Rapid Software Testing – Before

This is the first in a series of posts on my experiences of RST and the TestBash conference this week.

I’m on my way to Brighton today, to facilitate Rapid Software Testing, led by Michael Bolton. I’m nervous about that, but I’m more nervous about this. 

My day is off to a great start. Overslept by 30 minutes, I need to wear my layers rather than pack them, and my train into Brighton is cancelled. 

Bus replacement service to Eastbourne

So, to anyone who travels regularly on the British transport network, you’ll be familiar with the phenomenon that is the bus replacement service. 

The bus is full, and I’m sat in the jump seat next to the driver, having picked up everyone from Hastings to Eastbourne on the way. There are probably many buses and bus drivers doing similar work across the country. (Subsequent seat moves to allow an elderly lady to sit down, and I’m now on the train from Eastbourne to Brighton, via Lewes.)

It makes me think of the services we test, when they are non performant or under stress. What do systems do when they are under heavy load, or a link in the chain is broken? How do you monitor and check that the system is performing as it should?

Clearly a system of checks and monitoring have come together to arrange this bus I’m travelling on. Service performance was seen to be dysfunctional due to a systems failure, so an additional service was put in place to pick up the slack.

What can testers learn from this?

Well, my first observation is to consider what your weak areas are. Is it the infrastructure, the application or the connectivity between systems? Do you know why they are weak, or can you improve or replace them.

As I’ve seen today, a replacement or temporary service isn’t necessarily better or more comfortable, but it is getting where I need to go.

I could have easily waited to get a lift from my Mum, but she was off conducting her own business elsewhere. I would still get there, but maybe not on time.

What monitoring do you have in place?

Monitoring isn’t just for your operations teams. At NewVoiceMedia, the DevOps team use all sorts of tools to allow us to keep an eye on performance, load, volume, through put, page impressions, browser usage as well as where any breaks in our systems might be. 

It’s hugely important so we can adapt to problems, or see them off before they become issues to our customers. Peak times (like the rush hour on the transport network) are one of the main concerns. 

Why is this a problem for testers?

Well, it isn’t a problem really. It’s more of a change of mindset. As organisations have to change and evolve to meet customer needs, testers need to adapt too.

Testers can and should be more aware of the wider needs of customers who need to use performant systems, rather than just having a narrow focus on the applications only.

We should be clear and concise in our communications, and be involved in the decisions that underpin our systems.

Why?

Well, in a DevOps organisation everyone has to muck in and get their hands dirty. Sure, there are people with specialist roles and positions of responsibility. But I see testers as the glue that holds systems together. We can get involved at any point, and not just on the application layer. 

More and more will be expected of testers as organisations change to meet customer need, and we will have to meet that challenge. 

So…RST

I’ve been wanting to do this course for years. And by chance, luck or fate I have the opportunity to do so now. I’ll be facilitating, so my priorities will be on the needs of Michael and the group, rather than my own.

It’s going to be a huge challenge, and like the needs of any complex system I will need to adapt.

I like to ask a lot of questions, but I anticipate a need to allow the group to generate those questions rather than myself. I’ve been told in the past that I can sometimes “not shut up” or “meander” during groups discussions.

It’s taken a lot of time and mindful thinking to try and control my natural instincts to ask questions or share knowledge, where others might not be willing, unable or be nervous. And I need to be be aware of that for the next three days.

It’s going to be epic.  Just like the scenery today.

My home, The South Downs

It’s all about the conversations – TestBash 2015 Review

Firstly, a preemptive strike for my love of TestBash.

I make no bones about it, I love this conference. No other expression of emotion comes close. Its almost up there with my wife, family, friends, my cat and Doctor Who. (And to anyone that knows me, that is a pretty big deal)

Regardless of the quality of the conference track, speakers and workshops, this annual event is now rapidly becoming a part of me, my learning as a tester and driving my desire to evolve my testing. It also helps me support and mentor other testers – both those I work with, and those I don’t.

As I mentioned in my previous post, where I previewed TestBash 2015, if it hadn’t been for TestBash I most likely wouldn’t be working where I do today, with a company I enjoy working for, and a team that I admire and value. I also wouldn’t have had the courage to do any public speaking or workshops if I hadn’t attended TestBash in 2013. As long as it is running, and as long as I can attend, I will go. With some luck and preparation, I hope to be more involved in TestBash 2016!

