Friday, November 04, 2016

Online Study Group Forming for the ISTQB Advanced Security Tester Certification

I am forming an online virtual study group for people who wish to prepare for and take the new ISTQB Advanced Security Tester Certification. The exam has been in place since March of 2016, but the missing piece has been training courses.

I am working hard to finish my course in both live and e-learning formats. My plan is to have a beta version of the e-Learning course available in mid-November. This beta version will not be accredited because that process takes several weeks. However, the official release version will be accredited.

I know there are people that would like to start studying for this certification now. For that reason, I am forming this online virtual study group that also includes access to the e-Learning content as it is completed.

The cost of the exam ($200) is not included in the price of the course.


Also, please note there are two pre-requisites to sit for the exam:

1. You must hold the CTFL or equivalent
2. You must have 3 or greater years experience in software testing or a related field.

Security testing experience is not required.

Here’s How it Works:

We will meet weekly for one hour in a web meeting format. I will lead the meeting, but the purpose is to answer your questions and provide additional insights to the topics. We will cover sample exam questions. The exact day and time of the meetings may vary, but my plan is to hold the meetings on Wednesday around noon, Central time. There may be times when I either must reschedule or have a fill-in facilitator.

There are 11 sessions, including the kick-off session. Tentative start date is Thursday, Nov. 17th, with a goal end date of January 25th. That may sound like a long time, but with e-Learning courses, most people take several months to complete the advanced courses.

If you can’t attend a meeting, that’s fine. We will record each meeting so you will be able to watch and listen later if you like. You can also send me your questions and feedback by e-mail and I will be happy to respond. You also have phone access to me to ask questions.

If you join after the official start date, that’s fine too. Each chapter of the syllabus stands on its own. While it is optimal to start at Chapter 1, you can either catch-up with the recorded modules, or “wrap around” in the next study group (provided there is enough interest in a second group.)

You will have access to all the e-Learning content I have produced to date. This includes narrated slide shows, course notes, exercises and solutions, as well as the ISTQB sample exam questions.

As I continue to add new content, you will have first access to it. However, I expect that all the content will be in place by the second week of the study group.

Each week, we will focus on a chapter in the syllabus. In two chapters, there will be two weeks each, due to the amount of materials. The time required to view the pre-recorded lessons will be about 2 hours per week. The exercises will require another 1.5 to 2 hours.

You will have access to other attendees to get their thoughts as well. The group and course are housed in my e-Learning Management System with forums so you can freely post ideas and questions.

You will get personal attention and mentoring from me. I expect this group will be 12 – 15 people or fewer people in size.

After the group ends, you still have access to the e-Learning course. This is helpful for review before you sit for the exam.

You have direct access to the person who chaired the development of the syllabus. I can provide context and input that is not in the syllabus or the course. And I can answer your “why” questions.

At any time you feel the group is too much for you to handle time-wise, you always have the option to continue on your own through the e-Learning modules. You still have access to me to ask any questions. In fact, you can still attend the weekly sessions. However, without doing with weekly preparation, you may feel a little disconnected.

Financial Details

The price for the full 11-week study group is $795. The cost of the exam ($200) is not included in the price of the study group.

Payment is in advance and can be made by major credit cards (Visa, MasterCard, Amex and Discover). We also accept PayPal and company checks.

How to Get Started
br /> You can register and pay at https://www.mysoftwaretesting.com/ISTQB_Advanced_Security_Tester_Study_Group_p/advsecgrp.htm

Access instructions will be sent in advance of the first session.

le="font-family: "arial" , "helvetica" , sans-serif;">Questions?

Just contact me here
Tentative Schedule and Topics


1. Thursday, Nov. 17, 12:00 p.m. - 1:00 CST - Kick-off
2. Wednesday, Nov. 23, 12:00 p.m. - 1:00 CST - Review and Discussion of Module 1 (Basis of Security Testing)
3. Thursday, Dec 1, 12:00 p.m. - 1:00 CST - Review and Discussion of Module 2 (Security Testing Purposes, Goals and Strategies)
4. Thursday, Dec 8, 12:00 p.m. - 1:00 CST - Review and Discussion of Module 3 (Security Testing Processes)
5. Thursday, Dec 15, 12:00 p.m. - 1:00 CST - Review and Discussion of Module 4 (Security Testing Through the Lifecycle, Part 1)
6. Thursday, Dec 22, 12:00 p.m. - 1:00 CST - Review and Discussion of Module 4 (Security Testing Through the Lifecycle, Part 2)
7. Thursday, Dec 29, 12:00 p.m. - 1:00 CST - Review and Discussion of Module 5 (Testing Security Mechanisms, Part 1)
8. Wednesday, Jan 4, 12:00 p.m. - 1:00 CST - Review and Discussion of Module 5 (Testing Security Mechanisms, Part 2)
9. Thursday, Jan 12, 12:00 p.m. - 1:00 CST - Review and Discussion of Module 6 (Human Factors in Security Testing)
10. Thursday, Jan 19, 12:00 p.m. - 1:00 CST - Review and Discussion of Modules 7 and 8 (Security Test Reporting, Security Test Tools)
11. Thursday, Dec 26, 12:00 p.m. - 1:00 CST - Review and Discussion of Module 9 (Standards and Industry Trends), Summary and Final Exam Tips

