When I attended STARWEST in Anaheim in October 2016, I had the opportunity to sit down for an interview with Jennifer Bonine, VP, Global Delivery and Solutions at tap|QA LLC. In the interview, Jennifer and I discussed how to integrate test automation with DevOps to create a continuous testing environment.

Jennifer Bonine: Hello, and welcome to the STARWEST virtual interviews for 2016. I’m excited to have Tom with me from Coveros. Tom, thanks for joining us.

Tom Stiehm: Thanks for inviting me.

Bonine: You’re the inaugural interview for those folks out there watching in virtual land. You’re the first person I get to hear from. Give us a summary for them so they get a feel. Your first time to this conference?

Stiehm: Yes, my first time to this conference.

Bonine: Perfect. Your take so far on how it’s been going, what you’re hearing, a vibe from the delegates, the folks here in Anaheim?

Stiehm: There’s a lot of great energy, the first two keynotes were great. One was about career development, the other one was technical in nature and how QA is changing to include things like chaos engineering. They’ve been really good.

Bonine: From your standpoint, I know you have a talk tomorrow.

Stiehm: Tonight.

Bonine: Tonight. What is that topic for you?

Stiehm: We’re going to be talking about how you include test automation in projects for embedded systems and Internet of Things systems.

Bonine: Some of the organizations you’ve worked with—so maybe for folks out there just getting into embedded systems and IoT, could you talk a little bit about what some of the types of projects you’ve been doing, so they understand what that looks like? I know there are a lot of companies out there that are still saying, “Gosh, we’re just going to mobile. We’re just thinking about going from web-based systems to mobile systems. Now you’re talking about embedded, and sensors and technology that connects out to the world.”

Stiehm: A lot of the projects I’ve dealt with have to do with infrastructure and medical devices like HVAC systems, industrial HVAC systems and what we’re adding into them rather than just being embedded systems but also the ability to access them through the internet. That’s what makes them into internet of things devices. Medical devices are embedded systems that are created to help people with whatever medical issues they have.

Bonine: Have you seen, I’m curious, because I know there’s a company out there that for example, for those that haven’t heard this yet, how cool this can be, that is doing basically for diabetics who normally would prick their fingers for insulin to check their blood sugar levels. Basically they have a patch now, where you wear a sensor, a patch on your body which would sense blood sugar levels at a continual pace, track it, and then send that information down to a mobile device where you could get information on what action you need to take, would alert them to things. Potentially if they were open and allowed access to their doctors even, so they can get real time records of how to monitor treatment, change course of action, those types of things.

Stiehm: I have seen those, I haven’t worked on a project like that. One of the interesting things is that also allows parents who have children who have diabetes to monitor their children’s blood sugar level, which is really dangerous because the kids don’t have the same awareness adults have. It helps give them a peace of mind that their kids are healthy and within the levels they need to be within.

Bonine: That’s a great application of it. As you said, with younger people, the idea of them having to interject and prick themselves is traumatic in and of itself, but if we can take that away and manage it more proactively. Like you said, the parents have some awareness of how to help their children be successful with managing their condition. That’s amazing.

Stiehm: Yes it is, it really is. It’s changing the way that people act and the way they behave in the world. Bringing us closer together by the use of technology.

Bonine: There’s something that comes into play with that, so if you think about that, that’s a fairly benign use, data around your blood sugar level, not international secrets or something that someone wants. There’s also companies out there that I’ve heard of that for example, with implanted devices, a pacemaker or something where doctors could potentially have access to alter the pacemaker’s cardiac rhythm, or restart it, do what they need to keep people alive who are in very serious conditions. Now you’re talking about someone’s heart as opposed to just monitoring blood sugar. That gets into … If I can access that through a portal or a website or the Internet, who else can access that?

Stiehm: Security becomes really important. One of the customers we work with actually had a heart pump that was put into people and would help them stay alive while they needed some intervention with their heart. The initial way that they handled that was it had no internet access, no network access at all. Now they’re starting to see it would be beneficial to have some internet access so that they could have their people in the help desk have quicker access to what’s going on so if there’s a problem they can react quicker. One of the big concerns becomes security and locking that down and preventing people from misusing that or just getting into in, not knowing what it is and doing something that could harm the patient.

