Web Admin Blog Real Web Admins. Real World Experience.

1Dec/150

The OWASP Board “Ivory Tower” Dilemma

I have been an active member of the OWASP community in some form since 2007.  I've been the OWASP Austin Chapter Leader, served as the Chair of the Global Chapters Committee, and, most recently, was elected (and re-elected) to the OWASP Board of Directors.  In the past, I have heard a number of people in our community compare the Board to an "Ivory Tower".  They would say that they were unapproachable and preferred to let others do the work while they pulled the strings of the Foundation from behind the scenes.  I think there may be some truth to that statement, but I told myself when I ran for the Board that I wouldn't be like that.  I want people to feel like I am out there actively trying to solve the problems of our community.  Case in point, in my 23 months on the OWASP Board, I have proposed more Bylaw changes and new policies than anybody else.

As I continue to try to be a man of action, I find that I am often one of the first Board members on the scene in times of crisis.  On multiple occasions I've shunned the historical "Ivory Tower" approach to managing the organization and dove head in to the situation at hand.  My assumption has been that I was elected because I have an opinion, not in spite of it.  In each case I've tried to present a clear and concise analysis of my view of the situation.  I've tried to offer up suggestions on next steps or provide data points that others may not have been aware of.  Being such a diverse community has many strengths, however, one weakness is that it is difficult to drive to a consensus on anything.  It really doesn't matter what side of the issue you are on, it always seems like some will agree with you and others will not.  Frequently, what begins as an intended friendly and spirited debate, ends with somebody feeling marginalized because a decision was made that they did not agree with.  It's sad when this happens, but is inevitable when you mix passionate people with issues that do not have binary answers.

This leads me back to the "Ivory Tower" dilemma.  If my desire is to actively be a part of the community, then I place myself directly in a position of potential conflict when I speak.  I'm not allowed to speak as Josh, the community member, because the perception is that I am always speaking with my Board member hat on.  And I have a strong feeling that this perception of Board members speaking authoritatively is what leads a person on the other side to feel marginalized.  Definitely not intended, at least on my part, but that's what I've started to gather from some of the feedback that I've received.  So if that's the case, then I begin to wonder if the situation would have been better off had I held my tongue and refrained from jumping into the discussion in order to let our community continue to fight it out or to let another Board member, our Executive Director, or somebody else communicate the Board's analysis and actions.  But, if I do that, aren't I now perpetuating the stereotype of the OWASP Board being an "Ivory Tower"?

I'm not sure that there is a right or wrong answer here and nobody said that being a Board member would be easy, but I can't say that I ever expected to need to give up my personal voice with the community (the one that likely got me elected to the Board in the first place) in order to serve the Board.  That said, it genuinely saddens me when an extremely valued OWASP volunteer feels the need to leave in order to make a point.  It is a huge loss for the OWASP Foundation and one that I, regrettably, played a role in provoking.  I don't apologize for my stance on the issue that was being debated.  I feel that we should all be allowed to have an opinion and I still support the actions of the Board thus far.  That said, if I could take back my words, crawl back into that "Ivory Tower", and let someone else do the talking in this particular situation, I'm sorry to say that I would.

Johanna, I'm sorry that it turned out this way.  You may not believe it, but I sincerely respect and appreciate what you have done for the OWASP Foundation more than words can express.  You have brought order where there was chaos and a dedication to the cause that was matched only by your intellect.  I feel that we don't have to always agree on a vision in order for me to appreciate your perspective.  I regret that I never conveyed that to you before now.  I'm sorry.

Comments (0) Trackbacks (0)

No comments yet.


Leave a comment

No trackbacks yet.