Ofer Maor 2019 Bio and Why me
I’m a passionate cybersecurity professional with 25 years of experience in the industry, 20 of which in the AppSec field. I’ve been part of OWASP for 17 years, (almost) since its inception, and I currently serve on its Board of Directors. I've also held multiple roles in OWASP, including Chapter Leader, Global AppSec Event Co-Chair, Global Committee Member and more...
At the same time, I’ve also had the opportunity to work in various roles in the security industry, ranging from pen-testing, consulting, research, support, development, product management and all the way up to founding and managing several companies in this space. I’ve been a Breaker, a Builder and a Defender. I’ve been as hands-on and technical as it gets, but also had the chance to see how things operate on the larger scale.
Deep inside, I’m still a (ethical) hacker at heart, and I’m still an idealist about the the notion of community and open source at large, and OWASP specifically, yet at the same time I understand how organizations operate and what they need to do to thrive, and I believe this balance is what I bring to the OWASP Board. Since the beginning of the year, I have worked with the foundation staff to help grow and improve OWASP so that it can better support the community.
Today, after only a little over half a year on the board, I feel like we are starting to make a progress, and I would like to stay on the board to make sure that I can help drive those changes through.
Candidate Election Video
I’m passionate about OWASP, and especially about its community. I’ve been working with OWASP for a long time, and have always cared for it. I’ve met some of the best people along my professional career through the OWASP community, and many of them became long lasting friends. Through my entire time with OWASP, the community is what drives me forward, and driving this community forward is what I can bring to the table.
OWASP is going through growing pains, that are natural at this time and place, yet still immensely challenging. OWASP has a growing financial pressure to support its growth, and at the same time has growing industry pressures, with vendors looking to influence the industry standards that it set. These pressures present great challenges for OWASP, both on the foundation and on the community, generating friction and frustration. Last year we’ve witnessed such a disconnect and miscommunication, which nearly ripped the community apart. During that time, I’ve worked with the board, the foundation and the community, to smooth things out, find the right solution, and prevent the rip.
Seeing which challenges we are facing, and the contribution I can offer, made me join the board in the first place and do the best I can to contribute to OWASP. I would like to continue the work I have started so that we can truly turn the page onto OWASPs next chapter, making it a leading global organization in the cybersecurity industry.
I plan to continue focus on the fine balance between the community, the financial constraints and the industry as a whole, to make sure OWASP stays true to its spirit, yet is allowed to grows and evolve to its next phase, reaching new audiences and making a greater impact on the software industry as a whole.
Some key areas I am already working on and plan on continuing:
- Membership: I believe our current membership structure, both at the individual and corporate levels, makes it hard to increase membership revenue to the foundation, as it is not always clear what is the membership value. As a board member I took upon myself to be the lead board member, working with the staff, on changing our membership models to make OWASP a more professional organization, run by its members and better supported by the corporates in our industry. Some of these changes have already been made and published, while others are still in work and are likely to take effect over the course of the next 12-18 months.
- Chapters: Chapters are one of the two main pillars OWASP thrives upon. Without our chapters we have no audience and can reach no one. Yet our chapters are not all the same. Some chapters are run very well and reach a great audience, while others are struggling and failing to get traction. In my upcoming term, should I get elected, I plan to put more emphasize on helping chapters run more professionally and more consistently, giving our members and target audience a better, more consistent experience worldwide.
- Committees: I believe Global Committees can be a great way to drive more initiatives by people in community, who are eager to do more and need the right framework. As a board member I supported initiatives that offer the community the framework to do more, especially around Chapters, Projects, and Education (and work to make sure they function better this time).
- Vendor Neutrality: Throughout my entire OWASP roles, I’ve always put great emphasize on vendor neutrality (despite working for one or another throughout this entire time). I believe the only way to keep OWASP relevant and valuable, is by making sure the content we produce in projects, conferences and education is neutral - focusing on best practices and practical knowledge, and not on marketing pitches and sales activities. As a board member I promise to vigorously fight against any attempt to externally influence OWASP as a whole, or any of its projects or conferences, in favor of specific vendor, whether it is financial gain or by taking control of an activity.
I’ve been part of OWASP for 17 years, (almost) since its inception, and I’ve had the opportunity of being involved in various activities:
- I've been on the Global Board of OWASP since January 2019, serving as the Secretary of the Board. As part of this role I am working with the staff on driving changes both to corporate and individual membership, to help OWASP become more professional as well as stabilize its financials. I'm also working on driving other initiatives for making the board interactions and meetings more professional, delivering better outcomes.
- I've been the co-Chair of Global AppSec Tel Aviv that took place in 2019. We had a great turnaround of people and sponsors in a location that has never before had a Global AppSec Event. We've also managed to make Global AppSec Tel Aviv more inclusive than ever with over 30% female speakers!
- I’ve been on the board of OWASP Israel for 10 years, of which I was the chair for 4 years. During this time OWASP Israel has grown considerably and transformed from a small chapter with no funding (and a single board member) to one of the largest communities in OWASP with a proper board and volunteer base.
- For the past decade we’ve been running the OWASP AppSec IL conference every year, growing it from a half-day, single-track event with 90 attendees to a multi-day conference with trainings and over 700 attendees. Today, OWASP AppSec IL is one of the most attended OWASP events every year. I’ve had the chance of running the conference as a chair for several years and took on other roles later, including content committee (speaker selection), sponsorships (driving revenue to the conference), and more.
- I’ve also been part of the Global Membership Committee (before the committees were disassembled). In this role we drove initiatives to increase OWASP membership (and thus revenue) for both individuals and corporates.
Outside of OWASP, I’ve had the chance of working in various roles in the industry. I’ve also had the chance of founding and running my own companies – first an AppSec consulting company, followed by an AppSec product company (both later acquired and still alive). I’ve been on the Board of several companies (including a publicly traded company in NYSE/Euronext), and I’ve had the chance to define, manage and review budgets and financial management of companies.
For more information about my professional experience you are welcome to visit my LinkedIn Profile: https://www.linkedin.com/in/ofermaor/
You can also listen to my latest podcast recording from AppSec EU 2018 by Chris Romeo from the Application Security Podcast, where I share some of my history, my current work and my intention to run for the OWASP Board at: https://www.securityjourney.com/blog/a-pen-testers-transition-to-appsec-vote-for-ofer/
If you'd like to know more - feel free to reach out to me:
- Mail: [email protected]
- Twitter: @OferMaor