Wednesday, October 16, 2024

What Are We Thinking — in the Age of AI? with Michael Bolton (a PNSQC Live Blog)

In November 2022, the release of ChatGPT 3 brought almost overnight the world of the Large Language Model (LLM) to prominence. With its uncanny ability to generate human-like text, it quickly led to lofty promises and predictions. The capabilities of AI seemed limitless—at least according to the hype.

In May 2024, GPT-4o further fueled excitement and skepticism. Some hailed it as the next leap toward an AI-driven utopia. Others, particularly those in the research and software development communities, took a more skeptical approach. The gap between magical claims and the real-world limitations of AI was becoming clearer. 

In his keynote, "What Are We Thinking — in the Age of AI?", Michael Bolton challenges us to reflect on the role of AI in our work, our businesses, and society at large. He invites us to critically assess not just the technology itself, but the hype surrounding it and the beliefs we hold about it.

From the moment ChatGPT 3 debuted, AI has seen a lot of immense fascination and speculation. On one hand, we’ve heard the promises of AI revolutionizing software development, streamlining workflows, and automating complex processes. On the other hand, there have been dire warnings about AI posing an existential threat to jobs, particularly in fields like software testing and development.

For those in the testing community, we may feel weirdly called out. AI tools that can generate code, write test cases, or even perform automated testing tasks raise a fundamental question: Will AI replace testers?

Michael’s being nuanced here. While AI is powerful, it is not infallible. Instead of replacing testers, AI presents an opportunity for testers to elevate their roles. AI may assist in certain tasks, but it cannot replace the critical thinking, problem-solving, and creativity that human testers bring to the table.

One of the most compelling points Bolton makes is that **testing isn’t just about tools and automation**—it’s about **mindset**. Those who fall prey to the hype of AI without thoroughly understanding its limitations risk being blindsided by its flaws. The early testing of models like GPT-3 and GPT-4o revealed significant issues, from **hallucinations** (where AI generates false information) to **biases** baked into the data the models were trained on.

Bolton highlights that while these problems were reported early on, they were often dismissed or ignored by the broader community in the rush to embrace AI’s potential. But as we’ve seen with the steady stream of problem reports that followed, these issues couldn’t be swept under the rug forever. The lesson? **Critical thinking and skepticism are essential in the age of AI**. Those who ask tough questions, test the claims, and remain grounded in reality will be far better equipped to navigate the future than those who blindly follow the hype.

We should consider our relationship with technology. As AI continues to advance, it’s easy to become seduced by the idea that technology can solve all of our problems. Michael instead encourages us to examine our beliefs about AI and technology in greater depth and breadth.

- Are we relying on AI to do work that should be done by humans?
- Are we putting too much trust in systems that are inherently flawed?
- Are we, in our rush to innovate, sacrificing quality and safety?

Critical thinking, and actually practicing/using it, is more relevant than ever. As we explore the possibilities AI offers, we must remain alert to the risks. This is not just about preventing bugs in software—it’s literally about safeguarding the future of technology and ensuring that we use AI in ways that are ethical, responsible, and aligned with human values. 

Ultimately, testers have a vital role in this new world of AI-driven development. Testers are not just there to check that software functions as expected, this is our time to step up and be the clarions we claim we are. We are the guardians of quality, the ones who ask “What if?”, and probe the system for hidden flaws. In the age of AI, we need to be and do this more than ever.

Michael posits that AI may assist with repetitive tasks, but it cannot match the *intuition, curiosity, and insight that human testers bring to the job. 

It’s still unclear what the AI future will hold. Will we find ourselves in an AI-enhanced world of efficiency and innovation? Will our optimism give way to a more cautious approach? We don't know, but to be sure, those who practice critical thinking, explore risks, and test systems rigorously will have a genuine advantage.

The Test Automation Blueprint: A Case Study for Transforming Software Quality with Jeff Van Fleet (a PNSQC Live Blog)

Today, delivering high-quality software at speed isn’t just a goal, it’s a necessity. Whether your organization has a small Agile team or a huge corporation, creating a streamlined, efficient testing process can dramatically reduce costs and accelerate time to market. But how do you actually achieve that transformation? Jeff Van Fleet, President and CEO of Lighthouse Technologies, goes into depth with some practical tips and proven principles to guide organizations toward effective test automation. 

One of the most important steps in transforming your organization’s approach to test automation is engaging your leadership team. Test automation initiatives often require significant investment in tools, training, and process changes—investments that can only happen with leadership support. Jeff highlights the importance of showing clear ROI by presenting leaders with real-time reporting dashboards that demonstrate how automation accelerates delivery and improves quality.

These dashboards provide visibility into the success of the test automation effort, making it easy for leadership to see the value in continuing to invest. Data-driven views and knowledge keep leadership engaged and committed to long-term quality improvement.

It's a big leap from manual testing to automation. I know, I've been there! Many manual testers may feel apprehensive about making that transition. However, Jeff emphasizes that with the right training and support, manual testers can successfully transition to automation and get fully involved in the new process. Lighthouse Technologies focuses on equipping testers with the tools, skills, and confidence to tackle automation.

We have to approach this training with empathy and patience. Many manual testers bring invaluable domain expertise, which, when combined with automation skills, can significantly enhance the quality of the testing process. Investing in your existing team, instead of sidelining them, can transform teams and build a strong, motivated automation workforce.

we've pushed the idea of shift-left testing for a while now.  Many organizations are eager to adopt it, but few know how to implement it effectively. Moving testing earlier in the development cycle helps catch bugs before they snowball into more complex, costly issues.

By collaborating closely with developers to improve unit testing, teams can identify and address defects at the code level, long before they reach production. 

One of the challenges teams face is trying to implement automation while managing in-flight releases. Jeff offers practical strategies for balancing catch-up automation (automating legacy systems or current processes) with ongoing development work. His advice: start small, automate critical paths first, and build incrementally. This allows teams to gradually integrate automation without derailing existing release schedules.

