Friday, April 14, 2017

My Experience at the Quest 2017 Conference

I was honored to be asked to present a half-day tutorial and track session at QAI's Quest 2017 Conference last week in Chicago. 

I have spoken at testing conferences since 1989, with only two years since then that I have sat out a year. So, I've been to a lot of these rodeos worldwide. In fact, I chaired the QAI International Software Testing Conference (1995 - 2000), so I know what it takes to keep everything on track.

It's from that background that I write this. My intent is not to take away from any other conference. I also have conferences on the schedule yet for this year. 

By the way, this blog post was not solicited. I just feel that when someone does a great job, recognition is deserved. 

I was blown away by this conference for several reasons:

Outstanding management - Tom Ticknor, Nancy Kastl, Anna Zucker and the rest of the team did a great job of making sure everything ran like clockwork. The weather turned rather bad on Wednesday (40F, 40 - 50 mph winds and rain), so the planned dinner cruise was still held on the boat, but it was enclosed and we never left the dock. It was also very challenging to get a few hundred people on busses and over to Navy Pier, but we all made it and a good time was had by all!

Outstanding volunteers - All the track hosts and other volunteers did a great job. In my experience, you can't pull off a great conference without great volunteers to make sure all the little things are handled. Thanks much to Kenneth Brown, who was my track host for both sessions. You rock!

A strong sense of community - I felt like I was among friends - and I was. In fact, in some cases, it was like old home week to see friends from the past QAI and CQAA events. I was able to strike up conversations with everyone I met. This was not a huge conference in terms of attendance, but for me it was just the right size - not too big, not too small.

Wide representation - This was not just a local Chicago event. There were people from much of the USA there, as well as from about a dozen other countries.

Great sessions - From the keynotes to the track sessions, I did not experience a bad session. Good content plus good speaking ability equals a great session. Also, the selection of topics was wide enough to cover just about anyone's topics of interest. 

Solid content - Speaking of content, one of the things that concerns me about the current state of testing is that we are taking our eyes off the main thing - testing and quality. Most testers think QA and testing are the same thing (they aren't). One thing that was striking to me was that in every session I attended, the concepts were solid, with very practical ways to apply the ideas. 

Awesome food - I can't say I ever had filet mignon for lunch at a conference before, but I did last week. I don't fly for the dining experience, and I don't expect a lot from conference fare, but really - bacon and eggs for breakfast every day? That's good stuff. Plus, the dinner cruise food was very good. Kudos to the Renaissance hotel for the preparation and for the Quest team for the menu selections.

Informative expo - The reality is most vendors go to the larger conferences because that is where the numbers are. But, how many of those people are the decision makers? I spoke with most of the vendors in the expo and found that they all had great offerings. I expect there were a fair number of decision-makers at the conference.

The negatives? I can't think of any.

I highly recommend this conference to anyone looking for any of the above things. If you are in the software testing or software quality field and live in the mid-west, attending the Quest Conference is a no-brainer. I hope to attend again in the future!




Thursday, April 13, 2017

Rice Consulting's IQBBA BA Certification Course is Accredited by the ASTQB

Press Release

Rice Consulting Announces Accreditation of New IQBBA Business Analyst Certification Training Course

Learn how to improve the quality of IT projects by understanding and documenting user needs in clear and understandable ways.

Oklahoma City, OK, April 14, 2017:  Randall Rice, internationally-recognized author, consultant and trainer in software testing and business analysis is excited to announce the accreditation of his newest course, IQBBA Foundation Level Certification Course by the American Software Testing Qualifications Board (ASTQB).

This is a course designed for business analysts and others who are looking for effective ways to gather and document user needs for projects in their organization. This course teaches people best practices in how to deliver projects that meets user needs and expectations.

The course is based on the Certified Foundation Level Business Analyst (CFLBA) Syllabus from the International Qualification Board for Business Analysts (IQBBA). Accreditation verifies that the course content covers the certification syllabus and glossary. In addition, the reviewers ensure that the course covers the materials at the levels indicated in the syllabus.

