The Ultimate Test?

The other night I went to see First Man, the Neil Armstrong biopic, directed by Damien Chazelle, and starring Ryan Gosling and Claire Foy.  Without going into too much about the plot (basically the follows Armstrong’s life during the Gemini and Appollo Missions)  and quality of the film, I can tell you it is an absolute masterpiece. Check out the trailer here before you go and see it yourself.

This film brought to me a thought on risk. In software testing, we think about risk all the time. The risk to the product, projects we are a part of, the team, even the company. Being a stakeholder in testing, as part of product development involves a lot of risks. However, one area of risk we rarely touch on is the risk to human life, and the cost thereafter if the worst should happen. It’s not something that really comes into the realms of possibility, unless we are testing safety-critical software, as part of a larger system, such as an aeroplane, medical device or defence system.

During the missions that Armstrong worked on, many men and women had to deal with the risk that human beings would be harmed as part of the endeavours of sending someone to the moon. Armstrong and his team were at the heart of that. Many of his colleagues were killed or injured, either during missions themselves, or during Earth-based testing of the equipment they were using.

Take the testing of Appollo 1 and subsequent deaths of astronauts Ivan ‘Gus’ Grissom, Ed White and Roger Chaffee. They died during the ground testing of the command module. According to the report that followed, the fire that killed them was caused by an electrical fault, the nylon material used in pressure suit construction,  and also the pure oxygen atmosphere of the capsule at the time.

The crews of these missions were in themselves a crucial part of the test data. If any of them were physically or mentally incapable of performing their tasks, then they either wouldn’t have been allowed to take part in missions. The lives of the people involved, as well as the financial and political cost of such missions,  would have been too great. They knew the risks, and they understood them. They took the ultimate test. They were the test!

When I think about the risk concerns of the software I’ve worked on in the past, it’s often hard for me to disassociate from the ultimate risk of that product failing. It’s probably why I am so interested in security as a concept. For me, it’s one of the ultimate tests that a software tester can undertake. What can you do to undermine the systems you build, so that you can then protect them?

During the movie, I tried to consider what heuristics they had for solving the problems they encountered. I also considered what oracles they might have looked to when building up a picture of what was important for them right then. The scope seemed to be endless. The mind boggles of the complexity of the task.

Human life seemed to me to be at the heart of the story of this movie. Not only in the grander endeavour and global impact that the success of the Appollo missions had on the world, furthering our desire for scientific exploration of space.

I salute everyone who was involved in these missions, whether they were mathematicians, computers (see Hidden Figures) physicists, engineers, administrators, or the astronauts and their families. I also salute those who came after them, during the Space Shuttle and Soyuz projects. They weren’t just test data, they were the greatest pioneers (and testers) the world has ever seen.


Living and working with depression and anxiety

There have been many mornings in the last two or three years where I just have not wanted to wake up. Where my bed has been the most welcoming and comforting place in the world. This, of course, is troublesome, especially when you need to get up to go to a place of work every day. I’m writing this as I wait for a train to London, from the south of England (which, as some of you will know, isn’t the easiest of journeys at the moment).

Depression affects me every day, to some degree or another. I have ways of managing this, but sometimes these mitigations don’t always work. Anxiety, also, in situations that generate stress. This sometimes occurs when I am late for an event or appointment, (this gets worse if I’m late because of depression) or have lost an important item like my keys or wallet. Of late, it’s also been an issue when trapped inside a train vestibule cramped against hundreds of other unfortunate people. (Thanks, Southern Rail and Thameslink)

My work does help with this, especially on rewarding and productive days. But in order to have a productive day, I need to pull myself out of bed. Practising the ability to do things you don’t feel like doing is hard work. This is often far harder and far more challenging than my professional work. So what does help?

For some, medical treatment works very well. Largely this does work for me. For about a year I was taking Citalopram. This was helping somewhat with depression, but very little for my anxiety. It also gave me horrible muscle cramps, usually in my legs. So, back to square one.

Last year, I switched to taking Sertraline. This usually helps very well with my anxiety, and moderately well with depression. Also, no muscle cramps, which is good. Remember that everyone is different, and will have needs, so speak to your GP if this is something of concern to you.

Exercise is also a great help, but I’m not a skilled sportsperson. I used to play football, rugby and cricket as a child but was always the last to get picked for teams. With my long-term back injury, running, and my previous love, squash, are now out of the question.

However, I find that swimming is the best exercise for me. It alleviates a lot of stress. Swimming also requires a lot of concentration and mindfulness, to maintain a decent pace, quality of stroke and movement through the water.

Haywards Heath Leisure Centre

Haywards Heath Leisure Centre

There are other ways and means to alleviate these feelings, but ultimately they don’t go away. It’s a case of having to build your own coping strategies.

Avoiding circumstances that exacerbate depression and anxiety is often more of a challenge. When interpersonal, work and family situations are often a trigger for depression and anxiety, then it’s often almost impossible. There are some situations you simply cannot avoid.

In the past I’ve allowed myself to let my anxiety control my behaviour, resulting in professional and personal consequences. It’s hard to give advice on this, and I won’t pretend to be able to. Everyone has different circumstances, levels of capability and needs. Just explore what is right for you.

The last thing to say is that this is an ongoing journey of discovery for me. I’m now in my early forties and wish that I could have had a better understanding of my mental health earlier in my life. If depression and anxiety is something that you live with, you will have your own stories and journeys. Explore and understand them. Very soon, I’ll be posting more on this topic, in the context of my work.

Learning from the other side: Thoughts on conferences, workshops, learning and test ideas

NB: This blog post is adapted from one I wrote for an internal blog post at work, so it has been sanitised for content.

When learning new things, ideas, skills or exploring new perspectives, the image above reflects how I am feeling when I am trying to assimilate and process all the activities I take part in within the testing community. It’s that beautiful and terrifying moment when you are flying and the sun is ablaze on the horizon. It’s knowing you’ve learned a lot, but there is so much left to learn. Perhaps a move one way or another will lead to failure, but as long as you are quick to learn from those mistakes you can be on a well-lit path again.

Over the last month or so I’ve been attending a few events, including ITAKE Unconference in Bucharest, Romania, Let’s Test in Stockholm, Sweden and Nordic Testing Days in Tallinn, Estonia. Each of these events offered something new and different for myself as a contributor to those events. However, it is the other aspects of what they provide that are important.

ITAKE Unconference

ITAKE Unconference was my first time giving a Keynote talk at a conference. This was a huge honour not just to be asked to give a talk, but also the fact that it wasn’t a testing conference. ITAKE is a developer conference. Every attendee is highly technical, lives and breathes the code they write and the tools they use. It made me realise that whilst I have spent a lot of time learning about security, there is so much else to learn. Especially about how developers learn and work, and how applications are crafted.

I spent hours talking about how to build good environments for testing using tools like Docker and Heroku, or exploring how developers think about testing. A lot of it is about unit testing, some of it is about automation. But there are a lot of developers who understand the value of good testing and want to work with testers to make it happen. There is a lot we can do better to support them in this endeavour. These are things we should be doing at Medidata…testing cannot happen or exist in a vacuum.

Yes, there were those that think the role of testing or testers is now defunct, where a technical person can achieve all things they need to on a project. It was interesting to be able to discuss and challenge some of that thinking, where a tester can be a specialist or advocate for testing on their project; rather than someone who executes tests, gathers test results and creates endless meaningless reports. I’m not saying reporting is bad, just the doing the wrong reporting is bad, and unhelpful. It doesn’t add value, nor does it explain to those who don’t test what the value of the testing is.

ITAKE is a hotbed of software craftspeople. People who want to build and develop great software for their customers and clients. The best talk I went to while I was there was one of the other keynotes. Felienne Hermans, of the Netherlands, gave a talk called:

What is science? On craftsmanship for children

This reflected on her approaches to teaching coding to children. Children learn predominately through play, exploring their environment, and asking questions. It’s something that adults have largely forgotten how to do, or if we haven’t has become more formalised. We’ve turned play and learning into work instead. We can make our learning far more creative through events such as hackathons. We should review, model and landscape our applications inside the environment we are working in. Children do this far more naturally than (some) adults.