Engaging with developers is another critical component of successful test automation. Often, there’s a disconnect between QA and development teams, but Lighthouse Technologies’ approach bridges that gap by partnering closely with developers throughout the testing process. By working together, developers and testers can create more effective test cases, improve unit test coverage, and ensure that automated tests are integrated seamlessly into the CI/CD pipeline.

For organizations looking to embrace test automation, the key takeaway is that it’s not just about tools—it’s about people, processes, and leadership. By following these principles, teams can accelerate their test automation efforts and create a culture of quality that drives both speed and innovation.

When Humans Tested Software (AI First Testing) with Jason Arbon (a PNSQC Live Blog)

Are we at the edge of a new era in software development—an era driven by Generative AI? Will AI fundamentally change the way software is created? As GenAI begins to generate code autonomously, with no developers in the loop, how will we test all this code?

That's a lot of bold questions, and if I have learned anything about Jason Arbon over the years, bold is an excellent description of him. To that end, Jason suggests a landscape where AI is set to generate 10 times more code at 10 times the speed, with a 100-fold increase in the software that will need to be tested. The truth is, that our traditional human-based testing approaches simply won’t scale to meet this challenge.

Just like human-created code, AI-generated code is not immune to bugs. As GenAI continues to evolve, the sheer volume of code it produces will surpass anything we’ve seen before.  Think about it: if AI can generate 10 times more code, that’s not just a productivity boost—it’s a tidal wave of new code that will need to be tested for reliability, functionality, and security. This surge is not just a matter of speed; it’s a "complexity crisis". Modern software systems, like Amazon.com, are far too intricate to be tested by human hands alone. According to Jason, AI-generated code will require AI-based testing. Not just because it’s faster, but because it’s the only solution capable of scaling to match this growth.

The current approach to software testing struggles to keep pace with traditional development cycles. In the future, with the explosion of AI-generated code, human-based testing methods will fall short unless we somehow hire a tenfold increase in software testers (I'm skeptical of that happening). Manual testing will absolutely not be able to keep up, and automated testing as we know it today won’t be able to keep up with the increasing volume and complexity of AI-generated systems.

What’s more, while GenAI can generate unit tests, it can’t test larger, more complex systems. Sure, it can handle individual components, but it stumbles when it comes to testing entire systems, especially those with many interdependencies. Complex applications, like enterprise-level platforms or global e-commerce sites, don’t fit neatly into a context window for GenAI to analyze. This is where Jason says the need for AI-based testing becomes critical.

The future isn’t just about AI generating code—it’s about AI testing that AI-generated code. According to Jason,  AI-based testing is the key to addressing the 100X increase in software complexity and volume. Only AI has the ability to scale testing efforts to match the speed and output of Generative AI. 


AI-first testing systems should be designed to:


Automate complex testing scenarios that would be impossible for traditional methods to cover efficiently.

Understand and learn from system behaviors, analyzing patterns and predicting potential failures in ways that humans or current automated tools cannot.

Adapt and evolve, much like the AI that generates code, enabling continuous testing in real-time, as software systems grow and change.

As Jason points out, AI is not a fad or a trend, it’s the only way forward. As we move into an era where Generative AI produces vast amounts of code at breakneck speed, AI-based testing will be the way that we help ensure that the software we create tomorrow will be reliable, functional, and secure.

As a Constellation We Shine: Mentorship Through the Lens of Shine Theory with Sophia McKeever (A PNSQC Live Blog)

The traditional view of mentorship often paints a one-sided picture—an experienced mentor guiding a mentee, offering advice, and providing support. What if mentorship could be something more? In Sophia McKeever’s talk, “As a Constellation We Shine,” she explores how mentorship, when approached through the principles of Shine Theory, becomes a powerful two-way relationship where both mentor and mentee grow and thrive together.

At its core, mentorship is about growth. But too often, we think of that growth as a one-way transfer of knowledge, with the mentor imparting wisdom to a less experienced mentee. Shine Theory transforms this into a mutual exchange of knowledge, energy, and growth.

Shine Theory, coined by Aminatou Sow and Ann Friedman, is the idea that “I don’t shine if you don’t shine.” In the context of mentorship, this means that both the mentor and the mentee invest in each other’s success. By supporting one another, both individuals flourish, creating a "constellation" of talent, insight, and progress that benefits not just the participants but their entire community.

When mentors and mentees mutually invest in each other, their relationship evolves into something far more enriching than a simple exchange of information. Shine Theory encourages both parties to approach the relationship with empathy and intent, focusing on how they can elevate one another.

For example, a mentor may share technical expertise and career advice, while the mentee offers fresh perspectives, creativity, and a deeper understanding of new technologies. Reciprocity ensures that both parties benefit, no matter their level of experience or their role within the industry.

Sophia shares several anecdotes of her own journey as a testament to the power of mutual investment. A self-taught SDET, she has navigated a dynamic career in tech, moving from customer service to key roles at Microsoft,  Apple, and now at Pokemon. Along the way, she has found that her most rewarding mentorship experiences were those where she could both teach and learn, growing alongside her mentees as they collaborated and supported one another.

When mentorship is approached through the lens of Shine Theory, it becomes more than just career development—it becomes a source of mutual enrichment and excitement. Sophia highlights several key ways Shine Theory can elevate mentorship:

Fostering a Growth Mindset: Both mentor and mentee approach the relationship with the mindset that they can learn from each other. This creates a more dynamic and creative exchange of ideas.

Building Empathy: Mentorship based on Shine Theory encourages empathy, as both individuals invest emotionally in the other’s success. This empathy fosters deeper connections and a stronger sense of community.

Celebrating Mutual Wins: When one person shines, both shine. Mentorship becomes less about individual achievements and more about shared success, creating a supportive environment where both mentor and mentee can thrive.

Breaking Down Hierarchies: Shine Theory shifts the traditional power dynamic of mentorship, making it less about hierarchy and more about collaboration. It doesn’t matter if one person has more experience or a higher title—both are equals in the relationship, learning and growing together.

Mentorship isn’t just about guiding someone along their career path. It’s about "creating a constellation", where both mentor and mentee shine together, contributing to each other’s success and elevating their collective potential. In today’s fast-paced tech world, where innovation and growth often come from unexpected places, this approach to mentorship is more relevant than ever. By embracing Shine Theory, mentors and mentees can build meaningful, two-way relationships that not only enhance their individual careers but also help to develop a more inclusive, supportive community.

Our Keynote is Finished, and I have an Announcement To Make

 Today I had the chance to deliver my first keynote talk at a conference. Matt Heusser and I delivered a talk about "AI in Testing: Hip of Hype?" and by all accounts, I think it went well. We set up the talk to play off each other, where I represented the hip elements of AI, and Matt highlighted the Hype aspects. At times it may have come across as a bit of an Abbott and Costello routine but that added to the fun of it for me. I will do a more in-depth post on our keynote later but I did make an announcement here that needs to be broadcast.

On October 1, 2024, I started working as a Senior Development Test Engineer for ModelOP. They are based in Chicago and are focused on providing monitoring and management solutions for AI Governance. If that seems vague, it's because I'm literally learning about all this as I go. My job responsibilities will be testing-related, with a major emphasis on automation and accessibility. 

We made a point in this talk that this would be the last of the series of times Matt and I have taught together or spoken together where I was working specifically for Excelon Development. Matt gave me many valuable insights into what it took to be an independent consultant and how to work effectively in that space. I hope to leverage those lessons in this new role and ultimately be effective in that capacity.

It's been a strange journey over the past fifteen and a half months but I learned a lot through it, I think I grew a great deal, and I learned I had capacity in areas I didn't think I had.

Tuesday, October 15, 2024

Humanizing AI with Tariq King (a PNSQC Live Blog)

I've always found Tariq's talks to be fascinating and profound and this time around we're going into some wild territory.

AI is evolving, and with each new development, it’s becoming more "human". It’s not just about executing tasks or analyzing data—it’s about how AI communicates, adapts, and even imitates.

So AI is becoming human... in how it communicates. That's a big statement but with that qualifier, it is more understandable. AI is no longer a cold, mechanical presence in our lives. Today’s AI can respond based on context, understanding the tone of requests and adjusting replies accordingly. It can mimic human conversation, match our language, and create interactions that feel amazingly real. Whether you’re chatting with a customer service bot or getting personalized recommendations, AI can engage with us in ways that were once the domain of humans alone.

Okay, so if we are willing to say that AI is "becoming human", how should we shape these interactions?What should the boundaries be for AI communication, and how do we ensure it serves us, rather than replaces us?

Beyond just communication, AI is showing remarkable creativity. AI can now write stories, compose music, and generate art, ranging from wild and weird to quite stunning (I've played around with these for several years, and I have personally seen the development of these capabilities and they have indeed become formidable and impressive). What once seemed like the exclusive realm of human creativity is now being shared with machines. AI is no longer just a tool—it’s being used as a collaborator that can generate solutions and creative works that blur the line between human and machine-generated content.

Tariq points out that this raises some significant and critical questions.  Who owns AI output? How do we credit or cite AI authorship? How do we confirm the originality of works? Perhaps more to the point, as AI generates content, what is the human role in the creative process? And how do we ensure that the human element remains at the forefront of innovation?

AI is getting better at how convincingly it can imitate humans. But there’s a caveat: AI is prone to hallucinations, meaning it can produce plausible and relatable material that feels right for the most part but may be wrong (and often is wrong). I have likened this in conversations to having what I call the "tin foil moment". If you have ever eaten a food truck burrito (or any burrito to go, really) you are familiar with the foil wrapping. That foil wrapping can sometimes get tucked into the folds and rolls of the burrito. Occasionally, we bite into that tin foil piece and once we do, oh do we recognize that we have done that (sometimes with great grimacing and displeasure). Thus, when I am reading AI-generated content, much of the time, I have that "tin foil" moment and that takes me out of believing it is human (and often stops me being willing to read what follows, sadly).

The challenge here is not just humanization. We need to have critical oversight over it so that we can have it do what we want it to do and not go off the rails. How do we prevent AI from spreading misinformation? And how can we design systems that help us discern fact from fiction in a world where AI-generated content is increasingly common?

Okay, so we are humanizing AI... this begs a question... "Is this something we will appreciate or is it something that we will fear?" I'm on the fence a bit. I find a lot of the technology fascinating but I am also aware of the fact that humanity is subject to avarice and mendacity. Do we want AI to be subject to it as well, or worse, actively practice it? What unintended consequences might we see or incur? 

For some of you out there, you may already be thinking of some abstract idea called "AI Governance", which is the act of putting guardrails and safety precautions around AI models so that they perform as we want them to. This means setting clear ethical guidelines, robust oversight mechanisms, and working to ensure that AI is used in ways that benefit society. More to the point, we need to continuously monitor and work with AI to help ensure that the data that it works with is clean, well-structured, and not poisoned. That is a never-ending process and one we have to be diligent and mindful of if we wish to be successful with it. 

Make no mistake,  AI will continue to evolve. To that end, we should approach it with both excitement and caution. AI’s ability to communicate, create, and imitate like humans presents incredible opportunities, but it also brings with it significant challenges. Whether AI becomes an ally or a threat depends on how we manage its "humanization".

