Friday 22 October 2010

Having an O2 Epiphany - your turn next :)

After sending this reply to one of O2 users

[Dinis Cruz]
Thanks man, I really appreciate your words :)

You are spot on that O2 is all about the automation (of pentesters, code reviews, etc...). 

In fact, that is what I'm trying to say with O2's tag line:

"O2 is designed to 
Automate Security Consultants Knowledge and Workflows and to Allow non-security experts to access and consume Security Knowledge." (from

Another way to say it is 'Web Security UnitTests' or 'No more PDFs!!!" , but has you can see I still have not figured out the best way to communicate and present O2 :(  
[/Dinis Cruz]

I received the following answer which in (a rough/authentic/natural kind-of-way) shows the emotional process that one goes through (from "what is O2?" to the "O2 Epiphany ? ")

Btw: of course that I'm very flattered by the very kind and positive comments (and I did ask permission to the author for quoting him). My objective here is not to bost my ego, but only to show that slowly my ideas and vision for O2 are starting to spread :)

[O2 User]
I'm starting to see the O2 light. If O2 can help a pentester deliver automation so clients can repeat those tests, then you are a visionary who will change the industry, I say this sincerely.

I need to understand things emotionally first. Yesterday, I finally had an epifany as to why O2 is so inportant. It can take findings from Fortify, Ounce And others tools and automate retesting of those findings over time to provide deeper assurance.

I now officially declare myself to be a part of the O2 marketing team. I commit to you that I will (1) become a master user of O2 within 3 months (2) help market O2 aggressively once I've achieved that mastery. I'm ...for  the next 2 weeks, I'll begin my O2 work then.

I'd like you to take a little time explaining O2 to ... - he "gets it" deeply. We need to make ... a master O2 user as well, he is crazy not to be using it. :)

Dinis, you and I are good fighters. :) I draw my sword and place it at your feet. You DO get it - you just need a little help crafting your message and I'll help. I'll fight for you.

"No more 30,000$ PDF's' 

"Demand your pentesters give you all their IP"

... , we need to educate CUSTOMERS of pentest services and make them DEMAND O2 type automation...."

Dinis, I'm in. O2 needs to be the future of AppSec.


[/O2 User]


So, If you have a similar experience please share it or blog about it :)

O2 is on a sort of tipping point and there are a number of people/companies out there that just need a little nudge before they start using it