Sunday, February 16, 2020

DDD Europe 2020 - About Close Collaboration, Shared Language and Visual Models

Last week it was my first time at DDD Europe, and it was great. Although it was a pity to miss the fifth and final edition of European Testing Conference which took place at the exact same dates and even the same city, I was still very happy about this opportunity to explore a new community and gain a foundation in domain-driven design. I heard lots of great things about DDD Europe from different people, one of them being my colleague Thomas Ploch, who also got accepted as speaker this year.

In the beginning I didn't know what to expect of this conference and the DDD community that was new to me. I've seen the program with lots of big names, I've seen the sessions offered on topics I've merely heard about, and I wasn't sure whether my sessions on the mob approach would be a fit for this new audience. Quite intimidating, and yet also very exciting - a great learning opportunity.

Brace yourself - it was a long conference week, this is going to be a long post. It was worth it for me, though!

Arriving in Amsterdam

Sunday evening before the conference I've arrived at the hotel where most of speakers and attendees alike had been accommodated. I had some time to prepare myself for the week and practice my upcoming talk.

No one else from the conference was to be seen yet - or at least I couldn't make them out, as once more I entered a new community here. My colleague Thomas arrived the same evening as well so we had a good time over dinner and then made it to bed early. We knew it was going to be a long week; and it was indeed. A week where I learned once more about the importance of close collaboration with all parties, of evolving a shared language with everyone, of visualizing mental models to help us think, of experimentation and continuous learning. Lots of familiar topics, looked at from a different angle that was new to me.

Training Days

Both Thomas and I decided to participate in Nick Tune's and Kacper Gunia's two day training "Strategic DDD using bounded context canvas". I knew Nick from SwanseaCon and I hoped this workshop would provide me a quick hands-on introduction to all things DDD. I was not disappointed. We discovered our example domain using the business model canvas, did event storming and rule storming. We learned about bounded contexts, message flows, strategic classifications, and more. We used Nick's bounded context canvas, discussed ubiquitous language and policies, model traits, context interfaces, and sociotechnical architecture. We discovered lots of valuable heuristics along our way, too!

By joining this workshop I gained lots of new insights and pieces of knowledge which triggered lots of new thoughts. What a great entry into all things DDD, learning about concepts while applying them. I loved that we did lots of hands-on interactive exercises and mixed formats that we can take home to improve collaboration and architecture. I felt this training helped me right away to have better conversations about architectural topics. The long term impact? It made me curious to learn more, especially to see how we can bring people from different areas of expertise together and discuss a holistic view on everything.
The first day ended with very nice dinner conversations with Thomas PlochMaxime Sanglan-Charlier, Jennifer Carlston, and Thomas Bøgh Fangel. What a great group! The second day? Well, it also ended with a nice dinner - one of my favorite parts of every conference. This time I had the pleasure to get to know Zsofia Herendi, Roman Sachse and Marcello Duarte. What a nice crowd already, thank you all for the warm welcome into the DDD community!

DDD Foundations and Speakers Dinner

The main conference was preceded by a day of two smaller conferences taking place at the same time: DDD Foundations (curated by Nick Tune) and EventSourcing. People signed up for one conference could join sessions of the other one as well. In the end, however, I decided to stay with the foundations conference as one of my goals was to gain a fundamental understanding of DDD - so this sounded like the perfect opportunity. Check out my sketchnotes for the talks to learn more yourself.
A word of warning regarding my sketchnote for Alberto Brandolini's keynote: it really does not do it justice. This keynote was amazing and I could only put down a fraction of all the ideas shared. I so much related to this keynote, Alberto shared lots of wisdom on all things collaboration, experimentation and learning together. I'm very much looking forward to watching the recording when it's published, and I can only recommend it to you as well.

In the evening the speakers dinner took place. Once more I got to know more people, once again had fantastic food and even better conversations. Thank you all so much!

