Matt Konda 2016 Bio & Why Me?

About Matt:

Matt Konda is the Founder and CEO of Jemurai and current Chair of the OWASP Global Board of Directors. He came into the security field through years running agile engineering teams eventually building security products. Matt is experienced building application security programs, delivering secure development training, application penetration testing, secure code review, security unit tests and automation to inject security into the software development life cycle. He is the project leader for the OWASP Pipeline project, which seeks to be the glue that ties security tools into the development process. At Jemurai, he is bringing together security pros and developers that aim to solve security challenges in a positive, fun, creative new ways.

Why I would like to be elected to the Global OWASP Foundation Board of Electors

I was elected to the OWASP Board in 2014 largely on a platform of bridging the security and developer communities. I won't go so far as to say that we've succeeded but we have seen some movement and the momentum is starting to build. We have done this with the help of a team of staff and volunteers actively working on it every week, the ongoing efforts of OWASP volunteers worldwide and even the informal bridges to DevOps and other communities. I believe this needs to continue to be a primary focus of OWASP and I am committed to keep working toward achieving it.

The time on the board has been extremely challenging and has been unlike anything I would have expected for any number of reasons. I am proud that the sitting board unanimously selected me to be their Chair for this year. I believe this was based on their collective experience that I am by nature a leader that wants to hear from everybody and guide the group to a collectively strong decision. I do not simply advance an agenda. In board meetings, you will hear me asking each specific board member for their input to ensure that we have heard everyone as we make decisions. I am community minded and always thinking about the greater good. I believe the staff trust and like working with me. I make sure they are heard and get the attention they need to succeed. I have a thick skin and stay positive. Ultimately, I think my leadership style has emerged as a steadying influence through many challenges.

We are in the process now of re-drafting a deeper more forward looking strategy and staffing plan - all of which are things that I am advancing with a range of proposals and working with other board members to improve and formalize. This will likely become more public in the coming months and at that time you may judge for yourself the direction that we chose.

During my time on the board I have pushed to fund initiatives to update the OWASP web presence, actively adopt tools to engage with the community like Slack and Trello, seek out and attend developer events and recruit sponsors from pure software (not security) companies.

I have come to love working to connect and support people. My passion in this position is really around coaching and bringing out the best in the people around me. An example of this might be how when Martin Knoblach asked to be relieved of his duties as compliance officer (after much service) I reached out personally to specific people to recruit a small team to handle those duties. This type of personal and hands on organizing is essential at the core of the Foundation.

I believe that diversity and inclusion continues to be a surprising challenge for our community. I have seen developer communities do better than we have and I followed my promise from 2014 and proposed that the board invest in outside help to improve our policies and execution around diversity and inclusion. This proposal did not pass. I will continue to advocate for funding and formal help to achieve better results in this regard.

In 2015-2016 I participated in CodeMash and helped OWASP Chicago to run the security track at Chicago Coder Conference. We are actively engaged with SpringOne, JavaOne, RailsConf, QCon and O'Reilly. I have been working on a project (OWASP Pipeline) that is glue to run security tools within a software development lifecycle.

I am proud of our community and what we accomplish each and every day. It would be an honor to continue to serve as a coach and facilitator on the board to maximize our impact in spreading the word about application security.

Thank you for your support.