Re: I'd love to get more involved and see what I can do to help

6 views

Skip to first unread message

Zoe Braiterman

unread,

Jan 18, 2022, 9:43:09 AM1/18/22

to Sal Kimmich, wia-co...@owasp.org

Hi Sal,

Thank you for introducing yourself to the team. It was great connecting during Saturday’s meetup.

Looking forward to continuing to having you / your expertise as part of the group.

Best,

Zoe

On Tue, Jan 18, 2022 at 5:17 AM Sal Kimmich <salki...@gmail.com> wrote:

---------- Forwarded message ---------
From: Sal Kimmich <salki...@gmail.com>
Date: Mon, Jan 17, 2022 at 10:52 PM
Subject: I'd love to get more involved and see what I can do to help
To: <wia-co...@owasp.org>

Hello WIA Committee,

Thanks so much for having me join in on the Saturday session, I'll definitely keep showing up!

I'd love to get more involved and see what I can do to help.

I'm employed by Sonatype, but I call them the Trader Joes of cybersecurity: a very American reference - but it means that we are doing the function of cybersecurity with something else added in, and that's real open-source energy. I took on the role of developer relations with this team only because they let me tie my KPIs to open source progress, not to revenue. I've never been offered that privilege from my conversations even with non-profit foundations that claim to be helping open source in every language ecosystem. Sonatype gives about 20mil in revenue to recording and maintaining the Apache Software Foundation's Maven Central repository - they created the first security net around an entire language base (Java) and they are expanding that security net to more modern languages now. It's a really cool place to be if you plan to be around in the future of the modern internet.

I started in open source science with the global and distributed computing of neuro datasets, and I am an expert in the modern open-source supply chain. As a cloud computing engineer by practice, I have a mind on what architecture security looks like in 5 years when executing codebases have cheap access to pulled data storage. I really only care about security when it hits machine learning pipelines, and that's urgent progress we need to make across several languages, and definitely with regards to secure cloud computing.

Let me know what I can do to help,
Sal Kimmich

Zoe Braiterman

Chair, OWASP Women in AppSec (WIA) Committee

OWASP NYC Chapter Leader

Reply all

Reply to author

Forward

0 new messages