This time in the “People in Testing” series, I had the chance to interview Dan Billing also known as “TheTestDoctor” on twitter. Dan has been a tester for 15 years, working within a diverse range of development organisations, mostly in the south west of England. He currently works as a test engineer at New Voice Media, where most of his time is spent working on the security testing needs of the business. This includes mentoring, supporting and training members of the team to use these skills also.
Daniel: What is currently your biggest challenge at work?
Dan Billing: Learning and developing skills and strategies in application security are my main challenges in testing. Without talking about technical or business specifics, the issues include ensuring that test design, strategies and processes are created that are appropriate to the organisation and our compliance obligations.
Part of my role is also to enable members of the team to do security testing. I will consult with the other feature teams. I’ll enable mentoring and learning where needed. I often set up internal workshops, one to one sessions, test collaboration, documentation and blog posts on security testing matters. It helps develop skills around the team, so that one person isn’t a blocker to getting things done, and can get started in their personal learning.
Skills development is a huge problem for organisations that are trying to build up their test strategies to include security, usually where it wasn’t considered in the past. Quite often security testing is considered an afterthought in development organisations, or it is outsourced to specialist third party consultancies.
Penetration testing and security experts are generally extremely expensive to recruit into teams, either because of rates of pay, or because the people you want to hire just aren’t easy to find and recurity.
Also recently we have seen a number of high profile hacks that have brought the most basic security vulnerabilities into sharp focus. Both the Talk Talk and the VTech hacks were done using SQL Injection, which is common, easy to identify and exploit. If it is easy for the hackers to find these vulnerabilities, why not testers too?
What do you think is the most important skill software testers should have?
I don’t think that skills alone will create good testers. I think it is about the qualities that testers have that are more important.
You can read about skills and techniques from a book, from blogs or on a YouTube video. But unless you practice these skills again and again, they won’t become part of your personal toolset. Without that practical application, they just become vapour or something to put on a CV.
So rather than specific skills, the qualities we need should be curiosity, and a desire for constant learning. Persistence and perseverance are also essential qualities for good testers.
Luckily I work at an organisation that not only promotes good personal learning, but requires it. We are encouraged to develop skills and knowledge that is valuable to us as a software development organisation; but then share them with our peers.
I think it is up to us as software professionals not to just wait and be told what to learn. We should take more ownership of our own learning, so that we are ready for the challenge of business change, developing technologies and trends in testing.
What is your recommendation to other software testers on how to improve their testing skills?
First and foremost you should identify what interests you. I’m interested in security, so I focus on that. It happens that aligns with the needs of the business I work for, which makes for a happy arrangement. However unless you have a core interest in what you are studying, then you aren’t motivated to learn.
The other thing would be to identify what skills you feel you need to maintain and improve your employability as a tester. Rob Lambert talks about this in his book “Remaining Relevant”. Before I went permanent at NewVoiceMedia, I read his book, and it encouraged me to stay there after I finished my temporary contract there. He’s built an excellent team of testers at NewVoiceMedia, and we pride ourselves in keeping up our skills and always learning and adapting to suit the needs of the business.
This quote from Rob’s book will illustrate this, and I share his view on this:
“To know what skills to focus on learning you need to know what skills you need for your chosen career…compare this to what skills you currently have. The difference between the two is where you should focus your learning”
There are a multitude of great training resources available to testers. Commercial learning environments like Pluralsight or Udemy offer a wide range of tutorials and courses. I can highly recommend the work of Troy Hunt, with his Hack Yourself First and Ethical Hacking learning programs on Pluralsight. There are also some excellent courses on Coursera, many of which are free. Many of them are based on general technical topics, but all of which should be applicable to improving testing skills in some way.
If funds are limited, there are a other ways you can extend your learning. I attend (and help run) a number of local meet-ups, mostly in the Bristol area. Most meetups are free, some have free food and drink, and usually have great talks. Britain has a number of great testing gatherings, usually in the cities and larger towns. If you don’t have a testing meetup in your area, then what are you doing? Start one now!!!
Businesses aren’t necessarily in the business of training their staff. They will give you the basics to do your job, but don’t expect them to give you everything you want. They are in the business of making money and profit for their shareholders. When budgets get cut, then usually it is training and support funding that gets cut first. Also, where jobs are at risk, it is usually the employees that are the most valuable to the business that are retained.
What do you like most about attending software testing conferences?
I’ve only really started attending conferences in earnest in the last five years or so. My first was a BCS SIGIST in London, which was a much larger event than it is now. It was largely vendor driven, and quite traditional and formal in its approach to conversations and learning.
There were only few of the lectures that I felt were of value to me. Many of them weren’t practical enough for me to get anything from them, however a great presentation lead by Julian Harty and James Whittaker really captured my imagination. From that moment I became infused with a desire to explore how I could develop my career from learning from the best in the field.
My next experience of a testing conference that exposed me to a deeper, learning and experience based approach to testing was TestBash 2 in 2013. Test Bash was my first self-funded conference, which is intentionally kept quite small and affordable. If you want to read about my experiences at TestBash 2014, then check them out here: https://thetestdoctor.wordpress.com/2014/04/.
For me, the social aspects of conferences are the most rewarding. Of course, the range of speakers and workshops needs to be very exciting and interesting to engage with; however it is the meetups, chats over dinner, coffee or something stronger that really capture me.
Since then I have started contributing at conferences, be it lightning talks, tracks or workshops. It’s a tough thing to do, but ultimately has been the most rewarding thing I have done in my career. It’s opened doors to so many more opportunities for learning, skill development and community building.
What is your current or last book you have read in the software testing area?
To be honest, I don’t read a lot of books to do with software testing. I love reading fiction more than anything else. I get most of my learning from videos, blog posts, talks and workshops, as well as lots of practice. My peers and betters in the world of testing have been the ultimate learning resource. There are some excellent people in testing, both to learn with, and to learn from.
If I had to chose a single book that has guided my recent development as a tester it would be “Explore It” by Elizabeth Hendrickson. I know that by now that this is a well known book in testing circles, but it really helps to reinforce the exploratory nature of testing. It points at the heart of what testing should be.
Dan Billing has been a tester for 15 years, working within a diverse range of development organisations, mostly in the south west of England. He currently works as a test engineer at New Voice Media, where most of his time is spent working on the security testing needs of the business. This includes mentoring, supporting and training members of the team to use these skills also.
Dan’s love of testing drives me to become an active member of the testing community, helping to organise local tester meetups in the Bristol and Bath area. He is also a cofacilitator with Weekend Testing Europe, and also organises the South West Exploratory Workshop in Testing.
Dan lives in Frome, Somerset with his wife Rae, and cat, Misty.
You can follow him on twitter: https://twitter.com/TheTestDoctor