Ep 97: Against Energy and the Caring Angry Friend

This week I talk to Matt Heusser about mental health in the workplace! We cover a lot of things, which are mentioned below, but our conversation generally centres around the unique stresses that a software tester encounters and how to help/deal/cope with these.

You can find Matt on twitter, and he recently did a webinar on Deliberate Practice: https://blog.gurock.com/deliberate-practice-in-software-testing/

  • At the workplace
  • Self-Care
    • Sleep (Relaxation before sleep, also sleep hygiene – no screens etc)
    • Exercise
    • Diet
      • Nutrition – Supplements B12, Vit D as well
    • THE PROBLEM WITH “COPING” – Coping as a distraction from dealing with issues
  • Dealing with Anxiety
    • What is the source of the anxiety? Past history of ongoing? (see trouble with coping)
    • Mindfulness / Mindful movement (yoga, etc)
    • This is broadly selfcare but also falls under dealing with bouts of mental ill-health. You up the selfcare and in movement or guided meditation you can take yourself out of the noise in your own head, and maybe come to a resolution
    • CBT
    • Thought records
    • PSTEC: http://www.pstec.org/
  • The Inner Life
  • The Chinese Farmer & The Amygdala
  • Mantras and Meaning
  • The Monster – Against Energy
    • Intimacy – requires vulnerability, which may need to be practiced
  • Acceptance and gratitude
    • Practice acceptance and gratitude
  • Selfishness
  • Chaos child
  • Stoicism – Dealing with externals
    • Dealing with emotions in a healthy way, engaging and responding, not reacting
  • Getting Help
    • Experiences with Therapy
    • Beware the Caring Angry Friend!

Ep 96: “Testers are the canary down the coalmine”

Want to be a part of episode 100? You have TWO WAYS:
Ask me a question! Here, letstalkabouttests@gmail.com, slack, or bit.ly/AskGem

Coming to #TestBashBrighton? Find me! I’ll have a portable mic and we can have a quick chat <3

This week I talk to Trish Khoo!

Trish is writing a book about scaling automated testing, and we talk about the differences between automation in a small team and automation in a massive organisation, how testers are not best placed to write automation in all circumstances, testers as second class citizens in software teams, and how testers can be the canary in the coalmine that can signify dev/culture issues.

This is a really good episode! I hope you enjoy it! You can also catch up with Trish’s Ask Me Anything on the Dojo, here: https://www.crowdcast.io/e/AMA-TestManagement/register

Ep 95: “You don’t need client approval. You just need self approval.”

Title from: https://twitter.com/basithharoon/status/932872776616116224, via @agencyquotes.

As a reminder, I am still collecting questions at http://bit.ly/AskGem, come quiz me on things!

This week I talk to James Sheasby Thomas about #agencylife!

Before I moved to the BBC, I worked in a couple of agencies, and, after talking to a few non-agency testers I realised a lot of people don’t realise what it’s like working in an agency, so I asked James if he wanted to come chat about his experiences. You can find James on twitter, his blog, and you can find his TestBash talk on the Dojo (Pro account needed)

Here’s a mindmap of what we spoke about:

Ep 94: Sound Effects and Overdramatics: The retrospective

This week the Testbash MCR crew is back! Claire, Matt, and I discuss post Testbash feels: how we felt we did, what we’d do differently next time, and our plans for the future.

We also talk about Softeare Testing Clinic Manchester! Claire is running it with Richard Bradshaw, and Matt and I will be mentors! If you’re in the area, come join us! The first meeting is Monday 8th January

ALSO: Come ask me questions for the 100th episode! You can ask me via email, twitter, slack, in person, or at my curiouscat account.

Claire and I wrote about our prep for the club: https://club.ministryoftesting.com/t/preparing-to-give-a-talk-as-a-new-speaker/11476/5

Matt notes

Awesome things

  • The tasks I designed to generate discussion paid off
  • Good balance of timing
  • Self-hosting the application and removing most of the tech issues getting setup was a good move
  • Application was destroyed near the end!

Lessons learnt

  • I was going to make a text based adventure game with an API interface as
  • I really wanted to make something really fun like Richard Bradshaw’s
  • Lego Automation.I went with a much simpler “game” that better fit a typical API behaviour and I think this paid off.
  • Lights! When to prepare and when to just ask
  • Having backups – practicing backup procedure
  • Wording can always be tweaked
  • 30 people/large room might not be so good for this particular workshop
  • Felt discussions were harder to generate on the spot with 30 people

Would I do it again?

