance lead. He is currently Arxan’s Technical Director. He is also an active member of the OWASP Mobile Security Group and is project owner of a number of other OWASP security projects. | Based on my involvement since 2008, I feel that the OWASP community is going through somewhat of an identity crisis at the moment. I believe that the security culture is changing and OWASP must change with it or it will lose its status within the security community. I'd like to join to offer a genuinely different perspective and help build an inclusive culture that goes beyond the walls of secure coding. | |||||||||||||||||||||||
5 | Michael Coates | Michael is a security executive with experience building scalable information security programs within high growth technology companies. Michael is currently the Trust and Information Security officer at Twitter. Here he leads the information and application security teams as part of a cross organization trust and security program. At OWASP, the largest open source application security community, Michael is an active global board member and was previously the chairman of the global board. Previously, as Director of Product Security at Shape Michael worked with an amazing team to drastically change the way organizations defend their applications against modern attacks. At Mozilla Michael built and lead the security assurance program to protect nearly half a billion Firefox users, and Mozilla web applications and infrastructure. In 2012 Michael was selected as an SC Magazine Influential Security Mind: http://www.scmagazine.com/community-advocate-for-secure-software/article/269005/ Michael is a strong supporter of open source approaches to security and development. He presents at numerous security conferences around the world and is heavily involved in OWASP, a non-profit with the mission of raising awareness on application security risks and protection techniques. Outside of security Michael is an avid endurance athlete and has completed the NYC Marathon, Chicago Triathlon, multiple half marathons and a 2-day 200 mile bike trip. | I've been a long time volunteer and supporter of OWASP. While at OWASP I've served for four years on the global board, three of those years as the Chairman. I've also been a member of the OWASP membership committee and was the creator of the OWASP AppSensor project in 2008. In addition to my current responsibilities as a global board member, I'm also the leader of the Bay Area Chapter and the lead planner for AppSecUSA 2015 San Francisco. Why spend all of this time volunteering for OWASP? The answer is simple for me - I fundamentally believe in our mission and the open approach we take to advancing the state of application security. I've spent years in all facets of application security with experiences ranging from hands-on exploitation of applications, enterprise defense, and leading security efforts to protect and defend products such as Firefox and Twitter. Through this experience I believe I bring a valuable perspective to the direction and impact that OWASP can have. I believe that OWASP plays a pivotal role and can guide the future of security within the security industry itself, the technology industry and as a leader providing objective information on the growing involvement of government and legislation in the field of security. I'd be honored to continue serving on the OWASP board to continue growing the OWASP community and our impact @_mwc | |||||||||||||||||||||||
6 | Bil Corry | Hi, my name is Bil Corry. I've been involved with OWASP for many years and have contributed to a variety of projects (anyone remember the OWASP Certification project?). I've volunteered at AppSec USA, rounded up speakers for chapter meetings in Chicago and the Bay Area, hosted a Bay Area chapter meeting, and have been a trainer using the OWASP Secure Coding deck. You might have also seen me at W3C, IETF, and WASC (cookie specification, content security policy, WASC Threat Classification, etc). Professionally, I worked as a web application developer for more than a decade before moving into security full time. I'm currently living and working in Europe (Luxembourg) for PayPal (I do not represent the views of my employer). | The largest pain points of OWASP all center around the maturity of the organization and its processes. I am running for the Board because I'd like to focus on maturing the processes so that we eliminate a lot of churn that currently happens on the OWASP mailing lists. | |||||||||||||||||||||||
7 | Tobias Gondrom | Currently serving as the Chair of the OWASP Board and working as CTO Security for a global IT company and with previous experiences as Global CISO and Information Security & Risk Management Advisor based in Hong Kong, United Kingdom and Germany. About 15 years of experience in software development, application security, cryptography, electronic signatures and global standardization organizations working for independent software vendors and large global corporations in the financial, technology and government sector. My background is in the industry and corporate side of web application security. Over the years, have run a corporate info sec team and trained and advised dozens of CISOs and senior information security leaders around the globe. In addition to my technical background, also have a management degree from London Business School, which helps with the governance and financial bits and pieces. And over the years gained some governance experience in a few global organisations and boards, like the IAOC (IETF Administrative Oversight Committee). OWASP related: Have been OWASP board member since 2014 and chair of the board in 2015, before that volunteered for a few projects and chapter leadership roles since 2007. Currently, as a member of the OWASP London chapter board and visiting a number of OWASP chapters in Asia and Europe as a guest speaker. - project lead for the OWASP CISO Report and Survey project and contributor to some other bits and pieces. - and given some CISO training days at our AppSec conferences. previously: - chapter lead OWASP Germany for a couple of months (until I moved to London). - volunteered for the Global Industry Committee. Beyond OWASP: - Since 2003, the chair of working groups of the IETF (www.ietf.org), a member of the IETF security directorate. - written some security RFCs and co-authored books on Secure Electronic Archiving and a frequent presenter at conferences and publication of articles (e.g. AppSec, IETF, ISSE, ...).