Friday, December 27, 2024

2024 - What a Wild Ride

At the end of each year, I sit down to look back and take account of the past year in writing. I've made it my own tradition to help myself acknowledge all the things that happened during the year, especially any achievements of sorts.

I started the year with lots of hope of great things to happen (they did), lots of challenges to tackle (that sentiment nailed it), lots of joy on the way (not as much as hoped for), and lots of energy replenished (phew... nope). The year was an unexpectedly wild ride and it really drained my energy reserves. The good news is that I'm ending the year on a very positive note with a lot of hope for the future. The struggles paid off and I'm grateful for my past self that I've pulled through.

Dear future self, here are my accomplishments of 2024.

  • My sixth personal challenge of courageous new community contributions really took off, took quite a toll, and was still so much worth it. I've helped bring lots of things to life: a whole new conference, a practice app, a card deck game, a leadership workshop series - and I've given conference sessions on security for the first time. It's been massive and I've dedicated a whole separate post on closing the challenge, so I won't repeat most things in detail here.
  • One thing I will indeed repeat, as it was a true #AchievementUnlocked moment for me: I've spoken at my first security conference this year, BSides Munich! Super grateful for this opportunity, and it came at a perfect time right when I kicked off my job search, for which this specific speaking engagement paid off even more. One interviewer shared they watched the recording and liked it (phew, yay!). My future manager was sitting in the talk (I can't make this up)! When it comes to the community, this talk helped me make further connections. For example, I had a call with a new acquaintance to exchange inspiration and ideas to evolve a security champion program further. I got invited to participate in university research around DevSecOps. And you can imagine my surprise when I've discovered my very own talk been referenced in Katilyst's security champion newsletter that I had subscribed to earlier this year! Mind-blowing. By the way, in case you'd like to hear about how my work as security champion evolved over the last years, check out the recording.
  • I've had 12 speaking engagements this year, which makes it overall 103 since I've started out in 2017. Crossing the threshold of over 100 gigs is definitely something to celebrate! Looking at conference sessions alone, I've given 8 sessions at 6 conferences in 3 countries this year. In all time, that makes it 48 sessions at 27 conferences in 12 countries. I really have to count and see these numbers for myself, I'm still in awe that I really did all this. My past self wouldn't have believed me one bit.
  • Including this one, I've written 10 blog posts this year. This number still surprises me as I remember that next to everything else going on this year, there was little to no time left at all for writing. A pity, as I do think in writing, and I do write this blog for myself in the first place, for sharing in the second. Maybe there's more space for it in 2025, I'll see it when I'll do that year's review.
  • My main social media platforms this year had turned out to be still Mastodon on first place, followed by Bluesky (especially after the recent wave of folks joining). Instagram surprisingly landed on third place (being a lot better than I ever expected it to be). My LinkedIn presence grew as well. It's by far not my favorite platform to consume content, yet it has its very own purpose for career networking endeavors. Overall, I'm grateful for everyone out there posting meaningful content over the course of the year that made me think, made me read, made me listen, made me learn. I'll continue curating my own feeds hoping to pay it forward.
  • I've invested in a few other community endeavors over the year as well. Like continuing my accountability and learning partnership with Toyer Mamoojee, security pair testing sessions with Peter Kofler, joining a few code reading club sessions (unfortunately a lot less than I had hoped for). I've also had several calls and even on-site meetings with other dear community friends over the year, with us sharing on various topics ranging from learning cybersecurity, to startup ideas, to community dynamics, to anything and everything that moves us.
  • At work, this year was a wild ride as well. My team and I had a tough time deciding on all the incoming requests and their actual priorities, and catered as best we could to those with highest importance given the circumstances. Compliance of all kinds was a big topic, too. We had several incidents which allowed us to learn how our system could fail in new and surprising ways and implement respective mitigations. Lots of tricky data migrations to get right. Quite some team fluctuation as well, people leaving and coming. In the end we were a smaller core team still doing our best to keep up with occurring demands from all sides, and getting our valued legacy product back in shape. Given the circumstances, we've mostly smashed it. Well, until things changed completely.
  • Me, my team and lots of other colleagues had been laid off due to the company's business pivoting. I'm very proud of my team, on the sound culture we've built and fostered for us, how we showed up for each other over time, and how we even in the moment when everything came to an end celebrated what we had and gave each other feedback along on our ways. Kudos to everyone! We really had a good ride together. It's never nice to go through layoffs, and yet it's actually been surprisingly good to get laid off as a whole team, just having it end together at this moment in time. It's been like a band-aid being ripped off. Based on our talks, we all preferred this option over a slower and potentially more painful end, like getting chipped away at and dissolved over time.
  • My amazing network really stepped up in words and action, spreading the news of my unexpected job search, sharing opportunities, making connections. This kind of invaluable sponsorship, plus me putting a lot of effort into a high intensity search, plus my personal challenge endeavors (again building on my network) this year, allowed me to find a new job within 6 weeks, contract signed within 8 weeks. I have to write these numbers down for my future self, and even for my present self as I still can't believe this happened so fast, especially given the current market. Closing everything just before the end of the year. And not just finding just any job but one that I really, really want. And on top of that, a role change that I hoped for in the next years to come. Now it's already here, and I'm so ready for it. I've witnessed the magic of "one door closes and many other doors open" before, yet this year this phrase became a whole new meaning for me.
  • This year's personal challenge was all about new community contributions. Here's a new work-related contribution that I didn't foresee beginning of the year. From next year onward, I'll continue my path as a security engineer. When looking back at the kinds of contributions I've done this year and how many had security at their center, it does make a lot of sense, though. I just thought it wouldn't come to it that fast. There will be many more new challenges awaiting me on this next part of my journey, and I bet a few well-known ones as well. I honestly can't wait.
  • It feels like a milestone in my career to get this new role and hence opportunity to explore next year. A dear community friend helped me put up a mirror for myself: she said all this is not coming suddenly for me. I've been building this up over many, many years, the knowledge, the network, the path for myself. Lots of little building blocks all over the place providing the foundation for this next step that now has a big meaning. It's been about persistence, continuously moving forward, little by little. About pushing myself also in times I didn't feel like it, like just right after the layoffs that came at a time when I just wanted to breathe and rest. She heard me saying how tired I was all over the year. She's been celebrating this huge step for me, it's all coming together. I'm very grateful for having such dear friends offering reflections in times I really need to see them. And she's been right: the compounding effect of all the little things I've done in my career is indeed real, and very impactful now for me. I'm grateful for my past self pushing through.