DDD Main Conference and Further Networking

The main conference days arrived, and with them also my own sessions. First of all, here are the sessions I joined including my sketchnotes of them.
It was a real pleasure finally listening to Kent Beck and seeing him perform on stage. What mastery. He derived the keynote content from conversations he had with conference participants. He drew his slides live in front of us. He lectured us in a unique entertaining way while still conveying important messages. What really resonated with me was to "insist on feedback before we make another decision based on risky assumptions", and that "waterfall is back, it stopped apologizing and it needs to be killed with fire."

During these main conference days, it was also up to me to perform. When first seeing the venue I couldn't resist and peek into the hall where I was supposed to speak - and I was in awe. My respect raised immediately. This theater hall accommodates up to 800 people! In the end it wasn't filled with 800, but still it was the largest stage I've ever put my foot on so far; and also the largest audience besides TestBash Brighton.

So here I gave my talk "A Story of Mob Programming, Testing and Everything". It happened to be in the last slot of the first day, with only lightening talks taking place at the same time. Therefore people thought it would be a keynote! It wasn't scheduled as such though, and yet people told me it didn't matter to them as they still think it was a keynote. I decided to stop correcting them and taking this as a compliment! :) I'm really happy it got recorded, too.

When hearing great feedback about my talk I was very relieved. It seems the topic resonated very well with the DDD community. One of my highlights here was that also Kent Beck listened to my talk, and afterwards I finally could speak with him for the first time. Now, there's a story to it. In the beginning of 2017, when my public speaking challenge started, Kent suddenly followed me back on Twitter (I assumed Lisa Crispin retweeting my stuff made this happen, so thanks to Lisa!). I couldn't believe it, so I wrote Kent a direct message telling him how honored I felt - and he said he liked my blog posts. This resulted in a written conversation over the next weeks that left quite an impact on me, encouraging me to go further on my journey. That was it back then, we never met. Now was the first time I had the chance to speak with him in person, so I grabbed it and contacted him again. And then, right after my talk, it happened. He found me and said he had been listening to me. He asked whether I would like to get feedback (absolutely!) and he shared very valuable thoughts with me how I could further level up as a speaker. Seeing him keynote the next day and having a longer conversation with him afterwards was truly inspiring! Lots of food for thought for me.
Following up on my talk closing the first day, I had a hands-on lab session on the second day on the topic of "Mob Exploratory Testing". I had given this workshop a few times already, and always revised the concept to improve it further. Just like this time, and it worked out very well. The audience was great! All of them wanted to be part of a mob, so we split into several mobs, mostly small ones around laptop screens, and two larger mobs working on bigger screens. Huge shout-out to Tobias Göschel who volunteered facilitating one of the big mobs! Great help and he said he learned a lot in this role, too. Overall, the two hours went very fast, people had fun and learned lots of things in short time. That's exactly what I like to set up the environment for! Mission accomplished.

The main conference was great, and there were even a few people I already knew. I had the pleasure to meet Kostas Stroggylos again who I knew from Agile Greece SummitGojko Adzic whom I met at several conferences already, and Romeu Moura whom I first met at European Testing Conference.

The conference evenings were great as well. On day one we had a huge dinner group where I finally met Tobias Göschel for the first time, on day two some of us joined lots of European Testing Conference speakers for dinner, bringing two great communities together and enjoying lots of insightful conversations. So good to meet many wonderful people from the testing community there! Among them my power learning group mate João Proença - although time was short I thoroughly enjoyed speaking with him in person again.

Sightseeing and a Long Way Home

Saturday arrived, the day I planned for sightseeing; so that's what I did. In case you'd like to see these parts of my conference speaking journey as well, feel free to follow me on Instagram. In the evening I joined Romeu Moura and met Felienne Hermans for the first time - what a pleasure! We had a great time together.

That should be it. I was supposed to leave Amsterdam the day after, yet life had different plans. Due to the heavy storm going across Europe, I got stranded. Instead of returning home and resting the next day, I had to wait at the hotel, the Amsterdam airport, Frankfurt, again a hotel, the Frankfurt airport, until I finally arrived home on Tuesday noon. Nothing but tired.

Still, I was happy about my time at DDD Europe and getting to know many great people. Thanks to everyone for welcoming me and sharing experiences with each other. The conference was very inclusive, and made an active effort to be so by offering gender-inclusive toilets, food for everyone, making the Pacman rule really work, and more. I loved the variety of super interesting topics. So many great speakers, no matter whether they were renowned already or not. All that combined with a very smooth organization - everything worked perfectly. Thanks so much to the fantastic organizers, you did an amazing job here and treated people very well. Looking forward to another DDD Europe!

Friday, December 27, 2019

Looking Back at 2019 - A Year Full of Challenges and Surprises

It became a habit for me to close the year with a final blog post, looking back at what happened over the last twelve months. It's one of the things I've learned to do that helps me internalize and acknowledge my own achievements. Once more the year is coming to an end - time to reflect!
  • Test Automation University was released! Many thanks to Angie Jones for bringing this amazing project to life and for asking me to do my first video course ever: "The Whole Team Approach to Continuous Testing". I've also watched several of the other courses myself and found them to be extremely valuable!
  • I have given 7 sessions at 7 conferences in 5 countries this year, 2 of them being keynotes, 2 others being talks that either opened or closed the conference. (Overall, that makes now 22 sessions at 16 conferences in 8 different countries since September 2017!) Besides that, I attended 3 more conferences this year. So much knowledge to take with me, and so many inspiring people to learn from! Being away from work for conferences, especially from my product team, was not always easy. The good thing here: we talked things over and found an agreement for us.
  • I've been accepted to give 7 sessions at 4 conferences in 3 countries for 2020 already. In addition, I've been asked by 3 companies to give talks and workshops for them in-house, with 2 of them arranged already.
  • I became part of the program team for Mob Programming Conference 2020. This is my first time on a program team for a public conference, and I'm sure I'll be learning a lot.
  • I've sketchnoted countless more talks. I can't believe I've only started this experiment last year, it already feels natural when listening to a conference talk! I didn't put in effort to level up my game here, yet it's amazing to hear positive feedback just because these notes exist and other people can benefit from them, too.
  • My first ever podcast episode got released! Huge thanks to Peter Kofler for inviting me as guest to Coderetreat Facilitation. I've had a few opportunities before that, yet nothing came out of them, so I was really glad this one worked out!
  • I've done my first Power Hour, my first introductory video as well as my first Testing Ask Me Anything session (and its follow-up) for Ministry of Testing - all on on the topic of collaboration, pairing and mobbing. Thank you Mark Winteringham for having me for the Dojo!
  • The "power learning group" initiated by my learning partner Toyer Mamoojee and me got really engaged this year! We all benefited a lot from our mutual support. Super looking forward to next year together with these wonderful people!
  • Toyer Mamoojee and I had the honor to share our learning partnership on Agile Testing Days' keynote stage. Even better: people got inspired to start their own learning partner journeys! In addition, partnerships that had formed last year had evolved this year, like the ones of Mor Korem and Thomas Rinke, as well as Viki Manevska and Eddy Bruin.
  • People got inspired by what I shared on my testing tour to start their own tours! Just to highlight two of them: Gem Hill formulated her tour around security and code, and Parveen Khan around becoming more confident as a tester and getting out of her comfort zone. I bet people did similar things before I've shared about my endeavor. The difference for me is that now I hear from people that they're up to something like that on their own - which is amazing! Please continue spreading the word, we all will benefit from learning with and from each other across company boundaries.
