Welcome to my needless self-promotion.
Talks, events and community
I have started becoming a part of Ministry of Testing community. Within 2022 I’ve attended several TestBash events, a mix of online and in person events, including speaking and running activities/workshops. At TestBash UK I gave my first talk on threat modelling and ran a workshop and activity session. Not long after this I repeated the talk and activity at TestBash X Bucks. I also strive to attend online workshops and talks.
I’ve also been involved within the games development community, running stands at Dare to be Digital Protoplay on 3 occasions (twice for my games and once for charity).
In 2021 I started learning about threat modelling. After seeing how beneficial and useful it can be I tried getting interest in my office but it was luke warm at best. Inspired by watching a talk on gamifying meetings, I put together a basic card game. Several months later and it is now available to buy!
Whilst my greatest strength is finding bugs, both in the testing stage and planning stage, I aim to have a wide skillset.
Most of my testing has been with Windows applications but I’ve worked with a large range of different applications from large scale desktop applications to small services and also Linux appliances & devices.
I have a reasonable understanding of networking and am comfortable using tools like Clumsy and Wireshark when testing networked software. My technical knowledge and skills means that I am comfortable analysing logs, looking into crash dumps and configuring systems & test environments.
Whilst performing exploratory testing using charters is relatively new for me, it is a skill that I have found myself well suited for.
My experience as a developer and analytical strengths means that I can identify areas of interest to build charters around. Having a curious mind and technical background has meant that I can pick up on something “a little odd” and will be able to delve into it to understand the behaviour and potentially find a bug that was lurking off the common path.
Prior to learning more on exploratory testing I performed much the same activities but using bulleted lists in my test task.
I am very passionate about security testing. As a Cyber Champion for Motorola Solutions/IndigoVision I have learnt a lot about cyber security and been able to apply that to my day-to-day activities.
One of my first actions was looking at improving the team’s use of tools like Tenable.io Nessus, OWASP ZAP and Mend (formerly Whitesource). I have added some of our security scans into our CI pipeline. Since then I have also used Postman, Chrome browser tools and utilities like string.exe to look for vulnerabilities in our application, logging them as bugs.
I am especially proud of successfully introducing threat modelling to my team, both through brown bags and also leading the team by running sessions.
Finally I have also been proactive in taking on training, completing two larger training activities (mainly out of hours as Motorola are primarily US time zone based). One involved a mix of testing and also development, identifying then fixing problematic code. Then in October I took part in a Capture The Flag style activity, getting top score for EMEA and winning myself a swag bag.
During my time in development I used NUnit and Microsoft Test to create unit tests and component tests for many of IndigoVision’s applications. I also had some limited exposure to using Protractor to write automated end-to-end tests for IndigoVision’s Control Center Web application.
I have also created my own automated testing tool for a main application, leveraging our SDKs to drive the software and test things like starting video streams, tracking playback speed performance and controlling PTZ cameras. These are actions and tests that are a real challenge using traditional UI automated test frameworks.
I will also frequently create my own scripts and tools to assist my testing. For example when I wanted to have the database under load, I wrote a quick C# application that made SQL requests.
Finally I have also created automated tests for my test websites. Using Postman I have tests that can be ran against my API Test Activities and also used Cypress to test my Capture The Flag site (part of my Security Test Activity).
Over the past few years I have been one of the most vocal engineers in pushing for change and encouraging good practice. The typical avenue for sharing new / good practice within my office is to run “Brown Bag” sessions. Using this I have spoke at length with colleagues about a huge range of topics, from good cyber security practices to TDD and exploratory testing.
I have also used other approaches like having a mini-workshop on security testing and also performed mob testing with my team when, as the SME for a project, I was trying to knowledge share as well as performing testing for a feature that I’d acted as developer for.
During the past few years I have also pushed to rethink a lot of our testing and in particular how we did release testing. Previously this was a big slog of long step-by-step test cases but I’ve turned this into something much more fluid and quicker. A week’s effort is now a couple of days.
More to come
- Tools like Arkham, Joker, Alfred and Detective Vision