Ashwini Siddhi

About Me

1. Product Security Leader with extensive industry experience and areas of specializations like Security Architecture & Design, Supply Chain Security Strategy, Privacy By-Design, Zero Trust Architecture (ZTA), Ransomware Recovery, Threat Modeling, and Security Development Lifecycle (SDL) for both Cloud and Applications.
2. Instrumental in providing various organizations with essential guidance to build secure solutions to address current cyber security problems and has been innovating the way organizations design their products and applications securely.
3. Started off as a pen-tester and hence has the complete spectrum of expereince in SDL.
4. Currently, as the Director of Product Security Engineering at GoDaddy, innovating with SDL using AI capabilities.
5. A respected public speaker and active member of various security forums. A staunch advocate for diversity and inclusion (D&I), serve as a mentor for many women at WiCyS, EWF, promoting a culture of equality and empowerment

Link to My Video

Questions

What unique strategic goal do you intend to bring on board, if you are elected?

1. AI Powered Application Security Strategy: The security industry continues to struggle with expensive solutions that often fail to deliver high-quality, actionable insights necessary for effectively addressing security challenges. I intend to bring onboard a strategic initiative where OWASP will lead a global initiative to develop a comprehensive framework for AI-driven application security strategy. This framework would be built through collaboration with security professionals, data engineers, organizations, and academic institutions worldwide, providing universally applicable guidelines, best practices, and standards for integrating AI-based security measures. By fostering a global collaboration, we can ensure that organizations of all sizes and regions are empowered to leverage AI to address modern application security challenges effectively, reduce costs, and improve resilience against evolving threats without compromising on their product’s time to market.

2. Strategic Academic & Industry Partnerships for better Local Impact: My second strategic goal is to strengthen OWASP’s local impact through targeted academic and industry partnerships. By collaborating with universities, research institutions, and key players in the tech industry, OWASP can create a robust pipeline of new talent and ideas, ensuring a steady flow of innovative security solutions. These partnerships will focus on developing and delivering localized training programs, research initiatives, and community outreach activities that reflect the unique challenges and needs of different regions. We will sponsor hackathons and offer internship and mentorship opportunities to students and professionals. This approach not only strengthens OWASP’s local presence but also enhances its relevance and impact on a global scale.

What is your vision for OWASP over the next three to five years?

As a security engineering director with a deep commitment to advancing application security, my vision for OWASP over the next three to five years revolves around three key pillars: Accessibility, Innovation, and Collaboration.

1. Accessibility: I would focus on expanding the reach of OWASP’s resources through localized content, multilingual support, and partnerships with educational institutions. Additionally, prioritize developing GenZ friendly interfaces and guided tutorials for OWASP to ensure adoption across GenZ.
2. Innovation: In an era where application landscapes are rapidly evolving, OWASP must support innovation through AI and automation. My vision includes spearheading initiatives that guide integration of AI-driven solutions into OWASP’s existing frameworks to make them more dynamic.
3. Collaboration: OWASP’s strength lies in its community. In the coming years, I see an even stronger emphasis on fostering global collaboration. This involves expanding OWASP’s presence in regions with emerging tech ecosystems, enhancing opportunities for cross-regional knowledge exchange, and establishing OWASP as a global authority in application security. I would champion initiatives that encourage more contributions from diverse voices, including those in underrepresented regions, and focus on remaining relevant and impactful across the globe. In summary, my vision is to position OWASP as a leader not only in application security but as a transformative force driving secure software development practices globally. Through accessibility, innovation, collaboration, and measurable impact, OWASP can continue to protect and empower the world’s software ecosystem for the next three to five years and beyond.

What contributions have you personally made to OWASP or other open source projects?

Although I have not contributed directly to OWASP projects, I am a strong advocate for OWASP resources. As a mentor to many aspiring application security professionals in India, I have consistently encouraged them to begin their security journey with OWASP. In addition to my advocacy, my industry contributions include:

• Contributing to Zero Trust Training for CSA
• Authoring and Leading “Threat Modeling At Scale” whitepaper for SAFECode
• Writing the Code Integrity blog series for SAFECode
• Speaking at various security forums and panels
• Serving as a mentor at organizations such as WiCyS and EWF to promote Diversity and Inclusion.

What strategies would you implement to increase community engagement and participation in OWASP?

. Collaborate with industry partners to host more regionally focused OWASP conferences, enhancing accessibility and engagement.

1. Create mentorship and networking opportunities specifically for underrepresented groups in cybersecurity, promoting diversity within the community.
2. Recognize and reward local chapters for their contributions and achievements, encouraging continued engagement and growth.
3. Implement a system to recognize and reward the valuable work of current contributors, highlighting their impact on the organization.
4. Opportunities for existing contributors to engage in cross-training across different security domains, broadening their expertise and fostering collaboration.
5. Increase the visibility and influence of key contributors by promoting their work and achievements within the community and industry.

What will be your efforts to ensure OWASP continues to be a centerpiece in software security?

The goals, vision, and strategies outlined above will help ensure that OWASP remains a central piece in software security.

What should OWASP stop doing and why?

Projects or initiatives that are no longer relevant or have not been updated in a significant period, OWASP should consider phasing them out or merging them with more current efforts. This helps prevent resource dilution and ensures focus on impactful, up-to-date projects.