AI-Augmented Testing: How Generative AI and Prompt Engineering Turn Testers into Superheroes, Not Replace Them with Jonathon Wright’s (a PNSQC Live Blog)

Sad that Jonathon couldn't be here this year as I had a great time talking with him last year but since he was presenting remotely, I could still hear him talking on what is honestly the most fun title of the entire event (well played, Jonathon, well played ;) ).

It would certainly be neat if AI was able to enhance our testing prowess, helping us find bugs in the most unexpected places, and create comprehensive test cases that could cover every conceivable scenario (editors note: you all know how I feel about test cases but be that as it may, many places value and mandate them, so I don't begrudge this attitude at all).

Jonathon is calling for us to recognize and use "AI-augmented testing" where AI doesn't replace testers but instead amplifies their capabilities and creativity. Prompt engineering can elevate the role of testers from routine task-doers to strategic innovators. Rather than simply executing tests, testers become problem solvers, equipped with "AI companions" that help them work smarter, faster, and more creatively (I'm sorry but I'm getting a "Chobits" flashback with that pronouncement. If you don't get that, no worries. If you do get that, you're welcome/I'm sorry ;) (LOL!) ).

The whole goal of AI-augmented testing is to elevate the role of testers. Testers are often tasked with running manual or automated tests, getting bogged down in repetitive tasks that demand "attention to detail" but do not allow much creativity or strategic thinking. The goal of AI is to "automate the routine stuff" so we can "allowing testers to focus on more complex challenges" ("Stop me! Oh! Oh! Oh! Stop me... Stop me if you think that you've heard this one before!") No disrespect to Jonathon. whatsoever, it's just that this has been the promise for 30+ years (and no, I'm not going to start singing When In Rome to you, but if that earworm is in your head now.... mwa ha ha ha ha ;) ).

AI-augmented testing is supposed to enable testers to become strategic partners within development teams, contributing, not merely bug detection but actual problem-solving and quality improvement. With AI handling repetitive tasks, testers can shift their attention to more creative aspects of testing, such as designing unique test scenarios, exploring edge cases, and ensuring comprehensive coverage across diverse environments. This shift is meant to enhance the value that testers bring to the table and make their roles more dynamic and fulfilling. Again, this has been a promise for many years, maybe there's some headway here.

The point is that testers who want to harness the power of AI will need a roadmap for mastering AI-driven technologies. there are many of them out there and there is a plethora of options in a variety of implementations from LLMs to dedicated testing tools. No tester will ever master them all but even if you only have access to a LLM system like Chat GPT, there is a lot that can be done with Prompt Engineering and harnessing the output of these LLM systems. They are of course not perfect but they are getting better and better all the time. AI can process vast amounts of data, analyze patterns, and predict potential points of failure, but it still requires humans to interpret results, make informed decisions, and steer the testing process in the right direction. Testers who embrace AI-augmented testing will find themselves better equipped to tackle the challenges of modern software development. In short, AI will not take your job... but a tester who is well-versed in AI just might.

This brings us to Prompt engineering. This is the process of precise, well-designed prompts that can guide generative AI TO perform specific testing tasks. Mastering prompt engineering will allow testers to customize AI outputs to their exact needs, unlocking new dimensions of creativity in testing.

Ss What Can we Do With Prompt Engineering? We can use it to...

-  instruct AI to generate test cases for edge conditions
- simulate rare user behaviors
- explore vulnerabilities in ways that would be difficult or time-consuming to code manually.
- validating AI outputs so that we ensure that generated tests align with real-world needs and requirements.

Okay, so AI can act as a trusted companion—an ally helping testers do their jobs more effectively, without replacing the uniquely human elements of critical thinking and problem-solving. Wright’s presentation provides testers with actionable strategies to bring AI-augmented testing to life, from learning the nuances of prompt engineering to embracing the new role of testers as strategic thinkers within development teams. We can transform workflows so they are more productive, efficient, and engaging. 

I'll be frank, this sounds rosy and optimistic but wow, wouldn't it be nice? The cynic in me is a tad bit skeptical but anyone who knows me knows I'm an optimistic cynic. Even if this promise turns out to be a magnitude of two less than what is promised here... that's still pretty rad :).

Vulnerabilities in Deep Learning Language Models (DLLMs) with Jon Cvetko (A PNSQC Live Blog)

Vulnerabilities in Deep Learning Language Models (DLLMs)

There's no question that AI has become a huge topic in the tech sphere in the past few years. It's prevalent in the talks that are being presented at PNSQC (it's even part of my talk tomorrow ;) ). The excitement is contagious, no doubt exciting but there's a bigger question we should be asking (and John Cvetko is addressing)... what vulnerabilities are we going to be dealing with, specifically in Deep Learning Language Model Platforms like ChatGPT?

TL;DR version: are there security risks? Yep! Specifically, we are looking at Generative Pre-trained Transformer (GPT) models. As these models evolve and expand their capabilities, they also widen the attack surface, creating new avenues for hackers and bad actors. It's one thing to know there are vulnerabilities, it's another to understand them and learn how to mitigate them.

Let's consider the overall life cycle of a DLLM. we start with our initial training phase, then move to deployment, and then monitor its ongoing use in production environments. DLLMs require vast amounts of data for training. What d we do when this data includes sensitive or proprietary information? If that data is compromised,  organizations can suffer significant privacy and security breaches.


John makes a point that federated training is growing when it comes to the development of deep learning models. Federated training means multiple entities will contribute data to train a single model. The benefit is that it can distribute learning and reduce the need for centralized data storage, it also introduces a new range of security challenges. Federated training increases the risk of data poisoning, where malicious actors intentionally introduce harmful data into the training set to manipulate the model’s generated content.

Federated training decentralizes the training process so that organizations can develop sophisticated AI models without sharing raw data. However, according to Cvetko, a decentralized approach also expands the attack surface. Distributed systems are nearly by design more vulnerable to tampering. Without proper controls, DLLMs can be compromised before they even reach production.

there is always a danger of adversarial attacks during training. Bad actors could introduce skewed or intentionally biased data to alter the behavior of the model. This can lead to unpredictable or dangerous outcomes when the model is deployed. These types of attacks can be difficult to detect because they occur early in the model’s life cycle, often before serious testing begins.

