‘Why Confidence Matters’ is a weekly three-part series. In this first article, we’ll explore why a reliable confidence score is important for our users. In part two, we’ll explain more about how we measured improvements in our scores using responses from our users. And finally, in part three, we’ll go over the pipeline we used to test different approaches and the resulting impact in production.   Part One: Why Confidence Matters   Across many applications of machine learning (ML), being able to quantify the uncertainty associated with the prediction of a model is almost as important as the prediction itself.    Take, for example, chatbots designed to resolve customer support queries. A bot which provides an answer when it is very uncertain about it, will likely cause confusion and dissatisfied users. In contrast, a bot that can quantify its own uncertainty, admit it doesn’t understand a question, and ask for clarification is much less likely to generate nonsense messages and cause frustration amongst its users.

The importance of quantifying uncertainty   Almost no ML model gets every prediction right every time – there’s always some uncertainty associated with a prediction. For many product features, the cost of errors can be quite high. For example, mis-labelling an important email as phishing and quarantining it could result in a customer missing a crucial invoice, or mislabelling a bank transaction as fraudulent could result in an abandoned purchase for an online merchant.      Hence, ML models that make critical decisions need to predict two key pieces of information: 1. the best answer to provide a user 2. a confidence score to quantify uncertainty about the answer. Quantifying the uncertainty associated with a prediction can help us to decide if, and what actions should be taken.

How does Tessian Defender work?   Every day, Tessian Defender checks millions of emails to prevent phishing and spear phishing attacks. In order to maximise coverage,  Defender is made up of multiple machine learning models, each contributing to the detection of a particular type of email threat (see our other posts on phishing, spear phishing, and account takeover).      Each model identifies phishing emails based on signals relevant to the specific type of attack it targets. Then, beyond this primary binary classification task, Defender also generates two key outputs for any email that is identified as potentially malicious across any of the models:   A confidence score, which is related to the probability that the email flagged is actually a phishing attack. This score is a value between 0 (most likely safe) and 1 (most certainly phishing), which is then broken down into 4 categories of Priority (from Low to Very High). This score is important for various reasons, which we further expand on in the next section. An explanation of why Defender flagged the email. This is an integral part of Tessian’s approach to Human Layer Security: we aim not only to detect phishy emails, but also to educate users in-the-moment so they can continually get better at spotting future phishing emails. In the banner, we aim to concisely explain the type of email attack, as well as why Defender thinks it is suspicious. Users who see these emails can then provide feedback about whether they think the email is indeed malicious or not. Developing explainable AI is a super interesting challenge which probably deserves its own content, so we won’t focus on it in this particular series. Watch this space!   

Why Confidence Scores Matters    Beyond Defender’s capability to warn on suspicious emails, there were several key product features we wanted to unlock for our customers that could only be done with a robust confidence score. These were: Email quarantine Based on the score, Defender first aims to quarantine the highest priority emails to prevent malicious emails from ever reaching their employees’ mailboxes. This not only reduces the risk exposure for the company from an employee still potentially interacting with a malicious email; it also removes burden and responsibility from the user to make a decision, and reduces interruption to their work.   Therefore, for malicious emails that we’re most confident about, quarantining is extremely useful. In order for quarantine to work effectively, we must:   Identify malicious emails with very high precision (i.e. very few false positives). We understand the reliance of our customers on emails to conduct their business, and so we needed to make sure that any important communications must still come through to their inboxes unimpeded. This was very important so that Tessian’s Defender can secure the human layer without security getting in our user’s way. Identify a large enough subset of high confidence emails to quarantine. It would be easy to achieve a very high precision by quarantining very few emails with a very high score (a low recall), but this would greatly limit the impact of quarantine on how many threats we can prevent. In order to be a useful tool, Defender would need to quarantine a sizable volume of malicious emails.   Both these objectives directly depend on the quality of the confidence score. A good score would allow for a large proportion of flags to be quarantined with high precision.

Prioritizing phishy emails In today’s threat landscape, suspicious emails come into inboxes in large volumes, with varying levels of importance. That means it’s critical to provide security admins who review these flagged emails with a meaningful way to order and prioritize the ones that they need to act upon. A good score will provide a useful ranking of these emails, from most to least likely to be malicious, ensuring that an admin’s limited time is focused on mitigating the most likely threats, while having the assurance that Defender continues to warn and educate users on other emails that contain suspicious elements.   The bottom line: Being able to prioritize emails makes Defender a much more intelligent tool that is effective at improving workflows and saving our customers time, by drawing their attention to where it is most needed.  

Removing false positives We want to make sure that all warnings Tessian Defender shows employees are relevant and help prevent real attacks.    False positives occur when Defender warns on a safe email. If this happens too often, warnings could become a distraction, which could have a big impact on productivity for both security admins and email users. Beyond a certain point, a high false positive rate could mean that warnings lose their effectiveness altogether, as users may ignore it completely. Being aware of these risks, we take extra care to minimize the number of false positives flagged by Defender.    Similarly to quarantine, a good confidence score can be used to filter out false positives without impacting the number of malicious emails detected. For example, emails with a confidence score below a given threshold could be removed to avoid showing employees unnecessary warnings.

What’s next?   Overall, you can see there were plenty of important use cases for improving Tessian Defender’s confidence score. The next thing we had to do was to look at how we could measure any improvements to the score. You can find a link to part two in the series below (Co-authored by Gabriel Goulet-Langlois and Cassie Quek)

Well 2021 was certainly a year to remember! Here’s just some of the things we’ve achieved in the last 12 months…. Tessian in numbers Scanned nearly 5 billion emails  Identified over half a million malicious emails Stopped close to 30,000 account takeover attempts Prevented over 100,000 data breaches due to a misdirected email We donated $13,220 donated to charities chosen by our customers during the winter holidays Promoted 39 people internally Hired 155 new employees with the highest proportion going to engineering and sales (we’re still hiring!)  Expanded our senior team to include roles such as CISO, Head of Threat Intelligence, Trust & Compliance Lead, Chief Product Officer, and Chief Strategy Officer Announced five new partner integrations including Okta, KnowBe4 and Sumo Logic. Secured 995 pieces of news coverage in both mainstream and trade media Welcomed nearly 6,000 attendees to our three virtual Human Layer Security Summits Hosted and sponsored 104 virtual and physical events globally

January We kicked off January with our How to Hack a Human research report, and followed with our new mission video. On the product side, Tessian Defender began protecting against External Account Takeover.

February  Tessian Guardian continued to evolve as February saw us launch our ‘Misattached Files’ feature, which uses machine learning to automatically detect and prevent people accidentally sharing the wrong files via email. Which, according to our research 48% of employees have done….   March To celebrate International Women’s March Day, we launched our second installment of the Opportunity in Cybersecurity report, highlighting how nearly half of women working in cybersecurity (49%) say that the COVID-19 pandemic has affected their career in a positive way. On the people side we welcomed Matt Smith as Chief Strategy Officer  And Tessian Guardian continued to add new features with even more customization settings to fine tune it to your organization’s specific requirements. Finally, we launched our springtime Human Layer Security Summit. 

April April saw the launch of our Diversity and Inclusion strategy, with our long term aim of growing and expanding the entry-level talent pool by creating junior jobs for people entering the tech industry, whether that’s in Sales or Engineering.  On the product side, we also launched our Human Layer Risk Hub.    May We hit the jackpot in May when, after much hard work, we raised $74m raised in Series C plus extension funding. To announce the move we took over the famous billboard at Time Square. We also welcomed Sumo Logic CEO Ramin Sayar to Tessian’s Board of Directors. And knowing how important rest and time away from work is to our staff, we launched Refressian Summer, giving every employee Friday afternoon off during July and August.    June June saw no signs of slowing down as we hosted our summer Human Layer Security Summit, added Human Layer Security Intelligence to our platform to help give you more visibility and insight into your human layer risks. And, as the world came out of various lockdown programs, we launched our Back to Work Report. 

July A highlight of July was our Summer social event, where staff could let their hair down and party (see below). We also (re)opened new & existing offices in London UK, Boston MA, and Austin TX.  We were named Representative Vendor in the 2021 Gartner Market Guide for Data Loss Prevention. And we were recognized as one of the top three medium-sized companies in the UK’s Best Workplaces™ for Women.   August August saw us set up shop at BlackHat USA 2021, and Hire Josh Yavor as our Chief Information Security Officer.    September After a relaxing summer, it was ‘back to school’ in September, when we launched our Spear Phishing Threat Landscape 2021 report. Over a 12-month period, Tessian detected nearly two million malicious emails that slipped past legacy phishing solutions.  We also hired our 200th Tessian, and were voted Best Place to Work in Tech UK. We also held our first internal TES Talk – where once a month anyone in the company can give a short talk about a passion project, subject or something they’ve worked on. 

October As the Fall rolled around October saw us launch Architect; a powerful policy engine for real-time email data loss prevention. Gartner recognized Tessian as a Representative Vendor in the 2021 Market Guide for Email Security.  And we were voted Rover’s best dog-friendly companies 2021 🐾. We announced our integration with integrations with Okta to help organizations protect against the biggest threats to enterprise security – people’s identities and behaviors. The end of October also saw Central London reverberate to ghostly screams and wails as we hosted our Halloween karaoke social night… 

November The penultimate month of the year saw our final HLS Summit of 2021. We also recognized how hard and stressful being a CISO can be in our CISO Lost Hours report.    More people joined us including Allen Lieberrman joins as Chief Product Officer. A commissioned study conducted by Forrester Consulting on behalf of Tessian shows that Security and Risk leaders feel little control over risks posed by employees, which you can read here. And the silverware kept coming as Fast Company named us one of best innovators in AI and Data, and Deloitte recognized our epic growth in their Fast 50 for 2021 list. The product team were kept busy with our integrations with Sumo Logic. December After an exciting year, it was once again time for a party, with those based in London meeting up in person for drinks and games, while others attended our online virtual event. Another month, another integration as we paired up with our good friends at KnowBe4    We reached another milestone when our podcast, RE: The Human Layer, reached 5000 downloads. And we launched humanlayersecurity.com, our new online magazine for security leaders. Finally, our marketing team met up in person in Austin, TX to plan out how we’re going to top what was a challenging but epic year for Tessian! So, as we come to the end of 2021, we’d just like to say thank you to those of you who’ve been on this amazing journey with us, and as Frank Sintra once sang, the best is yet to come. See you in 2022… Merry Christmas and a Happy New Year!

We’ve been recognized in Fast Company’s inaugural Next Big Things in AI and Data list   The list honors technology breakthroughs that promise to shape the future of their industries, and includes global giants, intrepid startups, and research that is fresh from the labs.    In all, our approach to Human Layer Security joins 64 other technologies, products, and services that will have a positive impact for consumers, businesses, and society at large in the next five years.    If you’ve read this blog or any of our reports, you’ll know our approach to cybersecurity is designed to protect people, not just machines and data.    Why, because 95% of today’s data breaches are caused by human error. Using machine learning to understand people’s communication patterns and behaviors online, Tessian automatically stops data breaches caused by employees on email and continuously drives people towards safer email behavior, thanks to in-the-moment training.    “It just takes one mistake, one carefully crafted phishing email, or one moment when an employee lets their guard down for company security to be compromised,” says Tim Sadler, CEO and co-founder of Tessian. “Those ‘Oh Sh*t!’ security moments cost people their jobs and businesses their reputations – but they can be stopped. Our technology empowers employees to make safe cybersecurity decisions in-the-moment and prevents mistakes before they turn into breaches. In today’s threat landscape, this people-first approach to security has never been more important and I’m so proud to be recognized by Fast Company for our work.”    “Fast Company is thrilled to highlight cutting-edge technologies that are solving real-world problems in unexpected ways. From climate change and public health crises to machine learning and security, these technologies will certainly have a profound impact on the future, and we’re honored to bring attention to them today,” says Stephanie Mehta, editor-in-chief of Fast Company.   You can see the full list here

We are very pleased to welcome Allen Lieberman as Tessian’s new Chief Product Officer who will head up the continued development of the industry’s first and leading Intelligent Cloud Email Security platform. Allen joins us from VMware Carbon Black, where he worked for nearly 9 years, and held roles including Senior Director of Product Marketing and VP of Product Management. He has spent the vast majority of the last 20 years in the Software-as-a-Service space. We took a few minutes to get to know Allen and find out what he’s looking forward to in his new role.    Allen, hi! Let’s start off with an easy question: why did you decide to join Tessian?  A combination of reasons, really.  First, the mission. Tessian is set out on a compelling mission that is critical to customers’ ability to scale and defend their enterprise in the modern threat and communications landscape. People can – and should – be a security team’s best asset. By enabling the employee community to help protect and defend the enterprise, security teams are better positioned to scale and protect their organizations. Until now, securing the human layer has been underserved. But as the enterprise and communications landscape evolves, putting people first is critical to the success of modern security programs. Tessian has set out on a mission to make this a reality.   Second, the culture and team at Tessian is world class. Having been in the trenches with key members of the team, I understand the culture that is being cultivated and feel good about the high level of diverse talent we have. At Tessian, there is a focus on doing the right thing, staying positive, persevering through challenges, and keeping people at the center of what we do. Having the culture aligned to my core values was critical in my decision.  And third, the time is right. Security teams, today, are dealing with unprecedented levels of cybercrime. As organizations have become more distributed and cloud-first, as employees communicate over emerging channels and as attackers evolve to meet employees where they are, now is the time for a better solution to help enable every employee to protect the enterprise.   It’s rare to find a company that has all these three things.    What do you see as the top benefit Tessian offers to customers?  The sea change that Tessian enables is turning the employee base into a security team’s best asset, while reducing overhead on the security teams.  Tessian automates the protection of critical communications channels like email while assisting people in understanding their role of protecting the enterprise – which is unlike so many other security solutions. The ability to embed security communication and training ‘in-the-moment’, when an employee needs it most, helps build a collaborative culture between staff and security teams while reducing breach responses. It’s great when employees really feel that security teams ‘have their back’ and that’s what Tessian enables.    What do you see as the biggest opportunity for Tessian?  Our biggest opportunity is to shift our customer’s mindset from security being seen as something that security teams do, to security being something that all employees do.  When we accomplish that – i.e. when employees become part of the new perimeter and when all employees are truly extended parts of security teams – we would’ve changed the security game. I think that’s the biggest opportunity we have.    What’s your focus for the next 3-6 months?  I’ll be very much focused on learning over the next few months. While I’m coming into Tessian with many years of experience, there is so much to take in, as with I think about prioritizing and executing on the opportunity to drive change ahead.  My intent is to learn from our team, from our customers and from our partners. I’m excited to understand more about the challenges that are faced by our customers, the opportunities we have to address them and, of course, I’m interested in learning much more about our team.     And finally, can you summarize Tessian’s mission in 25 words or less? sure, Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprises.

At Tessian, we have many applications that interact with each other using REST APIs. We noticed in the logs that at random times, uncorrelated with traffic, and seemingly unrelated to any code we had actually written, we were getting a lot of HTTP 502 “Bad Gateway” errors.   Now that the issue is fixed, I wanted to explain what this error means, how you get it and how to solve it. My hope is that if you’re having to solve this same issue, this article will explain why and what to do.    First, let’s talk about load balancing

In a development system, you usually run one instance of a server and you communicate directly with it. You send HTTP requests to it, it returns responses, everything is golden.    For a production system running at any non-trivial scale, this doesn’t work. Why? Because the amount of traffic going to the server is much greater, and you need it to not fall over even if there are tens of thousands of users.    Typically, servers have a maximum number of connections they can support. If it goes over this number, new people can’t connect, and you have to wait until a new connection is freed up. In the old days, the solution might have been to have a bigger machine, with more resources, and more available connections.   Now we use a load balancer to manage connections from the client to multiple instances of the server. The load balancer sits in the middle and routes client requests to any available server that can handle them in a pool.    If one server goes down, traffic is automatically routed to one of the others in the pool. If a new server is added, traffic is automatically routed to that, too. This all happens to reduce load on the others.

What are 502 errors? On the web, there are a variety of HTTP status codes that are sent in response to requests to let the user know what happened. Some might be pretty familiar:   200 OK – Everything is fine. 301 Moved Permanently – I don’t have what you’re looking for, try here instead.  403 Forbidden – I understand what you’re looking for, but you’re not allowed here. 404 Not Found – I can’t find whatever you’re looking for. 503 Service Unavailable – I can’t handle the request right now, probably too busy. 4xx and 5xx both deal with errors. 4xx are for client errors, where the user has done something wrong. 5xx, on the other hand, are server errors, where something is wrong on the server and it’s not your fault.    All of these are specified by a standard called RFC7231. For 502 it says:   The 502 (Bad Gateway) status code indicates that the server, while acting as a gateway or proxy, received an invalid response from an inbound server it accessed while attempting to fulfill the request.   The load balancer sits in the middle, between the client and the actual service you want to talk to. Usually it acts as a dutiful messenger passing requests and responses back and forth. But, if the service returns an invalid or malformed response, instead of returning that nonsensical information to the client, it sends back a 502 error instead.   This lets the client know that the response the load balancer received was invalid.

The actual issue   Adam Crowder has done a full analysis of this problem by tracking it all the way down to TCP packet capture to assess what’s going wrong. That’s a bit out of scope for this post, but here’s a brief summary of what’s happening:    At Tessian, we have lots of interconnected services. Some of them have Application Load Balancers (ALBs) managing the connections to them.   In order to make an HTTP request, we must open a TCP socket from the client to the server. Opening a socket involves performing a three-way handshake with the server before either side can send any data.   Once we’ve finished sending data, the socket is closed with a 4 step process. These 3 and 4 step processes can be a large overhead when not much actual data is sent.  Instead of opening and then closing one socket per HTTP request, we can keep a socket open for longer and reuse it for multiple HTTP requests. This is called HTTP Keep-Alive. Either the client or the server can then initiate a close of the socket with a FIN segment (either for fun or due to timeout).

The 502 Bad Gateway error is caused when the ALB sends a request to a service at the same time that the service closes the connection by sending the FIN segment to the ALB socket. The ALB socket receives FIN, acknowledges, and starts a new handshake procedure.   Meanwhile, the socket on the service side has just received a data request referencing the previous (now closed) connection. Because it can’t handle it, it sends an RST segment back to the ALB, and then the ALB returns a 502 to the user.   The diagram and table below show what happens between sockets of the ALB and the Server.

How to fix 502 errors   It’s fairly simple. Just make sure that the service doesn’t send the FIN segment before the ALB sends a FIN segment to the service. In other words, make sure the service doesn’t close the HTTP Keep-Alive connection before the ALB.    The default timeout for the AWS Application Load Balancer is 60 seconds, so we changed the service timeouts to 65 seconds. Barring two hiccups shortly after deploying, this has totally fixed it.   The actual configuration change   I have included the configuration for common Python and Node server frameworks below. If you are using any of those, you can just copy and paste. If not, these should at least point you in the right direction.  uWSGI (Python) As a config file: # app.ini [uwsgi] ... harakiri = 65 add-header = Connection: Keep-Alive http-keepalive = 1 ... Or as command line arguments: --add-header "Connection: Keep-Alive" --http-keepalive --harakiri 65 Gunicorn (Python) As command line arguments: --keep-alive 65 Express (Node) In Express, specify the time in milliseconds on the server object. const express = require('express'); const app = express(); const server = app.listen(80); server.keepAliveTimeout = 65000

Looking for more tips from engineers and other cybersecurity news? Keep up with our blog and follow us on LinkedIn.

We’re excited to announce that Tessian has been recognized as one of the 2021’s UK’s Best Workplaces™ in Tech. The list includes 98 organizations which were selected after Great Place to Work® UK analyzed the responses of UK-based tech employees via its Trust Index© employee survey.  This recognition confirms that Tessian is a great workplace for all employees, and that staff at the company feel a strong sense of trust, fairness, pride, and wellbeing. Earlier this month, we celebrated the hiring of our 200th employee and, as part of the celebrations, employees shared 200 reasons why they love working here.   These included: Working for an innovative company that is defining a new category in cybersecurity and transforming security strategies at global enterprises.  Tessian’s ‘choice first’ working policy which allows employees to choose where they work – remotely, in the office, or hybrid.  Company days off, called Refreshian Days for staff to switch off and focus on their mental wellbeing. Throughout July and August 2021, every employee also logged off at 1pm on Fridays for a “Refreshian Summer”. A dedication to diversity, equity and inclusion (DEI), with a transparent DEI strategy and access to Employee Resource Groups including Plus, an LGBTQ+ network, and Tes-She-An, a space created to support Tessians who identify as women.  Every employee gets shares in the company.  Tessian is hiring! Check out the open positions 👉🏼 here 👈🏼

September 2021 saw us welcome our 200th Tessian employee 🙌. That’s some milestone, and quite a journey from where Tim, Ed, and Tom started back in 2013. Back then, after graduating from Imperial College, they quit their jobs in finance, and worked out of an apartment to develop what would go on to become Guardian, the first of our products. Along the way there’ve been some incredible stories and amazing highs, which we know wouldn’t be possible without our people. One thing we were sure of from the start is that we wanted our company culture to be much more than ‘beers and ping pong’ (though we have those too 🏓🍺). To achieve that we’ve designed a comprehensive package and onboarding process that helps all Tessians do their best work. Because our mission is one of critical importance: Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprises. All of this combined makes Tessian one of the best places to work in the industry. So to mark the arrival of our 200th team member, we asked the other 199 Tessians around the globe what they love about working here, here’s what they had to say… 1: We leading an entirely new category: Intelligent Cloud Email Security 2: Our ‘choice first’ working policy lets employees work remotely, in the office, or hybrid. 3: We’re one of the top 3 medium sized companies in the UK’s Best Workplaces™ for Women for 2021. 4: We raised $42m in our Series B fundraise,  5: and $65m in our Series C fundraise. 6: …and even more in our Series C extension. 7: Our investors include Sequoia, 8: …and Accel, 9: …and March Capital, 10: …and Balderton, 11: …and Sozo Ventures, 12: …and Okta Ventures, 13: …and Citi Ventures. 14: We’ve received a lot of analyst recognition. 15: We use rigorous salary benchmarking to ensure we pay our Tessians fairly. 16: Every employee gets shares in the company. 17: You’ll work with experts in machine learning and engineering. 18: Our flagship event, Human Layer Security Summit, is a must for industry trailblazers. 19: We were included in the Cyber Defense Awards for Next-Gen Email Security. 20: In a 12-month period, we stopped nearly two million malicious emails that slipped past our customers’ SEGs. 21: Our offices are dog friendly (this is Fig).  22: Our Glassdoor company rating is 4.6 stars. 23: Our Glassdoor CEO approval rating is 96%. 24: And finally our Glassdoor ‘recommend to a friend’ score is 90%. 25: Our product roadmap is clear (and disruptive!) 26: Every Tessian attends in-depth DEI training to promote deep commitment to Diversity, Equity and Inclusion at Tessian and beyond. 27: In July and August we have “Refreshian Summer”, paid days off to enjoy the sunshine 28: Our customer base includes some of the world’s biggest and most innovative organizations, including Arm, 29: …and Schroders, 30: …and Cordaan. 31: You can bring your whole self to work. 32: We take mental health seriously, and offer support instantly via Spill. 33: Tessian Guardian is the only solution in the market that can prevent mis-attached files and misdirected emails. 34: We have offices in Boston, MA, 35: …and Austin, TX, 36: …and London, 37: …and more hubs coming soon! 38: All of which means you get to travel (if you want…)  39: You’ll have the chance to mentor local students with our ‘1 hour’ program. 40: We were named a “Cool Vendor in Cloud Office Security” by Gartner. 41: We have a cats-of-Tessian slack channel 🐈.  42: Every Friday, lunch is on us with Feedr or other platform – we call it Taste of Tessian. 43: Our ‘House’ system teams you up with people across the global business (who doesn’t love a bit of friendly competition?) 44: Don’t want any meetings? Don’t worry! Log off Slack for some Daily Deep Work. 45: We’re committed to closing the skills and gender gap in cybersecurity. 46: We’ve been known to host pretty epic social events, and teams have a monthly budget to spend. Some examples include whale watching… 47: …and canal cruises, 48: … and sheep meditation, 49: …and sushi-making classes 🍣. 50: Tessian Defender stops spear phishing, Business Email Compromise (BEC), and Account Takeover (ATO) 51: We have great pension plans  52: We have tons of staff community groups, including Plus, an LGBTQ+ network, and Tes-She-An, a space created to support Tessians who identify as women 53: Every year, we host a company-wide summer party 54: Our developers have autonomy to create and steer their own products (with some product input…) 55: We offer private medical insurance in the UK, 56: …and health insurance in the US,  57: …and medical insurance for our employees everywhere else. 58: Want to see the world? You can work abroad for up to 30 days. 59: Tessian integrates with Outlook, 60: …and Gmail, 61: …and Microsoft 365. 62: We host Industry experts on our podcast, RE: Human Layer Security. 63: Hungry? We have a huge range of healthy snacks and drinks in our staff kitchens… 64: …and on Thursdays a big (vegan) cake, because everyone likes cake right? 65: We solve problems that have real-world implications for real people. 66: You’ll get massive discounts through our Classpass gym membership. 67: If someone you refer makes it to a first round interview you get $150, 68: …and if they are successfully hired, you get $3650 🤑. 69: Our Donut ‘get to know’ program randomly pairs you with someone new every two weeks, so you get to know people outside your own team or region. 70: You’ll be a part of a great team, all driven by the same mission: to secure the human layer. 71: We have monthly TES talks from employees on a range of topics, from LEGO to business negotiations. 72: We’re Cyber Essentials Certified, 73: …and Cyber Essentials Certified Plus, 74: …and a part of the AWS Partner Network. 75: We have a superb onboarding program via Enboarder. 76: Our AI/ML helps automate process and reduce admin overhead for our customers’ IT teams. 77: We offer a cycle to work scheme 🚲,  78: …and our London office has a secure bike rack, lockers and showers. 79: Employees get 25 vacation days a year, 80: …with an extra day for every year worked up to 30 days in total… 81: …with bank holidays/nationally observed holidays on top of that! 82: We were named Best AI and Deep Tech Company in the VIVA Technology Awards. 83: You can get your eyes tested for free 👀. 84: Fancy some footy? Our London team has 5-(sometimes more)-a-side weekly football games. 85: We have high quality hardware for your home office and in the office. 86: We support future leaders by helping every Tessian create a tailored growth plan for their career development.  87: We have team members across 9+ different countries. 88: We have our ISO 27001 UKAS… 98: …and SOC2, 100: …and SOC3. 101: We host epic ping pong tournaments. 102: The feedback we get via Peakon helps guide the business. 103: Wear what you want! We don’t have a dress code policy. 104: We were included in the Sunday Times Fast Track 100: Fast Growing Tech Companies 2020. 105: Once hired, you’ll receive a welcome pack that includes tons of swag like socks… 106: …and a T-shirt, 107: …and a water bottle,  108: …and a backpack. 109: We don’t just prevent data breaches, we prevent embarrassing mistakes on email, too. 110: We have a clear path for our engineers to progress in their career. 111: We’re guided by six values, including… 112: …Craft at Speed, 113: …Grit and Perseverance, 114: …We do the Right Thing, 115: …Human First, 116: …Customer Centricity, 117: …Positive Mindset. Solution Oriented. 118: And every quarter, we ask Tessians to nominate Values Champions. 119: We were included in Forrester’s Now Tech: Enterprise Email Security Providers report in Q3 2020. 120: Tessian Human Layer Security Intelligence integrates with SIEM/SOARS including Splunk, 121: …and LogRhythm, 122: …and Fortinet, 123: …and Alien Vault, 124: …and Azure Sentinel, 125: …and IBM QRadar, 126: …and Exabeam, 127: …and Rapid7, 128: …and Securonix, 129: …and RSA Security, 130: We’re committed to helping our customers meet their compliance needs. 131: We’ve built detailed growth frameworks for each role so your path to a promotion is clear. 132: New to the company? Have lunch with your team on us (virtually or IRL). 133: We have a culture that’s very accepting of new ideas, regardless of how junior or senior you are. 134: We recently launched our Partner Program to help us connect with more organizations across NAMER and EMEA. 135: We solve problems together and ask what WE can do to fix a problem. 136: Our senior management is very accessible. 137: We host a bi-weekly all-hands to make sure everyone is connected and informed. 138: Everyone gets a Macbook Air, or Macbook Pro if you’re in engineering. 139: Your manager will create a clear 30, 60 and 90 day plan when you start to set you up for success. 140: We’re a technology company that actually uses technology and apps to streamline and improve our processes. 141: Every day, employees shout about others good work via kudos. 142: The environment is fast-paced. 143: We have very little red tape. 143: We have a beer fridge in the kitchen… 144: … and our own beer! 145: Our products reduce friction between security teams and the rest of the company. 146: We have a culture that promotes experimentation. 147: Our product and engineering teams have a healthy obsession with our customers. 148: We took care of our people during and after the pandemic with an allowance that helped everyone get their home offices set-up. 149: You’ll work with ​​smart, bright, and professional people. 150: Our platform reduces data exfiltration by 84%+. 151: With Tessian, click through rate on phishing emails drops below 5%. 152: Tessian deploys in minutes. 153: The ROI of Tessian is easy to prove. 154: Our Human Layer Risk Hub is the only solution that offers protection, training, and risk analytics all in one platform. 155: We know that cybersecurity is a team sport. 156: Our threat intelligence team helps keep our customers safe and reports on trends. 157: Each person gets a generous allowance for learning and development every year. 158: We have a company culture that promotes productive feedback. 159: We’ve had some of the biggest names in the industry join us for events and on our podcast, including, 160: …Lena Smart, CISO @ MongoDB, 161: …Nuno Teodoro, Cybersecurity Officer @ Huawei, 162: …Bobby Ford, CISO @ HP, 163: …Howard Shultz, Former CEO @ Starbucks, 164: …and Stephane Kasriel, Former CEO @ Upwork. 165: All three of the founders are accessible. 166: Our CEO holds regular office hours. 167: There are several book clubs you can join. 168: Upon joining, every employee shares a fun fact about themselves. You’ll be working with, 169: …A chess champion, 170: …The grandson of the man who designed the locks on the gates of Buckingham Palace, 171: …A published author, 172: …A former Olympic ballgirl, 173: …A movie extra, 174: …And someone who’s climbed Mount Rainier! 175: Our products prevent “Oh Sh*t” moments like data exfiltration, accidental data loss, and spear phishing. 176: Our Global Leadership Team was designed to empower and inspire every employee at Tessian to achieve their potential. 177: Our customers influence the product. 178: You’ll have the opportunity to build something new and the freedom to define your own methodologies. 179: We live by the motto “It takes a village” 180: We’re guided by 5 Tone of Voice (TOV) principles… 181: …We are helpful, 182: …Self-assured, 183: …Knowledgeable, 184: …Personable, 185: …and Direct. 186: And we host monthly Tone of Voice sessions to help employees across departments improve their writing. 187: We host pub-style quizzes at every Engineering off-site. 188: We encourage our employees to fail fast and iterate. 189: Every new joiner gets a “buddy”. 190: We collectively celebrate promotions. 191: If you’d rather be on your feet, standing desks are an option. 192: Our London office has a meditation pod 🙏 193: We have a board game Slack group and in office game nights (Catan ftw!), 194: Our dataset is really rich, which means our data science and threat intel teams can pull incredible insights. 195: Our support team has a 95% customer satisfaction score. 196: Green fingered? Our London office is full of plants 🪴. 197: We love a good cybersecurity meme. 198: We were named a Representative Vendor in the 2021 Gartner Market Guide for Data Loss Prevention. 199: Our People Team goes above and beyond. 200: And finally, we’re still growing! Want to be our 201st employee? Check out our open positions now. 2023 note: some of the employee benefits listed above have changed, or been adapted – but it’s still a great place to work. 

Following our Series C fundraise in May 2021, we are delighted to announce that we have received strategic investment from Okta Ventures, Citi Ventures and Sozo Ventures as part of a Series C extension.  With the additional funding, we are accelerating our journey to achieve our mission of mitigating and preventing human risk in the enterprise, and empowering people to do their best work without security getting in the way.  Human error is the leading cause of data breaches in organizations today. This is because cybersecurity software has typically focused on the machine layer of a company and not the people – the gatekeepers to the most sensitive systems and data in an organization. The so-called ‘people problem’ in security has been exacerbated as businesses move to a remote or hybrid way of working, in the wake of the Covid-19 pandemic. To overcome this, Tessian has pioneered a new approach to cybersecurity and defined a new category of security software called Human Layer Security. Ultimately, we want help companies replace their secure email gateways and legacy data loss prevention solutions. This means we will expand our platform’s capabilities beyond email, securing other interfaces like messaging, web and collaboration platforms from incidents of human error. 

On the investment, Austin Arensberg, Director at Okta Ventures said, “The biggest threat to enterprise security today is people’s identities and behaviors. “With more people working remotely, it’s never been more important for companies to know who their most high risk employees are, the threats they pose to company security, and how to keep them safe – without disrupting their workflow. We saw a huge opportunity with Tessian; by securing the human layer, businesses can stop threats and keep operations running.” Our CEO and co-founder Tim Sadler also added, “For too long, cybersecurity software has focused on securing technology and neglected the security of the people who run the organization. “It just takes one wrong decision, or one instance of human error, for an employee to cause a catastrophic security breach – and businesses are starting to realize that they now must do something to stop this. With backing from best-in-class investors and executives from some of the world’s most innovative security companies, we are truly on our way to fulfilling our mission of securing the human layer and helping businesses overcome one of the biggest threats to enterprise security.” As with every fundraise, this is just the beginning. It takes a village and we’re only just getting started. If you know anyone looking to take the next step in their career and to join a company solving the biggest problem in enterprise security today, please get in touch, we are hiring! 🚀

We’re excited to announce that Tessian has been recognized as one of the top three medium-sized companies in the UK’s Best Workplaces™ for Women for 2021.  Our Human First value, its commitment to Diversity, Equity and Inclusion (DEI), and its Employee Resource Group (ERG) for women – Tes-She-An – are just some of the reasons why people love working at the company. This recognition confirms that:  Tessian is a great workplace for all employees, including women. Tessian recognizes that women represent a valuable talent pool in increasingly talent–constrained industries such as cybersecurity and technology.  Tessian lives up to its company values of ‘Human First’ and ‘We Do the Right Thing’, as its leaders make meaningful changes to improve their ability to recruit, retain and nurture top female employees.

Education and training have been foundational first steps in Tessian’s DEI strategy. We partnered with Jeff Turner, former International Learning and Development Director for Facebook, to deliver company-wide training around diversity, unconscious bias and inclusion. We’ve also taken the time to establish our long-term DEI roadmap – which includes a diversity recruitment strategy across all hiring levels, expanding the entry-level talent pool by creating junior jobs for people entering the tech industry, and prioritizing the development of future leaders through well-defined growth frameworks across the company. 

In addition, Tessian’s ERG group – Tes-She-An – provides a space to support all employees who identify as women, celebrate their achievements, and help each other “shine even brighter” by focusing on career progression. The group runs monthly workshops for women, and invites inspiring external guests who are leading the charge in creating equal opportunities in the tech industry, to speak to employees. Importantly, these events do not operate in a closed network. They’re open to the entire company – not just women.  As a result of these initiatives and programs, 99% of Tessian employees surveyed by Great Place to Work® agreed that people at the company are treated fairly regardless of their gender.  Paige Rinke, Head of People at Tessian, says: “We are so proud to be recognized as a Best Workplace for Women and hear first-hand from our employees that our initiatives to create an inclusive workplace are resonating. One of our core values is Human First, and we’re committed to ensuring every employee feels supported and valued, and to improving gender and ethnicity representation across all levels of seniority at Tessian through our DEI efforts. “Why? Because empowering our people to thrive in an inclusive environment and challenging the status quo to create more equal opportunities in the tech industry is, ultimately, the right thing to do.”  Benedict Gautrey, Managing Director of Great Place to Work® UK, explains: “We’re delighted to recognize so many great organizations in this fourth year of the UK’s Best Workplaces™ for Women list. The issues affecting women in the workplace, particularly what we’ve witnessed in the face of the pandemic including parity of pay and advancement opportunities, continue to be important topics. “What our 2021 UK’s Best Workplaces™ for Women clearly show is the positive impact their practices have on business. As a result, they are better able to attract and retain women of talent, encouraging them to develop professionally and personally, and in turn, contribute exponentially to the success of the organizations they work for.” Want to work at Tessian? See if we have a role that interests you today.

Introduction In part one, we went over the decisions that led the CSI team to start automating its UI application with a focus on the process drivers and journey.  Today we’re going to start going over the technical challenges, solutions, and learnings along the way.  It would be good if you had a bit of understanding of how to use WinAppDriver for UI testing.  As there are a multitude of beginner tutorials, this post will be more in depth. All code samples are available as a complete solution here. How We Got Here As I’m sure many others have done before, we started by adapting winappdriver samples into our own code base.  After we had about 20 tests up and running, it became clear that taking some time to better architect common operations would help in fixing tests as we targeted more versions of Outlook, Windows, etc.  Simple things like how long to wait for a window to open, or how long to wait to receive an email can be impacted by the test environment, and it quickly becomes tedious to change these in 20 different places whenever we have a new understanding/solution on the best way to do these operations. Application Sessions A good place to start when writing UI tests is just getting the tests to open the application.  There are plenty of samples online that show you how to do this, but there are a few things that the samples leave each of us to solve on our own that I think would be helpful to share with the larger Internet community. All Application Sessions are Pretty Similar And when code keeps repeating itself, it’s time to abstract this code into interfaces and classes.  So, we have both: an interface and a base class:

Don’t worry, we’ll get into the bits.  The main point of this class is it pertains to starting/stopping, or attaching/detaching to applications and that we’re storing enough information about the application under test to do those operations.   In the constructor, the name of the process is used to determine if we can attach to an already running process, whereas the path to the executable is used if we don’t find a running process and need to start a fresh instance.  The process name can be found in the Task Manager’s Details tab. Your Tests Should Run WinAppDriver I can’t tell you how many times I’ve clicked run on my tests only to have them all fail because I forgot to start the WinAppDriver process beforehand.  WinAppDriver is the application that drives the mouse and keyboard clicks, along with getting element IDs, names, classes, etc of the application under test.  Using the same solution WinAppDriver’s examples show for starting any application, you can start the WinAppDriver process as well.   Using IManageSession and BaseSession<T> above, we get:

The default constructor just calls BaseSession<WinAppDriverProcess> with the name of the process and the path to the executable. So you can see that StartSession here is implemented to be thread safe.  This ensures that only one instance can be created in a test session, and that it’s created safely in an environment where you run your tests across multiple threads.  It then queries the base class about whether the application you’re starting is already running or not.  If it is running, we attach to it.  If it’s not, we start a new instance and attach to that.  Here are those methods:

These are both named Unsafe to show that they’re not thread safe, and it’s up to the calling method to ensure thread safety.  In this case, that’s StartSession(). And for completeness, StopSession does something very similar except it queries BaseSession<T> to see if we own the process (i.e. it was started as a fresh instance and not attached to), or not.  If we own it, then we’re responsible for shutting it down, but if we only attach to it, then leave it open.

You’ll Probably Want a DesktopSession Desktop sessions can be useful ways to test elements from the root of the Windows Desktop.  This would include things like the Start Menu, sys-tray, or file explorer windows.  We use it for our sys-tray icon functionality, but regardless of what you need it for, WinAppDriver’s FAQ provides the details, but I’ve made it work here using IManageSession and BaseSession<T>:

It’s a lot simpler since we’d never be required to start the root session.  It’s still helpful to have it inherit from BaseSession<T> as that will provide us some base functionality like storing the instance in a Singleton and knowing how long to wait for windows to appear when switching to/from them. Sessions for Applications with Splash Screens This includes all the Office applications.  WinAppDriver’s FAQ has some help on this, but I think I’ve improved it a bit with the do/while loop to wait for the main window to appear.  The other methods look similar to the above, so I’ve collapsed them for brevity.

Putting it All Together So how do we put all this together and make a test run?  Glad you asked! NUnit I make fairly heavy use of NUnit’s class and method level attributes to ensure things get set up correctly depending on the assembly, namespace, or class a test is run in.  Mainly, I have a OneTimeSetup for the whole assembly that starts WinAppDriver and attaches to the Desktop root session.  

Then I separate my tests into namespaces that correspond to the application under test – in this case, it’s Outlook.  

I then use a OneTimeSetup in that namespace that starts Outlook (or attaches to it). 

Finally, I use SetUp and TearDown attributes on the test classes to ensure I start and end each test from the main application window.

The Test All that allows you to write (the somewhat verbose) test:

Wrapping It All Up For this post we went into the details on how to organize and code your Sessions for UI testing.  We showed you how to design them so you can reuse code between different application sessions.  We also enabled them to either start the application or connect to an already running application instance (and how the Session object can determine which to do itself).  Finally, we put it all together and created a basic test that drives Outlook’s UI to compose a new Email message and send it. Stay tuned for the next post where we’ll delve into how to handle all the dialog windows your UI needs – to interact with and abstract that away – so you can write a full test with something that looks like this:

This Pride month, at workplaces around the world, you would be forgiven for thinking nothing has changed — working at home, we find ourselves at the same desks looking out of the same windows. Pride celebrations still look and feel different from the ‘before times’, as the physical manifestations of our LGBTQ+ community are slowly rebuilt in digital fabric. A year on from the creation of Plus, Tessian’s LGBTQ+ employee resource group, we look back to our original mission and founding principles, what we’ve learned in these strange times, and what we can look forward to in 2021. How Plus was formed  In all of 2020’s uncertainty, there was one certainty in the transition to remote-working — digital would have to replace physical… at least for the time being.  Zoom calls replaced meeting rooms, Slack replaced coffee chats, and Tessian began to use a tool called Peakon to measure employee engagement. It was only natural, then, that Plus was started by a single Peakon message, asking: “Is Tessian doing anything for LGBTQ Pride Month?”

The answer turned out to be No — but that the opportunity presented itself with the full support of the company and executive team. Without any existing plans, a few LGBTQ+ Tessians self-organized and promoted our newly-formed group — Plus. For us, Pride has always been about celebration and amplification of LGBTQ+ voices — both inside and outside of Tessian, and to create a “safe space” for all Tessian LGBTQ+ employees to network, socialize, and share experiences behind closed doors.  But our largest reservation when starting Plus was always about critical mass.  How Plus grew at Tessian Without any visibility on LGBTQ+ employees at Tessian, we didn’t know if the group would have enough members to be successful, or if by creating a community exclusive to LGBTQ+ voices alone, we would be excluding allies of the community in a way that restricted our ability to act on our mission. Forming a small committee, we promoted the arrival of Plus during company all-hands, new employee onboardings, and relied on existing and larger employee resource groups to gather members. We were quickly impressed at the uptake, with more than 10% of the company joining Plus within the first month of launch — a significant minority and higher than the expected average. Seniority and function were both well-represented at Plus, pulling from all parts of Tessian and for the first time, providing an organized and welcoming committee of LGBTQ+ voices. Plus was formed around a core mission to:  Ensure an inclusive and respectful environment for all employees Raise awareness of, and represent the views and issues of, LGBTQ+ employees Provide a support network for LGBTQ+ employees Create opportunities to socialize with other LGBTQ+ employees Offer confidential support when needed Provide guidance to Tessian as an employer on policy and how to enhance its diversity strategy In practice, the digital certainties of our last year in remote work has led Plus to resculpt any and all ideas around community-building. Online socials over Zoom, knowledge sharing via Slack — and more recently — socially distanced gatherings at local parks, have all worked well. As Tessian began it’s formal journey on Diversity & Inclusion with the development of an internal D&I Report — again developed remotely — Plus had a seat at the table to shape the discussion around LGBTQ+ representation at the company. And sharing our message outside of Tessian, Plus was even fortunate enough to be interviewed for Infosecurity Magazine’s cover pride story alongside ERGs from Zivver and Rapid7.

