|
|
| (32 intermediate revisions by 2 users not shown) |
| Line 1: |
Line 1: |
| − | Hello,
| + | [[File:B-2016-profile-photo.jpg|thumb]] |
| | + | __NOTOC__ |
| | | | |
| − | My name is Jim Manico and I've been an active member of OWASP since 2008.
| + | Jim Manico is the founder of [https://www.manicode.com Manicode Security] where he trains software developers on secure coding and security engineering. He is also the founder of Brakeman Security, Inc. and is a investor/advisor for Signal Sciences. Jim is a frequent speaker on secure software practices and is a member of the JavaOne rockstar speaker community. Jim is also a [[:Special:Contributions/jmanico|volunteer]] and former board member of the OWASP foundation. He is the author of "Iron-Clad Java: Building Secure Web Applications" from McGraw-Hill and Oracle Press. For more information, see http://www.linkedin.com/in/jmanico. |
| | | | |
| − | * I am the founder, producer and host of the [[OWASP_Podcast | OWASP Podcast Series]]. As of May 2011 I have published 84 shows and have spent over 500 hours making the OWASP Podcast a reality. I am grateful to my many guests who have made the show a success.
| + | You can reach Jim at [mailto:jim.manico@owasp.org jim.manico@owasp.org]. You also reach Jim on twitter at [http://www.twitter.com/manicode @manicode]. |
| − | * I am also a contributor and project manager of the [https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API ESAPI Project]. I have one of the largest number of individual check-in's for the ESAPI-Java project and work to ease communication between the many volunteers of this project.
| |
| − | * I am also the chair of the [https://www.owasp.org/index.php/OWASP_Connections_Committee OWASP Connections Committee] where I manage the [http://owasp.blogspot.com OWASP Blog], [http://twitter.com/owasp twitter feed] and [https://www.owasp.org/index.php/Press press communications] for OWASP. I feel that these activities are directly inline with the OWASP core mission of spreading awareness.
| |
| − | * I am also spearheading several ESAPI-like projects that provide modular single-use controls for ease of use. I have only begun these efforts, but have started to manage the [https://www.owasp.org/index.php/OWASP_Java_Encoder_Project OWASP Encoder ], the OWASP validator and the [https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer_Project OWASP HTML Sanitizer] project with a variety of very talented developers.
| |
| − | * I also have been a significant contributor and manager of the [https://www.owasp.org/index.php/Category:Cheatsheets OWASP Cheatsheet Series]. I've worked on the XSS, DOM XSS, SQL Injection, Cryptographic Storage, Forgot Password and other topics in this series.
| |
| − | | |
| − | I included a summary of my "plan for OWASP's future" below:
| |
| − | | |
| − | #Work as a team
| |
| − | ##My primary goal as board member would be to stay active and work with the board to build community consensus.
| |
| − | #Continue to advance OWASP code of ethics around financial responsibility.
| |
| − | ## [http://manicode.blogspot.com/2011/06/financial-responsibility-and-owasp.html http://manicode.blogspot.com/2011/06/financial-responsibility-and-owasp.html]
| |
| − | #Fundraising
| |
| − | ##OWASP is a non profit organization. One of the most important responsibilities of a non-profit board is to secure adequate resources for the organization to fulfill its mission. If given the honor and responsibility of becoming a board member, I would use my position to work with grant writers and other resources to secure additional funding for OWASP projects.
| |
| − | #Maintain OWASP values and culture of innovation and vendor neutrality
| |
| − | ##Allow low barrier for entry for new projects
| |
| − | ##Ensure that all board activities and use of funding is conducted in an open way
| |
| − | ##Organization-wide adherence to vendor neutrality
| |
| − | #Create change/maturation driver through funding
| |
| − | ##Establish engagement paradigm for commercial / federal grants
| |
| − | ##Utilize funding to hire additional full time technical and organizational resources for OWASP
| |
| − | #Facilitate planned “Apache Model” for project measurement, management, and labeling
| |
| − | ##Inventory current project and software assets
| |
| − | ##High barrier of entry for *production quality* OWASP projects
| |
| − | ##Hire additional FTE support staff to manage project infrastructure
| |
| − | #Modernize/Simplify the OWASP Website
| |
| − | ##Hire additional FTE support staff to manage and run the OWASP website
| |
| − | ##Craft adoption guide
| |
| − | ###For common organization archetypes
| |
| − | ###For common individual professional roles
| |
