Available · May 2026 · St George, UT or remote

A software tester
who investigates,
not executes.

I'm Ben — a Rapid Software Testing practitioner who treats every release as an investigation. I find the silent bugs, audit the checks nobody trusts, and report risk in terms stakeholders can actually act on. Currently testing a credit-union-wide core transformation at Mountain America CU.

Start a projectSee case studies
Now
Software Quality Engineer
Mountain America CU
Methodology
Rapid Software Testing
context-driven, skilled human investigation
Lab
AI Agent Security
VLAN-isolated multi-agent research
Based
St George, Utah
MT · open to remote
01 / About

Testing is investigation, not ceremony.

notA QA engineer running scripted test cases
notQuality assurance rubber-stamping releases
notA gatekeeper who says "looks good, ship it"
amA tester who investigates software under uncertainty
amA practitioner of heuristics, oracles, and risk-based strategy
amThe person who reports what stakeholders can act on

I investigate software to find problems that matter — designing experiments under uncertainty and applying heuristics to evaluate behavior.

Rapid Software Testing treats testing as skilled human investigation, not a scripted process. Every session has a charter, oracles, and heuristics. Every bug report tells a story. I'd rather delete a weak test than pretend it covers something.

I audit my team's checks the same way I'd audit my own — ruthlessly, quietly, on paper.

methodology
Rapid Software Testing
core craft
Exploratory testing · oracles
automation
C# · NUnit · Postman
data
SQL Server · post-migration
Method
Charters over scripts
Every session opens with a charter — a mission, an oracle, a timebox. No pass/fail checklists pretending to be tests.
Philosophy
Fewer, better checks
A suite is as strong as its weakest assertion. I'd rather delete a hundred checks than ship one that lies.
Output
Stories, not tickets
A bug report names the risk, the stakeholder who cares, and the cost of ignoring it. Nobody should have to translate.
Practice
Question the rule
When a query returns zero rows, that's a hypothesis to test — not an answer. The rule itself might be what's wrong.
?
02 / Work

Roles, in order of recency.

Dec 2023Now
Software Quality Engineer
Mountain America Credit Union
RSTC#NUnitSQL ServerPostman

Testing across migrated APIs, new services, and critical UI flows during a credit-union-wide core transformation.

  • Manual + automated testing across new features and API endpoints; write integration tests as features ship and investigate system behavior ahead of release.
  • Evaluate integration test quality over quantity — audit for meaningful signal, remove low-value coverage, ensure each test reflects real user or business behavior.
  • Contributed to one of the largest core transformations in the sector — testing migrated APIs, replacement services, and critical UI flows.
  • Post-migration data verification against defined rules to confirm accuracy and integrity of member financial data across legacy and new systems.
  • Author Test Action Plans and Test Strategies that serve as product-level testing guides for engineers across the org.
Oct 2023Nov 2023
Software Development Intern
beatBread
Next.jsTypeScriptPython
May 2022Aug 2022
Implementation Intern
Fast Enterprises
MS SQL ServerProduction diagnosis
Aug 2021Dec 2022
Computer Science Coach
Utah State University
PythonJavaC++Mentoring
Operating principle
Every bug report tells a story. The story I tell is the one stakeholders can act on — not the one the test tool happens to print.
Currently readingTaking Testing Seriously: The Rapid Software Testing Approach — James Bach and Michael Bolton
ReferenceRapid Software Testing methodology (Bach & Bolton)
Next investigationAI agent containment — escape surfaces
03 / Case studies

Three investigations.

Case No 01

Integration Test Suite Audit

700+ checks → signal

Context

The existing integration test suite had grown to 700+ checks across the API layer, but neither testers nor developers had confidence in it. It was treated as a formality — run because it existed, not because it provided signal.

Approach

Audited the suite controller by controller with a simple heuristic: if we couldn’t easily identify what value a check provided, it was modified or removed. Found many checks covering internal errors with no real risk, checks unclear in intent, and checks validating multiple things at once. Parallel-refactored for readability.

Findings

Majority of checks were impacted — modified, consolidated, or removed. Final count was similar; composition was fundamentally different.

Impact

Team confidence climbed sharply. Developers and testers began using the checks actively. Results now report to a dashboard for team-wide visibility.

Case No 02

Dispute Processing API Migration

FCRA/FDCPA compliance saved

Context

A vendor-facing API hub sending and receiving disputes and receipts — credit-bureau workflows and compliance-critical dispute notes governed by FCRA/FDCPA. Migration involved significant refactoring alongside a core transformation. Risk: dispute notes routed to the wrong place would fail silently, creating compliance exposure with no immediate signal.

Approach

Authored a test strategy. Tested migrated features by comparing old-vs-new core results. Tested refactored behavior before-vs-after across environments. Spot-checked data mapping directly in the core systems. Evaluated existing integration tests and found hardcoded data masking real risk.

Findings

Discovered a typo in the receipt retrieval endpoint that silently prevented it from functioning — a bug that would have caused a compliance failure if shipped. Identified hardcoded data giving false confidence.

Impact

Prevented a potential FCRA/FDCPA compliance violation. Surfaced fragile test data that was undermining the team’s trust in their checks.

Case No 03

Post-Migration Data Verification

4 members’ data recovered

Context

As part of a credit-union-wide core transformation, member financial data was migrated from legacy to new core. Defined mapping rules governed translation. Verification spanned HELOC expiration dates, construction loan notes, credit card promotions.

Approach

Verified data against mapping rules ticket by ticket. When initial queries returned no matches, investigated further rather than accepting ‘not applicable’ — searched adjacent cases with variations to test whether the expectation itself was correct.

Findings

During construction-loan-notes verification, initial results suggested no matching cases existed. Rather than closing the ticket, I investigated adjacent cases and discovered the expected data format was wrong. At least four cases existed that should have been mapped but were never migrated.

Impact

Prevented permanent loss of member construction loan data. Demonstrated that verification means questioning the rules themselves, not just checking data against them.

04 / Lab

Off-hours research.

Active · started April 2026

AI agent
security lab.

A VLAN-isolated research lab for testing AI agent behavior — delegation, network containment, and prompt injection with real tool access. A Mac Mini M4 hosts OpenClaw, accessible only via a Discord bridge; a Raspberry Pi 4 running OpenWrt controls exactly what the agents can reach. RST applied to AI agents is almost completely unexplored territory.

Read the field notes
INTERNETwanFIREWALL · VLANRaspberry Pi 4OpenWrt 24.10.4LANblockedDENYAGENT ZONE · isolatedHOSTMac Mini M4OpenClawcpu · mem · ioAGENTS▸ orchestrator▸ executor 01▸ executor 02▸ observerALLOW
rigMac Mini M4 · Raspberry Pi 4 router
hostOpenClaw · Discord bridge
zoneVLAN-isolated · LAN blocked
next4-agent hierarchy · containment test
05 / Contact

Let's start.

Looking for a tester who investigates, not executes?

Send me the shape of what you're building — the stakes, the timeframe, where it hurts. I'll come back with how I'd investigate it.

Emailcontact@benashton.dev
LinkedIn/in/ben-ashton
GitHub@starwarsnerd77
LocationSt George, Utah · MT

Send a brief.

The more context, the sharper the response.