This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Talk:Summit 2011 Working Sessions/Session077

Jump to: navigation, search

Should OWASP Hire a CEO?

Arguments in Favour

Jeremiah Grossman

Jeremiah Grossman in his 'Open letter to OWASP' blog post: - "..2) It is time for an OWASP Chief Executive Officer OWASP would be well-served by the creation of a President / CEO position just like Mozilla and other highly successful non-profits. A full-time person responsible for the day-to-day operational affairs and growing the organization. A go to person for global committee members, project leaders, members, sponsors, press, etc. who has the authority to make decisions and get stuff done expeditiously. OWASP generates enough revenue, with sufficient growth, and has enough stuff to easily justify such a position. No doubt others besides myself have experienced much internal confusion and disorganization within that stifles and frustrates those seeking to contribute. The right person could help clean all that up and make things much more efficient and productive.

Second, this person also must serve as an industry cheerleader. It is vital that someone representing OWASP is constantly out there raising awareness and sharing why its a good idea for every developer, security professional, and software generating organization to be involved. Someone who can meet personally with CEOs, CIOs, CTOs, and CSOs of organizations large and small to gain their support. Obviously this can’t happen on a part-time basis with people employed by for-profit “vendors.”..."

Mark Bristow

Absolutely. I think that as OWASP grows as an organization there is a continuing need for a consistent "cheerleader" who is always working on OWASP's behalf. Not that Jeff and the board are doing a bad job, however if you look at other non-profits who have been successful, nearly all of them have some sort of core staff in leadership roles (whereas OWASP have primarily support employees). It's my opinion that hiring an experienced CEO to put a consistent "face" on OWASP activities, who can go and meet with industry leaders, potential supporters, press and perform outreach activities would be a boon to maturing us into OWASP 4.0.

On the operational side, I think hiring a CEO with experience in running an international non-profit organization would also be a huge value add for OWASP at this critical juncture. As Global Conferences Committee Chair, I frequently run into issues that stem from attempting to conduct OWASP operations around the globe. Things as simple as collecting a payment for a conference get highly complicated when you get into US 501c status, VAT, financial import/export taxes and the like. This problem has already been solved by other international non-profits and we need someone to help leverage their experience to do the same for us.

Arguments Against

Dinis Cruz

(to do)