You must accept that you might fail; then, if you do your best and still don't win, at least you can be satisfied that you've tried. If you don't accept failure as a possibility, you don't set high goals, you don't branch out, you don't try - you don't take the risk. - Rosalynn Carter
This first blog post is going to be my effort to track my progress, to solidify what I'm aiming to do soon. By journaling about my progress, goals, and motivations, I will be able to keep a record of what I've achieved.
It also helps with the networking aspect if people read, like and comment on what I've written.
So what will I be blogging about?
Two main areas - Quality Assurance and Information Security.
Quality Assurance - I've been in the QA game since 2004 so it's been a while and while I haven't seen the wide range of what's out there in the field, I like to think that I've dabbled in a bit of everything. I'm a believer in exploratory testing, being an advocate of good quality being present within the team and I always view as automation as a good tool to aid rather than being the mythical unicorn that will come in and solve everything.
I'm starting a new job soon where I'll be defining processes and seeing what I can to do to improve. What I'll do is a blog about it (obviously generically enough to not give too much away). I think it will be a good way of
- Tracking my accomplishments
- Show to myself and others, that yes I do know what I'm on about
- Connect to other people in the QA blogosphere.
Information Security - I've always been interested in Security in the context of Quality Assurance, but in the past, I've never really known how to start. Only recently, by looking at people on Twitter have I been able to step back and do some research on what Information Security means.
That is one of the reasons I chose the name Testing the Event Horizon - I know it doesn't make sense, but the way I see the field of InfoSec is that once a certain point, it just pulls you in and you have no chance of getting out.
I never realised that there were so many avenues in the field from research to incident response, to blue/red/purple teams and other avenues that I've not explored yet.
For me, it's a case of I think that I'm interested in Application Security more than reverse-engineering malware. I'm interested in wifi/phone security than having to look at assembly code.
However, I'm not going to say no as learning is going to be fun, I think that's where my interests are going to be focused on.
What I am doing is going back to basics and learning about networks and delving deep into APIs and really understanding what it means to test APIs. I@m also looking at resources such as picoCTF, Overthewire and OWASP Juice Box.
I'm also keen on getting a mentor in the InfoSec space.
So I'll keep this short and continue to write more.
Look forward to hearing comments.