Glenn ten Cate

We can extend our current OWASP website and make an additional website landing page and menu for the different roles we have in AppSec. Then per role we can correlate the fitting materials / resources and projects that this role would be interested in. We can even do this using some magic tags in the project pages resulting in these parts of the OWASP website being automatically populated. This way we can guide the different roles to the correct material and projects.
 
Also we could create a ** new and improved ** vendor-neutral short, 3 min max ‘Commercial-style’ video where we can explain our mission and vision statement of OWASP and showcase the Flagship projects and how they make an impact. We can share this with the conferences around the world to help and support OWASP by using this video in their presentation lineup to share the great work this community is doing and give more visibility to the groundbreaking projects we have which are all free to use.

Create professional styled marketing templates that can be used for the communication and announcements of the meetups. Then we can create a GitHub pipeline flow for the chapters where if the chapter page is updated for example a new OWASP meetup is added the Github pipeline would utilise the marketing templates and automatically publish the meetup on all the important social media channels. With this improvement we can really enable visibility and grow the new and existing chapters and amplify our branding.

I don’t have any experience serving in a board or executive committee but having this clean slate and not being heavily influenced by certain dogma’s can also be an advantage.

Currently I work as a Security manager in a large international organisation for almost 4 years now, working with the different departments to align ideas and implement improvements. I've also been one of the project leaders of the OWASP Flagship project Security Knowledge Framework (OWASP-SKF) for almost 7 years. The combination of being an OWASP project leader and having management experience in a large organisation will help me settle into this role quickly so as to achieve results and move OWASP forward in the right direction.It will also help me in challenging my peers and listening closely to the community and its needs.

As most conferences are moving to the online platforms, we need to focus on this by improving our OWASP branding. We have already made some great steps with this, for example the new and improved website. I believe if we have a unified branding style that looks very professional we also are better noticed when the chapter / project leaders are making announcements or setting up meetups. Improving the quality of our materials and unifying our content will cost time and effort but when it's done properly we move away from the old OWASP look and feel to the new generation OWASP organization that resonates higher quality. This also attracts companies to proudly sponsor and connect their name to the OWASP organisation.

1 ** Better guidance for project leads **
I sometimes see new project initiatives getting lost in our community on how to become part of OWASP when you are a project leader. This is really a pity as I have seen great next-level projects but because of the lack of a bit of help or a person to reach out to this initiative is stopped. The things I’ve seen are for example:
What to do, different stages, criteria for the 3 project status and how to get there, how to get funds and so on.

2 ** How to get a Flagship project to Enterprise level **
The OWASP Flagship projects are truly amazing projects but I do wonder myself as a Flagship project leader: How can I get this to the next level, the Enterprise level? We are not only helping the open source community or small companies who have little budget. Our amazing Flagship projects are also used by big companies that have higher demanding requirements that we simply cannot always meet due to the fact we are doing all this great work in our spare time next to having a family, job and so on. Having projects to be giving funds to achieve Enterprise level of quality for our projects can really be that step ahead that we need to help the community but also keep being relevant as an OWASP organisation.

3 ** Be/having a voice for the OWASP projects **
I know we also have great people in the community who are doing a truly great job in making the projects visible for example the OWASP Spotlight series from Vandana and I think this is really needed. I want to focus more on this part as well and support and help the projects in OWASP as I personally feel the Chapters and Conferences are very well represented in OWASP but let’s not forget our OWASP projects and help them to shine as well.

To be honest I haven't seen the job movement to lower paid engineering positions happening due to the automation and possible AI tooling. I do see the automation and the AI influence in the AppSec area and the benefits but I don’t actually agree that this alone will make companies safe and secure, not of the tooling can tackle the logic vulnerabilities. I know that security tooling and automation are an important part of the quality gates that we want to have when doing proper AppSec but they are merely a first defense line to remove the easy and low hanging fruit. The real added value is the security awareness and training of the people to understand the root cause of the problem and making sure these security issues are not there in the first place. What I think we should do is proper research into potential new technologies in the AppSec industry and perform a gap analysis to see where we need to focus on and maybe create new projects or materials to guide the security professionals of the future and make them ready to deal with the gaps we will still have even in 10 years from now. Automation and AI will solve parts of the puzzle but it’s not the solution, people with the right knowledge and skills are, and this is where we shine as the OWASP community - sharing this knowledge with everybody.