Xien Singh

Looking at developers and the thought process they follow, while I might not speak for every developer, being a senior lead developer I know that interest grabbing is achieved by great stories, so it's no surprise that content is one of the most powerful tools in driving community engagement. The goal is to create engaging content that inspires, informs, and challenges all readers, this is one of the most reliable ways to engage developers in the conversation and attracting developers to embrace change.

Together with other OWASP Members - creating engaging content and sharing the content with those in our networks by either sharing links or infographics to various platforms to create awearness - the important aspect in terms of attracting developers is to give them meaty content that creates a thirst to know more and a sense of challenge without the boredom that is attached with learning something new especially concepts that lies outside of their domain.

Other methods to engage developers could include having regular hackathons or challenges that calls for developers to experiment with secure coding practices as all industries are either embracing cyber security or have already. With more individuals coming to showcase and enhance their skills, it will result in gaining momentum in attracting the attention of developers and others within the tech industry, furthermore, engaging social platforms like Discord, Telegram etc, will allow for developers to come together to collabarate and learn from each other while we as OWASP push learning content. Building on my earlier statement - we as OWASP could conceptulise the platform that developers and other enthusiasts which allow the communities to come together and work on OWASP projects which not only creates a secure application but creates stickiness within the project and the OWASP concepts and paradigms.

Having worked with schools and local authorities during community driven initiatives it is apparent that  fund raising by means of gaining contributions from corporate entities and local communities are the gotos. Fund raising should  have a well structured and clearly defined model in terms of what the organisation is going to use the funding for is most important for any entity that is looking engaging with an NPO.

The first step is to reach out to your current network and engage with entities that still have their CSR (Coporate Social Responsibilty) budgets available to invest in the digital security hygiene of the communities they serve.

The talent (staff) within NPOs generally share aligned visions with the organisations and work with organisations that provide them with a sense of purpose. By providing clearly outlined structures in terms of goals and objectives and being present for the members is most critical in terms of engaging and retaining the talent, establishing communication channels that are reachable for all members are critical in maintaining engagement and listening to those that wish to converse.

Revenue is a critical resource in any organisation, but so is maintaining the security of their applications and assets. By engaging organisations no matter how big or small about the OWASP movement we are able to quantify and qualify the benefits our organisation (OWASP) brings to them - they will be more willing to sponsor, join as a “partner” or want to be affiliated with OWASP and what we stand for. This approach allows us to push a bigger brand awearness by various means which work in a mutualistic manner for example, one approach would be to maintain a similar paradigm that exits whereby on our OWASP site we display our sponsors, but I am yet to go to a site that bears the OWASP logo or branding to say that they are in compliance with our standards and guidelines - we could look at a tiered approach in terms of creating brand awareness - being affiliated or being a sponsor of OWASP our sponors could get a badge which could be embed onto their sites or posted on social platforms.This will result in us gaining further traction in terms of more people being aware of OWASP and what we stand for. 

OWASP, founded in 2001, is known by many but is yet to become a household name, I believe we can make OWASP a name and movement known by everyone.

Now, I know it seems like I have been advocating for brand awearness and not really discussed the actual question, however, by us being a bigger brand we are able to approach bigger entities for funding as well as community engagement, all parties will be more than willing to contribute towards the movement.

The biggest issue is attracting more individuals to the movement, however the manner in which we address this needs to evolve - I am based in South Africa, we have no local chapters or meetups, the requirements to start a chapter is a bit restrictive especially in countries and areas that may not be able to meet the conditions as outlined - now, I fully understand policies and procdures are to be maintained and followed, however, adjustments can be made to make gaining access to our movement from those that do not have local chapters set up so we are able to engage with all that are wanting to get involved but may encounter barriers, furthermore, creating a rich soical presence will allow us to engage with those who are trying to get involved or are curious so that we can then create further interest and expand our movement.

There is a big need for validation be it organisational or personal, for us to work on this intrinsic instinct we should develop and implement a validation program whereby we are able to issue a certificate of compliance with the OWASP Top 10 or Mobile Application Security Guidelines as examples. The ability to boast certification becomes a huge goal for organisations and individuals especially those within the OpenSource space that look for sponsors and work off crowd funding. Receiving an OWASP certification against a release of their software or architecture will make the adoption of their projects more often and in turn puts a bigger focus on us as a result more and more individuals and organisations will adopt our projects if similar approaches are taken with each of the projects and the new projects that may arise within OWASP in the future.