Here I am. It's the end of the year again. It's been once again helpful for me to look back and see all of the above. Now I'm already super curious what my review for 2025 will look like!

Tuesday, December 17, 2024

Contributing in New Ways - Finding Closure among New Opportunities

Finally, there's time and space to close my personal challenge of 2024 by looking back at what happened and what I learned from it. Setting out beginning of the year, I had the following hypothesis.

I believe that contributing to communities in new, courageous ways will add value to the communities I'm part of and grow my own knowledge and skills. I've proven the hypothesis when...

  • I have contributed in three new ways,
  • other people engaged with these contributions, and
  • I have learned three new things from each.

Little did I know just how much this turned out to be true! Here are the new kinds of courageous community contributions I've done during the year and what I learned from them.

 

Open Security Conference (osco)

What was it about? Launch an open space security conference together with Claudius Link, Dave van Stein, Janina Nemec, and Ulrich Viefhaus. We set out to create a people-centered international gathering for everyone interested in cybersecurity, aiming to remove gatekeeping and barriers where we can to make security more accessible. The idea of the Open Security Conference (#osco) was born.

How did it go? There are so many things going into organizing a conference, let alone launching a whole new one. We had to make a few hard decisions what to do for this first instance already, and what to park only for later editions if that first one proved our concept. The biggest trouble we had, though, was a topic we didn't have on our radar at first that we completely underestimated. For a few months, the whole conference was on the edge as we had to solve the problem of handling money without having any organization (yet). This took us nearly to a halt; until we figured out a way together with our amazing venue to have all money-related topics, including sponsoring, go through them. Having made it over that big hump, we actually made the whole thing happen: the first ever Open Security Conference (#osco) took place on October 4-6 in Rückersbach, near Frankfurt/Main in Germany! We had two amazing keynotes to kick it off the event, followed by the open space as main part of the conference. We worried if things would work out with a small first group and were very relieved that people really enjoyed it. Read for yourself how the first osco went! People raised a lot of interest in an #osco25, so we can already confirm that we will have a second edition in 2025. We even found five more organizers to grow it further, we're very grateful for their trust and support. Currently, the whole organizing team is on a break to recharge energy, so our website is still on the state of 2024. Yet if you're interested, you can already save the date of 2025, October 2-5 for our second edition! Follow us on social media, Mastodon and LinkedIn, to get all latest updates once we're regrouping next year.

Which three things did I learn for myself?

  1. Investing in creating an inclusive space from the start pays off. More often than not, this vision needed us to go the extra way. While we're keenly aware of what we're still lacking (plus the things we're not aware yet), we received really good feedback that the effort and positive impact was noticed and appreciated - it was so much worth it. 
  2. It is invaluable to have a mid-sized and diverse enough group to get a big endeavor off the ground. While it wasn't always straightforward what the most effective solution to a problem right now was, we managed to play to the strengths of our different personalities and experiences in the end.
  3. Having regular and frequent opportunities to reflect on how we're doing and trying out different approaches is crucial. This applies to any group you're working with. We postponed our retrospective to after the conference, while it would have really been worth doing them a lot earlier and regularly throughout the year.

 

Security Card Game

What was it about? Create a security card game together with Martin Schmidt and Philipp Zug. This idea has its origins at SoCraTes 2023 where I brought the topic of security to the conference and loved seeing lots of folks engage, like Martin and Philipp who invited me to their idea to create a game for fun and practice. 

How did it go? We have the main concept, a constantly evolving set of rules and deck of cards. Thanks to Martin, we also have a way to play the game remotely; who knows if we'll also turn it into a physical card deck at some point (it would be great, wouldn't it?). In any case, we hope to bring it to open space conferences and the world. Check out our Security Card Game Github org in case you want to follow along, and make sure to read Martin's SecCardGame post to get a first impression of the game. Having played it a few times, we were keen to present it to others at SoCraTes 2024. To be frank, we were positively overwhelmed by all the folks coming to our session, showing lots of interest, and providing concrete feedback for us. We also found a new contributor as well to evolve the game further with!

Which three things did I learn for myself?

  1. Early and fast feedback is invaluable. Not a new learning in itself, and yet it turned out to be just as true in this space as well. We made it a point to try out the gameplay and different rules early on and continuously, without investing development time when it wasn't needed. This really paid off! Same as showing our rough and raw game already to the public without polishing it.
  2. Sometimes it's just fine to contribute in one way only. For example, for this card game I've mostly focused on the content of the cards, instead of the actual implementation. It was something I could do in between everything else, and it still helped as asynchronous contribution until we met again - when we could think of all kinds of things and ideas while being together.
  3. A little, relaxed, non-stressing, fun side-thing is a really nice side-thing. This initiative was the least stressful of all the things I've worked on throughout the year. We had set ourselves up for a great pace, continuous yet not overbearing, things moved further, not much investment was required in between, I really looked forward to our little sessions. It's nice to have things like this on the creative, energy-providing, playful side.

 

Project Snack Shop

What was it about? Build a full-stack open-source practice platform as an ensemble with Ben Dowen and Vernon Richards. We were taking the roles of the employees of the fictive company "Make-Believe Labs", taking on "Project Snack Shop" for a customer who wants to digitalize their well-running snack shop business by offering an online shop. This was intended as an as realistic as possible practice platform for all kinds of development activities. From our own vision, to the actual project offer and context, to the first proof of concepts, to team agreements, to design documents, to architectural decision records, exploring walking skeleton options with code, and more. 

How did it go? This had been a fascinating endeavor I really wouldn't miss. It's been both fun and challenging to mimic the described scenario and act accordingly. Sometimes taking on certain roles we knew we wanted to play on, like team dynamics and patterns we've observed. Wait, did I just commit a change without telling anyone (he-he-he)? Was that commit message omitting quite a big relevant change? And more! Not everything is publicly shared, but you can follow our main Snack Shop repository to see the latest state. I really appreciate having a project from the scratch where we can try things out, do some things properly, do some things in quick and dirty ways, leave some problems in the system intentionally while discovering others as we evolved it. We also had planned to bring this more to the public in the sense of webinars or streams, getting ourselves even more out of the comfort zone. Ben managed to get us a webinar where we could use our little project to work on specific challenges that are likely to get asked in an interview situation. This was a big driver for us to evolve it just to that stage where we could do the session. Afterwards, we all lacked the time to drive our snack shop much further, yet it'll always be there to work on as a nice practice playground which is closer to a real work situation already by its setup.

Which three things did I learn for myself?

  1. Building things allows me to use skills I have, yet rarely have opportunity to hone. At the same time, doing so really boosted my confidence that I indeed can figure things out. 
  2. Sometimes you have to build it yourself. There are so many practice apps out there for all kinds of purposes, it's wonderful. What we were aiming for, though, was rather unique, and I'm still not aware of any similar project. Especially doing it as an ensemble taking on different fictive roles and leaving trails and artifacts as it could be! 
  3. Constraints can be really helpful to evolve a thing further. The webinar due date helped us massively to invest time for real, make tough calls on what to leave out, and have the thing shippable. While it's nice we don't have any pressure on the project anymore, now it's lying dormant. Constraints can really be liberating.

 

Leadership Workshops

What was it about? Offer Shiva Krishnan's and my leadership workshop series to the community. This program proved to be valuable to lots of people in the past, and it definitely helped both us grow immensely. Finally, the time had come to spread the word further and transform our workshops to an open community offer. This year we wanted to try it out with a small cohort. 

