AFCEA OKC Technology Day @ Tinker AFB

 

The AFCEA OKC Technology Day on August 17th brings together AFCEA members and Tinker AFB (Air Force Base) personnel to discuss Information Technology and Cybersecurity. View and demo some of the latest IT products from government and industry partners, attend educational sessions, and network with peers. Registration is complimentary. On Friday, August 18th, spend the day with the AFCEA OKC Chapter on the links at the Tinker Golf Course.

 

Marc Jones, Director of Federal Outreach at CISQ, will deliver a presentation:

 

Cyber and Operational Risk Standards and Policy Update.

 

International standards referenced by DOD & GSA are available now for automating the measurement of software size and structural quality (security, reliability, performance efficiency and maintainability.) Leveraging these measures in Software acquisition programs has been shown to elevate operational readiness and lower corrective maintenance cost of software-intensive IT and Mission systems. Learn how government organizations leverage these standards to quantify risk in multi-tier, multi-language systems at each software delivery to government. Explore how to use these measures in acquisition, benchmarking, vendor management and governance. Congress has mandated that all DOD programs have software measurement capability. CISQ is an acquisition ready standard.

 
CISQ is special interest group of the Object Management Group with engineering support from FFRDC’s Software Engineering Institute (SEI) and MITRE. CISQ’s work and standards are supported by DOD, GSA, NSA, NIST and DHS.

 

Attend this presentation to hear best practices for software quality measurement that can be leveraged in Tinker AFB programs.

 

 

 

Agile Dev, Better Software & DevOps East

Learn what you need to build better software now. The Agile Dev, Better Software, and DevOps East events hosted by Techwell are co-located from November 5-10, 2017 in Orlando, FL.  With over 100 learning and networking sessions, there will be a wide variety of new things to learn:

  • Projects and teams
  • Personal excellence
  • Going mobile
  • Business analysis and requirements
  • Internet of Things (IoT)
  • Process and metrics
  • Leadership
  • Software quality and testing

 

One registration gives you access to all three of these industry-leading events.

 

Register by October 6 using CISQ’s special promo code CECM to save up to an additional $200 off. Plus, this offer can be combined with early bird pricing for even more savings.

 

CLICK HERE TO LEARN MORE & REGISTER!

 

 

 

 

 

Measuring IT Project Performances in Texas: House Bill (HB) 3275 Implications

CISQ Advisory Board member, Herb Krasner, has released a position paper for Texas state CIOs and IT leaders seeking guidance on House Bill (HB) 3275 passed in June 2017 requiring the reporting of software quality measurement in Texas State IT projects. Krasner drafted the legislation that was signed into law by Texas governor, Greg Abbott. Directives go into effect on January 1, 2018.

 

The new law, HB 3275 is available on the CISQ website for review.

 

Abstract from the position paper, Measuring IT Project Performances in Texas: House Bill (HB) 3275 Implications:

 

“Texas’ usage of IT is big and getting bigger, but past project performances have a “checkered” history. In June 2017 HB 3275 became law in Texas. It requires state agencies to improve the measuring and monitoring of large IT projects to collect and report on performance indicators for schedule, cost, scope, and quality. If these indicators go out of bounds, more intense scrutiny is then triggered, potentially requiring corrective action. These indicators will be made visible to the public via an online, user-friendly dashboard, and will be summarized annually in a report to state leaders. This new law facilitates the early detection of troubled projects, and helps establish baselines for improvement initiatives. This position paper discusses the implications and challenges of implementing this new law for state and agency IT leadership.”

 

Professor Herb Krasner recently retired from the University of Texas at Austin. He was the Director of Outreach Services for the UT Center for Advanced Research in Software Engineering (ARiSE) and founder and CTO of the UT Software Quality Institute (SQI). As a systems excellence consultant, his mission, spanning five decades, has been to enable the development of superior software intensive systems, and to stamp out poor quality software, wherever found. Mr. Krasner is active in Texas state legislature IT improvement initiatives. Full bio

 

 

 

 

 

 

PNSQC 2017

 

Registration is now open. We are scaling new heights in quality software. Join us in Portland, Oregon, October 9-11.

