Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Q&A: Troy Hunt, haveibeenpwned.com

Troy Hunt is always busy. He writes blogs, he talks to the press, he runs Haveibeenpwned.com, he teaches developers how to break into their own systems before helping to secure them, and he still gets a kick out of the unpredictability of the industry and how “cool” it is to get to talk about it on the TV. Then, at the end of the day, he gets into a bath with a good book or car magazine, a cold beer and definitely not his phone...

What was your route into the industry?

Security wasn’t a career choice, it happened organically. I moved to Singapore as a kid and had a lot of exposure to tech, so I studied computer science at university. I didn’t graduate as I got bored, and had I stuck with the degree I’d have learnt less about the stuff that is really relevant and really useful. I’ve never been at a disadvantage for not graduating, more value is placed on practical experience.

What advice would you give to someone starting out in the industry?

Make yourself present and discoverable. You can do this for free or very little money. People should be active participants in the industry and create records of awesomeness online. Write a blog, make a presence for yourself, write code and put it online, use social media to interact with people.

What’s the worst thing about your job?

I have trouble turning off. My mind is constantly buzzing, a constant stream of information that I can’t let go of. It’s not healthy. Being away for long periods used to really stress me out too. When I first went independent, I said yes to everything because I didn’t know when the work would dry up, but things aren’t slowing down so I can start saying no.

Haveibeenpwned was an accidental success that I built on a plane in my previous corporate lifeTroy Hunt

What’s your proudest achievement?

Haveibeenpwned was an accidental success that I built on a plane in my previous corporate life. It has a life of its own and I love the engineering challenge of making it grow on a shoestring. I run it on the same amount you’d spend on two cups of coffee a day. I’ve rejected approaches from sponsors or corporate partners because I don’t want to dilute the community feel of it. The objective is simple: making people more aware of security and helping them recover from incidents.

If you could change one thing about infosec, what would it be?

There’s an undercurrent of ‘boy’s club’ although it’s not just a gender thing – though that is an issue too. There is sentiment that “this is the way we do things in security and that’s how it should be done.” I get abusive feedback from this part of the industry, nasty stuff happens when you become publically visible and some people don’t like the way I position things, or that I’m from a development background. Perhaps it’s representative of a higher level of social dysfunction in this industry! People make anonymous complaints about the talks I give and use threatening language. It’s gutless and spineless.


Quick-fire Q&A:

If you could work with any client who would it be?

  • Ferrari

Who do you admire most in the industry?

  • Mikko Hyponnen

Biggest regret?

  • There’s stuff I hated about my past roles, but it all led to where I am today so I wouldn’t change anything.  

BIO  @troyhunt

Troy Hunt is a self-employed security trainer and world-renowned internet security specialist. He is a Pluralsight author and a Microsoft regional director and ‘Most Valuable Professional’. Troy is also the creator of ‘Have I been pwned?’, the free online service for breach monitoring and notifications. Troy regularly blogs at troyhunt.com from his home in Australia.


What’s Hot on Infosecurity Magazine?