Wednesday, October 18, 2017

Slides from Today's Talk at the OKC QA Meetup

Hi everyone,

Here are the slides I presented at the OKC Meeting lunch meeting. If we have a recording, I'll post it here soon as well. Thanks!

Slides - QA Certifications - Why They are Beneficial and How to Get Them

Report - The Value of ISTQB Certification

Sunday, September 24, 2017

Randall Rice to Present Talk at the 28th Annual IEEE Software Technology Conference

Oklahoma City, OK, September 25, 2017:  Randall Rice, internationally-recognized author, consultant and trainer in software testing and cyber security testing will be speaking this week at the 28th Annual IEEE Software Technology Conference in Gaithersburg, MD.

Mr. Rice's presentation on Wednesday, September 27th is on the topic of "Training and Certifying Security Testers Beyond Penetration Testing". His presentation is sponsored by the American Software Testing Qualifications Board (ASTQB).

"When asking senior-level executives or security administrators about the adequacy of their organizations’ information security defenses, most people will list things such as encryption, firewalls, malware protection, and so forth. When asked, 'How effective are your defenses?' most people can’t give a definitive answer because the defenses have not been tested in a continuous and holistic way. Many people believe the status quo position that penetration testing is all that is needed to find security vulnerabilities," explains Rice.

To help meet the need of training software testers and others in how to perform security testing as a specialty practice, the International Software Testing Qualifications Board (ISTQB) has developed an Advanced Level Security Tester syllabus and exam which leads to the CTAL-SEC designation. The American Software Testing Qualifications Board (ASTQB) administers this certification in the United States. The goal is to provide the information needed to train people in performing security testing at an advanced level.

Mr. Rice is a board member of the ASTQB and is the leader of the international working group that developed the Advanced Level Security Tester syllabus.

This syllabus is freely available from the ASTQB web site at http://www.astqb.org and draws from sources such as the National Institute of Standards and Technology (NIST), the Computer Emergency Readiness Team (CERT) and the Open Web Application Security Project (OWASP) to describe the in-depth knowledge needed to test the security of systems and applications of all types. This syllabus and certification covers the topic of penetration testing, but goes beyond penetration testing to test internal controls and procedures, identify vulnerabilities at the code level, perform security risk assessments, understand the tools available for security testing and how to design and conduct effective security tests.

In this presentation, Mr. Rice will present:

An overview of the ISTQB Advanced Security Tester syllabus topics
How the certification works
How this certification differs from other security certifications
How this certification is compatible with NICE’s ongoing efforts and how this relates to the various framework analyses already underway
The intended audience for the training
The value of the ISTQB Advanced Security Tester certifications to testers and to organizations

Randall W. Rice, is a highly specialized trainer and consultant in the field of software testing and cyber security testing with clients in every industry sector, including defense and finance. He is the co-author with William E. Perry of two books, “Surviving the Top Ten Challenges of Software Testing” and “Testing Dirty Systems.”

Wednesday, September 20, 2017

ASTQB Summit Recap

Hi Everyone,

I just want to thank everyone who helped make the recent ASTQB Summit in Newport Beach, CA a success. Our team did a great job with handling marketing and logistics, as well as the technical program. Our speakers did a great job (I'm not sure about that Rice guy...).

But most of all, I want to thank those that support ASTQB and spent last Friday to expand their knowledge and collaborate with other testers. We had people in attendance from all over the country!

I told people in my sessions that I would have my slides posted to the blog, but as a board we decided it would be more fair to those who paid to attend the event to have exclusive access to the materials. So, if you were in attendance you will soon be receiving an e-mail with instructions on how to get the content.

If you have any questions about anything I said in my three presentations (by the way, thanks also to my co-presenter Taz Daughtrey in the Mobile Testing and Security Testing Workshop), please feel free to add a comment/question below. I got a bit edgy in my Agile presentation, but sometimes I just feel I have to say it like I see it. I will have some articles and perhaps webinars in the coming days to flesh out those thoughts.

