The Siege and Troy

Troy Hunt IT Security ExpertI don’t know about you, but when it comes to IT security I feel besieged.

I host and manage 72 websites for myself and my web clients. I depend on email, phone and texts to communicate directly with my clients, colleagues, friends and family.

I use half a dozen or more social media outlets for fun and profit. My home office has 17 different devices running through a ridiculously simple network. I spend at least 18 hours a day online and regularly visit up to 30 or even 40 websites a day.

There is hardly a product I buy or service I use that is not defined by some sort of online presence, requiring me to manage a daunting number of passwords and personal identifiers just to get my hands on what I need to feed my family and run my business.

And I am under attack.

On the one hand, there are the “bad” guys: hackers, scammers, spammers and conmen maintaining a barrage of attacks on every facet of my technological life, from teenaged cowboys trying to prove some sort of a point by defacing or shutting down my client websites through endless unsolicited bulk direct marking emails to highly organised international crime syndicates wanting to part me from the few funds I manage to collect before it goes to pay the bills.

One the other hand, there are the “good” guys: from government agencies that want to get their hands on my online data and hang on it for “security” purposes (just in case I’m a terrorist), through sneaky marketers who want to mine my tastes and preferences so they can try to convince me to buy the products they decide I really want and need, to web hosts and domain name registrars who won’t let me get at my own and my client data in order to “protect” my interests, and won’t let me delete accounts when I stop using their services.

Put all this together and I could be forgiven for feeling that every minute of every day I am under siege.

If it wasn’t for one guy, I would find this situation so confusing, so threatening, so incomprehensible, and horrifying that I want to give it all up and go and build a cabin in south west Tasmania, lead a simple self-sufficient lifestyle and have no connection to the outside world.

Thank God for Troy Hunt.

Troy describes himself as an Australian Microsoft Most Valuable Professional for Developer Security.

I describe him as an expert of the highest level, who is able to understand, put in perspective and translate for ordinary people what is actually important to know about IT security. For short, I’d call him a godsend.

Take the currently hot topic of data retention (no, please, take it, I don’t want it). The Australian Government has recently passed legislation forcing internet service providers to store client data for an extended period, and hand it over when the Government tells them to. Yesterday, Troy published on the WindowsITPro website a mere 573 words that sketch out why this is an issue, what’s at stake and what’s at risk. It’s in plain English and is comprehensible to anyone who has a passing familiarity with online life. My reaction on reading it was, “OK. I get that.”

I had seen a few of Troy’s articles and posts in my tech travels, but I first gave him some serious attention at his presentation for Web Directions 2013 in Sydney. If you’re not familiar with it, Web Directions is an annual conference on all matters web – one of the best in the world, without question – that in more 10 years has grown so large that it has multiple streams of presentations so that you have to choice what you attend, sometimes from two or three options.

I’m a regular WD attendee and that year I was attracted to the title of Troy’s presentation: “Hack yourself first: go on the offence before the online attackers”. Security is not often the focus of speakers at Web Directions, and yet it is obviously a matter of critical importance to web designers, developers, content producers, user experience specialists – all the professionals who play a role in creating and maintaining a web presence.

The title pretty well speaks for itself. Troy took us through what developers can and should do to test their websites for vulnerabilities that can and will be exploited by hackers. He not only spoke cogently and with a confidence that comes only from people who really know their stuff, he took us through some jaw-dropping online exercises in cracking passwords and getting behind firewalls and other security software. It’s not often you hear a room full of devs sway between gasps of horror and nervous giggles.

From then on, I kept an eye out for Troy’s work. I followed him on Twitter and read various articles he posted on tech news and opinion sites. Pretty much without fail, I came out of his articles better informed and a bit more confident about how to handle security issues. I took password management more seriously than I had previously and I think that has contributed to my having had only a very few minor security breaches (although I still shudder when I think about the time my own Twitter account was hacked).

During my time as Managing Editor, I tried to lure Troy to write for SitePoint, even though his subject matter didn’t fall into any obvious channels we published at the time. I never did succeed in that, but I can only hope the current SitePoint editorial team continues to try to cultivate that relationship: what he has to say, and how he says it, is of indisputable importance to the SitePoint audience, and that of any online publisher aimed at an audience of web professionals.

If you’ve read this far, you are almost certainly the kind of person who should be paying attention to what Troy has to say. If you don’t already, you can catch him at his own website, writing for the aforementioned WindowsITPro, authoring courses at Pluralsight, speaking at web and tech events and, increasingly, as an expert security spokesperson in mainstream media. You should also check out his Have I Been Pwned website to find out just how secure your own sites are.

Click to play a seven minute excerpt of  Play by Play: Website Security Review with Troy Hunt and Lars Klint, produced for Pluralsight

In my opinion, Troy deserves to be recognised as one of Australia’s premier technology experts and exports – his role in the global scene is growing, especially since he has left his former employer and is free to speak and write on any topic he chooses.

When it comes to IT security, I still feel under siege. But it’s a great relief to know that Troy Hunt is out there, putting things in perspective and teaching me how to keep myself, my family and my clients safe online.

Leave a Comment

Your email address will not be published. Required fields are marked *