Summary: <br> Troy Hunt is an Australian Microsoft Regional Director and Microsoft MVP for Developer Security.<br> <br> He's also the creator of Have I Been Pwned and speaks around the world on web security.<br> <br> To catch up on the Tweet mentioned in this episode, please visit the following link: <br> <br> https://twitter.com/tmobileat/status/981418339653300224<br> <br> <br> <br> Jon Ash - 00:51 - So before we get started, would you just tell us a little bit about yourself and maybe how you got started? <br> <br> Troy Hunt - 00:58 - Well, I guess in addition to what you just said, uh, I think he said I'm Australian. People can probably hear that I got started, uh, I guess in sort of my modern day career in terms of building stuff for the web back in a bit 95 I remember it was one of uh first year of university first of the web. And I went, wow, this is awesome. You can view source on a web page and then create your own site. That's amazing. So I started building a Web apps in, uh, in 1995 and things just sort of went from there. And at some point I kind of pivoted a little bit and went into the App sec side of things and, and yeah. Now here I am today. <br> <br> Jon Ash - 01:37 - Awesome. Awesome. So what are you doing today? <br> <br> Troy Hunt - 01:40 - Too much. Well, you know, I say too much. It's all good fun. But I'd like to see my family a little bit more. So it's a combination of things. So I'm still doing a lot of travel. That's one thing. I'm cutting back on a lot, some on travelling a lot to do talks at conferences, so I'll be off to Europe again in a couple of weeks talking info sec a year in London, going to Norway and doing the NDC conferences there. I'm doing a lot of workshops on my travels as well. So I do a workshop first where I either run them as part of conferences like NDC, uh, or a gun and see organizations and spent a couple of days in there. Fiction developers had to break their things, which is good fun. Doing a lot of, a lot of other sort of commercial toxic spend. A databank tomorrow scaring people, which is fun. I'm still doing a lot of plural, sought writing little courses they are running. Have I been postponed as you mentioned, <br> <br> Troy Hunt - 02:37 - that's been a cheekily busy period last few days because I got some cool stuff in the pipeline there. Uh, yeah. And blogging trying to try to actually write blogs as well because this was the whole sort of genesis of a lot of this. So I don't do like to keep up the blogging as well. <br> <br> Jon Ash - 02:53 - How'd you first get interested in information security? <br> <br> Troy Hunt - 02:56 - When I was seeing other people continually do it badly. Uh, so that the context they're in. And you mentioned earlier on my heck your career talk and I talk about this a bit in the heck your career talk at the context. For me it was that I was working in a, in a large enterprise. They were outsourcing everything in terms of the development work and I had an architectural role and I would just see people build things that would come back and I'll just look and go, what are you thinking? And you have no idea. Have no idea. Like what is going to get wrong as a result of this and there's this one moment that just kind of mind which, which I think is the epitomizes that the problem where we had some work done by some Chinese developers with a mobile APP and I grabbed this mobile app and I proxied my device through Fiddler and I had to look at the API calls. It was making a long story short. The one of these API calls was to some method called something like get users. And it did exactly what it sounds like it would do. It just pulled all the users and all their plain text passwords and everything back. <br> <br> Troy Hunt - 03:56 - And I, uh, I emailed this guy and said, look, I just proxied my device through Fiddler and he, he's everyone's accounts. Uh, and he said, look,
