We’re all on a continuum. Life will take you in all sorts of strange directions, be it professionally or personally. These are some reflections on some of the goings on I have experienced recently.
Up till the end of September, I had been working at NewVoiceMedia for nearly three years, initially as a contractor, and then latterly as a permanent member of the development team.
It was an incredible time. The opportunities that working at NVM afforded me were huge. Learning new skills, particularly in security testing, and working within strong, fast paced, agile (Agile) teams.
I thank everyone that I worked with at that time, especially Rob Lambert for giving me that chance, and enabling great testing and work in general.
I want to be a part of it…
New York. My first visit to this incredible city afforded me many great opportunities for learning, as much about being a citizen of the world (which Theresa May insists that I am not), than it was about anything else. Whilst the traffic, noise and hubbub are all consuming and sometimes overwhelming, especially in Manhattan, there is a sense of energy that I have felt that is unlike any other city.
I was there for Test Masters Academy, which was organised by Anna Royzman. Whilst I have presented workshops and talks on the subject of security testing before, this was my first time presenting in the United States. Also, this was the first time presenting using a tool that I had helped to build myself.
I came to a conclusion earlier in the year, following European Testing Conference in Bucharest. I needed to step up my game. The best workshops I had been to had been well planned, with great resources and learning opportunities. The course teacher had often created or supplied applications for the attendees to explore and test. I needed to do the same.
At ETC I met Franziska Sauerwien, of Codurance, who put me in touch with the Software Craftsmanship Slack group. There I paired up with Java developer David Hatanian, also of Codurance. Together, we created Ticket Magpie, a vulnerable web application written in Java. (More on Ticket Magpie in a future blog post)
During the workshop, a few technical issues were to be had regarding deployment and hosting of the application on the attendees laptops. I wasn’t to be deterred, and adapted using a couple of publicly available web based vulnerable applications.
However, I quickly found that basing the content solely upon a list of well known application vulnerabilities was a mistake. It’s more important to understand the concepts of security testing rather than the vulnerabilities, without a framework in which to understand them, and the skills to explore them. This realisation was further clear to me after discussing them with Maaret Pyhäjärvi, and having a post mortem discussion with Jess Ingrassellino at the conference.
Future workshops will be supported by Ticket Magpie being deployable via a stable Docker Hub image, rather than relying on Virtual Box images, or attendees setting up the system themselves. Also there will be more of a focus on the techniques and skills of security testing, rather than just vulnerabilities.
This is now the beginning of my second week at Medidata. This is a new way forward for me in a number of ways. It’s my first time working in the medical and life sciences sector. Medidata build cloud platforms for their clients to manage clinical trials on new drugs and treatments. There is a lot of new domain knowledge to learn, people to meet and company culture to become a part of. It’s exciting.
Next, and this is often the tricky part…adapting to a new role. I have come from a role where I focussed predominantly on the security testing needs of the business. The objectives were to support the team with my security knowledge, plan and execute penetration testing against our services, as well as provide coaching and mentoring to my peers on the topic.
My new role has somewhat a broader remit. It’s not focussed solely on security for a start, which means I’ll get to re-explore other aspects of the testing craft. This is exciting to me. I’ll be working at a more strategic level, supporting the testers, test managers, senior management and other team members across the entire business, globally. They’ll be opportunities for training, coaching and mentoring too! I can’t wait to get my teeth stuck in to it!
Another great aspect of this, is my new commute. Now, I could complain about the cost of the British rail network. It’s one of the oldest in the world, but it does run, and usually gets me to London on time. My commute is usually between 90-120 mins each way, which affords me a great deal of time for reading, learning, and maybe catch up on some work. (Sure, I’ll probably sneak in an episode or two of my favourite TV show, or have a nap if I need one).
Time is a great resource. We shouldn’t waste it. If I’m going to spend up to four hours a day in a tin can, I’m not going to squander it.