Kids, Code, and Computer Science Magazine

An Interview with Troy Hunt

Troy Hunt is a software architect and Microsoft Most Valued Professional (MVP) focusing on security concepts and process improvement in a Fortune 50 company. He's based in Australia.

His software skills include C# ASP.Net, SQL Server, SOA, SharePoint, Security, and Continuous Integration. In addition to giving presentations, and contributing to an OWASP project that provides quick basic .NET security tips for developers, Troy writes frequently about security concepts and software process improvement at TroyHunt.com. He lives in Sydney, Australia. Oh, and he has published two courses on Pluralsight in his free time.

Tim: What was the first software programming language you learned? How did you happen to learn programming?

Troy: Probably JavaScript I think, I was very web focussed from the outset so this was the most natural language to choose. It would have been in around 1995 so the web was a much simpler world back then and access to information and tutorials was limited so I learned mostly by buying books then hacking around.

Tim: How did you get from hacking Javascript to Microsoft MVP?

Troy: I studied computer science at university but but found it very unfulfilling. It was especially academic and didn’t touch on any of the aspects of technology I was really interested in, namely web development. It was the early days of the web back then in the mid 90s so I had to make my own way and learn things for myself. It was only when I started blogging about 4 years ago that the MVP status followed, entirely by surprise, I might add.

Tim: What’s your typical day like? What sorts of problems do you work on?

Troy: My days aren't very typical! I work in a global role so my typical day normally involves communicating with people in the US and Latin America during my Australian morning then moving onto Asia during the day and then Africa and the Middle East plus Eastern Europe in the afternoon and evening. This involves working with a really broad range of people from junior developers to senior directors, all with different levels of technical understanding and responsibilities. The variety is great and I simultaneously deal with a heap of different challenges at various levels but then I also end up not knowing where my work life ends and my personal life begins. Throw my blogging, speaking and developer community involvement life into that mix and it's easy for the day to just become a blur.

Tim: How did you get into your online security work?

Troy: A good understanding of software security is something you need to arrive at by pulling things apart and understanding how they work. I'd always do this as part of learning a new technology so the interest in software security as a discipline flowed on from there. Where I find security gets particularly complex is around cryptography — it's a discipline all of its own and there are some extremely mathematically smart people out there that make cryptography all work. I look at it as a black box — I need to understand the externalities of it (what goes in and what comes out), but I don't try to understand the internal mechanisms. Just make it work please, smart crypto guys!

Tim: For kids/people interested to specialize in online security, what sort of background and education do you think works best?

Troy: I think a creative, exploratory persona goes a long way in security. You have to be inquisitive enough to take things apart and see what makes them tick. Very often this is a bit anti-establishment; rather than following the commonly accepted patterns laid out by many programmers before us, we often need to do things completely the other way around then see what breaks. I think you need to have a very specific mindset to do this well, one that's happy to break some rules!

Tim: For people learning software programming, what are the top 5 security issues they should always pay attention to? What are the best online resources you’ve found to keep up with online security?

Troy: For the top 5 things to learn (and keep in mind that I'm very web-centric), I think you want to focus on SQL injection, cross site scripting, transport layer security, credential storage and mobile API security in general. Resources such as the Open Web Application Security Project (OWASP) and the Security Stack Exchange site for asking questions are great. I find best of all though is Twitter — build connections with industry influencers and seek out their guidance at every opportunity.

Tim: What are you most proud of in your technology career?

Troy: In terms of a single achievement, probably the Microsoft MVP award and getting MVP of the year in my first year. As a theme though, I've always made my own success in the industry and this has frequently been through non-traditional means. I'm proud of not having simply followed the same path as the masses, but that's a story for another time.

Tim: I’m curious if your son is into technology? Has he shown any interest?

Troy: My son is about to turn 4 so it’s a little early to get a real sense of where his interests will lie. Having said that, he seems to be quite methodical and has very good concentration so he may drift in the same direction as me (with a little help). In fact I’ve already started to use him in some of material such as demonstrating how easy SQL Injection is with tools like Havij: http://www.troyhunt.com/2012/10/hacking-is-childs-play-sql-injection.html.

Tim: Do you have a secret life as a musician? Artist? Many coders I know do have a passion of equal sometimes greater value to them than coding. Curious if you’re in that camp.

Troy: Definitely not music and although I think I'm creative, I'm no artist. All my interests have revolved around things that we would probably consider anti-programmer: martial arts, motor sport, windsurfing and snowboarding to name a few. I'm very fast-paced and I need things that excite me and get the adrenaline going, particularly when there are no safety nets and you are in complete control of your own danger levels. I have trouble doing slow and boring!

Learn More

Personal Website

http://www.troyhunt.com/

Training Courses on Pluralsight

http://pluralsight.com/training/Authors/Details/troy-hunt
http://pluralsight.com/training/Courses/TableOfContents/hack-yourself-first
http://pluralsight.com/training/Courses/TableOfContents/owasp-top10-aspdotnet-application-security-risks

Of Developers, Security Professionals and Playing Nice Together, an interview with Troy Hunt, on PaulDotCom

http://blip.tv/pauldotcom/interview-with-troy-hunt-episode-339-6618248

Popular Articles on TroyHunt.com

Everything You Wanted to Know About SQL Injection (but were afraid to ask)
http://www.troyhunt.com/2013/07/everything-you-wanted-to-know-about-sql.html

The Impending Crisis that is Windows XP and IE8
http://www.troyhunt.com/2013/01/the-impending-crisis-that-is-windows-xp.html

Scamming the Scammers — Catching the Virus Call Centre Scammers Red-Handed
http://www.troyhunt.com/2012/02/scamming-scammers-catching-virus-call.html

You are Cordially Invited to Hack Me First (and get free stuff!)
http://www.troyhunt.com/2013/09/you-are-cordially-invited-to-hack-me.html

In Google We Trust — Links and more info from 4 Corners
http://www.troyhunt.com/2013/09/in-google-we-trust-links-and-more-info.html

Also In The October 2013 Issue

An Interview with Troy Hunt

Troy Hunt is a software architect and Microsoft Most Valued Professional (MVP) focusing on security concepts and process improvement in a Fortune 50 company. He's based in Australia.

1Password, LastPass, RoboForm

If you use a password you created that is less than eight characters, your password is vulnerable to hacking. Here are three ways to create and use secure passwords online.

How to Write Secure Code

Coding securely doesn't have to kill the joy of programming. In fact, learning how to code securely provides insights into languages and computing.

How to Code HTML Email

How to code an HTML email like the ones you open every day turns out to be an offbeat software coding challenge.

What is an SSL Certificate?

How to tell if a web page is secure is one of the most basic yet least obvious ways to protect your data online.

Where to Find Command Line Interface Software

One key computing skill is the ability to use command line interface (CLI) software to enter commands to control a computer. Here are some options.

Lua

Lua is a comparatively simple programming language used in a wide range of places, from digital TVs to video games to phone applications. It's also designed to be simple to use and lightweight.

Arrays

Here is how three programming languages handle a common problem: how do you organize and keep track of useful data?

Linux Command List for Command Line Interfaces

Some of the most common commands you'll need for a command line interface (CLI), in a Linux command list.

Computer science education cannot make anybody an expert programmer any more than studying brushes and pigment can make somebody an expert painter.

News Wire Stories for October 2013

Must read stories about computer science, software programming, and technology for September 2013.

Learn More Links for October 2013

Links from the bottom of all the October 2013 articles, collected in one place for you to print, share, or bookmark.