“Regardless of the project methodology in place, unless the user need is fully understood and articulated, a complete and correct solution cannot be delivered. Failure to capture the user needs is one key reason that around 30% of projects never reach successful implementation,” explained Randall Rice. 

ASTQB president, Debbie Friedenberg, says, "We believe that the IQBBA's internationally-recognized Business Analyst certification is of great importance to the profession, especially as we see the Business Analysis continuing to gain importance in the coming years."

This course is currently available on an on-site basis and in online e-Learning format. For further details, visit http://www.riceconsulting.com

To schedule a course to be presented in your company, contact Randall Rice at 405-691-8075 or by e-mail

Randall W. Rice, author and trainer of the course is a Certified Tester, Advanced Level and is on the Board of Directors of the ASTQB. He is the co-author with William E. Perry of two books, “Surviving the Top Ten Challenges of Software Testing” and “Testing Dirty Systems.”

Thursday, March 09, 2017

ISTQB Advanced Security Tester Certification Public Course May 16 - 19, 2017 - Salt Lake City Area

I am excited to announce one of the first public courses in the USA (and perhaps the world) for the ISTQB Advanced Security Tester Certification. This course will be held May 16 - 19, 2017 in Sandy, UT.

With cyber attacks occurring daily, most businesses and government agencies are under constant cyber attack. Unfortunately, many organizations are not doing enough to defend their physical and digital assets. Even more concerning is that while some organizations have firewalls, intrusion detection systems and other defenses, few of those organizations regularly test their defenses to determine their effectiveness.

In this course, you will learn a complete framework for testing security, regardless of the technology involved. This course and certification covers much more than just penetration testing. Certainly, penetration testing is an important part of security testing, but there are many other threats and vulnerabilities that require other security testing approaches.

Who Should Attend?

This course is for:
  • Software testers that hold the ISTQB Certified Tester, Foundation Level (CTFL) and want to expand their knowledge of security testing, 
  • Security testers who hold the CTFL and wish to obtain an advanced certification to solidify their knowledge, 
  • Security administrators who want to learn more about how to test the security defenses in their organization, and 
  • Anyone who wants to learn more about security testing but do not necessarily want to take the CTAL-SEC exam.

What You Need to Know:

1. This course follows the ISTQB Advanced Security Tester Syllabus and is written and presented by Randall W. Rice, chair of the ISTQB Advanced Security Tester Syllabus Working Group and holder of the CTAL-SEC, as well as all three ISTQB Core Advanced Certifications.

2. Anyone may attend this training, but to sit for the ISTQB Advanced Security Tester exam, you must hold the ISTQB Certified Tester, Foundation Level (CTFL) designation (or equivalent) and have 3+ years of software testing and related experience. Basic security and security testing concepts are assumed knowledge.

3. The course is four full days in length. No exam will be administered during the class, but attendees that meet pre-requisites and select the exam add-on option will receive a voucher to take the exam at a Kryterion Exam Center. http://www.kryteriononline.com/Locate-Test-Center

4. This is an intense, advanced level course with 28 exercises that cover all K3 and K4 learning objectives.

5. The venue will be announced soon. It will be in the Sandy, UT area. It is your responsibility to book your own hotel room.

6. Light breakfast and lunches are included.

7. A remote attendee option is available.

8. The cost is $2,495 (exam not included) for in-person attendees and $1,995 for remote attendees. There is a 10% discount for groups of 3 or more people.

9. The course program and details can be seen here: http://www.riceconsulting.com/home/index.php/ISTQB-Training-for-Software-Tester-Certification/istqb-advanced-security-tester-course.html

10. To register, please visit https://www.mysoftwaretesting.com/ISTQB_Adv_Security_Tester_Certification_Course_p/istqbsecpub.htm


If you have any questions, please contact me at 405-691-8075 or from the contact form at http://www.riceconsulting.com.

I hope to see you at this event!

Thanks,

Randy

Friday, February 24, 2017

Rice Consulting Announces Accreditation of New Certification Training Course for Testing Cyber Security

Press Release: For Immediate Release

Oklahoma City, OK, February 24, 2017:  Randall Rice, internationally-recognized author, consultant and trainer in software testing and cyber security testing is excited to announce the accreditation of his newest course, ISTQB Advanced Security Tester Certification Course.

This is a course designed for software testers and companies who are looking for effective ways to test the security measures in place in their organization. This course teaches people in-depth ways to find security flaws in their systems and organizations before they are discovered by hackers.

The course is based on the Advanced Security Tester Syllabus from the International Software Testing Qualifications Board (ISTQB), of which Randall Rice is chair of the Advanced Security Tester Syllabus working party.  The American Software Testing Qualifications Board (ASTQB) granted accreditation on Tuesday, February 21, 2017. Accreditation verifies that the course content covers the certification syllabus and glossary. In addition, the reviewers ensure that the course covers the materials at the levels indicated in the syllabus.

“With thousands of cyber attacks occurring on a daily basis against many businesses and corporations, it is urgent that companies have some way to know if their security defenses are actually working effectively. One reason we keep hearing about large data breaches is because companies are trusting too much in technology and are failing to test the defenses that are in place. Simply having firewalls and other defenses installed does not ensure security,” explained Randall Rice. “This course provides a holistic framework that people can use to find vulnerabilities in their systems and organizations. This framework addresses technology, people and processes used to achieve security.”

This course is currently available on an on-site basis, public courses and in online format. For further details, visit http://www.riceconsulting.com/home/index.php/ISTQB-Training-for-Software-Tester-Certification/istqb-advanced-security-tester-course.html. To schedule a course to be presented in your company, contact Randall Rice at 405-691-8075 or by e-mail.

Randall W. Rice, author and trainer of the course is a Certified Tester, Advanced Level and is on the Board of Directors of the ASTQB. He is the co-author with William E. Perry of two books, “Surviving the Top Ten Challenges of Software Testing” and “Testing Dirty Systems.”

Thursday, February 09, 2017

Webinar Slides and Recording - Security Testing: The Missing Link in Information Security

Thanks to everyone who participated in today's webinar. I really enjoyed the time together, even if I did experience a complete system failure and restart in the latter part of the webinar. Just to let you know how the rest of today went, I was checking out this evening at Wal-mart (not self-checkout) and after I scanned my debit card, the pin pad displayed a message, "System shutdown in progress". I don't know what it is about me, but I swear, systems fail in my presence. It has been that way for over 20 years now! Oh, the joys of being a tester!

OK, here we go...

Here is the recording link. I have edited the video so that all slides are shown and discussed.

Here is a PDF with the slides in 2-up format.

Here is a PDF with the slides in full color format.

I hope you find the information helpful. Feel free to share it. I hope it can help you build the awareness of the need for security testing in your organization.

Thanks!

Randy

Monday, January 30, 2017

ISTQB Advanced Security Tester Certification Training - March 7 - 10, Irving, TX

I am excited to announce the first public course in the USA (and perhaps the world) for the ISTQB Advanced Security Tester Certification. This course will be held March 7 - 10, 2017 in Irving, Texas.

With cyber attacks occurring daily, most businesses and government agencies are under constant cyber attack. Unfortunately, many organizations are not doing enough to defend their physical and digital assets. Even more concerning is that while some organizations have firewalls, intrusion detection systems and other defenses, few of those organizations regularly test their defenses to determine their effectiveness.

In this course, you will learn a complete framework for testing security, regardless of the technology involved. This course and certification covers much more than just penetration testing. Certainly, penetration testing is an important part of security testing, but there are many other threats and vulnerabilities that require other security testing approaches.

Who Should Attend?

