Samkvæmt venju þá er komið að vikulegu viðtali hér á Lappari.com í viðtalsseríu sem kallast einfaldlega Föstudagsviðtalið en þetta er viðtal númer 32 í röðinni. Markmiðið er að tala við venjulegt fólk, harða nörda sem sviðsljósið skín sjaldan á sem og einstaklinga sem eru áberandi í tölvu og tækniheiminum, leyfa þeim að segja aðeins frá sér. Eins og venjulega þá er tilgangurinn er fyrst og fremst sá að hafa þetta létt, skemmtilegt og vonandi áhugavert fyrir lesendur.
Ég ákvað að taka eitt viðtal í viðbót á ensku og vona ég að það leggist ekki illa í lesendur.
It´s finally Friday and as usual it is time for our weekly interview but we have been doing them every Friday for the past 32 weeks. The objective is to interview people who are normally not in the spotlight of the mainstream media although we sometime try to mix regular people (whatever that means) with hard-core geeks and high profile individuals in the tech community. This has been their venue to tell our readers a little bit about themselves, where they are coming from and where they are heading.
This weeks interview is special in many ways as it was last Friday but I manage to get an interview with a person who I have been following for quite some time now. He surely fills all the criteria for the interview, he can be categorized as a normal man, a high profile writer and speaker and also a geek (Geeks are cool you know). This is no other than Troy Hunt who among other things is a Microsoft MVP, a writer, a speaker and a well established security expert in the “geek community”.
Troy has a few interesting things going on at the moment and I would just like to mention one of his projects project called “Have I been pwned” and that should interest many of our readers. On his website users can insert their email address to check if they are in any of the big data leaks over the last few years but today the database consist of 160.277.060 compromised accounts.
The database consist of user data from these nine breaches.
- Adobe (152.455.165 accounts)
- Snapchat (4.609.615 accounts)
- Gawker (1.247.574 accounts)
- Stratfor (859.777 accounts)
- Battlefield Heroes (530.270 accounts)
- Yahoo (453.427 accounts)
- Vodafone Iceland (56.021 accounts)
- Pixel (38.108 accounts)
- Sony (37.103 accounts)
I am a huge fan of his work and would highly recommend that you follow him on Twitter if you are not doing so already and if you need a speaker for an event here in Iceland, I can hook you guy´s up. 🙂
But let´s stop this rambling and hand the mic over to Troy.
Who is Troy Hunt and where are you from?
Australian (we’re the one with the kangaroos, not the one near Germany with the mountains), frequent purveyor of fine website security and critic of that which is not.
What do you do for a living?
I have a day job (which is more of a morning-day-night job!) where I look after the software architecture for a Fortune 100 company’s Emerging Markets. It’s very diverse and very challenging but what I really like to talk about publicly is the other stuff I’ve been doing for the last few years…
What have you been up to for the past few years?
Oh I’m glad you asked! I’ve been very focussed on web security and that’s aligned with a time where many people have been very focussed on breaking it! I’m a bit fortunate really that the hacktivist movement has highlighted how woefully bad security on the web is and now the NSA have highlighted how woefully bad our good security really is! So I’ve been blogging at a prolific rate, building some security-focussed community projects, speaking at events and churning out Pluralsight courses on secure coding practices.
Could you please describe a typical day in your life?
I get up pretty early (young kids ensure I don’t sleep in) and try to get on top of work and personal emails that have come in overnight. I usually get out and spend some time with the kids walking to day care and grabbing a coffee with them then try and get a couple of hours of work done before driving into the office. My times are pretty flexible as I’m often talking to folks in the US and Latin America of a morning so I head in after the traffic dies down then leave the office early and repeat the process in reverse – drive home, emails and meetings as other parts of the world come online, get the kids then roll over to the evening routine. I’m playing a lot of tennis lately so that keeps me active and if I’m not doing that I’m either on work calls or trying to spend some time on blogging, personal projects or Pluralsight. Fortunately the nature of my job means these activities are often mutually beneficial and I slot them in where I can.
Ooh, only one? Since I’m being security focussed, how about this one: “Security is not about the cost of ownership, it’s about the cost of being owned”. We are way too focussed on penny-pinching at the time where we can actually make smart decisions about security then when it all goes wrong we’d do anything to solve the problem. It’s too reactive and we focussed more in the impact of getting owned, I reckon the web would be a much safer place today.
In a fight, who would win? Van Damme or Chuck Norris
I never got the whole Chuck Norris thing, give it to Van Damme!
In your opinion what programming language provides the easiest framework to write secure code?
I spend very little time working with technologies outside the web and Microsoft stacks so this is obviously a biased response, but I really think ASP.NET MVC does a great job on security. There are a heap of “Secure by default” things you get straight out of the box and the rest of the .NET ecosystem makes it harder than ever to screw things up. However, I firmly believe that anyone building software for the web really needs to understand the fundamental concepts that I talk about in things like my OWASP course on Pluralsight. If you don’t get this, you’ll make a mess in any language.
What OS (desktop) is on your main computer, your daily driver?
My primary desktop is Windows 8 then I have a laptop and Surface Pro both running 8.1.
What kind of a tablet and mobile phone do you use?
I use an iPad and iPhone extensively so there’s a bunch of Apple in my life too.
What do you like most about that phone?
I just never have any problems with it, love the iCloud paradigm of auto-backups (yes, this is coming from a security guy!) and the experience is pretty much always slick (OS and app updates, integration with other Apple devices, etc.)
What do you dislike about that phone?
There’s just a bit too much “Apple way or the highway”. Stuff like not being able to play a DivX with the video player, deciding they need a proprietary plug etc. It feels like decisions are made on what’s best for Apple at the expense of what’s best for the ongoing development of technology for society.
What are your top five apps/tasks that you perform on the phone?
Making phone calls (many people are unaware that smart phones can do this!), email, Twitter, Facebook and GPS.
Do you remember the first mobile phone that you got?
Uh, a black analogue Nokia? I can’t even remember the model but it would have been 1995 when I was at university. Oddly enough, I’m sure it had a much better battery life than my current phone…
If you could pick any phone in the world, what phone would it be?
Probably an iPhone 6 with the bigger screen.
Could you please tell us which tech sites/blogs you monitor regularly?
I’ve admittedly stopped following individual blogs and I tend to just pick up on the news that floats to the surface via Twitter. Of course blogs like Scott Guthrie’s and Scott’s Hanselman’s keep coming up from a more Microsoft-centric position. On the security front, Brian Krebs is always a top pick and I hear good things about troyhunt.com too… 🙂
Anything else that you would like to add?
I really want to get back to Europe soon, how about an invite to speak at an event in Iceland?