Hello, I’m Stephen Rees-Carter, a senior developer, security analyst, and speaker from Brisbane, Australia. I spend most of my time working at Defiant (we make Wordfence), and the rest of it either on WithExtraVeg with my wife Gen, or some other small projects.
I’ve been a PHP developer since high school, mainly focusing on Laravel development in the last few years. I love the simplicity and elegance of Laravel, and that flows into my choices of front-end frames too – I’m currently using Vue and Stimulus, depending on the use case. I used to be a Ubuntu desktop user, but have since moved to Windows 10, with Windows Subsystem for Linux to meet my local development and command line needs. (Seriously, WSL is awesome, try it!)
The security industry pulled me in when I joined Intersect Alliance, and I’ve enjoyed the challenge ever since. I recently spent a year cleaning infected websites, which was a great way to be exposed to the realities of WordPress security and malware, and am now working on Wordfence and other awesome security tools for WordPress. One of the reasons for switching my blog over to WordPress (apart from testing) is to try and set up a successful Content Security Policy for WordPress, which sounds like a fun, if a bit crazy, challenge!
The most direct way to contact me is via email: [email protected]
You can usually find me as valorin online, in such places as Twitter and GitHub. Plus a few Slack communities (WPAustralia, Brisbane & PHP Australia). I’m also on Keybase, if you want my public key or wish to contact me securely.
I started by studying a Bachelor of Engineering in Software Engineering at the University of Canberra. Following on from that, I worked at UberGlobal (a Canberra-based shared hosting provider that no longer exists) as a developer, primarily working on their domain name management system.
In the middle of 2012 I was recruited into… Intersect Alliance, working as a Senior Analyst and Product Manager for the Snare SIEM (Security Information and Event Management) system. This saw me thrown into the deepend and started my interest in security. I helped build and direct the Snare product suite and gained an insight into corporate security and monitoring.
However, in 2015 it was time to move on… so I joined Award Force as a senior developer (and later, Tech & Security Lead), helping to build an awards management platform. I carved out a place for myself as the “security guy”, monitoring the application security, and mentoring the other developers in secure coding practices. We implemented PCI-DSS, GDPR, and were working on ISO27001 when I left.
In 2017… I began working part time at Wordfence, cleaning infected WordPress websites, while still at Award Force full time. This was a great peek into the world of malware and the other side of security – rather than just protecting a single application. This lead to my WordCamp Brisbane talk in 2018 on my year spent site cleaning.
In 2018… I was given the opportunity to go full time at Wordfence (leaving Award Force), and move into role of senior developer. I’ve spent a lot of time getting to know WordPress development, and we built and launched Wordfence Central, a central tool for managing your Wordfence installations.
Now, in 2019… I started the year speaking at linux.conf.au, which was a fantastic experience. It was followed in May with the completion of my CompTIA Security+ certification. Up next is my Certified Ethical Hacker certification…
Where did “Valorin” come from?
I originally started using Olórin, which was Gandalf’s original name before he was sent to Middle-Earth. However other people kept using it too, so I decided to pick something different. I liked the name Valinor, and figured I could make up my own name by combining them both into Valorin. It was only after then that I discovered the very similarly named drug… ¯\_(ツ)_/¯