She also talks about introducing children to the scientific method, how we observe behaviour, theorise about why the behaviour occurs and make a hypothesis, and then on to experiment in order to prove/disprove that hypothesis. This can be applied to coding as much as any branch of science or other learning.

smelly code

Let’s Test Sweden

This was a bittersweet event for me. This was my third visit to Let’s Test in as many years, but sadly it will be the last ever Let’s Test in Sweden. The organisers have decided to call it a day. This edition of Let’s Test had a distinctly technical focus, with each session being a three-hour workshop, held over two days.

I ran a workshop called Web Application Security, a Hands On Testing Challenge. We have Security Awareness Training in-house, which covers many of the techniques and tools of security testing, so this follows a similar path. Given the time and space in the office, we should be able to make this learning much more hands on. I try and provide a safe space for the attendees to find problems and ask questions about the application under test so that they can also talk with confidence about security in their own environments.

I attended a number of other workshops, including Alan Richardson’s Evil Tester’s Testing Games of Evil Testing. In this workshop, Alan introduced us to how we can use simple tools such as the browser developer tools to interact with simple JavaScript, API clients and HTTP requests to give us a competitive advantage in debugging web based games.

Whilst the topic might sound trivial, the application and usage of these tools are crucial for testing and debugging modern web applications. Browser based development tools will allow us to do so many useful things:

  • Viewing the source, both HTML and JavaScript
  • Debugging JavaScript, via the Console
  • Tampering HTTP requests
  • Testing REST services from the browser
  • Custom headers
  • Throttling application performance
  • Emulating other browsers, devices and screen resolutions

During the workshop, we played the games to understand them and their gameplay. We found bugs and fixed them, we wrote code and created cheats to make it easier to win, get massively high scores or infinite lives.

One of the other workshops I attended was Aare Nurm’s Pedal to the Metal. Aare hails from Estonia. His workshop was a fantastic, practical exploration of how software and hardware combine to make products, solving problems and exploring how stakeholder demands can cause issues and constraints with your testing, and how your testing value is perceived and acted upon.

We were given the exercise to test a keyfob for a new kind of car that was coming on the market. We didn’t have access to the vehicle, but only to a prototype to the keyfob. We needed to utilise all our testing savvy to come up with test ideas, find problems, analyse logs and even fix the issues ourselves.


Essentially the keyfob was a Raspberry Pi Zero, with a pin board and wires which could be configured to give different settings. We also had a set of LED’s which would flash according to the function the keyfob was supposed to be executing, including:

  • Unlock the car
  • Lock the car
  • Remote closing the windows
  • Activating the headlights
  • Remote boot/trunk opening
  • Start the engine

We initially observed the behaviour of the keyfob in order to determine it’s function. We were given minimal, but rapidly changing requirements not only for the product but also the business. Essentially if the car failed in the market, the company would go out of business. Hardware and software are so entwined, that even if the product is solid, well made and easy to use if the underlying software architecture is poorly implemented, this can result in a poor customer experience.

Here with my workshop partner Phil, you can observe our testing and learning. This was honestly one of the best learning experiences of my life. Check out the videos here:

Nordic Testing Days

I’ve run testing events before, such as South West Test in Bristol, and SWEWT (South West Exploratory Workshop in Testing). Never before have I helped to run a conference. Nordic Testing Days 2017 was my first adventure in being a conference organiser. It’s hard work, let me tell you.


I’ve been lucky enough to speak at every Nordic Testing Days since 2014, on both using emotional heuristics in our testing, and security testing. Last year I decided not to submit again, to allow new voices to be heard. However, the organisers asked me if I wanted to be a part of the team for 2017. This responsibility came with all sorts of challenges, including organising the venue, social events, curating and selecting the content from the call for papers, interviewing the prospective speakers, organising and facilitating tutorials and talks, as well as solving logistical problems and finding replacement speakers for those that couldn’t make it.

chris1 grete1 fiona1
Christopher Chant

Friend and Volunteer

Grete Napits Marketing Manager/Chairperson Fiona Charles Keynote Speaker and Tutorial presenter

I had the pleasure of facilitating Fiona Charle’s tutorial The Art & Science of Test Heuristics. In this session, we were tasked with coming up with test ideas for two different scenarios, interspersed with both group activities and discussion in the round.

The first activity was to generate test ideas for a number of different puzzle games, such as SmartGames IQ Steps and IQ Fit. The task was to not only solve the puzzles but also identify and utilise heuristics for solving the problems that the puzzles posed. Many questions needed to be asked, including how many ways could we solve the puzzle, what problems or issues did we identify when solving the problem, what oracles can we use when solving the problems? It was no easy task, and one of the teams gave a massive cheer when they eventually solved their puzzle.


The second activity was to generate test ideas from this video:

How many test ideas can you come up with to test the Oh Canada Beer Fridge? The main takeaway from this workshop for me was looking at heuristics as a tool to generate great testing ideas. It’s a complex problem, with no one size fits all solution. Test ideas are our life blood, by being the fuel for our learning and our ability to do our work.


Introducing…Ticket Magpie

Solving a problem of learning

I’d like to introduce you to a little project that David Hatanian and I have been working on. David is a member of the fantastic team at Codurance, and we first started working together on this project in February 2016.

Following my experiences at European Testing Conference in Bucharest, I realised the time had come for me to create and build my own vulnerable application. This was so that I would be able to run my own workshops on security testing, coach my colleagues and other testers aswell as demonstrating vulnerabilities; such as the OWASP Top 10.

My initial forays into learning security testing relied upon learning from a number of publicly available web applications. These include AltoroMutual, Gruyere from Google, and  Supercar Showdown by Troy Hunt.

I also worked closely with Bill Matthews, initially shadowing him, but then helping him to deliver workshops at international conferences. For these workshops, he built his own web application, Ace Encounters, which is a travel and wild adventure website.

Of course, using a real world application to practice these skills is highly illegal. So, students of security testing need a safe place to practice and learn. We aren’t hackers after all, we are testers. We aren’t there to steal, undermine or attack. We are there to explore and learn.

Pairing with David has been incredibly rewarding for us both. I’ve supported him with his understanding of security vulnerabilities, and he has supported me with my learning of object orientated programming (in this case Java).

A couple of months ago I ran a session using Ticket Magpie,  for the testers at NewVoiceMedia. The session was well received, and everyone appeared to have fun. The team there are really great at generating interesting test ideas, developing their skills, and following through with practical application of their learning. Taking this out into the wider community of testers was to be the next step, at Test Masters Academy.


Get Ticket Magpie

Ticket Magpie is easy to get, from David’s Github project. Check it out here and follow the instructions on the page. Here is some additional installation guidance.

Local Installation

  1. Install the components locally on your machine. You’ll need Maven, Java Development Kit and the Ticket Magpie project.
  2. Configure the JAVA_HOME and PATH environment variables, appropriate to your operating system. (Supports MacOS, Windows and Linux)
  3.  Run the application from the command line.
  4. You may choose to set up your own database, or run it in memory whilst the application is running.

Virtual Machine Installation

  1. Install Oracle VirtualBox or your favourite virtualisation tool on your machine
  2. Create a virtual machine using your OS of choice.
    • I like to use Linux Mint for this. It’s lightweight and easy to configure.
    • Remember to give your VM enough space, or make it dynamic. 8gb should more than suffice
  3. Follow the steps above and on the Github page for the project and you can’t go wrong.

Docker (this is by far the quickest and easiest way of getting things running)

  1. Install Docker on your machine
  2. Run the application from the Docker Hub image, using the provided command line:
    docker run -e "SPRING_PROFILES_ACTIVE=hsqldb" -p8080:8080 "dhatanian/ticketmagpie"

Running TicketMagpie

Once TicketMagpie is installed on your chosen environment, run the appropriate command line, then navigate your browser to:


If you are successful, your browser should display the application, and it should look like this:


Ticket Magpie

Bug Hunt

I invite you to have a go at exploring Ticket Magpie. There are some fun features for you to take a look at. I’m not going to spoil things for you by listing everything here. You might also find some interesting problems.

