This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

WASPY Awards 2016

From OWASP
Revision as of 18:30, 7 September 2016 by Kelly Santalucia (talk | contribs) (Timeline)

Jump to: navigation, search

WASPY 2016 Banner.jpg
Web Application Security People of the Year Awards 2016

Timeline

June 7, 2016 - Call for Nominees Opens! CLOSED
June 20, 2016 - Paid Membership Deadline. Not sure if you are a member? Check Here
July 28, 2016 - Call for Nominees CLOSED
July 29, 2016 - Announcement of Nominees per Category to the Community
August 5, 2016 - Deadline for Nominee Profile Picture and Bio to be created and added to the nominees Citation
August 10, 2016 - Voting Opens
August 24, 2016 - Voting Closes
August 25, 2016 - Winners are Notified
August 25, 2016 - Announcement of Winners to the Community
October 14, 2016 - Award Ceremony at AppSecUSA 2016 in Washington, DC on Friday, October 14, 2016. Awards presented by Frank Catucci and Dave Ferguson from Qualys

Purpose of the Awards

Each year there are many individuals who do amazing work, dedicating countless hours to share, improve, and strengthen the OWASP mission. Some of these individuals are well known to the community while others are not.

The purpose of these awards is to bring recognition to those who "FLY UNDER THE RADAR". These are the individuals who are passionate about OWASP, who contribute hours of their own free time to the organization to help improve the cyber-security world, yet seem to go unrecognized.

Community members are able to nominate 1 individual per category (see Categories below) who they feel best fits these descriptions so that, as a community, we can recognize these people for their contributions. We are tying in the WASPY Awards to help identify and recognize individuals who demonstrate our core values and annual report theme of Leading - Learning - Sharing - Growing. We value your input and consideration for nominations in the categories below.

Categories

1. Open/Leading - Everything at OWASP is radically transparent – from our finances to our code. This award goes to a member of the OWASP community who has supported the OWASP mission of transparency through their influence, management, and leadership in the community. This might be a chapter or project leader or may be someone who has worked within the community.

2. Integrity/Learning - OWASP is an honest and truthful, vendor neutral, global community. This award goes to an individual who recognizes the benefits of the power of the collective community within OWASP, who challenges the status quo, and generates an excitement in the learning community.

3. Innovation/Sharing - OWASP encourages and supports innovation and experiments for solutions to software security challenges. This award goes to an individual who has inspired and encouraged others in the arena of software security with innovative and cutting edge solutions to software security challenges.

4. Global/Growing - Around the world, OWASP encourages and supports innovation and experiments for solutions to software security challenges. This award goes to an individual who truly represents the OWASP Global scope and recognizes the importance of growth. The nominee reaches out beyond the OWASP circle to raise awareness of software security in locations outside of the OWASP comfort zone.

And the Nominees Are...

Name Category & Citation
Tony Clarke Open/Leading Category
Tony has been nominated 2 times for this category.
Citation 1Tony has recently volunteered in the Dublin (Ireland) chapter and more recently been voted in as chapter leader. From his initial efforts, Tony has completely transformed this stagnant chapter and has already in just a few months re-organised the chapter and opened it up to the many volunteers who want to be involved. Running initiatives such as 'Women in Appsec', Tony has helped increase meeting attendances and the Dublin board now consists of nearly 20 individuals. Tony has embraced the open, transparency and inclusiveness side of owasp and is an inspiration to many.

