We’ve believed for a long time that without finding ways to bring new talent into our industry, we’ll never overcome the lack of diversity in tech. But this only works if you can bring in diverse groups of people to begin with.

So, how did we aim to tackle this? Last year, as part of our Diversity, Equity, and Inclusion (DEO) roadmap, we kicked off a recruitment process for five new, entry level Associate Engineer positions. To widen the pool of talent, we removed some of the historical prerequisites you often see like  ‘Must have a degree in Computer Science’, and instead added ‘code-campers and career-changers welcome’ to encourage more potential great engineers to seize the opportunity.    There process represented a couple of firsts for us:    This was the first time mass recruiting and onboarding 5 candidates into the same role  We reviewed over 900 applicants, took over 300 through to the first stage, and one-on-one interviewed 53 candidates over the course of 3 weeks.Talk about Craft at Speed.   We had the opportunity to connect with so many awesome engineers and are really excited to introduce you to the 5 Tessians who officially joined us at the end of 2021.    As you’d expect, every person has a different story to tell… Meet the team: 

Nash   Nash has not one but two degrees under his belt. First he achieved a PhD in Cinema History before going on to get his MSc in Computing at Cardiff University. If that wasn’t enough, before that,  he spent two years teaching English in Japan.    Why Tessian?    “The role was much too attractive not to apply to! From the statements about the work culture, to the blogs and podcasts about the company and its mission, to the clear and impactful use cases of the product, it felt like an incredible place to start a new career. I especially loved the ‘Engineering at Tessian’ YouTube video – it really helped clarify what to expect from life in the company as a part of the engineering team.”   What’s the coolest thing you’ve done in your first month?    “While there have been lots of great moments, from Fernet Fridays to team lunches to the thoughtful and well-paced onboarding week, I would say my highlight was the first WIG (weekly interdepartmental gathering) meeting. It was great to share a room – both physically and virtually – with the whole company, to introduce myself, and hear everyone’s fun facts about themselves. I really felt like a part of the Tessian community.”

Dhruv Dhruv moved to the UK from New Delhi, India to complete his Computer Science degree at University of Manchester before moving to London to join Tessian. Although he enjoyed his time in Manchester, he loves exploring the parks and restaurants of London, as well as catching some live cricket action.    Why Tessian?    “Two things. One, because of the unique products they offer and the cutting edge technology that goes behind building them. I have a keen interest in Software Development, Machine Learning, and Natural Language Processing. Tessian effectively uses these technologies to make emails safer! And two, I feel aligned to the values and the some of the benefits stood out – Refreshian Summer, Taste of Tessian (lunch paid for every Friday), Private healthcare, and ClassPass among other things.”   What’s the coolest thing you’ve done in your first month?    “Definitely the WIG . The most fun and terrifying thing so far was introducing myself in front of the whole company and telling everyone a fun fact about myself. My fun fact was that I partly decided to go to the University of Manchester because I support Manchester United. To avoid spending all my money on tickets, I started working as a steward in the Theatre of Dreams and got paid to watch the games! This was an awesome experience that really helped me build my confidence and I got to hear some really funny stories about my colleagues.”

Rahul Rahul is currently commuting from Essex to our office in Liverpool Street. Before this, he achieved an Engineering (Information and Computer Engineering) degree at University of Cambridge.    Why Tessian?    “After connecting with Tessian, I very quickly became interested in the products and realized how essential email security really is. I’m glad I applied. From start to finish, it was probably the fastest and most efficient of the companies I applied to. Everyone was very friendly and it made me even more eager to join the team.”   What’s the coolest thing you’ve done in your first month?    “At the end of the first week, we had an Engineers social at the office. It was also the last Friday of Refreshian Summer, so the social started at lunch with pizza and drinks. Time flew by and the social went well into the evening. It was a chance to get to know a lot more people in a very relaxed way.  

Claire ​​ Not only has Claire moved countries (from Colorado to London) but she’s also made a career change. Talk about big moves! Before coming to Tessian, Claire was a project manager at a construction firm. Although she’s now switched to a more technical role, if you ever need advice on how much your house foundation will cost or if your plumber is indeed making fun of you behind your back, she’s got your back.    Why Tessian?    “I was looking for a career change.My goal was to become a software engineer and I’m particularly interested in cybersecurity and data privacy. I had to move here for the role and I came to London not knowing anyone, so it’s been great to enjoy spending time with coworkers on and off the clock. (Another plus: I’ve become a big fan of the pint and pie deal at my local pub.)”    What’s the coolest thing you’ve done in your first month?    “I’m looking forward to continuing learning in a supportive environment. My manager says  “ We create an environment where people feel supported to tackle hard projects” and I feel like that couldn’t be truer. I can’t emphazise enough that working here is truly amazing. I am also incredibly excited to connect with other women in STEM and want to become more involved in Tessian’s empowering culture!  Want to get a better idea of what Claire is working on? Check out her Day in the Life post here.

Nicholas From Switzerland to the UK, Nicholas studied Computer Science, and earned his BsC at Exeter University before completing his Masters degree at St. Andrews. From Scotland, he has now joined us in London.    Why Tessian?    “I came for the tech, and stayed for the product. When I applied, I was already pretty familiar with the languages, tools, and platforms Tessian uses. I hadn’t given email security much thought, though. But when I started to look into exactly what Tessian did, I gradually became a lot more interested in what they were building. I’ve seen misdirected emails and spear phishing attempts, and I liked what they were doing to prevent it.”   What’s the coolest thing you’ve done in your first month?    “Shortly after onboarding I got to start making changes and additions to our product. These changes were then swiftly deployed to our customers, and it was nice to see how quickly I could start working with the team to make a better product. Our team just released a new product, Architect. I look forward to working on it and making it into the best damn email filtering tool out there. Also I’m enjoying spending time with July, Claire’s dog which hangs out in the office.”

Great news! After a successful cohort in 2021, we have another five entry level positions available to join us this year. Plus we have plenty more opportunities for you to join Tessian, in Engineering, and our other teams.  Apply now. 

This post is part two of Why Confidence Matters, a series about how we improved Defender’s confidence score to unlock a number of important features. You can read part one here.   In this part, we will focus on how we measured the quality of confidence scores generated by Tessian Defender. As we’ll explain later, a key consideration when deciding on metrics and setting objectives for our research was a strong focus on product outcomes.   Part 2.1 – Confidence score fundamentals   Before we jump into the particular metrics and objectives we used for the project, it’s useful to discuss the fundamental attributes that constitute a good scoring model.   1. Discriminatory power   The discriminatory power of a score tells us how good the score is at separating between positive (i.e. phishy) and negative examples (i.e. safe). The chart below illustrates this idea.    For each of two models, the image shows a histogram of the model’s predicted scores on a sample of safe and phish emails, where 0 is very sure the email is safe and 1 is absolutely certain the email is phishing.    While both are generally likely to assign a higher score for a phishing email than a safe one, the example on the left shows a clearer distinction between the most likely score for a phishing vs a safe email.

 

Discriminatory power is very important in the context of phishing because it determines how well we can differentiate between phishing and safe emails, providing a meaningful ranking of flags from most to least likely to be malicious. This confidence also unlocks the ability for Tessian Defender to quarantine emails which are likely to be phishing, and reduce flagging on emails we are least confident about, improving the precision of our warnings.  

2. Calibration Calibration is another important attribute of the confidence score. A well-calibrated score will reliably reflect the probability that a sample is positive. Calibration is normally assessed using a calibration curve, which looks at the precision of unseen samples across different confidence scores (see below).

The above graph shows two example calibration curves. The gray line shows what a perfectly calibrated model would look like: the confidence score predicted for samples (x-axis) always matches the observed proportion of phishy emails (y-axis) at that score. In contrast, the poorly-calibrated red line shows a model that is underconfident for lower scores (model predicts a lower score than the observed precision) and overconfident for high scores.   From the end-user’s perspective, calibration is especially important to make the score interpretable, and especially matters if the score will be exposed to the user.

3. Consistency  A good score will also generalize well across different cuts of the samples it applies to. For example, in the context of Tessian Defender, we needed a score that would be comparable across different types of phishing. For example, we should expect the scoring to work just as well for Account Takeover (ATO) as it does for a Brand Impersonation. We also had to make sure that the score generalized well across different customers, who operate in different industries and send and receive very different types of emails. For example, a financial services firm may receive a phishing email in the form of a spoofed financial newsletter, but such an email would not appear in the inbox of someone working in the healthcare sector.

Metrics  How do we then quantify the above attributes for a good score? This is where metrics come into play – it is important to design appropriate metrics that are technically robust, yet easily understandable and translatable to a positive user experience.   A good metric for capturing the overall discriminatory power of a model is the area under the ROC curve (AUC-ROC) or the average precision of a model at different thresholds, which capture the performance of the model across all possible thresholds. Calibration can be measured with metrics that estimate the error between the predicted score and true probability, such as the Adaptive Calibration Error (ACE).    While these out-of-the-box metrics are commonly used to assess machine learning (ML) models, there are a few challenges which make it hard to use in a business context.    First, it is quite difficult to explain simply to stakeholders who are not familiar with statistics and ML. For example, the AUC-ROC score doesn’t tell most people how well they should expect a model to behave. Second, it’s difficult to translate real product requirements into AUC-ROC scores. Even for those who understand these metrics, it’s not easy to specify what increase in these scores would be required to achieve a particular outcome for the product.

Defender product-centric metrics   While we still use AUC-ROC scores within the team and compare models by this metric, the above limitations meant that we had to also design metrics that could be understood by everyone at Tessian, and directly translatable to a user’s product feature experience.    First, we defined five simpler-to-understand priority buckets that were easier to communicate with stakeholders and users (from Very Low to Very High). We aimed to be able to quarantine emails in the highest priority bucket, so we calibrated each bucket to the probability of an email being malicious. This makes each bucket intuitive to understand, and allows us to clearly translate to our users’ experience of the quarantine feature.    For the feature to be effective, we also defined a minimum number of malicious emails to prevent reaching the inbox, as a percentage of the company’s inbound email traffic. Keeping track of this metric prevents us from over-optimizing the accuracy of the Very-High bucket at the expense of capturing most of the malicious emails (recall), which would greatly limit the feature’s usefulness.   While good precision in the highest confidence bucket is important, so is accuracy on the lower end of the confidence spectrum.    A robust lower end score will allow us to stop warning on emails we are not confident in, unlocking improvements in overall precision to the Defender algorithm. Hence, we also set targets for accuracy amongst emails in the Very-Low/Low buckets.    For assurance of consistency, the success of this project also depended on achieving the above metrics across slices of data – the scores would have to be good across the different email threat types we detect, and different clients who use Tessian Defender.

Part 2.2 – Our Data: Leveraging User Feedback After identifying the metrics, we can now look at the data we used to train and benchmark our improvements to the confidence score.Having the right data is key to any ML application, and this is particularly difficult for phishing detection. Specifically, most ML applications rely on labelled datasets to learn from.    We found building a labelled dataset of phishing and non-phishing emails especially challenging for a few reasons:

Data challenges Phishing is a highly imbalanced problem. On the whole, phishing emails are extremely low in volumes compared to all other legitimate email transactions for the average user. On a daily basis, over 300 billion emails are being sent and received around the world, according to recent statistics. This means that efforts to try to label emails manually will be highly ineffective, like finding a needle in a haystack.   Also, phishing threats and techniques are constantly evolving, such that even thousands of emails labelled today would quickly become obsolete. The datasets we use to train phishing detection models must constantly be updated to reflect new types of attacks.   Email data is also very sensitive by nature. Our clients trust us to process their emails, many of which contain sensitive data, in a very secure manner.  For good reasons, this means we control who can access email data very strictly, which makes labelling harder.    All these challenges make it quite difficult to collect large amounts of labelled data to train end-to-end ML models to detect phishing.

User feedback and why it’s so useful   As you may remember from part one of this series, end-users have the ability to provide feedback about Tessian Defender warnings. We collect thousands of these user responses weekly, providing us with invaluable data about phishing.   User responses help address a number of the challenges mentioned above.    First, they provide a continually updated view of changes in the attack landscape. Unlike a static email dataset labelled at a particular point in time, user response labels can capture information about the latest phishing trends as we collect them, day-in and day-out. With each iteration of model retraining with the newest user labels, user feedback is automatically incorporated into the product. This creates a positive feedback loop, allowing the product to evolve in response to users’ needs.   Relying on end-users to label their own emails also helps alleviate concerns related to data sensitivity and security. In addition, end-users also have the most context about the particular emails they receive. Combined with explanations provided by Tessian warnings, they are more likely to provide accurate feedback.    These benefits address all the previous challenges we faced neatly, but it is not without its limitations.    For one, the difference between phishing, spam and graymail is not always clear to users, causing spam and graymail to often be labelled as malicious. Often, several recipients of the same email can also disagree on whether it is malicious. Secondly, user feedback data may not be a uniform representation of the email threat landscape – we often receive more feedback from some clients or certain types of phishing. Neglecting to address this under-representation would result in a model that performs better for some clients, something we absolutely need to avoid in order to ensure consistency in the quality of our product for all new and existing clients.   In the last part of the series Why Confidence Matters, we’ll discuss how we navigated the above challenges, delve deeper into the technical design of the research pipeline used to build the confidence-scoring model, and the impact that this has brought to our customers.

(Co-authored by Gabriel Goulet-Langlois and Cassie Quek)

‘Why Confidence Matters’ is a weekly three-part series. In this first article, we’ll explore why a reliable confidence score is important for our users. In part two, we’ll explain more about how we measured improvements in our scores using responses from our users. And finally, in part three, we’ll go over the pipeline we used to test different approaches and the resulting impact in production.   Part One: Why Confidence Matters   Across many applications of machine learning (ML), being able to quantify the uncertainty associated with the prediction of a model is almost as important as the prediction itself.    Take, for example, chatbots designed to resolve customer support queries. A bot which provides an answer when it is very uncertain about it, will likely cause confusion and dissatisfied users. In contrast, a bot that can quantify its own uncertainty, admit it doesn’t understand a question, and ask for clarification is much less likely to generate nonsense messages and cause frustration amongst its users.