Because the application runs on your local machine, docker or VM, you can use any technique, tool and gnarly hack you want, without harming anything or anyone else.

Take your time and let me know what you think. If you feel the need, you are welcome to use this form to provide feedback about the application: Ticket Magpie Survey. Alternatively, just message me on Twitter, or comment on this blog.

Good Luck, and Thanks!



Journeys – in time and space

We’re all on a continuum. Life will take you in all sorts of strange directions, be it professionally or personally. These are some reflections on some of the goings on I have experienced recently.



Going over the top… Blackadder: Goodbyeee Copyright BBC (1989)

Up till the end of September, I had been working at NewVoiceMedia for nearly three years, initially as a contractor, and then latterly as a permanent member of the development team.

It was an incredible time. The opportunities that working at NVM afforded me were huge. Learning new skills, particularly in security testing, and working within strong, fast paced, agile (Agile) teams.

I thank everyone that I worked with at that time, especially Rob Lambert for giving me that chance, and enabling great testing and work in general.

I want to be a part of it…

New York. My first visit to this incredible city afforded me many great opportunities for learning, as much about being a citizen of the world (which Theresa May insists that I am not), than it was about anything else. Whilst the traffic, noise and hubbub are all consuming and sometimes overwhelming, especially in Manhattan, there is a sense of energy that I have felt that is unlike any other city.

I was there for Test Masters Academy, which was organised by Anna Royzman. Whilst I have presented workshops and talks on the subject of security testing before, this was my first time presenting in the United States. Also, this was the first time presenting using a tool that I had helped to build myself.

I came to a conclusion earlier in the year, following European Testing Conference in Bucharest. I needed to step up my game. The best workshops I had been to had been well planned, with great resources and learning opportunities. The course teacher had often created or supplied applications for the attendees to explore and test. I needed to do the same.

At ETC I met Franziska Sauerwien, of Codurance, who put me in touch with the Software Craftsmanship Slack group. There I paired up with Java developer David Hatanian, also of Codurance. Together, we created Ticket Magpie, a vulnerable web application written in Java. (More on Ticket Magpie in a future blog post)


Ticket Magpie


During the workshop, a few technical issues were to be had regarding deployment and hosting of the application on the attendees laptops. I wasn’t to be deterred, and adapted using a couple of publicly available web based vulnerable applications.

However, I quickly found that basing the content solely upon a list of well known application vulnerabilities was a mistake. It’s more important to understand the concepts of security testing rather than the vulnerabilities, without a framework in which to understand them, and the skills to explore them. This realisation was further clear to me after discussing them with Maaret Pyhäjärvi, and having a post mortem discussion with Jess Ingrassellino at the conference.

Future workshops will be supported by Ticket Magpie being deployable via a stable Docker Hub image, rather than relying on Virtual Box images, or attendees setting up the system themselves. Also there will be more of a focus on the techniques and skills of security testing, rather than just vulnerabilities.

New Pastures

This is now the beginning of my second week at Medidata. This is a new way forward for me in a number of ways. It’s my first time working in the medical and life sciences sector. Medidata build cloud platforms for their clients to manage clinical trials on new drugs and treatments. There is a lot of new domain knowledge to learn, people to meet and company culture to become a part of. It’s exciting.

Next, and this is often the tricky part…adapting to a new role. I have come from a role where I focussed predominantly on the security testing needs of the business. The objectives were to support the team with my security knowledge, plan and execute penetration testing against our services, as well as provide coaching and mentoring to my peers on the topic.

My new role has somewhat a broader remit. It’s not focussed solely on security for a start, which means I’ll get to re-explore other aspects of the testing craft. This is exciting to me. I’ll be working at a more strategic level, supporting the testers, test managers, senior management and other team members across the entire business, globally. They’ll be opportunities for training, coaching and mentoring too! I can’t wait to get my teeth stuck in to it!

Another great aspect of this, is my new commute. Now, I could complain about the cost of the British rail network. It’s one of the oldest in the world, but it does run, and usually gets me to London on time. My commute is usually between 90-120 mins each way, which affords me a great deal of time for reading, learning, and maybe catch up on some work. (Sure, I’ll probably sneak in an episode or two of my favourite TV show, or have a nap if I need one).

Time is a great resource. We shouldn’t waste it. If I’m going to spend up to four hours a day in a tin can, I’m not going to squander it.

MEWT5 – Reflections on moving from generalist to specialist testing

A change in focus

I was lucky enough to be invited to MEWT (Midlands Exploratory Workshop in Testing) last weekend (9/4/2016). The theme was professionalism, or professional testing. Unfortunately I was unable to give my presentation, due to a lack of votes and time. Fortunately however, many of the themes and issues I wanted to share did get exposed during the subsequent session discussions.  Whilst I won’t reel through a list of the talks, the content and the discussion I do want to present my thinking on my role, which has been changing from what could be termed a testing generalist towards more specialised testing.

At NewVoiceMedia we have recently formed a security team, of which I am the application security testing lead. This move has taken some time, as the corporate focus on security has matured and developed over the last few years. Whilst previously I was part of a feature team, creating products, testing features and functionality; I am now leading the charge on application security across this business.

Not only will I continue testing to a certain capacity, but also work alongside my colleagues to ensure that their features also have appropriate levels of discussion, learning and testing around the security of our products. I also need to work with the CTO, Security Officer and the other engineers on my team to raise the awareness of security matters, tailoring the content to each of the departments at NewVoiceMedia.

Professional or professional testing?

During the discussions at MEWT, we talked about what it meant to be professional testers, both with a small and big P. The focus shifted and flowed around roles and responsibilities, ethics, certification, communication, learning, models and skills. It was a challenging discussion with some deep thinking and debate throughout.

One aspect though stuck particularly with me. Abby Bangser led a discussion on what it meant for her to be a “Full Stack Tester”. This, and I am happy to be stand corrected if my interpretation is inaccurate, is Abby’s view on what it means to be a tester that is able to see and operate across not only the technical stack, but also across the business. Essentially being able to approach, think and help solve any problem that a tester might encounter. Abby herself aims to be “the worlds best rubber ducky”. (A reference to the technique by which a programmer explains their code line by line to another person, maybe a tester or programmer, or even an inanimate object: Wikipedia: Rubber Duck Debugging, Book: The Pragmatic Programmer: From Journeyman to Master; Andrew Hunt, David Thomas)

During this discussion, amongst many others, we hit upon what skills testers need to do their job.  The exploration and development of skills beyond that of testing appear to be essential for us to maintain our ability to be professional testers in a rapidly changing business and technical landscape.

It is also clear that whilst technical skills are, and should be, important, they aren’t the whole story. Testers, of whatever flavour, cannot work in isolation of their business context. We need skills that go beyond our technical knowledge and delve deeply into our business domains.

Bill Matthew’s reflected on Iain McCowatt’s statement that he prefers testing as an activity, rather than testers as a role or profession – as he see’s a problem with some of the dogma surfacing in the testing community.

Is there a problem with my T-Shape?

File 15-04-2016, 23 24 32

Which takes me to the issue I wanted to share with you here. You can find specialists in almost all walks to life, any profession, vocation, workplace and context. As I’ve previously mentioned, my main focus at work is both security testing and corporate security  awareness.

Outside work I am a Scout Leader, but I specialise in running activities for the Cub Scout section – children who are ages eight to ten and a half. I occasionally help out in other areas of Scouting also. I’ve planned and led multi activity sessions, camps and Scouting ceremonies for many children and other adult leaders.

My great-grandfather, who was a Church of Ireland and Church of England minister was also a head teacher at a school in Bath. One could argue that being a clergyman is both vocation and profession. Some might argue that teaching could be thought of in the same way.

Reverend John Willis Kearns

My maternal great-grandfather, Reverend John Willis Kearns. Headmaster of Monkton Combe School, Bath, 1900-1925

My maternal grandfather was also a clergyman, but also a community builder. One of his first parish assignments was in Lewisham, South East London, in 1943. This was of course during the World War Two, and the Blitz, one of the darkest times in the history of the United Kingdom. Alongside my grandmother, he helped keep his community together during a terribly difficult time.

My maternal grand-parents - Reverend James Hugh Jelly and Mrs Edith Mary Joyce Jelly

My maternal grand-parents getting married – Reverend James Hugh Jelly and Mrs Edith Mary Joyce Jelly in 1943

The T-shaped people in my family don’t stop there. My mother, Jocelyn, is not only a nurse, but is also an acute cancer care specialist. She is trained and practices specifically in caring for patients with urological cancers, as well as palliative care.

File 15-04-2016, 23 22 21

Jocelyn Jaun – specialist cancer care nurse, and my Mum!

So, what’s the problem here? Well, as I have deepened my skills in security testing and other matters around security, I have found that my career has shifted to focus on security almost entirely. That has presented some issues. Here is a summary of them:

The Positives:

  • Learn from great people
  • Deep skill development
  • Seen as an SME
  • Leader in the security space
  • Championing security across the business
  • Coaching other testers
  • More value to the community

The Negatives:

  • Bus factor of one – can create bottlenecks and issues around dependencies
  • Potential stagnation
  • Less time for learning as there are large demands on my time
  • Competing priorities – security isn’t at the top of everyone’s list
  • Concerned that I’m not developing other valuable skills
  • Worried that my t-shape is becoming unbalanced, or doesn’t always fit

All of these issues above are within my control to exploit, or challenge and manage. Let me focus on the specifics of this change in focus.

Firstly, It means that I’m no longer working with my previous feature team. I had developed a good working relationship with that team, and it was really difficult to transition from a close knit team who were co-located, to a more loosely formed team, who aren’t co-located, and where I’m almost autonomous. It means being more reliant on myself to get things done, rather than feeling able to support others or get support for myself when I need it. I know this isn’t strictly true, my colleagues are great and always willing to help a fellow team mate solve a problem. (Danny Dainton is a great example of this)

Secondly, becoming a bottleneck is and can be a problem. I’m still responsible for managing, planning and executing security testing across the whole business. People come to me if they need some security testing being done, but what we are working towards is each feature team taking responsibility for the security testing they need to do. Ultimately I am only one person. I can’t do everything, and sometimes I need a holiday. So to help with this I consult with each team, share ideas and knowledge, organise training, and pair with developers and testers to solve problems.

I’m one of many test engineers and development engineers, but I’m the only one of my team who has developed a deep focus in this area of testing. Many of my other colleagues have other interests and responsibilities – management and coaching, UX and design, automation, scrum-mastery, release co-ordination and regression testing, building tools and other useful things…the list goes on. It means that my t-shape can fit in with other peoples t-shape. If I don’t have the skills needed to complete a task, someone else will, and I can learn from them.

Take a look at what some folks have said about T-Shaped people, and specifically T-shaped testers.

Jurgen Apello – T-Shaped People

Rob Lambert: T-shaped testers and their role in a team

Adam Knight – guest writer on Robert Lambert’s blog – T-Shaped Tester, Square Shaped Team

Lisa Crispin – What skills should we learn & teach to build quality in?

Solving the problem

This last week has been Hackathon time at NewVoiceMedia. We get a good slice of time every few months to work on projects that are outside of our roadmaps, but that will add value to our teams, our processes and our business. It also helps with broadening and deepening your skills in all sorts of areas.

This week I’ve been involved in a coding workshop led by three of my development colleagues. Some of us were developing our C# skills, others were developing their Python or Ruby skills. I chose Python myself as it integrates well with one of the tools I use for security testing: Zed Attack Proxy from OWASP.

In the end I was able to run a ZAP scan, generate an XML report from ZAP, parse that report into JSON and then push it to a static HTML page. This is part of my aim to get security testing into our CI processes. I’ll write in more detail about this in a future post.

So whilst I might be doing less testing in future, I am still a tester. Whilst I am deepening existing skills, or adding new skills that can and will be useful. I will still have that broad range of skills that might identify me as a tester. It’s up to me to embrace the change that is happening and work with it, rather than focusing on the negative. That way I can remain relevant, valuable to my team, business and customers – and ultimately fulfill myself in my work.

I want to thank the MEWT 5 team and attendees for a great day of discussion and learning. Signing off!


MEWT5: Organisers: Bill Matthews, Simon Knight, Vernon Richards. Attendees: James Thomas, Mohinder Khosla, Adam Knight, Danny Dainton, Dan Billing, Iain McCowatt, Christopher Chant, Dan Caseley, Tony Bruce, Doug Buck, Abby Bangser

Mad as a March Hare – Musings on Rapid Software Testing and TestBash Brighton 2016

So another year has come around, and TestBash has come and gone. What was initially planned as a series of posts around TestBash and the Rapid Software Testing course didn’t come to be, due to an unforeseen technical hitch. So instead, this is my response to the events in Brighton last week. My annual pilgrimage to Brighton for TestBash had an extra few dimensions than usually just attending workshops and the coference day

Rapid Software Testing with Michael Bolton

So as I mentioned in my last post I was about to embark on the journey into Rapid Software Testing, on this occasion led by Michael Bolton. I’ve followed Michael’s (and James Bach’s) work for some time now, like a lot of testers who identify as context driven. I’ve been using many of the techniques, models and approaches to testing that RST champions for a while; mostly via learning from others, reading and applying techniques in practice. I have however not undertaken the course before now.


RST with Michael Bolton - March 2016

RST with Michael Bolton – March 2016

However the greatest impact upon my life as a tester was being able to talk and discuss the thinking around it with one of the authors themselves. It gave the the concepts, thinking and knowledge the practical grounding it needed, framing it within the discourse with Michael. A most rewarding experience. Now the unusual thing was that not only was I attending and learning at RST, but I was also facilitating on behalf of the Ministry of Testing. That meant that my primary concern was to the needs of the group and the coach. So balancing my needs and those of the group was challenging.

We discussed heuristics, oracles and models for testing in extreme depth, at least within the time allowed. We explored and practiced techniques for deep learning, exploration and test design and strategy. We would often revisit, review and tune our thinking on each topic, where Michael fed in to our learning, but responded actively to questions and responses, challenging and exploring each one in depth.

Here for example is one of the initial activities we did. A 15 min charter using the “Triangles” application. Here are my notes, capturing what I explored and discovered with my partner.

As a tester, I wanted to observe how the triangles application recorded data, inputs and outputs in the system:

We entered a range of values and inputs in to triangles.

  1. Integers
  2. Decimals
  3. Negative

We observed that a text file, triangles.txt was created by the application

Bug – the triangles.txt file is written to the folder above the application folder, so /thingstotest not /thingstotest/triangle

Bug – when we entered values into triangles, there was no feedback on the values, just the shapes.

Bug – 







These illegal characters are not fed back to the user in UI, so they don’t know what is or isn’t an illegal value. Not enough information is presented to the user.

Now, the triangle application was one I had been familiar with for a while, thanks to a great session at the office led by Chris Simms (@kinofrost on Twitter). My familiarity was not the point here. I reviewed my notes from that session, and they were different interms of info captured. I also had more time available in a lunchtime session. We had the opportunity to dig deep and produce some good work, some good testing in both sessions, but recognising the limited time we had is a factor that will need to be applied in all testing sessions.

Triangles is a fairly simple application. You enter three variables for the size and shape, and it responds with the type of triangle and an appropriate image of the shape. It also has a log file which records the values entered, and the application responses. The depth of the groups testing belies the simplicity of the application under test. Each group found different problems and further questions to ask, there were also many overlaps in our observations. However the learning was being blue to design testing on the fly, with little or no prior information. Easy, right?

Well, no, not easy. Asking good questions is never easy. And that’s the whole point of RST, I feel. A lot of traditional testing practice expects us to read documents, write documents and write test scripts. Testing through those approaches appears to be somewhat of an afterthought. 

RST challenges us  to ask good questions. Through asking and answering good questions we develop good testing ideas, strategies and approaches. The documentation becomes the notes we take, or in our case the mind maps we captured in another session. Our advocacy and responsibility for our testing and the products of our testing are at the heart of what RST is to me.

