This is the transcript of the intrerview with Troy Hunt. You can find the full interview, video, audio and infographic here.
Vladimir: Hi everyone, my name is Vladimir Pecanac and I’m an author and a founder of Code Maze blog. My guest today is a Microsoft Regional Director and the Most Valuable Professional for developer security, a family guy and a prolific author on Pluralsight. He also blogs a lot and attends conferences all over the world and still finds the time to have a personal life and play tennis with his children (Troy laughing). It is my great pleasure and honor to talk to one and only Troy Hunt. So Troy welcome, nice to have you today with me.
Troy: Thanks Vladimir, we should tell people I had to, I didnāt realize, I donāt know I had something in my calendar and I knew we are gonna talk and I forgot that it was gonna be recorded. So I had to come home from a tennis court and I am still like sweaty and puffing and tired. So weāll see if I make any sense.
Vladimir: Yeah, Iām sorry about that. I should have mentioned that weāll be recording.
Troy: No, no, no itās ok. Weāll manage.
Vladimir: (Vladimir laughing) So, have I missed something in that elaborate intro? Do you have something more to add? Maybe ā¦
Troy: Did you mention the āHave I Been Pwnedā?
Vladimir: I donāt think I have. Maybe you should.
Troy: Ah, oh right. Alright, right so yes all of the things that youāve said and the creator of āHave I Been Pwnedā another breach verification service, which has become surprisingly popular. So (Troy laughing) that is that as well.
Vladimir: So āHave I been pwnedā was your pet project, to say it like that and then grew up to be something entirely else. So what do people do when they get to āHave I Been Pwnedā? How do they use it?
Troy: Well they go to haveibeenpwned.com and they enter their email address and then it comes back and it tells them all the websites that they have been breached in and then they cry for a little bit (both laughing) and then they figure out, hopefully, they figure out that is actually very important to have unique credentials on every website. So, what Iām really trying to drive people towards is using a password manager. So, āHave I Been Pwnedā is sort of interesting for knowing where you have data exposed, but the real impact I hope it makes is that people improve their online hygiene, their security hygiene and honestly the best way to do that and really the two best possible things that people can do after finding themselves is to get a password manager. Iāve used ā1passwordā for years, the program ā1passwordā. I donāt just use a single password (Troy laughing), so I use the program called ā1passwordā and turn on two-factor for multistep verification, or whatever they like to call it on every service. And if we can get just more people doing those two really simple things, weād make a really big difference to online security.
Vladimir: Yeah, so youāre trying to raise awareness in peopleās minds of where they put their passwords to and that even the biggest websites like Dropbox and LinkedIn can get hacked at some time?
Troy: Youāre right and to be honest itās almost a bit contradictory to sort of say āBe aware of where you put your passwordsā and then say āYeah, but even the biggest services get hacked!ā you know, because some people might say well if the site doesnāt look trustworthy, then maybe I shouldnāt use it. But if itās LinkedIn, you know or MySpace or Dropbox. Some of these are some of the biggest web assets in the world. You canāt reliably make a decision about how the site is going to protect your credentials, just based on how familiar you are with it. So we always have to sort of work with this assumption of, weāre using services which may one day be breached and we as normal everyday consumers of these services need to be resilient to that.
Vladimir: Yeah, I completely agree. Iāve been guilty of using my passwords all over the place and when I’ve got a bit more aware of the consequences of that I started using different passwords. And itās pretty strange that people are using passwords like admin1234 or something like that. I heard that there is even a list with billions of passwords circling around lately, so ā¦
Troy: Yeah look, weāve seen a few of these lists. There was a lot of news in December about a list of 1.2 billion usernames and passwords. What that was, was someone consolidating their credentials from many different breaches and consolidating it all into one single collection of email addresses and passwords. And really the reason why that was newsworthy and the reason why it is worrying is because thereās a lot of usernames and passwords in there which will work on many different systems. So, because of password reuse we see people logging into other peopleās say Gmail accounts or their bank account or something totally unrelated to where they originally had their password exposed, but because itās the same password, well it works in other places.
Vladimir: Yeah, thatās a pretty tough problem for the most of the people. So (Troy agreeing), I think your website will help raise awareness about that. And Iāve even found one of my emails from MySpace and I donāt even recall registering for MySpace ever, because havenāt used it. (laughing shamefully) So ā¦
Troy: Well this is also the problem, right. Like we have been online for many many years and there are so many places where you need to create accounts, even to do simple things that thereās no way youāre going to remember all the places and ultimately that the reality that we all have to face, is that our data has been exposed many times over. Many times we donāt even know about, that āHave I been pwnedā doesnāt even know about, because the site owners donāt know about it (Vladimir agrees). And it could have been a service that youāve signed up to ten years ago and something you might have used once. So, itās you know we have a very, very long trail of digital footprints.
Vladimir: Yeah, okay. So thatās about that. We wonāt go any further. I think itās pretty clear that people should care about their passwords a lot more. And letās go on. One thing I think we havenāt mentioned… You live in Australia, yeah?
Troy: Oh, yeah (Troy laughing).
Vladimir: I forgot to mention that, but your accent is giving away your location in the world.
Troy: (Troy laughing) Yeah, it does give it away. And for anyone who thinks my accent is British, no no itās not.
Vladimir: No, itās similar, but you can tell (Troy disagrees amused). So, how do you cope with living upside down most of the time?
Troy: I cope very well with it (Troy laughing).
Vladimir: Do you use some glue to put on your shoes or something? I donāt know howā¦
Troy: Thereāre actually conspiracy theories out there that think Australia does not exist and that itās all made up (Vladimir laughing). But no, look its real. You know I spend a lot of time traveling as well. So I spend a lot of the year overseas and I get to, sort of see other ways of living. Iāve lived overseas a lot myself as well. So itās you know, I guess I have a perspective where I can look at Australia in the context of the rest of the world and it really is such a unique place here. That, yeah everyone who comes here loves it and itās just a very, very nice place to come home to each time.
Vladimir: Iāve heard a lot of pretty nasty creatures live in Australia. Is that true or ā¦?
Troy: Yes. (grimly)
Vladimir: Yes?! (both laughing) Everything that lives in Australia tries to kill you, pretty much.
Troy: Itās like you got to be rational about it, right. So you know, where we live and what are the things here that kill us? So we live on the water where we have sharks. We know we have sharks because weāve caught sharks before. Weāve literally been fishing and caught sharks, but theyāre not big sharks and you know like maybe a meter and something long. Well, youāre very unlikely to be killed by them. But itās a little bit like anything where you sort of do your risk assessment. So I wouldnāt be swimming in murky water at dusk or during the night. Like the people that get taken by sharks, itās like youāre swimming at 2 a.m. in a canal.
Vladimir: (Laughing) Youāve asked for it, so you got it.
Troy: Yeah, itās the same every time someone gets taken by a crocodile in Australia, itās often a tourist and they went swimming next to the sign that says donāt swim with the crocodiles (Vladimir laughing) So what do you expect. Youāre gonna be eaten by a crocodile.
Vladimir: (Laughing) Youāve asked for it.
Troy: Itās funny that they call it, yeah this is like Darwin theory, right. Like the theory of evolution. The weakest and the stupidest will get eaten. And a lot of our crocodiles are actually in a place in Australia called Darwin. So you know, there might be something there.
Vladimir: (Laughing) Thatās pretty ironic. I like it. So you live on the Golden Coast?
Troy: On the Gold Coast. So we live in an area of Australia, if anyone looks at a map of Australia weāre sort of on the very far eastern corner. Just above the far eastern corners, Australia looks a little bit like a diamond on the eastern side. And the Gold Coast is a 6th largest city in the country. We have about 600.000 people here. Weāve got everything you could possibly want in the city, in terms of schools for our kids and health care and all sort of thing, but itās also very very lifestyle orientated place. So thereās lots of outdoor activity. Most people are here because they just really want to live in this place. Theyāre not here because they have to be, like Sydney or Melbourne. And if anyoneās curious about the Gold Coast, just go to Google Images and google the Gold Cost Australia and youāll know.
Vladimir: Yeah, Iāve seen some videos of you riding your jet ski on the Gold Coast. It looks wonderful.
Troy: Yeah, sounds about right. (laughs amused)
Vladimir: Okay, so you seem to be a very busy man. You travel a lot and you produce a lot of content and do a lot a traveling and conferences, but youāre also a family guy. How do you manage those two? How do you balance that? Do you have any problems balancing it?
Troy: Well I think, maybe the first thing to mention is if anyoneās interested in sort of how I do that, thereās a talk that Iāve done called āHack Your Careerā. And if you go to youtube and search for Troy Hunt āHack Your Careerā I talk a bit in more detail there. I guess to sort of answer it more specifically here, probably the most important thing with this is, that because Iāve got a wife and two kids this only works because she supports what I do. And if Iām gonna travel overseas, for example, weāll talk about it and go āHey, you know does this make sense? Should I go overseas now? Are you gonna be alright with the kids? Is it going to work?ā So we have a shared vision, if you like in terms of the way I work and what we find is that sometimes that can make things very hard. So Iāve been away for say four weeks at the time before, which Iām trying not to do anymore, but I mean thatās a very long period and then she has to look after two kids on her own. But the balance if you like is, you know weāve just said, āOkay, off Iāve been out playing tennis with my son. I mean itās nearly 4:30 in the afternoon here. Most people would be at work in their shirt and you know, doing work things and Iām just doing whatever I want.ā But the offset is that Iāll probably be working very late tonight and I normally start at 5 or 6 oāclock in the morning as well. So I am happy with that balance and Iām happy with the uncertainty that sort of independent life gives me, but that also doesnāt work for everyone. Iām really contentious of that.
Vladimir: Yah, I asked that because I find it to be the most difficult aspect for me at least for now, while I have a full-time job and I write a blog and do interviews and all kinds of stuff and still have to attend to my wife. Itās so difficult to balance all that. She does support me and she understands that I need to invest some time in all that activities, but itās still hard to achieve all that. So kudos to you for balancing all that.
Troy: Yeah, look thanks for that and just a full perspective as well and maybe to make you feel a little bit better about it too. I started blogging in 2009 and this was when I first started investing my personal time in this pursuit and it took years of blogging on evenings and weekends and then doing conferences and talks and everything in spare time and often holidays, before I made any money whatsoever out of it or before I had any sense that it might actually be something that I could make a career out of. So it took a very long time of sacrifices before things started happening and itās like Iām really really contentious of that every day, even now. Itās because itās still recent history now. It doesnāt seem that long ago to look back. Itās only sort of 8 or 9 years.
Vladimir:Ā You need to have that motivation and understanding that you need to sacrifice some things to get something else in the future. So thatās also the hard part. You need to believe in yourself and to be patient enough to get to that part when things start rolling down.
Troy: Well I think also you got to enjoy the journey. (Vladimir agrees) You know if someone was sort of saying āIām only doing this so that one day I could make more money out of itā. You donāt want to go like years being miserable and certainly, I did not, you know. Like I went years like not necessarily expecting this to turn into what it is today, but enjoying what I was doing ā¦
Vladimir: Yeah, you started because you like to do it.
Troy: Yeah exactly. And look if youāre not enjoying it, you might as well just go back and working on ā¦
Vladimir: Yeah, it wonāt succeed if you donāt enjoy it. At least itās what I think. Because it requires a lot of sacrifices and you need to be motivated and how are you going to be motivated if you donāt like what you do?
Troy: Well you know, your passion will sort of show through in what you do, too. And if it is something that you genuinely love and youāre enthusiastic about, then that will be obvious as you do what you do. And if you donāt, well you know itās gonna be hard.
Vladimir: Yeah, yeah my thoughts exactly. So I have one question for you. It might be a rumor, it might not, but Iāve heard that you teach people to do something called āsquirrel injectionā. Is that right?
Troy: Yeah! (Laughing)
Vladimir: (Laughing) Is that right? Are you a veterinarian, also?
Troy: Oh man. How much time weāve got to explain this? So Iāve been doing a talk. I think I first did this talk I mustered up a year and a half ago. A lot of the talks that I do at conferences; look theyāre security talks but their stories as well, right. So that theyāre not just the mechanics of security. I like to sort of take people on a bit of a journey and make it something that they enjoy watching. Like I want people to come to my talks and learn stuff, but to have fun too. So I try and draw a lot of sort of examples from the real world. I try and bring a lot of interesting insights into information security when I talk about it. And one of the things that I wanted to demonstrate to people is that SQL injection is a very very easily exploitable vulnerability. And when I was preparing for this talk I was looking at YouTube videos, because I wanted to see some of the YouTube videos that children were making about hacking. And when I say children, weāre talking often sort of 15, 16, 17 years old ā¦
Vladimir: Yeah, teenagers.
Troy: Legally children, but really still kids. And there are tools out there that make attacks like SQL injection in particular, really really simple. And I found this video of this kid and it was just perfect for what I wanted to demonstrate because the kid was very unsure of himself. He spoke in a not very confident sort of way. He used terms which were very strange. Like obviously he didnāt actually understand what they mean. He had trouble sort of finding the right words and one of the things that he said, several times in the talk is, instead of saying SQL or “sequel”, he called it squirrel.
Vladimir: (Laughing) I laughed my ass off. It was hilarious.
Troy: This is like itās just the most perfect thing to show in a talk, because everyoneās laughing at it, right. Saying this is hilarious. But thereās a deeper message here, which is that this kid is doing something highly illegal which is really really damaging to the organization and someone built the code in this application that a kid, who doesnāt even know how to pronounce SQL can come along and exploit and suck your data out of, you know. Like that to me is that thatās just a really really significant thing. So yeah, there was a bit of fun that talk and every time the kid said squirrel I put a picture of a squirrel up on the screen ā¦
Vladimir: (Laughing) Yeah, that squirrel jumped out of there. That was hilarious. Youāve had a few of those talks that are really memorable and I remember them to this day. I donāt have much of a visual memory but those talks really resonated with me and I liked them a lot.
Troy: Awesome. Iām really glad to hear that. Look, I mean if anyone wants any more talks that were done before and wants to see them; if you go to troyhunt.com/recorded-talks thereās how many now? Well, there are 38 talks that have been recorded and are listed there at the moment. So heaps of stuff including “squirrel injection”.
Vladimir: Yeah, you can watch for days. (Troy laughing) Thereās, there was one hilarious one. I think you tried, not tried but you did some SQL injection with your son when he was 4.
Troy: Hmmm, yeah. Iāve actually used him a couple of times. Iāve used him initially when he was 3 to demonstrate SQL injection. Squirrel injection!
Vladimir: Three years old?!
Troy: Yeah, yeah because if you can hold a mouse you can do SQL injection. And like again that the point of this was to show that all I really needed to get him to do copy and paste. Because using automated tools itās as simple as taking a URL, usually with the query string parameter and pasting it into one of these tools and just hitting the button and it goes. As heās gotten a little bit older Iāve actually used him in some conference talks. So Iāll be on the stage and Iāll do my talk and then Iāll sort of say āLook you know, let me show you how simple SQL injection isā. So I would get my son up on the stage. Iāve got him to do it a couple of times last year in Oslo and also in Sydney for the NDC conferences. He comes up on stage and heās like, heās 7 years old. Like heās still a little kid. So he stands up on a chair and he has a hoodie, so he puts his hoodie on (Vladimir laughing), cause heās gotta do that before he starts hacking. And everyone thinks itās hilarious and I get really good marks for the talk because thereās a kid.
Vladimir: That time he did it independently, you didnāt help him or anything. He had a script and did it from the start to the end.
Troy: We rehearsed it a few times because heās old enough now to actually know how to copy and paste on his own.
Vladimir: So besides attending conferences, you do a lot of Pluralsight and you have how many video courses right now?
Troy: Itās a good question. It must be nearly 40 of them. Actually, Iāve got quite a few that are just waiting to publish. So Iāve been doing a quarterly series right now called āSecurity cultureā. I put one of those out. Yeah, so one of those went out in January, in fact, I might just look now. It says 35, but I think within the next couple of weeks that will go up to about 40. So thereās the q2 of 2008 security culture is all recorded and ready to go. Iāve also got some play by plays coming up. So the play by play is where you have two people being videoed and they have a discussion a topic, so normally security for me and the people get videoed and then we show some things onĀ screen and they get videoed as well. So whatever, this is the exclusive insight of whatās coming. So Iāve got one coming on āJavaScript securityā with Aaron Powell, whoās a JavaScript MVP down in Sydney. I have got one on the āOWASP top 10 2017ā with Andrew van der Stock and heās on the OWASP Board and has been a really instrumental part of OWASP. And then Iāve also got two play by plays coming with Casey Ellis. So heās a mate of mine whoās the founder of Bugcrowd, the manage bug bounty program. So I was just actually putting the finishing touches on one of those today. So thereās one for bug bounties for companies that are thinking of running a bounty and thereās also another one which is bug bounties for researchers. So, if you are a researcher or a hacker and you want to get involved in bug bounties that course will help. So once all those are out weāll be up to 40 courses.
Vladimir: Yeah, play by plays are pretty useful in my opinion. Iāve watched a few of those on Pluralsight and I learned a lot there. Thereās one I think, about TDD or something like that, itās really really nice to see someoneās thought process when doing something like that especially if heās experienced, you learn a tremendous amount.
Troy: Thatās cool. Iām very glad to hear that. Itās always nice to actually hear from people that watch the courses, because for us as authors, most of the time weāre sitting at home on our own with no humans around and it gets really boring and repetitive. So itās actually really nice to hear that.
Vladimir: Yeah, you live in your head and donāt know if itās really useful or not and ā¦ Yeah, yeah feedback is really important. I love feedback. Every comment I get I read it and think about it and respond to it because I think thatās the way you learn and thatās the most important part of sharing knowledge.
Troy: Yeah, absolutely.
Vladimir: So, how much time you still have? Do we have time for some more questions orā¦
Troy: Yeah, Iām okay. I can keep going.
Vladimir: Okay. So I saw you recently attended a meeting with American Congress. So, howās that been for you? Have you been nervous, maybe?
Troy: You know, I wasnāt nervous. I donāt get nervous anymore and I know that there are some speakers who are very experienced and they say they still get nervous, but it doesnāt happen for me anymore and I think if anything I get a bit excited. Insofar I actually really enjoyed doing these things and maybe the excitement sort of overcomes the nerves. But for Congress you know, I was there at the end of November testifying on how data breaches are impacting our ability to do knowledge-based authentication. So yeah, if your bank calls you up and says or letās say you call your bank and you need to verify who you are and your bank says, ok well just tell us your date of birth and then weāll know that you are who you say you are. Except, your date of birth has been leaked in all these data breaches. Yeah, so you canāt reliably use that piece of knowledge-based authentication. And the Congress thing was very interesting because it was my first trip to Washington DC I was seeing all of these things that Iād only seen in the movies before.
Vladimir: Yeah, I can imagine.
Troy: Yeah, like all the memorials and stuff like that. You know, Iāve seen the White House Iāve only seen that in movies, like being blown up and stuff like that. You know maybe like āIndependence Dayā or something. And yeah, when I went into Congress that the really interesting thing there was that itās obviously a very formal environment. So on the one hand, thereās a lot of structure to it, but on the other hand, I was speaking to people who were sort of the staffers, who were organizing everything and they were very very normal, down-to-earth people. Very lovely people. And what I sort of really really worked on for my testimony, for my written testimony and then myā¦ So you had to sort of submit a written testimony, which I think was sort of a few thousand words and then a verbal testimony which is a five and a talk and then you got questions from congressmen and congresswomen and what I really had to work on was to try and explain things in ways that non-technical people could understand, but also give enough information such that they can then give my testimony to staffers, so that they can go away and do something useful with it. So you know, donāt make it detailed, but give enough detail they can use. And itās like that was fun. I kind of like figuring out how to communicate in a way that works across those demographics.
Vladimir: Yeah, and while youāre at it. I watched some of your videos at Pluralsight and they seem pretty down-to-earth and simple. Do you intentionally make them that way? Do you think it resonates better with people or it comes naturally to you? Because when Iām writing my blog Iām trying to dumb down things as much as I can because I think that most important thing is that more people understand it and not to get technical and complicated and to sound more authoritative or something like that.
Troy: Well yeah, there are a few things there. So in terms of Pluralsight, the vast majority of demographics of people who watch the courses want introductory content and we know this empirically. So we know from the numbers, from the evidence that if you write something for an intermediate audience, the number of people that watch it is going to be significantly less and if you write something for an advanced audience itās going to be significantly less again. And Pluralsight is a royalty based model, so when you sit there and youāre deciding āWhat do I do with my time? What is the highest and best use of my time?ā If itās anything not targeting beginners, itās basically a waste of time, financially. And I want to caveat it there because itās going to be very useful for some people, but if your purpose is there to make money out of it, then thatās not gonna be a good return. So yeah, thatās why the vast majority of my content is very entry level. In fact, just coincidentally, Iāve got some stats up in front of me at the moment and my most popular course in terms of, that the return of the effort is one called the āWeb Security and the OWASP Top 10: The Big Pictureā. And this is just slides. This is targeted at manager or people who might watch it over lunch or people with not any technical depth whatsoever. And thereās about 32,000 hoursā worth of that Iāve been viewed.
Vladimir: Oh my God. Thatās so much.
Troy: Yeah well you know, that is very important in terms of the monetary return. So the effort, it has to have a return. Now in terms of my blog, youāll see that thereās a really broad range there, you know. So if I think about some of the recent things Iāve written, Iāve gone into a lot of detail on content security policies, SRI, HSTs and that goes down to as much detail as anyone would need to actually implement it.
Vladimir: Yeah, thatās much deeper than some courses youāve done.
Troy: Correct. And then you have a look at other blog posts and they might be very high level. Some of them might not even be technical. Iām writing one at the moment, that I hope to publish today about how real-life examples that are not very good analogies for digital equivalents. So you know, when someone says: Well, taking data off the server is like walking into someoneās and stealing something. No, itās not, itās a terrible example. So Iām writing about that, but itās not technical.
Vladimir: Yeah, yeah, yeah ā¦ And itās a pretty way to explain to people that they shouldnāt rely on real-life examples. Like there was one with exchanging cards and data breaches, but if you exchange data either party gets both their data and the data they acquired from the second party. So itās not like exchanging cards where you give a card and get another one in return.
Troy: Well look, I understand why people are doing it. Itās because theyāre trying to explain things in relatable terms, but the problem is that very often in an attempt to do that they actually conflate the issues and they make it more confusing. And my sort of conclusion and what Iāve actually done is Iāve taken a lot of tweets that I got over last few days, in response to another blog post and Iāve tried to use them to demonstrate that look we just canāt explain the technology with these IRL equivalents and these in real life equivalents. And in fact, in this particular case, you can explain the technology perfectly, well just by talking about the technology.
Vladimir: Yeah. So, you must be careful when choosing examples to explain ā¦
Troy: Yeah. I think so. I think we can adequately explain things with just the technical terms.
Vladimir: Yeah, okay. Thatās fair enough. So you have done a lot in your career and have many titles and accomplishments. What are you most proud of? Is there something you would like to tell us?
Troy: I think to date it would have to be āHave I been pwnedā because this was ā¦ Itās funny when I think back about it because I was about to say this was something I never really gave a lot of thought to, you know. I just created it on a whim. I had some downtime when I was in my old job. I was in the Philippines for a little while and I had nothing to do so sat in the hotel room and I started building this. But thereās a part of me as well where Iāve always had this sense and if I think back even to sort of .com era and Iām thinking 1997-98 where I was building little things and marveling how even then, and that was before, cloud is out today as well ā¦ So I was marveling how you could just sort of sit on your own and create something that the world could use and could actually turn out to be really valuable one day. And Iāve always wanted to do something like that. And I didnāt necessarily think that āHave I been pwnedā would be that thing, but now when I look back at it; it has become something thatās actually really valuable and really useful. And I still find it just amazing that I can just sit at home and do this. Itās just one guy, right.
Vladimir: Thatās amazing and you talked about having millions of requests someday, some days when you go live on some media. Thatās unimaginable.
Troy: Yeah, yeah well. I mean itās even more than that because itās not requests, itās unique users.
Vladimir: Unique users per day?!
Troy: This is millions of unique users. In fact, Iām just gonna look back on my…
Vladimir: There was some 68 million or something like that youāve mentioned one time.
Troy: Yeah look, sometimes things do just go really nuts in terms of scale. You know, when I look at requests I had one-day last month, this was on 30th of March and I had 49 million requests on that day. Now thatās not users that was only 7,900 users only. (Troy laughing)
Vladimir: (Laughing) They liked it.
Troy: I know. This is the thing though, this is still just like the one guy sitting at home building some stuff. Iām still running in on yet very very cheap infrastructure as well. And youāve got nearly a million people in a day and the normal day now is somewhere between 100,000 and 200,000 visitors.
Vladimir: Yeah, thatās crazy. I canāt even imagine how that would be. So letās wrap this up and letās tell people where they can find you and maybe recommend some Pluralsight videos where they can start if they want to go into security a bit deeper.
Troy: Sure. So look, I mean obviously the most logical place to start is troyhunt.com. Thatās got a lot of stuff on it. Youāll find me on Twitter as well @troyhunt. Thatās got a lot of stuff. I use Twitter quite a lot. If you start there, those two places like lead to everything else, you know. Like thatās the center of the universe of Troy.
Vladimir: Yeah, so thereās the best place to start.
Troy: Absolutely.
Vladimir: Okay Troy. It was a pleasure talking to you. I would like to do this again sometime if you find the time. I was surprised you had time for this interview too.
Troy: Iāll make time. Look itās fun to do these things and you know, it gives me aĀ break from just sort of sitting there blogging or playing tennis.
Vladimir: Yeah, thank you for that and thank you for the wonderful interview.
Troy: My pleasure.
Vladimir: Weāll talk again sometime.
Troy: Good on you!
Vladimir: Cheers. Bye.
Ā