Harold Blankenship
About Me
As an avid believer in the OWASP mission, I encourage the proliferation of free and open-source solutions to the on-going security issues affecting us all. As the previous Director of Projects and Technology at OWASP, I have a firm understanding of one of the organization’s most important and pivotal pillars - projects. I want to see the projects thrive at OWASP and thriving projects require funding. My background has been in software development, software management, and I.T. I have a B.S. in Computer Science and a M.S. in Cybersecurity. I am currently the Director of Community and Customer Success at DefectDojo Inc.
Link to My Video
Harold Blankenship YouTube Video
Questions
What unique strategic goal do you intend to bring on board, if you are elected?
I would like to pivot the board from operational oversight toward one of its most important goals - fiduciary growth. OWASP has been a huge presence in global application security with very small funding (mostly from all of you). It is time to ask the big players who have benefited from the OWASP community to commit to supporting the future of OWASP and to pursue every avenue of financial growth while still maintaining the vendor-independence that OWASP is lauded for.
What is your vision for OWASP over the next three to five years?
I envision OWASP as continuing to lead the space in open source security, growing from a 3 million dollar company to something closer to 20 million.
What contributions have you personally made to OWASP or other open source projects?
I was on the staff as the Director of Projects and Technology and, as part of that, I was responsible for moving the organization from the old wiki to the new github-based website. I have, along with Fabio Cerullo, been an administrator for OWASP’s yearly efforts in the Google Summer of Code. I am the also a leader of the OWASP Developer Guide, the vice-chair of the events committee, I have participated in CfT/CfP reviews, and I have volunteered at this most recent OWASP Global AppSec in San Francisco.
What strategies would you implement to increase community engagement and participation in OWASP?
I just this past week had a conversation with some of the staff, board, and community about engaging developers; the net of that conversation was that developers need to be met where they are. This means putting more effort in OWASP attending and our community speaking at current developer events. I believe that through such participation we can eventually start having developer-focused content at our own events, thus giving them a reason to attend. Aside from developers, OWASP should endeavor to communicate more often and effectively with the community
What will be your efforts to ensure OWASP continues to be a centerpiece in software security?
Luckily for the foundation, I recognize my own efforts are not where this resides. OWASP should continue to foster the community and the community is what ensures that OWASP will remain to be a centerpiece in software security.
What should OWASP stop doing and why?
First and foremost the OWASP board needs to stop putting so much effort and time into operational oversight; by focusing on HOW the foundation is operating, the board loses sight of the strategic mission set before it. The board has an Executive Director for managing the how. Second, OWASP has historically relied heavily on event sponsorship to keep the doors open (financially) and the reliance on events as THE major income stream needs to stop; we need to diversify the funding streams and actively, aggressively pursue other avenues.
So, please vote in the OWASP Board elections and, if you are so inclined, vote for me. Help me help OWASP continue into the next decade.