How did it go? For this first community proof of concept, we decided not to have public registrations, yet to build on our networks. We thought if this goes well, we can plan for more afterwards. We tried to think of lots of things needed to bring these existing (and continuously evolving) workshops to the broader audience, like tools, communication channels, and more. We found lots of interested people. We hosted Q&A sessions to answer most frequently asked questions right away so everyone knew what to expect and what they would sign up for, especially given that this is a series of six workshops with quite some time investment required from participants. What we didn't expect was that all of the above was quite fine for folks, yet the real struggle was hidden in our vastly incompatible schedules! It took us a very long time, staying patient and trying lots of different approaches, to figure out the slots for the first two workshops. Especially as we had to split these workshops up into smaller parts, given that it wasn't happening during working time, but in addition to work for everyone. We're really happy that we found a small cohort of four people who stayed enthusiastic and dared taking this journey with us. The first two workshops are completed, four further ones will take place next year. While we originally aimed to complete all six this year, we're glad we can still do this and learn from fresh community feedback to evolve them further and hopefully bring more value to community.

Which three things did I learn for myself?

  1. It's hard to live up to your own values and leadership beliefs yet the impact of doing so matters. Especially when you give workshops on exactly this topic. Leading by example most often means not taking the easy route and finding ways that work for people while staying true to what you preach. It's been worth it big time, and I'm glad people now have a space that fits and continues to adapt to all of our needs.
  2. Community editions can be different to work sessions in unexpected ways. This turned out to be very true when having people co-create the space instead of just proclaiming a date and leaving it up to people whether they can join or not. Scheduling is a hot topic also in work contexts, especially across different roles and departments at the same company. The fact that we're working for very different companies in different modes, with very different private lives and personal needs as well, made our schedules even more diverse.
  3. Make the decision, especially when it's difficult. Originally, we wanted to start with a cohort of six people. Small and doable, while still viable. We had to make the tough decision to reduce the group to four folks to make it work at all, and communicate it accordingly. This was no easy decision at all, and at the same time the outcome shows us that it seems to have been the right decision in the end. We have a great group of engaged folks where the whole concept really works for everyone.

 

Conference Sessions on Security

What was it about? Give conference sessions on security. Ever since I've had my first pair testing sessions on security in 2018 I've been diving deeper into the area each year. I've given several sessions in company settings and at open spaces. This year it was time to extend my conference speaking to security topics and hence contribute in new ways in that space as well. 

How did it go? At the beginning of the year, I felt I could at least try to submit security-related proposals to some conferences. It would already be worth daring the mere submission and learning from it. And then it was actually working out, way more than expected! The Software Teaming Online Conference gave me rather free rein, so I made use of it and hosted an ensemble session to Capture the Flag Together: Security for Everyone, co-facilitated by Lisa Crispin. This idea was based on sessions I've given many times at various open space conferences and at work as well, so I was on familiar ground to start with. Then Agile Testing Days accepted both of the new security sessions I've dared to submit! Hence, two brand-new sessions, the workshop First Steps in Mobile Security Testing and the talk A Security Champion’s Journey - How to Make Things a Bit More Secure than Yesterday Every Day had to take place. And then SoCraTes also came and asked me to give a training again this year - maybe I could do something about security? I was so happy when I read their message, it seems all the security related sessions I gave at last year's SoCraTes had really caught their interest. So I decided to create yet another new workshop that would fit well as a foundational training: Secure Development Lifecycle Applied - How to Make Things a Bit More Secure than Yesterday Every Day. Overall, these four different security-focused sessions had been accepted by conferences, and I was very excited about these opportunities. Yet another highlight was to come. Encouraged by all this, I dared to submit my brand-new talk to my first security conference ever, BSides Munich - and it got accepted for their main stage! Speaking there was definitely one of my biggest achievements unlocked for this year. There's a recording of this inaugural talk which makes me even happier. And as it goes with speaking at a conference, it also helped me massively to get further connections in the security space.

Which three things did I learn for myself?

  1. It's worth daring to share what you've already learned on your journey. A lesson I've re-learned for myself. You never know who's going to be in the committee or audience, it might just be a great fit. And you don't have to wait to be in an exact role, position, time at life, or whatnot to start sharing. It will help you gain confidence and a clearer understanding of the topic as you need to convey it in approachable and digestible means.
  2. Sometimes, the answers are already within you. I've learned this the hard way: just because you've seen a workshop setup play out nicely, doesn't mean you can replicate it that easily. My mobile security workshop haunted me for months, not because of the content, yet due to the complex setup that I needed to break it down and make it as accessible to beginners as possible. I've asked lots of people at the conferences I've been to how they would tackle it and gained lots of good hints and tips. And yet, in the end, none of these really solved my problems. Instead, the answers were already within me, I just needed to build up the confidence to remember all the pieces of the puzzle that I've already worked with throughout my years in tech, and bring them together in a way that it solved this one. And indeed, once I had gathered further confidence, I managed to figure everything out. Even during the workshop when I still needed to debug a few things live. It worked, and I can use this to ground myself in what I actually know and trust myself more.
  3. Putting yourself out there on stage creates so many new connections and hence opportunities. Again, not a new learning, yet a re-validated one. Especially my new talk helped a lot with this, initiating lots of interesting conversations already at the conferences and also afterwards on social media. It also led me to having a dedicated call to talk about security champion programs and how to overcome struggles with someone I unfortunately missed at the conference, yet was lovely to meet online! Connections with like-minded folks are just invaluable. This talk even helped my job search - that I wasn't even aware was needed when daring to submit the session in the first place. Lots of good came out for me so far from giving back to community.

 

Running out of Capacity

Obviously, there were more ideas for even further new contributions to community this year. Creating an own capture the flag (CTF) team, contributing to an existing open-source project, maybe even really start writing a book. I'm glad I held back with these. First, there are further years to come. Second, well... taking on this challenge to contribute in manifold new ways was already filling my schedule to the rim.

So, what did I learn overall? That this year was wild. It was a constant hamster wheel. Having work being very stressful as well did not help at all. Private life was okay, though not that easy to navigate either. Overall, it was wildly too much and I really need a break now. I could have chosen a break in between at any time, yet it would have meant letting a lot of people down, including myself - so there's little to no surprise that I didn't take any break. Yet looking back at a year when I neglected most of my pure self-care activities like playing computer games (only picked it up again this month), reading fiction books (lay dormant for months as well), drawing (I remember I did it once during this year for a gift and that was about it). All of these bring me a lot of joy, and that source of energy became non-existent. At least I still invested a bit in exercising, yet as I'm doing team sports it would have also meant letting others down so of course I didn't cut short in this area. Well, it really helps my own health, so I'm still happy I didn't. But the big personal lesson for me here is that for a year that I intentionally set out with "energy & joy" as my motto but that was exactly what I lacked most - is that I must not repeat this. Whatever I do next, for any challenge, I need to build in self-care once more deliberately. Otherwise, I'll trick myself, just as I did this year. 

The second big lesson? Each of these new contributions could have been a personal challenge of the year. Cramming them together in the same year meant I had less focus on each of them, and over-committed myself, hence putting artificial self-made stress on myself when life was already stressing me out enough without me adding to it on top.

One more final lesson: anything you say yes to means you have to say no to something else. I'll have to see what other endeavors that I used to do are those I have to say no to next year, as many of the above community contributions are to be continued in 2025 - they don't just simply stop now. At the same time, I need the capacity and freedom to also go new ways and have actual slack time.

 

In Conclusion

My 2024 personal challenge is hereby officially closed. Looking at all the things I've worked on this year as part of it, I can definitely confirm that I have contributed in more than three new ways this year, that other people engaged with each of these contributions, and that I have learned at least three things from each.

I'm very grateful for all my co-conspirators in all of the endeavors described above. Without you all, my pieces alone would not have completed the puzzles we were working on together. Many, many thanks to everyone! 

This year's personal challenge to contribute in new ways had been quite a heavy one for me, and yet it helped me set myself up for good things to happen in 2025 - and I'm here for it!

Saturday, December 7, 2024

Agile Testing Days 2024 - Reunion for Quality

I started this post right after returning from the Agile Testing Days, yet I've only come around to finish it now. It's been yet again such a great conference with amazing folks, and it just deserves a proper blog post to share and remind my future self what it was like this year.

 

Monday - Arrival Day

This year, the conference started only on Tuesday of the week. Traveling on Monday, I could already build up the usual excitement before this conference that back in 2015 was my very first conference ever which laid so many foundations for my career. With its content, yet even more with its amazing folks and the space it created every year since. A space to bring your whole self, to explore what could be, to truly connect with people, and to grow beyond what I thought was imaginable.

Arriving at the hotel, I was greeted with a huge banner that welcomed me home. And as a returning alumna, this indeed hit home and resonated more with me than I already knew it would. It's one of my homes indeed and I'm grateful I discovered it so many years ago for myself.

Thank you ❤️💕 #agileTD

[image or embed]

— Alex Schladebeck (@alexschl.bsky.social) November 21, 2024 at 4:13 PM

Arriving day also means that meeting the first folks - including those I've met many years ago the first time and we've built strong connections ever since. Folks like João Proença, Elizabeth Zagroba, Thierry de Pauw, Anne Colder, Vincent Wijnen, Michael Kutz, Dragan Spiridonov, and so many more. Also meeting people I haven't had the chance yet to fully connect with, so we made up for it this year! Like with Filip Hric, whom I had the pleasure to have dinner with on this first evening, and going full circle having dinner on the last evening as well. It's been lovely to see first-timers as well and have them slowly introduce to the wider community. Agile Testing Days can feel wildly overwhelming with everything going on, so having a chance to make things smoother for those who experience it for the first time is just great.