Citation 2 I would like to Nominate Tony Clarke for this award. He has been on the OWASP board in Dublin since November 2015 and there have been massive changes within the chapter since then. Tony has transformed the Dublin Chapter and has been recently elected as Dublin Chapter Lead with a landslide victory.I have been attending OWASP events since 2012 and over the past 8 months it is visible of the impact Tony and OWASP are having within the local Dublin security security community.Previously, events were sporadic and occurred every few months. There was never an organised schedule of events. Communication of the events were also poor. With Tony on board, this has changed. Events are now at the end of each month and are organised on a scheduled basis. Communication has improved and with extra social media interaction, OWASP events are now more visible than before.At the end of May the Chapter hosted an event focusing on Women In Security. Keynote speakers such as Jane Frankland, Jacky Fox, local women involved in the security community presented at the event.Everyone left the event feeling motivated. My partner who is a science graduate attended the event with me. She left the event wanting to work in Security and has since begun the enrollment into a Security Conversion Masters in UCD. This is the sort of impact which Tony's work is having on the people of Dublin.The OWASP Dublin chapter previously had 40-50 people MAX at events. It was the same people always. There were 200+ people in attendance at the Women In Security event in May. This sort of attendee never been seen before at a local chapter meeting in Dublin.I believe that this attendance peaked because of Tony's drive to engage the security community in Dublin. Tony organised contacts in universities and large multinational organisations to send email communication to Dublin staff'students. His aim to get more women studying technology or working in technology companies engaging with the security community in Dublin. Tony is leaving no stone un-turned to make OWASP Dublin to success within the community.As a committee member of OWASP Dublin I know that Tony is now reaching out to work with local education bodies such as Smart futures (Science Foundation Ireland) Dublin Institute of Technology, ISACA and Science Gallery. He has brought a plan to our chapter and given us a goal this year to collaborate with education bodies to try sell our security industry to people in education. This is not limited to 3rd level, but also primary and secondary. Tony is leading this initiative and it would not happen without him.I found out about these awards as Tony is trying to improve the open-ness of the Dublin chapter. He is encouraging the community to post this sort of communications to the social media platforms such as facebook, twitter, linked-in.Based on above, Tony has demonstrated that he is not in this for the title or limelight but for the good of the community. He is a leader who is willing to listen and wants to delegate if any OWASP committee member are willing to take on a task. Like any good leader, if he does not have anyone available to do a task, he does it himself.OWASP Dublin Chapter has only been under the leadership of Tony Clarke for two months. We have been enjoying success since Tony first attended a board meeting in 2015. Tony is having major impact within Dublin. I encourage you to strongly consider Tony for this award as he has done great things for us here in Dublin and his leadership is going from strength to strength.

Jeremy Long Open/Leading Category Jeremy wrote a tool, donated it to OWASP and in 2016 it because on of the OWASP Flagship projects. He is not noisy or gets a lot of attention, but every morning before work - Jeremy works on the OWASP Dependency Check. Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. Currently Java and .NET are supported; additional experimental support has been added for Ruby, Node.js, Python, and limited support for C/C++ build systems (autoconf and cmake). The tool can be part of a solution to the OWASP Top 10 2013 A9 - Using Components with Known Vulnerabilities.
John Patrick Lita Open/Leading Category An outstanding volunteer doing an amazing job in the Asia region to promote OWASP projects and materials, reaching a big audience through his outreach program on universities, government institutions and schools on the Philippines. OWASP is not very well know in this part of the Globe and by promoting it, he is creating awareness about application security
Owen Pendlebury Open/Leading Category Owen has been involved in the OWASP Foundation since 2009. He started out attending OWASP Dublin meetings and helping to facilitate chapter meetings and security workshops. Eventually, he took on the role of Dublin board member and then chapter lead a couple of years later. He has been an extremely active member of the security community and has strived to help drive and improve security best practice at a Global level through his commitment to the OWASP foundation. Owen has been an active and dedicated chapter leader, who has organised regular activities for the OWASP Dublin chapter that benefit the local information security community greatly over the past 6.5 years. Some of the projects that Owen has been involved in include, AppSec EU 2016 Committee/ Training Committee, AppSec EU 2017 successful bid, DaggerCon, Cyber Startup Summit, Source Dublin, Advanced Threat Intelligence Seminars and numerous security workshops.Owen has over 6.5 years’ penetration testing, working as part of a global attack & penetration team for a number organisations including a “Big 4” professional services company. With in-depth experience of application and network penetration testing Owen has worked with many local and global institutions to improve their security posture. Owen is currently a manager in Deloitte Ireland. Owen has also been involved in local education bodies, architecting a masters in cyber security and helping a number of students and experienced individuals find their way in to the security community by making himself available to through all media.
Kathy Thaxton Open/Leading Category Kathy Thaxton has been THE key leader for SnowFROC for many years. As with most regional conferences, everyone involved has a day job and nobody's got a lot of spare time to do what must be done.

