Discover the latest in agile & DevOps methods, tools, and leadership practices. Get ideas and inspiration from experts and peers
Agile + DevOps East brings together practitioners seeking to accelerate the delivery of reliable, secure software applications. Find out how the practice of Agile & DevOps brings cross-functional stakeholders together to deliver software with greater speed and agility while meeting quality and security demands. Learn from industry experts how your organization can leverage Agile and DevOps concepts to improve deployment frequency and time to market, reduce lead time, and more successfully deliver stable new features.
Agile and DevOps Leadership
Agile Engineering Practices
Agile Testing and Automation
Building Agile and DevOps Cultures
Scaling Agile and DevOps Capabilities
Agile and DevOps Certification Training
Don’t miss featured keynote speaker, John Willis, DevOps pioneer and coauthor of the books The Phoenix Project and Beyond the Phoenix Project, for his talk on how he and coauthor Gene Kim, set out to research and describe the foundational ideas that these books are based upon. Understand where DevOps came from, what success organizations are having by applying DevOps principles, and what lies in the future for the DevOps revolution.
Register now using CISQ’s exclusive promo code — CECM — and save up to $200 off your registration!
Date: November 27-29, 2018 Venue: Caesars Palace, 3570 Las Vegas Blvd South, Las Vegas, NV 89109 Website:https://gtnr.it/2uzGiBo Special rate: CISQ members save $325 off the registration fee! Apply the code GARTOMG at registration
Take your application strategy to the next level with agile, DevOps, APIs and microservices
The future of applications depends on effective legacy modernization as much as innovation. This year’s Gartner Application Strategies & Solutions Summit 2018 will focus on these dual priorities, exploring the latest approaches to optimize existing applications and infrastructure as well as leading-edge technologies driving business transformation.
Application Leaders and the Future of Digital Business
Crafting and Implementing an Effective Application Strategy
Architecting for Digital Excellence
Application Development for Superior User Experiences
Integration Strategies to Connect Digital Ecosystems
Date: September 5-7, 2018 Venue: Hilton Orlando, 6001 Destination Parkway, Orlando, FL 32819 Website:https://gtnr.it/2LjHa6G Special rate: CISQ members save $350 off the registration fee! Apply the code GARTOMG at registration
Drive Business Performance and Cost Optimization for your Sourcing, Procurement, Finance, Vendor and Asset Management Strategies
Did your last software negotiation or cloud deal achieve the right business outcomes? Are your sourcing and procurement processes evolving fast enough to increase agility? How quickly can you leverage the external technology market for new ideas and innovative solutions?
Gartner IT Sourcing, Procurement, Vendor and Asset Management Summit 2018, September 5 – 7, in Orlando, FL is designed to help leaders in IT sourcing, procurement, vendor management, asset management and IT finance to acquire and manage the IT Services and products that will enable their organizations to achieve their business objectives. The eight-track agenda is designed to cover sourcing, procurement, financial, asset and vendor management professionals’ top priorities.
Track A: Sourcing Leaders: Strategic Sourcing for Business Value and Digital Innovation
Track B: Procurement Leaders: Enabling Business Success through Cost Optimization, Risk Mitigation and Speed
Track C: IT Asset Management Leaders: Maturing ITAM in a Digital World
Track D: IT Finance Leaders: Optimizing Cost and Value through IT Finance Evolution
Track E: Vendor Management Leaders: Driving Business Outcomes and Manage Risks with Disciplined Vendor Management
Track F: Negotiating software and SaaS contracts to support and enable digital business
Track G: The IT Services Marketplace: Leveraging IT Services in the Age of Digital Transformation and Cyber Threats
Track H: The Cloud and Hybrid Solutions Marketplace: Maximizing Business Outcomes with Cloud and Hybrid Offerings
Track I: Senior Leadership Circle: Advanced Learnings in Sourcing, Procurement, and Vendor Management
Speaker: Joe Jarzombek, Director for Government, Aerospace and Defense Programs, Synopsys, Inc.
Presented live on September 10, 2018
This CISQ webinar is brought to you by our sponsor, Synopsys
As the cyber threat landscape evolves and external dependencies grow more complex, managing risk in the supply chain must focus on the entire lifecycle. The Internet of Things (IoT) is contributing to a massive proliferation of a variety of types of software-reliant, connected devices throughout critical infrastructure sectors. With IoT increasingly dependent upon third-party software of unknown provenance and pedigree, software composition analysis and other forms of testing are needed to determine ‘fitness for use’ and trustworthiness. Application vulnerability management should leverage automated means for detecting weaknesses and vulnerabilities. Addressing software supply chain dependencies enables enterprises to harden their attack surface by: comprehensively identifying exploitable components and providing more responsive mitigations. Security automation tools and services, and testing and certification programs now provide means upon which organizations can use to reduce risk exposures attributable to exploitable software in IoT devices.
Attendees will learn:
How external dependencies create risks throughout the IoT/software supply chain;
How software composition, static code analysis, fuzzing, and other forms of testing can be used to determine weaknesses and vulnerabilities that represent vectors for attack and exploitation;
How testing can support procurement and enterprise risk management to reduce risk exposures attributable to exploitable software in IoT devices.
STARWEST is one of the longest-running and most respected conferences on software testing and quality assurance. The event week features over 100 learning and networking opportunities and covers a wide variety of some of the most in-demand topics and innovations:
Testing in DevOps
Test and Release Automation
Testing for Developers
Test Strategy, Planning, Metrics
Performance Testing and Monitoring
Big Data, Analytics, AI/Machine Learning for Testing
Register now using CISQ’s exclusive promo code — SWCM — and save up to $200 off your registration! Additionally, if you register by August 31, you will save up to an additional $200 off with super early bird pricing — a combined savings of up to $400.*
The 6th semiannual Cyber Resilience Summit: The Crossroads of Modernization and Cybersecurity returns to Arlington, VA in October. The program focuses on standards and best practices for measuring risk and quality in IT-intensive programs from the standpoint of productivity, software assurance, overall quality and system/mission risk. Discussions expose proven methods and tools of incorporating such standard quality metrics into the IT software development, sustainment and acquisition processes.
Our message to attendees: This is a unique opportunity to get this right for the next twenty years. You are deploying the “legacy systems of tomorrow” and need sustainable outcomes.
REGISTRATION IS NOW CLOSED! THANK YOU TO EVERYONE ATTENDING!
Dr. Bill Curtis, Executive Director, Consortium for IT Software Quality (CISQ)
John Weiler, Vice Chair, IT Acquisition Advisory Council (IT-AAC)
Titans of Cyber: Critical Success Factors for Modernizing and Securing Government IT
Lead: John Weiler, Vice Chair, IT Acquisition Advisory Council (IT-AAC)
Federal IT leaders brief on priorities, policy and plans for modernizing and securing government IT, building momentum from the “forcing functions” of the Federal IT Acquisition Reform Act (FITARA), Executive Order 13800 for Cybersecurity, Modernizing Government Technology (MGT) Act, and the President’s Management Agenda.
Titans of Cyber speakers:
Mark Hakun, Deputy Chief Information Officer, National Security Agency
Scott Tousley, Deputy Director, Cyber Security Division, U.S. Department of Homeland Security Science and Technology Directorate
Susan Dorr, Intelligence Community, Chief Information Security Officer (IC CISO) and Director, Intelligence Community, Chief Information Officer, Cybersecurity Division (IC CIO CSD)
Mark Kneidinger, Deputy Director, National Risk Management Center, U.S. Department of Homeland Security
Trustworthy Systems Manifesto from CISQ
Dr. Bill Curtis, Executive Director, Consortium for IT Software Quality (CISQ)
As businesses and governments automate more of their business and mission processes, the risk to which Information Technology (IT) exposes the organization grows dramatically. In an era of 9-digit defects (IT incidents with damages over $100,000,000), senior executives outside IT are held accountable and some have lost their jobs.