This course is for:
  • Software testers that hold the ISTQB Certified Tester, Foundation Level (CTFL) and want to expand their knowledge of security testing, 
  • Security testers who hold the CTFL and wish to obtain an advanced certification to solidify their knowledge, 
  • Security administrators who want to learn more about how to test the security defenses in their organization, and 
  • Anyone who wants to learn more about security testing but do not necessarily want to take the CTAL-SEC exam.

What You Need to Know:

1. This course follows the ISTQB Advanced Security Tester Syllabus and is written and presented by Randall W. Rice, chair of the ISTQB Advanced Security Tester Syllabus Working Group and holder of the CTAL-SEC, as well as all three ISTQB Core Advanced Certifications.

2. Anyone may attend this training, but to sit for the ISTQB Advanced Security Tester exam, you must hold the ISTQB Certified Tester, Foundation Level (CTFL) designation (or equivalent) and have 3+ years of software testing and related experience. Basic security and security testing concepts are assumed knowledge.

3. The course is four full days in length. No exam will be administered during the class, but attendees that meet pre-requisites will receive a voucher to take the exam at a Kryterion Exam Center. http://www.kryteriononline.com/Locate-Test-Center

4. This is an intense, advanced level course with 28 exercises that cover all K3 and K4 learning objectives.

5. The venue is the Holiday Inn Express in Irving, Texas. The hotel is very close to the DFW airport for those who plan to travel to the course. The address is 4235 W. Airport Freeway, Irving, TX 75062. It is your responsibility to book your own hotel room.

6. Light breakfast and lunches are included.

7. A remote attendee option is available.

8. The cost is $2,795 (exam included) for in-person attendees and $2,295 for remote attendees. There is a 10% discount for groups of 3 or more people.

9. The course program and details can be seen here: http://www.riceconsulting.com/home/index.php/ISTQB-Training-for-Software-Tester-Certification/istqb-advanced-security-tester-course.html

10. To register, please visit https://www.mysoftwaretesting.com/ISTQB_Adv_Security_Tester_Certification_Course_p/secdfw.htm

If you have any questions, please contact me at 405-691-8075 or from the contact form at http://www.riceconsulting.com.

I hope to see you at this event!

Thanks,

Randy

Tuesday, December 06, 2016

Ten Ways to Build Your Software Testing Skills

As a software testing and QA consultant over the past 27 years, I have worked with hundreds of organizations and tens of thousands of testers. Over that time, I have observed two types of people – those that see software testing as a job and those that see software testing as a career.

Those that see testing as a career typically advance in their jobs and have a higher level of self-esteem. Those that see testing as only as a job, often get bored and complain about the lack of opportunities. The “job only” perspective also indicates that someone is only in the testing role for a limited time. Therefore, there is little incentive to invest in personal improvement.

Of course, not everyone is cut out for software testing. The role can be frustrating at times, especially when the tester is blamed for the defects they report. I jokingly say that software testing conferences are like mass group therapy for software testers and test managers. It is interesting to see the realization of people when they see that they are not the only ones with unrealistic project managers, difficult end-users, technologies that are difficult to test, and oh, that automation stuff looks so easy but it can be so difficult to implement.

I know that I am around professional testers when vigorous (not vicious) debate breaks out over seemingly minor differences in test philosophies, approaches and techniques. It shows that people have thought a lot about the ideas they are defending or opposing.

If you see software testing as a profession instead of a job, then it’s up to you to grow. The greatest mistake you can make is to stop learning and growing. For those that see software testing and QA (yes, there is a difference) as a professional career choice, here are some ways to grow your career.

1. Set growth goals for the coming year. These don’t have to be huge goals, but without these goals it’s easy to lose focus. Goals also paint the target. You know when you have hit them. Here are some examples:

Learn how to apply a test technique that is unfamiliar to you
Develop a specialty area of security testing
Learn how to use a particular test tool
Read three books about testing or some related (or even unrelated) topic
Obtain a certification in testing or a related field
Speak at a conference
Write an article

2. Read one or more books on software testing or related topics. It is amazing to me how few people read books that relate to the testing and software development professions. You have more choices than ever before with hundreds of testing books on the market. Perhaps the greater challenge is to find the books that are worthy of your time. By the way, some of the best books are also the oldest books that are available for $5 - $10 from online used booksellers such as www.abebooks.com. Two of my top recommendations are “The Art of Software Testing, 1st Ed.” By Glenford Myers and “Software Testing Techniques, 2nd Ed.” by Boris Beizer. These are foundational books in software testing, written over 30 years. However, don’t dismiss them due to age. These books are good for any tester to read. The Beizer book has a technical focus that would serve any tester well in today’s world of testing.

