QA Government & Public Sector Forum: London 2018

The QA Government & Public Sector Forum: London 2018 is QA Media’s first conference for heads of software quality assurance and software risk management designed for the public sector. We are launching at a time when UK government agencies are reviewing their technology partnerships and considering options for future long-term investment in IT.


Delegates will enjoy a day of high-level networking and knowledge-sharing on technologies for continuous integration and deployment of apps. The emphasis will be on automation, including test service virtualization and the application of machine learning to quality assurance.


Paul Bentz, Director of Government and Industry Programs at CISQ, is speaking on the panel, The Changing Role of Third Party Software Vendors and the Public Sector, with Brigid McBride, Programme Director, Digital Change, Ofsted; Matt Villion, Head of Cyber Security Engagement, UK Home Office; and Chris Johnston, Senior Technology Advisor – Government Digital Service, The Cabinet Office.


Also on the agenda:

  • the impact of GDPR
  • benchmarking the quality of code
  • critical decisions around testing in the Cloud.


Learn more & register here

Cyber Resilience Summit Agenda for October 16 Published

Focus on crossroads of modernization and cybersecurity in US Federal Government; launch of CISQ Trustworthy Systems Manifesto


Needham, MA – September 26, 2018 – The Consortium for IT Software Quality™ (CISQ™), an IT industry leadership group that develops standards for automating software quality measurement, today announced the agenda is published and registration is open for the Cyber Resilience Summit. CISQ is co-hosting this full-day event in cooperation with the Object Management Group® (OMG®) and the IT Acquisition Advisory Council (IT-AAC) at the Army Navy Country Club in Arlington, Virginia on October 16, 2018.


In its 6th year, the Summit brings together federal IT leaders, the IT standards community, and industry to address how federal agencies are modernizing and securing legacy systems to improve digital services and stay ahead of cyber threats. This year, CISQ Executive Director Dr. Bill Curtis will also introduce the CISQ Trustworthy Systems Manifesto, which is a set of principles to reduce the risk that software-intensive systems pose to the business or mission. Summit participants will have the opportunity to become signatories to the Trustworthy Systems Manifesto.


Registration is required for all attendees. General admission is $250 but is complimentary for government employees and elected officials, not-for-profit organizations, and universities. Registration for the media is complimentary by entering the code CISQPRF18.


Agenda Highlights

The popular “Titans of Cyber” keynote panel returns, featuring presenters from the National Security Agency, Department of Homeland Security, and Office of the Director of National Intelligence who will discuss “Critical Success Factors for Modernizing and Securing Government IT.”


Joe Jarzombek, Director for Government, Defense and Aerospace Programs, Synopsys and CISQ Board Member, will moderate a panel from MITRE, Department of Defense, Department of Commerce and GSA to examine supply chain risk management.

A session is being planned on the Continuous Diagnostics and Mitigation (CDM) program at the Department of Homeland Security, one of the largest cybersecurity federal programs, now moving to phase 4, which targets protection of data and the application stack. Speakers from agencies successfully deploying CDM will participate.

A new agenda item is the Regulators Roundtable, a cross-industry panel that will discuss how cyber risk is measured and how policy is set and implemented in sectors outside of government, including financial services, healthcare, and utilities.

The Summit will conclude with subject matter experts from the standards community who will share their insights for producing cybersecure software followed by closing remarks.


Confirmed Speakers and Panelists

  • Dr. Bill Curtis, Consortium for IT Software Quality Executive Director and Program Chair
  • John Weiler, IT Acquisition Advisory Council Vice Chair and Program Chair
  • Don Davidson, Deputy Director, Cybersecurity Risk Management (+ Chief of SCRM Division), Office of the Deputy DoD-CIO for Cybersecurity
  • Susan Dorr, Director of Cybersecurity Division, Office of the Director of National Intelligence
  • Bethany Dugan, Deputy Comptroller for Operational Risk, Office of the Comptroller of the Currency
  • Dr. Seth Carmody, Cybersecurity Program Manager, FDA
  • Dr. Allan Friedman, Director, Cybersecurity Initiatives, National Telecommunications and Information Administration, U.S. Department of Commerce
  • Mark Hakun, Deputy Chief Information Officer, National Security Agency
  • Chris Hetner, Senior Cybersecurity Advisor to the Chairman, U.S. Securities and Exchange Commission
  • Joe Jarzombek, Director for Government, Defense and Aerospace Programs, Synopsys and Board Member, Consortium for IT Software Quality
  • Shon Lyublanovits, Senior Advisor for Cybersecurity, GSA
  • Robert Martin, Senior Principal Engineer, MITRE
  • Christopher Nissen, Director, Assymetric Threat Response, MITRE
  • Rodney Petersen, Director, National Initiative for Cybersecurity Education (NICE), NIST
  • Donald Saxinger, Chief, IT Supervision, Division of Risk Management Supervision, FDIC
  • Paul Seay, Northrop Grumman Fellow, Engineering Center of Excellence, NGMS Engineering, Sciences, and Technology, Northrop Grumman Corporation
  • Girish Seshagiri, EVP and CTO, ISHPI Information Technologies and Board Member, Consortium for IT Software Quality
  • Scott Tousley, Deputy Director, Cyber Security Division, U.S. Department of Homeland Security Science and Technology Directorate

The event is supported by CISQ sponsors: CAST, CGI, Cognizant, ISHPI Information Technologies, Northrop Grumman, Synopsys and Tech Mahindra.


About the Event Hosts


The Consortium for IT Software Quality™ (CISQ™) is an IT leadership group that develops international standards for automating the measurement of software size and structural quality from the source code. The standards written by CISQ enable IT and business leaders to measure the risk IT applications pose to the business, as well as estimate the cost of ownership. CISQ was co-founded by the Object Management Group® (OMG®) and Software Engineering Institute (SEI) at Carnegie Mellon University. For more information, visit


The Object Management Group® (OMG®) is an international, open membership, not-for-profit technology standards consortium with representation from government, industry and academia. OMG Task Forces develop enterprise integration standards for a wide range of technologies and an even wider range of industries. OMG modeling standards enable powerful visual design, execution and maintenance of software and other processes. Visit for more information.


The IT Acquisition Advisory Council (IT-AAC) is a public/private “do tank” composed of leading IT public interest groups, standards bodies and government agencies working together to fundamentally transform how the government acquires and manages IT and Cyber solutions. As the “architect of FITARA”, we are ushering in agile standards of practice and innovations emanating from the $4T Global IT market.



Ann McDonough
+1 781-444-0404




Note to editors: CISQ is an Object Management Group program. Object Management Group and OMG are registered trademarks of the Object Management Group. For a listing of all OMG trademarks, visit All other trademarks are the property of their respective owners.

CISQ Hosts September 10 Webinar: Expecting Secure, High-Quality Software: Mitigating Risks throughout the Lifecycle

Speaker: Joe Jarzombek, Director for Government, Aerospace and Defense Programs, Synopsys, Inc.

Date: September 10, 2018 from 2:00 – 3:00pm ET (check your time zone)



This CISQ webinar is brought to you by our sponsor, Synopsys


As the cyber threat landscape evolves and external dependencies grow more complex, managing risk in the supply chain must focus on the entire lifecycle. The Internet of Things (IoT) is contributing to a massive proliferation of a variety of types of software-reliant, connected devices throughout critical infrastructure sectors. With IoT increasingly dependent upon third-party software of unknown provenance and pedigree, software composition analysis and other forms of testing are needed to determine ‘fitness for use’ and trustworthiness. Application vulnerability management should leverage automated means for detecting weaknesses and vulnerabilities. Addressing software supply chain dependencies enables enterprises to harden their attack surface by: comprehensively identifying exploitable components and providing more responsive mitigations. Security automation tools and services, and testing and certification programs now provide means upon which organizations can use to reduce risk exposures attributable to exploitable software in IoT devices.


Attendees will learn:

  • How external dependencies create risks throughout the IoT/software supply chain;
  • How software composition, static code analysis, fuzzing, and other forms of testing can be used to determine weaknesses and vulnerabilities that represent vectors for attack and exploitation;
  • How testing can support procurement and enterprise risk management to reduce risk exposures attributable to exploitable software in IoT devices.


