College Degrees Now Available for Secure Software Development

Tracie Berardi, Program Manager, Consortium for IT Software Quality (CISQ)


Cybersecurity training and workforce development is a common theme and solution that’s proposed at conferences that discuss the challenges of cybersecurity and the future as we know it – developing, architecting and living within digital IT ecosystems. Who’s steering the ship? Do leaders understand the security threats and do their teams know how to develop secure, resilient and trustworthy systems for the future? For years, IT was siloed and focused predominantly on functionality. Web-based applications and services expanded the attack surface.


Amidst these fast-paced technological changes, there is good news for workforce development, because with a skills gap, comes opportunity.


The Software Engineering Institute (SEI) at Carnegie Mellon University is one of the premiere universities in the U.S. for software engineering.  The SEI has developed Software Assurance Curricula with support from the U.S. Department of Homeland Security.  The courses available include –


  • Master of Software Assurance Curriculum
  • Undergraduate Software Assurance Curriculum
  • Community College Software Assurance Curriculum
  • Software Assurance for Executives


I spoke with Girish Seshagiri, EVP and CTO of ISHPI Information Technologies, who explained that in the United States we now have three community colleges that offer an Associate Degree in Secure Software Development based on the SEI curriculum and adoption guidelines.


Girish is passionate about this subject. He is on CISQ’s Board, co-chair of the National Initiative for Cybersecurity (NICE) apprenticeship sub-working group, and co-founder of the Community Initiative Center of Excellence for Secure Software (CICESS). CICESS promotes a dual model apprenticeship in partnership with community colleges. Girish’s employer, ISHPI, was an early adopter of the apprenticeship model at the ISHPI AIS Software Development Division in Peoria, IL. Students take college courses while participating in paid, on-the-job experience.


The CICESS GP project won the 2018 Innovations in Cybersecurity Education Award (curriculum category) by the National CyberWatch Center, a National Science Foundation-funded Advanced Technological Education Center at Prince George’s Community College in Largo, Maryland.


Here’s a recent article in Community College Daily:


9th Annual Billington Cybersecurity Summit


Launched around the time of the formation of the U.S. Cyber Command in 2010, Billington CyberSecurity is a leading independent media company.  It produces the leading Fall forum on cybersecurity in the nation’s capital, a newsletter, white papers, the annual International Cybersecurity Summit and the recently launched, Billington Cybersecurity Leadership Council.


The 9th Annual Billington Cybersecurity Summit is September 6, 2018 at the Walter E. Washington Convention Center in Washington, DC. The program is from 7:00 – 5:00. View the agenda here.






IAOP Outsourcing World Summit (OWS) 19


Level Up Your Collaborative Partnerships


The Outsourcing World Summit (OWS) series is hosted by the International Association of Outsourcing Professionals (IAOP).


It is happening fast. Old ways give to new business models, processes and philosophies; collaboration is imperative; innovation is not optional; the workplace is modernized. Technology, like RPA, cognitive, AI and blockchain, are at the forefront of this disruption, but it’s not just tech. Geopolitics have stormed to center stage, turning globalization on its head. The ‘gig economy’ is changing the labor force.


The race to deliver the most affordable and efficient services is on, how do you make sense of the opportunities and then maximize them?


Join IAOP and hundreds of customers, service providers, advisors and academics, on February 17-20, at the Marriott World Center Orlando, in Orlando, Florida, as we examine these and other topics critical to your success.


We are pleased to announce that Dr. Bill Curtis, CISQ Executive Director, is delivering a presentation, Acquiring Trustworthy Software with Software Quality Measurement Standards.




Software and Supply Chain Assurance (SSCA) Fall Forum 2018

Cyber risk has become a topic of core strategic concern for business and government leaders worldwide and is an essential component of an enterprise risk management strategy. The Software and Supply Chain Assurance Forum (SSCA) provides a venue for government, industry, and academic participants from around the world to share their knowledge and expertise regarding software and supply chain risks, effective practices and mitigation strategies, tools and technologies, and any gaps related to the people, processes, or technologies involved.


The effort is co-led by the National Institute of Standards and Technology (NIST), the Department of Homeland Security (DHS), the Department of Defense (DoD), and the Government Services Agency (GSA). Participants represent a diverse group of career professionals including government officials, chief information security officers, those in academia with cybersecurity and supply chain specialties, system administrators, engineers, consultants, vendors, software developers, managers, analysts, specialists in IT and cybersecurity, and many more fields.


SSCA forums are held 2-3 times/year and are free and open to all interested parties.


While the general intent is to share information, the SSCA Forum also offers government and private sector participants, including international participants, an opportunity to openly collaborate by presenting and receiving feedback on current and potential future work. Most events are two to three days long and contain a mixture of discussion and presentation; interaction is always strongly encouraged. To encourage open interaction, SSCA Forum meetings operate under the Chatham House Rule, meaning “participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed,” though many speakers allow NIST to post their presentations on this website.


To receive information about upcoming meetings and related publications and activities, please sign up for the sw.assurance mailing list, operated by NIST, by sending a blank email to


Visit to view upcoming meetings.

Agile and DevOps East


Discover the latest in agile & DevOps methods, tools, and leadership practices. Get ideas and inspiration from experts and peers


Agile + DevOps East brings together practitioners seeking to accelerate the delivery of reliable, secure software applications. Find out how the practice of Agile & DevOps brings cross-functional stakeholders together to deliver software with greater speed and agility while meeting quality and security demands. Learn from industry experts how your organization can leverage Agile and DevOps concepts to improve deployment frequency and time to market, reduce lead time, and more successfully deliver stable new features.


Topic coverage:

  • Agile and DevOps Leadership
  • Agile Engineering Practices
  • Agile Testing and Automation
  • Building Agile and DevOps Cultures
  • Continuous Integration
  • Continuous Delivery/Deployment
  • DevSecOps
  • Scaling Agile and DevOps Capabilities
  • Digital Transformation
  • Agile and DevOps Certification Training


Don’t miss featured keynote speaker, John Willis, DevOps pioneer and coauthor of the books The Phoenix Project and Beyond the Phoenix Project, for his talk on how he and coauthor Gene Kim, set out to research and describe the foundational ideas that these books are based upon. Understand where DevOps came from, what success organizations are having by applying DevOps principles, and what lies in the future for the DevOps revolution.


Register now using CISQ’s exclusive promo code — CECM — and save up to $200 off your registration!

OWASP AppSec USA 2018


OWASP is hosting AppSec USA from October 8-12, 2018 at the Fairmont Hotel in San Jose, California.


CISQ members are eligible to receive $50 off the ticket price. Apply the code CMCISQ50 at registration.


What happens at an AppSec USA Conference?

  • Technical talks by experts in security, devops and cloud
  • Panels to debate tough topics
  • Training sessions for hands-on learning in top security areas
  • Keynotes from industry leaders
  • Vendor booths to promote the latest advances in security technology
  • A variety of other activities such as career fair, capture the flag, security tool training, and more


Gartner Application Strategies & Solutions Summit 2018

Date: November 27-29, 2018
Venue: Caesars Palace, 3570 Las Vegas Blvd South, Las Vegas, NV 89109
Special rate: CISQ members save $325 off the registration fee! Apply the code GARTOMG at registration



Take your application strategy to the next level with agile, DevOps, APIs and microservices


The future of applications depends on effective legacy modernization as much as innovation. This year’s Gartner Application Strategies & Solutions Summit 2018 will focus on these dual priorities, exploring the latest approaches to optimize existing applications and infrastructure as well as leading-edge technologies driving business transformation.


Recommended tracks:

  • Application Leaders and the Future of Digital Business
  • Crafting and Implementing an Effective Application Strategy
  • Architecting for Digital Excellence
  • Application Development for Superior User Experiences
  • Integration Strategies to Connect Digital Ecosystems
  • Exceeding Expectations with New User Experiences
  • Customer Technology: Turning Vision into Reality
  • Preparing for Next Generation Technologies


Gartner IT Sourcing, Procurement, Vendor and Asset Management Summit 2018

Date: September 5-7, 2018
Venue: Hilton Orlando, 6001 Destination Parkway, Orlando, FL 32819
Special rate: CISQ members save $350 off the registration fee! Apply the code GARTOMG at registration



Drive Business Performance and Cost Optimization for your Sourcing, Procurement, Finance, Vendor and Asset Management Strategies

Did your last software negotiation or cloud deal achieve the right business outcomes? Are your sourcing and procurement processes evolving fast enough to increase agility? How quickly can you leverage the external technology market for new ideas and innovative solutions?


Gartner IT Sourcing, Procurement, Vendor and Asset Management Summit 2018, September 5 – 7, in Orlando, FL is designed to help leaders in IT sourcing, procurement, vendor management, asset management and IT finance to acquire and manage the IT Services and products that will enable their organizations to achieve their business objectives. The eight-track agenda is designed to cover sourcing, procurement, financial, asset and vendor management professionals’ top priorities.


  • Track A: Sourcing Leaders: Strategic Sourcing for Business Value and Digital Innovation
  • Track B: Procurement Leaders: Enabling Business Success through Cost Optimization, Risk Mitigation and Speed
  • Track C: IT Asset Management Leaders: Maturing ITAM in a Digital World
  • Track D: IT Finance Leaders: Optimizing Cost and Value through IT Finance Evolution
  • Track E: Vendor Management Leaders: Driving Business Outcomes and Manage Risks with Disciplined Vendor Management
  • Track F: Negotiating software and SaaS contracts to support and enable digital business
  • Track G: The IT Services Marketplace: Leveraging IT Services in the Age of Digital Transformation and Cyber Threats
  • Track H: The Cloud and Hybrid Solutions Marketplace: Maximizing Business Outcomes with Cloud and Hybrid Offerings
  • Track I: Senior Leadership Circle: Advanced Learnings in Sourcing, Procurement, and Vendor Management






Webinar: Expecting Secure, High-Quality Software: Mitigating Risks throughout the Lifecycle


Speaker: Joe Jarzombek, Director for Government, Aerospace and Defense Programs, Synopsys, Inc.

Presented live on September 10, 2018



This CISQ webinar is brought to you by our sponsor, Synopsys


As the cyber threat landscape evolves and external dependencies grow more complex, managing risk in the supply chain must focus on the entire lifecycle.  The Internet of Things (IoT) is contributing to a massive proliferation of a variety of types of software-reliant, connected devices throughout critical infrastructure sectors.  With IoT increasingly dependent upon third-party software of unknown provenance and pedigree, software composition analysis and other forms of testing are needed to determine ‘fitness for use’ and trustworthiness. Application vulnerability management should leverage automated means for detecting weaknesses and vulnerabilities. Addressing software supply chain dependencies enables enterprises to harden their attack surface by: comprehensively identifying exploitable components and providing more responsive mitigations.  Security automation tools and services, and testing and certification programs now provide means upon which organizations can use to reduce risk exposures attributable to exploitable software in IoT devices.


Attendees will learn:

  • How external dependencies create risks throughout the IoT/software supply chain;
  • How software composition, static code analysis, fuzzing, and other forms of testing can be used to determine weaknesses and vulnerabilities that represent vectors for attack and exploitation;
  • How testing can support procurement and enterprise risk management to reduce risk exposures attributable to exploitable software in IoT devices.


Watch the webinar on CISQ YouTube / Download the presentation


Resources from Synopsys:

Synopsys Continuous Integration Continuous Delivery and Deployment

Coverity Static Analysis

Black Duck Software Composition Analysis

Black Duck Binary Analysis

Synopsys Fuzz Testing Defensics





The Place for Software Testing Innovations


STARWEST is one of the longest-running and most respected conferences on software testing and quality assurance. The event week features over 100 learning and networking opportunities and covers a wide variety of some of the most in-demand topics and innovations:

  • Testing in DevOps
  • Test Transformation
  • Test and Release Automation
  • Agile Testing
  • Testing for Developers
  • Security Testing
  • Test Strategy, Planning, Metrics
  • Test Leadership
  • Performance Testing and Monitoring
  • Big Data, Analytics, AI/Machine Learning for Testing


View the agenda here


Register now using CISQ’s exclusive promo code — SWCM — and save up to $200 off your registration! Additionally, if you register by August 31, you will save up to an additional $200 off with super early bird pricing — a combined savings of up to $400.*