IAOP Outsourcing World Summit (OWS) 19


The Reincarnation of Outsourcing: From Disruption to Domination (When Disruption is Everywhere)


The Outsourcing World Summit (OWS) series is hosted by the International Association of Outsourcing Professionals (IAOP).


It is happening fast. Old ways give to new business models, processes and philosophies; collaboration is imperative; innovation is not optional; the workplace is modernized. Technology, like RPA, cognitive, AI and blockchain, are at the forefront of this disruption, but it’s not just tech. Geopolitics have stormed to center stage, turning globalization on its head. The ‘gig economy’ is changing the labor force.


The race to deliver the most affordable and efficient services is on, how do you make sense of the opportunities and then maximize them?


Join IAOP and hundreds of customers, service providers, advisors and academics, on February 17-20, at the Marriott World Center Orlando, in Orlando, Florida, as we examine these and other topics critical to your success.


We are pleased to announce that Dr. Bill Curtis, CISQ Executive Director, is delivering a presentation, Acquiring Trustworthy Software with Software Quality Measurement Standards.




Software and Supply Chain Assurance (SSCA) Fall Forum 2018

Cyber risk has become a topic of core strategic concern for business and government leaders worldwide and is an essential component of an enterprise risk management strategy. The Software and Supply Chain Assurance Forum (SSCA) provides a venue for government, industry, and academic participants from around the world to share their knowledge and expertise regarding software and supply chain risks, effective practices and mitigation strategies, tools and technologies, and any gaps related to the people, processes, or technologies involved.


The effort is co-led by the National Institute of Standards and Technology (NIST), the Department of Homeland Security (DHS), the Department of Defense (DoD), and the Government Services Agency (GSA). Participants represent a diverse group of career professionals including government officials, chief information security officers, those in academia with cybersecurity and supply chain specialties, system administrators, engineers, consultants, vendors, software developers, managers, analysts, specialists in IT and cybersecurity, and many more fields.


SSCA forums are held 2-3 times/year and are free and open to all interested parties.


While the general intent is to share information, the SSCA Forum also offers government and private sector participants, including international participants, an opportunity to openly collaborate by presenting and receiving feedback on current and potential future work. Most events are two to three days long and contain a mixture of discussion and presentation; interaction is always strongly encouraged. To encourage open interaction, SSCA Forum meetings operate under the Chatham House Rule, meaning “participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed,” though many speakers allow NIST to post their presentations on this website.


To receive information about upcoming meetings and related publications and activities, please sign up for the sw.assurance mailing list, operated by NIST, by sending a blank email to sw.assurance-join@nist.gov

Agile and DevOps East


Discover the latest in agile & DevOps methods, tools, and leadership practices. Get ideas and inspiration from experts and peers


Agile + DevOps East brings together practitioners seeking to accelerate the delivery of reliable, secure software applications. Find out how the practice of Agile & DevOps brings cross-functional stakeholders together to deliver software with greater speed and agility while meeting quality and security demands. Learn from industry experts how your organization can leverage Agile and DevOps concepts to improve deployment frequency and time to market, reduce lead time, and more successfully deliver stable new features.


Topic coverage:

  • Agile and DevOps Leadership
  • Agile Engineering Practices
  • Agile Testing and Automation
  • Building Agile and DevOps Cultures
  • Continuous Integration
  • Continuous Delivery/Deployment
  • DevSecOps
  • Scaling Agile and DevOps Capabilities
  • Digital Transformation
  • Agile and DevOps Certification Training


Don’t miss featured keynote speaker, John Willis, DevOps pioneer and coauthor of the books The Phoenix Project and Beyond the Phoenix Project, for his talk on how he and coauthor Gene Kim, set out to research and describe the foundational ideas that these books are based upon. Understand where DevOps came from, what success organizations are having by applying DevOps principles, and what lies in the future for the DevOps revolution.


Register now using CISQ’s exclusive promo code — CECM — and save up to $200 off your registration!

OWASP AppSec USA 2018


OWASP is hosting AppSec USA from October 8-12, 2018 at the Fairmont Hotel in San Jose, California.


CISQ members are eligible to receive $50 off the ticket price. Apply the code CMCISQ50 at registration.


What happens at an AppSec USA Conference?

