Tuesday, 15 March 2011

Working with SI on Team Mentor and OWASP projects

In a model very similar to the contracts I had previously with Ounce Labs and ABN AMRO, I recently signed a professional services contract with Security Innovation

This is quite an exciting opportunity for me. Not only I'm going to be working with great people, the TeamMentor project has lots of potential and the SI guys seem very interested in O2.

Here are my areas of responsibilities (verbatim from my contract):
  • TeamMentor Product Development - Taking full responsibility for the TeamMentor product
  • TeamMentor Metrics - Understanding and visualizing how the product is currently used
  • SI Community outreach - Representing SI in the industry
    • Leadership of OWASP Projects: OWASP Exams, OWASP Certification, OWASP Academies, OWASP SDL Implementation project
    • Presentations at OWASP , developer’s Conferences (TBD) or WebCasts (TBD)
    • Blog and article creation
  • O2 Integration with SI Product and services - Introduce SI teams to O2 capabilities and features
An interesting note, is the fact that this is one of the first times that my OWASP involvement is directly mapped into one of my contracts.

My initial focus is going to be on the TeamMentor product, which should keep me busy for the first month(s).

What is also VERY interesting 'from the point of view of Application Security', is that I am now going to be directly involved and responsible for an application's security (so if you find a vulnerability in TeamMentor please email it to me ASAP :) ).

This relationship will also (occasionally) put me in a position where I am representing an 'vendor'. This is going to force me to be very disciplined in my OWASP relationships, and I will want to take this opportunity to clarify the 'OWASP-rules-of-engagement' between commercial parties and OWASP (something that today is a very fuzzy area)

Let me know what you think of this, and (since it will change quite a bit) keep an eye on TeamMentor :)