Another month, another stellar guest for our Testing the Limits series. This time, we shoot some questions back-and-forth with testing expert Jim Sivak. Jim has been in the computer technology field for over 35 years, including a recent four-year stint as the Senior QA Manager at McAfee. His career as a tester began with the Space Shuttle and over the years has encompassed warehouse systems, cyclotrons, radars, operating systems and now security software. He is a Senior member of the ASQ and is certified as a Software Quality Engineer (CSQE).
In part one of our interview, we get his thoughts on the dangers of ignoring security testing; the false sense of security in mobile apps and devices; the evolution of malware; managing QA expectations; the meaning of SWAG and much more. Be sure to check back tomorrow for Part II.
uTest: We noticed that you recently joined Unidesk after four years at McAfee. First off, what does Unidesk specialize in? And what are you looking forward to most in this new role?
JS: Unidesk is in the Virtual Desktop space. Our product allows companies to utilize virtual desktops that truly have the look, feel and capability of a hardware desktop. Due to our technology, desktop personalizations are easily managed. Virtual Desktops can become the IT department’s best friend in that changes and patches only have to be rolled out to one system, which then gets replicated automatically to every associated desktop.
Because Unidesk is a startup, I have the opportunity to really define the QA processes and goals, determining both the tactical and strategic visions. Being able to drive this work, using new techniques and past experience is really what brings me to my desk every day.
uTest: Your time at McAfee must have given you great insight into the web’s dark underbelly (i.e. security threats). Looking back over the last few years, what’s surprised you the most about the way businesses and consumers deal with security measures?
JS: Great question, Mike. The biggest surprise is the whole ostrich “head in the sand” attitude that exists. The tools and techniques are there, the information is readily available, but security still takes a lower priority until an incident happens. Just look at the breaches that appear on an almost daily basis. In the home, how many emails do people open and respond to that say ‘you have a credit card application ready for you”?
uTest: It seems safe to assume that users are more aware of threats on the web, as opposed to mobile? In your view, how does the explosion of mobile apps, social media and third-party integrations affect security?
JS: It is the sheer volume of opportunity for security lapses and breaches with these new avenues that is really frightening. Just look at the incidents that have happened because someone sent a malicious link to their networked friends unbeknownst to them. Or applications that contain malware that just get downloaded and incorporated on these devices. People just assume that their phone is secure or that their tablet is unhackable. Again, software providers need to take security seriously and not wait until a major incident happens. It all comes down to the fact the users are human and we take a lot for granted.
uTest: Which evolves faster: security threats (viruses, malware, etc.) or the technology used to combat them? Why is this the case and what are the implications for end-users going forward?
JS: Unfortunately, I think that malware is winning. Although there is research in trying to get ahead of the bad guys, most technology is reactive—the threat exists first and a solution/detection comes after.
uTest: This might seem like a job interview question, but what were some of the biggest testing challenges you faced at McAfee and how were you able to overcome them?