Troy Hunt

Troy Hunt

Security / Cloud



I'm Troy Hunt, an Australian Microsoft Regional Director and [Most Valuable Professional]( us/overview.aspx). I'm also the creator of the Have I Been Pwned? (HIBP) data breach notification service and I've peviously testified in front of US Congress on the impact of data breaches.

I don't work for Microsoft, but they're kind enough to recognise my community contributions by way of their award programs which I've been an awardee of since 2011. I get to interact with some fantastic people building their best products and then share what I know about creating secure applications for the web with the broader community.

I'm a Pluralsight author of many top-rating courses on web security and other technologies. There's no better way to get up to speed on a topic quickly than through professional training that you can take at your own pace. As both an author and a student, I have nothing but positive things to say about the breadth and quality of Pluralsight courses.

For fourteen years prior to going fully independent, I worked at Pfizer with the last seven years being responsible for application architecture in the Asia Pacific region. Time spent in a large corporate environment gave me huge exposure to all aspects of technology as well as the diverse cultures my role spanned. Many of the things I teach in post-corporate life are based on these experiences, particularly as a result of working with a large number of outsourcing vendors across the globe. For more corporatey background, there's always my LinkedIn profile.

One of the key projects I'm involved in today is HIBP, a free service that aggregates data breaches and helps people establish if they've been impacted by malicious activity on the web. As well as being a useful service for the community, HIBP has given me an avenue to ship code that runs at scale on Microsoft's Azure cloud platform, one of the best ways we have of standing up services on the web today.

Talk to me about: Cloud Computing, Security


A few years ago, I analysed data breaches and saw some alarming trends. Most notably was the prevalence with which the same people appeared in multiple incidents, usually unbeknownst to them. I decided to create a solution to help people monitor their exposure in data breaches called “Have I been pwned” (HIBP). HIBP served the community by informing those impacted by these incidents, but also enabled me to showcase how modern apps can be built on Azure using cutting edge cloud paradigms. Fast forward to present day and the service now holds billions of records from hundreds of serious security incidents worldwide.

I wanted to demonstrate how much can be done with how little; in fact, the goal has always been to run it at a cost comparable to my daily cappuccinos. HIBP has enabled me to demonstrate how to apply features such as autoscale on Azure App Service and highlight the value proposition of non-traditional services, namely the rapid development, elasticity and commoditised pricing of Azure. Through my work I’ve built a deep knowledge of Azure which has since translated to numerous articles, conference talks and training courses.

HIBP receives millions of requests an hour and continues to be run on the aforementioned “coffee budget”. It’s been highlighted by the world’s largest media outlets, reaching hundreds of millions of people, whilst regularly being showcased as a “how to” of modern cloud architecture.