Thursday, November 03, 2016

ISTQB Advanced Security Tester Course Coming Soon!

A question I am asked often by people interested in the new ISTQB Advanced Security Tester certification is "When will courses be ready?"

I am excited to announce my course will be available soon in beta format - both live in-house and e-learning formats. I do not have an exact date at this time for the beta release, but I am looking at mid-November.

Since this is a beta version, the course will not be accredited initially. The plans are to have accreditation by the end of 2016. However, as chair of the ISTQB Advanced Security Tester Syllabus working party, I think I have a pretty good grip on the material.

The live course is 4 days in length and is a 50/50 mix of presentation and exercises. The e-learning course has the same content and exercises as the live course.

Here is the link to the course description: http://www.riceconsulting.com/home/index.php/Security-Testing/istqb-advanced-security-tester-course.html

If you are interested in the course or have any questions, either as an individual or as a company, please contact me through the contact form on my website: http://www.riceconsulting.com/home/index.php/component/com_formmaker/Itemid,453/id,1/view,formmaker/

I am taking course bookings for December and forward into 2017. I expect this to be a popular course, so act early to get your spot on my calendar. I will be the main instructor for the course.

Thursday, September 01, 2016

Happy Labor Day and The Software Quality Perspective

I hope you are having a great week. Me? I'm looking forward to a weekend Labor Day holiday with family and friends. To kick it off, I'm getting a cavity filled tomorrow!

For those of us in the USA, the Labor Day holiday is to commemorate the contributions of working people and labor unions. Since I have worked in IT most of my working years, I have never belonged to a union, so I'll just speak briefly here to the work ethic in software quality. However, I think much of this could apply to other fields as well.

Like you, perhaps, I have been on projects that required extreme effort and commitment to complete. Even then, some of the projects failed.

Over my 25+ years in software testing consulting, I have heard people complain about how difficult some tasks can become. My reply is something along the lines of, "Yes, that why we call it work."

I have also worked for managers that were totally clueless when it came to how to treat people. These managers expected 100% availability, no allowance for sickness or family emergencies, provided no training or encouragement to the team, and generally created a work environment that was de-motivating in nature. That is the dark side of work, in my opinion.

If I had to capsulize what a person should bring to a project, they would include:
  • Motivation - Passion for the job
  • Skills - Knowing how to do the job, and continuously learning new skills
  • Creativity - Being able to do things differently and better
  • Problem solving - So that the team lead doesn't have to do everything
  • Integrity - Doing the right thing when no one is looking
  • Caring - For the quality of work performed, and for the welfare of others
  • Vision - To see the big picture of what they are doing
  • Calling - To know why they are doing what they are doing
  • Respect - For others, for other people's ideas, for leaders

You might have other things that would fit well on the list. By the way, my two favorite books on this topic are "Peopleware" by DeMarco and Lister, and "The Mythical Man-Month" by Fred Brooks.

So, relax this weekend and enjoy the fruit of your labor. Ironically, some people will not be able to do that. They will be working. This normally includes law enforcement, military, medical professionals, broadcasters, and people working tech support, food service and retail. I salute those fine people and wish them safety in what they do.

Thursday, August 11, 2016

Recording and Slides From Today's Webinar on Decision Tables

Thanks to everyone that attended today's webinar on decision tables. For those that could not get in
due to capacity limits, I apologize.

However, here are the slides:
http://www.riceconsulting.com/public_pdf/Webinar_Decision_Tables.pdf

And here is the recording:
https://youtu.be/z5RlCBKxfF4

I am happy to answer any questions by e-mail, phone or Skype. If you want to arrange a session, my contact info is on the final slide.

Thanks again,

Randy

Wednesday, July 06, 2016

Lessons Learned in Test Automation Through Sudoku

For many years, I have recommended Sudoku as a mind training game for testers. I think Sudoku requires some of the same thinking skills that testers need, such as the ability to eliminate invalid possibilities, deduce correct answers and so forth.