Thanks again!

Randy

Thursday, June 15, 2017

Become an ISTQB Advanced Level Certified Tester - Live Virtual Class Forming for July 31 - Aug 3, 2017

I hope you can take advantage of a unique opportunity to attend live virtual training for the ISTQB Advanced Security Tester certification this Summer.

The dates of the course are from 9 a.m. to 5:30 p.m. EDT on July 31 - August 3, 2017.

I will be the instructor of the course. As chair of the ISTQB Advanced Security Tester Working Group, I can bring a unique perspective to the training and prepare you to take the exam.

Here's what you need to know:

1. This is a live virtual class that you can take from your desk or home. You will be able to interact with me, ask questions, make comments, etc.

2. This will be an intensive course with over 20 exercises. I will present some material, then we will have exercise time. At the completion of each exercise, I give my perspective about the solutions.

3. We will go over every question in the ASTQB Sample Exam after each major section in the syllabus. There are nine sections in the syllabus.

4. If you can't make all the sessions, I am also including the e-learning version at no extra cost so you can make-up any sessions needed.

5. The exam is not included in the price of the course. However, the exam can be added for $200. You can use the exam voucher at any Kryterion exam center. Please note that while anyone may take the course and gain a lot from it, in order for you to take the exam, you must first hold the ISTQB Foundation Certification (CTFL) and have 3 or more years relevant experience in software testing or a related field.

6.  The course also includes a printed workbook. Please allow 5 - 7 days for printing and shipping the book to you. If you live outside of the USA, allow 14 days to receive the book.

7. After July 15, the registration price increases by $200. So, it's best to register soon.

8. Before registering for the class, please review the course outline and ISTQB Advanced Security Tester syllabus so you will be aware of the topics we will cover. While we do cover penetration testing, this is not a class on penetration testing. This certification and course covers many aspects of cybersecurity and the testing of security defenses.

9.  You will leave the class with an increased knowledge of how to help protect your organization by testing your security defenses to ensure they are working effectively.

10.  This course is fully accredited by the ASTQB.

11.  You can register at https://www.mysoftwaretesting.com/ISTQB_Adv_Security_Tester_Certification_Course_p/istqbseclv.htm

If you have any other questions, please feel free to contact me by phone (405-691-8075) or through the contact form at http://www.riceconsulting.com/home/index.php/component/com_formmaker/Itemid,453/id,1/view,formmaker/.

I hope to see you in the course!

Randy


Tuesday, April 25, 2017

New Monthly Subscription Pricing for e-Learning Courses

News Release
Oklahoma City, OK  73170
April 25, 2017

We are excited to announce a new way for software testers and business analysts to get the training you need to grow your career, with an affordable monthly membership that gives you maximum flexibility and choice in the topics you can explore.


Plus, you will become part of an active online community of other people who are also learning and growing in their careers. 

Now, we offer three ways to gain access to excellent e-Learning courses designed to help you expand your career in new areas:

Monthly membership (individual) - $49.99 USD/month gives you access to over 19 e-Learning courses that cover topics such as Basic Training in Software Testing, SOA Testing, Cloud Testing, User Acceptance Testing, Test Automation and many others, with new courses scheduled to be added to the catalog monthly. You can cancel your membership at any time.

Certification track membership (individual) - $69.99 USD/month gives you access to all the regular monthly membership courses, PLUS our popular ISTQB Foundation Level Course in Software Testing, ASTQB Mobile Tester Certification, and IQBBA Foundation Certification for Business Analysts. (The ISTQB Agile Foundation will be included in the near future.) Exams are not included and a 3-month minimum membership is required. Advanced certification courses are not included.

