tag:blogger.com,1999:blog-909564683308195950.comments2024-03-19T23:18:54.687+01:00A Tester's JourneyLisi Hockehttp://www.blogger.com/profile/09556173741018930715noreply@blogger.comBlogger131125tag:blogger.com,1999:blog-909564683308195950.post-85860516284368748392024-03-19T23:18:54.687+01:002024-03-19T23:18:54.687+01:00Absolutely Lisa, I'll keep you in mind! :)Absolutely Lisa, I'll keep you in mind! :)Lisi Hockehttps://www.blogger.com/profile/09556173741018930715noreply@blogger.comtag:blogger.com,1999:blog-909564683308195950.post-22172950940760946972024-03-19T22:13:15.683+01:002024-03-19T22:13:15.683+01:00If you find folks to contribute to open source as ...If you find folks to contribute to open source as an ensemble, that is something I've been searching for as well. If there is room for a non-coder who can still spot potential issues, ask useful questions, and suggest tests and stuff, I am eager!Lisahttps://www.blogger.com/profile/10230090963033880060noreply@blogger.comtag:blogger.com,1999:blog-909564683308195950.post-76116349679476582442024-02-27T16:31:50.719+01:002024-02-27T16:31:50.719+01:00so much to say.....so much to say.....Johnnyhttps://www.blogger.com/profile/07794442387450094258noreply@blogger.comtag:blogger.com,1999:blog-909564683308195950.post-37677439912575882952023-12-21T20:00:41.572+01:002023-12-21T20:00:41.572+01:00Thanks, Shirin! Glad to hear it was valuable to yo...Thanks, Shirin! Glad to hear it was valuable to you. :) It's exciting to reinvent yourself, so all the best for the next part of your journey!Lisi Hockehttps://www.blogger.com/profile/09556173741018930715noreply@blogger.comtag:blogger.com,1999:blog-909564683308195950.post-53098248016892756802023-12-21T03:01:28.422+01:002023-12-21T03:01:28.422+01:00This was such an inspiring read. I absolutely enjo...This was such an inspiring read. I absolutely enjoyed reading this piece. This piece gave me the motivation and inspired me to reinvent myself.Shirin Basharnoreply@blogger.comtag:blogger.com,1999:blog-909564683308195950.post-52706015286251251912023-11-09T00:51:33.406+01:002023-11-09T00:51:33.406+01:00You're very welcome! Thanks again for the idea...You're very welcome! Thanks again for the idea to elaborate on this topic :)Lisi Hockehttps://www.blogger.com/profile/09556173741018930715noreply@blogger.comtag:blogger.com,1999:blog-909564683308195950.post-47957236628108339432023-11-08T09:52:01.861+01:002023-11-08T09:52:01.861+01:00Thanks for the article, Lisi! I shared it with all...Thanks for the article, Lisi! I shared it with all my teams.John Webberhttps://www.blogger.com/profile/17166037667578479966noreply@blogger.comtag:blogger.com,1999:blog-909564683308195950.post-27856515654394791782023-10-19T00:51:57.321+02:002023-10-19T00:51:57.321+02:00Thanks a bunch for sharing your thoughts and exper...Thanks a bunch for sharing your thoughts and experiences! Much appreciated. Great advice on how not to do it, as well as what to consider! The point you bring up regarding getting a seat at the table really resonates with me. It makes me think of how frequent collaboration with our InfoSec team got me invited to my first security audit beginning of the year, even before officially becoming a security champion.Lisi Hockehttps://www.blogger.com/profile/09556173741018930715noreply@blogger.comtag:blogger.com,1999:blog-909564683308195950.post-16034852106678661992023-10-14T21:10:08.483+02:002023-10-14T21:10:08.483+02:00Thanks for the post. Running a security champions ...Thanks for the post. Running a security champions program is a bit tricky, I guess. <br />Looking back to my previous job, I was appointed a security champion exactly as a way to tick a checkbox and was thrown into this role with no relevant experience whatsoever (at the time I was perhaps 6 months out of the university and still learning the ropes of what it meant to do my "regular" work). What was missing for me were clear definitions of "this is what you should do", and some regular discussions on how things were going. I don't recall any training done, but in this point I might just have forgotten. <br />As one can imagine, I wasn't very effective as a security champion, but the title did two things: It got me a place around the table in the security related ceremonies (threat modeling, audits, PenTest reviews) and it made me listen each time "security" was mentioned. So, it took me three years, but eventually I could speak semi-intelligently in those ceremonies and I did learn a trick or two I could use. <br />I'm assuming there are better ways to conduct such programs, but for me, the minimal condition for such a program to work is that it can't be the only thing done. It is a great way to support other activities, but in order to have successful security champions, the teams they are in should face security issue every now and then - they should be asked to discuss security implication of feature design in the review, they should get results of the Pen-tests done to their product, and even have an annual internal security assessment of their product - the champions could latch on to this activities to grow their skills and demonstrate the value of their expertise to the team. Always fearfulhttps://www.blogger.com/profile/10841585549361070791noreply@blogger.comtag:blogger.com,1999:blog-909564683308195950.post-85496639351241252312023-10-12T01:18:39.177+02:002023-10-12T01:18:39.177+02:00Thank you, John, as always! :) As I started writin...Thank you, John, as always! :) As I started writing my reply, I realized I should write a separate blog post about this topic, there's more thinking to be done. Here's my short version for now, maybe it provides helpful pointers already. <br /><br />Keeping dependencies up to date is a hot issue for my team as well, especially as we have a whole bunch of services we own and most of them are around for quite a long time (and still valuable). So far, the following worked for us in our context.<br /><br />1) Establish, encourage and ensure 20% time for every team member used to drive tech initiatives (like getting dependencies of our services in shape). <br /><br />2) Use tooling to support easier updates, like automated scanners for outdated dependencies, utility tools to adapt required related documentation for compliance reasons, and automated checks to discover potential regressions where feasible (in combination with relying on system knowledge to quickly unveil more surprises where automation reaches its limits). <br /><br />3) Build on existing energies and practices to keep dependencies in shape (in our case we have regular tasks needed for each release, and updating dependencies became one of them). <br /><br />All this, however, likely only worked due to the team culture we fostered where people are sharing everything; knowledge, skills, load, a common goal, and more. This made it clear from the start that keeping dependencies up to date is a team task as well and we're all responsible for it, together. I hope to share more once we've lived this approach for longer time, I'm curious if we can manage to keep our system in shape.Lisi Hockehttps://www.blogger.com/profile/09556173741018930715noreply@blogger.comtag:blogger.com,1999:blog-909564683308195950.post-74135803837549068802023-10-10T10:37:27.728+02:002023-10-10T10:37:27.728+02:00An interesting article (as always), Lisi? What did...An interesting article (as always), Lisi? What did you and your team do to make keeping dependencies up to date work? This is a hot issue in our teams at the moment.John Webberhttps://www.blogger.com/profile/17166037667578479966noreply@blogger.comtag:blogger.com,1999:blog-909564683308195950.post-19491589013551811502022-11-30T18:06:52.050+01:002022-11-30T18:06:52.050+01:00You're very welcome, glad to hear. Hope you ha...You're very welcome, glad to hear. Hope you had a great time at ATD as well!Lisi Hockehttps://www.blogger.com/profile/09556173741018930715noreply@blogger.comtag:blogger.com,1999:blog-909564683308195950.post-58821425245228399632022-11-30T10:31:10.808+01:002022-11-30T10:31:10.808+01:00Thanks Lisa for sharing this journey.It refreshed ...Thanks Lisa for sharing this journey.It refreshed my experience at ATD 2022. It was my first time at ATD. Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-909564683308195950.post-42098730036634844192022-11-16T01:02:57.952+01:002022-11-16T01:02:57.952+01:00Glad to hear it helped! Thanks for the feedback, m...Glad to hear it helped! Thanks for the feedback, much appreciated :)Lisi Hockehttps://www.blogger.com/profile/09556173741018930715noreply@blogger.comtag:blogger.com,1999:blog-909564683308195950.post-58756306165250761012022-11-15T15:37:02.973+01:002022-11-15T15:37:02.973+01:00Thanks Lisi. This was very useful. I have now sign...Thanks Lisi. This was very useful. I have now signed up. :-)Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-909564683308195950.post-16671673219716887912022-09-08T21:09:10.613+02:002022-09-08T21:09:10.613+02:00Yay! You're very welcome :)Yay! You're very welcome :)Lisi Hockehttps://www.blogger.com/profile/09556173741018930715noreply@blogger.comtag:blogger.com,1999:blog-909564683308195950.post-9278986187884128332022-09-08T11:33:20.706+02:002022-09-08T11:33:20.706+02:00Such a cool idea, thanks for sharing your experien...Such a cool idea, thanks for sharing your experience! Signed up for the SoCraTes newsletter, hopefully will be able to get the tickets for 2023.Jedrzejhttps://twitter.com/dancingbugsnoreply@blogger.comtag:blogger.com,1999:blog-909564683308195950.post-14398352828539849302022-06-20T23:00:56.128+02:002022-06-20T23:00:56.128+02:00You're welcome! :)You're welcome! :)Lisi Hockehttps://www.blogger.com/profile/09556173741018930715noreply@blogger.comtag:blogger.com,1999:blog-909564683308195950.post-49510806401122745392022-06-20T10:55:54.168+02:002022-06-20T10:55:54.168+02:00Thank you for a nice summary.Thank you for a nice summary.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-909564683308195950.post-84148633211394011142022-03-23T23:10:54.987+01:002022-03-23T23:10:54.987+01:00Thanks Toyer! I had a hunch you were indeed :)Thanks Toyer! I had a hunch you were indeed :)Lisi Hockehttps://www.blogger.com/profile/09556173741018930715noreply@blogger.comtag:blogger.com,1999:blog-909564683308195950.post-72766041519130254072022-03-23T06:27:01.754+01:002022-03-23T06:27:01.754+01:00Love this Lisi, I'm a big advocate for consist...Love this Lisi, I'm a big advocate for consistency is key! and I also have this feeling of thing spiralling out of control if I let messages/tasks pile up- I believe in consistency and balance in all areas of lifeToyerhttps://www.blogger.com/profile/12260899634746586734noreply@blogger.comtag:blogger.com,1999:blog-909564683308195950.post-1271262270397535202022-03-22T00:28:02.392+01:002022-03-22T00:28:02.392+01:00Absolutely agree with rewarding helpful consistenc...Absolutely agree with rewarding helpful consistency. More often than not, the intense bursts get seen and rewarded (even if they have undesired outcomes), yet the consistent effort chipping away at something is a lot harder to recognize despite the value it can generate. Thanks for sharing your thoughts! Glad the post was useful to discover helpful patterns. :)Lisi Hockehttps://www.blogger.com/profile/09556173741018930715noreply@blogger.comtag:blogger.com,1999:blog-909564683308195950.post-90256280928132263262022-03-21T19:30:59.761+01:002022-03-21T19:30:59.761+01:00Consistency is something we should reward! Same fo...Consistency is something we should reward! Same for me, things that are in my routine like working out or walking a certain amount every day are relatively easy to get done. I am starting (after years of trying) to do the same with my sleep schedule. <br /><br />It's especially hard for me when I realize I just don't have time for everything and I have to choose among things that feel like part of my identity. Yet, I would rather fully enjoy fewer things than spread myself too thin. I think I have unconsciously learned that consistency helps me more than intensity, thanks for this post which helps me see the patterns!<br /><br />Lisahttps://www.blogger.com/profile/10230090963033880060noreply@blogger.comtag:blogger.com,1999:blog-909564683308195950.post-65238258953249168812022-02-20T18:13:15.648+01:002022-02-20T18:13:15.648+01:00Thanks a bunch, Melissa! :)Thanks a bunch, Melissa! :)Lisi Hockehttps://www.blogger.com/profile/09556173741018930715noreply@blogger.comtag:blogger.com,1999:blog-909564683308195950.post-35341255857031729472022-02-20T16:08:03.458+01:002022-02-20T16:08:03.458+01:00I enjoyed reading this. I like the emphasis of bu...I enjoyed reading this. I like the emphasis of building relationships. Wishing you continued success on your first year in this new role.MelissaFisherhttps://www.blogger.com/profile/14674460392572604162noreply@blogger.com