Monthly Archives: April 2011

Free, Interactive Webinar to Offer SEPG Europe 2011 Preview on May 5

SEPG Europe 2011, the premier conference on software, systems, and services process improvement with a focus on Global Excellence in Software and Security, will be held in Dublin, Ireland, June 7-9, 2011. On May 5, join Alan Willett, SEPG Europe 2011 Technical Co-Chair, for a one-hour webinar that will provide a preview of the conference technical program and activities.

This webinar will introduce you to the 2011 keynote speakers and provide more in-depth information on the technical tracks that make up the conference program. While the primary focus of the webinar is to provide insight into the technical program, Willett will also share highlights of the special SEI-led tutorial offerings scheduled on Monday, June 6, the certification exam opportunities, student poster presentation program, social events, and networking opportunities. Finally, webinar attendees will be reminded of how they can connect with us via various social media channels before, during, and after the conference.

Willett will also answer questions from participants, so don’t miss your chance to connect with one of this year’s technical program chairs. This one-hour webinar is free and open to all interested individuals.

Register
Click here for more information or to register for the webinar.

About the Speaker

Alan Willett, SEPG Europe 2011 Technical Co-Chair

Alan Willett, SEPG Europe 2011 Technical Program Co-Chair, is the expert at transforming groups of people into high performance teams. Alan has been with the SEI for more than 10 years working with organizations around the world including Oracle, Microsoft, Intuit, NASA and many others. Alan has worked with software teams and their executives coaching them from planning of a project all the way through delivery. Many of the teams have delivered on time software with extraordinary quality, some with zero defects ever found by the customer.

Leading Experts from CERT and SEI Offering AIM, CERT Tutorials at SEPG Europe 2011

You can maximize your travel costs and create an even more robust educational experience at SEPG Europe 2011 (7-9 June 2011 in Dublin, Ireland) by taking a one-day tutorial on Monday, 6 June. Delegates may choose one tutorial from a menu of five topics led by leading experts from the SEI.

The registration fee for a Monday tutorial session is $250 (separate from the SEPG Europe 2011 registration). Tutorial registration may be completed through the general SEPG Europe 2011 registration link.

Cyber Response and Analysis Challenge
Presenters: Chris May, Dennis Allen

This tutorial is a team-based, live-fire cybersecurity exercise involving a fictitious shipping company experiencing numerous cyber-security events and anomalies. Participants will be organized into teams, where they must work together to detect, identify, report, and potentially mitigate live events while also taking staged quizzes to test their understanding and facilitate a friendly competition as well as conduct forensically sound volatile and persistent data acquisition and analysis.

Tutorial participants must bring a WiFi-enabled laptop to the tutorial in order to access CERT’s XNET cyber training platform. Participants will be provided with 10 days of remote XNET access prior to the tutorial so they can develop and polish their skills with preparatory hands-on labs.

The tutorial will allow participants to:

* Understand how to access and utilize the XNET cyber training profile.
* Work through scenarios to detect, identify, report, and mitigate events.
* Analyze data collected during the scenarios.

Forensics for Law Enforcement
Presenter: Rich Nolan

This tutorial is designed for individuals involved in law enforcement who wish to receive targeted training. It concentrates on four primary components (Imaging, Forensics Tools, Cryptography and Memory Analysis, and Incident Response). This tutorial will include presentations, discussions, and practical exercises. The tutorial will also include an introduction to the CERT Forensic Appliance (FA), which contains a suite of CERT-created and open-source forensic tools.

This tutorial will allow participants to:

* Understand how to acquire forensically-sound digital images.
* Identify implications of cryptography as it relates to cyber investigations and digital forensic examinations.
* Provide incident response to victims and tactics for triage of large-scale incidents.

Introduction to the CMMI Accelerated Improvement Method (AIM)
Presenters: Timothy Chick, James McHale

This tutorial is designed for organizational leaders, process improvement champions, consultants, and advocates. It concentrates on the concepts and strategies underlying the SEI’s new Capability Maturity Model Integrated (CMMI) Accelerated Improvement Method (AIM). AIM is a radical departure from the traditional methods of CMMI implementation, technology transition, and organizational change. This tutorial will provide a foundational understanding of the technologies, tools, methods, and strategies. Case study methodology will be used to illustrate the AIM product components and implementation sequence.

The tutorial will allow participants to:

* Understand the SEI’s new CMMI-AIM.
* Obtain a foundational understanding of the technologies, tools, methods, and strategies used in AIM.
* Learn how others are using AIM and the results they have achieved.

Managing Risk and Resilience: The CERT Resilience Management Model (CERT-RMM)
Presenters: David White, Richard Caralli

This tutorial is designed for individuals who wish to learn a model-based process improvement approach to managing operational resilience using the CERT Resilience Management Model (CERT-RMM), v1.1. This tutorial will describe operational resilience in complex, risk-evolving environments as it relates to risks that affect system and software assurance and will introduce CERT-RMM concepts and process areas. CERT-RMM’s relationship to CMMI and its coverage of software and system assurance throughout the life cycle will also be explained.

