Troy Hunt

MicrosoftMVP - Developer Security

I'm Troy Hunt, an Australian Microsoft Most Valuable Professional for Developer Security. I don't work for Microsoft, but they're kind enough to recognise my community contributions by way of their MVP program which I've been an awardee of since 2011. I get to interact with some fantastic people building their best products and then share what I know about creating secure applications for the web with the broader community.

You'll often find me speaking at technology events around the world, usually on security and usually showing people just how easy it is to break software on the web today. The view I take in all my speaking and writing is that unless software developers understand how code is exploited, it's hard for them to buy into the value of protecting it.

I frequently appear on television, radio or other media channels as a subject matter expert on a wide range of technologies. Much of the time this is in a very consumer-centric context where I explain technology for the "layman", that is to put technical concepts in language that anyone can consume. Distilling complex subjects into explanations audiences of various expertise can relate to is something I invest an enormous amount of effort in.

My view is that whether it's security or the broader discipline of software architecture which I've focussed on for most of my career, nothing beats hands on experience and actually delivering working code. I keep very active in the development space and am constantly producing software on the latest technology platforms we have at our disposal today.

I'm based in Sydney Australia and I'm happy to be emailed about technical queries, press enquiries and certainly any corrections or suggestions for material.


Security Sense: You’ll Be Judged by Today’s Standards for Yesterday’s Breaches
Disqus made a design decision in a different era which viewed in the light of 2017 looks bad.
Security Sense: Is it Time to Start Purging Our Digital Lives?
So much of our lives is digitised these days, should we be keeping it all online? Or purging it? And is that even feasible?
Security Sense: The Trust Problem with Equifax
The massive Equifax data breach story is about more than just a bad security incident, it's about how subsequent poor handling erodes trust even further.
Security Sense: Terrible Security Practices Have Become Indistinguishable from Parody
The rate and the craziness of security incidents these days has gotten so out of control that to be honest, I no longer even know when someone is fabricating a story or not!
Security Sense: Are We More Secure Today Than Yesterday?
It's an often-asked yet very difficult to answer question - are we more secure today than yesterday? Well, yes... and no.
Security Sense: Can We Please Stop Politicians from Talking About Encryption? 2
Ok, we know that politicians are merely elected officials and that ultimately they have specialists available to do the thinking on important topics, but can we please stop them coming out with outlandish statements about encryption?
Security Sense: Have You Ever Practiced Being Breached?
Data breaches are never easy things to deal with, but preparation can make a world of difference when one does hit.
Security Sense: What if All Your Security Practices Were Put on Public Display?
Imagine if every security decision you'd made was to be disclosed - what would it say about you or your company? And should you change things now?
Security Sense: Apple Just Reminded Me How Sucky The Web Has Become
The WannaCry ransomware made a mess of a bunch of bunch of machines, but it could have been so much worse. Given the nature of the web and the dependencies we've created on it, one day it probably will be.
Security Sense: The Internet Remains a Fragile Beast 1
The WannaCry ransomware made a mess of a bunch of bunch of machines, but it could have been so much worse. Given the nature of the web and the dependencies we've created on it, one day it probably will be.
Security Sense: Lessons on Ransomware From a Dentist 2
I had the opportunity to watch the harsh reality of ransomware unfold before me whilst sitting in the dentist chair today. It wasn't pretty.
Security Sense: Australia Just Showed the World the Problem with Mandatory Metadata Retention 1
Mandatory collection of metadata is increasingly being rolled out around the world. Unfortunately, the Australian government has just demonstrated why so many people are concerned about it.
Security Sense: Security is Becoming Too Hard for the Layperson
We've got a lot of really great security patterns at our disposal these days. Thing is though, they're still way too hard for your average person which means adoption suffers.
Security Sense: Encrypted Web Traffic Doesn’t Necessarily Hide Your Weird Fetishes 1
HTTPS is an essential part of securing the web, but there are certain things it can't protect your from that take many people by surprise.
Security Sense: Car Crashes, Security Incidents and Normal Accidents
The idea of "zero incidents" is a fundamentally flawed concept when we're dealing with complex systems.


Security Sense: 2016: The Year We Realised How Little We Know
December 20, 2016

Given that many of them are as a result of attacks like SQL injection, cloud frequently has nothing to do with the attack anyway.

Security Sense: The Personalities Behind the Hacktivists
July 16, 2016

Yes, infamy in that they became well known for illegal activities. Now that's not to say that some of their targets weren't also involved in unethical practices nor that...

Security Sense: When is a Leak a Hack – and Does It Even Matter?
January 14, 2016

It's still breaking and entering, it just remains an unsolved crime! But the fact remains that there is malice required on behalf of the perpetrator and that will land people...

Security Sense: The Security Implication of Ads (and how ad networks have wrecked it for everyone)
September 21, 2015

Spot on! I think consumers get that they need to pay for content like this in *some* way and there's a way to do that where the overall experience isn't degraded. Part of that...

Security Sense: Ashley Madison and the Human Impact of Our Technology Decisions
September 2, 2015

I've chosen to focus on the impact of technology decisions rather than pass my own subjective judgements on the morality of the site. Regardless of your personal views of the...