dark mode light mode Search Menu

An Interview with Troy Hunt

His software skills include C# ASP.Net, SQL Server, SOA, SharePoint, Security, and Continuous Integration. In addition to giving presentations, and contributing to an OWASP project that provides quick basic .NET security tips for developers, Troy writes frequently about security concepts and software process improvement at TroyHunt.com. He lives in Sydney, Australia. Oh, and he has published two courses on Pluralsight in his free time.

Tim: What was the first software programming language you learned? How did you happen to learn programming?

Troy: Probably JavaScript I think, I was very web focussed from the outset so this was the most natural language to choose. It would have been in around 1995 so the web was a much simpler world back then and access to information and tutorials was limited so I learned mostly by buying books then hacking around.

Tim: How did you get from hacking Javascript to Microsoft MVP?

Troy: I studied computer science at university but but found it very unfulfilling. It was especially academic and didn’t touch on any of the aspects of technology I was really interested in, namely web development. It was the early days of the web back then in the mid 90s so I had to make my own way and learn things for myself. It was only when I started blogging about 4 years ago that the MVP status followed, entirely by surprise, I might add.

Tim: What’s your typical day like? What sorts of problems do you work on?

Troy: My days aren't very typical! I work in a global role so my typical day normally involves communicating with people in the US and Latin America during my Australian morning then moving onto Asia during the day and then Africa and the Middle East plus Eastern Europe in the afternoon and evening. This involves working with a really broad range of people from junior developers to senior directors, all with different levels of technical understanding and responsibilities. The variety is great and I simultaneously deal with a heap of different challenges at various levels but then I also end up not knowing where my work life ends and my personal life begins. Throw my blogging, speaking and developer community involvement life into that mix and it's easy for the day to just become a blur.

Tim: How did you get into your online security work?

Troy: A good understanding of software security is something you need to arrive at by pulling things apart and understanding how they work. I'd always do this as part of learning a new technology so the interest in software security as a discipline flowed on from there. Where I find security gets particularly complex is around cryptography — it's a discipline all of its own and there are some extremely mathematically smart people out there that make cryptography all work. I look at it as a black box — I need to understand the externalities of it (what goes in and what comes out), but I don't try to understand the internal mechanisms. Just make it work please, smart crypto guys!

Tim: For kids/people interested to specialize in online security, what sort of background and education do you think works best?

Troy: I think a creative, exploratory persona goes a long way in security. You have to be inquisitive enough to take things apart and see what makes them tick. Very often this is a bit anti-establishment; rather than following the commonly accepted patterns laid out by many programmers before us, we often need to do things completely the other way around then see what breaks. I think you need to have a very specific mindset to do this well, one that's happy to break some rules!

Tim: For people learning software programming, what are the top 5 security issues they should always pay attention to? What are the best online resources you’ve found to keep up with online security?

Troy: For the top 5 things to learn (and keep in mind that I'm very web-centric), I think you want to focus on SQL injection, cross site scripting, transport layer security, credential storage and mobile API security in general. Resources such as the Open Web Application Security Project (OWASP) and the Security Stack Exchange site for asking questions are great. I find best of all though is Twitter — build connections with industry influencers and seek out their guidance at every opportunity.

Tim: What are you most proud of in your technology career?

Troy: In terms of a single achievement, probably the Microsoft MVP award and getting MVP of the year in my first year. As a theme though, I've always made my own success in the industry and this has frequently been through non-traditional means. I'm proud of not having simply followed the same path as the masses, but that's a story for another time.

Tim: I’m curious if your son is into technology? Has he shown any interest?

Troy: My son is about to turn 4 so it’s a little early to get a real sense of where his interests will lie. Having said that, he seems to be quite methodical and has very good concentration so he may drift in the same direction as me (with a little help). In fact I’ve already started to use him in some of material such as demonstrating how easy SQL Injection is with tools like Havij: http://www.troyhunt.com/2012/10/hacking-is-childs-play-sql-injection.html.

Tim: Do you have a secret life as a musician? Artist? Many coders I know do have a passion of equal sometimes greater value to them than coding. Curious if you’re in that camp.

Troy: Definitely not music and although I think I'm creative, I'm no artist. All my interests have revolved around things that we would probably consider anti-programmer: martial arts, motor sport, windsurfing and snowboarding to name a few. I'm very fast-paced and I need things that excite me and get the adrenaline going, particularly when there are no safety nets and you are in complete control of your own danger levels. I have trouble doing slow and boring!

Learn More

Personal Website


Training Courses on Pluralsight


Of Developers, Security Professionals and Playing Nice Together, an interview with Troy Hunt, on PaulDotCom


Popular Articles on TroyHunt.com

Everything You Wanted to Know About SQL Injection (but were afraid to ask)

The Impending Crisis that is Windows XP and IE8

Scamming the Scammers — Catching the Virus Call Centre Scammers Red-Handed

You are Cordially Invited to Hack Me First (and get free stuff!)

In Google We Trust — Links and more info from 4 Corners