Host #TanyaJanca learns what it's like to be a Infrastructure Test Engineer, with Annie Hedgpeth! Through configuration management, provisioning infrastructure as code, integration testing and compliance automation through Hashicorp, and CI/CD, Annie’s aim is always to make the right thing to do the easy thing to do https://twitter.com/anniehedgie
Thank you to our sponsor Thread Fix!
Buy Tanya's new book on #ApplicationSecurity: Alice and Bob learn Application Security.
Don’t forget to check out #WeHackPurple Academy’s NEW courses, #AppSec Foundations taught by Tanya Janca! https://academy.wehackpurple.com/
Join our Cyber Security community: https://community.wehackpurple.com/
A fun and safe place to learn and share your knowledge with other professionals in the field.
[Music] [Music] welcome to the we hack purple podcast where each week we meet a different person from the information security industry to learn about their jobs and their career and how they got to they got to where they are today i am tanya janka i am your host and i am from we hack purple and this week we have annie hedgepath and she's going to tell us what it's like to be a test infrastructure engineer which is super cool i know that we've concentrated a lot on instant response and executives and startups and apsec because obviously that's my favorite topic so i'm excited to talk about infrastructure because that's actually an area where i'm super weak this episode is sponsored by threat fix which is powered by denim group but i know what you're all thinking just bring out annie okay okay hi annie welcome to the show oh i think you're on mute oh there you are okay oh don't worry hi welcome it's really great to be here tanya thank you for having me thank you so much for coming i i was pretty excited when you said yes because someone highly recommended you but also i'm like oh i want to learn all the things whenever there's a technology i don't know about i'm like oh i'm going to find someone smart and then you know see if i can invite them on my podcast that is a great way to do it we'll see what we can do the strategy has been going really well um would you mind introducing yourself and you know telling us what your online handle is so if people want to follow you and maybe your job title yeah sure so i'm annie hedgepeth um you can follow me at annie hedgie so a-n-n-i-e-h-e-d-g-i-e um and my website is annie hedgie.com and i blog about problems that i solve and when whenever i fix the problem i usually blog about it because i get excited about it my title is test infrastructure engineer at hashicorp for the terraform enterprise team that's so cool [Laughter] um i do not know terraform very well i actually am more familiar with vault which is like a different product that they do that happens to be super cool although i am well aware terraform is also cool and it's very cool so the terrapin oh i'm sorry oh no no no you go you go i was gonna tell you okay so like terraform enterprise might not mean anything to some of your listeners so i'll just explain that real fast if you want me to um okay so terraform is an infrastructure's code tool so you you want to provision your entire environment so you write it out in code that's what terraform is and terraform enterprise is um a way for people to uh or wait for companies to manage all of that code so you can store it all in one place you can um uh deploy it all from one place and then all of your all of the stuff that goes along with that it's all in one server and so um are all in one environment rather and so um so all of your state files your variables everything is all deployed from one from one single environment um and so it makes it easier to to use this tool terraform if you have tear from enterprise cool can we okay so i'm gonna get totally off topic can we briefly discuss why infrastructure's code is ridiculously awesome i mean i honestly think it has changed technology like fundamentally we're able to do things so much faster now because somebody's not manually doing something and if and if somebody goes in and manually changes something the infrastructure as code is is running all the time so it fixes it it's like no no you didn't code that so let's go and and uh undo what this person did manually and make sure that it's all codified i think it's infrastructure as code's also super cool because like one you can check it into your code repository which means versioning which means history and auditing and logging someone supposed yeah like someone logging in and being like oh i'm just going to undo this and check that and back in the day people used to use the same account so be like did god do that did alice do that did bob do that i bet it was tanya and you know you have no idea who the bad actors are somebody's disgruntled whatever yeah definitely so if everything is is version everything's in code um then not only does it like simplify things you know because you can see what you're deploying but also it makes things so much safer especially if you're applying um codified audits at the end of all of your provisioning and things so that you can um keep everything so you can keep all the teams happy you know you can keep the um the devs happy because they know what to expect in their environment you can keep the infrastructure people happy because um they can reproduce things super quickly and change things um you know with code and then compliance and security people can codify all of their audits or their security um constraints and whatnot yeah and uh and then also like everybody knows about those audits ahead of time they're not like surprised in the end so yeah infrastructure's code is i really think like um we would not be where we are in technology today we wouldn't have the advancements today without that so that's part of it yeah and we can do security as code and like add all the policies in like you said but then we can also scan it to see if something's missing right and then also like when you would put you know a virtual machine in a ci cd pipeline and you're like okay i'm going to go and scan that it's like okay well i'll go get a coffee and have lunch and do all these other things but with infrastructure as code you're like boom yeah like five seconds later it's like did you know these things are wrong and it's just it's so much faster and also okay so just i love it so i'm just really excited yeah i do too please but also then then you can have per perfect replicas right so imagine before like i i don't know if you've had this annie because i like i feel like potentially i'm older than you or maybe i've had crappier jobs than you but i remember having to stay late as a dev and be pressing next and then going to the next cubicle pressing next going to the next cubicle resting next and like a bunch of us walking around floors like pressing next and like as if you're paying me as a software dev to press the next button and then go sit my bum in the next seat yeah yeah my team would have races like physical races like we'd be like how many can you do we'd like run from floor to floor and just be ridiculous but well it's monitors code eliminates all of that yeah it's funny because um so like i'm new-ish to technology i've only been in in technology for five years but i'm i'm old like i i didn't get into it until my late 30s and so um like i i had a different career first a couple of different careers first and then i stayed at home with kids and then i got into technology and so like i joke that like i'm devops native or like cloud native myself because i never did experience all of that and so it's funny because whenever i see people um you know how there is pretty common for for people that have been in the industry for a really long time to sometimes fall back onto their bad habits but i never had those bad habits and so like i'm definitely not perfect because i have so much to learn but i do see those things as bad habits sometimes because i did start sort of cloud native and devops native and whatnot and so um it's funny because i can like point it out and be like wait that's not the way we do things now oh my gosh i feel like that's an awesome time to start in technology because quite frankly devops and cloud are just the most exciting crap like it's just the most exciting stuff that i've seen in a really long time in technology like personally i'm like why did we not develop software this way the whole time yeah yeah and also i love building pipelines and then smashing things with them yeah it's fun okay so green check marks too and pipelines let's not underestimate the green check mark right oh no i love it oh my gosh yes okay okay so now that all of our audience is like i understand what infrastructure's code is i kind of get an idea can you tell us what your job is like yeah so um before i came to hashicorp i worked at an azure consultancy doing um all the sort of devops and sre things for different customers and so i've built a lot of skills in cloud architecture in infrastructures code cicd configuration management all that sort of thing and then um i saw this job i had been wanting to work at hashicorp for so long and i saw this job for a test infrastructure engineer for the terraform enterprise team and um and i thought oh my gosh that is the like perfect way to get my foot in the door at hashicorp because i can leverage all my own skills that i've been using for the past four years and then um because at the time i had been only been working about four and a half years at it um and then i can uh like bring value immediately on this team of software engineers and i wasn't a software engineer yet you know um but i can immediately bring value with all of these skills because they need to be able to test their um their product on a myriad of different um environments because um there's so many different sort of scenarios that you can um set up your your environment to to accommodate for and so um so yeah like we have to we have to build all these different environments to to accommodate for all these different scenarios in order to test airform enterprise onto and so um uh i don't remember the question interoperability that's what you're doing you're making sure it works on every platform with every programming language and all of the different infrastructure and i was like i have to type it out to make sure i say it perfectly because it's a weird word um so the question was like tell us about your job and i feel like you're doing a really good job of telling us about your job yeah so i so now i we have this this whole um uh roadmap of how to build out all these pipelines so that we can test it in all these different ways um and bringing quality and all this to terraform enterprise and um so yeah i just kind of plug away each day at building those pipelines and it's a lot of fun i have to say if i you know stop running my own company and stop doing all the startup stuff that if i became like a dev again or probably more likely a devsecops engineer that i would definitely only be willing to work at a place that does devops like just i'm sorry i'm not willing to water fail with you anymore yeah yeah yeah yeah no for sure hashtag is a great place to work at also because um well coming from a product i'm sorry coming from a services company to a product company it's really fun to um like see the vision of where you want to take the product and be a part of that as opposed to like i was the practitioner before and i loved the product um and now i get to like work on the product that i loved so much and so that's really exciting it's very meta too right like it's it's idea like just to be able to go inside the thing that you've liked so much and be able to positively influence it's like so awesome yeah absolutely so what is a day like in the life of annie or wait i mean a touched infrastructure engineer well those so those are uh it's funny because like test infrastructure engineer is only part of annie so um i basically once we do all okay so let me start over okay i talked about um the difference between a services company and the product company and what i really like is is being able to sort of breathe and think about the plan for a little while at a services company um i grew so quickly and i learned a ton but you never got to really breathe you know unless you're on the bench and then if you're on the bench that's a bad thing right and so um you know depending on how long yeah um just because you're not being utilized and everything comes down to the utilization hours blah blah blah yeah so it's intense yes absolutely so being at a product company we get to kind of like think about the the out the outlook of the product you know the um like how are we going to make this better it's not always putting out fires sometimes it is if there's like a an incident or whatever but um and they need to pull in people from the team and they you know solve it and whatnot but um but mostly it's like how do we make this better long