  • Hell yes, I can definitely repeat this workshop.
  • The work paid off but it was a lot of work, I enjoyed designing it and it was very satisfying to see the ideas I’d come up with actually work the way I’d hoped.
  • Plenty of requests for more advanced versions.
  • I just wanted to have a go at a technical workshop as there were topics I’d like to talk about but they don’t fit in a presentation style and I prefer mentoring.

Would I recommend it? Tips?

  • If you want to share knowledge about more technical subjects, absolutely!
  • Even for softer skills workshops can be far more engaging and memorable.
  • Mostly the same tips and advice as for talks/presentations, but the big differences being its longer and more interactive!
  • Consider the balance of teaching versus mentoring
  • Be ready to spend a lot longer preparing it and practicing it!

Claire Notes

What was good?

  • I felt like I was well prepared. I’d done a bunch of practice at home as well as doing a dry run of the talk at another event.
  • Once I got going I felt much less nervous than I thought I would, finding familiar faces in the audience really helped. I felt like i was looking round the room and not down at the floor or just at one person
  • I made a couple of jokes and people laughed! Which I think helped me feel more confident.
  • I could see some of the audience nodding when I was talking. Made me feel like what I was saying resonated with at least some people
  • People liked some of the slides – the Venn diagram I stole borrowed
    I skipped out the talk just before mine, which i was good about but having a bit of quiet time really helped
  • Loads of people chatted to me afterward about their own similar feelings
  • My colleagues who were there didn’t think I was a lunatic

What could have been better?

  • I’m not the strongest at slides. Think i need to practice this and get better at it
  • I tripped over my words a few times
  • Because i was on quite late in the day I had got myself pretty worked up by the time i went on.
  • I felt I didn’t spend as long on some of the slides as I should have. Possibly rushed a bit, even though i ended up finishing in time for questions

Would I do it again?

  • Definitely!! I can see how people get the speaking bug
  • Thinking of ideas for new talks is tricky !!

Gem notes


  • Felt prepared
  • Had people in the audience that were smiling and nodding and who I knew wanted me to succeed
  • Not the only Hamilton reference!
  • Great feedback
  • I didn’t trip over my own feet!

Lessons Learned

  • Prepare for questions
  • Escape afterwards for a bit – overwhelmed a bit by the adrenaline rush + emotional feedback

Would I do it again?

  • Absolutely!

Ep 93: 2017 in review

2017 has been a year!

24 episodes (inc. this episode and the rebroadcast)
12 interviews
13,544 downloads as of recording
28 Patreon posts, 14 of which were Patreon only
More tweets and slack messages than I care to think about
1 new microphone

Favourite moments: All of my interviews – finally got some names that I’ve been organising for a while. Having Maaret come back on was great!

Favourite personal moments: Giving my talk, getting a new job, which left me feeling simultaneously more and less secure as a tester, starting Inner Pod, which is a labour of love.

I got a semi-regular co-host in Matt who has been great in getting ideas together and putting mindmaps together and all that good stuff. It’s made it a lot easier to do shows when there’s fresh ideas coming in.

I was on Screen Testing, where I got weirdly aggressive about the concept of a metaphor, and you’ll be hearing me around a few other podcasts in 2018.

What lies ahead?
2018! What wonders will this year bring?

Loads more interviews! I’ve got a few that I want to do and am in various stages of setting up.
Inner Pod season 2 is coming out as well, that’s happening in the background (you’ll hear some familiar names on the show!)
More automation! More process stuff! Maybe a workshop or two~~~

I’ll be at Testbash Brighton and will have my portable new microphone so will almost definitely end up shoving that (consensually!) in people’s faces 😀

I am terrifyingly close to episode 100. If I don’t take a break or miss an episode, then episode 100 will be released on 29th March 2018. That’s ridiculous. It’s amazing. I have no idea what I’m going to do for that episode. I’d love to do an AMA (Ask me anything) if anyone wants to ask me questions? IN FACT that episode will the episode after Testbash Brighton so I might try to get some people to say some things into a mic then for my landmark 100th episode? Yes, okay, so the plan! You ask me questions, I and anyone who wants in at Testbash Brighton can answer them, and I’ll put it all together for episode 100. Deal? Deal! I will remind you of this, and if I don’t get questions I’ll have to make them up and literally no one wants that.

This is how I end up volunteering for everything btw, I get carried away with things. To make the Ask part of the Ask Me Anything easier, I’ve set up a Curious Cat account: https://curiouscat.me/Gem_Hill. This allows you to ask questions anonymously, without an account anywhere. You can also submit questions through any other means: letstalkabouttests@gmail.com, @LetsTalkTests, here on the site, on slack, in person, anywhere!

