I just spent almost a month in Europe and did an insane number of events: 7 workshops of 2 days each, 6 conference talks, video interviews, Pluralsight courses, media events, multiple user groups and amazingly, absolutely everything went perfectly to plan! Trips like that are both very intensive and very fulfilling and whilst 27 days was longer than I’d ideally like, I had a fantastic time in Europe so I’m coming back again – twice – in the coming months.
I’ve give you the tl;dr version first then explain what I’m doing after that:
- May 3-4, Techorama in Belgium
- May 5-6, private workshop in Barcelona
- June 6-10, NDC Oslo
- June 13-14, public workshop in London
Everything except for the private workshop in Barcelona is open to the public and I’m hoping to add other events around the May and June trips to make the most of being over the other side of the world (get in touch with me if you’re interested in a workshop at your company). Let me tell you a bit more about what I’m going to be getting up to.
I originally had to decline this event as it was just a bit close to the June travel and without other work to do whilst over there, it’s a huge commitment to justify when you’re coming from the other end of the earth.
But I kept hearing really good things about it and when you look at the list of speakers, obviously it’s a world class show. Fortunately, I had the Barcelona training come to fruition a couple of weeks ago so I was finally able to give the guys at Techorama the nod and lock it in. I’ll be doing two talks there – my favourite two talks – and I’m yet to do these anywhere and not have them rate through the roof so I’m pretty excited about doing these again in Belgium
You can buy tickets to Techorama here.
This is what gets me to events like Techorama these day – the ability to go and spend time in organisations training their teams to build secure software. These are highly engaging and interactive workshops that get participants actively exploiting risks in vulnerable software and learning defensive patterns to help keep their organisations away from the news headlines. If you read this blog frequently or follow my Twitter account, think of the workshops as all the sorts of things you see me talking about there but compressed into two days of in-person and hands on training.
I’m presently rebuilding troyhunt.com (which is long overdue) and I’ll have a bunch more workshop info on there. I reached out for some comments I could share in anticipation of them going into the new site, a couple of which I’ll share now:
Troy’s hand-on workshop’s with our team, really boosted the security awareness for all who participated. We found immediate benefits just from developers applying the knowledge learnt and discovering gaps in our existing systems. A lasting benefit was also seen, with security now a permanent and understood item of discussion in technical reviews.
- Glen Foley, Liberty, Australia (financial services)
That was down in Melbourne a couple of months ago and I really like the change in culture that exposure to security in these workshops drives.
Two days with Troy has shown us just how shockingly easy some vulnerabilities are to exploit, but we now feel a lot more prepared and equipped to defend ourselves.
He has put us in the mind set of thinking about security with every line of code we write, shown us how to attack our own code in a way it likely be attacked in the wild, and taught us how to avoid the common mistakes developers usually make. And all in a really engaging & interactive style.
Money well spent. I couldn’t recommend it enough.
- David Cook, Compare the Market, United Kingdom (insurance and finance comparisons)
This one was the last stop on my recent trip at a little spot called Peterborough and I was especially happy to see feedback about the engagement and interactivity. We’ve all been in training which is dull and hard to get immersed in and I put a huge amount of effort into making these events both fun and insightful. I want people to go away having loved spending 2 non-stop days delving deep into a topic that empowers them to make a really impactful change in their job and by all accounts, the workshops do just that.
Some of the other recent pics and feedback shared by those who were there tell the story firsthand:
Workshop with @troyhunt was an eye opener: I did not suspect how easy it was to actually exploit an SQL-i vulnerability or XSS. Thanks Troy!— Pierre Arnaud (@epsitec) January 13, 2016
Thank you @troyhunt for your wonderful workshop on security practices! It was very enlightening!— James Bach (@mechaspam) January 13, 2016
2 epic days with @troyhunt ! He's an amazing knowledgeable speaker and his security workshop is a most for anyone developing web services— João Lebre (@jplebre) January 28, 2016
Today's training is in a 13th century barn which is without doubt, the coolest spot I've run a workshop in to date! pic.twitter.com/beCMiFgcCA— Troy Hunt (@troyhunt) January 29, 2016
Hopefully that gives you a bit of a sense of what goes on at these workshops. I’ve got a heap of other information offline (soon to go into the rebuilt website) so get in touch if you’re anywhere in the vicinity of Europe (or between Australia and there) and would like more details. Ideally I’ll do a couple of extra workshops on each trip but I’m going to avoid turning it into an epic like the last one so will keep the events to a minimum. Oh – I always try to get along to a local user group too so if there’s one you support and would like me to come and speak in the midst of a two-day workshop, I’d be more than happy to!
When it comes to NDC, I’m making things real easy these days – I’m going. No questions asked, I’ll be there. Oslo the last couple of years, London last month then Oslo again this coming June and for the first time, Australia in August. “Yes” to all and for the first time at NDC, I’ll also be keynoting in Norway.
I’m really excited about this event because without a shadow of a doubt, it’s the conference highlight of the year. It’s just so well run and as both a speaker and an attendee you’re exceptionally well looked after plus it’s a 2,000+ person show with some of the best tech speakers in the world. My keynote is already coming together (yes, I have nearly 4 months but I do like to plan in advance!) and I’m really looking forward to doing something a bit different. It’s not a security talk (although I’m sure some app sec will inevitably creep in), but it’s enormously entertaining and if I get it right, it’ll be insightful and educational as well.
You can buy tickets for NDC Oslo here and you’ve still got a few weeks left before the early bird pricing expires so hop to it!
London public workshop
As well as doing private workshops where I’m onsite at a specific organisation, I do the occasional public ones where anyone can register and come along. In June right after the NDC conference, I’ll be back in London courtesy of Learning Connexions:
Their site has an overview of the workshop which is the same one as I run privately albeit obviously open to the public. What I find really interesting about these workshops is the diversity of experiences the attendees bring; when you have 20 or 30 people from different backgrounds working in different organisations with different security challenges, you get a really rich dialogue that makes every workshop unique. In fact, to that effect and whether it’s public or private workshops, whilst I have a syllabus I’ve created and work to, the attendees always drive the discussion in the directions that best help address their specific needs. This is the joy of in-person workshops and I find it a really good way of balancing this form of teaching with what I do for Pluralsight. In fact most of the time when I run these events, individuals or organisations already have Pluralsight subscriptions and we structure the event so that they get the most out of each; heaps of interaction in the workshops followed by in-depth training on discrete topics if they want to drill into the Pluralsight content at a later date.
Last thing on workshops: one of the things I’m finding really curious is the number of times these events are leading to discoveries of nasty security risks in other people’s software. For example, last year after a workshop down here in Aus we ended up finding a rather serious oversight in the realestate.com.au app on Android which had their password transmission going over an unencrypted connection. More significantly, whilst in the UK we found a case of a taxi app leaking information about drivers and other passengers. The really intriguing one though is a major car manufacturer who exposes APIs in a way that allows anyone to control certain functions of their electric vehicles. The car one in particular is very serious and I’m now working with them privately to resolve the issue before I write about it further which in a very meta sort of way is another good lesson from the workshops; how to approach ethical disclosure. To be clear also, the sorts of risks we’re discovering here are found simply by observing the traffic between the client (frequently a mobile device) and the server when using the software as it was intended to be used. I’m astounded at the ease with which we continue to find these risks (this one about remotely controlling tractors is another good example), but equally, I’m delighted that just a couple of days of learning what vulnerable patterns look like is enough for people to make a really positive difference to online security.
Get in touch
I’ll be trying to lock down agendas over the next couple of weeks so I can book tickets in a busy time of year for Europe. If you’re interested in learning more about the workshops, ping me on firstname.lastname@example.org