term and um and so some of it is planning some of it is researching and then a lot of it is implementation and so um like we just got out of a planning phase and now we're just implementing so day in and day out we just take a task off of the off of the board um the other thing about it about um the way that hashicorp works is that we do um an rfc process and so um like any time you make a change that affects anybody outside of your team basically or any any part of the product or any product outside of your team um then you write up a proposal and you have everybody review it so the entire company basically can read it or at least all of engineering can read it you know well and depending on on the scope of your change you know okay and um and you know you might just think that you're writing a proposal to make a change to this little part of terraform enterprise but somebody let's say in nomad might have an idea oh hi anna um somebody might have an idea um you know out of something that they did in nomad or in console or something and they're like hey did you think about this and so it's just really awesome to get that broad um company-wide perspective um or and um um input on all of your changes so it's really cool that's actually super cool i've never heard of a company doing that but that's a great idea i mean we do that at we hack purple but there's five of us so we are trying to make it be six of us though just to be clear oh by the way we're hiring for a sales person we want a fri i forgot to tell everyone so we had purple is hiring a recent canadian grad who has studied sales or business to come do sales with us so if you're interested please email us at info wehackpurple.com yes i totally did the thing my marketing team asked me to do good job tanya good job i also want to say hi to everyone in the chat hi everyone thank you hi everyone thank you yeah yeah so your day sounds awesome is there a lot of meetings because this is a question we always get i hate meetings so much um like really because you have to contact switch so much um thankfully i do not have a lot of meetings i um i do try to my team is just really cool about being understanding about trying to not have like um the swiss cheese schedule you know where you have just a bunch of little holes but nothing really concrete to be able to focus and do like thought work you know um so yeah i every now and then like mondays are our heavy meeting day but for the most part not really i really don't like meetings though you know what's worse than meetings hundreds of emails yeah meetings that could have been an email yeah yeah yeah hi to professor black ops thank you for coming i feel like um a lot of people finding out there's not that very many meetings and also you get to influence cool things and also you get to automate stuff like there's going to be a lot of people asking if there's positions to do oh my god work yeah yeah i mean meetings aren't bad it's just that i like that's they hired me to do like to build things yeah to get to build things i'm not saying that meetings aren't work because you know some other other types of physicians have to be able to talk to other people to figure things out um i don't that much i have to like i need hands on keyboard you know what i mean so i totally do know what you mean i remember when i was a dev and i was like i have one meeting a week why would i need two and i just like had one generally one or once in a while i would talk to clients but it would usually just be like they send an email i'm like hey let's just talk on the phone okay i got it bye and i just happily dev away yeah yeah i will say we have one meeting on tuesday wednesday and thursday called the water cooler and since we're a totally remote company just my team um we meet for 30 minutes um tuesday wednesday thursday just chat and that's really nice i i don't mind that meeting at all that's kind of my favorite meeting yeah that actually sounds pretty important to have social time yeah [Music] it's so awesome that so many people are showing up i know hi okay so i have more serious questions of course so what types of personality traits or maybe aptitudes or talents would someone need to be good at what you're doing yeah it's funny you ask that because before i got into technology my husband would always tell me like you ha he would try to get me into technology and i thought he was crazy um because i just i was an art major like my emphasis was film and video and um i didn't even know what a terminal was like i didn't know how what to do on it like when you open it what do you do you know like i knew nothing um and but he was said you like problem solving you know like you you get super laser focused on an issue and you just go to town and you don't quit until it's finished and um and so i'm like yeah but but still i don't know the thing you know i don't know how to do it um but he was right like you you just need a like laser focus on things i think which is a pro and a con i'll admit but i think you also need um really good troubleshooting skills um which i feel like i developed just because i'm able to focus and because i like fixing my own things um like things are broken around the house or something i like to fix it or you know things like that um and the trouble shooting skills are also like good it's almost like rubber duck um programming like um if some of your listeners are not familiar with that yeah it's just you pretend that there's a rubber duck on your desk and before you ask for help you tell your entire problem to that rubber duck and then usually you end up solving it i don't know how many times i've written out a really verbose slack message to one of my team members and i solved my problem like by typing it all out yeah um so that's really important like being able to um bullet out the problem so that you can solve it and then knowing like where to search for the answers um and then um empathy i feel like that's a generic answer right nowadays but it's not like it's so important being able to um empathize with your teammates with other teams with your customers um making people's lives easier is kind of like what i want to do and i think that my job my specific job also requires like a fierce dedication to doing what's right overall like the right way of doing things like no shortcuts and no um i don't know just yeah exactly user just has to click this and rub their belly but also then pat their head at the same time and then it'll work yeah