  • I've become code-confident, publishing my first ever GitHub repositories, and worked on code a lot more at work as well. A real biggie for me! Oh, and I already made another pact with my learning partner Toyer Mamoojee to challenge me even further in 2020! :)
  • I continued pairing sessions on the topic of security testing with Peter Kofler. To many more in the future! Especially as my next year's theme is all centered around security. :)
  • It's now officially 1.5 years that I'm on the "principal" seniority level at my company, with all the challenges that come with it. The position is quite a challenge in itself, and balancing my capacity between company initiatives and my own product team is tricky as well. Concerning that, I've found a method for me that mostly works and allows me to focus every day and week on what's right now the most valuable thing I can contribute with.
  • I ran a first experiment on our company's mission to improve the testing and quality culture of our product teams, learning a lot about the context of four other teams, helping them to help themselves.
  • I introduced the mob approach to a lot more people at my company. I ran three cross-team, cross-role, cross-location mobs as a proof of concept that remote mobs do work and we all can learn from each other, no matter our role or seniority level. I conveyed knowledge in hands-on mobs for other teams as well as our internal testing community.
  • I took on a formal mentorship for a colleague who asked me for it. Many people assumed I would have lots of experience with mentoring already - yet in reality I have not had many opportunities for more structured or formalized mentorships. I love having this chance to learn how to help another one grow on a certain topic, while I keep on learning myself!
  • I took my first personal coaching sessions at work, and they helped me tremendously. Sometimes the solution already resides in us, and a gentle nudge can help ourselves reveal it or re-state the obvious. I also got referred to join a series of leadership workshops next year. Really looking forward to learning how to improve my collaboration, communication and leadership skills!
  • I gained 1,349 followers on Twitter just this year, more than a third of the overall current number. I realize this number tended to increase faster the more followers I have, and still I really celebrated when crossing the mark of 3,000 followers. After all, Twitter is my main and most important social media platform.
  • I've started to re-share posts that mentioned me on LinkedIn. I'm not really active on that platform, yet it's my place to connect with former and current colleagues who now started to see more things that I do outside the company. The response is interesting to see, so I'll continue experimenting with it.
  • Counting this one, I've published 25 blog posts in 2019. Considering I wanted to cut down regarding blogging and experimented with more lightweight approaches to share on this medium, it's great to see I've still managed to post twice per month in average. The number of page views for my blog even climbed up to 207,275! Granted, I am probably heavily contributing to these numbers every time I look things up, yet still. ;-) And you know what's best? This very blog post is exactly my 100th post overall!
  • I realized that my energy level is not always at 80% and above (as I liked to think so). I had to learn that it can drop any time and I need to keep a constant eye on it. On the upside, becoming more conscious about it helped me to do a lot more self-care this year (like finally enjoying my passion again, playing computer games just for fun and the sake of it!). I've committed myself to increase self-care in 2020, ingraining it into my new challenge.
  • I got voted Most Influential Agile Testing Professional Person (MIATPP) by the lovely Agile Testing Days community. I couldn't believe I ranked third place in 2018, so you can imagine my disbelief this year! And yet it's a fact, the community really gave this award to me this year. I'm tremendously grateful for this wonderful feedback on my work of sharing back what I learn on my journey. Extremely encouraging!
All this was made possible by the continuous amazing support and encouragement by my community and company peers. Thank you all so much, I can only hope to pay it forward. Lists are never complete, yet some shout-outs simply have to be done here.
To everyone: have a healthy and happy new year 2020 - may it be full of wonders and growth!

