This transcript has been edited lightly for clarity and brevity.
Part 1
Emma: Hello, listeners. It’s your host Emma, and I’m really excited to introduce our guest today. It’s Monday so I must be excited! We are joined by Adam Satterfield, who you can hear laughing there. He is Senior Director of Engineering Enablement at Global Payments. Adam is a bonafide expert in software testing, having dominated the sphere for over 20 years across a wide array of industries, such as SAS, telecom, mobile, healthcare, and finance. A super warm welcome, Adam, how are you?
Adam: Thanks, I’m excited to be here. I’ve watched some of your previous podcasts and you have a lot of really good talks there so I’m excited for this one.
Emma: Excellent. I like that you said prior to this that you’re ready to attack the week!
Adam: Yeah, you got to get up and just, you know, go for it. I’m not a big fan of dragging into Mondays, I prefer to start things off with a bang!
Adam: Yeah, let’s start with a punch here!
Emma: So just for our listeners, this is the final episode of our test management talk series. This is where we are talking to leaders in the field who strategize and implement test case management at the enterprise level and do it very well. And what a way to wrap up with you, Adam. You’ve partnered with us for many years, whilst managing a portfolio of testing teams and applications at both Global Payments and Anthem. These are two hugely successful U.S.-based companies, both well into their digital transformation journeys, providing a very slick experience to hundreds and thousands of customers looking to meet their financial and healthcare needs.
So let’s start with an idea of Global Payments. At Global, I understand you work with 1,000+ testers, and they’re located all over the world, from the UK and Ukraine, Colombia… it’s probably best to say where aren’t they located?! And you’re primarily using DevOps, which makes sense, given the fact that the payments that you facilitate are indeed global.
Could you share how you manage testing your portfolio across those geos?
Adam: It definitely can be very challenging, especially these days with COVID. So it used to be, you know, you’re kind of managing the portfolio and having conversations, and it would be you, and maybe a few folks in a room. And a large portion of that team was also in a singular location. Now, it’s multiple people spread across multiple different locations, most of them working from home still. So I would say what we try to do is still have a little bit of a human touch. So we like to begin every conversation with, “Hey, how are things going,” you know? “What have you been up to? How was your weekend?” to really kind of keep that human touch and make sure you have that same connection.
“Make sure you’re leveraging your cloud tools. So you know, your chats — Confluence or Slack or whichever you use — to keep conversations going and communication flowing. Communication was super important pre-COVID, and it’s even more important now. If you don’t have that communication, that’s when things really tend to break down.“
Adam: Yeah, it’s very people driven, and especially these days. I mean, I think we all can recognize it: the market’s very weird with people leaving and coming and going. You know and the old thing that stays true is – in one of the big studies I think Gartner or someone had done – it says that over 70% of the people who leave a job do so because of their leader. So when you look at something like that (and it’s already hard enough to hire people), you’ve got to maintain that personal touch and show a very human side of the work that you’re doing. And yeah, processes are important; tools are incredibly important, but without the people to do the work, it’s just a tool that sits by itself.
Emma: Cool. And this leads into my next question actually, as we’ve already touched on primarily the people aspect.
Are there any other consistent best practices or principles that you’ve applied across the various roles you’ve had?
Emma: For example, I’ve mentioned some of the companies, but you’ve led QA and testing teams at VP and Director level, and a lot of these companies share common ground in that they are all up against strict compliancy and security measures. So I’m interested to kind of zoom in a little bit and see what principles you’re applying there.
“There are two core principles that I apply in pretty much every team that I work on. The first, and probably the simplest, is always take a risk-based approach.“
Adam: We’re all very familiar in the testing world and the testing squeeze: When we get to the end of a project, and we have to start ripping things out — as we’re flying the plane we’re trying to throw out the seats and luggage to make sure we have enough gas to get our location. If you don’t understand a risk-based approach, you don’t really know what’s the most important thing to test; you don’t know what’s most important for your customers or your business. So that’s really the first.
The second is if you are an application tester, you really need to live or die by OWASP. So that is the organization that defines, you know, the best practices for security testing for web applications. Absolutely critical if you’re a tester and you don’t know what the OWASP Top 10 are, which – here’s a hint – they’ve just recently changed. They’re going into their new model for 2021/2022, so if you are using OWASP, make sure you take a look at those changes. And if you’re not, you really need to take some time to learn that.
Emma: Nice. That’s great, that specific advice. And it’s funny, that’s not the first plane analogy I’ve heard today. I was speaking to my manager earlier about, don’t focus so much on the peanuts, you know, you don’t always have to go so granular – like, think about the engine running.
Adam: Yep. I think what travel being as crazy as it is, is planes are always like top of mind for folks.
Emma: Yes. You mentioned a bit about the cloud applications that you’ve worked on. And you do have a lot of experience there. Specifically, you worked at Better Cloud, you were there for two years, KMS technology; of course, that’s specifically cloud-based software, but all of the roles you’ve had I’m sure had cloud aspects?