The importance of quantifying uncertainty   Almost no ML model gets every prediction right every time – there’s always some uncertainty associated with a prediction. For many product features, the cost of errors can be quite high. For example, mis-labelling an important email as phishing and quarantining it could result in a customer missing a crucial invoice, or mislabelling a bank transaction as fraudulent could result in an abandoned purchase for an online merchant.      Hence, ML models that make critical decisions need to predict two key pieces of information: 1. the best answer to provide a user 2. a confidence score to quantify uncertainty about the answer. Quantifying the uncertainty associated with a prediction can help us to decide if, and what actions should be taken.

How does Tessian Defender work?   Every day, Tessian Defender checks millions of emails to prevent phishing and spear phishing attacks. In order to maximise coverage,  Defender is made up of multiple machine learning models, each contributing to the detection of a particular type of email threat (see our other posts on phishing, spear phishing, and account takeover).      Each model identifies phishing emails based on signals relevant to the specific type of attack it targets. Then, beyond this primary binary classification task, Defender also generates two key outputs for any email that is identified as potentially malicious across any of the models:   A confidence score, which is related to the probability that the email flagged is actually a phishing attack. This score is a value between 0 (most likely safe) and 1 (most certainly phishing), which is then broken down into 4 categories of Priority (from Low to Very High). This score is important for various reasons, which we further expand on in the next section. An explanation of why Defender flagged the email. This is an integral part of Tessian’s approach to Human Layer Security: we aim not only to detect phishy emails, but also to educate users in-the-moment so they can continually get better at spotting future phishing emails. In the banner, we aim to concisely explain the type of email attack, as well as why Defender thinks it is suspicious. Users who see these emails can then provide feedback about whether they think the email is indeed malicious or not. Developing explainable AI is a super interesting challenge which probably deserves its own content, so we won’t focus on it in this particular series. Watch this space!   

Why Confidence Scores Matters    Beyond Defender’s capability to warn on suspicious emails, there were several key product features we wanted to unlock for our customers that could only be done with a robust confidence score. These were: Email quarantine Based on the score, Defender first aims to quarantine the highest priority emails to prevent malicious emails from ever reaching their employees’ mailboxes. This not only reduces the risk exposure for the company from an employee still potentially interacting with a malicious email; it also removes burden and responsibility from the user to make a decision, and reduces interruption to their work.   Therefore, for malicious emails that we’re most confident about, quarantining is extremely useful. In order for quarantine to work effectively, we must:   Identify malicious emails with very high precision (i.e. very few false positives). We understand the reliance of our customers on emails to conduct their business, and so we needed to make sure that any important communications must still come through to their inboxes unimpeded. This was very important so that Tessian’s Defender can secure the human layer without security getting in our user’s way.  Identify a large enough subset of high confidence emails to quarantine. It would be easy to achieve a very high precision by quarantining very few emails with a very high score (a low recall), but this would greatly limit the impact of quarantine on how many threats we can prevent. In order to be a useful tool, Defender would need to quarantine a sizable volume of malicious emails.   Both these objectives directly depend on the quality of the confidence score. A good score would allow for a large proportion of flags to be quarantined with high precision.

Prioritizing phishy emails In today’s threat landscape, suspicious emails come into inboxes in large volumes, with varying levels of importance. That means it’s critical to provide security admins who review these flagged emails with a meaningful way to order and prioritize the ones that they need to act upon. A good score will provide a useful ranking of these emails, from most to least likely to be malicious, ensuring that an admin’s limited time is focused on mitigating the most likely threats, while having the assurance that Defender continues to warn and educate users on other emails that contain suspicious elements.   The bottom line: Being able to prioritize emails makes Defender a much more intelligent tool that is effective at improving workflows and saving our customers time, by drawing their attention to where it is most needed.  

Removing false positives We want to make sure that all warnings Tessian Defender shows employees are relevant and help prevent real attacks.    False positives occur when Defender warns on a safe email. If this happens too often, warnings could become a distraction, which could have a big impact on productivity for both security admins and email users. Beyond a certain point, a high false positive rate could mean that warnings lose their effectiveness altogether, as users may ignore it completely. Being aware of these risks, we take extra care to minimize the number of false positives flagged by Defender.    Similarly to quarantine, a good confidence score can be used to filter out false positives without impacting the number of malicious emails detected. For example, emails with a confidence score below a given threshold could be removed to avoid showing employees unnecessary warnings.

What’s next?   Overall, you can see there were plenty of important use cases for improving Tessian Defender’s confidence score. The next thing we had to do was to look at how we could measure any improvements to the score. You can find a link to part two in the series below (Co-authored by Gabriel Goulet-Langlois and Cassie Quek)

Well 2021 was certainly a year to remember! Here’s just some of the things we’ve achieved in the last 12 months…. Tessian in numbers Scanned nearly 5 billion emails  Identified over half a million malicious emails Stopped close to 30,000 account takeover attempts Prevented over 100,000 data breaches due to a misdirected email We donated $13,220 donated to charities chosen by our customers during the winter holidays Promoted 39 people internally Hired 155 new employees with the highest proportion going to engineering and sales (we’re still hiring!)  Expanded our senior team to include roles such as CISO, Head of Threat Intelligence, Trust & Compliance Lead, Chief Product Officer, and Chief Strategy Officer Announced five new partner integrations including Okta, KnowBe4 and Sumo Logic. Secured 995 pieces of news coverage in both mainstream and trade media Welcomed nearly 6,000 attendees to our three virtual Human Layer Security Summits Hosted and sponsored 104 virtual and physical events globally

January We kicked off January with our How to Hack a Human research report, and followed with our new mission video. On the product side, Tessian Defender began protecting against External Account Takeover.

February  Tessian Guardian continued to evolve as February saw us launch our ‘Misattached Files’ feature, which uses machine learning to automatically detect and prevent people accidentally sharing the wrong files via email. Which, according to our research 48% of employees have done….   March To celebrate International Women’s March Day, we launched our second installment of the Opportunity in Cybersecurity report, highlighting how nearly half of women working in cybersecurity (49%) say that the COVID-19 pandemic has affected their career in a positive way. On the people side we welcomed Matt Smith as Chief Strategy Officer  And Tessian Guardian continued to add new features with even more customization settings to fine tune it to your organization’s specific requirements. Finally, we launched our springtime Human Layer Security Summit. 