exactly no like you have to do it meticulously correct you know um so yeah i think that those are sort of the personality traits that my husband saw in me before i i started in tech and he really was right like those are extremely transferable to to a a tech career yeah are you one of those people where you're like working on a problem you're working on a problem then you go you're like i have an idea and then you do it and you fix it and you're like this is the best satisfaction oh my gosh yeah but the opposite is true too like whenever i can't solve it then i'm just a grump to everyone yeah and like it's really hard to like get off at the end of the day i really have no choice a lot of people say um whenever they work remotely like oh it's so hard to like step away from your office or whatever i have three kids and so like i don't have the luxury of like um try like staying on my computer until 10 p.m because like i have kids to feed and whatnot yeah literally crawl on you right yeah so like i have to step away at a certain time and and go like do life or whatever but um um i don't remember what i was going to say about that oh that yes but that is the other the other side of the problem like um i am super like euphoric when i solve a problem but i'm super grumpy if like i if i have to step away from it and it's unsolved oh it's weird unsatisfying yeah have you ever dreamed and code or dreamed the answer to a problem that you've been struggling over no not really but i have like um thought about it as i've gone to sleep and like i'll think of a solution and like i'll email it to myself real fast so that i don't forget yes i love it i love it that's awesome okay i i am gonna thank our sponsor and make a small announcement so we hack purple is sponsoring the vancouver international privacy and security summit which is virtual from may 7th to may 5th and i am also a keynote speaker yes um so that's awesome and again that's the vancouver international privacy and security summit from reboot um and we'll try to share a link and also i'd like to thank our sponsor threadfix powered by denim group the most stupendous vulnerability management system this side of the galaxy and we are currently booking sponsors for uh september i think october now yeah because we have so many and that's wonderful and we are so grateful to all of our different sponsors especially thread fix thank you thank you and i want to make another small announcement that we also have the diversity scholarship for we hack purple and you should go onto academy.wehackpurple to apply for it if you are someone from an underrepresented group i want to tell you that we have so many sponsors for it that we now we're giving away 18 in a row one per week and thread fix and 10 security and we had a new one today bridge crew and also salvo cloud are all sponsors for us to help people from underrepresented groups join information security and learn how to be an application security engineer so i just wanted to thank all of our sponsors at the same time because all of that is awesome sauce but now i want to get back to annie annie i have more questions um um so what types of technical skills do you think someone needs to do a job like yours sounds like they need a lot yeah i so i don't want to overwhelm people with the list because it can be overwhelming but i learned i'm going to i'll tell you how i learned it and then i'll kind of build it so because i didn't know anything i um i found this tool called inspec my husband found this tool called inspect he was using it at his company and it was new at the time and i'm not saying learn this tool i'm just i'm just going to tell you the pattern of how i did it um but it was it was a ruby framework that that um was supposed to be human readable human writable geared toward security and compliance professionals who were not typically developers and so you could write these controls in um you know human readable language and whatnot and um and be able to run them and so he was like look this is a new tool and it's really cool we want to use it at my company but there's not a lot of documentation on it why don't you learn this write a bunch of documentation about it tell people how to use it and then if it ends up being like super complicated and not really um accessible like they claim to then say that you know like whatever but but just try to learn and see if you do it and um it turned out that like their claims were right like it really was pretty easy to learn and i knew nothing like i told you i had never even opened a terminal before and i learned this tool um and so this was like me at the beginning of like before i started my tech career just learning how to do things at home um you know up until midnight just kind of plugging away and writing these blog posts about how to use it so like literally if you google inspect you'll probably find my name because i wrote so many tutorials about it and i like gave them all this free advertising but um but it benefited me because um i learned you know and and i um it gave me a way of also what i like to call inverted learning where actually i think i got that term from somebody else um but it's really useful like i learned inspect which looks into your system to see if things exist or not and i didn't know what those things were at first but then like um i i wrote this inspect profile based on like cis benchmarks which say like your system needs to look exactly like this if you want to be compliant to cis and so which is the center for internet security is that right yeah yeah yeah um and so i wrote all the the pro like i don't remember i just took one of the benchmarks or one you know book of the benchmarks and um and i wrote all the audits and then um and then i learned how to remediate all of the failures with chef and so that was kind of like i was learning from the outside in you know what i mean and like i didn't know what these things were but i learned it as i went and i learned chef i saw i learned configuration management by remediating failures you know and then from chef um you have to learn infrastructure generally you know what i mean so like i learned how to provision a vm in azure and um and then it just kind of got bigger and bigger you know what i mean so audits chef uh um configuration management then infrastructure is code and azure architecture and um and so within all of those skills like if i was just writing a bulleted like resume list or whatever i'd say um like from what that led to in my current position was being able to bullet out um ci cd um linux is pretty important for my job not so much windows but windows was for my last job um all the three major clouds um basic architecture skills within those clouds um obviously command line so hcl like being able to write terraform at least um but packer is a plus packer is the the tool that you you create images with um um what else and then just being able to pick up on some like go and ruby so like inspect was written in ruby and so i was able to and chef and so like any time you have to do anything custom like any sort of custom resources and stuff you have to touch go in ruby or not go you have to touch ruby and anytime you need to do anything custom with um or if you have to look into the code then you have to know go for uh terraform and any sort of hcl so um so yeah but like to to make it less intimidating it all builds on itself you know so like find something that you can build from and it comes a lot easier especially if you're like doing it day in and day out and creating projects and um it just kind of leads to each other yes yes so much yes we were talking before we started recording about you know i was like is there anything you want to promote and you're like no i just i like talking at meet ups and sharing information did you want to talk a little bit about like why yeah so um it's funny because like i'm not a deaf advocate i'm not like i'm not um in marketing i'm not i don't have anything to sell whatever um i just like i grew up super poor and i know that like a career in technology changed my trajectory um my husband also so like my husband grew up poor i grew up for um and my husband was the one that started in technology first and like that started changing our our our lives you know and then um and then i got into technology so then we had like a double tech income and we're just like our lives are a complete 180 from the way that we grew up and it's accessible to everyone you know like it just takes hard work um and there are like so many smart hard-working people out there that deserve great lives and this is their way in and i don't want to put the onus completely on them they will do the hard work if they want to and if they're driven enough but the onus is also on the hiring managers like they are the gatekeepers and it drives me crazy when they don't take chances on people but i'll be completely honest like it really does require um risk you know like you have to risk your uh road map basically like can i hire this person and put enough training um hours into supporting them to make them as successful as they need to be um and if the answer is no then like you have to look at your priorities like what kind of a company are you what kind of a manager are you um what what is the work-life balance at your place you know like so many things um but as long as like both both people both groups of people need to hold up there into the bargain you got to have the hard work and you got to have the less gatekeepiness you know yes i cannot agree more annie there is a lot of gatekeeping in our industry a lot of um a lot of you must have ten years experience in a technology that's only eight years old um you must have you know these certifications that require five plus years ex like job experience plus thousands of dollars worth of investment to get to get an introductory job it doesn't make sense i feel a lot of the time when they're when they're doing that it's because the hiring manager doesn't know what actual questions to ask in order to find a qualified person yeah um i saw a job post so we post jobs in the we hack purple community and we posted one from shopify last week and so i'm a fan of shopify it's not like a secret like i'm always telling people that their appszect team's awesome i have like a professional crush on them and like they because i used to live in ottawa they used to host my meetup so i basically got to literally hang out with them once a month and their job description was you know like do you like figuring out problems are you interested in security are you cool with like talking to different developers and and like helping them fix a problem are do you like to do ctfs do you like puzzles do you like and they're like are you willing to work hard and learn what we're gonna teach you and i was like let's post this immediately you know i want all of our grads to see this and but but they have a team full of like kick-ass experts right and sometimes like i left a job once in the canadian government the manager said like i have literally no idea how to hire for your job like i'm a manager now if i used to be a dba can you give any sort of advice to hiring managers that like don't have the expertise to hire their own annie but they really need their own annie is there any advice you could give for them to be less gatekeepy yeah so i've only had two jobs in tech so far but i've been on a lot of interviews like a lot and people are scared of me because i'm a risk you know and getting my first um job in tech i worked at a company that was an azure consultancy and it took one person at first like sticking his neck out for me and saying look she has the passion that we want you know like she she learned this skill so quickly she's um you know you can see her drive and all of this and those are the skills that like are the most important you know like we can teach her the rest and plus like my old career i was a casting director and then um and then after that i stayed home for a long time and i did blogging and i did um like i tried to start a home a home decorating business and i quickly realized that i suck as a um a self-employed person like i just am not good at it i was good at decorating but i wasn't good at being self-employed you know what i mean uh it's hard yeah but like i had um like given all of my past experience i had this totally different set of skills that than um everybody else at the company had you know um i mean number one i was like one of three women out of um 30. so that already sets me apart from the rest of the the engineers um number two i was the only mom like being a mom is completely underestimated like you gain so many skills but then also all the soft skills that i gained in um the other the other careers and so he's like look this is a person who thinks differently than most everybody else in our company and and she's shown that she's learned this much so like i don't think it's that