My employment history is listed below, but you can also find it over on LinkedIn, and for my open source work, please check out my GitHub profile. Also, you can email me at [email protected] if you would like a more formal resume.

Stephen Rees-Carter

Stephen is a security consultant and crusted-on PHP developer who spends his days doing Laravel Security Audits and Penetration Tests. When he’s not trying to hack his client’s websites, he teaches Laravel developers about security concepts through his Laravel Security in Depth mailing list and Practical Laravel Security course, where he teaches Laravel developers about security concepts and how to think like a hacker. His conference talks have been described as “terrifying magic tricks“, that show just how easy it is to hack into a vulnerable site and cause mayhem.

Currently Working

Laravel Security Audits and Penetration Testing
Since January 2022, I’ve been doing contact security audits and penetration tests for PHP and Laravel apps. It involves reviewing my client’s code, finding weak and vulnerable code, demonstrating exploits on staging environments, and reporting all findings plus recommendations.

Practical Laravel Security
Launched in November 2022, Practical Laravel Security is hands-on course that uses interactive hacking exercises to teach you how to keep your Laravel applications secure. I am building the full course, writing all the materials, and setting up the interactive challenges.

Laravel Security in Depth
Since September 2021, I’ve been writing weekly emails about Laravel and PHP security for developers. The posts cover a wide range of security topic and involve research, example code, and even some interactive examples. The longer In Depth posts are paywalled, but I can provide preview links if you would like to review my writing.

Open Source Contributions
My GitHub contains my open source work, and I’ve recently submitted a couple of Pull Requests to Laravel with a security focus.

Talks & Presentations


New Zealand PHP Conference

Certified Ethical Hacker
CompTIA Security+ Certified logo

Qualifications & Certifications

EC-Council Certified Ethical Hacker (v10, 2020)

CompTIA Security+ Certified (SY0-501, 2019)

Bachelor of Engineering in Software Engineering (University of Canberra, 2007)
Winner of the Engineers Australia ITEE Student Presentation Awards Night 2007


Valorin Security

Friendly Hacker / Director
January 2022 → Present

(Company founded July 2022)


Technical Manager
March 2018 → January 2022


Defiant / Wordfence

Senior Developer
July 2018 → July 2021

Security Analyst
Jan 2017 → Jul 2018 (casual)

Award Force logo

Award Force

Technical Lead & Lead Security Analyst
August 2016 → July 2018

Senior Engineer
March 2015 → August 2016

Verve Ed — Casual Developer
February 2016 → May 2017

KiezelPay — Casual Developer
December 2015 → December 2016

InterSect Alliance International

Product Manager
June 2013 → February 2015

Software Engineer / Security Analyst
June 2012 → June 2013

Intersect Alliance

Uber Global / AussieHQ

Platform Engineer / Systems Developer
June 2008 → May 2012