Happy Holidays, and let's hope for a better 2021


Andrew van der Stock

Wednesday, December 23, 2020

2020 has been a very challenging year for all, including OWASP. I know a lot of folks are hurting, lost loved ones, or been very sick themselves. Work from home for many has been a challenge, especially if you’re like me and have school-age kids at home who are struggling with online classes. I think everyone is suffering from Zoom fatigue. I want to highlight some of our struggles and successes in 2020 but look forward to a much better 2021.

Note: Our office is closed from Thursday, December 24th, and we reopen on January 4th, 2021.

2020, by far, has been this generation’s worst-ever year. You read about pandemics from the past and wonder how it would be, and now we know. OWASP took a massive hit in our usual revenue sources, which are in-person events. We’ve had to really cut an already lean organization into a ripped 0% body fat organization. It’s been tough, and some of the things we’ve had to cut back on are our mission.

Some of the things I am proud of our community and my team getting done this year are:

  • Learning fast how to become virtual event specialists. I really appreciate the trainers and speakers, our sponsors, and your support in registering and coming to these events and our staff’s hard work in putting it on at short notice
  • All our community’s hard work, the Policy Review Team, Mike McCamon, and lately myself in getting all our policies and some of our bylaws reviewed and fixed up. There’s more to go, including what we should do about the leader policy, some bylaws that our lawyers noted aren’t precisely legal or enforceable (who knew that appsec specialists should not write bylaws? ;-)
  • Returning much of our mission activity to the community through Committees and committee reform, including establishing the Chapter, Education and Training, and Projects committees, and re-invigorating the Outreach and WIA, Diversity and Inclusion Committees
  • Doing more with less. Our team has been busy cutting away at duplicate services that we’ve acquired over the years as our community’s needs have changed. We have been working on improving our platform and eliminating costs. There’s more to be done here, particularly around Meetup, which is both expensive and restrictive. However, we can and should still strive for that balance between losing access to some of the best tools or harming productivity or capability
  • The work of my predecessor, Mike McCamon, Dawn Aitken, and our Virtual accounting team in giving OWASP it’s first-ever “clean” financial audit. There are no systemic accounting issues that need addressing. Most of the time, we get small notes like “make sure that all expenses have receipts,” but this time around, nothing. That doesn’t usually happen.

I think we all know some of the negatives that occurred in our community in 2020, and I’ve taken steps to address many of the most contentious issues. I am looking for your suggestions on how the community can assist in keeping moderation on track, as well piloting some of our community having direct access to our social media to promote their projects or committees. I’d like to fast fail and iterate than to not try at all. Let’s get our community humming again. I’m going to put the negative stuff that happened into the dumpster fire of 2020 and never talk about it again.

So what’s on our plate for 2021?

2021 is OWASP’s 20th anniversary. We will be doing many virtual events around the past, present, and future of OWASP. If you want to be on a panel, we have plenty of opportunities for that throughout the year. Please contact Alonna Stock ([email protected]) if you can volunteer for that.

I am incredibly keen to get “How to get into AppSec” going. We have a genuinely fantastic guest trainer lined up, which we will announce in the new year, but hint: it’s how to get into bug bounties. OWASP needs to ensure that our profession has a continuous pipeline of motivated and skilled individuals. Getting started in AppSec is one of our most common requests. If you want to help with this, please contact the Education and Training Committee.

We are going to run an in person Global AppSec in Australia, as they are the closest country to eradicating COVID as any and have shown that they will lockdown hard to get rid of it again. The event, with some luck, will be happening in October 2021. If you want to help with or sponsor at this event, please contact Daniel Ting () or Kelly Santalucia () respectively. It’s unlikely Australia will let Americans travel, so we are trying a new but old format this time around with our community primarily organizing and running the event. I’d say our best and most profitable events were community run by local chapters, and I’m keen to get our community involved in actively organizing these events again.

The 2021 Operating Plan is live, a relatively comprehensive list of things we want to get done. We have already delivered on a lot of these items, including full regional pricing available on all membership types, from Student ($8) through Lifetime ($200) membership, startup pricing for a corporate membership ($2k), regional pricing for all corporate membership types, and periodic monthly, quarterly and annual billing for startups, regional, and full corporate memberships. I will be keeping a close eye on the critical projects to ensure that they are all done by the end of 2021.

I’d love for the community to get involved in many of these operational projects and make them better. Like the merchandise design and store, many of these projects are run in conjunction with the Outreach Committee. Not only is it possible for you to get involved and shape OWASP, but your help and involvement also helps fund our mission as well. This is one of the overarching themes of the 2021 Operating Plan: getting our community actively invested and involved in our mission. We used to do this all the time, but the larger we get, the more work the Foundation took on, and things stopped evolving. We need to ensure that our direction comes from the community and move with the times and our members’ interests.

Looking forward to 2022 and beyond. We need to restart full operations, including chapter, regional and global appsecs again.

The OWASP Foundation is here to enable the mission, not do it. We need the community to come back to our mission. I hope that during the Board strategy face to face, we can think of the next mission statement, as we need a new one that will serve us well for the next 5-20 years. If you have ideas along these lines, please contact your friendly Board members.

Merry Christmas and Happy New Year, and let’s hope 2021 brings more joy than 2020. See you all next year!