Pluralsight

Usually when we talk about information security, we're talking about the mechanics of how things work. The attacker broke into a system due to a reused password, there was SQL injection because queries weren't parameterised or the company got ransomware'd because they didn't patch their things. These are all good discussions - essential discussions - but there's a broader and perhaps even more important one that we need to have and that's about the security culture within organisations. This is...

Regular readers will know I create a lot of Pluralsight courses. It's now 5 years ago I started writing my first one [https://www.troyhunt.com/introducing-owasp-top-10-for-aspnet-on/] which incidentally, is still my highest rated course every month (apparently the OWASP Top 10 as it relates to ASP.NET is still a big thing). Most of the time, the courses I create are on topics I know well, primarily on security but occasionally with a bit of cloud and development practices sprinkled in for variet...

As many followers know, I run a workshop titled Hack Yourself First [https://www.troyhunt.com/workshops/] where I spend a couple of days with folks running through all sorts of common security issues and, of course, how to fix them. I must have run it 50 times by now so it's a pretty well-known quantity, but there's one module more than any other that changes at a fierce rate - HTTPS. I was thinking about it just now when considering how to approach this post launching the new course because le...

It's another Pluralsight course! I actually recorded Emerging Threats in IoT [https://app.pluralsight.com/library/courses/play-by-play-emerging-threats-in-iot] with Lars Klint back in June whilst we were at the NDC conference in Oslo. It's another "Play by Play" course which means it's Lars and I sitting there having a conversation like this: We choose to talk about IoT because frankly, it's fascinating. There's just so many angles to security in otherwise everyday devices, for example: 1....

I've been really actively involved with building things on Microsoft's Azure cloud for probably about 4 or 5 years now. Many of you will know already that Have I been pwned [https://haveibeenpwned.com/] (HIBP) was built from the ground up on Azure (in fact, one of the reasons I built the service was to play with Azure "in anger"!), what less people know is the work I'd been doing before that. In my previous life looking after Pfizer's software architecture in this corner of the world [https://w...

It's a great time for HTTPS. Actually, there's never been a better time and as each day goes by, we see constant reminders of how important it is. Someone sent me a great example of this just the other day by virtue of a bug that had been lodged with Mozilla [https://bugzilla.mozilla.org/show_bug.cgi?id=1348902]: > Your notice of insecure password and/or log-in automatically appearing on the log-in for my website, Oil and Gas International is not wanted and was put there without our permission....

This whole "personal brand" thing is a really interesting space. I mean here we are talking about people as individuals such as you and I yet applying a term to us in the same way as we'd talk about brands like, say "Ferrari" or "Apple". I pick those simply because they're two of the strongest, most recognisable brands I can think of which makes it a whole lot easier to draw some of the parallels I'm about to. The first thought I really gave to brand was about 7 and a half years ago when I wrot...

Many people will disagree with this post, not so much because it's flat out wrong but because there are so many different approaches one can take. It's a very subjective realm but I'm going to put forward some suggestions, make some considered arguments and leave it at that. The context is twofold as suggested by the title: Firstly, I get a lot of people asking me about how to get a start in the security industry. I've regularly reverted with "stay tuned, I'm writing something" and this blog po...

If you're here reading this then it probably won't come as a big surprise but brace yourself anyway - we have a security problem. Yes, yes, I know, it's all very terrifying and not a day goes by where someone isn't getting cyber-something'd. As best I can tell from the news, it's pretty much all to do with guys in hoodies sitting at green screens pwning all our things. I'm quite sure that's the case, I even did a quick check on Google to confirm: I talk about these crazy hacker perceptions in...

I've done a number of "Play by Play" courses for Pluralsight this year on a range of topics including Social Engineering with my mate Lars Klint [http://app.pluralsight.com/courses/play-by-play-social-engineering], Deconstructing the Hack with my mate Gary Eimerman [http://app.pluralsight.com/courses/play-by-play-ethical-hacking-deconstructing-hack] , Modernizing Your Deployment Strategy with Octopus Deploy with my mate Damo Brady [http://app.pluralsight.com/courses/play-by-play-modernize-with-...