The webinar presentation will be available on this webpage to view or download after the event.


register now






College Degrees Now Available for Secure Software Development

Tracie Berardi, Program Manager, Consortium for IT Software Quality (CISQ)


Cybersecurity training and workforce development is a common theme and solution that’s proposed at conferences that discuss the challenges of cybersecurity and the future as we know it – developing, architecting and living within digital IT ecosystems. Who’s steering the ship? Do leaders understand the security threats and do their teams know how to develop secure, resilient and trustworthy systems for the future? For years, IT was siloed and focused predominantly on functionality. Web-based applications and services expanded the attack surface.


Amidst these fast-paced technological changes, there is good news for workforce development, because with a skills gap, comes opportunity.


The Software Engineering Institute (SEI) at Carnegie Mellon University is one of the premiere universities in the U.S. for software engineering.  The SEI has developed Software Assurance Curricula with support from the U.S. Department of Homeland Security.  The courses available include –


  • Master of Software Assurance Curriculum
  • Undergraduate Software Assurance Curriculum
  • Community College Software Assurance Curriculum
  • Software Assurance for Executives


I spoke with Girish Seshagiri, EVP and CTO of ISHPI Information Technologies, who explained that in the United States we now have three community colleges that offer an Associate Degree in Secure Software Development based on the SEI curriculum and adoption guidelines.


Girish is passionate about this subject. He is on CISQ’s Board, co-chair of the National Initiative for Cybersecurity (NICE) apprenticeship sub-working group, and co-founder of the Community Initiative Center of Excellence for Secure Software (CICESS). CICESS promotes a dual model apprenticeship in partnership with community colleges. Girish’s employer, ISHPI, was an early adopter of the apprenticeship model at the ISHPI AIS Software Development Division in Peoria, IL. Students take college courses while participating in paid, on-the-job experience.


The CICESS GP project won the 2018 Innovations in Cybersecurity Education Award (curriculum category) by the National CyberWatch Center, a National Science Foundation-funded Advanced Technological Education Center at Prince George’s Community College in Largo, Maryland.


Here’s a recent article in Community College Daily:


9th Annual Billington Cybersecurity Summit


Launched around the time of the formation of the U.S. Cyber Command in 2010, Billington CyberSecurity is a leading independent media company.  It produces the leading Fall forum on cybersecurity in the nation’s capital, a newsletter, white papers, the annual International Cybersecurity Summit and the recently launched, Billington Cybersecurity Leadership Council.


The 9th Annual Billington Cybersecurity Summit is September 6, 2018 at the Walter E. Washington Convention Center in Washington, DC. The program is from 7:00 – 5:00. View the agenda here.






IAOP Outsourcing World Summit (OWS) 19


Level Up Your Collaborative Partnerships


The Outsourcing World Summit (OWS) series is hosted by the International Association of Outsourcing Professionals (IAOP).


It is happening fast. Old ways give to new business models, processes and philosophies; collaboration is imperative; innovation is not optional; the workplace is modernized. Technology, like RPA, cognitive, AI and blockchain, are at the forefront of this disruption, but it’s not just tech. Geopolitics have stormed to center stage, turning globalization on its head. The ‘gig economy’ is changing the labor force.


The race to deliver the most affordable and efficient services is on, how do you make sense of the opportunities and then maximize them?


Join IAOP and hundreds of customers, service providers, advisors and academics, on February 17-20, at the Marriott World Center Orlando, in Orlando, Florida, as we examine these and other topics critical to your success.


We are pleased to announce that Dr. Bill Curtis, CISQ Executive Director, is delivering a presentation, Acquiring Trustworthy Software with Software Quality Measurement Standards.




Software and Supply Chain Assurance (SSCA) Fall Forum 2018

Cyber risk has become a topic of core strategic concern for business and government leaders worldwide and is an essential component of an enterprise risk management strategy. The Software and Supply Chain Assurance Forum (SSCA) provides a venue for government, industry, and academic participants from around the world to share their knowledge and expertise regarding software and supply chain risks, effective practices and mitigation strategies, tools and technologies, and any gaps related to the people, processes, or technologies involved.