Adam: These days, yes.
Emma: Yes exactly. It’s an area which is paramount but somewhat daunting.
What are the key components when tackling testing in the cloud do you think?
Adam: Oh gosh. You know, I think from a tester and a DevOps standpoint, you really have to learn some cloud fundamentals. There’s so much free training out there that there’s really no reason not to. It used to be that when you wanted to run some software testing or run an application, you partner with the infrastructure team, and they made the magic happen, and then ‘boom!’, your application is ready to go. Now, there’s much more of an ownership for the entire team to understand the underlying cloud infrastructure where your application’s running, and how that interacts.
A great example that we can use is Kubernetes or Docker. I’m a big believer that Kubernetes, Docker, containerization, all of these orchestrations of containers, they really can help testers and the way you run your applications; the way you do your browser testing.
“At one of my previous companies we would spin up a container overnight, run all of our application or performance testing on that container, and were able to tear everything down after we got the results. We saved tens of thousands of dollars per month by not having an environment that was continually stood up.“
There really are things you can do in the cloud that will really help and benefit you. So there’s really no excuse as a tester these days to not have at least a fundamental knowledge with so much free training available.
Emma: Definitely. I spoke with Tracy Regan a few months ago. She is the CEO of DeployHub, and she gave our listeners a good kind of 101 on Kubernetes, and that was fascinating; it was that real technical deep dive, but it’s necessary. I mean, knowing that you’re profiting that much, you know you’re saving tens of thousands of dollars. It’s not just small amounts. So if that’s not a good appeal to check that out, then I’m not sure what is.
And yeah, as you say, look at those real cloud fundamentals. There’s a lot of free training out there. I spoke with Sonya Lowrance; she also had experience in the healthcare field. She said that, you know, as you step into the cloud, your responsibility increases. So on all fronts, you want to make sure that your data is collected, and whether it’s the perimeter, user admin, it’s really important to establish responsibilities and accountability as well.
Adam: Yeah, and I think that goes along with [the idea that] pretty much every tester nowadays needs to be a security tester… at least have that kind of fundamental knowledge. And a lot of that is due to the cloud, right? There’s a lot of capabilities that teams now have that potentially they didn’t before, and if you don’t have that good security base it can really damage your company. I mean, we’ve seen all the hacks and stuff that have happened recently, and it’s really damaging to a company’s reputation.
Emma: Certainly it makes people sit up and think again.
Part 1 outro
Emma: It is so refreshing to chat with Adam with his balanced perspective on the human touch, from checking in personally with his teams, to being conscious about the value that being a great leader brings. It’s helpful to hear that taking a risk-based approach has always served Adam well when tackling security and compliance, and he is full of top tips.
Two of them so far: 1) application testers, check out OWASP – that’s O.W.A.S.P – a free online resource featuring best practice for security testing and 2) if you’re testing in the cloud take the time to learn the fundamentals.
Part 2
What are some of the standout achievements for you this year as far as application transformations go?
Adam: So I think for me personally it is really honing in on that security focus. A lot of what we have to do is, being a financial technology company, PCI compliance is a huge thing for us. So for me, I’ve really jumped into PCI from that standpoint, to really truly understand the nuts and bolts there, and that’s really helped me out.
I have really gotten engaged in the MITRE ATT&CK company or process, which really helps to break down the types of ways that hackers and bad actors will exploit applications and cloud infrastructure. And that’s been a real big boon for myself to be able to walk into a room and have an in-depth conversation with, “Hey, this is the way we should be building applications. This is where we should be testing” – with that kind of knowledge of understanding of security. So really I would say that in 2021 for me, security has been the overarching goal toward career growth and personal growth.
Emma: Yes. And from the Tricentis side it’s important; we’re getting security training regularly. Even just simple things like ways to spot phishing emails, because people are finding new routes, you know, names of CEOs, putting that in the subject line; they’re getting pretty clever.
Adam: Yep. Very clever.
Emma: Yep, somewhat savvy.
Are resources like MITRE ATT&CK freely accessible?
Adam: Yes, absolutely. And that’s also the great thing about OWASP. As we mentioned before, it’s free. You can get test plans from them so you don’t have to create a custom test plan. MITRE ATT&CK is free. So there’s a lot of resources out there, and that’s been the big boon of 2021. If we try to look at a positive side of all this nonsense of the past two years, one thing is the explosion of cloud-based and free training. I mean, it’s 2000% greater than what it used to be. And so, because I think people are looking at and wanting to extend their careers, they’re saying, “Hey, I’m sitting at home, maybe I should be paying attention to a meeting, but I’m gonna read this training instead.” So it’s kind of cool in that aspect.
Emma: Yeah, it’s really cool. And you’re not just talking free two-week trials, you can actually get to the end of a course and learn a lot. As you’ve already really hit on, you’re really focused on people, and you obviously nurture people and their growth in their career, going in with a human touch aspect.