Now with the context of this blog post set out, I’ll try to present my ‘impartial’ review of this conference. It’ll be hard!

For the last three years I have made a pilgrimage back to my home town of Brighton to attend TestBash. Each year it has produced a different mix of learning, excitement, comradeship and an emotional exhaustion that my friend and BrighTest organiser Kim Knup has aptly described as the post TestBash blues. Through TestBash, social media acquaintances have become colleagues in testing, and in some cases firm friends. I may only see them for a few hours a year, but for that, above anything else I am grateful to Rosie Sherry, Simon Knight and all of the Ministry of Testing team that run the event.

Brighton Pavillion at Night

Brighton Pavillion at night

I took the photo above of Brighton Pavillion, whilst having a fantastic chat with Stephen Janaway on our way to the meetup on the Thursday night. And it is this that indicates the value to me of TestBash as a whole. It’s all about the conversations. Stephen was not the first great chat that weekend, nor was it the last. We discussed testing, my poor recollection of the geography of Brighton seafront, our upcoming conference talks and workshops and even family. I suppose you could say that the testing community, formed around this conference has become as sort of family to me.

Here we are at dinner with Chris Chant, Vernon Richards and Rosie. For me, the conversations start with the small events and gestures like this, and reminds me that I owe Rosie dinner! It had become a bit of an in joke that Vernon was going to wear a tutu on stage on the conference day, and in the end he did, but not in the way you might expect.  More on that later. I was lucky enough to hangout with some of the conference speakers and workshop facilitators at dinner, discussing their experiences and feedback on the day. As conferences and workshops go, it very good value for money, as the Ministry of Testing is able to attract some high calibre speakers and contributors every year from across the community, even just to attend!

Chris, Vernon and Rosie at Dinner

Chris, Vernon and Rosie at dinner

Sadly, I was unable to attend the workshop day on the Thursday. However, I was able to catch up with some folks at the end of the day down at the Brighton Dome. There was an open meetup and test gaming session to wrap things up, so I watched a round of Set, and led a few testers in a few rounds of Zendo. If it hadn’t been for a lunchtime learning session with my colleague and friend Chris Simms a few months ago, I wouldn’t have had a set of rules in my head ready to play! All power to the test community. Even though he hadn’t attended this year, Chris’s impact was felt from afar!

Ryan and Danny at the Meetup

Ryan and Danny at the meetup

So, off to the meetup, at a bar I hadn’t been too since my early 20’s. We took a minor detour on the way, but got there in the end. Here is my colleague and good mate Danny Dainton, enjoying a drink with Ryan Rapaport, a representative of one of the conference sponsors QA Symphony. (Shameless Plug 1: I use their tool QSnap, it’s pretty good).

The greatest value of TestBash for me comes from the conversations had at meetups like this. Sure, there was a lot of talk about testing, about our experiences of testing, our learning from various books and speakers, the relative merits of one conference over another, the relative merits of one beer over another. Here I was able to catch up with my (Shameless Plug 2) Weekend Testing Europe colleagues Neil Studd and Amy Philips, and plan our ground breaking trio 99 second talk for the following day! I also managed to grab conversations with; Matt Archer, about the Ministry of Testing Dojo and Abbie Maddison, the new runner of the NottsTest meetup. It was also fantastic to catch up with Guna Petrova from Latvia, who is a key player and track organiser at Nordic Testing Days. Her outlook on testing is always refreshing and enlightening.

Without communities like TestBash, and those generated around other conferences like Let’s Test, Weekend Testing wouldn’t exist. Communities generate conversation, which lead to initiatives and plans, which lead to more communities and more conversations and deeper learning experiences. Similarly, though meetups like this, there are opportunities to develop professional relationships, which can lead to other meetups, brown bag sessions, invites to speak at conferences, or even work!

Weekend Testing Europe: Amy, Neil and Me

Weekend Testing Europe: Amy, Neil and Me

Later in the evening led to even more discovery and exploration of our craft (testing, beer and music). It with great surprise that I could discuss the merits of the music of Fairport Convention and Jefferson Airplane (whom, thanks to my Father, I have an appreciation of) with Michael Bolton and Neil Thompson.

But that isn’t really what we were there for. Here’s Radomir Sebek, a tester from Serbia, who works for a music production software house in Berlin. He’s playing “The Pen Game” with Michael, one of the many testing games that were going down at The Globe late into the night. That same conversation led me to be challenged on a variation of the Pen Game, this time with my observation and listening skills put to the test. I got the solution, in the end!

