About Me


I’m Stephen Rees-Carter, a Security Consultant, Ethical Hacker, and International Speaker from Brisbane, Australia. I’m a Laravel and PHP security specialist, and I help Laravel developers write secure code and keep their apps secure.

I’ve been a PHP developer since 2003, focusing on Laravel development since 2013, since I love it’s simplicity and elegance. I used to be a Ubuntu desktop user, but moved to Windows 10 11, with Windows Subsystem for Linux 2 to meet my local development and command line needs. (Seriously, WSL2 is awesome, you should try it!)

The security industry pulled me in when I joined Intersect Alliance, and I’ve enjoyed the challenge ever since. I recently spent a year cleaning infected websites, which was a great way to be exposed to the realities of WordPress security and malware, and worked for a few years with the team at Wordfence, who make awesome security tools for WordPress. One of the reasons for switching my blog over to WordPress (apart from testing) is to try and set up a successful Content Security Policy for WordPress, which sounds like a fun, if a bit crazy, challenge!

CompTIA Security+ Certification
EC-Council Certified Ethical Hacker Certification

In May 2019 I successfully passed the CompTIA Security+ Certification exam, which covers a broad range of cybersecurity topics. I followed it up with the Certified Ethical Hacker certification in July 2020, which covers ethical hacking, penetration testing, and a deeper understanding of cybersecurity.

The first conference I presented at was the New Zealand PHP conference in 2015, but it wasn’t until 2018 at WordCamp Brisbane that I started presenting regularly. Since then I’ve spoken at linux.conf.au, multiple NDCs, Laracons, WordCamps, and the International PHP Conference!

Contact me

The most direct way to contact me is via email:  [email protected]

You can usually find me as valorin online, in such places as Twitter, Mastodon, and GitHub. I’m also on Keybase, if you want my public key or wish to contact me securely.

My Journey

I started by studying a Bachelor of Engineering in Software Engineering at the University of Canberra. Following on from that, I worked at UberGlobal (a Canberra-based shared hosting provider that no longer exists) as a developer, primarily working on their domain name management system.

In the middle of 2012 I was recruited into… Intersect Alliance, working as a Senior Analyst and Product Manager for the Snare SIEM (Security Information and Event Management) system. This saw me thrown into the deepend and started my interest in security. I helped build and direct the Snare product suite and gained an insight into corporate security and monitoring.

However, in 2015 it was time to move on… so I joined Award Force as a senior developer (and later, Tech & Security Lead), helping to build an awards management platform. I carved out a place for myself as the “security guy”, monitoring the application security, and mentoring the other developers in secure coding practices. We implemented PCI-DSS, GDPR, and were working on ISO27001 when I left in 2018. Also, during 2015, I spoke at the New Zealand PHP Conference.

In 2017… I began working part time at Wordfence, cleaning infected WordPress websites, while still at Award Force full time. This was a great peek into the world of malware and the other side of security – rather than just protecting a single application. This lead to my WordCamp Brisbane talk in 2018 on my year spent site cleaning.

In 2018… I was given the opportunity to go full time at Wordfence (leaving Award Force), and move into role of senior developer. I’ve spent a lot of time getting to know WordPress development, and we built and launched Wordfence Central, a central tool for managing your Wordfence installations. I also had the opportunity to present at WordCamp Brisbane.

In 2019… I started the year speaking at linux.conf.au, which was a fantastic experience. It was followed in May with the completion of my CompTIA Security+ certification. In the latter half of 2019, I spoke at WordCamps in Brisbane and Port Macquarie.

In 2020… I was scheduled to speak at WordCamp Asia in February, however that event was cancelled due to COVID-19. In place of WordCamp Asia, I was given the opportunity to present as part of WordSesh APAC 2020, an online conference. A few months later and I presented at Laracon EU Online, followed by LaravelConf Taiwan. In the middle of all this, I achieved my Certified Ethical Hacker Certification. It’s been a busy year and that’s only July! To finish out the year, I presented at NDC Sydney, which was an awesome experience, and a local Laravel meetup. 2020 was a big one.

In 2021… January saw Laracon EU reach out suddenly to invite me to present later that month, saw a lot of engagement from the virtual audience. (My fingers couldn’t keep up with all the questions!) Following on from that was a talk at the International PHP Conference in June, and Laracon Online in September. I quit my job at Wordfence in July to focus on mental health and I’m transitioning to more speaking and training opportunities, while building up WithExtraVeg with my wife.

In 2022… I started the year speaking at Laracon Online Winter Edition, and transitioned from developer to security consultant. I presented at NDC Melbourne and Sydney, started my own company Valorin Security Pty Ltd, and finished out the year with Laracon Online Summer, and releasing my Practical Laravel Security course.

In 2023… The year started out with a bang speaking at NDC Security in Oslo and Laracon EU in Lisbon, Portugal.

Where did “Valorin” come from?

I originally started using Olórin, which was Gandalf’s original name before he was sent to Middle-Earth. However other people kept using it too, so I decided to pick something different. I liked the name Valinor, and figured I could make up my own name by combining them both into Valorin. It was only after then that I discovered the very similarly named drug… ¯\_(ツ)_/¯