Stephen Rees-Carter



Friendly Hacker, Speaker, and PHP & Laravel Security Specialist.🕵️ I write and hack stuff on stage for fun. 😈 (he/him)

6 Answers Joined Feb 2024

/ 255

What's your take on the NSW governments "password strength checker" service?

It's a good idea, in theory. Raising awareness about rubbish passwords is always good, and their strength checks seem ok.

However... it's full of tracking scripts and other BS, which could be compromised to steal passwords, and link then with IP addresses, etc. Which is typical govt missing the point. It should be a clean page without trackers. 🤦



Please release the Dropbear toolkit🤞 I'm handling all the deployments at my small company and I'm often just scared to do something silly and get hacked😂

Working on it. 😁



Do you have any recommendations around security education or certifications that would improve our understanding of security?

A lot of security education comes from just immersing yourself in the world by looking at vulnerability write ups, listening to podcasts like Darknet Diaries, etc.

In terms of certs, there are A LOT and the best ones to do depend on the flavour of security you're interested in, but a good starting point is the CompTIA Security+ cert. I really enjoyed that one when I did it and it gives a good introduction to a lot of security concepts.



How did you got into security?

I'd been interested in it for many years, but it wasn't until I was looking for a side job and stumbled upon a job cleaning malware off infected WordPress sites at Wordfence that I really headed down this path properly.

I did that for a year, moved into their dev team to work on their internal tooling, did my security certs, and started speaking at conferences. It kinda grew from there.