Paulino Calderon

About Me

Paulino Calderon

I’m thrilled to announce my candidacy for a position on the OWASP board. For those who might not know me personally, let me share a bit about my journey in cybersecurity.

Over the years, I’ve had the honor of co-founding cybersecurity companies such as Websec Mexico, Websec Canada, and PWNLab. More than just establishing them, I guided these companies hands-on, directly contributing to their growth. I’ve also had the privilege of contributing to several impactful projects. One of the non-OWASP projects close to my heart is ‘nmap’, a tool that’s instrumental to many in our industry where I’ve not only contributed but also mentored talents through the Google Summer of Code program. Additionally, as a security researcher in the GitHub Security Ambassador program, I’ve had the privilege to test and give early feedback for new features aiding the open-source ecosystem. I’ve also disclosed numerous vulnerabilities responsibly to various open-source projects, ensuring they remain robust and trustworthy. On top of that, I’ve actively been at the forefront of organizing events, including the OWASP LATAM Tour in México (2018, 2019, 2020). It’s always been a rewarding experience to see our community come together, exchange knowledge, and drive forward our collective mission.

Within the OWASP community, I’ve been deeply involved as a chapter leader, project leader, and occasional contributor to OWASP Juice Shop and OWASP MSTG/MASVS. I’ve been fortunate to work with some of the brightest minds here, sharing, learning, and evolving. This enriching journey with OWASP fuels my desire to serve more.

Joining the OWASP board is more than just a title or role for me. It’s about living out our values, working together to make the online world safer, and helping OWASP grow into the places we have yet to reach. I’m passionate about ensuring everyone gets heard and has a fair shot at creating awesome, game-changing projects.

I humbly seek your support and promise to be a voice for progress, collaboration, and innovation. Let’s shape the future of OWASP together, leveraging our combined expertise and passion.

Paulino Calderon - OWASP Global Board of Directors candidate

Questions

How do you envision OWASP to become more reachable to individual developers and institutions?

  • Localized Content and Tools: While English is widely used, localizing OWASP’s documentation, tools, and resources into multiple languages can drastically increase its reach. Many developers and institutions operate primarily in their native languages, and offering resources in those languages can enhance accessibility. I tried this when I created the YouTube channel for OWASP LATAM in Spanish, which was well-accepted and adopted by the different chapters in the region.

  • Increased Visibility through Events: Hosting and participating in more global and local events, hackathons, and conferences can elevate OWASP’s presence. These events can be platforms for direct interaction, feedback collection, and community building. Hosting official Appsec events with the organization’s full support in different regions of the world will significantly expand the organization’s visibility.

  • Tailored Educational Programs: Offering programs tailored to different experience levels, from novice developers to seasoned professionals, can cater to a broader audience. This could include webinars, workshops, and online courses that cater to specific needs. For example, let’s create video tutorials on OWASP Youtube channels where we cover our top 10 risks projects with the corresponding testing methodologies and a website to allow members to test their knowledge and get a badge of completion at the end.

  • Engagement with Educational Institutions: Establishing partnerships with universities and colleges can introduce OWASP resources and principles early in a developer’s journey. Embedding OWASP’s standards into the academic curriculum can create a foundational understanding for upcoming professionals.

  • Feedback Programs for Projects: Implementing programs where professionals review and provide feedback to project leaders to understand the developer and institution community’s needs, challenges, and suggestions. This can guide the evolution of OWASP’s projects and resources to align with the community’s requirements.

What do you plan to do to increase funding for OWASP projects?

  • Grants and Endowments: Many organizations, especially in the tech sector, have grant programs supporting open-source and security initiatives. We must actively identify these opportunities and submit proposals showcasing the value and impact of OWASP projects.

  • Crowdfunding Campaigns: Crowdfunding platforms can be leveraged for specific projects or initiatives. The broader security community and businesses can directly support projects they deem essential.

  • Expand Merchandising: Selling OWASP-branded merchandise online and during conferences can be a supplemental revenue stream while promoting brand visibility.

  • Transparency and Reporting: Demonstrating the impact of OWASP projects through regular reporting and transparency can help retain and attract sponsors. When donors see the tangible results of their contributions, they’re more likely to reinvest.

  • Host Specialized Events: Besides our regular conferences, we can organize specialized events targeting specific industries or topics. These events can have sponsors, and the proceeds can be funneled directly into project development.

What are your plans for Foundation outreach in both government/policy and industry?

Helping the government and collaborating with them in open spaces, events, and research bodies is critical to empower them to make correct decisions when building new policies and position OWASP as an authority. For the industry, we should organize industry-specific events to provide them with tools to solve their current problems while showing the organization as trustworthy and resourceful.

Do you believe all OWASP Board discussions should happen in the open (excluding HR, Compliance, etc.)?

Yes! We should be open and transparent in all OWASP Board discussions to be trusted by members and sponsors. Documentation, proposals, receipts, everything should be accessible to everyone.

What are you plans to have the board and staff be more involved in project marketing/cheerleading?

  • Board & Staff Showcase Sessions: Initiate regular sessions where board members and staff “adopt” an OWASP project and present its value proposition, updates, and success stories to the community. This not only promotes the project but also demonstrates leadership’s commitment.

  • Highlight Projects in Conferences: Ensure that every major OWASP conference has a segment dedicated to showcasing projects, with board members or staff taking the stage to highlight their significance and updates.

  • Feedback Loops with Project Leaders: Regularly engage with project leaders to understand their marketing needs. Direct involvement of the board and staff in these discussions will foster better collaboration and trust.

Are you able to devote the time to your OWASP Board duties (can feel like a second full time job)?

Yes! One of the questions I get asked the most is how I get so much done. Between my businesses, projects, and personal life, I have become very good at time management and building effective teams.