Sunday, September 24, 2017

Randall Rice to Present Talk at the 28th Annual IEEE Software Technology Conference

Oklahoma City, OK, September 25, 2017:  Randall Rice, internationally-recognized author, consultant and trainer in software testing and cyber security testing will be speaking this week at the 28th Annual IEEE Software Technology Conference in Gaithersburg, MD.

Mr. Rice's presentation on Wednesday, September 27th is on the topic of "Training and Certifying Security Testers Beyond Penetration Testing". His presentation is sponsored by the American Software Testing Qualifications Board (ASTQB).

"When asking senior-level executives or security administrators about the adequacy of their organizations’ information security defenses, most people will list things such as encryption, firewalls, malware protection, and so forth. When asked, 'How effective are your defenses?' most people can’t give a definitive answer because the defenses have not been tested in a continuous and holistic way. Many people believe the status quo position that penetration testing is all that is needed to find security vulnerabilities," explains Rice.

To help meet the need of training software testers and others in how to perform security testing as a specialty practice, the International Software Testing Qualifications Board (ISTQB) has developed an Advanced Level Security Tester syllabus and exam which leads to the CTAL-SEC designation. The American Software Testing Qualifications Board (ASTQB) administers this certification in the United States. The goal is to provide the information needed to train people in performing security testing at an advanced level.

Mr. Rice is a board member of the ASTQB and is the leader of the international working group that developed the Advanced Level Security Tester syllabus.

This syllabus is freely available from the ASTQB web site at and draws from sources such as the National Institute of Standards and Technology (NIST), the Computer Emergency Readiness Team (CERT) and the Open Web Application Security Project (OWASP) to describe the in-depth knowledge needed to test the security of systems and applications of all types. This syllabus and certification covers the topic of penetration testing, but goes beyond penetration testing to test internal controls and procedures, identify vulnerabilities at the code level, perform security risk assessments, understand the tools available for security testing and how to design and conduct effective security tests.

In this presentation, Mr. Rice will present:

An overview of the ISTQB Advanced Security Tester syllabus topics
How the certification works
How this certification differs from other security certifications
How this certification is compatible with NICE’s ongoing efforts and how this relates to the various framework analyses already underway
The intended audience for the training
The value of the ISTQB Advanced Security Tester certifications to testers and to organizations

Randall W. Rice, is a highly specialized trainer and consultant in the field of software testing and cyber security testing with clients in every industry sector, including defense and finance. He is the co-author with William E. Perry of two books, “Surviving the Top Ten Challenges of Software Testing” and “Testing Dirty Systems.”

No comments: