Building a Collaborative and Social Application Security Program
Presented by: Joe Basirico, Security Innovation, VP of Professional Services
In today’s environment, there is no arguing that a comprehensive secure development process is necessary. Fitting tools, technology, and security reviews into our current development cycle has become table stakes for companies building the software of tomorrow.
Breaking the “find and fix” vulnerability-based assessment cycle so that software is developed with security in mind from start to finish is critically important, but doing this without leveraging a collaborative and social security program that leverages bug bounty programs, security researchers, and every aspect of vulnerability disclosure misses a huge opportunity. In this talk, I will explore how your security program can reach beyond the Secure SDLC.
About our speaker: As the VP of Services, Joe is responsible for leading the Professional Services business at Security Innovation. He leverages his unique experience as a development lead, trainer, researcher, and test engineer to direct the security consulting team in the delivery of high-quality, impactful risk and software assessment and remediation solutions to the company’s customers. His ability to blend deep technical skills with risk-based business and compliance analysis is a powerful combination.
Joe has spent his career analyzing application behavior with respect to security. He has researched how software development organizations mature over time from a security perspective. Through this research, he has developed an understanding of application threats, tools, and methodologies that assist in the discovery and removal of security problems both software and process related.
Presented By: Ian King, a Hardware/Software Simulation Engineer, Flight Sciences from Blue Origin
Using the Agile Mindset (as Exploratory Testing) on the Agile Mindset
Presented by Micheal Wolf
Logs are the wrong tool for quality automation. Here’s what actually works
Presented by: Matt Griscom, MetaAutomation
Performance and Security Quality Practices in Continuous Delivery
presented by Khan Klatt, Director of Engineering at McGraw-Hill Engineering
Modern software engineering practices have challenged traditional thinking around the delivery of quality software. Waterfall practices have been eclipsed by agile practices, reducing cycle time to deliver software features from quarters or years to weeks or months. Agile practices are now being challenged by lean practices, which some organizations have exploited to reduce that cycle time from weeks/months to days/hours. In this talk, discover how decades-old quality practice and modern software engineering capabilities can be applied to deliver high-quality software on ultra-agile timeframes.
About our speaker: Khan Klatt is a Director of Engineering at McGraw-Hill Engineering, leading the company’s Continuous Integration/Continuous Delivery strategy. Khan joined McGraw-Hill Education in 2014, previously having worked in entertainment/gaming and social media startups local to Seattle. Khan built high-performance, highly-scalable APIs used by television game shows, web scraping/crawling, and content ranking algorithms, as well as a social media platform that scaled to 50M users in the early 2000’s. In the 1990s, Khan also helped co-found a Web consulting business and successfully built and sold a regional startup Internet Service Provider to a national ISP.
Khan attended Western Washington University in Bellingham, WA, where he served as the first Webmaster for that organization in 1993. His passion for progressive innovation was demonstrated in his work to integrate make the Campus-Wide Information System database available on the Web as early as 1994.
Khan came to the United States from Ankara, Turkey, where he attended grades K-12 in a Department of Defense Dependents School. Born in Turkey, Khan speaks Turkish and English as native tongues and learned elementary French in high school. In his free time, Khan enjoys hobbies like programming, photography, and travel.
In January, and all year, we’ll be focusing on the future of QA – where the industry is heading, how can we best add value, what skills should be developing and refining, and what software, tools and/or code should we learn?
We are excited to have a great panel – QA representatives from local companies who will help us answer some of these questions. We are happy to welcome to the following colleagues:
- Brian Gaudreau, Software Quality Professional
- Matt Pina, IT Security Consultant, UW Medicine IT
- Joy Shafer, Software Developer in Test, The Climate Corp
- Jamie Campbell, Senior Manager Engineering, Tableau Software
Moderated by Andy Fox, Software Design Engineer in Test, Quardev
Service virtualization in Action: How Alaska Airlines tests for snow storms in July
Presented by Ryan Papineau, Automated Testing Engineer, Alaska Airlines
Why did Alaska Airlines receive J.D. Powers’ “Highest in Customer Satisfaction” recognition for 8 years straight, plus the “#1 on-time major North American Carrier” award for the last 5 years? A large part of the credit belongs to their software testing team’s proactive approach to disrupting the traditional software testing process. The team uses advanced test automation in concert with service virtualization to rigorously test their complex flight operations management application, which interacts with myriad dependent systems (fuel, passenger, crew, cargo, baggage, aircraft, and more). The result: operations that run smoothly—even if they encounter a snowstorm in July. Attend this session to get a first-hand account of how Alaska Airlines leverages service virtualization to address common testing challenges and to learn Alaska Airlines’ best practices for managing the complexity of multiple dependent systems for testing.
About our speaker: Ryan uses systems engineering, cross-team collaboration, along with data analytics to provide complex test environments that behave like production.