Agile and DevOps East


Discover the latest in agile & DevOps methods, tools, and leadership practices. Get ideas and inspiration from experts and peers


Agile + DevOps East brings together practitioners seeking to accelerate the delivery of reliable, secure software applications. Find out how the practice of Agile & DevOps brings cross-functional stakeholders together to deliver software with greater speed and agility while meeting quality and security demands. Learn from industry experts how your organization can leverage Agile and DevOps concepts to improve deployment frequency and time to market, reduce lead time, and more successfully deliver stable new features.


Topic coverage:

  • Agile and DevOps Leadership
  • Agile Engineering Practices
  • Agile Testing and Automation
  • Building Agile and DevOps Cultures
  • Continuous Integration
  • Continuous Delivery/Deployment
  • DevSecOps
  • Scaling Agile and DevOps Capabilities
  • Digital Transformation
  • Agile and DevOps Certification Training


Don’t miss featured keynote speaker, John Willis, DevOps pioneer and coauthor of the books The Phoenix Project and Beyond the Phoenix Project, for his talk on how he and coauthor Gene Kim, set out to research and describe the foundational ideas that these books are based upon. Understand where DevOps came from, what success organizations are having by applying DevOps principles, and what lies in the future for the DevOps revolution.


Register now using CISQ’s exclusive promo code — CECM — and save up to $200 off your registration!

OWASP AppSec USA 2018


OWASP is hosting AppSec USA from October 8-12, 2018 at the Fairmont Hotel in San Jose, California.


CISQ members are eligible to receive $50 off the ticket price. Apply the code CMCISQ50 at registration.


What happens at an AppSec USA Conference?

  • Technical talks by experts in security, devops and cloud
  • Panels to debate tough topics
  • Training sessions for hands-on learning in top security areas
  • Keynotes from industry leaders
  • Vendor booths to promote the latest advances in security technology
  • A variety of other activities such as career fair, capture the flag, security tool training, and more


Gartner Application Strategies & Solutions Summit 2018

Date: November 27-29, 2018
Venue: Caesars Palace, 3570 Las Vegas Blvd South, Las Vegas, NV 89109
Special rate: CISQ members save $325 off the registration fee! Apply the code GARTOMG at registration



Take your application strategy to the next level with agile, DevOps, APIs and microservices


The future of applications depends on effective legacy modernization as much as innovation. This year’s Gartner Application Strategies & Solutions Summit 2018 will focus on these dual priorities, exploring the latest approaches to optimize existing applications and infrastructure as well as leading-edge technologies driving business transformation.


Recommended tracks:

  • Application Leaders and the Future of Digital Business
  • Crafting and Implementing an Effective Application Strategy
  • Architecting for Digital Excellence
  • Application Development for Superior User Experiences
  • Integration Strategies to Connect Digital Ecosystems
  • Exceeding Expectations with New User Experiences
  • Customer Technology: Turning Vision into Reality
  • Preparing for Next Generation Technologies


Gartner IT Sourcing, Procurement, Vendor and Asset Management Summit 2018

Date: September 5-7, 2018
Venue: Hilton Orlando, 6001 Destination Parkway, Orlando, FL 32819
Special rate: CISQ members save $350 off the registration fee! Apply the code GARTOMG at registration



Drive Business Performance and Cost Optimization for your Sourcing, Procurement, Finance, Vendor and Asset Management Strategies

Did your last software negotiation or cloud deal achieve the right business outcomes? Are your sourcing and procurement processes evolving fast enough to increase agility? How quickly can you leverage the external technology market for new ideas and innovative solutions?


Gartner IT Sourcing, Procurement, Vendor and Asset Management Summit 2018, September 5 – 7, in Orlando, FL is designed to help leaders in IT sourcing, procurement, vendor management, asset management and IT finance to acquire and manage the IT Services and products that will enable their organizations to achieve their business objectives. The eight-track agenda is designed to cover sourcing, procurement, financial, asset and vendor management professionals’ top priorities.