I hope 2017 hasn’t been a complete trash fire, and I hope the holiday break grants you some respite. If it doesn’t, feel free to reach out to me at the above contact methods, or there is a twitter hashtag #joinin that is essentially a twitter chat for people who need some company, or kind words, or a reprieve from whatever holiday chaos is about.

I’ll return the first week of January with a post-testbash Manchester chat with Claire Reckless and Matt Bretton!

Love you all <3

Ep 92: Everybody’s a critic

This week its just me, talking about critiquing my own testing! I’ve been doing this a lot in my new job – figuring out the priorities of the team and where my focus needs to be, and where this intersects with my weaknesses and biases. It’s been really interesting, and I’ve been trying to be really conscious about it.

And here’s the mindmap I used for this episode:
Critiquing your own testing

And a text version:

  • Critiquing your own testing
    • Plan your testing
      • Tell team what you want to test
      • Tell the team what you think you need
      • Get feedback
    • Put on different hats
      • Customers
      • back end users
      • marketing
      • support
      • Security
      • Accessibility
    • Document what you have tested
      • This will help illuminate gaps
    • Look at the big picture
      • Where does this feature fit?
        • in the sprint?
        • In the workflow?
    • Review with as many people as feasible
      • Design
      • UX
      • PO
      • Devs
      • Customers
      • Business users
    • Use heuristics
      • Elizabeth Hendrickson’s list
    • Take notice of bugs that others find
      • Own your weaknesses
        • Checklists
        • Learning

Ep 91: Stop, collaborate and listen

This week I have two guests! Maaret and Franzi come talk to me about the call for papers collaboration for the European Testing Conference!

The call for collaboration is a fascinating way to build a conference, where all participants get a 15 minute call with two members of the team, where they can tell their story, get real time feedback, and improve on their idea. Maaret and Franzi talk about what they learned from the process, their most memorable people, and what they wish to see at testing conferences!

The European Testing Conference is at the Amsterdam Arena, Amsterdam, Netherlands on Feb 19th-20th, 2018

Franzi is involved in Software Crafters, and Maaret blogs at A Seasoned Tester’s Crystal Ball

Ep 90: New job weirdness

This week we talk about new job weirdness! This was recorded about a month ago, so some of our points may no longer be true of our workplace anymore, but still useful info!

Here is a list of things we mention/thought about mentioning:

  • In jokes/rituals/other
  • Trying to move into existing groups/teams
  • Figuring out who does what/who to ask for what
  • Office feel – casual, professional/reserved
  • Language and words
  • New starter guides/documentation
  • Finding lunch buddies
  • History of testers at the company
  • What have I been hired for? Why do people want testers or me specifically? What is my mission?
  • Learning the history of the product
  • What doesn’t get said – processes, ways of working, business as usual
    • E.g. release processes
    • E.g. job roles (what is a “tester” here? What are “product owners”, “agile coaches”, “business analysts”, etc)
  • Management & metrics (“you should email so and so when we do this”, “you need to fill in these Jira fields”)
  • Managing your own natural instincts and biases
  • Just because things appear terrible to you, doesn’t mean they are (“omg you release without testing? Omg you’re writing user stories about database tables? You don’t walk through the board during stand-ups?”)
  • You don’t know the past yet, this might be a really good place for them having improved from an even worse position
  • Some ideas or experience that you have had in the past doesn’t always apply in every context
  • I always fall back to “what is the problem?”, rather than worry about how or what people are doing, even if I believe it will lead along a bad path. I try to tell myself I will learn from everyone and my opinions can always be changed.
  • But if there is an obvious problem and I think I know how to fix it or how to diagnose it, I try to be diplomatic and try to avoid being too direct.
  • You have to trust people at first and work with some assumptions
  • The nice thing is that the more places I work and teams I work with, there are some common aspects. Its just they get buried in the specifics of process or problems sometimes and you have to try and see through that.

Ep 88: There’s a hack for that

This week I talk to Jahmel (Jay) Harris. Jahmel is a Penetration tester/Security consultant at Digital Interruption. He also runs Manchester Grey Hats.