OK, so that's great... and unnerving. We can make problems for servers. So what can we do about it? 

Data Validation: Implement strict data validation processes to ensure that training data is clean, accurate, and free from malicious intent. By scrutinizing the data that enters the model, organizations can reduce the risk of data poisoning.

Model Auditing: Continuous monitoring and auditing of models during both training and deployment phases. This helps detect oddities in the model behavior early on, allowing for quicker fixes and updates.

Federated Learning Controls: Establish security controls around federated learning processes, such as encrypted communication between participants, strict access controls, and verification of data provenance.

Adversarial Testing: Conduct adversarial tests to identify how DLLMs respond to unexpected inputs or malicious data. These tests can help organizations understand the model’s weaknesses and prepare for potential exploitation.

There is a need today, for "Responsible AI development." DLLMs are immensely powerful and can carry significant risk potential if not properly secured. While this "new frontier" is fun and exciting, we have a bunch of new security challenges to deal with. AI innovation does not have to come at the expense of security. By understanding the life cycle of DLLMs and implementing the right countermeasures, we can leverage the power of AI while at the same time safeguarding our systems from evolving threats.

Mistakes I Made So You Don’t Have To: Lessons in Mentorship with Rachel Kibler (A PNSQC Live Blog)

I have known Rachel for several years so it was quite fun to sit in on this session and hear about struggles I recognized all to well. I have tried training testers over the years, some I've been successful with, others not so much. When a new tester comes along quickly, seems to get it, and digs testing, that's the ultimate feeling (well, *an* ultimate feeling). 

However, as Rachel points out, it’s also full of potential missteps, and as she said clearly at the beginning, "Believe me, I’ve made plenty!" This was a candid and honest reflection of what it takes to be a mentor and help others who are interested in becoming testers, as well as those who may not really want to become testers, but we mentor them anyway.

We can sum this whole session up really quickly with "Learning from our mistakes is what makes us better mentors—and better humans"... but what's the fun in that ;)?


Mistake 1: One-Size-Fits-All Training Doesn’t Work

There is no single, ideal method to teach testing that would work for everyone. Rachel had clear plans and expected to get consistent results. However, "people are not vending machines". You can’t just input the same words and expect identical outcomes. Each person learns differently, has different experiences, and responds to unique challenges.

Mistake 2: Setting the Wrong Challenges

It's possible to give team members tasks that are either too difficult or too easy, failing to gauge their current abilities. The result? Either they are overwhelmed and lost confidence, or they felt under-challenged and disengaged. Tailoring challenges to a trainee’s current skill level not only builds their confidence but also keeps them engaged and motivated. As mentors, our role is to provide enough support to help them succeed while still pushing them to grow.


Mistake 3: Don't Forget the Human Element

At the end of the day, we’re working with humans. Rachel’s talk highlights the importance of remembering that training isn’t just about passing on technical knowledge—it’s about building relationships.  Everyone has unique needs, emotions, and motivations. By focusing on the human element, we can create an environment where people feel supported and valued, making them more likely to succeed.

Mistake 4: Not Embracing Mistakes as Learning Opportunities

Mistakes are opportunities to learn. Mistakes aren’t failures—they’re stepping stones. Whether it’s a trainee misunderstanding a concept or a mentor misjudging a situation, these moments are chances to grow. They teach us humility, patience, and resilience.

Rachel’s talk is a reminder that no one is a perfect mentor right out of the gate. The process of becoming a great mentor is filled with trial and error, reflection, and growth. Also, Imposter Syndrome is very real and it can be a doozy to overcome.  Ultimately, the key takeaway is this: mentorship is a journey, not a destination. We will make mistakes along the way, but those mistakes will help shape us into more effective, empathetic, and responsive mentors.

Scaling Tech Work While Maintaining Quality: Why Community is the Key with Katherine Payson (a PNSQC Live Blog)

If someone had told me ten years ago I'd be an active member of the "gig economy" I would have thought they were crazy (and maybe looked at them quizzically because I wouldn't entirely understand what that actually meant. in 2024? Oh, I understand it, way more than I may have ever wanted to (LOL!). Rather than. looking at this as a bad thing, I'm going to "Shift Out" (as Jon Bach suggested in the last talk) and consider some aspects of the gig economy that are helping to build and scale work and, dare we say it, quality initiatives. 

Katherine Payson offers some interesting perspectives:

- The gig economy generates $204 billion globally
- many companies are leveraging and taking advantage of this, including international companies hiring all over the world for specific needs (I know, I did exactly this during 2024)
- In 2023, the anticipated growth rate for gig work was expected to be 17%
- By 2027 the United States is expected to have more gig workers than traditional full-time employees

This brings up an interesting question... with more people involved in gig work, and not necessarily tied to or beholden to a company for any meaningful reasons, how do these initiatives scale, and how do quality and integrity apply?

Strong Community is the approach that Katherine is using and experiencing over at Cobalt, a company that specializes in "pentesting-as-a-service". Cobalt has grown its pool of freelance tech workers to over 400 in three years. That's a lot of people in non-traditional employment roles. So what does that mean? How is trust maintained? How is quality maintained? Ultimately, as Katherine says, it comes down to effective "Community Building".

Today, many businesses are looking for specialized skills, frequently beyond what traditional full-time employees and employment can do. Yes, AI is part of this shift but there is still a significant need for human expertise. As Cobalt points out, cybersecurity, software development, and other technical fields definitely still require human employees with a very human element to them. What this means is that there is a large rise in freelance professionals actively offering niche talents on a flexible, on-demand basis (likely also on an as-needed basis both for the companies and the gig workers themselves). Again, the bigger question is "Why should a gig worker really care about what a company wants or needs?"

Community can be fostered directly when everyone is in the same town, working on the same street, going to the same office. When Cobalt first began scaling, they relied on a traditional trust model that worked well for a smaller, more centralized team. As the number of freelancers grew, however, this model began to show its limitations. Without a more robust system in place, it would be impossible to ensure consistent quality across a distributed workforce.


Tools can go a certain distance when it comes to helping manage quality and production integrity but more to the point, developing actual communities within organizations is another method for helping develop quality initiatives that resonate with people from all involvements in their organizations.

Cobalt prides itself as a company that is able to maintain quality at scale. It claims to create a culture where freelancers feel connected, supported, and motivated to deliver their best work. So how does Cobalt do that?

Collaboration and Communication: Freelancers can work independently, but they don't work in isolation. Cobalt believes in open communication, where freelancers can collaborate with one another, share knowledge, and learn from each other’s experiences.

Mentorship and Professional Development: Cobalt invests in the professional growth of freelancers. Mentorship opportunities, training programs, and access to industry resources help their freelance community continuously hone their skills.

Recognition and Incentives: High-performing freelancers are recognized and rewarded for their contributions. This helps retain top talent and encourages others to aim for top-quality work.

Feedback Loop: Freelancers receive regular feedback on their work, helping them improve and keep quality high across the board.

As the gig economy continues to grow, maintaining quality at scale will become increasingly important everywhere. Cobalt aims to embrace the strengths of their freelance workforce, not just as individual contributors but as part of a larger community. Scaling with freelancers is not just about hiring more people—it’s about building a culture of collaboration, growth, and trust. To ensure quality remains front and center, companies need to invest in their communities every bit as much as much as they do in their tools and processes.

Shifting Out: Beyond Left and Right in DevOps with Jon Bach (a PNSQC Live Blog)

If you have any involvement in testing or DevOps we hear a bunch about Shift-Left and Shift-Right. The idea is that we bring testing earlier in the development of the product and that we continue to test after the product is released. But what if there’s a third dimension, one that helps us make sure we are testing where most effective and needed, along with making the most of our testing resources? Jon Bach wants us to consider "Shifting Out" along with the familiar options.

Think of Shifting Out less as a directional movement and more of an elevation movement (rise up or levitate might be better words but it's not as memorable as Shift Out, so I get it :) If shift-Left deals with working with or around a particular tree, Shift Out gives you a view of the entire forest. Shifting out is all about your perspective, and along with that, balancing testing resources so that we have placed our attention on the important areas (harder to see when staring at one tree, so to speak ;) ). By logic, we can also consider Shifting In after we have Shifted Out.

Okay, so I get the general idea of Shift Out. How do we do it?

Customer bug reports are an interesting example. Who owns the issue? Where should testing be applied? When? Would Shift-Left or Shift-Right be helpful here? Does it even fall within the Left or Right framework? As we shift out, we start to see that problems don’t always fit neatly into one category—they often require collaboration across multiple teams to resolve. 

Early bug detection is great but the fact is that we can’t always catch bugs early, no matter how much we Shift-Left. Incomplete requirements, unknown user behaviors, and system complexity introduce a lot of unknowns, meaning that some issues are not only unlikely to be found but may be impossible to find until the code goes live. Shifting out acknowledges this and encourages teams to plan for uncertainty rather than simply striving to eliminate it.

What signals are your tests sending? Meaning are your tests highlighting the right problems? What can you learn from the data generated across development, test, and production environments? It's not enough to just run the tests. We need to analyze what the tests are telling us and what data we are getting and analyzing. Additionally, it may make sense to reframe existing tests. This way, we get the information from our original tests but also get additional information by pivoting to a different aspect or need. Same test, with different results, and possibly different conclusions.

Shifting-Out (and Shifting-In) are all about zooming in and out to consider the broader context of our testing strategies. Shift-Left and Shift-Right help focus on specific aspects of the software lifecycle, shifting out lets us step back and see how the pieces fit together. 

Shift OUT is about:

Outlook: getting credible action items and information
Understanding: knowing about the issues and contexts where they fit and what/why it matters
Treatment: knowing where and when the appropriate solution needs to be applied, as well as why it is the most effective

Ultimately, focusing solely on Shift-Left or Shift-Right leads to a tunnel vision effect. Shifting-Out helps with developing perspectives for managing all of the possible quality processes. Catching bugs earlier and learning from production is important. So is understanding the bigger picture and making informed decisions that help balance both.

Exploring Secure Software Development w/ Dr. Joye Purser and Walter Angerer (a live blog from PNSQC)

Okay, so let's get to why I am here. my goal is to focus on areas that I might know less about and can see actionable efforts in areas I can be effective (and again, look for things I can use that don't require permission or money from my company to put into play).

Dr. Joye Purser is the Global Lead for Field Cybersecurity at Veritas Technologies. Walter Angere is Senior Vice President for Engineering at Veritas and co-author of the paper. To be clear Dr. Purser is the one delivering the talk.

Creating secure software involves a lot of moving parts. So says someone who labels herself as "at the forefront of global data protection."

High-profile security incidents are increasing and the critical nature of secure software development is needed more than ever. Because of high-profile cases that end up in the news regularly, Dr. Purser shared her journey and experiences with Veritas, a well-established data protection company. She shared their journey of ensuring software security.

Veritas has a seven-step SecDevOps process, demonstrating how they aim to control and secure software at every stage.

1. Design and Planning: Building security in from the outset, not bolting it on as an afterthought.

2. Threat Modeling: Identifying potential threats and mitigating them before they can become problems.

3. Code Analysis: Veritas uses advanced code analysis tools to identify vulnerabilities early in the process.

4. Automated Testing: Leveraging automation to continuously test for weaknesses.

5. Chaos Engineering: Veritas has a system called REDLab, which simulates failures and tests the system’s robustness under stress.

6. Continuous Monitoring: Ensuring that the software remains secure throughout its lifecycle.

7. Incident Response: Being prepared to respond quickly and effectively when issues do arise.


A little more on chaos engineering. This technique actively injects failures and disruptions into the system to see how it responds, with the idea that systems are only as strong as their weakest points under pressure. Veritas' REDLab is central to this effort, putting systems under tremendous stress with controlled chaos experiments. The result is a more resilient product that can withstand real-world failures

Veritas also focuses on ways to validate and verify that code generation is done securely, along with a variety of ways to stress test software during multiple stages of the build process. The talk also touched on the importance of keeping technical teams motivated. Including examples of role-playing scenarios, movie stars, and innovative content ads a touch of fun and can help keep development teams engaged. 

As technologies evolve, so do the techniques required to keep software safe. Security is needed at every stage of the software development lifecycle. Using techniques like chaos engineering along with creative team engagement has helped Veritas stay at the front of secure software development.

What Do I want to Do With My Next Job? I want to TEST!!!

This was a draft that I never published. It's rare that I do that, to be honest. My drafts folder is very lean but I wanted to hold off on this one. I didn't realize that it would be close to a year before I actually published it. Regardless, I wanted to share some sentiments about looking for work, dealing with that reality, and what my expectations and realities turned out to be. I should mention up-front that this is primarily in the past tense, and I have inserted some new information in a different colored text so you can see what was part of the original draft and what I've added today.

---

Intended Publish Date: 11/16/2023

As fun as it was, and with great thanks to my dear friend Gwen Iarussi who reached out to me with an opportunity that I gladly took, that opportunity has reached its end. 

It's okay. Contracts do that. 

We are asked to accomplish a task or a goal, we go in and we do that, and then when it's all done, we wrap things up with a bow, take a metaphorical bow, and exit stage left. 

Of course, the challenge is that, unless something else is lined up and ready to go, we fall prey to the irregular income cycle. We can be well rewarded for our efforts for a time but we may have lean periods we have to weather between opportunities. Such is life and such is where I'm at right now.

Thus it should come as no surprise that I am now at that point where I am actively looking, trying to figure out what my next move will be, where it will be, and who it will be with. Of course, I am reaching out to any and all with these messages. Today on LinkedIn, I posted this update:


I have had many shares and some wonderful comments from a number of people (And to everyone doing that, thank you very much, it is greatly appreciated) but I want to draw special attention to something Jon Bach did with his reply to me. He said he'd be happy to keep an ear out for me but in classic Jon fashion, he added a little challenge for me. Looking out for me is all well and good but what exactly should he be looking out for? Specifically, what is it I actually want to be doing given the choices.

I gave a reply and then realized there was much more here I wanted to both ponder and put into better thought, so I'm taking the opportunity to take my original reply and expand it here:

That is an excellent question.

I listed above areas that I'm most definitely interested in. You may notice that I didn't mention "test automation"?

There's a reason.

It's not that I *can't* do it or *won't* do it (heck, my last several months have been focused entirely on teaching a class how to use C#, Visual Studio, MSTest, NUnit, and Playwright to do *exactly* that) but I am a weirdo who genuinely enjoys the exploration of testing, the detective work of testing, the journalism of testing. Given my druthers, I would much rather be involved in doing *that*.

I want to encourage the broader adoption and understanding of Accessibility and Inclusive Design. I want to advocate for Testability on products. I want to see a world where people who choose to use a particular set of health and wellness products don't have to force themselves to upgrade and abandon everything they've put together to help them achieve their goals.

I enjoy learning, I enjoy teaching, I enjoy being an advocate. I'm a fan of doing. If that seems squishy and not very well defined, it's a work in progress but honestly, I want to confirm or refute hypotheses, I want to experiment... I WANT TO TEST!!!

Star Date: 10/15/2024

Be careful what you wish for, because you may find out that you both get it and don't exactly get it (LOL!). Much of 2024 had me focusing on technical writing rather than testing. In short, I did very little of what I WANTED to do but I was 100% happy to do the work that I did. I learned a great deal in the process and I found that, perhaps, the greatest thing I could have spent my time doing was putting my own writing under a microscope. More to the point, I had a chance to compare my writing to what many AI tools were generating. I confess I was amused that I was being asked to do a writing gig for an extended period at a time when people were commenting on the idea that AI was going to take all of those writing jobs away. I even asked why they would want to hire me when there were so many AI tools that were out there. The answer was intriguing... "Yes, we have experimented with and worked with the AI tools but they don't sound or feel convincing. We think a real writer and human that is involved in this space will bring insights and emphasis that AI tools do not." I experimented with that idea and decided to do some A/B Testing, prompting sites to help me write versus writing directly. My goal was to see how long it took me to take to have a presentable draft or final product I would be happy with.

Did AI do better than me? Depends on what we mean by "better". Did it outwrite me? No. At least not from a writing quality perspective. Literally, nothing I used AI prompts and generated output from was good to go from the get-go. I had to proofread, fix spelling and grammar, and reword a lot of stuff, as well as examine claims made and verify that they coincided with reality and could be backed up by real-world examples. When compared to my regular approach of writing from scratch, the time to a complete product was about the same in both cases. Where did AI excel? It helped me identify potential areas I might have neglected or had blind spots to. In short, it was a nice nudge to look at areas I might have glossed over or had little personal experience with, and encouraged me to look at those areas. No question, that's an AI win. It didn't do the work for me but it definitely helped me frame areas I was less alert to. I could then decide if those areas made sense to explore and include (many times, it didn't but a few times, it genuinely added to my overall knowledge and experience.