  • Technical talks by experts in security, devops and cloud
  • Panels to debate tough topics
  • Training sessions for hands-on learning in top security areas
  • Keynotes from industry leaders
  • Vendor booths to promote the latest advances in security technology
  • A variety of other activities such as career fair, capture the flag, security tool training, and more


Gartner Application Strategies & Solutions Summit 2018

Date: November 27-29, 2018
Venue: Caesars Palace, 3570 Las Vegas Blvd South, Las Vegas, NV 89109
Website: https://gtnr.it/2uzGiBo
Special rate: CISQ members save $325 off the registration fee! Apply the code GARTOMG at registration



Take your application strategy to the next level with agile, DevOps, APIs and microservices


The future of applications depends on effective legacy modernization as much as innovation. This year’s Gartner Application Strategies & Solutions Summit 2018 will focus on these dual priorities, exploring the latest approaches to optimize existing applications and infrastructure as well as leading-edge technologies driving business transformation.


Recommended tracks:

  • Application Leaders and the Future of Digital Business
  • Crafting and Implementing an Effective Application Strategy
  • Architecting for Digital Excellence
  • Application Development for Superior User Experiences
  • Integration Strategies to Connect Digital Ecosystems
  • Exceeding Expectations with New User Experiences
  • Customer Technology: Turning Vision into Reality
  • Preparing for Next Generation Technologies


Gartner IT Sourcing, Procurement, Vendor and Asset Management Summit 2018

Date: September 5-7, 2018
Venue: Hilton Orlando, 6001 Destination Parkway, Orlando, FL 32819
Website: https://gtnr.it/2LjHa6G
Special rate: CISQ members save $350 off the registration fee! Apply the code GARTOMG at registration



Drive Business Performance and Cost Optimization for your Sourcing, Procurement, Finance, Vendor and Asset Management Strategies

Did your last software negotiation or cloud deal achieve the right business outcomes? Are your sourcing and procurement processes evolving fast enough to increase agility? How quickly can you leverage the external technology market for new ideas and innovative solutions?


Gartner IT Sourcing, Procurement, Vendor and Asset Management Summit 2018, September 5 – 7, in Orlando, FL is designed to help leaders in IT sourcing, procurement, vendor management, asset management and IT finance to acquire and manage the IT Services and products that will enable their organizations to achieve their business objectives. The eight-track agenda is designed to cover sourcing, procurement, financial, asset and vendor management professionals’ top priorities.


  • Track A: Sourcing Leaders: Strategic Sourcing for Business Value and Digital Innovation
  • Track B: Procurement Leaders: Enabling Business Success through Cost Optimization, Risk Mitigation and Speed
  • Track C: IT Asset Management Leaders: Maturing ITAM in a Digital World
  • Track D: IT Finance Leaders: Optimizing Cost and Value through IT Finance Evolution
  • Track E: Vendor Management Leaders: Driving Business Outcomes and Manage Risks with Disciplined Vendor Management
  • Track F: Negotiating software and SaaS contracts to support and enable digital business
  • Track G: The IT Services Marketplace: Leveraging IT Services in the Age of Digital Transformation and Cyber Threats
  • Track H: The Cloud and Hybrid Solutions Marketplace: Maximizing Business Outcomes with Cloud and Hybrid Offerings
  • Track I: Senior Leadership Circle: Advanced Learnings in Sourcing, Procurement, and Vendor Management






Webinar: Expecting Secure, High-Quality Software: Mitigating Risks throughout the Lifecycle

Speaker: Joe Jarzombek, Director for Government, Aerospace and Defense Programs, Synopsys, Inc.

Date: September 10, 2018 from 2:00 – 3:00pm ET (check your time zone)



This CISQ webinar is brought to you by our sponsor, Synopsys


As the cyber threat landscape evolves and external dependencies grow more complex, managing risk in the supply chain must focus on the entire lifecycle.  The Internet of Things (IoT) is contributing to a massive proliferation of a variety of types of software-reliant, connected devices throughout critical infrastructure sectors.  With IoT increasingly dependent upon third-party software of unknown provenance and pedigree, software composition analysis and other forms of testing are needed to determine ‘fitness for use’ and trustworthiness. Application vulnerability management should leverage automated means for detecting weaknesses and vulnerabilities. Addressing software supply chain dependencies enables enterprises to harden their attack surface by: comprehensively identifying exploitable components and providing more responsive mitigations.  Security automation tools and services, and testing and certification programs now provide means upon which organizations can use to reduce risk exposures attributable to exploitable software in IoT devices.