Below are some notes from the team, captured during the course. Bearing in mind that these are incomplete and a work in progress. They do have problems of ‘translational’ and ‘transactional’ awareness between the group, the coach (Micheal) and me (the scribe). Trying to capture people’s thoughts and learning is really hard, especially in large and vocal groups. The handwriting is mine, but this is the work of the whole group.


RST - Heuristics and Oracles

RST – Heuristics and Oracles

RST - Properties of Good Bug Reports

RST – Properties of Good Bug Reports

RST -  PEOPLE WORKING - a mnemonic for problem reporting

RST – PEOPLE WORKING – a mnemonic for problem reporting

RST -    Some testing models

RST – Some testing models


There is a lot to digest and process from RST, probably too much to share in a busy blog post. In summary, RST was an incredible experience. It has afforded me the opportunity for me to both challenge and consolidate my existing learning, enhance my note taking and observation skills whilst testing. It’s also allowed me through facilitation to place a greater priority on the learning experience of my colleagues than that of my own. It was hugely valuable, and I would jump at the chance to do it again. I’m grateful for Rosie Sherry for letting me facilitate on behalf of Ministry of Testing (thats me being  all corporate in the red MOT T-shirt); and to Michael for his time, knowledge and insight. Many thanks!

Rapid Software Testing  Alumni - March 2016

Rapid Software Testing Alumni – March 2016

TestBash Brighton 2016 – Workshops

So on to TestBash. The workshop day has been an event that has been introduced both through demand for rich learning opportunities in the testing community,  also the Ministry of Testing’s desire to create an environment where that can happen. In the afternoon I was running my own workshop on proxy tools, which I will leave others to reflect on in public.

For my needs I like to balance the technical learning I get with more soft skills. It’s an area I have huge problems with. Technical learning is often a case of broad reading, practice and being open to developing the skills required. My personal route to developing a reputation as a ‘security expert’ has meant that I’ve had to focus hard on the technical skills, rather than developing other elements of what testing (and software development) can be.

Christina Ohanian (@ctohanian) and Nicola Sedgwick (@nicolasedgwick) ran their workshop “Connecting the Dots: Empowering people through play” in the morning session, and I have to say it has been one of the best professional decisions I have made attending this workshop.

Christina and Nicola are great proponents of the power of play to engage and develop people within the workplace. They have worked together at The App Business, and have developed a great rapport with both each other and the folks in the workshop.

Through a series of activities, both practical and thought provoking the group were encouraged to develop our thinking and learning to enable us to solve problems and adapt to change. 

The activities were: 

  1. In a circle, we each gave our name and revealed a fact about ourselves. We then went round the circle again and had to recall the name and fact of each person in sequence. This was as much a challenge as it was an icebreaker. Memory is hugely at play here but it does fail you sometimes. Some names and facts were easier to remember tha others, perhaps because the were unusual. The rhythm and pattern of the sequence almost became second nature by the end of the game, so by the end we had all gotten to know each other through the confines of the activity. 
  2. Lego story boards  – using an iterative process, we built a narrative story board, an then constructed the narrative in Lego. At various points in the activity, a new element was introduced, or a complication that meant we needed to replan and refactor our work. In short order, we discovered that our resources, imagine and ability to adapt was to be put to the test.
  3. Project Jenga – the team were split into three groups, developers, testers and designers. With Nicola acting as a project manager, we were asked to design and build a mobile application to accompany the conference. Through discussion, we had to meet certain acceptance criteria, explore problems and risks. With each encounter we had to remove a block from a Jenga tower. With each move the risk increased that the project (or Jenga) would collapse. This activity allowed us to explore our questioning skills, as well as our empathy and co-operation with other teams.
  4. Posters – in groups we were asked to design a poster for TestBash, using certain acceptance criteria. We then wrote a description of our poster which was then shared with the other team, who then had to draw a poster using our instructions, and vice versa. A fantastic activity that dug into our ability to analyse and interpret instructions and acceptance criteria, whilst engaging with the others in the team in a visual medium. We then compared each teams efforts to see which was closest to the desired product.


Nicola and Christina did a fantastic job. I said on Twitter that this was one of the most fantastic learning experiences I have ever had, and I meant it. I still have a lot to analyse and interpret, so that I can apply the learning practically in the workplace. Maybe we can use some of these activities or others to enhance our communication, our empathy and our ability to adapt.

TestBash Brighton 2016 – Conference

The conference day in hindsight was a bit of a blur for me. With all of my might I tried to concentrate on Lisa Crispin and Emma Armstrong‘s opening talk “Building the Right Thing: How Testers Can Help”.  Unfortunately (or fortunately) I was up next on the bill, so I was a little distrcted trying to maintain focus on not collapsing in a heap. Lisa and Emma kicked off TestBash with a bang, with an insightful exploration on how testers can be the guiding light on projects, ensuring that not only teams do the job, but do right. 

Lisa Crispin and Emma Armstrong

Lisa Crispin and Emma Armstrong

After the break, one of my favourite talks was Katrina Clokie‘s “A Pairing Experiment”.  This talk described and explored how Katrina lead an developed pairing activities within her team at the Bank of New Zealand. When questioned on the challenge of convincing managers to relinquish team members for paired work, she responded that whilst they might be losing one tester for an hour a week, they’d be getting an extra tester for another hour each week. I’ve been lucky enough to see Katrina speak before about her work, and each time it’s been a revelation. She works hard to develop the testing at every organisation she has worked at, an beyond into the community itself. Great stuff!

Katrina Clokie

Katrina Clokie

Up next was John Stevenson (@steveo1967). In his half talk/half conversation “Model fatigue and how to break it” he invited us to examine critically the models we use for testing every day. 

He challenged us to reevaluate the models we use, cut them up, adapt the ones we find successful, combine them with other models, throw away ones we don’t use, create new ones if needs be. He challenges us to be diverse in our approaches to testing, no relying on this are models all the time. That way we can find out more interesting information about our testing. John is a great presenter, who engaged and enthused the audience, inviting them to through questions at him for he last 10 mins of his time on stage, rather than talk to the end of his time.

It’s something I can reflect on in my own day to day work, where we use a model to evaluate and plan our user stories the testing that is discussed in those stories. It has been adapted and changed over time to suit our needs, and I am sure will be changed or even chucked away if it doesn’t suit our purpose in the future.


John Stevenson

John Stevenson

Later on in the day we heard from Patrick Prill, in his debut talk ” Accepting Ignorance – The Force of a Good Tester”. He led us in a discussion of how ignorance is not necessarily a wilful lack of knowledge, but just an absence of knowledge. That developing through understanding where our ignorance exists, we can develop our knowledge. It’s a huge force for change in testing. This is the gap between what we know, and what we don’t. The reflection on that upon our work as testers is where this talk had its greatest impact. 

Where Patrick was not an experienced speaker (you wouldn’t know that from his talk), he utilises his many years of testing experience in Germany, the problems both cultural and technical that he encounters in his work which gave his talk huge insight. 

Patrick Prill

Patrick Prill

After lunch we had our guest speaker, Grammy award winning singer (and tester) Michael Wansley (@teewanz) give us a highly entertaining, somewhat controversial but engaging talk “Test/QA A gatekeepers experience”. Testers as gatekeepers is not a very popular paradigm amongst the vocal members of the (particularly) context driven testing community. But within the wider view of testing as a process that is involved in developing and selling products, gatekeepers are often what testers and testing are perceived as. 

It’s a popular view (one that I subscribe to) that testers should be information providers, learners, investigators but not necessarily decision makers about whether software ‘goes live’ or not. We may be part of that decision making prcoesses, but not the arbiter of it.

It’s within this context that I have a certain amount of empathy with Michael’s experience of working on a number of iterations of the Microsoft Windows operating system. He understands that testing cannot exist in a vacuum, where there isn’t recourse to customers, managers and Vice Presidents, or consequences of screwing up. His talk did (quite rightly) invite comment, and Michael stood up for his view honestly and with vigour. Whether you agree or disagree with his view, that should be applauded.