Wednesday, December 18, 2019

My Pact for 2020 - Let the Next Challenge Begin

As you might know, my learning partner Toyer Mamoojee and I are committing ourselves to pacts between us, roughly one per year. A personal challenge that's scary, that's long waiting, or that's - well, simply challenging. We help each other out of our comfort zones, inspire us to grow, and hold each other accountable to what we committed to.

In 2017 our common challenge was public speaking. In 2018 I went on a testing tour, and in 2019 my challenge was to become code-confident. Now 2020 is knocking on the door. As Toyer would say: "Yes, it's that time of the year!" So let me reveal now what's coming next on my side.

Thoughts and Ideas Gathered Throughout the Year

Just as last year I already knew there will be another challenge after the current one. Once again I took note of any thought or idea that came to me throughout the year; just listing them as they occurred. Now it was time to review my raw notes and find out what would be my next challenge. My feeling was that some topics popped up more frequently than others, that there was a pattern to be found.
- contribute to an open source project
- live testing and coding on stage
- organizing Mob Programming Conference 2020
- running for AST board --> https://www.associationforsoftwaretesting.org/2019-2020-ast-board-nominations-open/
- German Testing Day conference board
- dive deeper into security
- Santhosh and Dan: pair on security testing
- become an Agile Testing Fellow trainer :)
- write a book
- self care
- speak easy mentor?
- real technical talk / demo
- blog again more about day to day topics and discussions for reflecting better
- give a technical workshop together with Toyer!
- finding the real tester in me; think testing not collaboration or learning, how do I test?
- make a change? Take security serious for real. Same with accessibility.
- become more tool-savvy
- Agile Fellowship Trainer?
- continue pairing offer, on anything
- continue coding and publishing a coding journal a blog format; maybe also testing session notes
- create new pairing offer on Calendly, keep it generic whether testing or coding
- pause criteria / health indicators: play games, read books, do sports
- after my session with Santhosh: maybe select security as next challenge? or browser extension creation? or maybe next challenge is filling theoretical gaps, taking courses?
- go deeper with what you started, build on it
- health indicators: games, books, more sleep, fruit, clean flat
- take more time for books and courses again? Combined with hands-on practice?
- sharing knowledge from my code confident challenge
- observability!
- create a small app on stage based on audience input, maybe together with volunteers, do it as a workshop
- submit again to Test.bash(); with a technical talk!
- in general: give a technical session, could also be a workshop; don't limit yourself on the topic, could be coding, security, anything; maybe even beginner's round to become "technical" covering multiple aspects I picked up over the years (all helping testing and building quality in in the end)
- TestBash Manchester open space once more intrigued me to go towards contributing to open source, security, accessibility!
- tool creation
- dedicate to courses to fill knowledge gaps
- solve Juice Shop! Or WebSec Academy
- less is more
- take care of myself: sleep more, drink more water, way more vegetarian dishes, regular sports, enjoy life
- dream more!
- Think big, start small, start now.
- start your own meetup! Let's mob together.
- security is inherently investigative! combines testing and automation and tool support and tool development and pairing up and mentoring and everything I've done the last years :D and it's hugely important. Maybe the most important thing is to change my own insecure behavior -.- becoming paranoid? Might even make a great title ^^ no no. Doing this for the right reasons. (And it'll be fun, too. And scary. In so many ways...)
- or: "accessible security" combining 
security with accessibility? For all people? Or: explaining security for everyone?
- stay (become) safe and sound
- join Manchester InfoSec Hoppers? Already know three of them, remote was okay for them, too. Looking for underrepresented people.
- join Gem's testing tour on security!
- contribute to open source by testing
- let's face it! Educate yourself
- security is long on the list, eager to learn more; yet the behavior change that needs to come with it is scary
- local security meetups
- security testing workshops at work
- shadow our security team to see their work and learn, help spread the word
- the ethically right thing to do
- accessibility? --> diversity and inclusion
- environmental behavior change
- it's really about ethics, see Lena's Leetspeak talk --> https://vimeo.com/372366783
- getting better at collaboration, a topic you got known for..
- do threat modeling with your own team
- security is a great challenge as you have to understand a lot in order to get deeper here, combine lots of knowledge, puzzling together; exploring / investigating, coding, operations/administration, social skills, etc.
- performance testing; hands-on; finally learn how to do it
- quality coaching
- observability
- focus on key area of testing: discovering useful information
- problem solving, critical thinking, cognitive biases
- "If anyone reading this works in security, watch Gwen's talk and then start attending QA and dev conferences. We should be sharing knowledge" https://twitter.com/JayHarris_Sec/status/1189181416602390528
- tool-supported testing (security, accessibility, observability, automation, performance, all of it!)
- observability
- ethics
- what scares me is where I feel I don't have much knowledge on (whether true or not), and that's mostly the -ilities or other quality aspects, or concepts from other areas of expertise like DDD, need to dig deeper
- set clear boundaries, respect health indicators
- confidence really increased so things are less scary to tackle
- what does self care mean for me?
- how observant are you? In real life and more
- cognitive biases
- asking questions
- what does scare me? Playing computer games together with others
- "Powerlifting is a good anti-stress solution for me. What works for you?" https://twitter.com/Maaikees/status/1195343346006462465?s=09
- consider time for speaking engagements, new talks to create, MPC program, family and friends, me time to stay healthy
- have the courage to do what's right; the ethical thing
- focus on spreading knowledge and mindset change in the company
- make quality measurable and culture change impact tangible; really scary. Same as fundamental principles, manifesto. We don't assure, we do it together.
Going through the list, I realized there are a few things that I did already and that I will continue anyway. Like joining the Mob Programming Conference 2020 program team. Like creating a general pairing offer. Like fostering a culture of testing and quality at my company.

There are also a few things that repeatedly came up as topics; even more and more towards the end of the year when this list grew longer. I didn't want to rely on my gut feeling only, so I counted the mentions and references of the following aspects - and this way created my top 10.
  1. security (21)
  2. knowledge sharing (14)
  3. health (9)
  4. open source and coding (7)
  5. accessibility (5)
  6. observability (4)
  7. technical (4)
  8. ethics (4)
  9. cognitive biases (3)
  10. performance (2)
This made me see a clear winner where the focus of my challenge should be. Yes, my dear fellow colleagues and community peers who use to ask when my book is coming out - you still need to wait for it! ;)

Pact Number Four, Revealed

The Challenge
Security is my clear challenge for 2020. Even clearer: raising my awareness and skills around security and sharing my insights while always taking care of myself.

The fear - well, I have a whole list of fears around this topic.
  • The area of security is huge. I often feel you need to know everything about everything and also be able to make connections between all this knowledge. You cannot follow the book, hackers won't do that.
  • I'm feeling naive (or rather stupid). I have to admit, I know about certain risks and still ignore them with open eyes. I'm sure there are many more risks I am not aware of.
  • Even worse: I try to warn others while not doing it myself. What a hypocrite I can be... That needs to stop. I indeed fail at advocating for security. We had more obvious and less obvious cases at work. Someone from another team had to come both times and make the team fix it.
  • I fail at explaining security - which tells me I haven't understood it well enough myself! I feel dumb when I realize I cannot explain concepts. I really wished I'd memorize them!
  • On top comes another emotional dimension: Security testing can be extreme fun!!! Or... extremely frustrating. The latter part scares me. Maybe I need to find out how to make it more fun and less frustrating? Also for others who feel like me?
On a positive note: why security?
  • I believe security is one of the most important quality aspects ever, and it will become even more important in the future. Technology these days comes with so many more new and different kinds of risks than we saw ever before, risks that might have huge impact on people.
  • I really want to open my own eyes when it comes to security. Raise my own awareness, and hopefully trigger a behavior change in myself.
  • By sharing about security related topics and my own lessons learned, I hope to inspire more people to open their eyes as well, make them understand the risks and also what's in it for them when investing in security. I want to contribute and do something good. 
  • To be blunt: It wouldn't hurt my personal development and career either, as I can use all my current skills, advance them, and build up lots of new relevant ones. If you think about it, security testing does indeed combine a lot: exploration, coding, automation, tool creation, operations knowledge, you name it. I bet there is a lot to learn for anyone of us.
  • Oh well, and - not to forget the fun part of challenges, right? :-)

The Hypothesis
For this pact, I wanted to break down my challenge in smaller, easier chunks and reflect this in my hypothesis. I wanted to explore as I go, learn more, and only then decide on my next steps; not in advance. A more lean and flexible approach. After all, experiments should be small and frugal, right? I only wanted the overall outcome I hope for to be defined upfront; the hypothesis should not be too strict, yet stay measurable. Here's what I came up with.
I believe that running a series of 10 small experiments around learning more about information security, practicing security testing hands-on, and sharing my knowledge,
will result in increased capability to explain security related concepts and how to test for vulnerabilities.
I know I'll have succeeded when 10 people have confirmed that they learned something new from me in the area of information security.

The Probe
Let's add more details how to test above hypothesis.
  • One experiment lasts maximally one month.
  • At the end of an experiment I write a blog post sharing what I learned.
  • I will not predefine all experiments from the start, yet rather explore my way by performing one experiment and then design the next based on the insights from the former one.
  • Examples for experiment actions might be:
    • Practice hands-on security testing on practice applications.
    • Do the training on the Web Security Academy
    • Participate in a capture the flag (CTF).
    • Join a security related meetup and meet the community.
    • Read the Pushing Left, Like a Boss series from Tanya Janca
    • Create a tool to gather information about a product or site, e.g. a browser extension, a bookmarklet, a command line tool, a code snippet.
    • Get a mentor.
  • Any experiment might prove its underlying hypothesis false. This is not considered a failure as it still adds to learning.
  • Sharing knowledge could take many forms: blog posts, talks, workshops, conversations, anything counts.
  • The 10 people could be anyone. They can come from any background or work (or have worked) in any fields (not only software); they only have to be distinct.

Start Criteria
This time I plan to start working on my challenge earliest at the beginning of 2020, not before. I know I have a lot of other tasks I need to work on before, and also a few days of vacation that I want to use for self-care, not for more work. It might even turn out that I will only start way later in the year, and that's okay, too. I don't need to beat myself up for it.


Pause Criteria
The past years showed I cannot continue non-stop. Self-care is way too important, and I need to take better care of myself. The following are the health indicators I identified for myself over the year:
  • play games
  • read books
  • do sports regularly
  • sleep and dream
  • eat fruits
  • drink water
  • eat more vegetarian dishes than not
  • clean flat
  • enjoy life
  • balance engagements
Now, I would set myself up for failure if I'd chose to fix everything at once. So I chose my biggest indicators I wanted to look out for to make sure I keep my energy up. As J. B. Rainsberger shared with me: "your energy is your bottleneck; if you take care of yourself first, you will have the energy to share your knowledge with everyone else like an 8 year old wants to." He continued: "If saying yes means saying no to yourself there's a problem; we need to get rid of the guilt or shame we feel when saying no." He agreed that saying no to this thing means saying yes to another thing. So here are the things I'm now intentionally saying yes to.
  • Play computer games for at least two hours per week. I definitively want to keep up my streak from last year here and even increase my playing time. Last year it often came down to only half an hour per week - not much time spent on my passion.
  • Read at least 40 pages of my current novel per week. I love reading books! Yet mostly I only make good progress with my audiobooks; I tend to get stuck for very long time on the novels I prefer to read. I usually read in bed right before sleeping - and most of the times I fall asleep over the first page of my book. So this is an implicit indicator of my fatigue and how much I sleep every day. I need to be rested to be able to fulfill this goal.
  • Do sports at least three times a week. This metric implicitly influences my eating and drinking habits. Sports are my physical and psychological compensation. Afterwards I'm always feeling better and often also more energized, more creative. Yet with my conference speaking adventure of the last years I traveled a lot more and therefore did a lot less sports, especially a lot less regular than I used to. The last year my eagerness to go on with my challenge really made me do it - so this is the motivator I'm hoping for to change my habits back to healthy ones.
Each calendar week I need to have at least two of above three fulfilled. If not, then I stop my challenge until I fulfilled all three again within one calendar week. There's only one exception to the rule: I'm at a conference most of the week. These indicators should help me with my self-care, they are not meant to create additional stress, so conference weeks are excluded from the rule.

I hope this way I will do better work with less stress. Oh, and one more thing: I hereby appeal to my own common sense. If I feel I'm drowning (independent from whether this is true or not), I will pause my challenge and first resolve this feeling.


