OpenLampTech - Developer Interview with Stephen Rees-Carter
Discover more from OpenLampTech
OpenLampTech - Developer Interview with Stephen Rees-Carter
Security consultant and penetration tester Stephen Rees-Carter shares insights on the Securing Laravel newsletter and more.
Hi and welcome to this OpenLampTech developer interview exclusive.
I’m super excited to share this text-based interview with
.Stephen writes the fantastic
newsletter.Anyone working with web technologies (in particular PHP) is going to find value in the security practices Stephen shares in
.And now without any further adieu, on to the interview.
Q: Please introduce yourself and tell us what you currently do for a living.
Hey! My name is Stephen Rees-Carter. I am a Security Consultant and Penetration Tester, although I usually go by the title “Friendly Hacker” - which is much easier to say and explain! I spend my time doing Security Audits and Penetration Tests for PHP and Laravel applications, while writing my Securing Laravel newsletter, and building my Practical Laravel Security course.
Q: What PHP framework(s) and/or CMS(s) are you interested in the most or currently using and why?
As you can probably guess already, Laravel is my framework of choice. I focus all of my security work around it specifically, although a lot of what I do is applicable to PHP generally, and even development generally. But when building new projects, Laravel is what I reach for every time.
That said, I did a stint in the WordPress community for 3 years (working for Wordfence), which really boosted my security career, so WP has a special place in my heart and I’ll happily defend it.
Q: You publish, Securing Laravel, a newsletter about security best practices in Laravel. What inspired you to start writing and publishing Securing Laravel?
Securing Laravel, or Laravel Security in Depth as it was called then, started when I was preparing for a Laracon Online talk back in 2021. I’d taken a break from work for a few months due to burnout, and while preparing for my talk the conference organiser asked the speakers if we had any books or courses, etc, that we’d like to promote at the conference and it got me thinking that maybe I needed something. I was unemployed at the time, so having an income stream sounded like a good idea. At the same time, I’d just learned about Substack through another newsletter that had started up. I didn’t know of anyone else in the community who was doing a paid newsletter, but I figured it was worth trying, so I set it up and launched it at Laracon Online!
The actual subject matter was trivial - I was already giving developer security talks at conferences, and I kept thinking I needed to get back to writing blog posts to share my security knowledge beyond a few conference talks every year. It’s an area I feel very passionately about that doesn’t have much attention in the community, so finding an outlet to share my security knowledge weekly was the perfect fit.
Q: Securing Laravel also publishes premium content through paid subscriptions. What bonus or additional content does a paying subscriber receive as part of the paid offering?
My original plans were for Securing Laravel to be paid-only, where paying subscribers would receive monthly In Depth articles that dive deep into specific topics, and weekly security tips each week between the monthly articles. I decided to send out one of the security tips free monthly, as a sort of teaser for the paid emails. However, when I launched it, I was astounded by the number of folks who subscribed purely for the monthly tips and didn’t upgrade to paid. I wasn’t expecting anyone who wasn’t interested in paying to subscribe!
The list of free subscribers kept growing - a lot faster than paid subscribers, and I have since opened up the weekly security tips to all subscribers, but the monthly In Depth articles are still for paying subscribers only.
The In Depth articles are quite lengthy - the last one was 3,000 words! Some of them include access to interactive hacking challenges too, where you can learn more about the specific attacks I’m teaching you in the article.
Q: What's one piece of software that you just cannot live without and why?
Ignoring the obvious stuff like Chrome, Microsoft To-Do would probably be the hardest to replace. I have a terrible memory, so I have a bunch of reminders for stuff and I really like the way To-Do works. Although Notion is a close second, I manage all of my projects and clients through it.
Q: You type all of your code in which IDE/Text Editor/Software?
PhpStorm. It gets out of my way and helps me write code, while handling a lot of the tedious stuff for me automatically.
Q: How has working as a web developer/designer/professional benefited you other than the obvious paycheck and monetary value?
My dev and now security experience has given me the opportunity to speak at conferences all over the world, which has been an incredible experience. Apart from the local Australian ones, I’ve presented talks in Wellington & Christchurch in New Zealand, Lisbon in Portugal, Oslo in Norway, and Nashville Tennessee is coming up shortly for Laracon US!
I’ve also met some incredible people across the world, all from working in tech and being able to go to these events.
Q: What hobbies or activities do you do for fun?
My very on-brand hobby is lock-picking. I used to teach lock-picking at conferences for work when I was at Wordence, and I’ve been doing it ever since. I also love reading - I’m currently re-reading The Silmarillion by J.R.R. Tolkien - and music, plus building Lego and playing with my kids. We love going out to the beach on the weekends.
Q: Where can readers go to learn more about Securing Laravel and any other projects you may have going?
You can find Securing Laravel at:
My Laravel Security course can be found at https://practicallaravelsecurity.com/, and if you’re interested in a Security Audit for your apps, head over to https://valorinsecurity.com/.
Oh and if you’re looking for me on one of the many social media sites, I’ve put together a list… https://src.id.au/links.
Q: Anything else you'd like to add or share with the OpenLampTech readers?
Yes! I am planning a series on Securing Laravel debunking the claims that “PHP is insecure”. So please let me know if you’ve come across any claims or myths about PHP being insecure, so I can debunk them in my series. Thanks!
Please take a moment and share this fantastic interview with others.
Thank you, Stephen Rees-Carter for sharing your knowledge and insights with the OpenLampTech newsletter readers!
Thank you for reading. I hope you have a great rest of your week.
Take care.
Josh Otwell
OpenLampTech is a reader-supported publication. You can support the publication with a virtual coffee for as little as $3 (USD).