  • Things to consider before starting security testing
    • App permissions?
      • Information users need to give the app
      • Push notifications?
        • Fine usually, but be aware if anything sensitive if sent – shoulder surfing
  •  Wearables
    • New ways of interacting with devices
    • They are becoming more secure but issues at the start
    • With Android we found lots of ways to recover the data
    • Bluetooth LE and other radio protocols can be insecure.
  • Testing considerations iOS vs Android
    • Root vs non root
    • Jail break vs non jailbreak
  • Common vulnerabilities
    • WebViews
    • Sensitive data over HTTP
    • Javascript vulnerabilities – used to be able to get full shell in an app via advert in webview. Coffee shop or hotel wifi
    • How secure are these webview frameworks such as cordova
  • Vulnerable IPC (Inter-process communication)
    • Things like SQL injection or file traversal
    • Lack of protection/permissions
  • Logging
  • Auth
    • Fin tech (financial tech) app – could steal all money. They didn’t think about the auth on web services
  • Binary Checks
    • Is it worth checking for root detection/doing ssl pinning etc? It took someone over a year to bypass these controls on one of our client’s app. Then they need to look for vulns.
    • Obfuscation? Worthwhile? When I did the research into Android Wear, it took me weeks just to RE.
  • They stack. Easy to bypass one but hard to bypass all. Think about the risk of the app. Does it need that protection?
  • Tooling
    • Drozer
    • Needle
    • Frida
    • decompilers
  • Automation
    • Tooling isn’t quite there. There needs to be a big push by both devs and infosec. InfoSec can’t write good code but devs aren’t always aware of the latest threats.
    • Security shouldn’t be dev->pen test. Security needs to be considered at every stage. In requirements gathering etc
      https://www.digitalinterruption.com/secure-mobile-development (https://goo.gl/P1WYcV)- reduce the cost of pen testing

Ep 87: Players gonna play play play play play

Podcast news: Friend of the show, Neil Studd has a new podcast! It’s called Testers Island Discs and there’s an intro episode out tomorrow: https://twitter.com/TestersIsland?lang=en

Now, on with the show.

So this is all Richard Bradshaw’s fault.

He came and did a talk at the BBC back in…August, I think? And there was a slide in it about the phrase ‘I’ll have a play’ and how that isn’t what testers do, and it undersells our skills. He said (and I’m paraphrasing here as it was months ago) that we could write charter for that session and having a play becomes exploratory testing.

I kind of disagreed when I first heard that, because to me, a charter for Exploratory Testing is specific. There’s an aim, or something specific being tested: a certain area, or a certain user journey, or even a user journey as a user (a bad actor as security testing, or a visually impaired user or similar).

When I ‘have a play about’, I am doing just that – there’s no real charter. There are a couple of reasons I ‘play about’:

I’m getting familiar with a product
I’m not confident that I’ve tested everything but I’m not sure what I’m missing

The first one is pretty easy – I’m just seeing what I can see without getting too much help – what makes sense going in cold, what could be improved, are there any quick wins, things like that. I could definitely wrap that up in a charter and a time block and call that exploratory testing.

But the second one is much more nebulous. I don’t know what I’m looking for, other than a sense of being more comfortable with my testing. It usually happens that I’ve tested a story and not found any issues, but I’m not happy. I’ll go make a cup of tea, and head back to my desk and start looking around a bit wider. Sometimes I think up a scenario for the original story that I’d missed previously, sometimes I find completely unrelated issues, sometimes I get a sense that I understand the system a little more. It’s a lot hard to wrap that in a charter when I don’t know why I’m not happy. I can’t formulate the words for bits I’m not happy with sometimes.

Does this make any sense? Do other people have this?

But I at the same time, I’m no’t just clicking about, am I?

That’s what it feels like, but it’s not.

There’s context there – pre-existing domain knowledge, or client knowledge, or team knowledge. There’s knowledge of what apps or websites or programs are meant to do or how they’re meant to look. It’s knowing which browsers are relevant, and which are awkward to work with. I may not be able to put words to why I’m not happy, but if I let myself wander, a little defocused, and aimless, I might find something.

It’s playing around with all the knowledge of being a tester in the background.

And that was a weird thing to realise.

I had split my work mentally into structured testing that was in a testing mindset and just playing about which was freeform, nothing intense, more of a safety net, or a get to know the product thing. I think it’s because it’s fun as well – it’s fun to explore a system and check out all its nook and crannies, and I think I’d separated that out from structured, goal-driven testing?

But it’s not really separate. Playing about, clicking about, when you’re a tester, is testing. It might not be structured even as much as exploratory testing it, but it’s still testing. And you could probably wrap it up in a mission, maybe break it down into charters, and put a time limit on it. Then you’re doing exploratory testing. It’s like the difference between science and dicking around is taking notes. The difference between playing about and exploratory testing is writing a charter.

The next time I have a play about, I’m going to write a charter or a mission (even if it’s just ‘get more comfortable’), and take notes. This will also hopefully improve my notetaking skills, which is a bonus as my notes have gone to shit recently.

So, I hate to say it, but I guess I agree with Richard now. I really enjoy the phrase ‘playing about’ or ‘noodling about’ because it’s fun, and I think testing can be fun, but I also see that it means a lot. I might start switching it out ‘I’ll have an investigate’ or ‘I’ll take a look’, as that still suggests more structure and skill.