Attendees will learn:

  • How external dependencies create risks throughout the IoT/software supply chain;
  • How software composition, static code analysis, fuzzing, and other forms of testing can be used to determine weaknesses and vulnerabilities that represent vectors for attack and exploitation;
  • How testing can support procurement and enterprise risk management to reduce risk exposures attributable to exploitable software in IoT devices.


The webinar presentation will be available on this webpage to view or download after the event.


register now








The Place for Software Testing Innovations


STARWEST is one of the longest-running and most respected conferences on software testing and quality assurance. The event week features over 100 learning and networking opportunities and covers a wide variety of some of the most in-demand topics and innovations:

  • Testing in DevOps
  • Test Transformation
  • Test and Release Automation
  • Agile Testing
  • Testing for Developers
  • Security Testing
  • Test Strategy, Planning, Metrics
  • Test Leadership
  • Performance Testing and Monitoring
  • Big Data, Analytics, AI/Machine Learning for Testing


View the agenda here


Register now using CISQ’s exclusive promo code — SWCM — and save up to $200 off your registration! Additionally, if you register by August 31, you will save up to an additional $200 off with super early bird pricing — a combined savings of up to $400.*

Cyber Resilience Summit: The Crossroads of IT Modernization and Cybersecurity


Topic: Reducing Modernization Risk through Compliance to Software and Risk Management Standards


Hosted by: Consortium for IT Software Quality (CISQ) in cooperation with the Object Management Group (OMG) and IT Acquisition Advisory Council (IT-AAC)


Date: Tuesday, October 16, 2018 from 8:00am – 3:00pm


Venue: Army Navy Country Club, 1700 Army Navy Drive, Arlington, VA


RSVP: Tracie Berardi, CISQ Program Manager at tracie.berardi@it-cisq.org or 781-444-1132 x149


IT Modernization Best Practices Repository: http://it-cisq.org/wiki/it-modernization-best-practices-repository/



The 6th semiannual Cyber Resilience Summit: The Crossroads of Modernization and Cybersecurity returns to Arlington, VA in October. Federal IT leaders will brief on policy, priorities and plans for modernizing and securing government IT, building momentum from the forcing functions of FITARA, Executive Order 13800 for Cybersecurity, Modernizing Government Technology (MGT) Act, and the President’s Management Agenda which for the first time in history sets IT  modernization as a top tier objective for Federal Government leadership.


This is a unique opportunity to get this right for the next twenty years. You are deploying the “legacy systems of tomorrow” and need sustainable outcomes.


The agenda will cover:

  • Meeting IT modernization and cybersecurity objectives
  • Acquisition reform to usher in incremental procurement and software quality assurance requirements
  • Building trust in Agile/DevOps by applying software measurement standards and automation to achieve better IT outcomes
  • Cloud readiness and the move to scalable, secure and resilient architectures
  • Innovative methods for producing cybersecure software


Formal agenda to be posted this summer.



Admission is complimentary for government and elected officials, not-for-profit organizations, and universities; industry $250. Your admission includes lunch and refreshment breaks.  If eligible to redeem a complimentary pass, please register here, select “Special” under Payment Type, and enter the code CISQGOVF18 in the Discount Code field. Thank you for supporting this public service event!






Thank You CISQ Sponsors





OWASP AppSec EU 2018


The OWASP Annual AppSec EU Security Conference is the premier application security conference for European developers and security experts. AppSec EU provides attendees with insight into leading speakers for application security and cyber security, training sessions on various applications, networking, connections and exposure to the best practices in cybersecurity.


The event begins with thirteen hands-on pre conference training programs from 2nd to 4th of July 2018. The main conference spans two days from 5th to 6th of July 2018, offering four full tracks of talks, for pen-testers and ethical hackers, developers and security engineers, DevOps practices and GRC/risk level talks for managers and CISOs. This year’s conference program will focus on the bottom to the top and top to the bottom in application security.


The week is packed full of exciting opportunities and distractions such as the Women in Appsec gatherings, Capture The Flag, University Challenge and a great evening out at the AppSec EU 2018 Networking Event at the Imperial War Museums. There is so much to do at AppSec EU its a perfect blend of training, experiences, networking and fun.


CISQ members save $50 off the registration fee with the special code EU18-CISQ50. This code applies for the registration option of Conference and Networking Reception Event.  Register today!