This evening was full of wonderful conversations over dinner, ending up in the bar, and then going to bed with a renewed sense of this community where I so much belong even though (or actually because?) I never fitted in completely. Which is perfectly fine.


Tuesday - Tutorial Day

Whenever I have the opportunity to do so, I opt for taking a full-day tutorial. This year, the tutorial I chose was "Empowering Inclusive Testing: A Guide to Accessibility" by Laveena Ramchandani. I really enjoyed this training on all things accessibility. It provided foundations as well as where and how to go deeper. Laveena explained regulations, tools, and set the space for us to practice preparing for difficult conversations advocating for making our products more accessible and hence more usable for everyone. She did a great job structuring and facilitating the tutorial, equipping us with concrete actions to take back to work. Obviously, we can't solve or know everything just after a one-day training, and yet there's a lot we can take with us and start doing right away to make things better.

After the tutorial, the conference unofficially opened with the first keynote "To Heck With Your Automation Principles" by Vincent Wijnen and Paul Holland. What an entertaining start into the conference! Well presented, getting the audience to think, engage, and see how context needs to influence which heuristics to try.

Finally, time for dinner. I love that dinner groups are getting organized for everyone, not just the speakers. In my case, I did join the speakers dinner, which was lovely as always. I really enjoyed the insightful table conversations on lots of deep topics with Ash Coleman Hynie and Vernon Richards (both of whom were such a pleasant surprise to see at this conference!), Dr. Rochelle CarrJoão Proença and Sérgio Freire.

#AgileTD speakers dinner. Always special!

[image or embed]

— João Proença (@jrosaproenca.bsky.social) November 19, 2024 at 8:03 PM

 

Wednesday - Conference Day 1

The first full conference day was there, and with it came the full frenzy of Agile Testing Days! And also re-meeting so many awesome folks. Like Toyer Mamoojee and his whole family, who's been my learning partner since 2016 (can you imagine?). Like Janina Nemec, my co-conspirator for the Open Security Conference and long-time SET playing buddy. Like Gitte Klitgaard, whose wisdom, courage, and kindness had a huge impact on me ever since I've met her first here at Agile Testing Days. Here are the sessions I've joined on this day.

  • Lean Coffee by Ashley Hunsberger and Lisa Crispin. Ever since the first Agile Testing Days I've made it a tradition to join the very first day's lean coffee session. It's quite hard for me to get up that early yet I know it's always worth it - and I still have most energy on the first day. Once again, I had a really nice group of folks we discussed interesting topics with. If you have a chance to catch a lean coffee session anywhere, bring your topics and let it surprise you. This time I've asked what are other ways to spread information and connect people beyond communities of practice that people experienced working. The gathered insights: spread information to read where people are like Google's "Testing on the toilet" initiative (that now became "Tech on the toilet"), go on mystery lunches, offer shadowing so folks can see the actual work, publish newspapers instead of only newsletters, have a marketplace with a booth to present yourself, and use the coffee kitchen (or remote analog) which is just never getting old.
  • Keynote "Playful Leadership" by Portia Tung. Great opening keynote that people could relate with, setting the scene for the conference to play, dare something, grow with others around you, and listen to your physical responses. Very confident, authentic, and playful stage presence, love how Portia was leading by example.
  • "A Security Champion’s Journey - How to Make Things a Bit More Secure than Yesterday Every Day" by me. Just one week ago I've given the inaugural instance of this brand-new talk at BSides Munich. This second time I've had a very different kind of audience in front of me - yet was it really that different? The talk worked just as well, and I loved all the kinds of insightful conversations and new connections that evolved based on it during the next days. For anybody who missed the chance, the BSides edition's recording had been published already.

    Make things a bit more secure than yesterday every day! That would help us all! „A Security Champion‘s Journey“ - a great talk by @lisihocke.bsky.social at #AgileTD ! Thank you!

    [image or embed]

    — Jens Höft (@jenshoeft.bsky.social) November 20, 2024 at 11:26 AM
  • Keynote "Breaking Accessibility Barriers" by Laveena Ramchandani. I really liked that Laveena used the stage to raise awareness on critical issues we encounter every day, with many sites and products not being accessible for way more people than you might think - including yourself! The best part was when she let the audience feel the frustration and emotional roller-coaster of something not behaving as expected. A crucial topic very well presented!
  • Workshop "Collect your explorer badge" by Udita Sharma and me. We were honored to get asked to repeat this workshop this year after we've given it last year at Agile Testing Days for the first time. Once again, we had an engaged group to explore this different approach to come up with exploratory testing ideas which are easy to grasp and quick to convey to anyone else. I've made great experiences with this approach also with my own team this year, having people come up with great ideas to learn more about our product, new features or anything else we needed more information on to make better decisions. Many thanks to Udita for coming up with the original idea to this workshop and doing it together with me this year!
  • Keynote "The Obvious, the Obscured, and the Illusion: Navigating the Noise of GenAI in Testing" by Rahul Verma. I liked the call for action to get to know tools for what they are and how you can combine them to solve actual problems that they are fit to solve. This is too often forgotten over the hype that new technology can bring with.