CISQ will brief on cyber risk measurement standards and then introduce a Trustworthy Systems Manifesto. The Manifesto contains a set of principles that senior business and public executives should hold IT accountable for implementing to ensure the systems to which they have entrusted the business or mission are trustworthy. A trustworthy system is one that is secure from unauthorized users and actions, reliable in its performance, resilient to unexpected conditions, and accurate in its computations.
Lead: Joe Jarzombek, Director for Government, Defense and Aerospace Programs, Synopsys and Board Member, Consortium for IT Software Quality (CISQ)
Software supply chain assurance is finally en vogue. The Pentagon is evaluating how to insert security metrics into the acquisition process to measure cyber risk on the same scale as cost, schedule, and performance. The phrase “shift left” from software development circles applies here, referring to the practice of mitigating risk earlier in the system lifecycle to avoid costly, compounded technical debt and unacceptable levels of risk from vulnerabilities and compromise. This panel will discuss the latest developments, best practices, and standards of practice for SCRM.
William Stephens, Director of Counterintelligence, Defense Security Service
Don Davidson, Deputy Director, Cybersecurity Risk Management (+ Chief of SCRM Division), Office of the Deputy DoD-CIO for Cybersecurity
Shon Lyublanovits, Senior Advisor for Cybersecurity, GSA
Dr. Allan Friedman, Director, Cybersecurity Initiatives, National Telecommunications and Information Administration, U.S. Department of Commerce
Continuous Diagnostics and Mitigation (CDM) Moves to Phase 4
Betsy Kulick, CDM Program Deputy Director, U.S. Department of Homeland Security
One of the biggest cybersecurity programs in the U.S. Federal Government is Continuous Diagnostics and Mitigation (CDM) at the Department of Homeland Security. This session will discuss the CDM roadmap and phase 4 of the program which targets protection of data and the application stack.
Lunch & Networking
Regulators Roundtable: Best Practices in Cyber Policy for Industry
Lead: Dr. Bill Curtis, Executive Director, Consortium for IT Software Quality (CISQ)
This cross-agency panel will discuss how cyber risk is measured and how cyber policy is set and implemented in the industries they regulate. What can agencies learn from each other in addressing the challenges of regulating industries? How do agencies strike the right balance in protecting citizens without stifling the pace of industry and innovation? What can industry learn from the government’s cyber practices?
Chris Hetner, Senior Cybersecurity Advisor to the Chairman, U.S. Securities and Exchange Commission
Bethany Dugan, Deputy Comptroller for Operational Risk, Office of the Comptroller of the Currency
Donald Saxinger, Chief, IT Supervision, Division of Risk Management Supervision, FDIC
Innovative Methods for Producing Cybersecure Software
Lead: Girish Seshagiri, EVP and CTO, ISHPI Information Technologies and Board Member, Consortium for IT Software Quality (CISQ)
The IT standards community is driving initiatives to automate cyber risk measurement and cyber threat modeling. In tandem, workforce development is critical to meeting the government’s cyber challenges and our nation’s IT skills gap. This panel of subject matter experts will brief the audience on methods for producing cybersecure, resilient and sustainable software systems through practice and education.
Paul Seay, Northrop Grumman Fellow, Engineering Center of Excellence, NGMS Engineering, Sciences, and Technology, Northrop Grumman Corporation
Bill Newhouse, Deputy Director, National Initiative for Cybersecurity Education (NICE); Security Engineer, National Cybersecurity Center of Excellence (NCCoE), NIST
The OWASP Annual AppSec EU Security Conference is the premier application security conference for European developers and security experts. AppSec EU provides attendees with insight into leading speakers for application security and cyber security, training sessions on various applications, networking, connections and exposure to the best practices in cybersecurity.
The event begins with thirteen hands-on pre conference training programs from 2nd to 4th of July 2018. The main conference spans two days from 5th to 6th of July 2018, offering four full tracks of talks, for pen-testers and ethical hackers, developers and security engineers, DevOps practices and GRC/risk level talks for managers and CISOs. This year’s conference program will focus on the bottom to the top and top to the bottom in application security.
The week is packed full of exciting opportunities and distractions such as the Women in Appsec gatherings, Capture The Flag, University Challenge and a great evening out at the AppSec EU 2018 Networking Event at the Imperial War Museums. There is so much to do at AppSec EU its a perfect blend of training, experiences, networking and fun.
CISQ members save $50 off the registration fee with the special code EU18-CISQ50. This code applies for the registration option of Conference and Networking Reception Event. Register today!
Join Agency CIOs and IT Professionals for a Strategic Breakfast Meeting in Austin
Recent legislation in Texas requires that state agency large IT projects measure and report on indicators for cost, schedule, scope and quality. When done properly, these measurements can be used to drive down costs, control risks, and improve project performance over time. Additionally, the Texas Cybersecurity Act establishes a framework for prioritizing security posture and reporting. The Texas Dept. of Information Resources (DIR), the Quality Assurance Team (QAT) and state agency CIOs and CISOs will be the primary actors to implement these new laws for optimum effect. These new measurement requirements will flow down to all IT vendors that support these projects.
We’re hosting a complimentary breakfast workshop on Tuesday, June 19 from 8:00 – 10:00 in Austin, TX to discuss these new laws and best practices for leveraging these new requirements. Specifically, the areas of quality and cybersecurity measurement will be highlighted at this forum.
Check in at registration desk, pick up name badge, breakfast buffet
Welcome and introductions
New (?) Measurements for IT Projects: Leveraging Industry Best Practice Herb Krasner, Texas IT Champion
Herb spent many years at UT Austin as Professor of Software Engineering, the Director of Outreach Services for the UT Center for Advanced Research in Software Engineering (ARiSE), and founder and CTO of the UT Software Quality Institute (SQI). Herb was instrumental in drafting this legislation and has been publishing a series of position papers to share guidance with state agencies across the U.S. Download presentation
An Introduction to Automatable Standards for Software Measurement Dr. Bill Curtis, CISQ Executive Director Dr. Bill Curtis is Executive Director of the Consortium for IT Software Quality (CISQ), an IT leadership group that develops standards for measuring software size, quality and technical debt. Dr. Curtis is the American lead on the ISO 25000 series of standards. Download presentation
Improving IT with Centralized Management of Code Quality Standards Philip Crenshaw, Vice President and Global BusinessEngineering Leader for CGI’s U.S. Strategic Business Unit
Philip Crenshaw will explain how CGI derives better software quality, security and team performance utilizing software standards from CISQ. Leveraging an application intelligence platform managed by a single, centralized team, CGI applies CISQ quality metrics and CAST tools across every team around the world, no matter the client or location. Learn how CGI is turning the IT black box into a transparent, glass box, helping clients reduce costs for rework and outages – and shift capital from “run” to “change” initiatives. Download presentation
Open discussion and next steps
CISQ outreach events are supported by program sponsors.
Boston is the “Hub of Healthcare,” a thriving ecosystem of thought leaders in technology, medicine and research and the epicenter of 300 digital healthcare companies pioneering the latest advances in big data analytics, patient personalization, smart technologies, and connected care. On June 18th join your peers from the Healthcare IT community for an introduction to standards and testbeds that are improving the quality and security of healthcare. This event is hosted by the OMG®, an IT standards development organization headquartered in Boston and led Dr. Richard Soley, an MIT alumnus.
The featured case study is the Connected Care Testbed showcasing the work from the Industrial Internet Consortium in developing an open IoT ecosystem for clinical and remote medical devices that can bring together patient monitoring data into a single data management and analytics platform.
The Consortium for IT Software Quality (CISQ) will present Cybersecurity and Resilience of Healthcare IT and Medical Devices, an introduction to code quality standards that can be used to guide software development projects or put into requirements definition for new systems or enhancements.
The OMG is organizing this meeting to demonstrate what’s possible and to discuss the application of cross-industry technologies, such as IoT, Blockchain, and AI, to improve patient outcomes and advance the practice of medicine. Attendance is beneficial to companies in healthcare, pharmaceuticals, life sciences and related sectors.