Michael Wansley

Michael Wansley

Zachary Borelli introducing Michael Wansley

Zachary Borelli introducing Michael Wansley


After that it was “Having all your testers code: It doesn’t have to be a big deal” by Anna Baik (@TesterAB) and Andrew Morton (@TestingChef) on the challenging task of ensuring all testers contribute to the automation strategy at Brightpearl. Now I have to give some personal interest here, as not only are Anna and Andrew friends of mine, they are also former colleagues of mine from my time contracting at Brightpearl in Bristol.

It’s a fast paced, highly charged environment of great development and testing across the business. I was tasked with testing integrations between the Brighpearl service and a number of third parties. I didn’t get too involved on the automation side of things, but I do know what a challenge it was to implement. 

This was I think for many a challenging talk to follow, as the style was unusual (no slides), but the content was highly pertinent and valuable to many teams now trying to grow and mature their testing capabilities and automation strategies.

Anna Baik and Andrew Morton

Anna Baik and Andrew Morton

As a tester who too often focuses on the technical rather than human elements of testing, the next talk turned out to be my absolute favourite of the day. “Do testers need a thick skin, or should we admit we’re simply human” by Nicola Sedgwick (@nicolasedgwick) was a bold and brave exploration our ability to communicate, or failings as testers to sometimes not recognise problems not with software but in ourselves.

One of the key aspects of this talk was our response to stress, how it compounds upon other stress. Where there is a lack of challenging activity, or work we care about can lead to either boredom or even more stress. Some of my close friends in testing know that the last couple of years have been difficult for me, professionally and personally, and for this reason this talk really resonated with me. Nicola challenged us to ask what kind of tester we were. Well, I’m not sure I can answer that question yet, but I’ll be one that never forgets that humans are fallible, in a world that increasingly looks to punish those who fail to realise that.


Nicola Sedgwick

Nicola Sedgwick

So to the final talks of the day – next was my friend and mentor Bill Matthews (@bill_matthews) who introduced us to the concept of Smart Algorithms. The maths and logical flows that allow systems to learn, recognise patterns and process data based on a wide range of inputs and variables. He challenged us to examine the potential testing concerns that might arise from working within such applications – a really complex problem which Bill was able to present with humour and deep, practical knowledge. I have to add here, that with glasses I am a Golden Retriever, but without I am a German Shepherd.

Bill Matthews

Bill Matthews

And finally…Nicola Owen (@NicolaO55) also from New Zealand, but recently relocated to Sweden to work with the great folks at House of Test. In “Nowhere to hide: Adjusting to being a team’s sole tester” Nicola guided us through two case studies were she was the sole tester on two very differs projects. She reflected upon her experience with great depth, clarity and insight, what she learned, her developing confidence and skill. In one case study she felt insulated from the problems that software development teams encountered, and in the other far more exposed as the sole tester. In each she presented how she approached each problem and dealt with it head on. Another awesome talk, to round off the day.


Nicola Owen

Nicola Owen

So to round off the proceedings, our host Vernon Richards (@TesterFromLeic) and his able assistant Mark Tomlison (Mark Tomlinson) lead us into a round of always amazing 99 second talks. This is the first time I have not done a 99 second talk, so it was refreshing to just sit back and enjoy. Highlights for me were Emma Keavney’s rap (@EmJayKay80) and Deborah Lee’s sit in (@DeborahLee89). Also a special mention to the new Software Testing Clinic (@TesterClinic) announced by Mark Winteringham (@2bittester) and Dan Ashby (@danashby04), which I hope to get involved in soon! Well done to all involved. A great potential showcase for future speaking talent I hope.


Mark Winteringham and Dan Ashby from Software Testing Clinic

Mark Winteringham and Dan Ashby from Software Testing Clinic

Deborah Lee

Deborah Lee

Emma Keavney

Emma Keavney

So, to wrap up, TestBash 2016 I felt was an enormous success, both from a personal point of view, and in terms of the rude health of the conference. Rosie has done a great job again this year, and I hope to be involved again in future.


After party with Jess, Rosie and Helena

After party with Jess, Rosie and Helena

Breakfast with Chris, Nicola and Martin

Breakfast with Chris, Nicola and Martin


Rapid Software Testing – Before

This is the first in a series of posts on my experiences of RST and the TestBash conference this week.

I’m on my way to Brighton today, to facilitate Rapid Software Testing, led by Michael Bolton. I’m nervous about that, but I’m more nervous about this. 

My day is off to a great start. Overslept by 30 minutes, I need to wear my layers rather than pack them, and my train into Brighton is cancelled. 

Bus replacement service to Eastbourne

So, to anyone who travels regularly on the British transport network, you’ll be familiar with the phenomenon that is the bus replacement service. 

The bus is full, and I’m sat in the jump seat next to the driver, having picked up everyone from Hastings to Eastbourne on the way. There are probably many buses and bus drivers doing similar work across the country. (Subsequent seat moves to allow an elderly lady to sit down, and I’m now on the train from Eastbourne to Brighton, via Lewes.)

It makes me think of the services we test, when they are non performant or under stress. What do systems do when they are under heavy load, or a link in the chain is broken? How do you monitor and check that the system is performing as it should?

Clearly a system of checks and monitoring have come together to arrange this bus I’m travelling on. Service performance was seen to be dysfunctional due to a systems failure, so an additional service was put in place to pick up the slack.

What can testers learn from this?

Well, my first observation is to consider what your weak areas are. Is it the infrastructure, the application or the connectivity between systems? Do you know why they are weak, or can you improve or replace them.

As I’ve seen today, a replacement or temporary service isn’t necessarily better or more comfortable, but it is getting where I need to go.

I could have easily waited to get a lift from my Mum, but she was off conducting her own business elsewhere. I would still get there, but maybe not on time.

What monitoring do you have in place?

Monitoring isn’t just for your operations teams. At NewVoiceMedia, the DevOps team use all sorts of tools to allow us to keep an eye on performance, load, volume, through put, page impressions, browser usage as well as where any breaks in our systems might be. 

It’s hugely important so we can adapt to problems, or see them off before they become issues to our customers. Peak times (like the rush hour on the transport network) are one of the main concerns. 

Why is this a problem for testers?

Well, it isn’t a problem really. It’s more of a change of mindset. As organisations have to change and evolve to meet customer needs, testers need to adapt too.

Testers can and should be more aware of the wider needs of customers who need to use performant systems, rather than just having a narrow focus on the applications only.

We should be clear and concise in our communications, and be involved in the decisions that underpin our systems.


Well, in a DevOps organisation everyone has to muck in and get their hands dirty. Sure, there are people with specialist roles and positions of responsibility. But I see testers as the glue that holds systems together. We can get involved at any point, and not just on the application layer. 

More and more will be expected of testers as organisations change to meet customer need, and we will have to meet that challenge. 


I’ve been wanting to do this course for years. And by chance, luck or fate I have the opportunity to do so now. I’ll be facilitating, so my priorities will be on the needs of Michael and the group, rather than my own.

It’s going to be a huge challenge, and like the needs of any complex system I will need to adapt.

I like to ask a lot of questions, but I anticipate a need to allow the group to generate those questions rather than myself. I’ve been told in the past that I can sometimes “not shut up” or “meander” during groups discussions.

It’s taken a lot of time and mindful thinking to try and control my natural instincts to ask questions or share knowledge, where others might not be willing, unable or be nervous. And I need to be be aware of that for the next three days.

It’s going to be epic.  Just like the scenery today.

My home, The South Downs

Distance Learning

Hey testers. It’s been a while since I have blogged last. This has mostly been because of such a massive workload, but also various personal events taking place. I normally blog when either I feel that I have something to share, or if I have a reaction to something I have learned – such as on this occasion.

CAST2015 – The Conference of the Association for Software Testing  is running as I type this, from Grand Rapids, Michigan, USA. This is the first year I have been able to monitor the live stream. This is a fantastic service, offered to allow folks who aren’t attending to listen, watch and take part (via Twitter).

I want to reflect first on yesterday’s opening keynote speech by Karen Johnson entitled “Moving Testing Forward”. This was a very personal exploration of her career, learning and life; much of which resonated with me.