The Pen Game with Michael and Radomir

The Pen Game with Michael and Radomir

Richard challenges Abby and Dan

Richard challenges Abby and Dan

Above is conference speaker Richard Bradshaw challenging Abby Bangser, from Thoughtworks, and Dan Caseley, from Common Time, to more testing games over a beer or three.

So here is the problem. With so many fantastic folk to talk to and learn from, you can’t really chose from them all. You pick up on different sounds and movements, explore what is interesting to you, find people you have never met before, or have had online communication with. It’s a bit like (exploratory) testing, in that you can define your conference by the actions you take, the information you gather, the people you speak to and your responses to them, and how you record them…like this.

So to the main event.

Each year, Rosie manages to attract excellent speakers to TestBash. And this year was no exception. As I mentioned in my previous post, there was no diversity in terms of gender at the 2014 conference. Not so this year, with three female speakers on the conference track. I have no details on the selection process, but I feel that the overall content, tone and message of the conference was all the better for the selections made this year.

There was also a lot to learn, from a range of experience reports, new thought leadership and science around testing, as well as technical challenges. Where TestBash is usually strong is dealing with the human element of testing, rather than drowning the attendees with technical jargon. Testing is for me very much a social discipline, as much as it is a technical discipline.

First up was Michael Bolton with “The Rapid Software Testing Guide to What you meant to say”, which looked to our use of language as a tool of our trade, and challenged many potential assumptions that could be drawn from testing behaviours. It’s my interpretation of this talk that Michael was trying to draw out the reasoning behind certain language choices in software development, and in some ways subverting their use through the prism of context driven testing. Why for example would we say automate all the testing, where we couldn’t possibly do that with development?

Up next was Iain McCowatt, with an excellent and animated discussion of the need to include intuition and the importance of tacit knowledge in our detection of bugs.  Iain emphasised that socialisation and interactional expertise was an essential skill of testing.  Being able to discuss and share our work and experiences appear to be key in finding bugs and communicating them effectively. It was also a great reminder to pick up the work of Harry Collins, whose writing and research contributed greatly to the themes Iain was conveying. I managed to catch up with Iain during a break, and sought his advice on combating biases in my testing. I find sometimes that because I test a lot for security, I feel that this sometimes blinds me to other considerations whilst I am testing. His insight will be invaluable in trying to balance my approach and test design processes in future.

Next up was an interesting talk about the challenges and learning gained from The Guardian’s approach to mobile testing and delivering software across multiple platforms. Sally Goble and Jonathan Hare-Winton presented a fascinating and humorous exploration of the differences and pitfalls of testing on both the iOS and Android operating systems and associated hardware. Playing on the rivalry in historic advertising campaigns between PC and Mac, and a distinctly divided audience (seemed to be more Android users than iOS, but only marginally so). This was a great talk for me, as I know very little at all about mobile application testing. The style of presentation drew more out of the audience than I expected it would, and it did not dwell too much on technical details. Great stuff!

After the break came the double bill of Martin Hynie and Stephen Janaway. Both talks approached the problem of organisational change and perceptions of testing and test management within development teams and businesses as a whole. Placing these two talks together was a masterstroke, as they complimented each other so well. Martin’s talk “What’s in a name? Experimenting with Testing Job Titles” focused on a social and professional science experiment. Martin found that following a change in job title and team name, to remote test, or testing; enabled his teams to have greater impact and authority within the business. He did all this under the radar, with the testers maintaining their responsibilities, whilst having a different job title. With an exciting presentation style, Martin was able to convey that maybe businesses see testing and testers as limiting and a blocker to progress. In doing so, he discovered that other teams and key stakeholders responded more positively to the alternatives. There is a lot to discover in this talk, and I won’t spoilt it further for anyone who want’s to watch the video when it comes online. Let’s just say for me that Martin’s talk it is one of the highlights of the conference.

To Stephen’s talk. For a while now, Stephen has been an inspiring member of the testing community, both personally and professionally. I was invited to speak to his team at Net-A-Porter last year, which was a fantastic opportunity. So its exciting to see how he managed to evolve into his new role as a Testing Coach, in his talk “Why I lost my job as a Test Manager and what I learned as a result”.