3. Take a training course that aligns with your goals. Even an online course is an easy reach in terms of time and cost. It is amazing what a little training can do. While good training typically will cost money, there are free and inexpensive online courses available. I have over twenty-three e-Learning courses at www.mysofwaretesting.com.

4. Create content. If you really want to learn and grow, then develop a small course, write a major article or start a blog. This not only stretches your abilities, but provides exposure as well. I never thought back in 1989 when I wrote my first testing course (unit testing) that one day I would be able to say I’ve personally written over 70 courses! I never thought I would write two books (and working on five others). And… I’m not saying that is where you will arrive. But the thing I can say is that I learn ten times more creating a class than attending a class. As the saying goes, “The best way to learn is to teach.”

5. Find a coach or mentor. Then, meet with them often enough to glean their wisdom. I know it’s hard sometimes to find the right person to mentor you, but they are out there. Look for people with lots of experience in what you want to do. Ask questions and listen. The trick on this one is that you must take the initiative to seek out the mentoring relationship.

6. Coach or mentor someone yourself. This is where you get to repay your coach or mentor. You learn by listening to the person you are mentoring. I have mentored many people and I learn by dealing with the tough questions they bring me. Admittedly, some people are difficult and are not worthy of your time. However, I have found it to be rare that a mentoring relationship has not been beneficial, both to me, and the person I am mentoring.

7. Test something totally different than you have ever tested before. Yes, this is on your own time and at your own effort, but you can learn a lot and come away with a new marketable skill. Interested in mobile testing? Find a mobile app you find interesting and challenging and test it. A way to make this profitable is to become a crowd tester. I can recommend www.mycrowd.com as a place to learn more about getting started as a crowdtester.

8. Read or watch something totally unrelated to software testing and find lessons in it for testing. Once you start looking for analogies of testing, they are everywhere. One of my favorite TV shows for testing lessons is Mythbusters, but I have also learned from Kitchen Nightmares, Hotel Impossible, Undercover Boss and many others. Novels such as Jurassic Park have some great testing lessons in them. Take notes, then write about what you learn.

9. Speak at a conference. The trends are in your favor. Smaller conferences are becoming more popular, as is finding speakers who are not well-known names in the field. Get a great topic, a case study and develop it into a conference presentation. No takers on your idea? Fine. Create a YouTube video and you will have more views in a few weeks than you would have at a physical conference! The skill you develop in speaking is that of oral communication - a skill that can really propel your success in any field.

10. Contribute to forum discussions. I’m not talking about short, one-sentence responses, but respectful, well-reasoned responses to people’s questions and/or opinions. LinkedIn groups are a great place to start. The growth comes in the articulation and sharing of your feedback and ideas. Especially on LinkedIn, group contributors gain a stronger profile and presence.

You will notice that most of the items I list are active in nature. You grow by doing.

Consider the idea that each of the above actions might have a 5% or more increase in your value to your team, your career or to your company. The combined effect of doing all of these would be phenomenal. The combined effect is not an addition function, but a multiplier function. Doing all ten items would not be a 50% value addition, but more like a 200% or more addition of value to your career and to your role in your company. I can attest to this in my own career.

This is important because in today’s marketplace, you are paid for the value you bring to a project. Low-value activities are often the first to go when companies decide to cut-back. The same holds true for people. The people that are more likely to be retained are those that add value to a project and to a company.

It’s better to build skills today for tomorrow than to realize one day you need skills that will take time to acquire and build.