- Board member of the CSA Hong Kong and Macau chapter. - ISC2 CSSLP and CISSP. | I feel very passionate about our mission and our goals for an open community to advance web and application security globally. In the past that has inspired me to help with some ground work here and there, but until 2013 not so much seeking a board election. However, in 2012/2013, there were a few board decisions and activities, where I felt they were executed not in the best way for our community. And as a consequence, I gave myself the challenge to either shut up and accept things as they are or spend the time and effort and try to do it better. And thanks to the community, I got a chance in 2014 to try my best as a member of the board. And 2014 turned out to be a rocky ride, indeed, with many changes to our organisation staff and lots of Admin work. I hope we could turn things for the better, at least we did our best trying and to me it seemed we could achieve quite a few things. Hire a new Executive Director, on-board new staff, get several great conferences going, grow our global community and chapters, set our projects on a good path, manage some complaint situations, and overall keep the community active and growing. Of course most of our achievements were only thanks to our members from the community and the board was only helping here and there, where necessary. I hope that some of the results of our efforts of the board team have been visible and useful for the community and that I could do my best to support, unite and serve the board as its chair. I personally see OWASP as a bottom-up organisation, with the board serving the community, and the chair serving the board to achieve our common goals. And I hope that some of our work results could earn your trust when you consider your vote for this upcoming board election. There are a few things that I would like us to achieve on the board for the next two years: 1. Maintain an overall well balanced approach. Keep the balance between chapters and projects; balance between foundation and chapter levels, and our other activities. All are essential for OWASP and in fact I believe none can be without the other. Sometimes, I get the feeling that there is a feeling of competition within our community. And although some level of competition for resources is ok, I like to further unite us in our common cause together. 2. Membership: personal membership as the democatric foundation of our community and I also like to extend corporate memberships towards industry and "consuming" companies as well. Today most of our corporate members are consulting and pen testing companies, I would like to also work to gain more industry corporate members. 3. Increase out-reach to developers and industry: I like to extend our OWASP reach further more towards industry and developers. (so to speak "where the rubber meets the road") We have so much expertise and knowledge in our community with all our great security experts and projects, but we need to get it out there and bring this more into the developer community and industry who actually build the applications in the first place, to increase our impact and help reduce the most common vulnerabilities. E.g. I find it is a shame that we are still looking at so many (too many) basic vulnerabilities, like e.g. SQL injection vulns, which could with some basic developer training be avoided. | |||||||||||||||||||||||
8 | Nigel Phair | I am an Adjunct Professor and an analyst on the intersection of technology, crime and society. I have published two acclaimed books on the international impact of cybercrime, am a regular media commentator and provides executive advice on cybersecurity issues. In a 21 year career with the Australian Federal Police I achieved the rank of Detective Superintendent and headed up investigations at the Australian High Tech Crime Centre for four years. I am a graduate of the Australian Institute of Company Directors and have been a Chair and Board member of a number of not for profit organisations, including in the information security sector. | I never cease to be amazed by the innovative and tireless work by the many global OWASP Chapters. Many of the projects are technical in nature and strive to deliver on real world problems. However, while many developers strive towards achieving application security, many executives and company directors still don't understand this requirement. Senior executives require assistance to start thinking about how to manage the risk that software applications create in their enterprise. This is the area I would like to focus on. If elected to the Global OWASP Foundation Board of Directors I will support OWASP management in their day to day activities, focusing on strategy, risk and governance of the organisation. I will also support the great work being done by the Chapters, particularly those in the Asia Pacific region | |||||||||||||||||||||||