Fixed-price courses (individual) – This is our current pricing plan for all courses and includes lifetime access to the materials. You pay one price for one course. All of our e-learning courses will still be available as fixed-price courses. The only way we are offering ISTQB Advanced Certification courses is with fixed pricing. In the fixed price plan, exams are included for most courses with the exception of the ISTQB Advanced Security Tester certification.  This plan may be the most workable for people who are getting reimbursed by their employer for the training.

Here is the explainer video: https://youtu.be/X6pvEIkN7JY


All pricing plans can be quoted for teams and enterprises upon request.

As a member at any of the three levels, you have e-mail access to Randy to ask questions about the content of the course(s) you are taking. In addition, you will get member-only access to special webinars and early access to new course material and other content that Randy is creating.

These e-Learning courses are not just a collection of videos. Rather, they are complete course experiences with the same course notes you would see in a live classroom setting (the notes are shown in a PDF viewer that allows them to be printed), along with quizzes and exercises. The exercises are optional, but do reinforce the concepts in the course.

All of the courses are presented by Randall (Randy) Rice, a well-known author, consultant and trainer in the field of software testing, quality assurance and business analysis. Randy holds all ISTQB Foundation and Advanced Core Certifications, as well as the ISTQB Advanced Security Tester Certification. He has over 39 years of software development and testing experience, with the past 29 years specializing in software testing consulting and training. Randy is on the board of the American Software Testing Qualifications Board (ASTQB).

Upon the completion of a course and the submission of the course evaluation, you will receive a certificate in PDF format.

To learn more and to enroll, just visit https://www.mysoftwaretesting.com

For questions and custom price quotes, please contact Randy Rice at 405-691-8075 or from the "Contact Us" link at http://www.riceconsulting.com.

-->

Friday, April 14, 2017

My Experience at the Quest 2017 Conference

I was honored to be asked to present a half-day tutorial and track session at QAI's Quest 2017 Conference last week in Chicago. 

I have spoken at testing conferences since 1989, with only two years since then that I have sat out a year. So, I've been to a lot of these rodeos worldwide. In fact, I chaired the QAI International Software Testing Conference (1995 - 2000), so I know what it takes to keep everything on track.

It's from that background that I write this. My intent is not to take away from any other conference. I also have conferences on the schedule yet for this year. 

By the way, this blog post was not solicited. I just feel that when someone does a great job, recognition is deserved. 

I was blown away by this conference for several reasons:

Outstanding management - Tom Ticknor, Nancy Kastl, Anna Zucker and the rest of the team did a great job of making sure everything ran like clockwork. The weather turned rather bad on Wednesday (40F, 40 - 50 mph winds and rain), so the planned dinner cruise was still held on the boat, but it was enclosed and we never left the dock. It was also very challenging to get a few hundred people on busses and over to Navy Pier, but we all made it and a good time was had by all!

Outstanding volunteers - All the track hosts and other volunteers did a great job. In my experience, you can't pull off a great conference without great volunteers to make sure all the little things are handled. Thanks much to Kenneth Brown, who was my track host for both sessions. You rock!

A strong sense of community - I felt like I was among friends - and I was. In fact, in some cases, it was like old home week to see friends from the past QAI and CQAA events. I was able to strike up conversations with everyone I met. This was not a huge conference in terms of attendance, but for me it was just the right size - not too big, not too small.

Wide representation - This was not just a local Chicago event. There were people from much of the USA there, as well as from about a dozen other countries.

Great sessions - From the keynotes to the track sessions, I did not experience a bad session. Good content plus good speaking ability equals a great session. Also, the selection of topics was wide enough to cover just about anyone's topics of interest. 

Solid content - Speaking of content, one of the things that concerns me about the current state of testing is that we are taking our eyes off the main thing - testing and quality. Most testers think QA and testing are the same thing (they aren't). One thing that was striking to me was that in every session I attended, the concepts were solid, with very practical ways to apply the ideas. 

Awesome food - I can't say I ever had filet mignon for lunch at a conference before, but I did last week. I don't fly for the dining experience, and I don't expect a lot from conference fare, but really - bacon and eggs for breakfast every day? That's good stuff. Plus, the dinner cruise food was very good. Kudos to the Renaissance hotel for the preparation and for the Quest team for the menu selections.

Informative expo - The reality is most vendors go to the larger conferences because that is where the numbers are. But, how many of those people are the decision makers? I spoke with most of the vendors in the expo and found that they all had great offerings. I expect there were a fair number of decision-makers at the conference.

The negatives? I can't think of any.

I highly recommend this conference to anyone looking for any of the above things. If you are in the software testing or software quality field and live in the mid-west, attending the Quest Conference is a no-brainer. I hope to attend again in the future!




Thursday, April 13, 2017

Rice Consulting's IQBBA BA Certification Course is Accredited by the ASTQB

Press Release

Rice Consulting Announces Accreditation of New IQBBA Business Analyst Certification Training Course

Learn how to improve the quality of IT projects by understanding and documenting user needs in clear and understandable ways.

Oklahoma City, OK, April 14, 2017:  Randall Rice, internationally-recognized author, consultant and trainer in software testing and business analysis is excited to announce the accreditation of his newest course, IQBBA Foundation Level Certification Course by the American Software Testing Qualifications Board (ASTQB).

This is a course designed for business analysts and others who are looking for effective ways to gather and document user needs for projects in their organization. This course teaches people best practices in how to deliver projects that meets user needs and expectations.

The course is based on the Certified Foundation Level Business Analyst (CFLBA) Syllabus from the International Qualification Board for Business Analysts (IQBBA). Accreditation verifies that the course content covers the certification syllabus and glossary. In addition, the reviewers ensure that the course covers the materials at the levels indicated in the syllabus.

“Regardless of the project methodology in place, unless the user need is fully understood and articulated, a complete and correct solution cannot be delivered. Failure to capture the user needs is one key reason that around 30% of projects never reach successful implementation,” explained Randall Rice. 

ASTQB president, Debbie Friedenberg, says, "We believe that the IQBBA's internationally-recognized Business Analyst certification is of great importance to the profession, especially as we see the Business Analysis continuing to gain importance in the coming years."

This course is currently available on an on-site basis and in online e-Learning format. For further details, visit http://www.riceconsulting.com

To schedule a course to be presented in your company, contact Randall Rice at 405-691-8075 or by e-mail

Randall W. Rice, author and trainer of the course is a Certified Tester, Advanced Level and is on the Board of Directors of the ASTQB. He is the co-author with William E. Perry of two books, “Surviving the Top Ten Challenges of Software Testing” and “Testing Dirty Systems.”

Thursday, March 09, 2017

ISTQB Advanced Security Tester Certification Public Course May 16 - 19, 2017 - Salt Lake City Area

I am excited to announce one of the first public courses in the USA (and perhaps the world) for the ISTQB Advanced Security Tester Certification. This course will be held May 16 - 19, 2017 in Sandy, UT.

With cyber attacks occurring daily, most businesses and government agencies are under constant cyber attack. Unfortunately, many organizations are not doing enough to defend their physical and digital assets. Even more concerning is that while some organizations have firewalls, intrusion detection systems and other defenses, few of those organizations regularly test their defenses to determine their effectiveness.

In this course, you will learn a complete framework for testing security, regardless of the technology involved. This course and certification covers much more than just penetration testing. Certainly, penetration testing is an important part of security testing, but there are many other threats and vulnerabilities that require other security testing approaches.

Who Should Attend?

This course is for:
  • Software testers that hold the ISTQB Certified Tester, Foundation Level (CTFL) and want to expand their knowledge of security testing, 
  • Security testers who hold the CTFL and wish to obtain an advanced certification to solidify their knowledge, 
  • Security administrators who want to learn more about how to test the security defenses in their organization, and 
  • Anyone who wants to learn more about security testing but do not necessarily want to take the CTAL-SEC exam.

What You Need to Know:

1. This course follows the ISTQB Advanced Security Tester Syllabus and is written and presented by Randall W. Rice, chair of the ISTQB Advanced Security Tester Syllabus Working Group and holder of the CTAL-SEC, as well as all three ISTQB Core Advanced Certifications.

2. Anyone may attend this training, but to sit for the ISTQB Advanced Security Tester exam, you must hold the ISTQB Certified Tester, Foundation Level (CTFL) designation (or equivalent) and have 3+ years of software testing and related experience. Basic security and security testing concepts are assumed knowledge.

3. The course is four full days in length. No exam will be administered during the class, but attendees that meet pre-requisites and select the exam add-on option will receive a voucher to take the exam at a Kryterion Exam Center. http://www.kryteriononline.com/Locate-Test-Center

4. This is an intense, advanced level course with 28 exercises that cover all K3 and K4 learning objectives.

5. The venue will be announced soon. It will be in the Sandy, UT area. It is your responsibility to book your own hotel room.

6. Light breakfast and lunches are included.

7. A remote attendee option is available.

8. The cost is $2,495 (exam not included) for in-person attendees and $1,995 for remote attendees. There is a 10% discount for groups of 3 or more people.

9. The course program and details can be seen here: http://www.riceconsulting.com/home/index.php/ISTQB-Training-for-Software-Tester-Certification/istqb-advanced-security-tester-course.html

10. To register, please visit https://www.mysoftwaretesting.com/ISTQB_Adv_Security_Tester_Certification_Course_p/istqbsecpub.htm


If you have any questions, please contact me at 405-691-8075 or from the contact form at http://www.riceconsulting.com.

I hope to see you at this event!

Thanks,

Randy

Friday, February 24, 2017

Rice Consulting Announces Accreditation of New Certification Training Course for Testing Cyber Security

Press Release: For Immediate Release

Oklahoma City, OK, February 24, 2017:  Randall Rice, internationally-recognized author, consultant and trainer in software testing and cyber security testing is excited to announce the accreditation of his newest course, ISTQB Advanced Security Tester Certification Course.

This is a course designed for software testers and companies who are looking for effective ways to test the security measures in place in their organization. This course teaches people in-depth ways to find security flaws in their systems and organizations before they are discovered by hackers.

The course is based on the Advanced Security Tester Syllabus from the International Software Testing Qualifications Board (ISTQB), of which Randall Rice is chair of the Advanced Security Tester Syllabus working party.  The American Software Testing Qualifications Board (ASTQB) granted accreditation on Tuesday, February 21, 2017. Accreditation verifies that the course content covers the certification syllabus and glossary. In addition, the reviewers ensure that the course covers the materials at the levels indicated in the syllabus.

“With thousands of cyber attacks occurring on a daily basis against many businesses and corporations, it is urgent that companies have some way to know if their security defenses are actually working effectively. One reason we keep hearing about large data breaches is because companies are trusting too much in technology and are failing to test the defenses that are in place. Simply having firewalls and other defenses installed does not ensure security,” explained Randall Rice. “This course provides a holistic framework that people can use to find vulnerabilities in their systems and organizations. This framework addresses technology, people and processes used to achieve security.”

This course is currently available on an on-site basis, public courses and in online format. For further details, visit http://www.riceconsulting.com/home/index.php/ISTQB-Training-for-Software-Tester-Certification/istqb-advanced-security-tester-course.html. To schedule a course to be presented in your company, contact Randall Rice at 405-691-8075 or by e-mail.

Randall W. Rice, author and trainer of the course is a Certified Tester, Advanced Level and is on the Board of Directors of the ASTQB. He is the co-author with William E. Perry of two books, “Surviving the Top Ten Challenges of Software Testing” and “Testing Dirty Systems.”

Thursday, February 09, 2017

Webinar Slides and Recording - Security Testing: The Missing Link in Information Security

Thanks to everyone who participated in today's webinar. I really enjoyed the time together, even if I did experience a complete system failure and restart in the latter part of the webinar. Just to let you know how the rest of today went, I was checking out this evening at Wal-mart (not self-checkout) and after I scanned my debit card, the pin pad displayed a message, "System shutdown in progress". I don't know what it is about me, but I swear, systems fail in my presence. It has been that way for over 20 years now! Oh, the joys of being a tester!

OK, here we go...

Here is the recording link. I have edited the video so that all slides are shown and discussed.

Here is a PDF with the slides in 2-up format.

Here is a PDF with the slides in full color format.

I hope you find the information helpful. Feel free to share it. I hope it can help you build the awareness of the need for security testing in your organization.

Thanks!

Randy

Monday, January 30, 2017

ISTQB Advanced Security Tester Certification Training - March 7 - 10, Irving, TX

I am excited to announce the first public course in the USA (and perhaps the world) for the ISTQB Advanced Security Tester Certification. This course will be held March 7 - 10, 2017 in Irving, Texas.

With cyber attacks occurring daily, most businesses and government agencies are under constant cyber attack. Unfortunately, many organizations are not doing enough to defend their physical and digital assets. Even more concerning is that while some organizations have firewalls, intrusion detection systems and other defenses, few of those organizations regularly test their defenses to determine their effectiveness.

In this course, you will learn a complete framework for testing security, regardless of the technology involved. This course and certification covers much more than just penetration testing. Certainly, penetration testing is an important part of security testing, but there are many other threats and vulnerabilities that require other security testing approaches.

Who Should Attend?

This course is for:
  • Software testers that hold the ISTQB Certified Tester, Foundation Level (CTFL) and want to expand their knowledge of security testing, 
  • Security testers who hold the CTFL and wish to obtain an advanced certification to solidify their knowledge, 
  • Security administrators who want to learn more about how to test the security defenses in their organization, and 
  • Anyone who wants to learn more about security testing but do not necessarily want to take the CTAL-SEC exam.

What You Need to Know:

1. This course follows the ISTQB Advanced Security Tester Syllabus and is written and presented by Randall W. Rice, chair of the ISTQB Advanced Security Tester Syllabus Working Group and holder of the CTAL-SEC, as well as all three ISTQB Core Advanced Certifications.

2. Anyone may attend this training, but to sit for the ISTQB Advanced Security Tester exam, you must hold the ISTQB Certified Tester, Foundation Level (CTFL) designation (or equivalent) and have 3+ years of software testing and related experience. Basic security and security testing concepts are assumed knowledge.

3. The course is four full days in length. No exam will be administered during the class, but attendees that meet pre-requisites will receive a voucher to take the exam at a Kryterion Exam Center. http://www.kryteriononline.com/Locate-Test-Center

4. This is an intense, advanced level course with 28 exercises that cover all K3 and K4 learning objectives.

5. The venue is the Holiday Inn Express in Irving, Texas. The hotel is very close to the DFW airport for those who plan to travel to the course. The address is 4235 W. Airport Freeway, Irving, TX 75062. It is your responsibility to book your own hotel room.

6. Light breakfast and lunches are included.

7. A remote attendee option is available.

8. The cost is $2,795 (exam included) for in-person attendees and $2,295 for remote attendees. There is a 10% discount for groups of 3 or more people.

9. The course program and details can be seen here: http://www.riceconsulting.com/home/index.php/ISTQB-Training-for-Software-Tester-Certification/istqb-advanced-security-tester-course.html

10. To register, please visit https://www.mysoftwaretesting.com/ISTQB_Adv_Security_Tester_Certification_Course_p/secdfw.htm

If you have any questions, please contact me at 405-691-8075 or from the contact form at http://www.riceconsulting.com.

I hope to see you at this event!

Thanks,

Randy