Quality Cops

Quality assurance (QA) managers are responsible for the success or failure of mission-critical information technology systems. They prove out these systems, test them for bugs and sign off on them. If a system is life-critical - say, an air traffic control or emergency services network - one piece of buggy software could mean the difference between life and death. It's no job for the faint of heart.

Susan Burgess ends her conversations with a sappy, "Have a quality day."

But with 20 years' experience in QA, she has a right to sappiness. During that time, she's also earned a heap of accreditations and respect as an internationally recognized expert and speaker on software engineering quality for organizations like the Institute of Electrical and Electronics Engineers Inc. and the Quality Assurance Institute USA.


Who: Susan Burgess

Title: Quality assurance director

Company: Information Technology Business Group Inc., Potomac, Md.

Background: Director of the Quality Assurance Association of Maryland; advisory board member for the Quality Assurance Institute USA; co-author of the Testing Capability Maturity Model and the Method for Optimizing Software Testing Model

Nature of work: Ensuring that new software, hardware and upgrades perform as specified; that IT project requirements are met; and that all applicable standards are specified, met and followed. Also involves oversight for testing projects and programs, reporting project status to senior management and recommending quality improvements.


As the QA director at Information Technology Business Group Inc., a quality assurance and software engineering consulting firm in Potomac, Md.,

Burgess spends most of her time managing teams that examine software and hardware applications at key times in development cycles.

The teams look for bugs as well as security issues and faulty implementations and try to determine whether the application does what it's supposed to, from the user's perspective. Then Burgess decides whether the software or system is ready for prime time.

"I always find some problems: defects, poorly defined project requirements, applications that aren't user-friendly or that will crash under user load," Burgess explains.

Quality Peeves

Reporting such problems makes her none too popular among the project leaders. In fact, she's had some raucous screaming matches in the hallways with IT project leaders who felt Burgess was making them look bad. But she doesn't back down. The pressure to do things right outweighs the flack she takes from disgruntled project teams.

"If I approve a project and it fails, I could get sued. Liability in my job is a real issue. For example, what was the liability when the Mars Lander fell from the sky? That was caused by a software error," she says.

Quality Background

After completing her engineering degree in 1978, Burgess fell into QA when her employer, PPG Industries Inc., a Fortune 500 glass and paint manufacturer in Pittsburgh, sent her back to technical school to learn hardware and software. At that time, there were no certifications or formal QA training, so she did the next best thing: She got her MBA to learn management.

Now that the QA market has matured, she's brimming with certifications: Certified Software Test Engineer, Certified SPICE Assessor and Certified Quality Analyst, to name a few.

Key Quality Matters

Burgess says that in spite of its complexity, QA boils down to a few key points:

• Schedule: Does it meet deliverables on time?

• Cost: Is it within budget?

• Quality: How many defects per lines of code? What are the unresolved issues? And what is the risk?

In fact, risk management is now a critical component of QA, says Burgess. "Like right now, I have to make a decision by 5 p.m. about whether or not to let this grant management program for my client, a huge government agency, go out to the World Wide Web," says Burgess. "The agency has all kinds of financial and personal information in its databases, which need to be protected from the Internet."

No one understands risk management like the National Security Agency (NSA) in Fort Meade, Md., which dedicates teams to testing commercial software and new network configurations and installations for security vulnerabilities for the Department of Defense.

"Our users have heterogeneous networks composed of commercial products, and our customers want to know the most secure way to install them," says Neal Ziring, technical director for QA at the applications and architectures division of the NSA.

Quality Rewards

While both Burgess and Ziring say they feel the pressure of putting out quality products, they also experience the reward of making a difference. Burgess has achieved national recognition for her contributions to QA standards. And Ziring says some of his work has led to better commercial products.

Ziring describes a recommendation he recently made to solve an internal security problem involving a Web browser that incorporates hardware-based cryptography devices. "We put together the first browser/server combination that used cryptographic hardware for security," he says. "We showed this to a commercial vendor, and the CEO said he's going to put this in commercial products."

With such intangible perks, Ziring doesn't complain about his low government salary, which he declined to disclose. But if he were working in the private sector, he'd earn $75,000 to $150,000 per year, according to Burgess.

But getting there isn't easy, she says, adding, "Quality is always changing, so you have to keep up with professional development or fall behind the quality curve."

Copyright © 2000 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon