Hello, I’m Stephen Rees-Carter, a Senior Developer, Ethical Hacker, and International Speaker from Brisbane, Australia. I’m the Technical Manager at WithExtraVeg, where I spend my time working on whatever technical tasks need to be done. Security education is my focus outside of work, where I speak at events, write blog posts, and other content.
I’ve been a PHP developer since high school, mainly focusing on Laravel development in the last few years. I love the simplicity and elegance of Laravel, and that flows into my choices of front-end frames too – I’m currently using Vue and Stimulus, depending on the use case. I used to be a Ubuntu desktop user, but have since moved to Windows 10, with Windows Subsystem for Linux 2 to meet my local development and command line needs. (Seriously, WSL2 is awesome, you should try it!)
The security industry pulled me in when I joined Intersect Alliance, and I’ve enjoyed the challenge ever since. I recently spent a year cleaning infected websites, which was a great way to be exposed to the realities of WordPress security and malware, and worked for a few years with the teach at Wordfence, who make awesome security tools for WordPress. One of the reasons for switching my blog over to WordPress (apart from testing) is to try and set up a successful Content Security Policy for WordPress, which sounds like a fun, if a bit crazy, challenge!
In May 2019 I successfully passed the CompTIA Security+ Certification exam, which covers a broad range of cybersecurity topics. I followed it up with the Certified Ethical Hacker certification in July 2020, which covers ethical hacking, penetration testing, and a deeper understanding of cybersecurity.
The first conference I presented at was the New Zealand PHP conference in 2015, but it wasn’t until 2018 at WordCamp Brisbane that I started presenting regularly. Since then I’ve spoken at linux.conf.au, multiple WordCamps (plus a WordSesh!), Laracon multiple times, LaravelConf Taiwan, NDC Sydney, and the International PHP Conference!
The most direct way to contact me is via email: [email protected]
You can usually find me as valorin online, in such places as Twitter and GitHub. Plus a few Slack communities (WPAustralia, Brisbane & PHP Australia). I’m also on Keybase, if you want my public key or wish to contact me securely.
I started by studying a Bachelor of Engineering in Software Engineering at the University of Canberra. Following on from that, I worked at UberGlobal (a Canberra-based shared hosting provider that no longer exists) as a developer, primarily working on their domain name management system.
In the middle of 2012 I was recruited into… Intersect Alliance, working as a Senior Analyst and Product Manager for the Snare SIEM (Security Information and Event Management) system. This saw me thrown into the deepend and started my interest in security. I helped build and direct the Snare product suite and gained an insight into corporate security and monitoring.
However, in 2015 it was time to move on… so I joined Award Force as a senior developer (and later, Tech & Security Lead), helping to build an awards management platform. I carved out a place for myself as the “security guy”, monitoring the application security, and mentoring the other developers in secure coding practices. We implemented PCI-DSS, GDPR, and were working on ISO27001 when I left in 2018. Also, during 2015, I spoke at the New Zealand PHP Conference.
In 2017… I began working part time at Wordfence, cleaning infected WordPress websites, while still at Award Force full time. This was a great peek into the world of malware and the other side of security – rather than just protecting a single application. This lead to my WordCamp Brisbane talk in 2018 on my year spent site cleaning.
In 2018… I was given the opportunity to go full time at Wordfence (leaving Award Force), and move into role of senior developer. I’ve spent a lot of time getting to know WordPress development, and we built and launched Wordfence Central, a central tool for managing your Wordfence installations. I also had the opportunity to present at WordCamp Brisbane.
In 2019… I started the year speaking at linux.conf.au, which was a fantastic experience. It was followed in May with the completion of my CompTIA Security+ certification. In the latter half of 2019, I spoke at WordCamps in Brisbane and Port Macquarie.
In 2020… I was scheduled to speak at WordCamp Asia in February, however that event was cancelled due to COVID-19. In place of WordCamp Asia, I was given the opportunity to present as part of WordSesh APAC 2020, an online conference. A few months later and I presented at Laracon EU Online, followed by LaravelConf Taiwan. In the middle of all this, I achieved my Certified Ethical Hacker Certification. It’s been a busy year and that’s only July! To finish out the year, I presented at NDC Sydney, which was an awesome experience, and a local Laravel meetup. 2020 was a big one.
In 2021… January saw Laracon EU reach out suddenly to invite me to present later that month, saw a lot of engagement from the virtual audience. (My fingers couldn’t keep up with all the questions!) Following on from that was a talk at the International PHP Conference in June, and Laracon Online in September. I quit my job at Wordfence in July to focus on mental health and I’m transitioning to more speaking and training opportunities, while building up WithExtraVeg with my wife.
Where did “Valorin” come from?
I originally started using Olórin, which was Gandalf’s original name before he was sent to Middle-Earth. However other people kept using it too, so I decided to pick something different. I liked the name Valinor, and figured I could make up my own name by combining them both into Valorin. It was only after then that I discovered the very similarly named drug… ¯\_(ツ)_/¯