Bonine: That’s where people have to be very aware in the testing realm, the development realm, everyone about what can you connect to and what has access into your systems and then who has access to that data and then who owns that data and is managing the security of it. I know Coveros does some work on the security side, so is there some good resources or things you would encourage people out there who are delving into this world, where they can go find information on how to think about securing those systems in this new space?

Stiehm: One of the first places we always stop at is OWASP, it’s the Open Web Application Security Project. There’s a lot of good information about how to secure your web applications or just your web services or your hardware, your devices that you’re using and just start to think about security.

Bonine: Getting you started in that, what do I think about?

Stiehm: OWASP.org would be a great place to start.

Bonine: A good place for folks that are starting to get into this realm, and thinking about, how do I think about security? And I think that’s one of the interesting things—I would love your take on it, but with going towards agile, going towards Internet of Things, embedded devices, the world of the tester is changing. There are new things we have to be very aware of, even if we’re not experts in them, but at least having an awareness of, and security’s a good one.

Stiehm: It’s a great example.

Bonine: We’ve got to get some awareness and have some basic knowledge of what do you need to think about raising risk to potential stakeholders or that what the security risks are. You don’t have to be a security tester or expert, but know what the potential risks are and raise those up. Any other areas that you think testers should be aware of based on experience Coveros has had working with companies, or …

Stiehm: One of the things that we’ve seen is particularly at the adoptions of agile and DevOps is the focus on test automation and automated quality assurance checks. One of the things that you do particularly with security is there’s a lot of good security quality assurance tools that you could make part of your automated build pipeline that you could then get value out of and see, “Is our software open to security vulnerabilities? Where are those? What are some suggested remediations to closing it down?” Part of that whole new process of trying to automate testing and security checks and getting tools that were built by experts and getting that feedback without having to do any extra testing work or learning security. You’re starting to learn that just by using the tools.

Bonine: Just by using the tools and knowing how to understand and read the reporting that comes out of that remediated. For folks that haven’t delved into that automation piece or are just looking at it with embedded systems, because I know you talk is on automation with embedded systems and IOT, again resources that they can go to get some information on that to get started and learn a little more about that.

Stiehm: With the automation we look at, there’s a lot of websites that talk about automation and how to start building pipelines, like InfoQ and things like that. The best way is to just start going to conferences, start reading websites that talk about automation and how to build those and then looking at the marriage of software and hardware, which is what IoT embedded devices are, really requires you to look at testing a little bit differently because you’re not just testing the software, you have to test the software, and the hardware, and then you have to test them together, the system as a whole.

Bonine: Systems inside systems.

Stiehm: Yes, you’re almost always creating at least three test plans, one for the software, one for the hardware, and then one for the whole system and thinking of it in that way.

Bonine: The folks obviously won’t get to see your session tomorrow, but maybe just some highlights of tips or tricks or things that you’re talking about to people around that space and a few takeaways for tomorrow or today.

Stiehm: Some of the big takeaways are understand your process. What you have to go from to build your software and your hardware, map that out, map out where you need to test and what you need to test, understand what’s important for you to test, how your embedded device or your IOT device is going to be used, and what the potential risks might be. Plan on, do your regular software, hardware and system planning with those things in mind.

Bonine: How do you see along those lines then, on testers when we’re now talking about those embedded systems and testing the hardware and the software. Have you seen anything in terms of … It used to be tester had a lab, and they had different devices in their lab and they could test on those devices. Now you’re talking about connecting a lot of different things together. Have you seen any talk of or mention of people renting out homes to do their testing in where it’s testing in the wild so to speak or out in the natural environment for where these things will occur?

Stiehm: We’ve seen some of that occur. So, one of the projects I worked on was an embedded device that firemen would wear, and one of the things we did to test it, is that firemen routinely burn down houses to learn how to deal with that. It’s an amazing thing.

Bonine: They do sample fires.

Stiehm: Part of the test was we created the prototype devices, put it on the firemen, and when they were doing their practice burn, they would wear those to see how the equipment would work in the real world.

Bonine: Which is great. We’re getting close to the end, I know the time goes so fast and I probably didn’t touch on some of the things that people out there are wondering or want to delve into with you. What is the best way for someone out there to be able to get more information to ask you some of the questions I didn’t.

Stiehm: Yes, I’m on Twitter @thomasstiehm and the Coveros website, www.coveros.com.