Kathy has somehow found time whenever she's been asked, and has done the lion's share of the work required to organize SnowFROC. For SnowFROC 2016 we had the usual chaotic first planning meeting where several of us gathered at a pub to see which of us would be able to commit time & to identify potential roles. Everybody left that meeting with action-items. Shortly thereafter, Kathy emailed the rest of us to inform us that she had: drafted a budget,drafted a planning schedule,identified primary & alternate venues,identified primary & competing caterers,reached out to some legendary speakers & gotten tentative commitments,reached out to several vendors & gotten tentative sponsorship commitments, and,identified a good source of volunteers for setup, event day, and tear-down. In other words, Kathy Thaxton had done most of the "heavy lifting" within days of the initial planning meeting! Like previous SnowFROC's, SnowFROC 2016 was attended by Coloradans for the most part, but as with most years we had attendees from Arizona, Utah, Wyoming, and New York. SnowFROC had about 200 attendees, with a mix of ITSec operators, QA/testers, Developers, Auditors, & Managers for all of the above. None of this would have happened without Kathy Thaxton's involvement. Her tact, initiative, cheerfulness, and exceptional organizational skills allowed the rest of the planning committee to focus on things like establishing the curriculum, including a day-long hands-on workshop. Kathy's contribution was so profound and her reputation for organizing a FUN, well-planned, LEARNING event is so great that the local Cloud Security Alliance went out of their way to request her participation on their planning committee for a regional event they're hosting later this year. I attended yesterday's Cloud Security Alliance meeting, and whereas AppSec in the Cloud has been an afterthought at most CSA meetings, it was front-and-center yesterday as the Chapter Leaders asked their members what tracks/topics they'd be most interested in for their upcoming event. That is DEFINITELY reach OUTSIDE of the OWASP community, and again would not have happened without Kathy's stellar achievements at SnowFROCs.

Dhiraj Mishra Open/Leading Category Core Team Member in AppSec India 2016
Tom Brennan Honorable Mention Tom was nominated for the Open/Leading Category. Per the WASPY Award rules, board members are not eligible. Tom is a current board member and therefore he is not eligible for the award.
Dhiraj Mishra Integrity/Learning Category Call_For_Trainers in OWASP Mumbai, India , being in Trainers DB , Dhiraj have taken ton's of free Session's to Mumbai Cop's , Navi Mumbai Cyber Cell , Thane Cyber Cell and many other's.
John Patrick Lita Integrity/Learning Category An outstanding volunteer doing an amazing job in the Asia region to promote OWASP projects and materials, reaching a big audience through his outreach program on universities, government institutions and schools on the Philippines. OWASP is not very well know in this part of the Globe and by promoting it, he is creating awareness about application security
Steve Kosten Integrity/Learning Category Steve Kosten is the Denver Chapter Leader. For the past year, Steve has built community and fostered AppSec learning within Colorado. Before Steve joined the Denver OWASP Board, the Chapter was averaging 2 meetings per year attended by about 15 people. After 1 year on the board there had been 6 meetings with a high-water mark of 50 attendees. Since Steve has become Chapter Leader, attendance is >75 for the 4+ meetings each year. This is directly attributable to Steve's selection of top-quality speakers and an exceptional partnership with a local vendor who provides venue & catering, all in exchange for a simple "thank you" and round of applause. As a SANS AppSec Instructor, Steve is an AppSec expert who has cheerfully shared his expertise with attendees. Steve is a selfless leader who has profoundly improved the Denver OWASP Chapter and become a highly sought-after resource in this community.
Eoin Keary Integrity/Learning Category Eoin gives up his free time to run free security training sessions within the community in Dublin. He is dedicated to spreading the OWASP message within Dublin. He is working within the community for the good of OWASP . Eoin is a committee member and does not have any "board" level title. He is giving to the community and is demonstrating that he does not expect anything in return. Eoin is a role model within our Dublin Chapter
Owen Pendlebury Integrity/Learning Category Owen has been involved in the OWASP Foundation since 2009. He started out attending OWASP Dublin meetings and helping to facilitate chapter meetings and security workshops. Eventually, he took on the role of Dublin board member and then chapter lead a couple of years later. He has been an extremely active member of the security community and has strived to help drive and improve security best practice at a Global level through his commitment to the OWASP foundation. Owen has been an active and dedicated chapter leader, who has organised regular activities for the OWASP Dublin chapter that benefit the local information security community greatly over the past 6.5 years. Some of the projects that Owen has been involved in include, AppSec EU 2016 Committee/ Training Committee, AppSec EU 2017 successful bid, DaggerCon, Cyber Startup Summit, Source Dublin, Advanced Threat Intelligence Seminars and numerous security workshops. Owen has over 6.5 years’ penetration testing, working as part of a global attack & penetration team for a number organisations including a “Big 4” professional services company. With in-depth experience of application and network penetration testing Owen has worked with many local and global institutions to improve their security posture. Owen is currently a manager in Deloitte Ireland. Owen has also been involved in local education bodies, architecting a masters in cyber security and helping a number of students and experienced individuals find their way in to the security community by making himself available to through all media.
Dhiraj Mishra Innovation/Sharing Category Past Contributor in The Popular XSS Filter Evasion Cheat Sheet where as ,This article is focused on providing application security testing professionals with a guide to assist in Cross Site Scripting testing.
  • Lead of SQLi WAF Bypass a very helpful cheat sheet which consists of A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete),recommended by many Security Researcher's.
  • Contributor in OWASP Benchmark,contributed SQLi/XSS fuzz vectors as initial contribution towards adding support for WAF/RASP scoring. Many Thanks to Dave Wichers
John Patrick Lita Innovation/Sharing Category An outstanding volunteer doing an amazing job in the Asia region to promote OWASP projects and materials, reaching a big audience through his outreach program on universities, government institutions and schools on the Philippines. OWASP is not very well know in this part of the Globe and by promoting it, he is creating awareness about application security
Mark Major Innovation/Sharing Category Mark Major did a LOT of HARD work to ensure that AppSecUSA was a success in Denver. He has consulted with his Chapter and worked with OWASP to try to take the Chapter to the next level. Specifically, his research into using some of the proceeds from his efforts at AppSecUSA to establish an AppSec HackerSpace is both innovative and well overdue.
Owen Pendlebury Innovation/Sharing Category Owen has been involved in the OWASP Foundation since 2009. He started out attending OWASP Dublin meetings and helping to facilitate chapter meetings and security workshops. Eventually, he took on the role of Dublin board member and then chapter lead a couple of years later. He has been an extremely active member of the security community and has strived to help drive and improve security best practice at a Global level through his commitment to the OWASP foundation. Owen has been an active and dedicated chapter leader, who has organised regular activities for the OWASP Dublin chapter that benefit the local information security community greatly over the past 6.5 years. Some of the projects that Owen has been involved in include, AppSec EU 2016 Committee/ Training Committee, AppSec EU 2017 successful bid, DaggerCon, Cyber Startup Summit, Source Dublin, Advanced Threat Intelligence Seminars and numerous security workshops.Owen has over 6.5 years’ penetration testing, working as part of a global attack & penetration team for a number organisations including a “Big 4” professional services company. With in-depth experience of application and network penetration testing Owen has worked with many local and global institutions to improve their security posture. Owen is currently a manager in Deloitte Ireland. Owen has also been involved in local education bodies, architecting a masters in cyber security and helping a number of students and experienced individuals find their way in to the security community by making himself available to through all media.
Dhiraj Mishra Global/Growing Category * OWASP Wall Of Fame
John Patrick Lita Global/Growing Category An outstanding volunteer doing an amazing job in the Asia region to promote OWASP projects and materials, reaching a big audience through his outreach program on universities, government institutions and schools on the Philippines. OWASP is not very well know in this part of the Globe and by promoting it, he is creating awareness about application security
Kathy Thaxton Global/Growing Category Kathy Thaxton has been THE key leader for SnowFROC for many years. As with most regional conferences, everyone involved has a day job and nobody's got a lot of spare time to do what must be done.

Kathy has somehow found time whenever she's been asked, and has done the lion's share of the work required to organize SnowFROC. For SnowFROC 2016 we had the usual chaotic first planning meeting where several of us gathered at a pub to see which of us would be able to commit time & to identify potential roles.Everybody left that meeting with action-items.Shortly thereafter, Kathy emailed the rest of us to inform us that she had: drafted a budget,drafted a planning schedule,identified primary & alternate venues,identified primary & competing caterers,reached out to some legendary speakers & gotten tentative commitments,reached out to several vendors & gotten tentative sponsorship commitments, and,identified a good source of volunteers for setup, event day, and tear-down.In other words, Kathy Thaxton had done most of the "heavy lifting" within days of the initial planning meeting!Like previous SnowFROC's, SnowFROC 2016 was attended by Coloradans for the most part, but as with most years we had attendees from Arizona, Utah, Wyoming, and New York.SnowFROC had about 200 attendees, with a mix of ITSec operators, QA/testers, Developers, Auditors, & Managers for all of the above.None of this would have happened without Kathy Thaxton's involvement. Her tact, initiative, cheerfulness, and exceptional organizational skills allowed the rest of the planning committee to focus on things like establishing the curriculum, including a day-long hands-on workshop.Kathy's contribution was so profound and her reputation for organizing a FUN, well-planned, LEARNING event is so great that the local Cloud Security Alliance went out of their way to request her participation on their planning committee for a regional event they're hosting later this year.I attended yesterday's Cloud Security Alliance meeting, and whereas AppSec in the Cloud has been an afterthought at most CSA meetings, it was front-and-center yesterday as the Chapter Leaders asked their members what tracks/topics they'd be most interested in for their upcoming event.That is DEFINITELY reach OUTSIDE of the OWASP community, and again would not have happened without Kathy's stellar achievements at SnowFROCs.