This tutorial will allow participants to:

* Understand the challenges of managing operational resilience.
* Have a working knowledge of key operational resilience, operational risk, and resilience management concepts and their relationships.
* Begin planning for a process improvement effort in their organization.


Software Engineers as Insider Threats: Actual Attacks and Their Consequences
Presenter: Dawn Cappelli, Michael Hanley

This tutorial will discuss the work of the CERT Insider Threat Center, which has catalogued over 500 cases of actual insider attacks, capturing the technical details, behavioral indicators, organizational context, management issues, and legal/contractual factors. This session will describe the patterns in each type of case (insider IT sabotage, theft of intellectual property, and fraud), focusing specifically on attacks carried out or facilitated by software engineers.

The tutorial will allow participants to:

* Understand the motivation, characteristics of insiders, behavioral and technical precursors, and technical aspects of insider fraud, theft of confidential or sensitive information, and IT sabotage.
* Understand insider threats that have been introduced during various phases of the software engineering life cycle, as well as mitigation strategies for preventing them in their own organizations.
* Know what “observables” to looking for within their own organizations that could indicate a pending insider attack.
* Leave with actionable steps that they can take to better manage the risk of insider threat in their organization.

10 Tips for Creating a Polished PowerPoint Presentation

When developing a presentation, it is important to clearly communicate the significance or importance of your topic and what it contributes to the field of study or knowledge base in the time allotted. So, to help you make the most of your time at the podium, here are 10 tips for creating a powerful, polished PowerPoint presentation:

1. Keep it Brief: Generally, you should have no more than 6 words per line and no more than 6 lines per slide.
2. Bullets: Bullets are an excellent way to minimize the text on your slides. Avoid using too many bullet points as this can make the slide too busy. You want your audience to listen to you deliver the information, rather than read the screen. To distinguish headings from bullets use different fonts.
3. Text vs. Graphics: Don’t just rely only on text to maintain the interest of your audience. It is best to use a combination of text, pictures, and other graphics, but use no more than two graphics per slide. The notes section can be used to capture your talking points or to script your presentation.
4. Font Size: Help your audience clearly see the information by using an appropriate font size. As a general rule, a one-inch letter is readable from 10 feet, a two-inch letter is readable from 20 feet, and a three-inch letter is readable from 30 feet (these measurements indicate the size of a font on your computer screen, not projected on a screen in full screen mode).
5. Font Style: Choose your font style carefully to ensure clarity. San serif fonts like Arial or Helvetica are particularly easy to read on a PowerPoint slide. Also avoid using all capital letters and italics. Be consistent with font use throughout the presentation.
6. Font Color: Font colors should be in the range of whites to yellow for dark backgrounds and black to dark blue for light backgrounds. Always avoid red, which does not project well.
7. Charts and Graphs: Use charts and graphs to back up you up; don’t let the charts use you. When using graphs, label your axis.
8. Animations: When using animations, ensure they contribute to the content of the presentation. Excessive use of animations is a distraction.
9. Contrast: To make your slides pop, use high contrast between background & text colors.
10. Quality Control: Ensure you do not have spelling or grammar mistakes. Don’t just rely on spell check; refer to the Chicago Manual of
Style for style and usage guidelines and have someone else review your slides to catch any errors that escaped you.

Are there any other tips you recommend? Leave a comment after this post to share your suggestions with other presenters and we’ll also tweet them from @SEPGConferences.

Four Accomplished Leaders to Keynote SEPG Europe 2011 in Dublin

The Carnegie Mellon Software Engineering Institute (SEI) today announced the four thought-leaders who will keynote SEPG Europe 2011 in Dublin, Ireland, on June 7-9, 2011. Martin Curley, Bill Curtis, James Over, and Alexander Springer will explore the theme Global Excellence in Software and Security as it relates to the changing and evolving landscape of software, software systems, process improvement, and software quality and their impact on high-quality software and systems.

Martin Curley

Martin Curley is director of Intel Labs Europe and a senior principal engineer at Intel Corporation. He is also professor of technology and business innovation at the National University of Ireland, Maynooth, and co-founder and director of the Innovation Value Institute, helping lead a unique industry-academic open innovation consortium to advance IT management and innovation. Curley is a fellow of the Institution of Engineers of Ireland, the British Computer Society, and the Irish Computer Society and has been a visiting scholar at the MIT Sloan School of Management. Curley is an author or co-author of three books on technology management for value, innovation, and entrepreneurship.

Bill Curtis

Bill Curtis is senior vice president and chief scientist with CAST, a leader in providing technology for measuring and evaluating application software quality. He co-authored the Capability Maturity Model (CMM) for Software, the People CMM, and the Business Process Maturity Model. Until its acquisition by Borland, he was co-founder and chief scientist of TeraQuest. He is a former director of the Software Process Program at the Software Engineering Institute at Carnegie Mellon University. He has published four books and more than 150 articles and was elected a Fellow of the IEEE for his contributions to software process improvement and measurement.