  • Track A: Sourcing Leaders: Strategic Sourcing for Business Value and Digital Innovation
  • Track B: Procurement Leaders: Enabling Business Success through Cost Optimization, Risk Mitigation and Speed
  • Track C: IT Asset Management Leaders: Maturing ITAM in a Digital World
  • Track D: IT Finance Leaders: Optimizing Cost and Value through IT Finance Evolution
  • Track E: Vendor Management Leaders: Driving Business Outcomes and Manage Risks with Disciplined Vendor Management
  • Track F: Negotiating software and SaaS contracts to support and enable digital business
  • Track G: The IT Services Marketplace: Leveraging IT Services in the Age of Digital Transformation and Cyber Threats
  • Track H: The Cloud and Hybrid Solutions Marketplace: Maximizing Business Outcomes with Cloud and Hybrid Offerings
  • Track I: Senior Leadership Circle: Advanced Learnings in Sourcing, Procurement, and Vendor Management






Webinar: Expecting Secure, High-Quality Software: Mitigating Risks throughout the Lifecycle

Speaker: Joe Jarzombek, Director for Government, Aerospace and Defense Programs, Synopsys, Inc.

Presented live on September 10, 2018



This CISQ webinar is brought to you by our sponsor, Synopsys


As the cyber threat landscape evolves and external dependencies grow more complex, managing risk in the supply chain must focus on the entire lifecycle.  The Internet of Things (IoT) is contributing to a massive proliferation of a variety of types of software-reliant, connected devices throughout critical infrastructure sectors.  With IoT increasingly dependent upon third-party software of unknown provenance and pedigree, software composition analysis and other forms of testing are needed to determine ‘fitness for use’ and trustworthiness. Application vulnerability management should leverage automated means for detecting weaknesses and vulnerabilities. Addressing software supply chain dependencies enables enterprises to harden their attack surface by: comprehensively identifying exploitable components and providing more responsive mitigations.  Security automation tools and services, and testing and certification programs now provide means upon which organizations can use to reduce risk exposures attributable to exploitable software in IoT devices.


Attendees will learn:

  • How external dependencies create risks throughout the IoT/software supply chain;
  • How software composition, static code analysis, fuzzing, and other forms of testing can be used to determine weaknesses and vulnerabilities that represent vectors for attack and exploitation;
  • How testing can support procurement and enterprise risk management to reduce risk exposures attributable to exploitable software in IoT devices.


Watch the webinar on CISQ YouTube / Download the presentation



Resources from Synopsys:

Synopsys Continuous Integration Continuous Delivery and Deployment

Coverity Static Analysis

Black Duck Software Composition Analysis

Black Duck Binary Analysis

Synopsys Fuzz Testing Defensics





The Place for Software Testing Innovations


STARWEST is one of the longest-running and most respected conferences on software testing and quality assurance. The event week features over 100 learning and networking opportunities and covers a wide variety of some of the most in-demand topics and innovations:

  • Testing in DevOps
  • Test Transformation
  • Test and Release Automation
  • Agile Testing
  • Testing for Developers
  • Security Testing
  • Test Strategy, Planning, Metrics
  • Test Leadership
  • Performance Testing and Monitoring
  • Big Data, Analytics, AI/Machine Learning for Testing


View the agenda here


Register now using CISQ’s exclusive promo code — SWCM — and save up to $200 off your registration! Additionally, if you register by August 31, you will save up to an additional $200 off with super early bird pricing — a combined savings of up to $400.*

Cyber Resilience Summit: The Crossroads of IT Modernization and Cybersecurity


TOPIC: Reducing Modernization Risk through Compliance to Software and Risk Management Standards


HOSTED BY: Consortium for IT Software Quality™ (CISQ™) in cooperation with the Object Management Group® (OMG®) and IT Acquisition Advisory Council (IT-AAC)




The 6th semiannual Cyber Resilience Summit: The Crossroads of Modernization and Cybersecurity returns to Arlington, VA in October. The program focuses on standards and best practices for measuring risk and quality in IT-intensive programs from the standpoint of productivity, software assurance, overall quality and system/mission risk. Discussions expose proven methods and tools of incorporating such standard quality metrics into the IT software development, sustainment and acquisition processes.