Owen Pendlebury Global/Growing Category Owen has been involved in the OWASP Foundation since 2009. He started out attending OWASP Dublin meetings and helping to facilitate chapter meetings and security workshops. Eventually, he took on the role of Dublin board member and then chapter lead a couple of years later. He has been an extremely active member of the security community and has strived to help drive and improve security best practice at a Global level through his commitment to the OWASP foundation. Owen has been an active and dedicated chapter leader, who has organised regular activities for the OWASP Dublin chapter that benefit the local information security community greatly over the past 6.5 years. Some of the projects that Owen has been involved in include, AppSec EU 2016 Committee/ Training Committee, AppSec EU 2017 successful bid, DaggerCon, Cyber Startup Summit, Source Dublin, Advanced Threat Intelligence Seminars and numerous security workshops. Owen has over 6.5 years’ penetration testing, working as part of a global attack & penetration team for a number organisations including a “Big 4” professional services company. With in-depth experience of application and network penetration testing Owen has worked with many local and global institutions to improve their security posture. Owen is currently a manager in Deloitte Ireland.Owen has also been involved in local education bodies, architecting a masters in cyber security and helping a number of students and experienced individuals find their way in to the security community by making himself available to through all media.

Rules

Remember the purpose of these awards is to recognize the UNSUNG HEROS out there, that are barely recognized for their contributions to the OWASP Foundation.
1. Board members may not be nominated
2. Employees & Contractors may not be nominated
3. You MUST be a Paid or Honorary member to vote and your membership needs to be on file by June 20, 2016
4. All nominees will remain anonymous until July 11, 2016
5. Anyone can nominate an "unsung hero" who has contributed in some way to OWASP who they feel best fits each category
6. You may only nominate one person per category

Eligible Voters

Individuals who were members as of June 20, 2016 are eligible and are listed here. Please take a minute to verify your name is on the list. If you are NOT on the list and believe you should be, then you should contact us immediately

Results

Cumulative Turnout: 309 (13.9%) of 2226 electors voted in this election.
Average Turnout: 21.8 electors voted per day.

Open/Leading Category
Jeremy Long 71 (31.0%)
Tony Clarke 60 (26.2%)
Kathy Thaxton 48 (21.0%)
Owen Pendlebury 22 (9.6%)
John Patrick Lita 16 (7.0%)
Dhiraj Mishra 12 (5.2%)

VOTER SUMMARY
Total: 309
Abstain 80 (25.9%)

Integrity/Learning Category
Eoin Keary 78 (36.6%)
Steve Kosten 37 (17.4%)
John Patrick Lita 35 (16.4%)
Owen Pendlebury 34 (16.0%)
Dhiraj Mishra 29 (13.6%)

VOTER SUMMARY
Total: 309
Abstain 96 (31.1%)

Innovation/Sharing Category
Owen Pendlebury 54 (29.0%)
Dhiraj Mishra 52 (28.0%)
Mark Major 48 (25.8%)
John Patrick Lita 32 (17.2%)

VOTER SUMMARY
Total 309
Abstain 123 (39.8%)

Global/Growing Category
Kathy Thaxton 85 (45.5%)
Owen Pendlebury 45 (24.1%)
John Patrick Lita 37 (19.8%)
Dhiraj Mishra 20 (10.7%)

VOTER SUMMARY
Total 309
Abstain 122 (39.5%)


Sponsorship Opportunities

The support from our sponsors, is what makes these awards truly successful!

WASPY Sponsorship Opportunities

Thank you to Qualys for your support as a Platinum Sponsor! 150px-Qualys logo.png

Communication

June 7, 2016 Twitter, Facebook, LinkedIn, Google+, OWASP Blog.

Past WASPY Awards

2015
2014
2013
2012