April April saw the launch of our Diversity and Inclusion strategy, with our long term aim of growing and expanding the entry-level talent pool by creating junior jobs for people entering the tech industry, whether that’s in Sales or Engineering.  On the product side, we also launched our Human Layer Risk Hub.    May We hit the jackpot in May when, after much hard work, we raised $74m raised in Series C plus extension funding. To announce the move we took over the famous billboard at Time Square. We also welcomed Sumo Logic CEO Ramin Sayar to Tessian’s Board of Directors. And knowing how important rest and time away from work is to our staff, we launched Refressian Summer, giving every employee Friday afternoon off during July and August.    June June saw no signs of slowing down as we hosted our summer Human Layer Security Summit, added Human Layer Security Intelligence to our platform to help give you more visibility and insight into your human layer risks. And, as the world came out of various lockdown programs, we launched our Back to Work Report. 

July A highlight of July was our Summer social event, where staff could let their hair down and party (see below). We also (re)opened new & existing offices in London UK, Boston MA, and Austin TX.  We were named Representative Vendor in the 2021 Gartner Market Guide for Data Loss Prevention. And we were recognized as one of the top three medium-sized companies in the UK’s Best Workplaces™ for Women.   August August saw us set up shop at BlackHat USA 2021, and Hire Josh Yavor as our Chief Information Security Officer.    September After a relaxing summer, it was ‘back to school’ in September, when we launched our Spear Phishing Threat Landscape 2021 report. Over a 12-month period, Tessian detected nearly two million malicious emails that slipped past legacy phishing solutions.  We also hired our 200th Tessian, and were voted Best Place to Work in Tech UK. We also held our first internal TES Talk – where once a month anyone in the company can give a short talk about a passion project, subject or something they’ve worked on. 

October As the Fall rolled around October saw us launch Architect; a powerful policy engine for real-time email data loss prevention. Gartner recognized Tessian as a Representative Vendor in the 2021 Market Guide for Email Security.  And we were voted Rover’s best dog-friendly companies 2021 🐾. We announced our integration with integrations with Okta to help organizations protect against the biggest threats to enterprise security – people’s identities and behaviors. The end of October also saw Central London reverberate to ghostly screams and wails as we hosted our Halloween karaoke social night… 

November The penultimate month of the year saw our final HLS Summit of 2021. We also recognized how hard and stressful being a CISO can be in our CISO Lost Hours report.    More people joined us including Allen Lieberrman joins as Chief Product Officer. A commissioned study conducted by Forrester Consulting on behalf of Tessian shows that Security and Risk leaders feel little control over risks posed by employees, which you can read here. And the silverware kept coming as Fast Company named us one of best innovators in AI and Data, and Deloitte recognized our epic growth in their Fast 50 for 2021 list. The product team were kept busy with our integrations with Sumo Logic. December After an exciting year, it was once again time for a party, with those based in London meeting up in person for drinks and games, while others attended our online virtual event. Another month, another integration as we paired up with our good friends at KnowBe4    We reached another milestone when our podcast, RE: The Human Layer, reached 5000 downloads. And we launched humanlayersecurity.com, our new online magazine for security leaders. Finally, our marketing team met up in person in Austin, TX to plan out how we’re going to top what was a challenging but epic year for Tessian! So, as we come to the end of 2021, we’d just like to say thank you to those of you who’ve been on this amazing journey with us, and as Frank Sintra once sang, the best is yet to come. See you in 2022… Merry Christmas and a Happy New Year!

We’ve been recognized in Fast Company’s inaugural Next Big Things in AI and Data list   The list honors technology breakthroughs that promise to shape the future of their industries, and includes global giants, intrepid startups, and research that is fresh from the labs.    In all, our approach to Human Layer Security joins 64 other technologies, products, and services that will have a positive impact for consumers, businesses, and society at large in the next five years.    If you’ve read this blog or any of our reports, you’ll know our approach to cybersecurity is designed to protect people, not just machines and data.    Why, because 95% of today’s data breaches are caused by human error. Using machine learning to understand people’s communication patterns and behaviors online, Tessian automatically stops data breaches caused by employees on email and continuously drives people towards safer email behavior, thanks to in-the-moment training.    “It just takes one mistake, one carefully crafted phishing email, or one moment when an employee lets their guard down for company security to be compromised,” says Tim Sadler, CEO and co-founder of Tessian. “Those ‘Oh Sh*t!’ security moments cost people their jobs and businesses their reputations – but they can be stopped. Our technology empowers employees to make safe cybersecurity decisions in-the-moment and prevents mistakes before they turn into breaches. In today’s threat landscape, this people-first approach to security has never been more important and I’m so proud to be recognized by Fast Company for our work.”    “Fast Company is thrilled to highlight cutting-edge technologies that are solving real-world problems in unexpected ways. From climate change and public health crises to machine learning and security, these technologies will certainly have a profound impact on the future, and we’re honored to bring attention to them today,” says Stephanie Mehta, editor-in-chief of Fast Company.   You can see the full list here

We are very pleased to welcome Allen Lieberman as Tessian’s new Chief Product Officer who will head up the continued development of the industry’s first and leading Intelligent Cloud Email Security platform. Allen joins us from VMware Carbon Black, where he worked for nearly 9 years, and held roles including Senior Director of Product Marketing and VP of Product Management. He has spent the vast majority of the last 20 years in the Software-as-a-Service space. We took a few minutes to get to know Allen and find out what he’s looking forward to in his new role.    Allen, hi! Let’s start off with an easy question: why did you decide to join Tessian?  A combination of reasons, really.  First, the mission. Tessian is set out on a compelling mission that is critical to customers’ ability to scale and defend their enterprise in the modern threat and communications landscape. People can – and should – be a security team’s best asset. By enabling the employee community to help protect and defend the enterprise, security teams are better positioned to scale and protect their organizations. Until now, securing the human layer has been underserved. But as the enterprise and communications landscape evolves, putting people first is critical to the success of modern security programs. Tessian has set out on a mission to make this a reality.   Second, the culture and team at Tessian is world class. Having been in the trenches with key members of the team, I understand the culture that is being cultivated and feel good about the high level of diverse talent we have. At Tessian, there is a focus on doing the right thing, staying positive, persevering through challenges, and keeping people at the center of what we do. Having the culture aligned to my core values was critical in my decision.  And third, the time is right. Security teams, today, are dealing with unprecedented levels of cybercrime. As organizations have become more distributed and cloud-first, as employees communicate over emerging channels and as attackers evolve to meet employees where they are, now is the time for a better solution to help enable every employee to protect the enterprise.   It’s rare to find a company that has all these three things.    What do you see as the top benefit Tessian offers to customers?  The sea change that Tessian enables is turning the employee base into a security team’s best asset, while reducing overhead on the security teams.  Tessian automates the protection of critical communications channels like email while assisting people in understanding their role of protecting the enterprise – which is unlike so many other security solutions. The ability to embed security communication and training ‘in-the-moment’, when an employee needs it most, helps build a collaborative culture between staff and security teams while reducing breach responses. It’s great when employees really feel that security teams ‘have their back’ and that’s what Tessian enables.    What do you see as the biggest opportunity for Tessian?  Our biggest opportunity is to shift our customer’s mindset from security being seen as something that security teams do, to security being something that all employees do.  When we accomplish that – i.e. when employees become part of the new perimeter and when all employees are truly extended parts of security teams – we would’ve changed the security game. I think that’s the biggest opportunity we have.    What’s your focus for the next 3-6 months?  I’ll be very much focused on learning over the next few months. While I’m coming into Tessian with many years of experience, there is so much to take in, as with I think about prioritizing and executing on the opportunity to drive change ahead.  My intent is to learn from our team, from our customers and from our partners. I’m excited to understand more about the challenges that are faced by our customers, the opportunities we have to address them and, of course, I’m interested in learning much more about our team.     And finally, can you summarize Tessian’s mission in 25 words or less? sure, Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprises.