You enjoy teaching testers how to find that their inner testing star. Could you dig a little further into how you do that, with some shining examples?
Adam: Yeah, absolutely. I think it’s a lot about building confidence. We work with a lot of testers who intuitively know what they should be doing. And they do a very, very good job, whether it’s chasing something down the rabbit hole or trying to explain the risk or impacts of a bug. But a lot of times, what we see is those skill sets don’t necessarily go hand-in-hand with either communication or the ability to stand in front of a room and explain why this is important.
A lot of what I do is teaching the soft skills such as communication: the ability to reach your audience, to read your audience, and to understand what things are important to them. That’s really a big thing for me.
In terms of a rising star, I’ve got a guy on my team who’s based out of Pune, India who is amazing. He is definitely someone who over the past year I’ve seen really grow in that aspect of being able to really take charge a lot of things. Without him, we would definitely not get near as much done on the team as we have. He’s definitely one of my rock stars right now.
Emma: Oh, that’s incredible. I think training people, as you say, especially if you’re in a field where you’re not able to communicate but you’re really owning a project and relaying that to a lot of the stakeholders in this like leadership — you’ve got a lot of people that aren’t granular in what they’re looking at — to be able to showcase the impact, own it with conviction, and have that reverberate across the company is so important. So it’s really awesome to hear that you’re doing that.
Adam: Yeah. And I would say it’s extra important, especially these days, and that’s probably one of the results of COVID as well, is we’re seeing C-level people say words like DevOps and testing. Whereas before, it’s almost like in that kind of C-level, there wasn’t as much care about it; it was more about like projects and money.
Nowadays, I’ve been sitting in several meetings, and for instance our COO, who’s a wonderful guy who really understands technology really well, brought up, “Hey, what are we doing with DevOps? What are we doing here?”, and was concerned and really welcoming a lot of the work that the teams are doing. I think it gives — and I’ve see this across Anthem, BetterCloud, and other cloud positions — testers and DevOps professionals the ability to highlight the work that they do, much more so than potentially several years ago, when it was kind of a black box for executives in terms of what testers were doing.
Emma: Yes, that’s incredible. Sounds like you really lucked out.
Adam: We have a wonderful leadership team. I love it, it’s great!
Emma: Yeah, if a lot of processes or decisions are made so it’s more that top-down approach, then it’s awesome that leadership have that understanding these things are important because the wave and the impact of that is huge. DevOps is a huge set of practices and principles that can go a long way if it’s understood. And then you’ve got people at the practitioner level who really understand that, so if it’s coming from all tiers of the company, you’re going to gain so much more momentum.
In 10 words or less, what is your best advice for anyone undergoing a digital transformation journey?
Adam: I would say focus on communication and change management. That’s really where I’ve seen most organizations fail, is that they push everything else and not those two items.
Emma: There you go! Nailed it. Change management is a phrase I’d like to hear more of; you hear about change so often, and “are you ready to change?” But actually, having that as something that is understood and managed is awesome.
Adam: Yeah, absolutely. And that’s where I have seen digital transformations fail.
“I’ve seen companies spend tens of millions of dollars on a digital transformation, and it fails 90% of the time, it fails due to lack of change management.“
Because you’re going to go to a team saying, “you’re going to do this completely differently. You’re going to adopt Agile” for instance, and the team says, “Well, why? Why should we?” If you can’t answer that, if you can’t provide reasoning, teams just aren’t going to adopt it. They’re gonna dig their heels in until it fails, because they’ve seen it come and go before. If you don’t have that [change management] it’s a total failure.
Emma: Yeah, it’s paramount.
If you could change one thing about the application development world, what would it be?
Adam: I’m going to start with education. Our education system does a very poor job of teaching application developers about testing in security, right? The projects they have to do, all the way through high school to college graduation, are focused around delivering working software, not delivering good software. So as soon as a lot of developers get into real world jobs, they’re like, “Hey, how come my stuff keeps getting rejected?” Well, it’s because you’re putting clear text passwords in your code and that’s a big no-no.
Focus on [the fact that] developers need to learn testing, and they need to learn security. And that’s where I’ve seen developers succeed, where they take time on their own, and they’re learning those skills.
Emma: Yeah. I like that you’re talking right from the start, the hiring pipeline, the education. We’ve all ended up in these jobs because of that, whether it’s self-taught or otherwise. So to take a real close inspection of that and have a more robust curriculum is going to be a lot better in terms of the security, which is going to mean more robust software in the end.
Part 2 outro
Emma: Super to hear Adam talk through his highlights of 2021 which have elevated success in finance, such as getting to grips with Payment Card Industry Compliance. Adam really exemplifies going above and beyond by teaching his team how to best communicate and by celebrating their achievements! It’s encouraging to know that DevOps is now a key part of the conversation for the top tier staff at Global Payments, with their buy-in paves the way for success stories such as Adam and his team’s.
Check out the latest podcast episodes for more insights from thought leaders like Adam.