Exit Criteria
When is it time to stop my challenge and evaluate my experiment overall?
  • All 10 experiments are done and the lessons learned shared.
  • It's October 31st.
  • My health indicators clearly tell me to stop.
  • I decided the challenge is not worth my time anymore, e.g. I might have it replaced by a better one.

Influences
As always, lots of people influenced me on my way. All of the following have their part in why I chose this challenge for myself now.
  • Troy Hunt. I've first learned about security testing, penetration testing, ethical hacking back in 2016. I had the chance to watch part of Pluralsight's ethical hacking series which introduced me to the whole topic and made me realize that I could do the one or the other thing myself; that it wasn't all a big mystery.
  • Johannes Seitz. My first encounter with hands-on security testing that I remember was at TestBash Munich 2017. During the open space I joined a session by Johannes who introduced me to OWASP's JuiceShop, an intentionally vulnerable practice application. We solved several challenges together - and I was intrigued to do more! Gamification really works well for me. Ever since I've used that app in several workshops myself.
  • Santhosh Tuppad. I had joined Santhosh's workshop at Agile Testing Days 2017 about security testing. This year I even had a chance to pair with him! It was amazing. So much knowledge, shared in such few time. Now he even invited me into a group of people interested in security testing.
  • Peter Kofler. In 2018 I went on my testing tour and found Peter as my pairing partner for security testing. Back then we had three sessions together that showed us we knew more about security than we thought we did. We were eager to learn more and practice more, so we decided to continue our sessions roughly once per month in 2019 (and we did!).
  • Gwen Diagram. Right after Agile Greece Summit 2018 Gwen and I went sightseeing together and she shared how she gave company internal security workshops to teach people about security. I was intrigued to do the same! Yet so far I've done only two very basic ones.
  • Dan Billing. At Agile Testing Days 2018 I joined Dan's tutorial "Web Application Security". (I loved to see Juice Shop again in a newer version! :)) I had a lot of fun and realized I was further than other people in the room. Can't wait to pair with Dan! So happy this session is already scheduled.
  • Gem Hill. Gem is on her own testing tour for a few months now, and her topic is security testing. I loved that she chose that topic and she definitely has influenced me in picking the topic up as well.
  • Jay Harris and Saskia Coplans.  At TestBash Brighton 2019 I got to know Jay, and at TestBash Manchester 2019 also Saskia. Great knowledge sharing and great conversations all around security! I love their mission to make the infoSec community a lot more diverse and inclusive than they feel it currently is. (Side note: I just found out their group has a slack channel!)
There are a lot more people doing security testing these days that I know of, like Maaret Pyhäjärvi, Claire Reckless, Nicola Sedgwick, Lena Pejgan Wiberg; and probably a lot more I still need to learn about.

All this triggered me to do some security testing related mob sessions inside and outside my company in 2019 (obviously using Juice Shop as well). More are planned, and I'm curious how far we get together.


The Tag
For my past challenges, I always used a short identifier to be able to easily refer to it. When looking for a new tag to use, I realized most of my previous ones were alliterations! Well, maybe I need a another one then. :) Alliterations aside, I brainstormed lots and lots of potential short identifiers for my 2020 challenge. Short, expressive, not overly used already on Twitter as that's my main sharing platform.

So many candidates derived from brainstorming! Yet the winner is.... #SecurityStories! Why? Because I want to convey knowledge to people that is new to them. People relate to stories. Stories have a chance to stick!

I Don't Want to Be Forced To a Halt, I Want to Thrive

I've learned what works for me during my past challenges, and I usually kept what was working. This means that I've never stopped some endeavors from which I gained the most from. Still, this requires time and effort, which means capacity and energy in my free time. I still speak at conferences, I still pair with people on various topics, I still want to grow my GitHub repositories. Therefore: my own health and self-care grew more and more important as well. The balance part here is tricky and I need to take great care not to overdo it.

I'm super eager to start my challenge! Still, let's take care first. Together.