Our message to attendees: This is a unique opportunity to get this right for the next twenty years. You are deploying the “legacy systems of tomorrow” and need sustainable outcomes.




To access presentations, visit or visit CISQ Members Area under “Event and Seminar Presentations”





8:00 Welcome to the Cyber Resilience Summit

Dr. Bill Curtis, Executive Director, Consortium for IT Software Quality (CISQ)

John Weiler, Vice Chair, IT Acquisition Advisory Council (IT-AAC)

8:15 Titans of Cyber: Critical Success Factors for Modernizing and Securing Government IT

Lead: John Weiler, Vice Chair, IT Acquisition Advisory Council (IT-AAC)


Federal IT leaders brief on priorities, policy and plans for modernizing and securing government IT, building momentum from the “forcing functions” of the Federal IT Acquisition Reform Act (FITARA), Executive Order 13800 for Cybersecurity, Modernizing Government Technology (MGT) Act, and the President’s Management Agenda.


Titans of Cyber speakers:

  • Mark Hakun, Deputy Chief Information Officer, National Security Agency
  • Scott Tousley, Deputy Director, Cyber Security Division, U.S. Department of Homeland Security Science and Technology Directorate
  • Susan Dorr, Intelligence Community, Chief Information Security Officer (IC CISO) and Director, Intelligence Community, Chief Information Officer, Cybersecurity Division (IC CIO CSD)
  • Mark Kneidinger, Deputy Director, National Risk Management Center, U.S. Department of Homeland Security
9:30 Trustworthy Systems Manifesto from CISQ

Dr. Bill Curtis, Executive Director, Consortium for IT Software Quality (CISQ)


As businesses and governments automate more of their business and mission processes, the risk to which Information Technology (IT) exposes the organization grows dramatically. In an era of 9-digit defects (IT incidents with damages over $100,000,000), senior executives outside IT are held accountable and some have lost their jobs.


CISQ will brief on cyber risk measurement standards and then introduce a Trustworthy Systems Manifesto. The Manifesto contains a set of principles that senior business and public executives should hold IT accountable for implementing to ensure the systems to which they have entrusted the business or mission are trustworthy. A trustworthy system is one that is secure from unauthorized users and actions, reliable in its performance, resilient to unexpected conditions, and accurate in its computations.


 10:15 Break & Networking
 10:30 Supply Chain Risk Management (SCRM) Gets Legislative Attention

Lead: Joe Jarzombek, Director for Government, Defense and Aerospace Programs, Synopsys and Board Member, Consortium for IT Software Quality (CISQ)


Software supply chain assurance is finally en vogue. The Pentagon is evaluating how to insert security metrics into the acquisition process to measure cyber risk on the same scale as cost, schedule, and performance. The phrase “shift left” from software development circles applies here, referring to the practice of mitigating risk earlier in the system lifecycle to avoid costly, compounded technical debt and unacceptable levels of risk from vulnerabilities and compromise. This panel will discuss the latest developments, best practices, and standards of practice for SCRM.



  • William Stephens, Director of Counterintelligence, Defense Security Service
  • Don Davidson, Deputy Director, Cybersecurity Risk Management (+ Chief of SCRM Division), Office of the Deputy DoD-CIO for Cybersecurity
  • Shon Lyublanovits, Senior Advisor for Cybersecurity, GSA
  • Dr. Allan Friedman, Director, Cybersecurity Initiatives, National Telecommunications and Information Administration, U.S. Department of Commerce
 11:30 Continuous Diagnostics and Mitigation (CDM) Moves to Phase 4

Betsy Kulick, CDM Program Deputy Director, U.S. Department of Homeland Security


One of the biggest cybersecurity programs in the U.S. Federal Government is Continuous Diagnostics and Mitigation (CDM) at the Department of Homeland Security. This session will discuss the CDM roadmap and phase 4 of the program which targets protection of data and the application stack.


