Sunday, September 24, 2017

Randall Rice to Present Talk at the 28th Annual IEEE Software Technology Conference

Oklahoma City, OK, September 25, 2017:  Randall Rice, internationally-recognized author, consultant and trainer in software testing and cyber security testing will be speaking this week at the 28th Annual IEEE Software Technology Conference in Gaithersburg, MD.

Mr. Rice's presentation on Wednesday, September 27th is on the topic of "Training and Certifying Security Testers Beyond Penetration Testing". His presentation is sponsored by the American Software Testing Qualifications Board (ASTQB).

"When asking senior-level executives or security administrators about the adequacy of their organizations’ information security defenses, most people will list things such as encryption, firewalls, malware protection, and so forth. When asked, 'How effective are your defenses?' most people can’t give a definitive answer because the defenses have not been tested in a continuous and holistic way. Many people believe the status quo position that penetration testing is all that is needed to find security vulnerabilities," explains Rice.

To help meet the need of training software testers and others in how to perform security testing as a specialty practice, the International Software Testing Qualifications Board (ISTQB) has developed an Advanced Level Security Tester syllabus and exam which leads to the CTAL-SEC designation. The American Software Testing Qualifications Board (ASTQB) administers this certification in the United States. The goal is to provide the information needed to train people in performing security testing at an advanced level.

Mr. Rice is a board member of the ASTQB and is the leader of the international working group that developed the Advanced Level Security Tester syllabus.

This syllabus is freely available from the ASTQB web site at and draws from sources such as the National Institute of Standards and Technology (NIST), the Computer Emergency Readiness Team (CERT) and the Open Web Application Security Project (OWASP) to describe the in-depth knowledge needed to test the security of systems and applications of all types. This syllabus and certification covers the topic of penetration testing, but goes beyond penetration testing to test internal controls and procedures, identify vulnerabilities at the code level, perform security risk assessments, understand the tools available for security testing and how to design and conduct effective security tests.

In this presentation, Mr. Rice will present:

An overview of the ISTQB Advanced Security Tester syllabus topics
How the certification works
How this certification differs from other security certifications
How this certification is compatible with NICE’s ongoing efforts and how this relates to the various framework analyses already underway
The intended audience for the training
The value of the ISTQB Advanced Security Tester certifications to testers and to organizations

Randall W. Rice, is a highly specialized trainer and consultant in the field of software testing and cyber security testing with clients in every industry sector, including defense and finance. He is the co-author with William E. Perry of two books, “Surviving the Top Ten Challenges of Software Testing” and “Testing Dirty Systems.”

Wednesday, September 20, 2017

ASTQB Summit Recap

Hi Everyone,

I just want to thank everyone who helped make the recent ASTQB Summit in Newport Beach, CA a success. Our team did a great job with handling marketing and logistics, as well as the technical program. Our speakers did a great job (I'm not sure about that Rice guy...).

But most of all, I want to thank those that support ASTQB and spent last Friday to expand their knowledge and collaborate with other testers. We had people in attendance from all over the country!

I told people in my sessions that I would have my slides posted to the blog, but as a board we decided it would be more fair to those who paid to attend the event to have exclusive access to the materials. So, if you were in attendance you will soon be receiving an e-mail with instructions on how to get the content.

If you have any questions about anything I said in my three presentations (by the way, thanks also to my co-presenter Taz Daughtrey in the Mobile Testing and Security Testing Workshop), please feel free to add a comment/question below. I got a bit edgy in my Agile presentation, but sometimes I just feel I have to say it like I see it. I will have some articles and perhaps webinars in the coming days to flesh out those thoughts.

Thanks again!