It was time for dinner. I've always had great conversations over food and drinks at conferences, this one wasn't any different. The first conference evening is also reserved for the big costume party (where everyone without costume is just as welcome, which I personally just love). Hence, we could already enjoy the amazing costumes folks came up with on the theme of time traveling. Just loved it. My special kudos go out to Anne Colder and Vincent Wijnen who came up with the brilliant idea to take their amazing costumes from last year, traveling back in time - yet having the device fail in the most curious ways including a body swap! Absolutely hilarious and ingeniously implemented.

Time travelling women! #agiletd

[image or embed]

— Alex Schladebeck (@alexschl.bsky.social) November 20, 2024 at 7:29 PM

Then it was time for the big thing that everyone had been waiting for: "The Owl Problem", the first ever musical that Agile Testing Days (and any other conference?) has ever seen. Fully composed, enacted and brought to life by community folks. What an amazing event, so much effort in there, so much courage! Huge shout-out and kudos to the whole crew, you've moved mountains with your performance. The whole audience was in awe of you all bringing everything you got on the table and make it such a memorable event.

The Owl Problem @ #AgileTD ! 🦄🦄🦄🦄🦄

[image or embed]

— Jens Höft (@jenshoeft.bsky.social) November 20, 2024 at 9:49 PM

 

Thursday - Conference Day 2

Next conference day, and I could already feel the tiredness in my bones. Agile Testing Days can be a lot, and no matter how much I can easily advise others on taking it slow and skip sessions and take the rest you need, I fail badly at the same advice for myself. Every year again. Probably because I don't regret going full in and getting the most out of it, and yet it might still not be the wisest decision I make in a year. This day, I've joined the following sessions.

  • Keynote "Technical coaching development teams using the Samman method" by Emily Bache. Loved this keynote by Emily, so many important points delivered in such a concise way. Even though I knew the Samman Method already, I've still taken new insights with me when it comes to skill building which triggered thoughts related to my own situation. Emily delivers her content in such a professional and relatable way, I just love that she took the Agile Testing Days stage and people had the opportunity to learn from her.
  • "Make a fearless start with security testing" by Sander van Beek. Sander did a great job breaking down important security concepts to provide digestible starting points for beginners to continue their own security journey from. I always enjoy learning from others how they convey such topics, and also taking sketchnotes so this kind of content can be spread further.
  • Keynote "Testing, Identity, and Symbols" by Jenna Charlton. Jenna really made me think with their keynote about my own identity, or rather identities I gathered so far in my life, and those I'm about to add to all of this. Where I feel I belong already, where not, where not yet. And where others might struggle in different ways than I am.
  • Workshop "First Steps in Mobile Security Testing" by me. My third and final session to give this year was a brand-new workshop. Probably the most daring one, definitely the most complex one I've ever given. I've had the concept in my mind for quite a long time, yet what made this workshop so difficult to prepare for that it haunted me for many months was the setup. This should be a first steps workshop for everyone who was new to either mobile, or security, or both. With an unknown audience and an unknown range of their existing knowledge and skills. In just two hours of time. Well, I might write a separate blog post just on the setup part to fully grasp the extent of this, and hopefully help others find a suitable solution quicker. All in all, this workshop helped me gain insights on how I can reduce the struggles even further for folks. And despite the struggles we still had, it seems to have helped folks to take their first steps in mobile security testing - and giving them this experience was exactly what I set out to do. Special shout-out to Andrej Thiele who wasn't only so kind to share feedback with me afterwards, yet also took time to listen to me on some personal struggles I've been facing - hugely appreciated!
  • Keynote "I'm managing just fine!" by Lena Nyström and Heather Reid. Such a great presentation of such fundamental questions and situations I could really relate to. I loved how Heather and Lena weaved their own experiences and stories in and how they delivered them in re-acting parts of their actual conversations and their insights gained. It triggered lots of thoughts on my own situation and decisions, what made me go this way so far and why I opt for what to be my next step.