Organisational change is a very real challenge for testers. Stephen’s experiences here are both common, in terms of the need of testers to adapt professionally to change, but also uncommon in the approach taken by Stephen’s organisation. Rather than having overlapping development and test managers supervising the work of many people across teams, each team had its own development manager.

As a testing coach across the whole business, Stephen’s new role is to mentor the testers, enable and guide their professional development and learning, whilst not being responsible for their line management. This must have been an awesome task, reorganising the development team of a major online retailer, whilst at the same time maintaining delivery of products and services. This was an experience report beyond the normal recollection of events and dry facts, and really drove home that testers need to be able to be at the forefront of change in organisations, rather than being reactive to it.

Vernon Richards was up next, with “Myths and legends of software testing”. In 2014 Vernon blew the house down with his 99 second talk on this topic; a rapid fire list of misconceptions, musings, biases, and warnings. What Vernon did here was to distill the core of his message into an blisteringly and entertaining talk. After lunch and with everyone feeling a little full, it was the best of antidotes to wake us up.

Vernon’s talk drove home the need for testers to not only be creative in their approaches to testing, but to be wary of the fallacies and biases that can be derived from poor research, assumptions and inaccuracies. Also, looking at how to challenge the language used to describe testers and testing by non testers; such as “It’s just clicking a load of buttons” or “Anyone can do testing”. If we are to take ownership and responsibility for our craft we have to believe in our skills, and champion them to those outside testing, so that they are recognised and valued appropriately.

Maaret Pyhäjärvi came next, with “Quality doesn’t belong to the tester”. Maaret’s experiences of being the sole tester on the team, feeling responsible for quality when it seemed that no one else appeared to care resonated with me deeply. This story described how she managed approaches to testing on her team and began to build more positive relationships with the developers. In order to test sooner, and test better, Maaret elicited a collective responsibility for quality and testing, rather than taking on the burden on her own.

Matthew Heusser encouraged us to rethink our approach to regression and releases in his talk “Getting Rid of Release Testing”. This talk lead us through an approach to testing and releasing software incrementally, and becoming less reliant on the big bang “test everything” approach to release management.

Through drawing rather than slides, Matthew explained what he termed “The Swiss cheese model of risk”, where at each stage in a software release life cycle there can be different layers of testing, where there will be gaps and overlaps in coverage. It’s probably a scary approach for some, but resonates with me as working in a continuous delivery environment means that to test everything at the end would be inefficient, costly in terms of time and resources and likely not give us meaningful data. The tweet below reiterates clearly one of Matt’s main messages in a challenging and insightful talk.

Nearing the end of the main conference day leads us to Richard Bradshaw’s “Automation in testing”. I’ve never seen Richard speak before, but I have heard much about his ability to convey complex thinking in a clear and approachable way. I was not to be disappointed. Richard guided us through his evolving process of  supporting testing using automation. Built up over a number of years of learning and experimentation, he described a mature and adaptable way of incorporating automation into your testing, for the right reasons – enabling the important checks that you might need to do frequently, allowing the tester to focus on exploration, learning and asking questions about the software under test. This was an inspired and entertaining talk, which engaged me in a topic that in the past has not always held my interest.

Now to the final presentation of the day, with Karen Johnson’s “The Art of asking questions”. This was hands down my favourite talk of the day. It was less of a presentation, more of a conversation with the audience. Karen’s slides were a simple guidance to invite us to flow through the discussion with her.

Karen explored with us the finer points of questioning, both of others and ourselves. Timing was a key theme, asking the right question at the right time, something I have struggled with in the past. Even more resonate with me was the idea that, quoting author Joshua Harris “The right thing at the wrong time is the wrong thing” in his book I Kissed Dating Goodbye: A New Attitude Toward Relationships and Romance

Drawing on her journalism background, Karen asked us to consider the kinds of questions we ask and how they might influence the kinds of responses we get in return. The classic, yet always useful what, where, why, who and how that will never fail you as long as you use them appropriately. After all, a lot of testing is about asking questions, and asking the right question could even prevent defects from occurring before a single line of code is written. The Q&A afterward brought many excellent questions from the audience, with Karen responding with great advice, book recommendations (see Twitter for a tonne of them) and practical suggestions to solving communication issues.