risky you know like let's just hire her because we can we can teach her what she needs you know um so anyway that person stuck his neck out for me and um and then he like convinced other people to to um you know rally around there whatever so that was amazing and then my next job um at hashicorp they kind of saw the same thing um i interviewed four for four different teams at hashicorp before i actually got hired um so like it wasn't a slam dunk you know like like four three other teams like liked me but but we're just like not taking the risk yeah exactly they were just like i just don't think that you have exactly the level that we need right now and i'm like okay yeah that's fine i've heard this before so um so then uh they really did need somebody to hit the ground running but this team they were like okay well she is able to hit the ground running in these certain areas but whatever she lacks like you sh her passion is obvious you know like she um like loves terraform so much and she loves doing things the right way she's like super meticulous and she you know whatever all those all those soft soft skill things that you can't um train into somebody you know and so um those are the most important things i think like the the technical stuff will come as long as the person shows that they are dedicated to learning as well and that they have healthy learning habits so i don't know you you hear these people that are like you know um you ask them how do you learn and they say oh you know i just kind of mess around until i find out okay like that might work for a little bit of something but how do you like really dig in and learn like you need to be reading and doing um in-depth tutorials and classes and um like teaching other people what you just learned or things like that that show um that they really really do mean what they say so like my advice to the hiring manager is like really kind of suss out okay are they going to be able to learn all this stuff and you know um the risk goes down real low once you figure all that stuff out yes i know this is this is so great and i i totally agree about learning i used to work in the canadian government for 13.5 years and i was an anglophone when i started which means i could only speak english i had never learned any french and so if you want promotions in the canadian public service you have to be able to learn french after a certain point you just can't move up and there are so many anglophones that i met that would take a french class part-time for like you know a few months and then they would stop they would never do homework they wouldn't practice and then the next year they'd take another one and i i was like why don't you like pooper get off the pot like do it don't like give her as canadian say give her or just like get out of here don't do it and so when i decided to learn french i was like i took night school and started watching tv and french started listening to french and started reading books in french i actually conversation groups yeah i went to france for two weeks that helped a lot and then eventually when i applied for a job where they're gonna teach you like they're like you have to be able to know the french and they're like but we'll send you on training to get you so that you can pass the exam when i explained like yeah for two years i've been working my butt off as hard as i can to make sure they're just like okay of course we're gonna pick her right like the person who's already been like literally just turning them inside the inside out to try to reach this goal and then yeah i actually ended up passing a month early which for dyslexic adults really well just passing it all it's good but yeah passing a month early too i was like yeah awesome and yeah i speak french and nancy uh my friend who is doing some sound check for us can definitely attest to how hard i try to speak french she's probably giggling right now because my my english accent is very strong but i try really hard and so awesome i love your story about like trying to learn and then sharing the knowledge learning more sharing the knowledge and like implementing the knowledge to fully cement it for yourself this is brilliant oh my gosh annie it's so good i have more i have tough questions now the cheap question we discussed we discussed the cheese question earlier i know my audience will not be okay if we don't ask this so does being a test infrastructure engineer pay well like can you when you go to the grocery store for the fancy cheese or are you like i'm a vegan now because i cannot afford any cheese or i mean just to be clear if you are or vegan cheese yes oh vegan cheese is really expensive so that's like top shelf now i will tell you i grew up um if we didn't have government cheese then we had like sliced velveeta and so we were um or the chunks of velveeta you know um but the generic ones not not the velveeta brand and now like i buy i buy fancy cheese even when we're not having company and like i don't even look at the price so yeah it's like i'm gonna buy that eight dollar block of cheese and not think twice yeah it's a good place to be though right yeah it is it is and like i don't say that lightly like um like in a douchey way or whatever like but i say it in like uh i can't believe what this what this industry has given me and my family it's and i want to share it with other people because i don't want to hoard it you know um there are there are a lot of people that want to hoard all of the the tech wealth for themselves and i want to spread it because um because there's a lot of people that deserve it so yeah there's a comment in the chat learning french as an adult is hard kudos it is oh my gosh i tried learning as well and we were doing the exact same stuff that me and my husband were doing the exact same stuff that you were doing and um we were going to like french conversation group every week and all this stuff and and then we went to france for a couple of weeks and that really helped and then like life got hard and we just quit doing all of that stuff and we moved uh we used to live in texas and we moved to boulder and um and we actually my across the street neighbors they're very good friends of ours and they're actually french and um like we don't speak french to them because we've gotten so bad and anytime we try they just switch into english immediately it's really embarrassing so anyway you have inspired me again to get back at it but it's hard it really does take dedication