Thank you to all who came and participated in the final QASIG of the year.
We were lucky to hear some great impromptu lightning talks and appreciate the discussion – we feel really lucky to be part of such a great community and are looking forward to many more great meetings next year!
Happy Holidays and we’ll see you in the new year!
The QASIG Team
Building a Collaborative and Social Application Security Program
Presented by: Joe Basirico, Security Innovation, VP of Professional Services
In today’s environment, there is no arguing that a comprehensive secure development process is necessary. Fitting tools, technology, and security reviews into our current development cycle has become table stakes for companies building the software of tomorrow.
Breaking the “find and fix” vulnerability-based assessment cycle so that software is developed with security in mind from start to finish is critically important, but doing this without leveraging a collaborative and social security program that leverages bug bounty programs, security researchers, and every aspect of vulnerability disclosure misses a huge opportunity. In this talk, I will explore how your security program can reach beyond the Secure SDLC.
About our speaker: As the VP of Services, Joe is responsible for leading the Professional Services business at Security Innovation. He leverages his unique experience as a development lead, trainer, researcher, and test engineer to direct the security consulting team in the delivery of high-quality, impactful risk and software assessment and remediation solutions to the company’s customers. His ability to blend deep technical skills with risk-based business and compliance analysis is a powerful combination.
Joe has spent his career analyzing application behavior with respect to security. He has researched how software development organizations mature over time from a security perspective. Through this research, he has developed an understanding of application threats, tools, and methodologies that assist in the discovery and removal of security problems both software and process related.
Presented By: Ian King, a Hardware/Software Simulation Engineer, Flight Sciences from Blue Origin
Using the Agile Mindset (as Exploratory Testing) on the Agile Mindset
Presented by Micheal Wolf
Logs are the wrong tool for quality automation. Here’s what actually works
Presented by: Matt Griscom, MetaAutomation
Performance and Security Quality Practices in Continuous Delivery
presented by Khan Klatt, Director of Engineering at McGraw-Hill Engineering
Modern software engineering practices have challenged traditional thinking around the delivery of quality software. Waterfall practices have been eclipsed by agile practices, reducing cycle time to deliver software features from quarters or years to weeks or months. Agile practices are now being challenged by lean practices, which some organizations have exploited to reduce that cycle time from weeks/months to days/hours. In this talk, discover how decades-old quality practice and modern software engineering capabilities can be applied to deliver high-quality software on ultra-agile timeframes.
About our speaker: Khan Klatt is a Director of Engineering at McGraw-Hill Engineering, leading the company’s Continuous Integration/Continuous Delivery strategy. Khan joined McGraw-Hill Education in 2014, previously having worked in entertainment/gaming and social media startups local to Seattle. Khan built high-performance, highly-scalable APIs used by television game shows, web scraping/crawling, and content ranking algorithms, as well as a social media platform that scaled to 50M users in the early 2000’s. In the 1990s, Khan also helped co-found a Web consulting business and successfully built and sold a regional startup Internet Service Provider to a national ISP.
Khan attended Western Washington University in Bellingham, WA, where he served as the first Webmaster for that organization in 1993. His passion for progressive innovation was demonstrated in his work to integrate make the Campus-Wide Information System database available on the Web as early as 1994.
Khan came to the United States from Ankara, Turkey, where he attended grades K-12 in a Department of Defense Dependents School. Born in Turkey, Khan speaks Turkish and English as native tongues and learned elementary French in high school. In his free time, Khan enjoys hobbies like programming, photography, and travel.
In January, and all year, we’ll be focusing on the future of QA – where the industry is heading, how can we best add value, what skills should be developing and refining, and what software, tools and/or code should we learn?
We are excited to have a great panel – QA representatives from local companies who will help us answer some of these questions. We are happy to welcome to the following colleagues:
- Brian Gaudreau, Software Quality Professional
- Matt Pina, IT Security Consultant, UW Medicine IT
- Joy Shafer, Software Developer in Test, The Climate Corp
- Jamie Campbell, Senior Manager Engineering, Tableau Software
Moderated by Andy Fox, Software Design Engineer in Test, Quardev