• United States




Ten tweets with Dafydd Stuttard

Aug 29, 20133 mins
CareersIT LeadershipTechnology Industry

This month, CSO tweeterviews Dafydd Stuttard, also known as @PortSwigger on Twitter, about his security philosophy, his inspiration for his web app testing tool Burp Suite, and his affinity for a nice glass of port

Joan Goodchild @msjoanieg Tell us first about your background in the industry. How did you get started in security?

Dafydd Stuttard ‏@PortSwigger My first job was as an IT auditor, which was pretty dull. I got to know some much cooler people doing pen testing, who taught me.

@msjoanieg: And what first appealed to you about pen testing? As opposed to auditing, did you find it exciting?

‏@PortSwigger: I got to solve weird problems, and be devious, both of which appealed.

@msjoanieg: Fun! OK, so tell us how you came up with the @PortSwigger handle…..

@PortSwigger : It’s a pun. When I started, most tools had “port” in the name (port scanner etc.). I was quite partial to a glass of port …

@msjoanieg: Ah, a much tamer answer than I anticipated 🙂 So being in security has not lead you to be a habitual “port swigger”?

@PortSwigger: Not exactly – I pretty much only do web apps these days, and the buzzwords don’t sound as quaffable.

@msjoanieg: LOL. OK, What would you point to as one of the most major changes in security since you first started in the profession?

@Port Swigger: More attack surface, more threats, more determined attackers, more gov-sponsored attacks. Very marginally improved defenses.

@msjoanieg: What, in your opinion, could the industry do better to score higher than “marginally improved” when it comes to defenses?

@PortSwigger: Unfortunately attack/defense is too asymmetric a challenge, and defense not (currently) commercially critical – that may change.

@msjoanieg: Speaking of defenses, you’re the creator of the Burp Suite for performing security testing of web apps. What was your inspiration?

@PortSwigger: I was a lazy pen tester and wanted to automate my work. The tools at the time were primitive, so I started writing my own.

@msjoanieg: Interesting. And what about today? What’s your security philosophy? And how do you apply it to your daily work?

@PortSwigger: I can’t say I have a burning desire to secure the world. I just like writing sectools. On a personal level, I err on paranoia.

@msjoanieg: Complete this sentence: If I weren’t working in security, I would ________________

@PortSwigger: I would probably be doing something geeky, with computers, writing a lot of code, and working just as hard.

@msjoanieg: Sounds like your career is right where it should be then!  OK, time to pass the bottle of port. Who should CSO tweet with next?

@PortSwigger: @stevelord would be fun – he organizes the great #44Con. And @stevelord does look exactly like his profile pic, btw.