We Hack Purple Podcast 25 with Troy Hunt

Show Notes

 Learn what it's like to be... TROY HUNT! He has had an incredibly interesting career, arguably unlike any other.  Follow him on twitter!

Thank you to our sponsor Thread Fix!
https://threadfix.it/

Buy Tanya's new book on #ApplicationSecurity: Alice and Bob learn Application Security.

Don’t forget to check out #WeHackPurple Academy’s NEW courses, #AppSec Foundations taught by Tanya Janca! https://academy.wehackpurple.com/

Join our Cyber Security community: https://community.wehackpurple.com/
A Safe place to learn and share your knowledge with other professionals in the field. 

Subscribe to our newsletter! Sponsorship info: info@wehackpurple.com . 

#TanyaJanca #SheHacksPurple #DevOps #CyberTraining

Find us on Apple Podcast, Overcast + Pod 

Transcript

0:00

i'm not sure if there's yeah let's see if we go on the channel if it'll just start streaming because sometimes it does that so let's hit a refresh button and see if no it's not i don't think oh we are on okay it's working and we're on a new stream so i need to or we'll see we're yeah we're seeing you so i'm gonna go over to the other one and tell everyone to come over um how do i oh okay okay so hi we're live but on the main page please join us um so let me see if i can get over to where the main page is so that's us here how do you do that like is that is that honor because i'm on the you uh that the youth yeah we hack purple page and the only one i see latest from wee hack purple is uh the one we're just on yeah no i've i think i've got us um so if you go to the main page you may like the web page no go to um youtube.com we hack purple yep that's right okay yeah and um matias is saying he can see us and so does this mean that you can hear him i just saw it uh it's up just updated i'm a long way away here in australia sometimes it takes a while to come up okay so i now have like four toys on my screen so no offense i'm gonna give it so there's just one of you because that's a little confusing for me okay so uh if you don't mind can we take it from the top hi saeed hi mathias hi everyone thank you for coming sorry for the confusion thank you okay so people are joining now so that's great um so how much did all of you see did you see some of it and then we disappeared or did you see nothing because we could take it from the top or we can take it from when everyone was saying what's going on someone says maybe give everyone a minute to give the others time to catch up to go to this screen if i look at the other screen they're saying i see you running on the main page okay great so everyone come on over here um it says we have three people watching we didn't see a thing okay so they saw nothing okay so i'm gonna take it from the top um so i'm just gonna put on like the start screen and ready one two three welcome to the we hack purple podcast where each week we listen to someone from the information security industry and they tell us about their interesting types of jobs this week we have troy hunt and he has a very interesting job and i must say it's rather unique we are as usual sponsored by thread fix and we hack purple also launched our academy this week and we are going to make a bigger fancier announcement of it soon because the marketing team's all over it but if you want to see a sneak peek go to academy.wehackpurple.com and you can see our fancy newness but with that what we all really want is to meet troy hunt and so let's do it welcome troy hello thank you for having me back again for like the sixth time that we've done this intro um thank you for being patient despite our technical difficulties um nah not a problem like it's it's funny like even before we started recording we're like why doesn't the sound work it's not me i tested the sound and then we're like no it's me because the sound that's played on the sound test seems to be using a different audio device to the sound out of skype after you actually join and then we're saying like how do normal people like assuming that you and i are exceedingly abnormal like how do normal people actually make all the technology work they don't seriously i had a time i had a phone call with my dad and he it was like a voice where you could see me and the entire time all i could see was his shoulder because he is just aiming it like this looking so he could see me and then i could just see this part of his shirt it was like a very nice plaid shirt um it's like when i face time with my parents and that they're holding it like this and i'm like where are you is you like move your finger move your finger off the lens you can see yourself in the little picture down the bottom yes okay well now that we seem to have connected and people seem to be on the chat and life is good um could you tell me about because you don't have a job you're sort of an industry influencer you don't have a as in singular job it's like you have 20 jobs and some of them pay and some of them don't like yeah it's a really really weird thing so um i've just been articulating a bunch of this so in our take one of this version i mentioned that my breaking news today is i'm writing a book right it's sort of like it's it's more collating a bunch of things i've written and then just adding a lot more stuff around it in terms of like what was happening and why did i do this and what were the back stories um and part of that as well what's that what is it going to be called uh we we have several working titles at the moment but it's thing it's everything from like titles to covers to how you promote it and the thing like it'll be it'll be a book you can buy as well so even figuring out like how do you price it and how do you sell it and how do you make sure it's not just boring um so yeah um i might even sort of open source some ideas on things like titles but it's um it's just interesting that and this is sort of some of the stuff i think about as i've gone back through and you know gone through the history where so much of of what i what i do now i always did and i never did it because i wanted to make any money out of it i have a career out of it i just did it because it was kind of fun and i enjoyed doing it and then over time it just it just morphed into something which is which is now more than what i ever could have expected it to be so yeah i mean a lot of like i'll sit down and write a blog post it's not like i'm sitting down going oh i've got to make some money today so no i just really really want to talk about this thing because it's bugging me or i think it'll be useful for other people or i'm excited about it and then i do it and then so many times in fact this is one of the things i'm writing about with sort of the retrospectives on a lot of these blog posts so many times it later turns into something else yeah things like the blog post i wrote more than a decade now about the only secure password is the one you can't remember and it's like here's one password and it's amazing and now i'm on the board of advisors it's just funny these things happen did you know they're canadian yes i did i do that that would be something that someone on their board advisor shoppers should know oh um someone is someone is commenting troy hunt i loved a thing and it just got really big and that's passion oh and someone else's oh they're just talking to each other now in the chat that's awesome hi everyone hi jason welcome i'm glad everyone made it yes okay so what title would you say that you have like well i kind of tailor it uh as required so i've got a lot of different titles i can legitimately use of various levels of of i guess saneness and meaningfulness to people uh yeah like okay i'm a microsoft regional director so that sounds really cool i can use that when i need to sound important or i i'm from a company that people relate to uh incidentally i don't have a region i don't direct anything i don't get paid but you know like let's just leave that bit out of it because this bit is the right title at some at some certain times uh other times you don't get paid to do that no no so rd's and mvps no money whatsoever we do get some visual studio licenses which is nice but did you know that they measure their profits in trillions is it profitable revenue or market cap intro look okay maybe it's hundreds of billions but but either way yeah yeah look i'm aware of that it's one of these things where uh there's a lot of what i do which has no expectation of certainly direct remuneration or anything that's going to you know contribute to my top or bottom line or anything like that but i either have fun with it or it's a good community service or it's it's part of of a bigger thing and and there's all these different parts that contribute to i guess making all of us who we are and and then you know they don't necessarily help us make money either yeah i hear you are you are you seeing the comments in the chat dollars dollars dollars dollars uh but no no i i hear what you mean sometimes you do a thing because you love it sometimes you do a thing because then it gets you the access that you want if that makes sense like yeah yeah it it it makes sense to say it that way i think what's a little bit different for me and and and i had a luxury and the luxury that i had and you'll be able to read all about this in my book uh the lecture that i had is that i had a corporate job so i was working for pfizer and i was there for 14 years in total and i was getting paid you know well for a corporate job normal but well for a corporate job and i could focus on other things that i wanted to do as a passion without them having to be revenue streams so i could go home and write blog posts or i could create have i been part i could do any of these things without the need to make money from it now as time went by i started doing things like pluralsight courses which which was yeah purely financial like you don't sit down and do that amount of editing for fun there's nothing at all fun about sitting there editing pluralsight um but uh but i had the luxury of a stable corporate job and then by the time my corporate job wound up when they decided they didn't want me anymore which is fantastic incidentally it's called it's a redundancy there are a bunch of us who uh who they decided that they no longer needed the roles anymore but by the time that happened all the other stuff had built up and then as i've said this probably before anyway but i was making twice as much money from pluralsight than i was my job by the time the job disappeared so wow i guess the point is is that all of the things that are around the the very community-centric stuff i never had an expectation of making any money out of it or if it leading to anything that makes money it's just that this was a fun thing to do at the time and that's i think that that's what sort of shaped my like ethical and moral compass as well like i want to do stuff because it's stuff that i want to do or stuff that i think that's useful if it makes money as well yeah that's great if it doesn't that's fine that's awesome my um one of my professional mentors told me that he said tanya do what you love and the money will follow and i'm like tell that to a bunch of like ballet dancers that aren't very good that never make it into anything right but he's he's like if you love speaking at conferences and meetups just keep doing it and money will follow and then now i train people professionally and so and sort of did follow if that makes sense like and it did open up the doors i i guess it's it's a question of what it is isn't it let's say it was me with ballet and i loved it i'm not going to make any money ballet maybe if i loved it enough maybe i could make money out of ballet commentary or writing about ballet or something like that but i think you've got to have a combination of of the the passion and the talent and the luck as well and one of the things that that i'm really conscious of is that i had a number of things that that happened to me that were very lucky and they amplified all the other things so there's a book i really like uh called the outliers by malcolm gladwell and i first read this must have read about 10 years ago and it was basically that the secret behind success and he would look at everything from really successful football players to bill gates and this sort of thing and that the thing that really struck me is that consistently for every one of these people they got really lucky and they're really good at what they did so gates had access to computers by virtue of the university his mother was working at a lot of the football players that are very successful are born in a certain month of the year and that month is important because if you're born on the month before you're the youngest person in an age group but if you're born on this month you're the oldest person so you're bigger and you have more talent and then you get more opportunity and it just amplifies and amplifies but they're really good football players as well so they have to have both of these things so i was very lucky to be living in a place that was very technical when i was i was a kid i used to live in singapore for the last few years my school and it was like a tech hub and then i was lucky enough just to bump into certain people that gave me opportunities later on and i worked bloody hard at it and then these two things sort of you know leverage off each other yeah opportunity plus lots and lots of hard work equals good luck yeah it tends to be and one one of the things that that absolutely drives me nuts is when someone will pop up on on twitter because everyone on twitter has a bloody opinion and they will see my lifestyle today or or or something that represents success and they'll think that somehow just it just came easier it came overnight or the other one i get a lot is based on my race or my gender or something else must have been easy so well everyone has to work really really hard at this and then some people have it easier than others due to all sorts of things whether they be good luck or good genes or whatever else it may be but none of it happens without that intense workload as well yeah i totally agree did you know malcolm uh gladwell's canadian as well as i pointed out there yeah you have a lot of canadians in your life a lot of times i was having beer with one of my favorite canadian friends on saturday night[Laughter] so what would you say a day in the life like is for you like so when before the part no one heard i was saying did you get like 50 000 emails per day and then you shocked me by saying you did not no um so i get between about 20 and 30 emails overnight now get a lot more during the day but i get up in the morning and of course we're on the other side of the world for everyone so a lot of stuff's happening in europe and the us overnight and i'll get up and i have 20 or 30 emails which really isn't too bad and some of those are things like google alerts for searches for my name and have a bampong just to sort of see where it pops up so that's that's fine there's usually not a lot of stuff i wake up to that that then requires attention but then by the time you add in like the tweets and things like this as well there's a little bit more so i get up you know normally 5 5 30 or something in the morning and i go through and i'll kind of read this i make a coffee i sit on my deck out there right on the water side it's all peaceful and there's just like fish and dolphins and stuff seriously we have dolphins in the backyard it's just epic so sit there have my coffee look look at the occasional dolphin or something and read these emails and i guess it's a bit like everyone where you have some things that might be in your calendar uh so you know you're in my calendar for today and then there's other things that pop out of nowhere so the the one that's kind of popped up out of nowhere today is there's a a media outlet a tv channel here that wants to do an interview around um around scams and yeah they've just emailed me saying yep okay i've got to talk to them in about an hour uh so it's like okay well that's that wasn't in the plan but yeah that's cool i like talking to press because it's it's interesting and then mom and dad get to see me on tv and they get really excited about that[Laughter] i still try to impress my mom i still i still want to impress my mom all the time of course it's a very unpredictable day in many ways but i kind of like that as well and to be honest like my biggest challenge is keeping focus on the things that i actually need to focus on and making sure i don't neglect them because i get distracted so easily by other things i'm excited about like at the moment all these screens here are full of home assistant and iot stuff i'm busy doing and the 3d printer i just got is downstairs like building a new model and i'm trying to get some stuff going with 3d printing and and i see that and it's a little bit like what i'm saying before i don't have any expectation of making any money or a name for myself or anything like that out of iot or 3d printing but it's cool and i want to do it and i will sacrifice other things that are often you paying things because i want to do the cool thing so i'm just i just have like these these consistent you know devil and angel on your shoulder dragging me in different directions based on different priorities i feel like that all day i'm like i want to write like 47 different blog posts like someone will send me an email and say like someone sent me an email a few days ago and they're like tanya the oauth testing guide version 4 says this but your book says that and now i'm in the middle of a pen test and a scanner said this and i don't know if i should tell them it's fine or it's not fine and then i'm like i must read the oauth like testing guide version 4 and i'm like it is in there what's happening and then i like write the team and i'm like can we talk about this and then and then yeah i think you have to get to the point like i had this realization a few years ago which is i'm just never going to be able to reply to everyone so on my blog i have a contact link and i have a bunch of stuff in there about what i will reply to what i might reply to what i won't reply to and i probably need to revise it but i sort of got to that realization that as as my profile grew and there are more people interested in what i do i'm just i can't scale that far and i always thought you know what's it like for people that are properly famous you know not like infosec famous but what if you're you know like a movie star or something like that like there's no way in the world they get to deal with all this they have to shut a lot of stuff out so i just find myself filing a huge amount of stuff with no reply whatsoever and sometimes people go well you should just have a template you know and just reply with something out of the template but the problem is if you do that you begin dialogue and then they want to reply as well and then it's like well at some point i have to start ignoring your emails it's the only way i get to play with my kids for example yes yes no it's such a thing um i'm actually launching a new website soon and there's gonna be a faq section and it's me the video answering like the 20 most often asked questions and so i'm making my marketing people made me make a facebook account they made me yeah you hear me mateos they made me that's when my team is watching and they're like you have to grow up and get a facebook account like an adult and i'm like oh but i won't answer it like if someone sends me a message i'm not answering it's just going to be a link to my faq and say i'm not here see me on twitter i think part of it as well you can sort of decide how you want to how you want to push people to communicate with you so just while we're doing this i got an email from someone in the south china morning post a journalist so the big news here in australia yesterday and today is that facebook has banned news you've probably heard this like even on the other side of the world and it's a massive thing so someone this journalist wants to talk about it and they've sent me a bunch of questions here so i'll reply and say i'm happy to talk if you like here's my number because then i can go down and keep playing with my 3d printer or fixing my boat while i talk to them i talk to the guy in china so that i can do other things and multitask and i can as much as i like this room i mean but i can get away from the computer and away from the room and you know do other things yeah i do a lot of phone call meetings where either i'm speed walking all around my neighborhood or i'm in the garden moving dirt or like planting things or whatever harvesting vegetables is like a really good way to like it's just like oh i have so many zucchini so many zucchini um yeah yeah i have planted too many zucchini oh um oh someone is saying we hack purple maybe tweet the new link new link to what uh to this live stream i i tweeted it while you're talking before okay good thank you i'm glad one of us is paying attention i wasn't trying to fix the thing at the same time so that's a bit more availability so um oh i'm gonna thank my sponsor while i remember i want to thank threadfix for being our sponsor and for making the most stupendous vulnerability management system this side of the galaxy they didn't ask me to say it that way but i think it's cautious i wonder if that was in the agreement to do like a high-pitched kind of think about like that guy from the wrestling that's like are you ready to rumble it's like a little bit like that yeah yeah so what um what type of personality traits would someone need to be able to one day do a job like yours or like line themselves up in a way so first of all having an incredible work ethic is definitely super important right and then i think being able to have really good time management sounds really important but what what other types of things do you think like that you would need to be able to do these types of things because it sounds like passion and curiosity is really important i almost feel like i need to answer the question a little bit in fact i had two thoughts from you asking that should i answer the question a little bit differently because i don't think this is sort of a career that you can sit down and plan to have because it's such an organic kind of thing that that just occurred the way it is but then again i think that people like my good mate scott helm in the uk is on a very similar trajectory and and maybe that what's interesting is is the personality traits that that we share and the things which have kind of led to this and i think i don't know that i'm particularly good at time management in any traditional sense every time you read anything about time management they're like you need to do things this way and that way in that way and you've got to have this kind of list and use this software and prioritization and whatever else and i um for the most part just keep stuff in my head and i do what feels right at the time but i think it's um when i look at how it's progressed over the years the things that have made my career work well is that there's definitely a transparency and an authenticity and like we've met face to face before when we're allowed to do it and this is exactly the same conversation that both of us had at that time and it's the same tone and behavior that i have with my mum and dad and with my fiance with my kids and everything like that there's not a a veneer or a mode you go into and nothing bugs me more than people who can just put on this face for one thing and then there's someone completely different and something else it's just just excruciating to watch i know some people like this so i think that the the authenticity side of things has been really good and incidentally that's the sort of thing that later on uh sponsors and organizations that want to do brand association and things uh look for the you know that they they want to attach to something that people look at and you feel is trustworthy so that's been very good for me uh i i think the diversification's been really good so if i look at where i spend my time it's spread across a lot of very independent things if i look at where i earn my money it's spread across a lot of very independent things and occasionally one of these things dries up or fundamentally changes and unfortunately i can sort of do that and no one thing really makes a tangible difference to my life and then there'll be something else that comes up so the diverse location i think was really really important i remember uh when we when we had our redundancies at pfizer and this was announced uh geez just over six years ago at the start of 2015 are about uh there must have been about a dozen of us in a room and the uh the most senior person there was a lady in the technology department and we didn't know what the meeting was about this is a funny thing i should put this in my book actually didn't know what the meeting was about like we turn up to this this room after having received a meeting invite which is just like the subject is like updates and then you're looking at the list that's a really strange list of people to have in a meeting about updates and i'm thinking i wonder you know i wonder if it was going to go down this way here we go to the room and the most senior person there's this lady who's been there like for 20 years and she's crying i said oh this isn't going to be good i can see where this is going to go now and i just remember um looking around the room at a bunch of people who were like just just going white like they were so scared about what is going to happen now to their job because this is very understandably how people feel when they when they lose their job and i'm sitting there going this is freaking awesome it's going to be amazing because redundancies are going to pay you out to go and say i can get my exit but these people were very much like most people where their entire life their entire revenue stream is based around this one job that they have to hold so dearly and it's so many eggs in the one basket and honestly one of the things that that allows me to be a lot more relaxed and focused on things i really love now is to not have that dependency anymore yeah you know what though a lot of places like when i worked at microsoft i wasn't allowed having other jobs um like every time i would come up with a thing they'd be like that's a conflict of interest you can't do that and so i i've always had like a second income stream like growing up in poverty and then also just like being like just being like that like not wanting to be too dependent on one thing i've always liked to have other income streams and yeah i felt really uncomfortable with that because i was i was just like no but then you're my whole world right and then like what if we have a fight and we want to break up right and like not when i planned it do you know what i mean as opposed to like me deciding to leave like what if i didn't make the decision and it's a surprise um and then that's really scary and you know that's that's exactly what i wrote in my very first ever blog post so this was september uh 2009 where i said look i don't know how long i'm going to be enamored with my job and it turns out it was only a few more years or how long they're going to want to keep me and it was only a couple years after that but you've got to remain marketable and i guess there's a difference between like remaining marketable and being able to do other things on the side and i get the microsoft view of that but it does feel like a very old-fashioned traditional view as well um the way i dealt with that in fisher is i just never asked yeah anyways it's because i had a public face as part of their job and then all the other jobs people wanted me for were similar do you know what i mean i'm sure like if my neighbor was gonna pay me to mow their lawn that would have been okay but like oh i'm gonna travel over here and then i'm gonna like teach infosec at this conference and it's like no you can't really double dip like that and i'm like but i'll take the days off like do you know what i mean and it yeah and i get it like that they they don't want to have this appearance of conflict of interest i i get it but i'm like i'm uncomfortable i want to want to diversify i know i know and it's um you know we i guess we're both fortunate to have that choice but i it's also a bit of a leap of faith to some degree as well to to go out and go i'm gonna you know catch my own food so to speak um so this is the trade-off you have you know do you want the the certainty yet the constraints that come with working for uh for a big organization for most organizations or do you want to be able to wing it a little bit more and i i think i just kind of got lucky with the timing you know again we come back to the fact that a lot of this is luck as well right lucky with the timing where i was able to sort of do a bit of both someone is saying if a company wants you to belong to them they should have to pay for that level of exclusivity well they feel like they are right they they do and they can set the terms and you know maybe i mean let's let's take say microsoft advisor out of it and the hypothetical acme core like if acme core really wants to keep you and you're saying look i want to be able to do this or i'm going to go then you know they'll be able to make that call every organization can ultimately make the call one one thing that i really never had much patience for even to this day is when you deal with the company and then they'll go we don't do this or we don't do that or we won't do this so yeah you will if you're motivated enough to now if you're not doing it you're just not motivated enough to that's you know that's that's it or it's not worth it to them right like i've seen them do some things for some employees and not do it for other employees like i i don't mean like i don't mean microsoft i mean other places i've worked where it's like i could get away with things that other people couldn't and i remember my boss saying yeah she always gets the overtime because she actually gets [ __ ] done if you start getting [ __ ] done i'll talk to you and i was like yeah and this is the thing like at the end of the day for them like that would just be a business decision right um when i think about some of the even some of the commercial relationships i've had where companies are not going to name any names here but that sort of say things like we don't do this it's like well you can choose if you'd like to we can do this otherwise we don't do it you know you you pick which one i don't care i'll go play with my iot on my 3d printer if you you don't want to do that yes yeah i've had a lot of interesting offers since starting my own company like um this company wrote me and they wanted me to design custom training that was three days long and they were willing to pay a total of three thousand dollars for me to deliver it and make all of it just for them and i was like oh no no i can't afford that no that's ridiculous and i'm like in the going rate in industry is this and they're just like well we'll go elsewhere and i was like don't let the door hit your butt on the way out like i'm like okay like is that like a threat like i'm fine right like but you have to be in that position where you feel fine what i what i keep coming back to is that uh you know this is let's say in a case like that i don't think it's necessarily that that they're dicks it's just that they have a different set of uh priorities and a different set of values on on the same things and if we can't be aligned on this then it's then it's not a good fit but there are loads of cases where i've just been happy saying okay you know i'll give you a good example like blog sponsorship i have sponsorship on my blog it is a line of text i don't have any trackers on there i don't have any cpms or commitments about exposures or things like this and i've had plenty of companies before so you know look we really want to know like what's your click-through rate it's like well the the sponsor knows that because i don't mind if they have a utm tag or something like that on it and i said look if you really want to know that information that's really important to you this is not the right fit for you you know this is more about brand association than it is about being able to track through individual plenty of places you can go and pay for clicks but this is not for you uh it's not that you're wrong but it's just not for you yeah yeah exactly it's not that you're wrong is that this isn't a good match so i hope you find your match but it's not here yeah that's such a good way to put it so what do you like best about your kind of career job right now like what would be your favorite thing about it independence um and and i appreciate it much more now than what i did a couple of years ago so as as you and others probably know i went through a merger and acquisition process with ever been phone looking at if it should go to another home and as i was going through this process there were lots of um lots of points where i had to consider what would it be like to work for someone else and i'll give you a story let me check first can i swear on this podcast yeah excellent all right so okay so here's exactly what happened and so after we stopped recording i'll tell you which company this was as well but i'm not going to tell you i'm not very good but one one company large company who i was talking to um the person who would be my boss if the acquisition went through i had a phone call with and this was just after i'd been in san francisco for about two weeks just like literally going to every big tech company with bankers from kpmg like shipping this thing around uh in this like crazy silicon valley tv show kind of reminiscent way yeah and we're done with that and um charlotte and i had driven to i think we had a night in yosemite and then we're gonna drive from yosemite to death valley and there was like one place we could stop so i could have this meeting and we're sitting there looking at this like amazing amazing pictures scene in this rental car and she was sitting there as well and i had the thing on on speaker having this phone call with the person who would be my boss and uh and i was tired and i was getting fed up from the whole thing as well and the guy was like so troy what does your perfect day in the office look like and i'm like like in my head immediately i went i get up i get on my jet skin and i do whatever the [ __ ] i want that's what my day looks like and like that i think was the real penny drop moment where i was like do i really want to end up working for someone else there has to be a really really good reason to give up independence and i was i was starting to have like quasi nightmares about having to put the shirt on with the logo or whatever company it was and it's like i am now pimping all of your things like that just did not feel good to me yeah yeah i've had um some people uh approach me about buying weehack purple and i'm like you just want to hire tanya jenka you don't want to do all the like i i don't know if you saw on twitter this week but we've been giving away um free passes for people to graduate with a certification but they have to do all the work um to a bunch of women of color and then we had some donors so people donors keep coming in and they're like well we'll pay for someone to go and then i've been sponsoring them at two to one so i'm like i'll just pay the rest out of pocket for the other two and so we we still turn a small small profit right but i'm like yeah let's do it and i'm like oh if someone else buys our company i'm not gonna be able to pull crap like that where like because we put we're putting 22 women of color through this program and it looks like we're going to put 33 more in once some donation funds come through and i like that's not a thing that another company is probably gonna be like no we're not gonna match at a rate of two to one and like why are you letting you know what is and i'm like because diversity and like inclusion actually super matters to me and it's actually important to me and like i know that you you're seeing like a smaller profit line but i'm seeing a better world so[Music] yeah it's it's very hard to find that alignment if if you're not just profit-centric you know if you if you want to go out there and do things that that have a broader impact um and look i think in fairness there are organizations that are like that some of the organizations i work with i think are very much more about the impact on the world as opposed to just the bottom line but you know at the end of the day a lot of them are still funded they're still people sitting behind this that want to see a return on their investment they're they're still gonna they've still got to pay bills as well in fairness oh yeah and i've got to pay bills too but i've just managed to get myself to the point where there's enough margin between overhead of life and income that that i can you know make the choice about what i want to focus on yeah yeah yeah that is a good place to be in life what is the thing you like the least like what's the hardest part or the part that if you could not do it it's a good question um with being able to sort of sit here in isolation now i think looking back the the the cost of travel the the emotional and the physical cost of travel so i mean 2019 was exceptionally bad but it was 243 days i traveled in 2019 and that was that was just really really hard on me as i as i disclosed um i think about the middle of last year i was going through divorces at the uh the early part of the year as well which which really didn't help things at all um so being away from the kids all that sort of stuff like the the instability of it so i i really actually i almost fear at the moment what it's going to be like when we can travel again because it's great now that i can do all of the things i want to do from here and every company i work with doesn't have a choice you got to do it from here yeah um it is weird actually the other day someone wanted me to do a talk in in canberra uh which first of all no one if you're from australia you don't want to go to canberra you only get a camera because you have to so you want me to get on an airplane and go somewhere no why on earth would i do that i'm going to stay right here so there's that i guess the other thing is um i'm just just find some of the interactions on online because look even before so much of my interactions are online but especially now it's such a predominant part of my life and holy [ __ ] some people become idiots behind the keyboard it's just and like we've always had this problem i know this but particularly twitter just seems to be so often such a a vitriolic condescending just crazy irrational cesspool of idiots let me tell you what i really think about this um and the thing that i've always lamented is that it's people behaving in a fashion that they never would face to face i've never had a negative interaction face to face at an event and it's it's like i speak to my kids about you know never behave to people like online in a way that you wouldn't behave to them face to face so this is something i teach children like that adults can't understand this um and it it so quickly descends into very very heated emotional topics completely tangential to the one that you are there to discuss and it's just gotten to the point where not only are there things that i just simply won't discuss on twitter i won't even say what they are because by saying what they were a little while back that caused a big problem[Laughter] again i'm not even going to say what that is on the camera i'll tell you offline if you like it's just gotten a little bit nuts i actually um part of the reason why we hack purple has created like their own community platform is specifically so that we can have lots of fun conversations and no one will pull a twitter i i joke with people i'm like yeah if i say on twitter i like cats someone will respond how dare you hate dogs you're a dog murderer and it's like no i didn't say i don't like dogs and they're like you don't love dogs die and so we're making like this community where it's there's rules and we have a ban hammer and we're not kidding and the idea is that you can actually have real discussions with people that are respectful i am i'm just getting to the point now and just really really proactively muting people and i've just i'm watching the twitter the youtube feed here as well i've seen david fraley's comment here about i think people are getting upset people who think they're more entitled than others to think they're completely wrong but some of the the examples that come immediately to mine let's talk about my mate scott helm um he took a photo this is like the the this is like pink twitter crazy right took a photo of his car um and this was about two years ago actually and his number plate's on there as well um and his number plate he's trying to spell out his name so in australia you can have whatever combination you want on another plate so long as no one else has got it in the uk they're quite strict about the structure of the number plate so he's trying to spell like his last name helm and he has like an h and l uh and i think he's got a three instead of an e and in the uk they also have the number of the year registration so there's like an eight on the number plate as well and multiple people are kidding i saw the messages multiple people told him it was inappropriate to have the number eight on the plate and i'm thinking but like this is a lucky number in china like what's the problem with this it turns out particularly if you have two eights the eighth letter of the alphabet is an h and it's like code for hal hitler and because of that like you're a nazi sympathy yeah right again so no one can use the number eight ever again like and the stupid thing about it is i'm like he literally has an h in the number plate for helm like why are you getting so upset about something which is which is a very sort of contrived interpretation or connotation yeah it's just uh and by the way because the car was made in 2018 and registered then it's like you have to have an eight that's just the way it works and it was just it was so peak twitter crazy but there were people that were genuinely very very passionate about this yeah people that maybe would like could have another hobby that didn't involve tons of hate like maybe they could listen to really loud music so i i used to be in punk rock bands and i played drums and guitar and i would like scream in my band and so then any like anger or stress would just come out and i feel sometimes like those people should form a band or play sports or do this other thing to get that energy out of them in a positive way instead of like a negative way i.e pointed at another human oh someone put in the chat apophenia what's apophenia so someone else was saying um you know they're they're saying nice things about me um putting a bunch of free rides for people of color to try to get because we we really need infosec to have everyone we can't do it without them um but then uh someone put oh there's just a bunch of things on the screen that aren't the things that i'm clicking to put on the screen so apophenia is the tendency to perceive meaningful connections between seemingly unrelated things okay okay well thank you nate yeah nate that sounds like it yeah seriously finding the connections between meaningless things well that's it's good that we learned that word it would be excellent if we didn't have to suffer that um and i also think that sometimes people forget that there's a human being behind the keyboard that has feelings and thoughts and people that love them and they have a day that was good or bad before they read this thing that you wrote them and if you remember a person a person's gonna read this a human um i think that maybe they would act a little differently also i feel like i feel like sometimes if i could just show that person's mom what they wrote[Laughter] that they would just know better they they would be so grounded in in many of these cases right no but i would like all the things that i put on twitter if my mom saw that so my mom does follow me on twitter and so is my grandma it was really cute one day teaching them both how to use it my mom signs her tweets still she does not understand but that's okay it's adorable and she signs them tanya's mom but but like i i don't have to hide anything because i just don't do crap i'm totally ashamed of does that make sense so like i'm cool with having my real name on things because whether i'm putting a picture of like i grew this plant or i hacked this box or i made a new lesson like i i there's nothing that i would be ashamed for someone to know that i did it and i feel like other people are like awesome social media chance to hide my identity and be shitty yeah and and this is the the age old debate about privacy and people using it to do bad things and yeah it's another rabbit hole but yeah yeah someone someone is saying apophenia is my cat's name why do you hate dogs it's good okay so we need to wrap up because i have kept you way longer than i said i would and so i have one last question and then we can sign off and that is so if people want to know more about you they should visit troyhunt.com and follow you on twitter at troy hunt but what is something that you'd like to promote so you can tell them about your book but anything else that's coming up that you might want to share i think that's about it it's like when the book comes out it's um please buy the book like that do you know where they'll be there'll be a bunch of um a bunch of really interesting stuff in there and there's a lot more happening around it's it's very different to what i've seen people do with books before and there is someone who actually knows what they're doing helping me with it as well which is which is going to be cool so yeah i'm hoping that that's uh like a six weeks from now kind of thing i'll be able to start sharing some you know some actual content but we'll see i can't wait to get one did you get my book in the mail yet i mailed it to you a while ago i must have um charlotte kindly color coded all my books i used to have everything like in logical kind of groups it's like this is all of the you know the infosec stuff and this is the this is the you know the computer hardware and she's like can i color code it so it looks like this i should be like this i don't think i do let me just go to the purple section section of books she's so organized it's great but it just i have to like reset my interpretation of what organized means as well oh someone in the chat is asking about the cheese question so i always ask people if their job pays well and not how much you make but does your job pay well for instance i felt that i'd made it when i went to the grocery store and i could[Laughter] that was in in the yellow section just down there is it the analog section oh my gosh that's hilarious but like when i went to the grocery store and i figured out like i was looking at two different types of cheese and i was like oh they both look super yummy and i was like bye i can only get one and then i thought about it i'm like i'm a programmer i make good money now i'm gonna buy both cheese and so then somehow that became like the measurement of how much cheese you feel like when you go to the grocery store do you feel you can get like as much cheese as you want without abandon if you like want to buy four types of cheese you feel you totally could so you would you would say that like being troy hunt pays pretty well like you can get is i don't know do you eat cheese jesus oh yeah yeah totally yeah okay that's that's an issue certainly um money does let you make different decisions it does and i did write something a while ago about financial tips as well i think that will go into into this book some references around that but um it it does give you choices it does definitely and i think he's trying to say you can have as much cheese as he wants because that's how we measure if things pay well so for instance like we had a journalist on and she's like i don't even get any cheese i'm like oh no and like startup founders we have to we have to raise before we can get cheese i i look i mean everyone everyone has their price points you know there's some things in life i'd like to be able to choose that but i can't yet but they're uh they're not things that are going to keep me awake yeah yeah oh and so someone else is thanking the other person for asking about the cheese because i guess it's like a silly thing that i do troy hunt thank you so much for being on the we hack purple podcast um i really appreciate you being here thanks kenny appreciate it okay until next time thank you for watching the wehack purple podcast where each week we talk to a different person from the information community information security community to learn what it's like to do their job and troy had a very and has a very very interesting career that's totally unlike any other and it was awesome how he shared so much cool stuff with us and i can't wait to get his book thank you so much to threadfix our sponsor we really appreciate your continuing support and thank you to all of you for attending and asking awesome questions about cheese i appreciate your patience when we had technical difficulties up next week we have so many guests we have barbara schnazner next week and she's going to talk about being a security architect then we're going to have davian jackson on and that's going to be awesome then jarrod overseen and then we have oshia bowens and he we haven't talked about him yet he's going to talk about what's like to be the ceo of a cyber security company so they do security analytics and dfir and then after that we are going to have a digital forensics expert on veronica schmidt thank you very much and i look forward to seeing you next week on the wehack purple podcast