 

CISQ is a supporting partner of PNSQC.

 

Registration opens with super early-bird discounts for individuals and groups, students and poster paper presenters receive additional discounts. Register before August 11 and save more than $300; groups of 4 or more receive an extra 15% off. Register now to save.

 

As we scale quality software, we have included some Trends, Tricks and Traps to share, then added Agile to the mix and finally ascending to joy to the workplace with the Invited Speakers. The technical program is ready to review. Look for lots of networking opportunities with your colleagues when you join us in Portland, register now!

 

 

How Outsourcing Can Mitigate Cyberrisks in DevOps

 

Dr. Erik Beulen, Principal, Amsterdam office (beulen.erik@bcg.com); Dr. Walter W. Bohmayr, Senior Partner, Vienna office (bohmayr.walter@bcg.com); Dr. Stefan A. Deutscher, Associate Director, Berlin office (deutscher.stefan@bcg.com); and Alex Asen, Senior Knowledge Analyst, Boston office (asen.alex@bcg.com)

 

DevOps agility requires organizational adjustments and additional tooling to ensure cybersecurity. At the same time, the challenges of the cybersecurity labor market drive the need to increase tooling’s impact and to consider outsourcing. In turn, these require carefully focusing on cybersecurity governance, including the assignment of accountability and responsibility.

 

In DevOps, the business is in the driver’s seat. DevOps characteristics (such as iterative prioritizing and deployment) plus the combined responsibility for development and operations present cybersecurity risks. They also create opportunities. DevOps tools, infrastructure, processes, and procedures can be used to fully automate patch deployments and continuously monitor, for example, open ports. Best practices are to automate information security platforms using at a minimum programmable APIs, but preferably automated to control access, containers and container orchestration combined with hypervisors or physical separation to avoid the impact of an attack on the OS kernel layer.

 

Market Developments

 

Our analysis of global startup activity in cybersecurity products reveals about 1,000 firms that represent more than $20 billion of investments. This explosion of competing cybersecurity products has driven enterprise reliance on best-of-breed solutions, which requires a lot of coordination and increases the risk of gaps in the cybersecurity landscape. Consolidation of cybersecurity product portfolios through mergers and acquisitions will still take some time—about three to five years. In the enterprise segment, we have to accept best-of-breed solutions and the associated increased complexity for the years to come.

 

Meanwhile, the service market is also evolving but still scattered. Managed security service providers (MSSPs) provide end-to-end protection, stabilize infrastructure, optimize IT operations, and provide rapid responses to security breaches. On one hand, MSSPs can be used to scale up required capabilities, reduce complexity, and innovate to achieve cyberresilience. On the other hand, the service market is not mature yet, so prior to contracting with an MSSP, companies should rigorously assess a solution’s robustness and vision. Companies should also determine  the number and seniority level of the cybersecurity experts at an MSSP.

 

Accountability

 

Accountability for cyberresilience can never be outsourced. Organizations need to build a cybersecurity competence center that oversees the design and maintenance of strategy and requirements, assesses cybersecurity compliance, and evangelizes cybersecurity. (See Exhibit 1.) This competence center manages the business demands. It also directs in-house cybersecurity and MSSPs’ strategy and policies, including standards, frameworks, certification, risk tolerance levels, and attack procedures. The number of MSSPs a company should engage depends on the size of the organization, cybersecurity requirements, and the capability to manage suppliers. Rarely do organizations engage with more than three MSSPs to avoid coordination challenges and ensure unambiguous responsibilities.

 

Exhibit 1: Cybersecurity Competence Center Responsibilities
Click to view larger image

 

 

Responsibility

 

Responsibilities for cyberresilience have to be embedded from the board level down to each DevOps team. This is not straightforward and requires a constant and intense dialogue embedded in governance structures and involving all stakeholders. At the application level, product owners and scrum masters have to ensure cybersecurity is respected and embraced by the DevOps teams (“cybersecurity by design”). This doesn’t mean developers must become security experts. Rather, product owners must assign dedicated security experts to each DevOps team. This will not be a full-time role, and security experts can be allocated to multiple DevOps teams. However, cybersecurity remains a team responsibility. Scrum masters have to explicitly address cybersecurity in each step of the DevOps lifecycle. This starts with creating cybersecurity awareness by training developers using gamification (such as Microsoft EOP game[1]). Furthermore, continuously monitoring and measuring cybersecurity performance (service levels) is important. The end goal is to champion cybersecurity by deploying and maintaining software in accordance with the set risk tolerance levels and applicable security standards.

 

Conclusion

 

Ensure cybersecurity in DevOps by taking these steps: empowering your product owners and scrum masters, building a competence center, partnering with no more than three MSSPs, using automation, and, of course, making cybersecurity a business agenda item. Also follow the World Economic Forum Working Group,[2] which kicked off cyberresilience through brainstorming!

 

[1] https://www.microsoft.com/en-us/SDL/adopt/eop.aspx

[2] https://www.weforum.org/whitepapers/advancing-cyber-resilience-principles-and-tools-for-boards

 

 

 

 

Gartner Catalyst Conference 2017

Gartner Catalyst Conference gives a comprehensive view into the technologies that will power the future of your digital business.

 

Technically focused and committed to pragmatic, how-to content, Gartner Catalyst Conference, provides practical solutions, actionable advice and principled objectivity. With access to more than 150 sessions built on forward-thinking Gartner for Technical Professionals (GTP) research, attendees will leave with a framework for project planning and execution and their own professional development.

 

Through six conference tracks and four “journeys” tailored to specific roles, you’ll learn how to:

  • Build data and analytics architectures
  • Leverage DevOps to increase data center agility
  • Create scalable security and identity architectures
  • Develop innovative software architectures and practices
  • Formulate and execute your IoT strategy
  • Make sense of blockchain and how to use it
  • Understand the impact of AI and machine learning
  • Take mobility from strategy to execution
  • Achieve digital workplace productivity
  • Explore public and hybrid cloud strategies and cloud-native solutions

 

CLICK HERE TO LEARN MORE & REGISTER!

 

STARWEST – Software Testing Conference

October 1-6, 2017

Disneyland Hotel in Anaheim, CA

Website: https://starwest.techwell.com/

 

Wondering why you should attend the STARWEST software testing conference from October 1-6 in Anaheim this year? With over 100 learning and networking sessions, there will be a wide variety of new things to learn, including finding the best solutions to your software testing challenges. Register for the STARWEST software testing conference by September 1 using promo code SWCM to save up to an additional $200 off. Plus, this offer can be combined with early bird pricing for even more savings.

 

 

 

Conference highlights include:

  • Pre-conference training classes
  • In-depth half- and full-day tutorials
  • Keynotes featuring recognized thought-leaders
  • Concurrent sessions covering major issues and solutions
  • The Expo, bringing you the latest in software development solutions
  • Networking events: receptions, breakfasts, breaks, and lunches included
  • A full day to explore unique challenges at the Testing & Quality Leadership Summit

 

Explore the program here

 

 

 

 

 

 

Gartner Sourcing & Strategic Vendor Relationships Summit


September 13-15
Gaylord Opryland Resort & Convention Center
Nashville, TN

Website: http://www.gartner.com/events/na/sourcing

 

Lead Sourcing and Vendor Management to the Core of Digital Business

 

Gartner Sourcing & Strategic Vendor Relationships Summit will address how Sourcing, Procurement and Vendor Management can proactively become agents and enablers of digital business. The agenda will focus on both traditional run-the-business sourcing and vendor management best practices as well as new models to increase sourcing’s proactiveness in supporting the organization’s digital business transformation.

 

The agenda features dedicated tracks for sourcing managers, procurement/contract managers, IT vendor managers, and a track on emerging trends and disruptive technologies. In addition, Gartner’s exclusive Program for Senior Sourcing Executives provides a forum for the most senior level delegates to engage with Gartner analysts and peers in a series of presentations and discussions. Drill down on your hottest sourcing topics based on your role, experience level and key focus.

 

2017 Agenda tracks

 
Track A: Sourcing Leaders:
Sourcing for the Digital Platform and Business Value

 

Track B: Sourcing and Procurement​ Managers
Selecting and Contracting for Agility, Innovation and Value

 

Track C: Vendor Managers
Maturing Vendor Management for the Digital Age

 

Track D: All Roles
Embracing Disruptive and Innovative Technology to Gain Competitive Advantage

 

 

REGISTER HERE

 

 

 

 

 

 

 

 

Forrester Privacy & Security 2017

 

September 14-15, 2017
The Mayflower Hotel in Washington, D.C.
Website: https://events.forrester.com/ps17

 

Driving Customer Loyalty and Business Growth With Trust

 

Privacy & Security 2017 will explore the rapid escalation of security, privacy, and risk from the operational back office to a strategic, enterprise-level imperative — and key driver of digital business and customer trust.

 

Your consumers’ expectations of privacy and trust now go far beyond such basic questions as “Will you protect my personal information?” They demand a seamless, consistent experience of safety, security, and data privacy. They require trust — and the smartest enterprises are increasingly committed to trust as a core component of their value proposition and brand.

 

Yet, this commitment to trust is happening at the same time that threats to data security are rapidly proliferating — in number, variety, scale and sophistication. Established security techniques and technologies are buckling under the assault.

 

In fact, Forrester predicts that a Fortune 1000 company will disappear in 2017 — through bankruptcy, acquisition, or regulatory enforcement — because of a cyberattack.

 

To WIN in this new era requires new approaches:

 

First, security and risk must move from the back office to the forefront of corporate strategy. Security, privacy, and risk are no longer about managing exposure to the downside, but are now critical drivers of business success, customer loyalty, and revenue growth.

 

Second, new technologies, teams, and techniques are required to defeat the growing threats to enterprise data and security, while simultaneously delivering frictionless customer experiences that inspire trust.

 

Forrester’s Privacy And Security 2017 is designed to bring security and IT professionals together with business and strategy leaders to collaboratively leverage security and trust for future growth in this challenging and volatile environment.

 

REGISTER HERE

 

 

 

 

 

 

Cyber Resilience Summit: Modernizing and Securing Government IT

 

Topic: Reducing Modernization Risk through Compliance to Software and Risk Management Standards

 

Hosted by: Consortium for IT Software Quality (CISQ) in cooperation with the Object Management Group (OMG) and IT Acquisition Advisory Council (IT-AAC)

 

Date: Thursday, October 19, 2017 from 8:00am – 3:00pm

 

Venue: Army Navy Country Club, 1700 Army Navy Drive, Arlington, VA

 

RSVP: tracie.berardi@it-cisq.org 781-444-1132 x149

 

 

REGISTRATION NOW OPEN!

 

With passage of the Technology Modernization Act and Executive Order for Cyber Security seeking to modernize and secure legacy systems, forward-leaning public officials, standards bodies, and IT Communities of Interests are converging for the 4th annual Cyber Resilience Summit on October 19 in Arlington, VA. With growing threats from a tech savvy adversary, Federal agencies need to embrace advanced risk management and modernization practices proven effective in the global IT market.

 

If you look at the Trump agenda, you understand that the government is trying to maximize the use of commercial innovation, commercial standards and commercial best practices, and in doing so, direct that at the modernization and security of legacy systems that right now are the #1 cyber threat.

 

The program will cover the topics of risk-managed digital transformation and the practical application of systems engineering to support agile acquisition, cloud readiness, big data, technical debt control, and cyber risk management of complex mission, C2, weapon and citizen-facing systems.

 

 

Registration is complimentary for government employees; industry $250; includes refreshments and lunch. Government employees, please select “Special” under Payment Type and enter the code CISQGOV17 at registration.

 

CLICK HERE TO REGISTER NOW!