At Tessian, we have many applications that interact with each other using REST APIs. We noticed in the logs that at random times, uncorrelated with traffic, and seemingly unrelated to any code we had actually written, we were getting a lot of HTTP 502 “Bad Gateway” errors. Now that the issue is fixed, I wanted to explain what this error means, how you get it and how to solve it. My hope is that if you’re having to solve this same issue, this article will explain why and what to do.  First, let’s talk about load balancing

In a development system, you usually run one instance of a server and you communicate directly with it. You send HTTP requests to it, it returns responses, everything is golden.  For a production system running at any non-trivial scale, this doesn’t work. Why? Because the amount of traffic going to the server is much greater, and you need it to not fall over even if there are tens of thousands of users.  Typically, servers have a maximum number of connections they can support. If it goes over this number, new people can’t connect, and you have to wait until a new connection is freed up. In the old days, the solution might have been to have a bigger machine, with more resources, and more available connections. Now we use a load balancer to manage connections from the client to multiple instances of the server. The load balancer sits in the middle and routes client requests to any available server that can handle them in a pool.  If one server goes down, traffic is automatically routed to one of the others in the pool. If a new server is added, traffic is automatically routed to that, too. This all happens to reduce load on the others.

What are 502 errors? On the web, there are a variety of HTTP status codes that are sent in response to requests to let the user know what happened. Some might be pretty familiar: 200 OK – Everything is fine. 301 Moved Permanently – I don’t have what you’re looking for, try here instead.  403 Forbidden – I understand what you’re looking for, but you’re not allowed here. 404 Not Found – I can’t find whatever you’re looking for. 503 Service Unavailable – I can’t handle the request right now, probably too busy. 4xx and 5xx both deal with errors. 4xx are for client errors, where the user has done something wrong. 5xx, on the other hand, are server errors, where something is wrong on the server and it’s not your fault.  All of these are specified by a standard called RFC7231. For 502 it says: The 502 (Bad Gateway) status code indicates that the server, while acting as a gateway or proxy, received an invalid response from an inbound server it accessed while attempting to fulfill the request. The load balancer sits in the middle, between the client and the actual service you want to talk to. Usually it acts as a dutiful messenger passing requests and responses back and forth. But, if the service returns an invalid or malformed response, instead of returning that nonsensical information to the client, it sends back a 502 error instead. This lets the client know that the response the load balancer received was invalid.

The actual issue   Adam Crowder has done a full analysis of this problem by tracking it all the way down to TCP packet capture to assess what’s going wrong. That’s a bit out of scope for this post, but here’s a brief summary of what’s happening:  At Tessian, we have lots of interconnected services. Some of them have Application Load Balancers (ALBs) managing the connections to them.   In order to make an HTTP request, we must open a TCP socket from the client to the server. Opening a socket involves performing a three-way handshake with the server before either side can send any data.   Once we’ve finished sending data, the socket is closed with a 4 step process. These 3 and 4 step processes can be a large overhead when not much actual data is sent.  Instead of opening and then closing one socket per HTTP request, we can keep a socket open for longer and reuse it for multiple HTTP requests. This is called HTTP Keep-Alive. Either the client or the server can then initiate a close of the socket with a FIN segment (either for fun or due to timeout).

The 502 Bad Gateway error is caused when the ALB sends a request to a service at the same time that the service closes the connection by sending the FIN segment to the ALB socket. The ALB socket receives FIN, acknowledges, and starts a new handshake procedure. Meanwhile, the socket on the service side has just received a data request referencing the previous (now closed) connection. Because it can’t handle it, it sends an RST segment back to the ALB, and then the ALB returns a 502 to the user. The diagram and table below show what happens between sockets of the ALB and the Server.

How to fix 502 errors It’s fairly simple. Just make sure that the service doesn’t send the FIN segment before the ALB sends a FIN segment to the service. In other words, make sure the service doesn’t close the HTTP Keep-Alive connection before the ALB.  The default timeout for the AWS Application Load Balancer is 60 seconds, so we changed the service timeouts to 65 seconds. Barring two hiccups shortly after deploying, this has totally fixed it. The actual configuration change I have included the configuration for common Python and Node server frameworks below. If you are using any of those, you can just copy and paste. If not, these should at least point you in the right direction.  uWSGI (Python) As a config file: # app.ini [uwsgi] ... harakiri = 65 add-header = Connection: Keep-Alive http-keepalive = 1 ... Or as command line arguments: --add-header "Connection: Keep-Alive" --http-keepalive --harakiri 65 Gunicorn (Python) As command line arguments: --keep-alive 65 Express (Node) In Express, specify the time in milliseconds on the server object. const express = require('express'); const app = express(); const server = app.listen(80); server.keepAliveTimeout = 65000

Looking for more tips from engineers and other cybersecurity news? Keep up with our blog and follow us on LinkedIn.

We’re excited to announce that Tessian has been recognized as one of the 2021’s UK’s Best Workplaces™ in Tech. The list includes 98 organizations which were selected after Great Place to Work® UK analyzed the responses of UK-based tech employees via its Trust Index© employee survey.  This recognition confirms that Tessian is a great workplace for all employees, and that staff at the company feel a strong sense of trust, fairness, pride, and wellbeing. Earlier this month, we celebrated the hiring of our 200th employee and, as part of the celebrations, employees shared 200 reasons why they love working here.   These included: Working for an innovative company that is defining a new category in cybersecurity and transforming security strategies at global enterprises.  Tessian’s ‘choice first’ working policy which allows employees to choose where they work – remotely, in the office, or hybrid.  Company days off, called Refreshian Days for staff to switch off and focus on their mental wellbeing. Throughout July and August 2021, every employee also logged off at 1pm on Fridays for a “Refreshian Summer”. A dedication to diversity, equity and inclusion (DEI), with a transparent DEI strategy and access to Employee Resource Groups including Plus, an LGBTQ+ network, and Tes-She-An, a space created to support Tessians who identify as women.  Every employee gets shares in the company.  Tessian is hiring! Check out the open positions 👉🏼 here 👈🏼

September 2021 saw us welcome our 200th Tessian employee 🙌. That’s some milestone, and quite a journey from where Tim, Ed, and Tom started back in 2013. Back then, after graduating from Imperial College, they quit their jobs in finance, and worked out of an apartment to develop what would go on to become Guardian, the first of our products. Along the way there’ve been some incredible stories and amazing highs, which we know wouldn’t be possible without our people. One thing we were sure of from the start is that we wanted our company culture to be much more than ‘beers and ping pong’ (though we have those too 🏓🍺). To achieve that we’ve designed a comprehensive package and onboarding process that helps all Tessians do their best work. Because our mission is one of critical importance: Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprises. All of this combined makes Tessian one of the best places to work in the industry. So to mark the arrival of our 200th team member, we asked the other 199 Tessians around the globe what they love about working here, here’s what they had to say… 1: We leading an entirely new category: Intelligent Cloud Email Security 2: Our ‘choice first’ working policy lets employees work remotely, in the office, or hybrid. 3: We’re one of the top 3 medium sized companies in the UK’s Best Workplaces™ for Women for 2021. 4: We raised $42m in our Series B fundraise,  5: and $65m in our Series C fundraise. 6: …and even more in our Series C extension. 7: Our investors include Sequoia, 8: …and Accel, 9: …and March Capital, 10: …and Balderton, 11: …and Sozo Ventures, 12: …and Okta Ventures, 13: …and Citi Ventures. 14: We’ve received a lot of analyst recognition. 15: We use rigorous salary benchmarking to ensure we pay our Tessians fairly. 16: Every employee gets shares in the company. 17: You’ll work with experts in machine learning and engineering. 18: Our flagship event, Human Layer Security Summit, is a must for industry trailblazers. 19: We were included in the Cyber Defense Awards for Next-Gen Email Security. 20: In a 12-month period, we stopped nearly two million malicious emails that slipped past our customers’ SEGs. 21: Our offices are dog friendly (this is Fig).  22: Our Glassdoor company rating is 4.6 stars. 23: Our Glassdoor CEO approval rating is 96%. 24: And finally our Glassdoor ‘recommend to a friend’ score is 90%. 25: Our product roadmap is clear (and disruptive!) 26: Every Tessian attends in-depth DEI training to promote deep commitment to Diversity, Equity and Inclusion at Tessian and beyond. 27: In July and August we have “Refreshian Summer”, paid days off to enjoy the sunshine 28: Our customer base includes some of the world’s biggest and most innovative organizations, including Arm, 29: …and Schroders, 30: …and Cordaan. 31: You can bring your whole self to work. 32: We take mental health seriously, and offer support instantly via Spill. 33: Tessian Guardian is the only solution in the market that can prevent mis-attached files and misdirected emails. 34: We have offices in Boston, MA, 35: …and Austin, TX, 36: …and London, 37: …and more hubs coming soon! 38: All of which means you get to travel (if you want…)  39: You’ll have the chance to mentor local students with our ‘1 hour’ program. 40: We were named a “Cool Vendor in Cloud Office Security” by Gartner. 41: We have a cats-of-Tessian slack channel 🐈.  42: Every Friday, lunch is on us with Feedr or other platform – we call it Taste of Tessian. 43: Our ‘House’ system teams you up with people across the global business (who doesn’t love a bit of friendly competition?) 44: Don’t want any meetings? Don’t worry! Log off Slack for some Daily Deep Work. 45: We’re committed to closing the skills and gender gap in cybersecurity. 46: We’ve been known to host pretty epic social events, and teams have a monthly budget to spend. Some examples include whale watching… 47: …and canal cruises, 48: … and sheep meditation, 49: …and sushi-making classes 🍣. 50: Tessian Defender stops spear phishing, Business Email Compromise (BEC), and Account Takeover (ATO) 51: We have great pension plans  52: We have tons of staff community groups, including Plus, an LGBTQ+ network, and Tes-She-An, a space created to support Tessians who identify as women 53: Every year, we host a company-wide summer party 54: Our developers have autonomy to create and steer their own products (with some product input…) 55: We offer private medical insurance in the UK, 56: …and health insurance in the US,  57: …and medical insurance for our employees everywhere else. 58: Want to see the world? You can work abroad for up to 30 days. 59: Tessian integrates with Outlook, 60: …and Gmail, 61: …and Microsoft 365. 62: We host Industry experts on our podcast, RE: Human Layer Security. 63: Hungry? We have a huge range of healthy snacks and drinks in our staff kitchens… 64: …and on Thursdays a big (vegan) cake, because everyone likes cake right? 65: We solve problems that have real-world implications for real people. 66: You’ll get massive discounts through our Classpass gym membership. 67: If someone you refer makes it to a first round interview you get $150, 68: …and if they are successfully hired, you get $3650 🤑. 69: Our Donut ‘get to know’ program randomly pairs you with someone new every two weeks, so you get to know people outside your own team or region. 70: You’ll be a part of a great team, all driven by the same mission: to secure the human layer. 71: We have monthly TES talks from employees on a range of topics. 72: We’re Cyber Essentials Certified, 73: …and Cyber Essentials Certified Plus, 74: …and a part of the AWS Partner Network. 75: We have a superb onboarding program via Enboarder. 76: Our AI/ML helps automate process and reduce admin overhead for our customers’ IT teams. 77: We offer a cycle to work scheme 🚲,  78: …and our London office has a secure bike rack, lockers and showers. 79: Employees get 25 vacation days a year, 80: …with an extra day for every year worked up to 30 days in total… 81: …with bank holidays/nationally observed holidays on top of that! 82: We were named Best AI and Deep Tech Company in the VIVA Technology Awards. 83: You can get your eyes tested for free 👀. 84: Fancy some footy? Our London team has 5-(sometimes more)-a-side weekly football games. 85: We have high quality hardware for your home office and in the office. 86: We support future leaders by helping every Tessian create a tailored growth plan for their career development.  87: We have team members across 9+ different countries. 88: We have our ISO 27001 UKAS… 98: …and SOC2, 100: …and SOC3. 101: We host epic ping pong tournaments. 102: The feedback we get via Peakon helps guide the business. 103: Wear what you want! We don’t have a dress code policy. 104: We were included in the Sunday Times Fast Track 100: Fast Growing Tech Companies 2020. 105: Once hired, you’ll receive a welcome pack that includes tons of swag like socks… 106: …and a T-shirt, 107: …and a water bottle,  108: …and a backpack. 109: We don’t just prevent data breaches, we prevent embarrassing mistakes on email, too. 110: We have a clear path for our engineers to progress in their career. 111: We’re guided by six values, including… 112: …Craft at Speed, 113: …Grit and Perseverance, 114: …We do the Right Thing, 115: …Human First, 116: …Customer Centricity, 117: …Positive Mindset. Solution Oriented. 118: And every quarter, we ask Tessians to nominate Values Champions. 119: We were included in Forrester’s Now Tech: Enterprise Email Security Providers report in Q3 2020. 120: Tessian Human Layer Security Intelligence integrates with SIEM/SOARS including Splunk, 121: …and LogRhythm, 122: …and Fortinet, 123: …and Alien Vault, 124: …and Azure Sentinel, 125: …and IBM QRadar, 126: …and Exabeam, 127: …and Rapid7, 128: …and Securonix, 129: …and RSA Security, 130: We’re committed to helping our customers meet their compliance needs. 131: We’ve built detailed growth frameworks for each role so your path to a promotion is clear. 132: New to the company? Have lunch with your team on us (virtually or IRL). 133: We have a culture that’s very accepting of new ideas, regardless of how junior or senior you are. 134: We recently launched our Partner Program to help us connect with more organizations across NAMER and EMEA. 135: We solve problems together and ask what WE can do to fix a problem. 136: Our senior management is very accessible. 137: We host a bi-weekly all-hands to make sure everyone is connected and informed. 138: Everyone gets a Macbook Air, or Macbook Pro if you’re in engineering. 139: Your manager will create a clear 30, 60 and 90 day plan when you start to set you up for success. 140: We’re a technology company that actually uses technology and apps to streamline and improve our processes. 141: Every day, employees shout about others good work via kudos. 142: The environment is fast-paced. 143: We have very little red tape. 143: We have a beer fridge in the kitchen… 144: … and our own beer! 145: Our products reduce friction between security teams and the rest of the company. 146: We have a culture that promotes experimentation. 147: Our product and engineering teams have a healthy obsession with our customers. 148: We took care of our people during and after the pandemic with an allowance that helped everyone get their home offices set-up. 149: You’ll work with ​​smart, bright, and professional people. 150: Our platform reduces data exfiltration by 84%+. 151: With Tessian, click through rate on phishing emails drops below 5%. 152: Tessian deploys in minutes. 153: The ROI of Tessian is easy to prove. 154: Our Human Layer Risk Hub is the only solution that offers protection, training, and risk analytics all in one platform. 155: We know that cybersecurity is a team sport. 156: Our threat intelligence team helps keep our customers safe and reports on trends. 157: Each person gets a generous allowance for learning and development every year. 158: We have a company culture that promotes productive feedback. 159: We’ve had some of the biggest names in the industry join us for events and on our podcast, including, 160: …Lena Smart, CISO @ MongoDB, 161: …Nuno Teodoro, Cybersecurity Officer @ Huawei, 162: …Bobby Ford, CISO @ HP, 163: …Howard Shultz, Former CEO @ Starbucks, 164: …and Stephane Kasriel, Former CEO @ Upwork. 165: All three of the founders are accessible. 166: Our CEO holds regular office hours. 167: There are several book clubs you can join. 168: Upon joining, every employee shares a fun fact about themselves. You’ll be working with, 169: …A chess champion, 170: …The grandson of the man who designed the locks on the gates of Buckingham Palace, 171: …A published author, 172: …A former Olympic ballgirl, 173: …A movie extra, 174: …And someone who’s climbed Mount Rainier! 175: Our products prevent “Oh Sh*t” moments like data exfiltration, accidental data loss, and spear phishing. 176: Our Global Leadership Team was designed to empower and inspire every employee at Tessian to achieve their potential. 177: Our customers influence the product. 178: You’ll have the opportunity to build something new and the freedom to define your own methodologies. 179: We live by the motto “It takes a village” 180: We’re guided by 5 Tone of Voice (TOV) principles… 181: …We are helpful, 182: …Self-assured, 183: …Knowledgeable, 184: …Personable, 185: …and Direct. 186: And we host monthly Tone of Voice sessions to help employees across departments improve their writing. 187: We host pub-style quizzes at every Engineering off-site. 188: We encourage our employees to fail fast and iterate. 189: Every new joiner gets a “buddy”. 190: We collectively celebrate promotions. 191: If you’d rather be on your feet, standing desks are an option. 192: Our London office has a meditation pod 🙏 193: We have a board game Slack group and in office game nights (Catan ftw!), 194: Our dataset is really rich, which means our data science and threat intel teams can pull incredible insights. 195: Our support team has a 95% customer satisfaction score. 196: Green fingered? Our London office is full of plants 🪴. 197: We love a good cybersecurity meme. 198: We were named a Representative Vendor in the 2021 Gartner Market Guide for Data Loss Prevention. 199: Our People Team goes above and beyond. 200: And finally, we’re still growing! Want to be our 201st employee? Check out our open positions now. 2023 note: some of the employee benefits listed above have changed, or been adapted – but it’s still a great place to work.

