Ed Adams
CEO of Security Innovations and Founder of AppSIC
Presentation: What does Security Mean to my Business: The Quest for Security Testing and ROI

Warning: this talk contains graphic examples of software failure... not for the faint of heart. This "no holds barred" presentation tells you what you really need to know about security testing from customer and development group needs to execution. We will go through the entire process from threat modeling and test planning to test execution. The talk is designed to give managers and executives insight into the process and derive ROI metrics for their environment(s).

There's no doubt that security has been one of the biggest pains faced by the IT industry in the last few years. Breaches cause downtime and data corruption; they enable theft, lead to exposure, and many companies now face legal penalties under relatively new laws like Sarbanes-Oxley and California Senate Bill 1386. Corporations are beginning to realize that their biggest IT risks stem from fundamental flaws in software, and this understanding is starting to change how these organizations are making software purchasing and deployment decisions. To meet these needs, we need “new rules” for measuring security with a view to help CIOs and IT managers identify their biggest risks and make more security-savvy software purchasing, development, and deployment decisions. This presentation will dig into these “new rules” for measuring security testing with a view to help CIOs and IT managers make more informed and security-savvy purchasing and deployment decisions.

• How much value will adding this security control bring to my organization?
• What are the activities that provide the largest security return on investment?
• How do I know I'm improving on security?
• When I buy or build this product, what is the security risk in deploying it and how does that risk vary from product to product?
• What should be IT or development team be doing to ensure secure data and applications?

This talk will also discuss the progress of development of international cross-industry standards and metrics by which organizations can measure application security.  Specifically, we will discuss how we as software executives can:

• Bridge the gap between application security issues & business needs
• Develop a yardstick for secure software development processes
• Generate application security assessment criteria, and
• Proliferate knowledge and insight on application security and how to measure ROI
• How to effectively integrate security into your software development lifecycle (SDLC)

Measuring software security is the very reason the AppSIC non-profit consortium (www.appsic.org) was created. This session, presented by the founder of AppSIC, will present some new ways to get traction on software risk and make more security-strategic purchasing, development, and deployment decisions. You will learn why companies like Microsoft, Oracle, SAP, ING, Gartner, IDC, and others eagerly joined the AppSIC think tank and offered their CSO's and Sr. VP's to the consortium.

Biography:

Ed Adams is a seasoned software executive with successful business experiences in various-sized organizations that serve the IT security and quality assurance industries. As CEO, Mr. Adams leverages his technical and business skills, as well as his pervasive industry experience, to direct renowned application security experts and deliver world-class services, technology and intelligence to many of the most recognizable technology companies in the world, including Microsoft, IBM, Symantec, SAP and HP. Mr. Adams is also the founder and business owner of the Application Security Industry Consortium, Inc. (AppSIC), an association of industry technologists and leaders to help establish and define cross-industry application security guidance and metrics.

Prior to Security Innovation, Mr. Adams was senior vice president at Ipswitch, Inc., where he directed more than half of the company to substantial revenue growth and major structural and strategic direction shifts. Mr. Adams was also vice president of marketing and certification for VeriTest, a division of Lionbridge Technologies, and held a senior management role at Rational Software (now IBM), where he derived many of the software quality and business concepts that add significant value and credibility to the initiatives he brings to Security Innovation. Mr. Adams also held senior management positions with Logistic Solutions, MathSoft, Foster-Miller and two US Army Research Labs.

Mr. Adams has presented at thousands at seminars and software industry conferences, as well as to numerous universities and private companies. He has contributed written and oral commentary for media outlets such as SC Magazine, CIO Update magazine and New England Cable News.  He has also written numerous whitepapers on Software Quality & Security, including “Security by Design”, “Why is Application Security so Elusive”, “Achieving Quality by Design” and "The Business Argument for Investing in Test Automation.”

Mr. Adams earned his MBA degree with honors from Boston College and has B.A. degrees in Mechanical Engineering and English Literature from the University of Massachusetts and has been an active member of the software quality industry for more than a decade.

Ken Johnston
Director of test excellence for Microsoft
Presentation: How Microsoft Tests Software Today and Where We are Headed Next

Microsoft employs nearly thirty thousand software engineers world wide. More than seven thousand of those engineers are test engineers working to ship dozens of software products and web services every year in categories ranging across consumer electronics, desktop applications and servers. 