because i'm the type of person that if i don't do it right i just don't want to do it at all so anyway that's just a problem though a suggestion for you is to find a tandem language partner so uh this group that i went to so there's one school for dyslexic adults in canada and it's called alliance francette no wait it's called um academy de formation linguistique but the the point is is they paired me with someone from africa who had just moved to canada who didn't know any english and then there's just a brilliant idea a french english dictionary and so i would meet with her once a week for around two years we became such good friends her english improved my french like over the moon improved and also she ended up getting pregnant and having twins while she was tutoring me and so then i got to learn all about the adjectives and verbs around pregnancy and it was so cool and her babies are the cutest um so that was awesome i love that yeah and so not only did i get to have like this great relationship and because my habit with her is to speak french whenever i would run into her in the city because we live kind of close to each other i'd be like oh milka but if you start a relationship with someone in english it's very difficult to switch over so if you combine something it's actually quite it's much easier and i bet you could trade some tech skills for some language skills any day oh my gosh i love that idea thank you i'm gonna do it check back in keep me accountable yeah seriously okay so i have i have i have the ultimate difficult question which i already told you in advance so this trick i like to tell my guests it's a very difficult question but what is the absolute best coolest thing about your job and then what is like the worst thing that annoys you or frustrates you um um i think the best part of my job is making people's lives easier like um i so in bringing testing and quality uh to the product as your test as a dev as you're testing it like if you're banging your head against these manual processes all day then like you hate your job you know like it it really just brings morale down so low because i've been there i know like i've had these long um manual testing nightmares that just really like make me at the end of the day question my choices and um but if they're automated if you're building this automated pipeline that tests everything and makes um it like infuses quality and makes people's lives better i i just love that um there's this one story that like it happened several years ago but like i still share it because it's like one of my proudest moments was when i was at this client and um they didn't have um pull requests um a pull request uh um test yeah well a test like um like you make a pull request and it has to run through this pipeline of tests and it has to pass before you can merge it into master or sorry merge it into the default branch um ours are main now um sorry that was no it's all good it used to always be called maine until github changed it to master and i'm like no it's always been maine it's like well they switched it back to rain so yeah yeah but i'm glad they did it's yeah it's still it oh yeah it's hard if that's the way you learned it i like that as me so when people start nice sir i'm like no dude that's wrong yeah i'm old come on yeah yeah so anyway i learned it first that way but now i'm trying to make train my brain again to say maine but anyway um they didn't have that pipeline and uh once they did like they could like it made everybody's lives so much easier because they could um like accept a pull request and approve it like with confidence and not worry that it's gonna break everything and like that was so small like such a small thing to do but like it changed their culture you know what i mean their culture around testing and around pull requests and stuff and so we only built from there and like it it just took off and it was awesome so that is my favorite part of my job is making people's lives better because it make like making their jobs easier because it makes them like their lives better you know like if you are not just like pushing something uphill all day then it's like pushing a boulder uphill all day and you get tired after a while and you want to just drop but if it's easier then you know quality of life issues um yeah um what makes me not like my job so much oh you know it's just like sitting at a computer all day like that's the worst part of my job it's not the actual like work like sometimes of course sometimes work can be hard and you don't enjoy it or ever but if things are hard or whatever and you're solving a problem blah blah blah everybody has those days but um but mostly like it's just having to be stationary all day and that's that's that's hard um like i have a treadmill desk at home uh and that helps a little bit but like uh you don't want to stand on that all day and also you have to like move from place to place i don't know yeah i like to complain also but no no i actually find that very challenging as well as well um i have a desk that goes up and down but i am a jerk to myself and i like sit just in my chair most days yeah um but i used to have a treadmill desk i can watch things or like go to a meeting but i cannot code and walk it turns out it's just very slowly yeah it's just really slowly but you know the thing i think that is important is for teams to normalize um like people leaving for 30 minutes to go on a jog or um walk their dog or whatever you know like um i don't know just like let's be a little more flexible so that people can have a normal life it's not normal to sit in front of a computer all day so let's like do what we can to like make it more um i don't know physiologically better you know what i mean actually at wehack purple so i've been doing this for a long time where i do walking meetings and so now that things are remote it's super easy yeah i used to just take my staff and i'd be like oh it's just one on one and i worked in this giant skyscraper and on the second floor so on the first floor there was a mall and on the second floor there was supposed to be a mall but it was totally dead and there's nothing there it is let's planar logier for anyone that's from ottawa and so the second floor of las plenade just this big circle so we'd just walk in a circle for like an hour and chat about whatever the thing was and then when we're done just take the elevator back up and they're like why do you want to do these walking meetings i'm