The effort is co-led by the National Institute of Standards and Technology (NIST), the Department of Homeland Security (DHS), the Department of Defense (DoD), and the Government Services Agency (GSA). Participants represent a diverse group of career professionals including government officials, chief information security officers, those in academia with cybersecurity and supply chain specialties, system administrators, engineers, consultants, vendors, software developers, managers, analysts, specialists in IT and cybersecurity, and many more fields.


SSCA forums are held 2-3 times/year and are free and open to all interested parties.


While the general intent is to share information, the SSCA Forum also offers government and private sector participants, including international participants, an opportunity to openly collaborate by presenting and receiving feedback on current and potential future work. Most events are two to three days long and contain a mixture of discussion and presentation; interaction is always strongly encouraged. To encourage open interaction, SSCA Forum meetings operate under the Chatham House Rule, meaning “participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed,” though many speakers allow NIST to post their presentations on this website.


To receive information about upcoming meetings and related publications and activities, please sign up for the sw.assurance mailing list, operated by NIST, by sending a blank email to


Visit to view upcoming meetings.

Agile and DevOps East


Discover the latest in agile & DevOps methods, tools, and leadership practices. Get ideas and inspiration from experts and peers


Agile + DevOps East brings together practitioners seeking to accelerate the delivery of reliable, secure software applications. Find out how the practice of Agile & DevOps brings cross-functional stakeholders together to deliver software with greater speed and agility while meeting quality and security demands. Learn from industry experts how your organization can leverage Agile and DevOps concepts to improve deployment frequency and time to market, reduce lead time, and more successfully deliver stable new features.


Topic coverage:

  • Agile and DevOps Leadership
  • Agile Engineering Practices
  • Agile Testing and Automation
  • Building Agile and DevOps Cultures
  • Continuous Integration
  • Continuous Delivery/Deployment
  • DevSecOps
  • Scaling Agile and DevOps Capabilities
  • Digital Transformation
  • Agile and DevOps Certification Training


Don’t miss featured keynote speaker, John Willis, DevOps pioneer and coauthor of the books The Phoenix Project and Beyond the Phoenix Project, for his talk on how he and coauthor Gene Kim, set out to research and describe the foundational ideas that these books are based upon. Understand where DevOps came from, what success organizations are having by applying DevOps principles, and what lies in the future for the DevOps revolution.


Register now using CISQ’s exclusive promo code — CECM — and save up to $200 off your registration!

OWASP AppSec USA 2018


OWASP is hosting AppSec USA from October 8-12, 2018 at the Fairmont Hotel in San Jose, California.


CISQ members are eligible to receive $50 off the ticket price. Apply the code CMCISQ50 at registration.


What happens at an AppSec USA Conference?

  • Technical talks by experts in security, devops and cloud
  • Panels to debate tough topics
  • Training sessions for hands-on learning in top security areas
  • Keynotes from industry leaders
  • Vendor booths to promote the latest advances in security technology
  • A variety of other activities such as career fair, capture the flag, security tool training, and more


Gartner Application Strategies & Solutions Summit 2018

Date: November 27-29, 2018
Venue: Caesars Palace, 3570 Las Vegas Blvd South, Las Vegas, NV 89109
Special rate: CISQ members save $325 off the registration fee! Apply the code GARTOMG at registration



Take your application strategy to the next level with agile, DevOps, APIs and microservices


The future of applications depends on effective legacy modernization as much as innovation. This year’s Gartner Application Strategies & Solutions Summit 2018 will focus on these dual priorities, exploring the latest approaches to optimize existing applications and infrastructure as well as leading-edge technologies driving business transformation.


Recommended tracks:

  • Application Leaders and the Future of Digital Business
  • Crafting and Implementing an Effective Application Strategy
  • Architecting for Digital Excellence
  • Application Development for Superior User Experiences
  • Integration Strategies to Connect Digital Ecosystems
  • Exceeding Expectations with New User Experiences
  • Customer Technology: Turning Vision into Reality
  • Preparing for Next Generation Technologies