Diego Silva Martins
About Me
I am a seasoned security professional with extensive experience in handling complex projects. My expertise lies in API Management, SIEM, Single-Sign-On, Identity & Access Management, and Privileged Access Management. Currently, I hold the position of Security Technical Specialist at IBM, where I am dedicated to implementing security solutions and integrations to modernize legacy applications with enhanced security and reliability. With over 20 years in the information technology industry, I began my career as a developer and evolved into a full-stack developer before transitioning into the security domain. In this role, I developed a multitude of connectors for SIEM and continually strive to enhance cybersecurity by creating solutions that eliminate process gaps and fortify the confidentiality, integrity, and availability of systems. Also, I started to learn more about API Security and Management during my time with CA Technologies, where I learned deeply about the potential flaws in the API lifecycle.
I’m counting on your support this October. When you’re faced with a choice among outstanding candidates, I urge you to cast your vote for Diego Silva Martins for the Board of Directors. Together, let’s embark on a journey to bring about positive changes and take the OWASP community to greater heights!
I am committed to spearheading initiatives that will expand and enrich our community, bolster our projects, secure the necessary resources for their success, and elevate our fundraising endeavors to further our mission. Your vote for me is an investment in a better and stronger OWASP community.
My Linkedin is https://www.linkedin.com/in/dsmartins/, let’s connect!!
Link to My Video
Questions
What unique strategic goal do you intend to bring on board, if you are elected?
If elected to the OWASP board, my strategy would be to establish more benefits to OWASP members in a way to increase engagement, knowledge transfers, mentorship for security professionals and recruitment for mentors, that way we can foster a more connected and supportive OWASP community. Focusing on mentorship, we create a multiplier effect for OWASP’s impact, ensuring that the organization’s wealth of knowledge and resources reaches and influences a broader audience in a more personalized and effective manner.
What is your vision for OWASP over the next three to five years?
We need to focus on fostering a more inclusive and dynamic security community, that way we can expand our impact over the next five years. Things like expanding technology coverage, for example, broadening the focus beyond web applications to emerging areas like IoT, AI/ML, and quantum computing security. Creating comprehensive guidance for cloud-native and nerveless architectures. Also, we need to enhance Collaboration Tools to be able to implement a modern, user-friendly collaboration platform for project management and communication
What contributions have you personally made to OWASP or other open source projects?
I have no relevant or memorable contributions to OWASP, I have been a member since 2021 and have participated in trainings, and I feel a huge lack of greater communication and awareness of the available tools and how we can contribute to projects so that they become even more relevant and viable.
What strategies would you implement to increase community engagement and participation in OWASP?
OWASP needs to be more accessible, engaging, and responsive to the needs of a diverse global community. Simplify the onboarding, creating or providing a mentorship program pairing newcomers with experienced members, also, localization efforts, bring the community to help with translation of key resources into multiple languages, supporting and promoting local OWASP chapters more actively. We need to bring the early professionals to learn and contribute, one of the initiatives should be virtual hackathons or security challenges with universities.
What will be your efforts to ensure OWASP continues to be a centerpiece in software security?
Make OWASP not just a reference point, but an integral part of the software security ecosystem, embedded in tools, processes, and education at all levels of the industry. Need to modernize and expand core resources, and education initiatives, improve our accessibility and usability, and foster innovation in security tools for emerging technologies.
What should OWASP stop doing and why?
Changes are needed, and I would say stop doing it but start doing it differently. Such as overemphasis on Web Application Security and not looking into emerging technologies like IoT, AI/ML, and cloud-native architectures. Stop wasting resources to maintain outdated projects or not-used projects. Some OWASP resources are overly complex, making them challenging for newcomers to understand and apply.