People in Testing Interview with Dan Billing

People in Testing Interview with Dan BillingThis time in the “People in Testing” series, I had the chance to interview Dan Billing also known as “TheTestDoctor” on twitter. Dan ​has been a tester for 15 years, working within a diverse range of development organisations, mostly in the south west of England. He currently works as a test engineer at New Voice Media, where most of his time is spent working on the security testing needs of the business. This includes mentoring, supporting and training members of the team to use these skills also.

Daniel: What is currently your biggest challenge at work?

Dan Billing: Learning and developing skills and strategies in application security are my main challenges in testing. Without talking about technical or business specifics, the issues include ensuring that test design, strategies and processes are created that are appropriate to the organisation and our compliance obligations.
Part of my role is also to enable members of the team to do security testing. I will consult with the other feature teams. I’ll enable mentoring and learning where needed. I often set up internal workshops, one to one sessions, test collaboration, documentation and blog posts on security testing matters. It helps develop skills around the team, so that one person isn’t a blocker to getting things done, and can get started in their personal learning.
Skills development is a huge problem for organisations that are trying to build up their test strategies to include security, usually where it wasn’t considered in the past. Quite often security testing is considered an afterthought in development organisations, or it is outsourced to specialist third party consultancies.
Penetration testing and security experts are generally extremely expensive to recruit into teams, either because of rates of pay, or because the people you want to hire just aren’t easy to find and recurity.
Also recently we have seen a number of high profile hacks that have brought the most basic security vulnerabilities into sharp focus. Both the Talk Talk and the VTech hacks were done using SQL Injection, which is common, easy to identify and exploit. If it is easy for the hackers to find these vulnerabilities, why not testers too?

Read more

Reading Recommendations # 24

Reading Recommendations - Adventures in QA

Summer is coming, I hope you enjoyed the hot days in Europe as well. Maybe you find a nice shady place to read the 24th issue of my software testing reading recommendations. This issue contains 7 blog posts and one podcast. There are topics dealing with: “What skills should we learn & teach to build quality in” from Lisa Crispin. Why Managers need to communicate to effectively. There is a interesting post about the 8 myths and facts about Internet of Things (IoT).

Google announced the call for paper for the GTAC, which is an awesome mobile test automation conference. One post has the topic defining your role as a tester from Markus Gärtner. Another post is describing the four most powerful tools of a video game tester. Maaret Pyhäjärvi is writing about her experience with test automation and how she failed with the used approach. And the last entry in this episode is the latest version of Testing in the Pub by Stephen Janaway and Dan Billing with the topic WTF are NFRs.

Enjoy reading the posts.

What skills should we learn & teach to build quality in? – Agile Testing with Lisa Crispin

Read more