I’ve been a junior tester for around 7-8 months now. Not very long in the grand scheme of things, however, I’ve been onsite nearly once a month on average and I’ve been meaning to write about the little things that new folk might find useful to make their first few onsite tests more comfortable.
If you are considering a role as a tester, and don’t think you’ll be doing onsite work, think again. You cannot avoid it, so work it into your career plan and either get used to the idea or stop and turn around while you still have options. For anyone else, this isn’t about reading up the man pages of 20 odd different tools the night before, so don’t worry.
Organise your travel arrangements well in advance and plan for any delays. This is my weakest area for sure because i drive everywhere, however, sometimes it’s just not practical to drive to a client site. You’ll need to get a train at times. Use apps on your phone to keep track of trains, buses or flights. If you need to write anything down then so be it. Do what you need to do to get there on time. Punctuality is really important.
Dress to impress, but be comfortable.
Anytime you go onsite, you represent the company. You are providing a service for the client and you are the face of the company on each day. Dress well for your surroundings and make sure you wear comfortable clothing. Don’t rock up to your first job wearing brand new shoes. Break them in first. Do not, and I sincerely advise you not go wearing new shirts out of the packet either. Wash them first. They itch like crazy and go funny when you sweat. I personally wear a suit and shirt on the first day, and assess the surroundings thereafter. However, usually I just wear the suit everyday, unless they advise to dress down. One client got so annoyed with my suit wearing they pleaded with me to dress down the next day. I just dropped the suit jacket. A compromise.
Also, it may be second nature to most, but smell nice at least 🙂
If you require repeat medication, for god sake take it with you. Don’t try to show off by leaving it at home. You’re no good to anyone if you become ill. Also, take painkillers. It’s really worth taking a small pack of tissues too, especially in the winter when you come in from the cold and you are sniffing your head off in a quiet office. Take yourself away for a second to sort yourself out. Worth noting to take a very small collection of sticky plasters too. I randomly cut my finger on my bag zip once and it bled for hours.
Stay hydrated, take snacks
It may not be suitable to break out a pack lunch at the desk you are working on or rock up with a 2ltr flask of coffee, but you can have a bottle of water in your bag and some sweets to keep you going. Mints are always a bonus. You need to eat so don’t smash your way through lunch like a trooper. Take a lunch break.
Client confidentiality is extremely important. If you must prepare your Kali box on the train, do not use any naming conventions that would give a shoulder surfer an idea of where you’re going. Keep file names and the like to a bare minimum like a unique ID that may be associated with the job you are doing. It’s too common to blast out the laptop on public transport, and you’re finishing up writing up how you found big vulns for X company, while a would be skid is hanging over your seat. If you are talking with a colleague, make reference to the client as anything other than the name.
Organise your kit
Walk through the test in your head. You already know what you might need so go through it the night before. Download all the tools you need, the word lists you need to make etc. Prep for the test you are doing. You may not get access to the internet on the day or have signal to tether your phone from, so be prepared. Take spare network cables of different sizes too. I’ve come up against that a few times. Don’t always assume you’ll be sitting at a nice clean desk with a network port near you. Test the tools work too.
Make sure :
- Chargers work for laptop and phones.
- Charge your laptop the night before
- Have USB sticks, if needed, at least 16Gb
- Take a pen and pad to doodle or scribble notes
- Don’t forget work ID badge in case client asks to see it
You’re on client time when onsite. If you work 7-8 hours a day for your employer, it’s reasonable to expect you’ll do the same for the client. Play it by ear, but don’t disappear 2 hours early and hope that no one notices. Everyone knows and you’ll only make a bad impression. If you have something to work on, ask if it’s reasonable to keep them behind. If their body language suggests that you’re overstaying your welcome on that day, then work your exit plan into the conversation. Clients aren’t ogres, so talk to them.
There is a lot to take in, and it’s likely you won’t be sent on your first test on your own, however, you can take great steps to being ready so that the senior tester doesn’t have to keep you right every two minutes. The technical preparation will develop over time. The more onsite tests you do, the more prepared you become for the tests you are doing. Everyone is different, so allow yourself to develop at your own pace and in your own style.
If you arrive, smart, clean, calm and ready, you’re off to a good start. If you’re a slobbering mess with cables hanging out your bag, and you spend 30 mins finding things when you get there, then you’re wasting the clients time.
It’s mostly common sense, however, I was really hung up with how I was going to perform on the day and let slip a few things that I wish I had prepared for. Hindsight is a pain as we all know, but preparation is key to making sure that the test goes as well for you as it does for the client.