James Over

James W. Over, a senior member of the technical staff for the SEI Software Engineering Process Management Program, has been with the SEI since 1987 and currently is manager of the TSP Initiative. Over has led the SEI’s TSP Initiative since its inception, transitioning TSP into organizations in the United States and abroad. He has received the SEI Director’s Award for Excellence, the SEPM Director’s Award for Quality Innovation, and an award from Boeing Corporation for innovation and leadership in software process improvement. Over co-authored—with the late Watts Humphrey—Leadership, Teamwork, & Trust and several SEI publications on software process definition and improvement.

Alexander Springer

Alexander Springer is the director of Global Software Platform Development and Software Development for European customers of Passive Safety Systems at Robert Bosch GmbH. Springer is responsible for the worldwide development processes that align customer demands, the requirements that arise out of several process models, and the need for efficiency. Springer has played a role in helping Bosch in its journey to increased efficiency and maturity. In 2008, Bosch achieved CMMI Maturity Level 3.

“The inspiration and vision that each of these speakers will bring to SEPG Europe 2011 helps us to provide a powerful and compelling program,” said Pat Kirwan, SEPG Europe 2011 technical co-chair. “Their unique backgrounds, leadership, expertise, and enthusiasm will inspire delegates to apply innovation and creativity as they strive to deliver on-time, high-quality software to their customers.”

In addition to the keynote presentations, SEPG Europe 2011 includes a program of approximately 50 technical sessions and tutorials and social and networking opportunities with software and systems professionals from around the world.

Learn more about the SEPG Europe 2011 keynotes and register for the conference at http://www.sei.cmu.edu/sepg/europe.

SEI Hosts 23rd Annual SEPG North America in Portland

The Carnegie Mellon Software Engineering Institute (SEI) and Portland, Oregon, played host for SEPG North America 2011 from March 21-24, 2011. Approximately 650 professionals convened to learn and explore topics related to The Power of Process. This four-day gathering offered quality tutorials, top-notch technical sessions, engaging keynote addresses, and plentiful networking opportunities.

“From the exhibit hall to the session rooms to the social events, attendees used every opportunity to expand their professional networks, share knowledge, and discover practical solutions,” said Gian Wemyss, SEPG North America 2011 technical program co-chair.

“The technical discussions covered a range of topics, including agile and lean software methods, combining multiple models, the gap between software as developed versus deployed, CMMI and cloud computing, the Team Software Process, and the Accelerated Improvement Method,” added Palma Buttles, SEPG North America 2011 technical program co-chair.

SEPG: From Concept to Community

Tuesday opened with tribute to the late Watts Humphrey, founder of the SEI’s Software Process Program and a National Medal of Technology recipient, who died on October 28, 2010. Humphrey first introduced the notion of the Software Engineering Process Group in his book, Managing the Software Process, and the concept has now grown into an international conference series. A series of speakers shared their thoughts on Humphrey’s life and accomplishments.

“Watts’s numerous professional accomplishments are underscored by the fact that he began his SEI career when he was 62—an age when many people consider retirement,” said Anita Carleton, director, SEI Software Engineering Process Management Program. “Now, his life’s work is in our hands as we explore software engineering process, architecture, and security approaches that can serve as technical and business differentiators for world-class performance.”

Just before their address, Tuesday’s keynote speakers K. Dinesh and S. Kumar of Infosys Technologies Limited accepted the 2009 IEEE Computer Society/Software Engineering Institute Software Process Achievement (SPA) Award for establishing a cost-effective, sustained, and culturally integrated quality and productivity improvement program during a period of extraordinary corporate growth.

Tuesday evening, SEPG North America 2011 attendees tried their hand at the tables in a casino-themed gala reception. When their luck ran out, attendees had the option to purchase additional casino funds, the sales of which benefitted Tech Start, an Oregon nonprofit organization that promotes wider access to technology education for K-12 students.

Wednesday opened with keynote presentations from William “Liam” Durbin who spoke about “Racing Luck” and applying big-business IT skills to a niche business; and Dr. Harry Hertz, who offered insights on the Baldrige approach to performance excellence and shared easy steps attendees can take to improve their own organization. These presentations touched on the theme of fact-based decision-making versus pure intuition and luck, with the consensus being that there is room for both in professional ventures.

Reaching New Levels of Excellence in 2012

Wemyss also shared the official announcement regarding the SEPG North America 2012 location of Albuquerque, New Mexico. With the theme Reaching New Levels of Excellence, the 24th annual SEPG North America conference will help attendees to understand both principle and practice, to deliver value, and to maximize impact and business results that they can take home to their organizations.

SEPG is the premier global conference series on software and systems process management, and dates and locations have been set for future SEPG Conferences around the world. SEPG Europe 2011 will be held in Dublin, Ireland in June 7-9, 2011.


SEI Director and CEO Paul Nielsen Gives SEPG North America 2011 Conference Welcome