Much like an application that may lack documentation, Sudoku only gives you a partial solution and you have to fill in the rest. Unlike software, however, guessing actually prevents you from solving the puzzle - mainly because you don't see the impact of an incorrect guess until it is too late to change it.

My friend, Frank Rowland, developed an Excel spreadsheet some time ago, that he used to help solve Sudoku puzzles by adding macros to identify cells that had only one possible correct value. At the time, I thought that was pretty cool. Of course, you still had to enter one value at a time manually. But I thought it was a good example of using a degree of automation to solve a problem.

Fast forward to last week. I was having lunch with Frank and he whips out his notebook PC and shows me the newest version of the spreadsheet. After listening to a math lecture from The Great Courses, he learned some new approaches for solving Sudoku.

Armed with this new information, Frank was successful in practically automating the solution of a Sudoku puzzle. I say "practically" because at times, some human intervention is required.

Now, I think the spreadsheet is very cool and I think that the approach used to solve the puzzle can also be applied to test automation. The twist is that the automation is not pre-determined as far as the numeric values are concerned. The numbers are derived totally dynamically.

Contrast this with traditional test automation. In the traditional approach to test automation (even keyword-driven), you would be able to place numbers in the cells, but only in a repeatable way - not a dynamic way.

In Franks's approach, the actions are determined based on the previous actions and outcomes. For example, when a block of nine cells are filled, that drives the possible values in related cells. The macros in this case know how to deduce the other possibilities and also can eliminate the invalid possibilities. In this case of "Man vs. Machine", the machine wins big time.

I don't have all the answers and I know that work has been done by others to create this type of dynamic test automation. I just want to present the example and would love to hear your experiences in similar efforts.

I think the traditional view of test automation is limited and fragile. It has helped in establishing repeatable tests for some applications, but the problem is that most applications are too dynamic. This causes the automation to fail. At that point, people often get frustrated and give up.

I've been working with test automation since 1989, so I have seen a lot of ideas come down the pike. I really like the possibilities of test automation with AI.

I hope to get a video posted soon to show more about how this works. Once again, I would also love to hear your feedback.  


Friday, July 01, 2016

ASTQB Mobile Tester Certification - Live Virtual Classes in August and September, 2016

According to a very recent survey published by Techwell, only 25% of respondents felt they had the knowledge/skills and tools needed for testing mobile applications!

That needs to change and I have just the way to do it.

I am launching a new schedule of live virtual training courses for this new certification from the ASTQB, starting August 9 – 11. 

I have been holding off offering this course as a live virtual course until I was 100% positive you would feel fully engaged while taking the course. I have developed a technique that I feel will keep you engaged in the material and prepare you for the exam. (By the way, the exam is not included in the cost of this course but you can add the $150 exam to your registration.)

Also, let me encourage you to keep building new skills in testing. Mobile testing is a great specialty area and it is also a great skill set to have in your career. The time to learn mobile testing is NOW. Don't wait until your employer is looking to build that special team...or (and I hope this never happens in bad way, but...) if you are looking for employment.

I will be the instructor for all presentations of this course. I am a co-author of the ASTQB Mobile Tester syllabus and author of this course. This course is fully accredited by the ASTQB. And...I have been teaching mobile testing since 2001!  You get personal access to me throughout the course and after the course to ask any questions.

This course covers all aspects of mobile testing. More about the live virtual classes can be found here:

and the course brochure is here:

In the most recent ASTQB newsletter that was published on Tuesday, I have an offer of 15% off any ASTQB Mobile Testing course – live or e-learning. Just use promo code “MOBILE15” when paying for your registration. This offer is only good through August 15. For more details on this course or to register, please visit http://www.riceconsulting.com/home/index.php/Mobile-Testing/astqb-certified-mobile-tester-live-virtual-course.html

If you want to learn more about the ASTQB Mobile Tester certification, just go to:

I hope to see you there!

Randy

Friday, May 06, 2016

ISTQB Advanced Level Security Tester Certification Officially Available!

I am very excited to announce that the ISTQB Advanced Security Tester certification is officially available. I am the chair of the effort to write the syllabus for this certification. It took us over 5 years to complete this project. We had input from security testers worldwide.

The syllabus is not yet posted on the ASTQB web site, but it will be available there very soon. It will take training providers such as myself a while to create courses and get them accredited, but they will also be out in the marketplace in the coming weeks and months.

Cybersecurity is a very important concern for every person and organization. However, only a small percentage of companies perform continuous security testing to make sure security measures are working as designed. This certification prepares people to work at an advanced level in cybersecurity as security testers. This is a great specialty area for testers looking to branch out into a new field - or to show their knowledge as security testers.

Below is a diagram showing the topics in the certification (click to enlarge):