US Air Force Cyber Command: Mission-Critical QA
Establishing ISTQB-based quality assurance processes, security testing frameworks, and certified QA teams for some of the most critical software systems in the Department of Defense.
The Challenge
Software Quality Where Failure Is Not an Option
The US Air Force Cyber Command operates software systems where defects carry consequences far beyond revenue or user experience. These are mission-critical defense systems that must meet the highest standards of reliability, security, and auditability.
The Cyber Command needed to formalize its software quality assurance practices across multiple programs. Existing QA processes varied by team and lacked the standardization required for consistent, auditable results. Military QA personnel needed training in internationally recognized testing methodologies, and security testing practices needed to align with DoD and NIST frameworks.
The challenge was not only establishing these processes but ensuring they could be sustained by military personnel after the engagement concluded — requiring a focus on training, documentation, and capability transfer rather than ongoing dependency on external consultants.
The Solution
ISTQB Methodology and Security Testing for Defense
Rex Black Inc. brought its deep ISTQB expertise — as one of only 8-9 ASTQB-accredited training providers in the United States — to design QA processes purpose-built for the defense environment. The engagement combined methodology design, security testing framework implementation, and hands-on certification training for military QA teams.
What we delivered
- +ISTQB-based QA methodology design adapted for defense software environments
- +Security testing frameworks aligned with DoD and NIST cybersecurity standards
- +ISTQB certification training for military QA personnel through ASTQB-accredited curriculum
- +Test planning and risk-based testing strategies for mission-critical systems
- +Defect management and reporting processes integrated with existing military program workflows
- +Knowledge transfer and documentation to ensure long-term self-sufficiency
The Results
By the Numbers
Establishing lasting QA capability within the US Air Force Cyber Command.
Certified Teams
Military QA personnel trained and certified to international standards
Compliance Achieved
QA processes aligned with Department of Defense quality requirements
QA Processes
Documented, auditable testing methodology established across programs
Capability Transfer
Internal teams trained to sustain QA programs independently
Outcome Summary
The US Air Force Cyber Command established standardized, repeatable QA processes across its software programs. Military QA personnel earned ISTQB certifications, giving them internationally recognized credentials and a shared methodology for test planning, execution, and reporting.
Security testing practices were aligned with DoD and NIST standards, improving the overall security posture of the software systems under the Cyber Command's purview. The focus on training and documentation ensured these capabilities were retained internally, reducing long-term dependency on external consulting support.
Building QA for Mission-Critical Systems?
We bring ISTQB methodology, security testing expertise, and training programs that build lasting internal capability.
Resources for this kind of program
Reading material that goes deeper on the methodology behind this engagement.
- Whitepaper
Evaluation Before Shipping: How to Test an AI Application Before It Hits Production
The release-gate playbook for AI features. Covers the five evaluation dimensions, how to build a lean golden set, where LLM-as-judge is trustworthy and where it lies, rollout mechanics with named exit criteria, and the regression suite that keeps a shipped AI feature from quietly rotting in production.
Read → - Whitepaper
Choosing the Right Model (and Knowing When to Switch)
A practical framework for matching LLM model tier to task. Covers the four axes (capability, latency, cost, reliability), cascade routing patterns that cut cost 60 to 80 percent without measurable quality loss, switching costs you did not plan for, and the worked economics at 10K, 100K, and 1M decisions per day.
Read → - Whitepaper
Beyond ISTQB: A Multi-Domain Certification Roadmap for Technical L&D
Most engineering L&D programs over-index on a single certification family, usually ISTQB on the QA side, AWS on the infrastructure side, and under-invest across the rest of the technical domains the org actually needs. This paper covers a multi-domain certification roadmap (QA, AI, cloud, data, security, project management, software engineering) with sequencing logic for each level of the engineering ladder, plus the maintenance discipline that keeps the roadmap relevant as the technology shifts underneath it.
Read → - Guide
The ISTQB Advanced Level path, mapped
The Advanced Level landscape keeps changing — CTAL-TA v4.0 shipped May 2025, CTAL-TM is on v3.0, CTAL-TAE is on v2.0. This guide maps all four core modules, prerequisites, exam formats, sunset dates, and which module a given role should take first. Links directly to the authoritative istqb.org syllabi.
Read → - Whitepaper
Bug Triage: A Cross-Functional Framework for Deciding Which Defects to Fix
Bug triage is the cross-functional decision process that converts raw defect reports into prioritized action. Done well, it optimizes limited engineering capacity against risk; done poorly, it becomes a backlog-management ritual that neither fixes the important defects nor drops the unimportant ones. This whitepaper covers the triage process, the participants, the six action outcomes, the four decision factors, and the governance disciplines that keep triage effective in continuous-delivery environments.
Read → - Whitepaper
Building Quality In: What Engineering Organizations Do from Day One
Testing at the end builds confidence, but the most efficient quality assurance is building the system the right way from day one. This whitepaper covers the upstream disciplines — requirements clarity, lifecycle selection, per-unit programmer practices, and continuous integration — that make system-level testing cheap and fast rather than the only thing holding a release together.
Read →
Want help running a program like this?
- Service · Quality engineering
Software Quality & Security
Independent test programs, security testing, and quality engineering for systems where defects cost real money.
Learn more → - Solution
Risk Reduction & Clear Decisions
Quality programs and decision frameworks that shift risk discussions from anecdote to evidence.
Learn more → - Solution
Reliable Software at Scale
Quality engineering programs for organizations whose software is now operationally critical.
Learn more → - Government
Government & Defense
ISTQB-based test programs and security testing for federal, defense, and public-sector software.
Learn more →