Mr. Rice's presentation on Wednesday, September 27th is on the topic of "Training and Certifying Security Testers Beyond Penetration Testing". His presentation is sponsored by the American Software Testing Qualifications Board (ASTQB).
"When asking senior-level executives or security administrators about the adequacy of their organizations’ information security defenses, most people will list things such as encryption, firewalls, malware protection, and so forth. When asked, 'How effective are your defenses?' most people can’t give a definitive answer because the defenses have not been tested in a continuous and holistic way. Many people believe the status quo position that penetration testing is all that is needed to find security vulnerabilities," explains Rice.
To help meet the need of training software testers and others in how to perform security testing as a specialty practice, the International Software Testing Qualifications Board (ISTQB) has developed an Advanced Level Security Tester syllabus and exam which leads to the CTAL-SEC designation. The American Software Testing Qualifications Board (ASTQB) administers this certification in the United States. The goal is to provide the information needed to train people in performing security testing at an advanced level.
Mr. Rice is a board member of the ASTQB and is the leader of the international working group that developed the Advanced Level Security Tester syllabus.
This syllabus is freely available from the ASTQB web site at http://www.astqb.org and draws from sources such as the National Institute of Standards and Technology (NIST), the Computer Emergency Readiness Team (CERT) and the Open Web Application Security Project (OWASP) to describe the in-depth knowledge needed to test the security of systems and applications of all types. This syllabus and certification covers the topic of penetration testing, but goes beyond penetration testing to test internal controls and procedures, identify vulnerabilities at the code level, perform security risk assessments, understand the tools available for security testing and how to design and conduct effective security tests.
In this presentation, Mr. Rice will present:
• An overview of the ISTQB Advanced Security Tester syllabus topics
• How the certification works
• How this certification differs from other security certifications
• How this certification is compatible with NICE’s ongoing efforts and how this relates to the various framework analyses already underway
• The intended audience for the training
• The value of the ISTQB Advanced Security Tester certifications to testers and to organizations
Randall W. Rice, is a highly specialized trainer and consultant in the field of software testing and cyber security testing with clients in every industry sector, including defense and finance. He is the co-author with William E. Perry of two books, “Surviving the Top Ten Challenges of Software Testing” and “Testing Dirty Systems.”