There were lots of great evening activities offered. This year, I chose to prioritize self-care and instead opted for having dinner out in Potsdam together with a bunch of folks. Sometimes, getting out, having a smaller group, having a differently loud environment, just helps. This time it was such a good opportunity to also check in with Ashley Hunsberger and Richard Bradshaw

Returning to the conference, we've found the brilliant Sophie Kuester and the outcome of her late night snack exchange. Just loved her idea last year already to ask folks to bring special treats from their regions and have all of us enjoy each other's delicacies! Really brings people together. This year I've missed most of it, and yet still enjoyed so many of these sweet and savory explorations. Many thanks to Sophie for this amazing edition in the purest spirit of Agile Testing Days!

Hey #AgileTD friends (and if you're wondering, yes, you ARE a friend) help yourselves to the greatness that is our collaborative candy bar! #SnacksSnacksSnacks #CrewLove #SnacksAreAwesome #TummyAche #HeartBurn

[image or embed]

— Mlle Sophie Pofie (@mllesophiepofie.bsky.social) November 21, 2024 at 11:00 PM

This was also the night when I finally had the opportunity and pleasure to spend more time with Tobias Geyer and talk a lot about things that are moving us, like what impact we have on other people's lives and the systems we live in, and what else we can do to make the spaces we're in more inclusive, using our privilege. Thanks a lot for sharing these thoughts also beyond the conference boundaries! It's a continuous effort and we all need to continue learning and unlearning.

 

Friday - Conference Day 3

There it was already, the last conference day. Agile Testing Days is a whole week, and at the beginning time seems to extend, we have so much of it in front of us together. And suddenly the last day already arrived and time had just flown by. In addition, the tiredness came to the forefront on this day. This year, Agile Testing Days was hosted as a hybrid event, with the main part on-site as usual, yet all the talks being recorded and streamed, plus online activities happening as well. I didn't have any energy to join online at the same time, yet I knew I could come back to sessions also afterwards. Which allowed me to make a wise decision and skip the first sessions on this day to catch at least some sleep. So here are the sessions I did participate in this day.

  • "Mistaken Identities" by Sanne Visser and João Proença. Such a deep and crucial topic, delivered in such an entertaining way. Awesome stage performance of both Sanne and João telling all the stories how their identities got mixed up and what they tried to cope with the situations thrown at them. I loved that they used the opportunity to remind people of how quickly things can go wrong, even without bad intentions, and how tools we have can be used for malicious purposes as well. We need to be mindful and considerate when building these tools.
  • Keynote "Diamonds in the Rough" by Ashley Hunsberger. This keynote really made me think - what fuels my motivation nowadays? I have crafted my jobs in the past, yet what job would I craft myself right now and here? What potential is still lying dormant that would really relight my fire? So many more questions, based on the research and models presented. I loved that Ashley showed both deep vulnerability and such strength on stage, what a role model for all of us to learn from.
  • "Love in Bytes: QA Engineering for Work-Life Symphony" by Toyer Mamoojee and Reumaysa Mamoojee. How often do we transfer lessons learned from one area of our lives to another? Well, in this talk I learned we should do it more often! We don't learn strategies, techniques and tools for our work context alone. Toyer and Reumaysa showcased how we can benefit from them in our everyday personal life just as well - and vice versa. The stories made the content very relatable, and the paired presentation worked out really well.
  • "Test like a developer, develop like a tester" by Filip Hric. We need more people spreading the word! I really appreciate Filip for showcasing how we don't need to have such a divide between roles in the same team when we're working on the same goal together. And how much we can learn from each other as well. Very well presented, too!

And there it was. The closing session, the many thanks and appreciations to organizers, volunteers and everyone. Final pictures, of course also with the unicorn we all shared the stage with. It was done. Such a happy sad wonderful feeling, it gets me every time.

Lots of people had left already at this point. Some people were staying around, clinging to this community spirit, not willing to let go just yet. Another amazing dinner group, enjoying awesome food together. My chance to also get to know Elizabeth Simister - loved our conversation!

Enjoying more snacks at the hotel. Having an absolute blast witnessing Elizabeth Zagroba run her by now infamous No Vehicles in the Park game with us. Having the day fade out on such insightful conversations on work places, careers, opportunities and more together with Thierry de Pauw, Toyer Mamoojee, and Janina Nemec. Many thanks to all of you.

 

Saturday - Departure Day

Another Agile Testing Days in the books. One that was brilliant in content. One where I once again still got most out of the hallway track, together with all these amazing folks. One that helped me immensely on my current situation searching for a new job, exploring new possibilities. One where I gave back once again to this community I continue to receive so much from. This conference is a very special reunion for quality in all kinds of aspects. We're truly stronger together.

Me: "I really have a lot of mugs, maybe I should get rid of some..." Looks at mugs and keeps all. Gets mug in speaker gift from #agileTD Me: "ok I need one more mug" :)

[image or embed]

— Gitte Klitgaard (@nativewired.com) November 25, 2024 at 5:31 PM