This is something I have sometimes had issues with in the past, and sometimes with great detrimental effects. Without going into too much detail, I’ve been places where I have been unable to establish good working relationships, or had personal problems intrude on my working life and vice versa.

The work/life balance has always been a hard road to travel. Family, friends and other personal commitments should take priority. Whilst I was building my career often that wasn’t the case, and my personal life suffered.

I also made possibly poor choices, but yet choices that have ultimately gotten me to where I am now – a great role, testing, learning, working with great people at an exciting business. A business that does it’s best to support its employees when they have personal issues and gives them breathing space and learning opportunities to be able to craft and shape their own careers. I am very lucky.

Secondly, I’d like to reflect on the keynote from the second day by Ajay Balamurugadas, entitled “The Future of Testing”. I haven’t met Ajay yet, but I feel that I know him through his work.

As a facilitator at Weekend Testing Europe we are part of his vision to provide great learning opportunities for the entire testing community. This tweet from Maria Kedemo sums up this attitude succintly.

A long time ago I did not feel empowered at all to learn for myself. I felt that all my learning needed to come from my employer, be paid for by my employer, if they were ultimately to benefit from it. Employers invariably are businesses with their own priorities and concerns – not necessarily with the personal learning and welfare of their employees.

As Ajay said, not being able to afford to go to conferences or attend courses should never be a blocker to learning. We have blogs, books, free webinars, meetups and tester gatherings, brown bags, Skype sessions on Weekend Testing, and any number of other roads to learning.

I had an epiphany on this several years ago. I was never going to get to where I wanted to be – be a home owner, clear my student debt, start a family If I didn’t take control of that learning. So I read blogs, I joined the Software Testing Club, I started looking at the work of other testers I had heard about, I even started implementing some of their approaches and techniques. All great learning.

But to take that further and on to the next stage, I had to get away from companies that didn’t support that approach to learning. I decided to go freelance, and this I have done for about 4 years or so. Now being at New Voice Media has allowed me to expand that learning into avenues that I hadn’t thought possible, exposing me to thinking and choices that may take me away from testing to focus on security, as I do at the moment.

Thanks to the organisers of CAST and making it available to all.

From Tallinn, With Love – Looking back on Nordic Testing Days 2015

It’s been a week since I have returned from Tallinn and the Nordic Testing Days conference, which has again been brilliantly organised and executed by Grete Napits and her wonderful team in Estonia. Helena Jeret-Mäe led the curation of this years content alongside her colleagues, and without doubt the organising team had certainly raised the bar again.

Santosh Tuppad, Rob Sabourin and Helena Jeret-Mäe out in the Old town of Tallinn

Santosh Tuppad, Rob Sabourin and Helena Jeret-Mäe out in the Old town of Tallinn

There were speakers from almost all corners of the testing globe, from Canada, UK, Australia, New Zealand, India and of course Estonia. A fantastic achievement! As a result of this breadth and depth of testing talent, it was hard to choose whose talks and workshops to go to, but choose I did.

Warming up

The hospitality and warmth of the conference, and Tallinn is evident. It began with an impromptu walk round the old town with Helena and a whole bunch of other great testers. The amazing architecture, the views from the city walls and the discussion made for a fantastic evening.

Relaxing with the Friendly Tester - Richard Bradshaw

Relaxing with the Friendly Tester – Richard Bradshaw

Snap happy! Rob Lambert

Snap happy! Rob Lambert

But first on to the tutorial days! Bill Matthews and I had already run “Exploring App (In)security” at Let’s Test the previous week, and without a doubt we had learned from that experience. So, we aimed this time to rebalance the session to make it much more interactive and practical at the outset. Many of the challenges of security testing come not only from understanding the threats to applications and therefore businesses, but also understanding how those threats can be translated into real world vulnerabilities, which attackers can then exploit.

Bill Matthews - telling it like it is

Bill Matthews – telling it like it is

Bringing forward those experiences in early, so the attendees were doing practical exercises from the beginning  was our primary goal for the day, so that they got the most out of Bill and I, the material we produced and the learning they could elicit from the discussion.

Again, we started out with an exploration of the application under test, but then we burst straight into a group threat modelling exercise!

Threat modelling with these budding new security testers!

Threat modelling with these budding new security testers!

After that, all the testers broke into small groups and pairs as we all found ways to exploit the threats we modelled, by exploring the vulnerabilities that might lurk under the covers.

Pairing up with Katrina Clokie (and another tester whose name I can't remember, sorry)

Pairing up with Katrina Clokie (and another tester whose name I can’t remember, sorry)

It was a long and exhausting day. Bill and I were rarely off our feet. We had a great time working with all these fantastic testers. One or two have even got in touch since to ask follow up questions and look for further study. Very encouraging and inspiring! It’s also inspiring me to do a whole lot more in 2016!

On to the first day of the conference proper, and following an interesting keynote by Mart Noorma on the Estonian contributions on space exploration and technology, I had my first major decision to make.

Spinning up your own influence

Katrina Clokie’s workshop “Become someone who makes things happen” was one of the highlights of the conference for me. In this workshop we were challenged to make sense of what our problems are in terms of making an impact on our teams, and influencing the decision making process.

Communicating our beliefs, needs and thinking is a huge problem for testers. I often have issues on influence myself, as I have explained in this blog post: The MEWTation of Communication. So, Katrina’s workshop really resonated with me because of that. We usually worked in pairs or small groups, working through scenarios where our sales skills specifically would be challenged – selling our own ideas, thoughts, and needs in testing.

Katrina Clokie - Becoming someone who makes things happen

Katrina Clokie – Become someone who makes things happen

Katrina referred to SPIN (Situation, Problem, Implication, Need) is a sales methodology that focusses on the needs of a customer, and attunes their offerings based on a mutually agreed solution. The problem here is not necessarily getting another person to recognise that the situation you have identified is a problem, that needs resolving, but also the impact to the person you are working with.

For testers there are always scenarios where this technique, and others like it, would be useful. Communicating your thoughts and feelings on acceptance criteria, resolving issues surrounding test planning and estimation, ensuring that you have effective resources and tools to do your job, bug advocacy – the list is endless.

Katrina encouraged us not only to explore the feedback we received, but also attitudes and feelings. Whether you are respectful and caring to those you work with, the difference between aggression and assertiveness, asking the right questions at the right time and using non verbal queues can all have an impact on your influence and ability to get things done.

This was a fantastic workshop that drew the best out of everyone in the room, both new to testing, experienced and hands on, and managers too!

Testing? Thats insanity!

Next up for me was Santosh Tuppad. His energy and enthusiasm for his craft was tested to the full, as Santosh lead us through a beautiful and colourful journey, as he became inspired to begin his own journey by starting Test Insane, his own exploratory test consultancy.

Santosh Tuppad from Test Insane

Santosh Tuppad from Test Insane

The great thing about conferences of any sort is that it can bring people together. Santosh and I have been in touch for many years now, but we have never met until we came to Nordic Testing Days. It’s like we have been friends for years, so a warm hug was in order, for this strong man had traversed continents to come and speak for an hour! However his love of testing and learning permeated the social side of this conference completely.

The impressive thing about this talk though was not just Santosh’s clear love of testing as a craft, but also his contribution to the wider community. Sure, Test Insane is a consultancy, but much of the material, tools, mind maps, and papers his team produce are shared across the board – for free! A valuable resource indeed, and Santosh and his team are a very valuable addition to the testing community.

First time speaker – but not the last

My Weekend Testing colleague Neil Studd made his speaking debut at Nordic Testing Days with “Weekend Testing Europe: A behind the scenes guide to facilitating effective learning”.

Neil loves Fonzie

Neil loves Fonzie

Neil came across with a confidence that belied both his nerves and trepidation at speaking for the first time. He not only talked about the drivers to establishing an exciting and dynamic learning community for testers online, which was the main thrust of his talk – but also some of the psychological thinking that was involved in that process.