Where do I want to work? I've decided it doesn't really matter where I work as long as I can be effective and useful. I'm fond of saying "I'm a software tester and I can test any software out there". On the surface, that's true. If the goal is to help you make your product more usable, more accessible, more inclusive, and more responsive, I can probably do that with any organization. However, to borrow from Dirty Harry, "A (man) has to know (his) limitations." Odds are, if a biotech company were to look to hire me, they would not be looking for my skills to help make sites accessible. They would be looking for me to investigate how software helps answer biomedical or bioengineering problems.  It's hard to make headway in those areas without previous experience. Not impossible, but I'd definitely be several steps back from people who have already worked in these industries. 


Star Date: 10/15/2024

This is still true. Frustratingly so, in fact, and we can argue all day long about why this is problematic. I fully believe that testers can be effective in many environments but understanding the problem domain is going to absolutely stand any candidate in a better position. Having said that, testers bring many skills to the table and a lot of the skills they bring might not be obvious. Over the past two years, I have worked as the Marketing Chair for PNSQC, the conference I am attending this week. A great deal of my efforts has been to discover how to interpret the data of marketing efforts, trying to make sense of sentiment and expectations, learning about and examining analytics, having debates on the value (positive or negative) of SEO, and what initiatives actually produce engagement and interest. Before my layoff, I had very little understanding of these areas and how I could leverage these in things like my own job search or presenting ideas. Many tech people know about the inner workings of a product but struggle with why someone might actually want to buy or use it. My marketing education has given me significant insights into these areas I didn't have before, as well as how to use them.

I know that the current time will require me to put a lot more attention into seeking a job than I would like to, and the competition for jobs out there is fierce right now. I cannot count the number of jobs I have applied to that at least on the surface make sense to me to apply to, and I either hear nothing back or I am rejected infavor of other candidates, even with my years of experience. I keep seeing comments from people saying "Wait, *you're* having trouble finding a job?!" It's a weird feeling wondering if you are still fighting for work with so much experience. I wish I had an answer for that.

Star Date: 10/15/2024

I'll not be so bold to say I have an answer for this but I will happily share some observations:

- Every tester who is cold applying is going up against everyone else out there applying. You are effectively a number and a score sheet at this point. If a job has 500+ applicants, odds are that, even if you are a 93/100, there are probably a lot of people who are 94/100 or better. If you are outscored by others in some capacity, you are likely not going to get a second look.

- If you know someone at a company you want to work with, reach out to them. If nothing else, they can give you an honest assessment as to whether or not where you are would be what the company is looking for. Additionally, those people, if willing to vouch for you, do put you at a significant advantage over a blind resume. The point is that you now at least have a chance of being seen as a human being as opposed to some output score or metric. Never underestimate the value of that.

- Be willing to reach out to people in your network and start conversations stating you are looking and perhaps be able to tell them some challenge or issue that they have that you could potentially solve. Even if you can't solve their immediate problem, you have shown initiative and interest in what they do. People remember that.

- Be helpful with your network and if you know of a position that someone might be able to be filled by them. Again, even if they don't get hired, they will remember that you went to bat for them in the past. That makes them much more likely to go to bat for you. Note: I'm not saying this cynically, I seriously mean that if you try to help people sincerely and honestly, those people may very well be your best bet to get in front of a hiring manager they know later.

- Ghost jobs are real, I'm sad to say. Many companies post job listings hoping to get resumes from the cream of the crop, and they will keep a job open until they get "the perfect candidates". We can argue all day long as to the value of doing that (there is no such thing as "the perfect candidate", and "the perfect candidate" will quickly get bored with the job they are an exact fit for). The point is, there are job listings that stay open forever, it seems, and get renewed regularly without getting filled. These are fishing expeditions. Just be aware of that.

- Your "passion project" may be what ultimately gets you interviews and a gig but just as often, it's the mundane work that needs to be done that is more readily available. It may not be what you were immediately looking for but being willing to do some mundane work can again open an avenue to discussing the work you really want to do with people who have now seen and experienced your work ethic.
      



Hello Again! Have you Missed Me?

 Every once in a while, I have spent less time updating and participating in my blog than I want to. However, I wasn't aware that I had yet to make any posts since 2023! Part of this has to do with using a variety of other avenues to communicate and being in a mode of looking for work and doing contract work for the duration. It has left me little time or attention for blogging.

That, however, led me to realize that it was violating my prime reason for making this blog in the first place. That was a promise to learn in public and share what I learned along the way. I have learned quite a bit over the past 16 1/2 months since I held my last full-time job and my current gig (more on that later ;) ). I'll be blunt, much of my time and attention has been hunting for work and getting the chance to do interesting work. I've developed course material for teaching manual testers to become SDETs. I co-authored a book with Matt Heusser on "Software Testing Strategies" and while I am happy that it has been well received, I'm realizing I've been terrible about actually talking about it and what's in it. I've worked on a variety of writing assignments, one of which was writing landing page content for a QA company in South America that wanted a more human touch in how their information and services appeared to an English-speaking audience. That was a neat experience and one I learned a great deal about how to improve my writing for a different audience. 

I had several opportunities to develop and deliver talks that are built around the material in our book, which means I have stepped out of my comfortable wheelhouse of Accessibility and random topics and getting to look at some interesting challenges. I talked about the puzzle pieces of good testing and had the chance to deliver them a few times. Matt and I have presented a few times now on Lean Software Testing (which we should mention is not the same or related to the LEAN startup) and it has turned into a great way to look at the way we test and how to help organizations and individual testers improve their overall testing efforts (and often without having to ask for permission ;) ).

As I am at PNSQC this week, my history of doing live blogging to capture my thoughts and impressions still alive and well. I realized that PNSQC 2023 was the last in-person event I attended, and thus it has been a year since I've done these. Apologies or you're welcome, depending on where you fall on that sentiment.

It's good to be back. Let's try to keep this conversation going.