12:15 Lunch & Networking
1:15 Regulators Roundtable: Best Practices in Cyber Policy for Industry

Lead: Dr. Bill Curtis, Executive Director, Consortium for IT Software Quality (CISQ)


This cross-agency panel will discuss how cyber risk is measured and how cyber policy is set and implemented in the industries they regulate. What can agencies learn from each other in addressing the challenges of regulating industries?  How do agencies strike the right balance in protecting citizens without stifling the pace of industry and innovation? What can industry learn from the government’s cyber practices?



  • Chris Hetner, Senior Cybersecurity Advisor to the Chairman, U.S. Securities and Exchange Commission
  • Bethany Dugan, Deputy Comptroller for Operational Risk, Office of the Comptroller of the Currency
  • Dr. Seth Carmody, Cybersecurity Program Manager, U.S. Food and Drug Administration (FDA Cybersecurity Resource)
  • Donald Saxinger, Chief, IT Supervision, Division of Risk Management Supervision, FDIC
 2:15 Innovative Methods for Producing Cybersecure Software

Lead: Girish Seshagiri, EVP and CTO, ISHPI Information Technologies and Board Member, Consortium for IT Software Quality (CISQ)


The IT standards community is driving initiatives to automate cyber risk measurement and cyber threat modeling. In tandem, workforce development is critical to meeting the government’s cyber challenges and our nation’s IT skills gap. This panel of subject matter experts will brief the audience on methods for producing cybersecure, resilient and sustainable software systems through practice and education.



  • Paul Seay, Northrop Grumman Fellow, Engineering Center of Excellence, NGMS Engineering, Sciences, and Technology, Northrop Grumman Corporation
  • Bill Newhouse, Deputy Director, National Initiative for Cybersecurity Education (NICE); Security Engineer, National Cybersecurity Center of Excellence (NCCoE), NIST
  • Robert Martin, Senior Principal Engineer, MITRE
3:15 Closing Remarks




Army Navy Country Club

Grand Ballroom, 2nd floor

1700 Army Navy Drive, Arlington, VA

website: phone: 703-521-6800




















OWASP AppSec EU 2018


The OWASP Annual AppSec EU Security Conference is the premier application security conference for European developers and security experts. AppSec EU provides attendees with insight into leading speakers for application security and cyber security, training sessions on various applications, networking, connections and exposure to the best practices in cybersecurity.


The event begins with thirteen hands-on pre conference training programs from 2nd to 4th of July 2018. The main conference spans two days from 5th to 6th of July 2018, offering four full tracks of talks, for pen-testers and ethical hackers, developers and security engineers, DevOps practices and GRC/risk level talks for managers and CISOs. This year’s conference program will focus on the bottom to the top and top to the bottom in application security.


The week is packed full of exciting opportunities and distractions such as the Women in Appsec gatherings, Capture The Flag, University Challenge and a great evening out at the AppSec EU 2018 Networking Event at the Imperial War Museums. There is so much to do at AppSec EU its a perfect blend of training, experiences, networking and fun.


CISQ members save $50 off the registration fee with the special code EU18-CISQ50. This code applies for the registration option of Conference and Networking Reception Event.  Register today!


New Texas State Laws for IT Project Performance and Cybersecurity


Join Agency CIOs and IT Professionals for a Strategic Breakfast Meeting in Austin


Recent legislation in Texas requires that state agency large IT projects measure and report on indicators for cost, schedule, scope and quality. When done properly, these measurements can be used to drive down costs, control risks, and improve project performance over time. Additionally, the Texas Cybersecurity Act establishes a framework for prioritizing security posture and reporting. The Texas Dept. of Information Resources (DIR), the Quality Assurance Team (QAT) and state agency CIOs and CISOs will be the primary actors to implement these new laws for optimum effect. These new measurement requirements will flow down to all IT vendors that support these projects.