TestBash has now established a tradition of 99 second talks, led for the final time by Simon Knight. Many great folk stepped up to the stage alongside Neil, Amy and myself. Jokin Aspiazu really coined it with “If you can’t get money for conferences, ask for time. Time is valuable.” No truer thing has been said in such a short space of time!

The after party is both a chance to relax after a long day, but to engage with as many people as possible. The quite excellent and intimate bar The Mesmerist proved to be a great place to hang out and talk testing, such as with Mark Tomlinson (he of the infamous spinning cat at TestBash 2014).

Mark Tominson at the meetup

Mark Tomlinson at the meetup

It’s the camaraderie and convivial atmosphere that really makes this event, year in year out. I recommend you come, make a week of it…to really let Brighton and TestBash soak in to you. You won’t regret it.

Reflections in a single malt

Reflections in a single malt

Although, I might do by the end of the evening

Critical Mass: A TestBash 2015 Preview

Hey testers!

Spring has sprung on the UK testing scene once more, as it is now seven days from TestBash 2015, held each year so far in Brighton. To those of you living under a rock, TestBash is the one day conference track and two day workshop run by the good people of Ministry of Testing, and especially Rosie Sherry. You can find out more here.

This year there are some established members of the testing community speaking, such as Michael Bolton, Iain McCowatt, Stephen Janaway and Matthew Heusser. I am looking forward to seeing these guys speak again, as they are always excellent, with insights and content beyond the conventional.

If there was a criticism of TestBash 2014 was that there wasn’t a diverse range of speakers. There were no female speakers last year, where now there are three; Karen Johnson, Maaret Pyhäjärvi and Sally Goble. Whilst I have read blogs and tweets by these testers, I’ve never seen them speak before so this is going to be incredibly exciting.

There are also new speakers to TestBash, such as Richard Bradshaw and Vernon Richards.

I’ve known Richard for a few years now, and he is an inspiring and knowledgeable tester. I’ve never seen him speak before other than during a 99 second talk. He’s the first guy I would go to for information on automation. He describes his talk as ““Test Automation” = Things don’t have to be this way”.

On to Vernon Richards, whose epic 99 Second talk on Myths and Legends of Software testing has been expanded into a full blown talk. Again, I have known Vernon for a while in the community. Being isolated down in the South West of England means that I don’t always get to meet testers based and working in the London area, but Vernon has been on my radar for ages.  Vernon’s 99 second talk last year earned him a huge cheer, and rightly so. This talk might turn out to be the jewel in the TestBash crown.

On to the workshops. Sadly I can’t attend the workshop day this year. With the TestBash workshops, it is your learning that is at the heart of it. The likes of John Stevenson, Simon Knight, Karen Johnson, Nicola Sedgwick and my Weekend Testing colleague Neil Studd all providing courses, it should add up to a fantastic day. Also running a workshop on BDD is Rikke Simonsen, who I had the pleasure of having lunch with last TestBash. Such a shame that I will be missing this fantastic opportunity to learn from them all. I’m definitely going to see if I can get in on that in 2016, as a learner or a trainer.

I cannot impress upon you enough the importance of TestBash in my career. I first attended in 2013. This was my first testing conference in three years, after what felt like some what of a period in the doldrums. I felt that I was coasting in my career and not doing enough to learn more, stretch myself creatively or professionally. I was just working.

A number of personal and professional events led me to attending that year, which gave me the kick up the backside that I really needed. As a result, I had my first speaking gigs in 2014. I am now speaking again at Nordic Testing Days this year, and visiting Let’s Test for the first time, running a workshop with Bill Matthews.

Sure, there are bigger conferences, with more tracks and a wider variety of talks, workshops and test labs, Some conferences are more popular with different testers, because of the variety of speakers and the depth and breadth of the content. However, what TestBash squeezes into only a few days in the compact and vibrant city of Brighton is phenomenal.

I’m also very proud to say that Brighton is sort of my home town. I grew up in a village not far away from there. This adds for me an additional pride and gratitude for the awesome effort that MOT and Rosie put into organising and running the event. As a result of the conference, and MOT as a whole, careers have been forged due to the community outreach and sponsorship of new testers so that they can attend courses and the conference for free, as well as other support. Some testers have even sponsored tickets themselves, which is hugely rewarding to the community. They should be thanked!

Two testers that are very important to me have so far benefited from this amazing community scholarship. Emma Keaveny has since moved to the UK from Ireland, secured her first testing role and along with Kim Knup have started to establish the first regular Brighton and Hove testing meetups.

