DevOps Transformations for QA Teams: A Slack Takeover with Stacy Kirk

Thought leaders throughout the software community are taking over the TechWell Hub for a day to introduce themselves, answer questions, and engage in conversations.

Stacy Kirk is the founder of QualityWorks Consulting Group LLC and nodeqa.io. Stacy and her team champion quality and process innovation in software development to help accelerate delivery. She is presenting the keynote QADevSecOps: Leading a Quality-Driven DevOps Transformation at STARWEST in October.

@Stacy Kirk presided over our most recent Slack takeover, which led to some insightful discussions.

Improving Agile Teams

“Your company does Agile Test assessments, right? What are findings that you see consistently across companies?” —@cbird

Kirk said no matter what team she assesses, there is always room for improvement.

She has seen some consistent areas for improvement: 

• Teams are understaffed
• There is normally no clear automation strategic direction
• Testers are not included early enough in the process
• There is a technical gap in the knowledge required to build a strong test automation program
• Management want to buy tools to fix it all

Implementing DevOps Practices

“Can you share your experience with DevOps and Technology Stack overall your team working with? Especially I am interested in environment setup, when do you run regression suite? (Nights only or continuously) How you implement best DevOps practices within QA team?” —@Leo

Kirk said they run regression as often as possible.

“The maturity of the test environment plays a factor in how often it can be run,” she said. “Rarely does it run continuously, but more importantly it runs when new changes are deployed. That could be every hour or every week. Most organizations are slowed more by environment than manual testing.”

As far as the QA team adopting DevOps practices, she gave some highlights: 

• Tools: You have to leverage automation to speed up the manual testing effort and involve more that the test team in the development and usage
• Process: Testers have to identify their role beyond just executing tests; they have to improve the quality of the DevOps process
• Don't underestimate building a culture of learning and experimentation. Ask QA to build their muscle memory by learning one new thing and adding one experiment to each sprint

Adding More Security Testing

“How do we sell developers and testers on more security testing? When I say ‘Security testing needs to be part of story acceptance.’ I often get the answer ‘That is for the security team (which means after code is released) and/or we use WhiteSource.’ Security testing can be so much more. It feels like the same old problem, no one cares about security until something bad happens.” —@Nicole Horner

Kirk recommends starting small, so you can sneak it in. She said the definition of done is a great place to add security criteria because the team is more likely to accept it if you can show that it has very little impact to the schedule. You could add a quick automated security test or a scan that can be run during the sprint.

To watch Stacy Kirk’s keynote and other sessions live or on demand, register for the free STARWEST Virtual Conference.