Following our Series C fundraise in May 2021, we are delighted to announce that we have received strategic investment from Okta Ventures, Citi Ventures and Sozo Ventures as part of a Series C extension.  With the additional funding, we are accelerating our journey to achieve our mission of mitigating and preventing human risk in the enterprise, and empowering people to do their best work without security getting in the way.  Human error is the leading cause of data breaches in organizations today. This is because cybersecurity software has typically focused on the machine layer of a company and not the people – the gatekeepers to the most sensitive systems and data in an organization. The so-called ‘people problem’ in security has been exacerbated as businesses move to a remote or hybrid way of working, in the wake of the Covid-19 pandemic. To overcome this, Tessian has pioneered a new approach to cybersecurity and defined a new category of security software called Human Layer Security. Ultimately, we want help companies replace their secure email gateways and legacy data loss prevention solutions. This means we will expand our platform’s capabilities beyond email, securing other interfaces like messaging, web and collaboration platforms from incidents of human error. 

On the investment, Austin Arensberg, Director at Okta Ventures said, “The biggest threat to enterprise security today is people’s identities and behaviors. “With more people working remotely, it’s never been more important for companies to know who their most high risk employees are, the threats they pose to company security, and how to keep them safe – without disrupting their workflow. We saw a huge opportunity with Tessian; by securing the human layer, businesses can stop threats and keep operations running.” Our CEO and co-founder Tim Sadler also added, “For too long, cybersecurity software has focused on securing technology and neglected the security of the people who run the organization. “It just takes one wrong decision, or one instance of human error, for an employee to cause a catastrophic security breach – and businesses are starting to realize that they now must do something to stop this. With backing from best-in-class investors and executives from some of the world’s most innovative security companies, we are truly on our way to fulfilling our mission of securing the human layer and helping businesses overcome one of the biggest threats to enterprise security.” As with every fundraise, this is just the beginning. It takes a village and we’re only just getting started. If you know anyone looking to take the next step in their career and to join a company solving the biggest problem in enterprise security today, please get in touch, we are hiring! 🚀

We’re excited to announce that Tessian has been recognized as one of the top three medium-sized companies in the UK’s Best Workplaces™ for Women for 2021.  Our Human First value, its commitment to Diversity, Equity and Inclusion (DEI), and its Employee Resource Group (ERG) for women – Tes-She-An – are just some of the reasons why people love working at the company. This recognition confirms that:  Tessian is a great workplace for all employees, including women. Tessian recognizes that women represent a valuable talent pool in increasingly talent–constrained industries such as cybersecurity and technology.  Tessian lives up to its company values of ‘Human First’ and ‘We Do the Right Thing’, as its leaders make meaningful changes to improve their ability to recruit, retain and nurture top female employees.