That is to say, that even during a year when LGBTQ+ communities around the world have struggled to run gatherings, fundraising, or support networks, — when the importance of Pride as an LGBTQ+ institution has been validated — our approach to working directly with LGBTQ+ Tessians on the community-building activities that matter most to us has proven successful. What’s next for Plus? One of Tessian’s company values continues to be Human First. And with Plus, we’re proud to have created a private, Human First initiative for Tessians to celebrate their sexual orientation and gender identity. Plus germinated alongside Tessian’s transition to choice-first remote working, but won’t stop growing as we move forward to a hybrid workplace. Continuing to grow with new members, we’re excited to meet up in-person, campaign for positive change outside of Tessian, and work with external speakers to open up LGBTQ+ stories to the whole company. Do you lead an LGBTQ+ Employee Resource Group at your company? Get in touch and we would love to hear from you on how you’ve elevated LGBTQ+ voices during the past year, and what successes you’ve seen building healthy LGBTQ+ communities.

I’d like to describe Tessian’s journey with React hooks so far, covering some technical aspects as we go. About two years ago, some of the Frontend guild at Tessian were getting very excited about a new React feature that was being made available in an upcoming version: React Hooks. React Hooks are a very powerful way to encapsulate state within a React app. In the words of the original blog post, they make it possible to share stateful logic between multiple components. Much like React components, they can be composed to create more powerful hooks that combine multiple different stateful aspects of an application together in one place. So why were we so excited about the possibilities that these hooks could bring? The answer could be found in the way we were writing features before hooks came along. Every time we wrote a feature, we would have to write extra “boilerplate” code using what was, at some point, considered by the React community to be the de facto method for managing state within a React app ─ Redux. As well as Redux, we depended on Redux Sagas, a popular library for implementing asynchronous functionality within the confines of Redux. Combined, these two(!) libraries gave us the foundation upon which to do…very simple things, mostly API requests, handling responses, tracking loading and error states for each API that our app interacted with. The overhead of working in this way showed each feature required a new set of sagas, reducers, actions and of course the UI itself, not to mention the tests for each of these. This would often come up as a talking point when deciding how long a certain task would take during a sprint planning session. Of course there were some benefits in being able to isolate each aspect of every feature. Redux and Redux Sagas are both well-known for being easy to test, making testing of state changes and asynchronous API interactions very straight-forward and very ─if not entirely─ predictable. But there are other ways to keep testing important parts of code, even when hooks get involved (more on that another time). Also, I think it’s important to note that there are ways of using Redux Sagas without maintaining a lot of boilerplate, e.g. by using a generic saga, reducer and actions to handle all API requests. This would still require certain components to be connected to the Redux store, which is not impossible but might encourage prop-drilling. In the end, everyone agreed that the pattern we were using didn’t suit our needs, so we decided to introduce hooks to the app, specifically for new feature development. We also agreed that changing everything all at once in a field where paradigms fall into and out of fashion rather quickly was a bad idea. So we settled on a compromise where we would gradually introduce small pieces of functionality to test the waters. I’d like to introduce some examples of hooks that we use at Tessian to illustrate our journey with them. Tessian’s first hook: usePortal Our first hook was usePortal. The idea behind the hook was to take any component and insert it into a React Portal. This is particularly useful where the UI is shown “above” everything else on the page, such as dialog boxes and modals. The documentation for React Portals recommends using a React Class Component, using the lifecycle methods to instantiate and tear-down the portal as the component mounts/unmounts. Knowing we could achieve the same thing with hooks, we wrote a hook that would handle this functionality and encapsulate it, ready to be reused by our myriad of modals, dialog boxes and popouts across the Tessian portal. The gist of the hook is something like this:

Note that the hook returns a function that can be treated as a React component. This pattern is reminiscent of React HOCs, which are typically used to share concerns across multiple components. Hooks enable something similar but instead of creating a new class of component, usePortal can be used by any (function) component. This added flexibility gives hooks an advantage over HOCs in these sorts of situations. Anyway, the hook itself is very simple in nature, but what it enables is awesome! Here’s an example of how usePortal can be used to give a modal component its own portal:

Just look at how clean that is! One line of code for an infinite amount of behind-the-scenes complexity including side-effects and asynchronous behaviors! It would be an understatement to say that at this point, the entire team was hooked on hooks!   Tessian’s hooks, two months later Two months later we wrote hooks for interacting with our APIs. We were already using Axios as our HTTP request library and we had a good idea of our requirements for pretty much any API interaction. We wanted: To be able to specify anything accepted by the Axios library To be able to access the latest data returned from the API To have an indication of whether an error had occurred and whether a request was ongoing Our real useFetch hook has since become a bit more complicated but to begin with, it looked something like this:

To compare this to the amount of code we would have to write for Redux sagas, reducers and actions, there’s no comparison. This hook clearly encapsulated a key functionality that we have since gone on to use dozens of times in dozens of new features. From here on out, hooks were here to stay in the Tessian portal, and we decided to phase out Redux for use in features. Today there are 72 places where we’ve used this hook or its derivatives ─ that’s 72 times we haven’t had to write any sagas, reducers or actions to manage API requests! Tessian’s hooks in 2021 I’d like to conclude with one of our more recent additions to our growing family of hooks. Created by our resident “hook hacker”, João, this hook encapsulates a very common UX paradigm seen in basically every app. It’s called useSave. The experience is as follows: The user is presented with a form or a set of controls that can be used to alter the state of some object or document in the system. When a change is made, the object is considered “edited” and must be “saved” by the user in order for the changes to persist and take effect. Changes can also be “discarded” such that the form returns to the initial state. The user should be prompted when navigating away from the page or closing the page to prevent them from losing any unsaved changes. When the changes are in the process of being saved, the controls should be disabled and there should be some indication to let the user know that: (a) the changes are being saved, (b) the changes have been saved successfully, or that (c) there was an error with their submission. Each of these aspects require the use of a few different native hooks: A hook to track the object data with the user’s changes (useState) A hook to save the object data on the server and expose the current object data (useFetch) A hook to update the tracked object data when a save is successful (useEffect) A hook to prevent the window from closing/navigating if changes haven’t been saved yet (useEffect) Here’s a simplified version:

As you can see, the code is fairly concise and more importantly it makes no mention of any UI component. This separation means we can use this hook in any part of our app using any of our existing UI components (whether old or new). An exercise for the reader: see if you can change the hook above so that it exposes a textual label to indicate the current state of the saved object. For example if isLoading is true, maybe the label could indicate “Saving changes…” or if hasChanges is true, the text could read “Click ‘Save’ to save changes”. Tessian is hiring! Thanks for following me on this wild hook-based journey, I hope you found it enlightening or inspiring in some way. If you’re interested in working with other engineers that are super motivated to write code that can empower others to implement awesome features, you’re in luck! Tessian is hiring for a range of different roles, so connect with me on LinkedIn, and I can refer you!