The other was Danny Dainton, an ex infantry soldier, who actively pursued a career in testing after leaving the Army, and who I have the great honour of working with at New Voice Media. I really look forward to what these two fantastic testers do in the future, be it speaking themselves, or organising community events or just being able to work closely with them.

So, if you are going to TestBash next week, I look forward to seeing you there. It should be a fantastic event, full opportunities to learn and grow as a tester. If you want to talk to me, just grab me at Lean Bacon (ahem, Lean Coffee), at the queue for lunch, or at the Thursday or Friday meetups. It’s going to be EPIC!

Promiscuity and the tester

Last week I had the great fortune of attending the London Tester Gathering, where first time speaker Mark Winteringham was leading the discussion with a great talk about mental models around testing tools. A write up and copy of his slides are here: What’s So Great about Webdriver

He was talking about how using Webdriver to automate (testing/checking…I’m not getting into that argument now) has helped him in his work as a test consultant.

However he also referred to the fact that when we use tools, whatever they are, they shape the way we think, how we behave and interact with software, solve problems and communicate. Essentially, through the use of the tool, they end up defining how we test…if we let them.

Referring to one of the highlights of Test Bash 3 – Iain McCowatt’s talk Automation: Time to change our models; (watch the video here) Mark raises the issue that we should be wary of tools, how we select them, use them to solve problems and achieve our end goals.

During the talk, Mark dares us to “Be Promiscuous” with our use of tools, to shop around, not to limit the way we work through limited use of tools, because ultimately that then leads to limited thinking. Whilst the analogy he used sparked a few laughs, he’s dead right.

Mark examined data on the number of conference talks about automation, and the number of automated testing jobs out there, and a large proportion of those are linked to specific tools – mostly Webdriver.

In itself this isn’t too worrying. Webdriver is clearly a popular tool, works well for most people and organisations that use it, and solves a lot of their testing problems. I asked Mark whether the ubiquity of Webdriver presented any dangers to us as testers, and his response was (If you’ll pardon me paraphrasing, it was a noisy room and I had drunk a couple of beers by then) if you define a tool, and eventually it will define you through its use. Essentially, that we should not let the industry or the ubiquity of a specific set of tools define us as testers, nor define our testing.

Whilst I am not a webdriver user, I do use other tools to solve some of the security testing problems that I encounter. In recent months, whilst I have been using tools such as Zed Attack Proxy and BurpSuite, I have found that my approach to testing has been limited by my ability to use these tools, rather than looking around the tool, or using them in different ways to solve problems.

Essentially, the tool was beginning to define how I tested…something to be avoided I feel. The tools that I have mentioned are great, and have a lot of useful features. However through using them, I focussed on what feedback they were providing me, rather than focussing on what was important – what I needed to do to identify vulnerabilities, understanding the underlying functionality and security of the application under test, and by trying to think like someone who wanted to undermine that application in order to protect it.

If that’s not clear, then perhaps this analogy would help – when we learn to drive for example, we are with an instructor, or a parent, in a car with a steering wheel, handbrake, accelerator, brake pedal, clutch pedal etc. It’s usually a small car, on urban roads with a bit of traffic. We build up a mental model of how to drive in our mind based on the tool we are using; the car, and the environment we are in, our local area.

Lets say then, you switch from one car to another – this one might have an automatic gear box and no clutch pedal. This then removes the need for the driver to make their own judgements about when to change gear, as the car will do it for you.

Lets take this a step further…the car has parking assistance technology, or anti collision or adaptive cruise control. These driver aids might then reduce our need to focus on the important skills of parking, or safe driving distances, maintaining a decent speed etc. We become reliant on the tool to do the job for us, rather than using our own mental models for a task to do it. Is these breeding better drivers? I’m not sure that it is.

At some point I will try to take this discussion a bit further and apply some of this learning to the security testing I have been doing. Last year, when I ran the talk ‘New Adventures in Security Testing’ I came up with this mnemonic: Cartoon Tester: EXTERMINATE (Thanks Andy for the great cartoon)

This is my personal developing mental model for security testing, and in the very near future I will work on challenging and modifying this model. Where appropriate I’ll work on sharing and discussing it.

Mark’s talk (and Iain’s) has really inspired me to think again about how I use tools effectively to solve testing problems, but also to remember that a tool, like any device, is only as good as the person controlling it.