Neil talked about the imposter syndrome – where people who are extremely skilled and competent in their chosen field, and yet still feel as if they are frauds, not deserving of acclaim, attention or feel their achievements are of any worth. I think that this is a phenomenon that a lot of people encounter – only the most arrogant of people wouldn’t question themselves occasionally.

However, I feel that this is something that Neil should have no issue with. He is a highly skilled and intuitive tester, with a great breadth and depth of knowledge, and he expresses it well.

Neil’s story is a shared story however, and with Amy Phillips, and their journey to bringing back to life the Europe chapter of Weekend Testing. My involvement in that is a footnote in this story, but I hope to be very much of its future.

Gaming the system

Next up was Kristoffer Nordström and his talk “Gamification – How to Engage Your End Users”. Kris is another tester that I have known about for a while, but had neither met not seen speak. Another great opportunity to learn from someone new.

Kris’ talk was a fascinating exploration of using gamification to encourage the teams he worked with to not only produce great work, but enjoy doing it. By using elements of game thinking and mechanics, developers and testers on his teams were able to contribute to the product by finding bugs and fixing code; and were encouraged to do so by earning points (and points mean prizes).

Kris's Moomins on tour in Tallinn

Kris’s Moomins on tour in Tallinn

Here lies the problem that Kris elaborated on. How do you get people to want to work on code and bugs, but to not want to do just because they are going to earn prizes for their efforts. It’s a complex balance to strike. Renumerating them enough, with branded, high quality pencils, mugs and t-shirts; AND trying to make it fun and exciting for the dev teams.

Kris even gamed the talk, with attendees playing bingo, trying to pick out the key words from the talk. I think I would need to spend some more time with Kris to get more of a handle on this topic, as it is an interesting one. I’ve had to use similar techniques during my time as a trainee teacher and Scout leader to help children become more engaged with activities – collecting stars or badges for examples. Great stuff!

Valuable lessons

Like the rest of the conference, this keynote was another one full of firsts. Rob Sabourin is another tester who I have never met, but had heard many interesting things about. His talk ‘Value Sync’ was an exciting and dynamic discussion about what we value as testers, what people on projects and teams value, and what our stakeholders and customers value – and seeing the relationships between those values.

Rob Sabourin - Value Sync

Rob Sabourin – Value Sync

Rob’s main point was whether the conflicts in these values could be resolved, where one person values low cost over quality, or speed to market over market saturation. There are a lot of elements to balance in teams, organisations and businesses; and testers have a part to play here in expressing what they value, and ensuring that the needs of stakeholders are also met by their testing.

It was a great ending to a long hard day of learning, networking and testing! But it wasn’t over yet.

Lightning in a bottle

So, there was a big sheet of paper on a pillar in the conference lobby – Lightning talks 9pm! I was tired, but there was so much energy in the room. Bill Matthews had already pressed ganged me into speaking – 5 mins of talk + Q&A. So, I contributed the short talk I did at MEWT and compressed it down…trying to pull out the salient points – about how personal identity and problems surrounding being a ‘geek’ in the workplace affects communication and influence.

'Question Assurance' with Guna Petrova

‘Question Assurance’ with Guna Petrova

Up Periscope! - Richard Bradshaw

Up Periscope! – Richard Bradshaw

A whole bunch of great people got up to talk – Bill Matthews, Neil Studd, Guna Petrova, Pekka Marjamäki, Kristjan Uba, Erik Brickarp and Olari Koppel. Resoundingly my favourite talk of the night was Neil’s on ‘9-5 testers’. Here is his blog post on the topic: Whats wrong with 9 to 5 testers.

In the past I have been a 9 to 5 tester, getting to work, doing my work competently, going home. That’s ok! There is nothing wrong with that. I had other interests and needs – I was in a new relationship and/or recently married, or I was playing in my gaming clan. Later, in 2007 I found other interests and got in to Scouting in a big way, which takes up a huge amount of my time. It didn’t stop me wanting to be a better tester, I just didn’t go to many meetups or do much reading, and certainly no conferences. As I have encountered various family crisis recently, I have scaled back my Scouting to focus on those, but my engagement with the testing community has filled quite a lot of that void; and it has been very rewarding.

A lot of this has to do with a number of factors – and one of the major ones for me was working in an environment that allowed me to be the kind of tester I wanted to be. Some of the companies that I have worked with have been less than supportive about attending conferences, worrying about the cost and the value to the business (perfectly valid considerations, I might add). Sometimes, if they allowed it, they specified the kinds of meetings to go to, rather than the testers choice. I don’t think I went to my first meetup until around 2008/9, almost a decade into my career.

I raised a question – ‘isn’t this about bad testers?’ not whether you spend every waking hour testing? It’s a different question, and not one we focussed on. Bad testing is not the same as being someone who doesn’t want to do testing or talk about testing in their spare time.

Neil also talked about introverted behaviours and how they might be a blocker to getting people engaged. It’s a complex problem, and not one easily solved. Except that creating a safe space for learning, either physical or not, that allows anyone to learn at their own speed and their own time can only be a good thing.

Rob Remaining Relevant

Friday morning brought new experiences and new challenges, namely watching Rob Lambert’s opening keynote on the second day of the conference. “Why remaining relevant is so important” reflects on the fast pace of change needed in businesses and services, and our place within that change. Do we sit on our hands and do nothing to meet that challenge and let opportunities pass us by, or do we skill up and start adding lots of value to our teams and businesses.

Ten Behaviours - with Rob Lambert

Ten Behaviours – with Rob Lambert

Whilst it may seem to be basic to talk about how you can remain  employable, it talks a lot more to ensure you remain valuable to your team, and continue to be valuable throughout. It’s a challenge we face every day, not only as testers, but as members of a wider development organisation. And ALL of what Rob talks about in this talk is valuable to everyone, not just testers. One of the main points here I took home was adding skills. Add as many skills as you can, become good at them – it might be coding, or using a particular tool, or being knowledgeable about a particular testing approach, or domain knowledge in your organisation. These ALL add value!.

I’d like to reflect further on these points in due course, but it would take too long here to discuss. However I would say this. Rob’s book “Remaining relevant and employable” is a great read. I read it in one sitting by the pool in the Canary Islands, and was one of the main reasons I decided to take a permanent role at New Voice Media. I’ve told this to Rob myself, and I don’t mind telling you now.

Preaching to the unconverted

Lastly, before I wrap up, I wanted to say a word about Katrina Clokie’s talk, which was a last minute substitution to the programme. “Sharing Testing with Non-testers in Agile teams” was a fantastic case study on how Katrina went into a business with little or no testing, little or no agility and was expected to give them all that in a 90 minute training session.

Super sub - Katrina Clokie

Super sub – Katrina Clokie

Katrina’s experience here was an expression of a depth of knowledge and skill, but also patience, timing, communication, tact and learning. Something we all should pay heed to.

Fantastic Revelations, Amazing Revelations

I’m not going to write much about my own talk “The Testing of Fear” here. I can’t really reflect on this easily in public. Giving this talk was emotionally difficult for me. I had practiced the talk before, at meetups in the UK. All the talks went well.

Due to the unfortunate and untimely death of an early mentor in my career, Adrian Smith, I changed the initial few slides late the previous night. Adrian was important to me, not least because he helped me get my first step on the ladder. His encouragement, leadership, skill and fortitude was an example to all who met and worked with him.

I went to his funeral this afternoon, and I learned a lot about him. As a lad he learned to be a butcher in his home town. He was a Royal Marine Commando, and served his country on many occasions. After leaving the Marines, he served as a police officer, where he met his late wife Deena. After that, he began a largely self taught career in IT – project and people manager, developer, tester, architect, DBA – almost everything you could think of, he could do! We all respected him and loved him. His funeral service this afternoon reflected that, as many of his friends and colleagues joined his family to celebrate his life today.

He was an agent of change – no fear of that.

Farewell…but not goodbye

Nordic Testing Days 2015 was an intense three days of learning and development for me. I hope to be privileged enough to attend again next year, and for years to come. It is a dynamic and exciting conference, with a wide breadth and depth of excellent testers and experiences. I know it will go on being that way! I can’t wait for 2016!