Monday, August 7, 2017

OWASP Operations Update for August 2017

Welcome to the operations update for August 2017, the ongoing series of updates on what's happening at the OWASP Foundation.  Last month's post is available here.

In another departure from our normal format, I'd like to have a bit of a preamble to set expetations for the community.

With the staff reduced by 20% from 8 down to 6 FTE's, things are going to take longer then anyone would like.  Know that the OWASP staff is doing the best they can under difficult circumstances.  We currently do not have an ETA on any new hires at OWASP.  However, to offset the workload from Kate and Alison's departure (detailed last month), OWASP has:

  • contracted out the accounting functions Alison was doing.  She was doing more then just accounting but her former accounting functions have been covered.  We've had 1 month of transition and things are going fairly well.  We're still uncovering things that Alison did that haven't been handed off yet but we're nearly there.
  • started migrating some of our oldest and least user-friendly forms/processes from Google Docs 'apps' to Jira Service Desk.  The first of these is the funds reimbursement form which should be live by mid-August with more to come over the next couple of months.
So, while we've got items in motion to help streamline things going forward, those items haven't started to pay dividends yet.  We want the community to know that the staff feel your pain with some of the inevitable delays that will happen with a smaller staff.  We're doing what we can to build up the least amount of tech and operational dept as we go forward.

OWASP IT Infrastructure Hosting - Modernizing and migrating the OWASP infrastructure
  • Remaining hosts at Rackspace: OWASP Wiki, Mailman server, Virtual-host server which provides redirects and static content
    • These are on hold until staff is back to full strength
  • For the current status details, see the June 2017 update.
The Website Reboot - aka TWR - a major effort to update and modernize OWASP's web presence
  • Phase 1 is complete
    • Note: Due to lack of staff availability, the wiki is running the legacy LTS release not latest stable so Phase 1 will need to be repeated in future when this comes off hold.
  • Phase 2, 3 and 4 are in process
  • These are on hold until staff is back to full strength.
  • For the current status details, see the June 2017 update.
The OWASP Communication Plan 
  • Discourse as a replacement for Mailman
    • On a significantly reduced roll-out plan until staff is back to full strength
    • For the roll-out plan, see the Community section below.
  • Beta program for the Foundation's Global Meetup account continues
OWASP 2017 Strategic Goal aka The OWASP World Tour 
  • TLDR: Host 4 trainings worldwide of ~500 attendees geared toward developers and entry-level security professionals - further details on the wiki.
  • 4 locations reduced to 3 due to staff departures
    • Tokyo Bootcamp - September 30, 2017
    • Boston BOAST - October 9, 2017
    • Tel Aviv DevSec - October 17, 2017
  • Call for Trainers anticipated launch is mid-August
Association Management System (AMS) Upgrade 
  • Completed as of August 1st, 2017
Projects 
  • AppSec USA 2017
    • Final details and marketing plan in full force
    • Sponsor Expo Location Selection
      • Those sponsors who have paid in full have chosen their expo locations
      • Those who have not yet paid have not chosen their expo location and have not received their discount codes
  • AppSec EU 2018
    • Finalizing Gantt Chart
    • Conference budget built out
    • Multiple RFPs out for bid
  • AppSec APAC 2018 - proposal under review
Membership 
  • 55 Corporate Members
    • $185,000 (46% of yearly goal)
  • 2017 WASPY Awards
    • Nominees notified and winners posted plus announced to the community
    • Prepping for Award Ceremony at AppSec USA 2017
  • 2017 Global Board of Directors Elections
    • Candidates vetted and notified if they are eligible or not
    • Candidates will be posted the week of August 7th
    • Scheduling candidate group interviews to start August 25th to September 1st
  • Developer Summit at AppSec USA 2017
    • 3 trainers confirmed (1 full day presentation and two 1/2 day presentations)
  • BlackHat USA 2017
    • Kelly and Dawn represented the OWASP Foundation at our booth during the event along with several community volunteers
Community
As always, the OWASP Staff are here to make the OWASP community even stronger.  If you have a question, concern or need something, please let us know using the 'Contact Us' form.  Also, feel free to attend, suggest or otherwise engage with the OWASP Foundation further at the August 9th Board Meeting.

Your friendly remaining neighborhood OWASP staff:
    Kelly, Laura, Claudia, Tiffany, Dawn and Matt

No comments: