November 2017 QASIG Meeting

Thank you to all who came and participated in the final QASIG of the year.

We were lucky to hear some great impromptu lightning talks and appreciate the discussion – we feel really lucky to be part of such a great community and are looking forward to many more great meetings next year!

Happy Holidays and we’ll see you in the new year!

The QASIG Team

September 2017 QASIG Video :: Joe Basirico, Security Innovation

Building a Collaborative and Social Application Security Program

Presented by: Joe Basirico, Security Innovation, VP of Professional Services

In today’s environment, there is no arguing that a comprehensive secure development process is necessary. Fitting tools, technology, and security reviews into our current development cycle has become table stakes for companies building the software of tomorrow.

Breaking the “find and fix” vulnerability-based assessment cycle so that software is developed with security in mind from start to finish is critically important, but doing this without leveraging a collaborative and social security program that leverages bug bounty programs, security researchers, and every aspect of vulnerability disclosure misses a huge opportunity. In this talk, I will explore how your security program can reach beyond the Secure SDLC.

About our speaker:  As the VP of Services, Joe is responsible for leading the Professional Services business at Security Innovation. He leverages his unique experience as a development lead, trainer, researcher, and test engineer to direct the security consulting team in the delivery of high-quality, impactful risk and software assessment and remediation solutions to the company’s customers. His ability to blend deep technical skills with risk-based business and compliance analysis is a powerful combination.

Joe has spent his career analyzing application behavior with respect to security. He has researched how software development organizations mature over time from a security perspective. Through this research, he has developed an understanding of application threats, tools, and methodologies that assist in the discovery and removal of security problems both software and process related.

May QASIG Video – Performance and Security Quality Practices in Continuous Delivery

Performance and Security Quality Practices in Continuous Delivery

presented by Khan Klatt, Director of Engineering at McGraw-Hill Engineering

Modern software engineering practices have challenged traditional thinking around the delivery of quality software. Waterfall practices have been eclipsed by agile practices, reducing cycle time to deliver software features from quarters or years to weeks or months. Agile practices are now being challenged by lean practices, which some organizations have exploited to reduce that cycle time from weeks/months to days/hours. In this talk, discover how decades-old quality practice and modern software engineering capabilities can be applied to deliver high-quality software on ultra-agile timeframes.

About our speaker: Khan Klatt is a Director of Engineering at McGraw-Hill Engineering, leading the company’s Continuous Integration/Continuous Delivery strategy. Khan joined McGraw-Hill Education in 2014, previously having worked in entertainment/gaming and social media startups local to Seattle. Khan built high-performance, highly-scalable APIs used by television game shows, web scraping/crawling, and content ranking algorithms, as well as a social media platform that scaled to 50M users in the early 2000’s. In the 1990s, Khan also helped co-found a Web consulting business and successfully built and sold a regional startup Internet Service Provider to a national ISP.

Khan attended Western Washington University in Bellingham, WA, where he served as the first Webmaster for that organization in 1993. His passion for progressive innovation was demonstrated in his work to integrate make the Campus-Wide Information System database available on the Web as early as 1994.

Khan came to the United States from Ankara, Turkey, where he attended grades K-12 in a Department of Defense Dependents School. Born in Turkey, Khan speaks Turkish and English as native tongues and learned elementary French in high school. In his free time, Khan enjoys hobbies like programming, photography, and travel.

March 2017 QASIG Video – Quality 2020 with Brian Gaudreau

Quality in software delivery and sustainment will always have competing pressures between capability desired, cost incurred, and time taken.  And of course these impact measurable quality delivered.

But even now the technology landscape adds additional pressures we need to understand to be most effective in keeping quality high.

  • Client/Customer expectations and input now influence different combinations of capability and functionality.
  • Security and Quality are not separate conversations.
  • What is meaningful to measure is now more dynamic than ever.

At the QASIG we’ll discuss these factors as well as new perspectives (and revisit some baseline tenets) on planning and readiness for software quality going forward.

About our speaker: Brian Gaudreau has successfully delivered software services and solutions for over 20 years. Experienced leader delivering software quality and continuous improvement of products and processes.

Specialties: Software Delivery and Quality, Process Analysis and Improvement, Program Management, PCI (Payment Card Industry) compliance, Resource Management including offshore teams, ITIL, Regulatory and Compliance testing/audit, Cloud technologies, SaaS, IaaS, PaaS, Test environments and test methodologies. Certified Scrum Master.

January QASIG Meeting Video – The Future of QA Panel Discussion

In January, and all year, we’ll be focusing on the future of QA – where the industry is heading, how can we best add value, what skills should be developing and refining, and what software, tools and/or code should we learn?

We are excited to have a great panel – QA representatives from local companies who will help us answer some of these questions. We are happy to welcome to the following colleagues:

  • Brian Gaudreau, Software Quality Professional
  • Matt Pina, IT Security Consultant, UW Medicine IT
  • Joy Shafer, Software Developer in Test, The Climate Corp
  • Jamie Campbell, Senior Manager Engineering, Tableau Software

Moderated by Andy Fox, Software Design Engineer in Test, Quardev

Quality Assurance Special Interest Group