like because i sit on my derriere all day yeah that's the only bad thing about not having many not having meetings you don't get to do that very often yeah another thing that i did is i um so i funded a kickstarter for this special type of anti-fatigue mat that makes you fidget and so i would stand so perfectly still um my partner would come up and be like are you a statue and i'm like maybe um and so i end up standing on one foot like an ostrich and that's not good for you either yes but for like an hour right and flamingo like a flamingo sorry exactly yes so the the fatigue that i got is called a toppo or a topo t-o-p-o and basically there's like a bulb in the middle and there's like a thing at the back and so there's all these things you can stretch your feet and your calves and you just end up kind of fidgeting and moving around every few minutes and i don't even notice i'm doing it and it's really cool that is really cool um so talk about it that enough though like the the effects on your body that a tech job has like oh yeah we need to be more intentional about that um you should actually so i'm gonna just put this in the chat because i can't help myself so um there's this woman called katie bowman and she wrote these books specifically of like how to undo the damage that sitting at a desk does to us and so i follow all of her stuff and it's like specific stretches that just like undoes certain things that i didn't realize were happening and life has been significantly better since katie that is really cool i used to be a runner um before i started my tech career and i tried to keep it going and then i started having all these issues like injuries and stuff and some of it was related to some health issues that i had and some of it was just related to sitting all day um even though i had a standing desk too because you know you're still stationary and whatever you're not moving around organically like you do um just as a you know stay-at-home parent or whatever um and so yeah i'm trying to get back into running now and you have to be extremely intentional about it because you have to do so much more strength training and like stretching and yoga and whatnot and it's not just like i can just get up and go i have to really be um i have to plan out my my um training you know like like the off days of running too so anyway yeah it's it's a serious thing and i think that a lot of people don't realize that that's one of the kind of downsides of tech is like being physically still for so long and i feel like with the pandemic lots of people who previously weren't sitting that still now that they're having these zoom meetings like i just put zoom on my phone and i actually um have converted my small property into an urban farm and so i'll go and shovel dirt and like plant seedlings and stuff and just be listening to this meeting if i don't have to participate really and it's just more i need to like learn the thing yeah um but it does not work as well if people are like turn your camera on i'll just show them every time i do that people are like you asked to see you asked i love it i love it normalizing it it should be normal for you to do that you know like we we have lives it's great i love it we had this meeting at microsoft once and it was a team meeting and i'd forgotten to turn off my camera and my boss was like are you kidding are you doing squats right now i i currently feel like the laziest human you have been doing squats like six straight minutes and i was like i took a break at minute three just like mine and i was like like i have like this little weight i'm like uh-huh uh-huh and they're just like you're making me feel so lazy turn off your camera ones are awesome it's so okay that's awesome i love it i love it annie it has been such a pleasure to have you on the show i am so glad that person recommended you and they oh thank you thank you for inviting me i really appreciate it i've had a lot of fun talking to you oh my gosh me too it's been awesome thank you very much and um yeah i might have to bug you to be on next season because after talking to lots of people we are i would love to hear from everyone please tell me your feelings but we're thinking next season so the first season is finding your career in information security but we're thinking next season is teach me something about security we're thinking of just having guests on to teach us the things so for instance you could teach us what infrastructure as code is and then like how to do a thing or something do you know what i mean and i love it yeah you have a lot you could show us i love it i'm i'm game awesome okay thank you again and let's wrap up the we hack purple show thank you annie bye thank you so much for coming to the we hack purple podcast and our amazing guest annie hedgepenth oh that was so good i like how we covered lots of different topics and not just being a test infrastructure engineer which was also super fascinating and she was so great how she let me just ask her a lot of random questions that were not on the list of questions i sent her she was so awesome um i also quite frankly liked learning a little bit more about terraform and hashicorp because i'm kind of curious about that already um i oh i'm tanya janka and i want to tell you one more thing so on this saturday and that is april 18th we are going to april 17th we are going to do another alice and bob learn live stream it is free um you can sign up for a formal invitation and invitations that will continue to come if you go to aliceandboblearn.com or you can just show up just go to youtube.com she hacks purple at noon pacific time saturday april 17th i'm gonna have so many awesome guests i'm having alicia alyssa knight alicia alyssa knight i'm having nancy gariche who's going to talk about like security requirements and how we can do basically better on our web apps and how we can prepare we're going to have dominique wrighto again my one of my technical editors for the book i am really really looking forward to talking about this and being a nerd basically with my friends and i hope you join us thank you again to threadfix our wonderful sponsor thank you to our guest thank you to my soundtech and all my team at wehack purple that make this a reality i know when you see me i seem polished and amazing but i assure you having a team of amazing humans behind me is why i appear that way i am tanya jenka i'm your host and thank you so much for coming on this journey with we hack purple [Music]