There is a massive amount of testing done at Microsoft, but with such a broad range of products there is no single "Microsoft" way to test. There are however many “best” ways to test, many common practices and some mandatory practices. As the Director of Test Excellence, Ken Johnston and his team are expected to collect all the best ideas from across the company and bring them out for broad adoption. They do this through research, training and workshops, white papers, wikis, blogs, events, and awards programs. In this session he will share in rapid fire order an overview of how Microsoft tests today and where it is headed.

Learning Objectives:

In this session attendees will learn:

• People - who we look to hire as test engineers and how do we develop them
• Processes - Common processes and choosing between agile or traditional waterfall models
• Tools - A survey of the tools we use and the ones that are available outside of Microsoft
• Mandatory - What steps to we rigorously impose on all products and why
• Future Trends - Old tricks Microsoft is re-learning and new steps to move toward continuously increased quality

Biography:

Ken Johnston is the director of test excellence for Microsoft.  He and his group are responsible for improving the people, processes and practices of software test engineering across Microsoft through the application of Human Performance Technology (HPT).  Prior to joining Engineering Excellence, Ken managed test teams for many Internet server products and MSN web services.  Before joining Microsoft in 1998 he worked as a software consultant to many fortune 500 companies and was a commissioned officer in the Army National Guard.  Johnston holds a MBA from the University of Washington.

Helen McKinstry
Director of Development Transformation and Total Quality Management for Tivoli Systems at IBM Corporation
Presentation: Critical Interaction of Tools, Process and Collaboration for Driving a High Performance Culture of Quality

Software quality depends on the effective union of tools, process and collaboration at every step of the development cycle. Tools are widely available today to improve both the qualitative results of quality assurance (e.g. detecting defects via code analysis and code coverage tools) and the efficiency of the effort (e.g. test automation for automating builds or automating test case execution). These tools demonstrate a return on investment at multiple stages of development, improving quality at each stage, and more importantly, as early as possible in the development process. However, availability of these tools alone is often not enough to drive broad adoption. Teams must incorporate the use of tools across development, including design, code, build and test, having adopted a process model which facilitates or even encourages their use. Finally, no amount of tools or best practices are effective if thought of statically. Collaboration between knowledge workers to share tools, tuning, configurations, automation scripts and experiences are essential to a high performance development experience. McKinstry will discuss some lessons learned from deploying tools, process and collaboration methods across a large and diverse software development organization within IBM, highlighting the critical interaction of these three factors in driving consistent positive results.

Biography:

Helen McKinstry is the Director of Development Transformation and Total Quality Management for Tivoli Systems at IBM Corporation. In this role, Helen's organization is responsible for driving quality initiatives and best practices across the diverse and geographically dispersed Tivoli IBM development organization, as well as working in cooperation with the rest of IBM on software quality engineering initiatives. Helen has enjoyed a 20+ year career with IBM, contributing in a wide array of IBM software development organizations. She began her career in upstate New York in IBM's mainframe operating system and application development business. She then moved to personal computer operating system development, and then on to a variety of middleware systems management applications which are delivered on a broad range of platforms and operating systems. Helen is currently located in Austin, Texas where she has lived with her family for the past ten years.

Linda Hayes
CTO of Worksoft, Inc.
Presentation: Just Say Yes!

How do you respond to outrageous demands, unreasonable schedules and miniscule budgets? By saying yes, believe it or not, but on your own terms. Learn how to deliver a quality product without sacrificing your quality of life. If you have spent any time in testing or QA you have had to deal with managers that either don't understand the work effort needed or don't care. Instead of letting them turn you into a naysayer, learn how to get to Yes!

Learning Objectives:

Learn how to:

• Respond to requests to compress the schedule
• Handle requests to expand scope
• Deal with unreasonable expectations
• Inform management without alarming them

Biography:

Linda is the CTO of WorkSoft, Inc., developer of next-generation test automation solutions. She is the founder of three software companies including AutoTester, the first PC-based test automation tool. Linda holds degrees in accounting, tax and law and is a frequent industry speaker and award-winning author on software quality. She has been named as one of Fortune Magazine's People to Watch and one of the Top 40 Under 40 by D all as Business Journal. She is a regular columnist and contributor to StickyMinds and Better Software magazine, as well as a columnist for Computerworld and Datamation , author of the Automated Testing Handbook and co-editor Dare to be Excellent with Alka Jarvis on best practices in the software industry. Her article “Quality is Everyone's Business” won a Most Significant Contribution award from the Quality Assurance Institute and was published as part of the Auerbach Systems Development Handbook.