9 | Milton Smith | Milton Smith (California) is a security principle working on special projects at Oracle. Previously Milton lead security for the Java platform and platform products. He also founded and leads the Security Track at Oracle's top software development conference, JavaOne in San Francisco. Milton was CFP reviewer for OWASP AppSec 2015 USA, past speaker at OWASP USA and EU conferences, co-lead for the OWASP Security Logging Project, and past featured speaker at Blackhat, as well as other conferences, and book projects. Prior to Oracle, Milton lead security for Yahoo's User Data Analytics property. For more information visit, securitycurmudgeon.com. | Many organizations throughout industry struggle with security. In fact, hardly a day passes without news of serious exploitation. Fortunately, many of these attacks are avoidable and few are beyond our knowledge to defend. I would like to help OWASP extend it's reach. The faster we educate the world the faster we can proceed on security and strengthen our defenses. | |||||||||||||||||||||||
10 | Josh Sokol | Josh Sokol has been involved in the OWASP Foundation since 2007. He started out attending OWASP Austin meetings and helping to facilitate meeting room space at National Instruments. Eventually, he took on the role of Chapter Vice President and then President a couple of years later and co-founded the Lonestar Application Security Conference. Josh served as Chair of the OWASP Global Chapter Committee and was an active participant in the OWASP Global Conferences Committee up until the OWASP committees were retired. Today, Josh is the Vice Chair of the OWASP Foundation Board of Directors. In his day job, Josh runs the Information Security Program for National Instruments, and in his spare time, works on the free and open source 'SimpleRisk' tool for risk management. | When I ran for the OWASP Foundation Board of Directors in 2013, I was severely disenchanted with some of the decisions that had been made by past Boards. Decisions had been made that limited the chapters ability to innovate and discussions were in progress to further restrict their ability to obtain funding. In addition, I had a number of concerns about the motivations of Board members with respect to the interests of their affiliated companies. Since my subsequent election, I have spearheaded a number of different initiatives that have strengthened our chapters and driven power back to the members of the OWASP Foundation. This included the resurrection of the OWASP Committees under the new Committees 2.0 framework in July 2014, changing the profit sharing split for chapters to 90/10 with no cap in September 2014, and an updated Whistleblower Policy in December 2014. These changes and more have led to what I believe is a stronger OWASP Foundation overall by empowering our leaders to take action. If I am re-elected to the OWASP Foundation Board of Directors, my promise is to keep down this same path that I have already started. I am in favor of empowering our volunteers to do big things, transparency of our actions, and accountability for the things which we say and do. I am here because of my deep-rooted passion for security and, while it isn't without it's challenges, I feel like I still have much more to offer OWASP and would appreciate the opportunity to continue to help OWASP evolve for the better. | |||||||||||||||||||||||
11 | ||||||||||||||||||||||||||
12 | ||||||||||||||||||||||||||
13 | ||||||||||||||||||||||||||
14 | ||||||||||||||||||||||||||
15 | ||||||||||||||||||||||||||
16 | ||||||||||||||||||||||||||
17 | ||||||||||||||||||||||||||
18 | ||||||||||||||||||||||||||
19 | ||||||||||||||||||||||||||
20 | ||||||||||||||||||||||||||
21 | ||||||||||||||||||||||||||
22 | ||||||||||||||||||||||||||
23 | ||||||||||||||||||||||||||
24 | ||||||||||||||||||||||||||
25 | ||||||||||||||||||||||||||
26 | ||||||||||||||||||||||||||
27 | ||||||||||||||||||||||||||
28 | ||||||||||||||||||||||||||
29 | ||||||||||||||||||||||||||
30 | ||||||||||||||||||||||||||
31 | ||||||||||||||||||||||||||
32 | ||||||||||||||||||||||||||
33 | ||||||||||||||||||||||||||
34 | ||||||||||||||||||||||||||
35 | ||||||||||||||||||||||||||
36 | ||||||||||||||||||||||||||
37 | ||||||||||||||||||||||||||
38 | ||||||||||||||||||||||||||
39 | ||||||||||||||||||||||||||
40 | ||||||||||||||||||||||||||
41 | ||||||||||||||||||||||||||
42 | ||||||||||||||||||||||||||
43 | ||||||||||||||||||||||||||
44 | ||||||||||||||||||||||||||
45 | ||||||||||||||||||||||||||
46 | ||||||||||||||||||||||||||
47 | ||||||||||||||||||||||||||
48 | ||||||||||||||||||||||||||
49 | ||||||||||||||||||||||||||
50 | ||||||||||||||||||||||||||
51 | ||||||||||||||||||||||||||
52 | ||||||||||||||||||||||||||
53 | ||||||||||||||||||||||||||
54 | ||||||||||||||||||||||||||
55 | ||||||||||||||||||||||||||
56 | ||||||||||||||||||||||||||
57 | ||||||||||||||||||||||||||
58 | ||||||||||||||||||||||||||
59 | ||||||||||||||||||||||||||
60 | ||||||||||||||||||||||||||
61 | ||||||||||||||||||||||||||
62 | ||||||||||||||||||||||||||
63 | ||||||||||||||||||||||||||
64 | ||||||||||||||||||||||||||
65 | ||||||||||||||||||||||||||
66 | ||||||||||||||||||||||||||
67 | ||||||||||||||||||||||||||
68 | ||||||||||||||||||||||||||
69 | ||||||||||||||||||||||||||
70 | ||||||||||||||||||||||||||
71 | ||||||||||||||||||||||||||
72 | ||||||||||||||||||||||||||
73 | ||||||||||||||||||||||||||
74 | ||||||||||||||||||||||||||
75 | ||||||||||||||||||||||||||
76 | ||||||||||||||||||||||||||
77 | ||||||||||||||||||||||||||
78 | ||||||||||||||||||||||||||
79 | ||||||||||||||||||||||||||
80 | ||||||||||||||||||||||||||
81 | ||||||||||||||||||||||||||
82 | ||||||||||||||||||||||||||
83 | ||||||||||||||||||||||||||
84 | ||||||||||||||||||||||||||
85 | ||||||||||||||||||||||||||
86 | ||||||||||||||||||||||||||
87 | ||||||||||||||||||||||||||
88 | ||||||||||||||||||||||||||
89 | ||||||||||||||||||||||||||
90 | ||||||||||||||||||||||||||
91 | ||||||||||||||||||||||||||
92 | ||||||||||||||||||||||||||
93 | ||||||||||||||||||||||||||
94 | ||||||||||||||||||||||||||
95 | ||||||||||||||||||||||||||
96 | ||||||||||||||||||||||||||
97 | ||||||||||||||||||||||||||
98 | ||||||||||||||||||||||||||
99 | ||||||||||||||||||||||||||
100 |