Gary Robinson 2018 Bio and Why me
Hi, I'm Gary Robinson and I've been involved with OWASP since 2011 in most aspects of the organization, including running a chapter, chairing a conference, co-leading a project, and attending numerous conferences, committees, and other behind-the-scene activities.
As a professional, I'd worked for over 15 years as a software developer, pushing security as a discipline and wrapping it into the SDLC. More recently I've acted as a Senior Application Security Architect at CitiGroup, been a web application penetration tester, and consultant to a number of companies.
I joined OWASP in 2011 to work on the OWASP Code Review Guide v2, and ever since then I've been impressed by the people and passion in the OWASP community. Some of the highlights of my time in OWASP include:
- Becoming co-project leader of the OWASP Code Review Guide v2 - https://www.owasp.org/images/5/53/OWASP_Code_Review_Guide_v2.pdf
- Starting the OWASP Belfast chapter in 2014, for it to become one of the largest chapters in Europe, with over 1000 members (on meetup) and regularly attracting over 100 attendees to our sessions, despite Belfast being a relatively small city. (https://www.meetup.com/OWASP-Belfast/)
- Chairing OWASP AppSec EU 2017 conference, again in Belfast, which attracted over 700 attendees to become the largest AppSec Europe.
- Being voted onto the OWASP Europe Board back in 2016.
Essentially - I understand the many aspects of what makes OWASP (chapters, projects, conferences) having been heavily involved with these in the past, and going forward I want to represent and enable some potential changes, or research, for OWASP to enable it to function better going forward. I think it's important to have been involved in all of these OWASP aspects, as it can allow you to know how they feed into each other, how they enable each other, and spot some opportunities for improvement.
In terms of an agenda, there are 3 main things I want to look at:
- Finances: We have had a few issues over the past few years, which have been very well debated over the leaders list. These include the Israel/London AppSec conference, the nature of OWASP member/free tickets to these conferences, and the nature of existing funds in chapter accounts. IMO all of these have come down to OWASP finances, and the potential lack of such finances which causes such issues. I'd like to look at ways OWASP can increase it's finances outside of these areas, such as government funding (worldwide), extra corporate funding (without selling our soul), the nature of the OWASP membership, and other areas. I know work has already been partially done in these areas, and if we manage to increase the funding to OWASP, we can better enable the community, and OWASP employees, to deliver the OWASP mission.
- Communication: Let's face it - it's been lacking. I want to conduct some focused sessions examining what has gone wrong in the past, what can be done to improve it, and as Picard says "Make it so".
- Quality: Project review committees have been attempted in the past, and other aspects of OWASP quality have been talked about, hence I'd like to see if there are ways to do this better in the future. Perhaps not with volunteers, but with paid employees if we had extra finance or sponsorship (see 1) above). Having worked on the code review guide, and spent a portion of our funds on review/quality, I know how hard this is to do, and for an industry respected document to have typos and other issues, unfortunately reflects on OWASP as an organization.
Again, having worked on the team, logistics, and quality of a project, herded the cats and finances of a large conference, and built up a successful chapter, I believe I can represent these aspects of OWASP in the board, and move OWASP forward as an organization.