Education and training have been foundational first steps in Tessian’s DEI strategy. We partnered with Jeff Turner, former International Learning and Development Director for Facebook, to deliver company-wide training around diversity, unconscious bias and inclusion. We’ve also taken the time to establish our long-term DEI roadmap – which includes a diversity recruitment strategy across all hiring levels, expanding the entry-level talent pool by creating junior jobs for people entering the tech industry, and prioritizing the development of future leaders through well-defined growth frameworks across the company. 

In addition, Tessian’s ERG group – Tes-She-An – provides a space to support all employees who identify as women, celebrate their achievements, and help each other “shine even brighter” by focusing on career progression. The group runs monthly workshops for women, and invites inspiring external guests who are leading the charge in creating equal opportunities in the tech industry, to speak to employees. Importantly, these events do not operate in a closed network. They’re open to the entire company – not just women.  As a result of these initiatives and programs, 99% of Tessian employees surveyed by Great Place to Work® agreed that people at the company are treated fairly regardless of their gender.  Paige Rinke, Head of People at Tessian, says: “We are so proud to be recognized as a Best Workplace for Women and hear first-hand from our employees that our initiatives to create an inclusive workplace are resonating. One of our core values is Human First, and we’re committed to ensuring every employee feels supported and valued, and to improving gender and ethnicity representation across all levels of seniority at Tessian through our DEI efforts. “Why? Because empowering our people to thrive in an inclusive environment and challenging the status quo to create more equal opportunities in the tech industry is, ultimately, the right thing to do.”  Benedict Gautrey, Managing Director of Great Place to Work® UK, explains: “We’re delighted to recognize so many great organizations in this fourth year of the UK’s Best Workplaces™ for Women list. The issues affecting women in the workplace, particularly what we’ve witnessed in the face of the pandemic including parity of pay and advancement opportunities, continue to be important topics. “What our 2021 UK’s Best Workplaces™ for Women clearly show is the positive impact their practices have on business. As a result, they are better able to attract and retain women of talent, encouraging them to develop professionally and personally, and in turn, contribute exponentially to the success of the organizations they work for.” Want to work at Tessian? See if we have a role that interests you today.

Introduction In part one, we went over the decisions that led the CSI team to start automating its UI application with a focus on the process drivers and journey.  Today we’re going to start going over the technical challenges, solutions, and learnings along the way.  It would be good if you had a bit of understanding of how to use WinAppDriver for UI testing.  As there are a multitude of beginner tutorials, this post will be more in depth. All code samples are available as a complete solution here. How We Got Here As I’m sure many others have done before, we started by adapting winappdriver samples into our own code base.  After we had about 20 tests up and running, it became clear that taking some time to better architect common operations would help in fixing tests as we targeted more versions of Outlook, Windows, etc.  Simple things like how long to wait for a window to open, or how long to wait to receive an email can be impacted by the test environment, and it quickly becomes tedious to change these in 20 different places whenever we have a new understanding/solution on the best way to do these operations. Application Sessions A good place to start when writing UI tests is just getting the tests to open the application.  There are plenty of samples online that show you how to do this, but there are a few things that the samples leave each of us to solve on our own that I think would be helpful to share with the larger Internet community. All Application Sessions are Pretty Similar And when code keeps repeating itself, it’s time to abstract this code into interfaces and classes.  So, we have both: an interface and a base class:

Don’t worry, we’ll get into the bits.  The main point of this class is it pertains to starting/stopping, or attaching/detaching to applications and that we’re storing enough information about the application under test to do those operations.   In the constructor, the name of the process is used to determine if we can attach to an already running process, whereas the path to the executable is used if we don’t find a running process and need to start a fresh instance.  The process name can be found in the Task Manager’s Details tab. Your Tests Should Run WinAppDriver I can’t tell you how many times I’ve clicked run on my tests only to have them all fail because I forgot to start the WinAppDriver process beforehand.  WinAppDriver is the application that drives the mouse and keyboard clicks, along with getting element IDs, names, classes, etc of the application under test.  Using the same solution WinAppDriver’s examples show for starting any application, you can start the WinAppDriver process as well.   Using IManageSession and BaseSession<T> above, we get:

The default constructor just calls BaseSession<WinAppDriverProcess> with the name of the process and the path to the executable. So you can see that StartSession here is implemented to be thread safe.  This ensures that only one instance can be created in a test session, and that it’s created safely in an environment where you run your tests across multiple threads.  It then queries the base class about whether the application you’re starting is already running or not.  If it is running, we attach to it.  If it’s not, we start a new instance and attach to that.  Here are those methods:

These are both named Unsafe to show that they’re not thread safe, and it’s up to the calling method to ensure thread safety.  In this case, that’s StartSession(). And for completeness, StopSession does something very similar except it queries BaseSession<T> to see if we own the process (i.e. it was started as a fresh instance and not attached to), or not.  If we own it, then we’re responsible for shutting it down, but if we only attach to it, then leave it open.

You’ll Probably Want a DesktopSession Desktop sessions can be useful ways to test elements from the root of the Windows Desktop.  This would include things like the Start Menu, sys-tray, or file explorer windows.  We use it for our sys-tray icon functionality, but regardless of what you need it for, WinAppDriver’s FAQ provides the details, but I’ve made it work here using IManageSession and BaseSession<T>:

It’s a lot simpler since we’d never be required to start the root session.  It’s still helpful to have it inherit from BaseSession<T> as that will provide us some base functionality like storing the instance in a Singleton and knowing how long to wait for windows to appear when switching to/from them. Sessions for Applications with Splash Screens This includes all the Office applications.  WinAppDriver’s FAQ has some help on this, but I think I’ve improved it a bit with the do/while loop to wait for the main window to appear.  The other methods look similar to the above, so I’ve collapsed them for brevity.

Putting it All Together So how do we put all this together and make a test run?  Glad you asked! NUnit I make fairly heavy use of NUnit’s class and method level attributes to ensure things get set up correctly depending on the assembly, namespace, or class a test is run in.  Mainly, I have a OneTimeSetup for the whole assembly that starts WinAppDriver and attaches to the Desktop root session.  

Then I separate my tests into namespaces that correspond to the application under test – in this case, it’s Outlook.  

I then use a OneTimeSetup in that namespace that starts Outlook (or attaches to it). 

Finally, I use SetUp and TearDown attributes on the test classes to ensure I start and end each test from the main application window.

The Test All that allows you to write (the somewhat verbose) test:

Wrapping It All Up For this post we went into the details on how to organize and code your Sessions for UI testing.  We showed you how to design them so you can reuse code between different application sessions.  We also enabled them to either start the application or connect to an already running application instance (and how the Session object can determine which to do itself).  Finally, we put it all together and created a basic test that drives Outlook’s UI to compose a new Email message and send it. Stay tuned for the next post where we’ll delve into how to handle all the dialog windows your UI needs – to interact with and abstract that away – so you can write a full test with something that looks like this: