Troy Hunt

MicrosoftMVP - Developer Security

I'm Troy Hunt, an Australian Microsoft Most Valuable Professional for Developer Security. I don't work for Microsoft, but they're kind enough to recognise my community contributions by way of their MVP program which I've been an awardee of since 2011. I get to interact with some fantastic people building their best products and then share what I know about creating secure applications for the web with the broader community.

You'll often find me speaking at technology events around the world, usually on security and usually showing people just how easy it is to break software on the web today. The view I take in all my speaking and writing is that unless software developers understand how code is exploited, it's hard for them to buy into the value of protecting it.

I frequently appear on television, radio or other media channels as a subject matter expert on a wide range of technologies. Much of the time this is in a very consumer-centric context where I explain technology for the "layman", that is to put technical concepts in language that anyone can consume. Distilling complex subjects into explanations audiences of various expertise can relate to is something I invest an enormous amount of effort in.

My view is that whether it's security or the broader discipline of software architecture which I've focussed on for most of my career, nothing beats hands on experience and actually delivering working code. I keep very active in the development space and am constantly producing software on the latest technology platforms we have at our disposal today.

I'm based in Sydney Australia and I'm happy to be emailed about technical queries, press enquiries and certainly any corrections or suggestions for material.

Security Sense: The Hardest Thing About Responsible Disclosure
You know the hardest thing about disclosing security vulnerabilities? Just getting the organisation to listen.
Security Sense: Australia’s Mandatory Data Breach Disclosure Laws Are Protecting the Guilty
Do mandatory data breach disclosure laws go far enough? Or are they protecting the guilty at the expense of the innocent?
Security Sense: Your People are the Best Security Investment You’ll Ever Make
So many of the serious security flaws we see in software today are as a result of simple human error. Training people makes a fundamental difference when it comes to protecting our online systems.
Security Sense: Security Requires Pragmatism
In security, we can't simply decry everything that doesn't meet the strongest possible criteria, we have to balance this off against the upsides of the approach.
Security Sense: There Are Many "Unknown Unknowns" in Security
The information security world is full of serious incidents that have already occurred but as yet, we have no idea of. These "unknown unknowns" are rampant and we'll see many of them again in 2017.
Security Sense: 2016: The Year We Realised How Little We Know 4
We like to get all retrospective at the end of the year and look back at the last 12 months. For 2016, my biggest takeaway is that we've learned how little we know.
Security Sense: Websites Need to be More Resilient to Password Reuse
We often see account compromises occur en masse on other websites after a data breach due to customers reusing credentials. How responsible should those other sites be for defending against this pattern?
Security Sense: How Responsible are Companies When Partners Lose Their Data?
Data breaches often as a result of an organisation's partner losing customer information. Who's ultimately responsible when this happens and would further checks and balances on the partner have stopped it from happening in the first place?
Security Sense: Are You Protecting Your Customers’ Banking Credentials?
You may believe your site holds nothing of any significant value, but if you're holding user credentials then you have the keys to unlock their other valuable things.
Security Sense: The Web is Held Together with Sticky Tape
Every now and then, an event happens that reminds us just how fragile the web is and how we've applied fix on top of fix to try and keep it all from falling apart.
Security Sense: Let’s All Stop Losing Our Minds Over “Terrorism Charges for Using Encryption”
Are people really being charged with encryption just for serving their blog over HTTPS? No, not even close.
Security Sense: Yahoo's Nation State Value Proposition
The Yahoo hack of half a billion records is massive news, but what would they have that's of interest to a state sponsored actor?
Security Sense: The End of Non-Secure-by-Default Websites is Nigh
At present, the web pretty much defaults to non-secure content and HTTPS is the exception that warrants a visual call-out. But that's a temporary state and it's all about to change.
Security Sense: Security Arguments in a Bubble Are Pointless 1
There's much bemoaning of security that doesn't conform with perfection, but not assessing it against practical alternatives is a dangerous practice.
Security Sense: Mandatory Password Changes Are a Social Challenge as Much as a Technical One
There's a long held belief that changing passwords regularly makes us more secure, but is that the case or is the opposite actually true?
Security Sense: 2016: The Year We Realised How Little We Know
December 20, 2016

Given that many of them are as a result of attacks like SQL injection, cloud frequently has nothing to do with the attack anyway.

Security Sense: The Personalities Behind the Hacktivists
July 16, 2016

Yes, infamy in that they became well known for illegal activities. Now that's not to say that some of their targets weren't also involved in unethical practices nor that...

Security Sense: When is a Leak a Hack – and Does It Even Matter?
January 14, 2016

It's still breaking and entering, it just remains an unsolved crime! But the fact remains that there is malice required on behalf of the perpetrator and that will land people...

Security Sense: The Security Implication of Ads (and how ad networks have wrecked it for everyone)
September 21, 2015

Spot on! I think consumers get that they need to pay for content like this in *some* way and there's a way to do that where the overall experience isn't degraded. Part of that...

Security Sense: Ashley Madison and the Human Impact of Our Technology Decisions
September 2, 2015

I've chosen to focus on the impact of technology decisions rather than pass my own subjective judgements on the morality of the site. Regardless of your personal views of the...

Microsoft Stack Master Class

Master-Level Microsoft Stack Class with John Savill
Online Class: Thursdays Oct. 12th-Dec. 21st
30 Hours of Training for $995!

Understand the complete Microsoft solution stack, how the products work together, and how to implement and maintain for a total datacenter and desktop solution. This course covers the latest technology updates including Windows Server 2016 and Windows 10 and will enable the new capabilities to be leveraged in your organization.


Join the Conversation

Sponsored Introduction Continue on to (or wait seconds) ×