W4CFI: The Art of Testing (beyond security theater)

Transcript

1. © 2026 CGI Inc. 1 The Art of Testing Beyond

   Security Theater Maaret Pyhäjärvi March 2026

2. © 2026 CGI Inc. 2 How Would You Test This?

   Raster Reveal by James Lyndsay https://www.workroom- productions.com/raster-reveal/

3. © 2026 CGI Inc. 3 How Would You Test This?

   Raster Reveal by James Lyndsay https://www.workroom- productions.com/raster-reveal/ Find (some of) what other’s have missed! Quality / Results Gap Invest RIGHT – too much, too little, the wrong kind Balancing detailed reveal vs. jumping to conclusions No one left alone with responsibilities too big for individuals

4. © 2026 CGI Inc. 4 Two weeks of vibe coding

5. © 2026 CGI Inc. 5 Task expansion: ”I asked Github

   Copilot about quality/security…”

6. © 2026 CGI Inc. 6 Security assurance 01 Security controls

   Selecting and designing proper controls. 02 3rd party vulnerabilities From Software Bill of Materials to update policies. 03 Threat modeling Risk-based targeting of application security efforts. 04 Secure programming Language awareness. 05 Audits and pentests Targeted appraisal activities.

7. © 2026 CGI Inc. 7 Quality strategy for how quality

   is created, maintained and lost Test ideas Test assumptions DEV OPS Build Plan Understand Learn Release Observe Specify with examples Test changes Test system Test in production Test process Test through telemetry

8. © 2026 CGI Inc. 8 AGE OF AI Actionable feedback

   that challenges well-maintained illusions has never been more important.

9. © 2026 CGI Inc. 9 Insights you can act on

   Founded in 1976, CGI is among the largest IT and business consulting services firms in the world. We are insights-driven and outcomes-focused to help accelerate returns on your investments. Across hundreds of locations worldwide, we provide comprehensive, scalable and sustainable IT and business consulting services that are informed globally and delivered locally. cgi.com