We’re hosting a complimentary breakfast workshop on Tuesday, June 19 from 8:00 – 10:00 in Austin, TX to discuss these new laws and best practices for leveraging these new requirements. Specifically, the areas of quality and cybersecurity measurement will be highlighted at this forum.


Venue: Doubletree by Hilton, 303 W. 15th St., Austin, TX


RSVP: Registration is now closed.


Presentation topics

  • New measurement requirements and what they really mean
  • The policies, practices, standards and tools that can be used to support them
  • How to use this technology base to improve delivery performance for more effective IT systems






7:45 Check in at registration desk, pick up name badge, breakfast buffet
8:00 Welcome and introductions
8:05 New (?) Measurements for IT Projects: Leveraging Industry Best Practice
Herb Krasner, Texas IT Champion
Herb spent many years at UT Austin as Professor of Software Engineering, the Director of Outreach Services for the UT Center for Advanced Research in Software Engineering (ARiSE), and founder and CTO of the UT Software Quality Institute (SQI). Herb was instrumental in drafting this legislation and has been publishing a series of position papers to share guidance with state agencies across the U.S. Download presentation
8:40 An Introduction to Automatable Standards for Software Measurement
Dr. Bill Curtis, CISQ Executive Director
Dr. Bill Curtis is Executive Director of the Consortium for IT Software Quality (CISQ), an IT leadership group that develops standards for measuring software size, quality and technical debt. Dr. Curtis is the American lead on the ISO 25000 series of standards. Download presentation
9:15 Improving IT with Centralized Management of Code Quality Standards
Philip Crenshaw, Vice President and Global Business Engineering Leader for CGI’s U.S. Strategic Business Unit
Philip Crenshaw will explain how CGI derives better software quality, security and team performance utilizing software standards from CISQ. Leveraging an application intelligence platform managed by a single, centralized team, CGI applies CISQ quality metrics and CAST tools across every team around the world, no matter the client or location. Learn how CGI is turning the IT black box into a transparent, glass box, helping clients reduce costs for rework and outages – and shift capital from “run” to “change” initiatives. Download presentation
9:50 Open discussion and next steps
10:00 Close



CISQ outreach events are supported by program sponsors.


Thank you CGI, CAST, Cognizant, ISHPI, Northrop Grumman, Synopsys and Tech Mahindra for supporting the event!



Realizing Effective End-to-End Quality Management within the Health Domain: Case Studies Using OMG Standards


This special event is part of the OMG® Technical Meeting from June 18-22, 2018 in Boston, MA. Registration is complimentary.


From OMG’s website:


Boston is the “Hub of Healthcare,” a thriving ecosystem of thought leaders in technology, medicine and research and the epicenter of 300 digital healthcare companies pioneering the latest advances in big data analytics, patient personalization, smart technologies, and connected care. On June 18th join your peers from the Healthcare IT community for an introduction to standards and testbeds that are improving the quality and security of healthcare. This event is hosted by the OMG®, an IT standards development organization headquartered in Boston and led Dr. Richard Soley, an MIT alumnus.


The featured case study is the Connected Care Testbed showcasing the work from the Industrial Internet Consortium in developing an open IoT ecosystem for clinical and remote medical devices that can bring together patient monitoring data into a single data management and analytics platform.


The Consortium for IT Software Quality (CISQ) will present Cybersecurity and Resilience of Healthcare IT and Medical Devices, an introduction to code quality standards that can be used to guide software development projects or put into requirements definition for new systems or enhancements.


The OMG is organizing this meeting to demonstrate what’s possible and to discuss the application of cross-industry technologies, such as IoT, Blockchain, and AI, to improve patient outcomes and advance the practice of medicine. Attendance is beneficial to companies in healthcare, pharmaceuticals, life sciences and related sectors.


View the agenda


Register now for complimentary admission


View all OMG special events the week of June 18-22 in Boston