Interview with Magento Security & Mountaineering Expert Talesh Seeparsan
We’re back again with an interview from another Magento expert, Talesh Seeparsan. He is a Magento expert along with a knack for mountaineering. Since 2008 he has been working with Magento along with a keen interest in web security. He’s the founder of Bit79 (one of the first Canadian Magento eCommerce consulting firms), based in Toronto, Canada Area.
In his interview with Envision Ecommerce, he talks about his career journey, experience in the Magento world, Magento security, Magento 2 security, blogging secret, personal life and mountaineering experience. Let’s find out more about Talesh Seeparsan:
Envision Ecommerce: Just to start off we would love to know about your background and career journey that brought you to your current position of Bit 79’s Founder? What challenges did you tackle during your early days?
Talesh Seeparsan: I have been working with Magento for a long time and started my company shortly after working on my first Magento project. As you can imagine my big challenge back then was just working with Magento as there was zero to no information. Back then you had to learn by experimenting and breaking things. Granted if you overcame this challenge and became comfortable with the platform itself things got much easier.
Envision Ecommerce: Being a security guy and a consultant for so many years, focusing specifically on Magento, what effective tools and techniques would you recommend to eCommerce websites and merchants to defend their Magento sites?
Talesh Seeparsan: Ironically “tools” is the last thing you need to think about when you are stepping up the security of your website. You need to focus on two much more important (and possibly more difficult) things first before you even consider what tools to use. You need to focus on equipping your people with the knowledge to defend the sites and engendering a culture of security. After that, the next logical step is putting in (documented) practices in place to ensure that security is an ongoing concern and constantly revisited. Then only after that the tools that best fit your organization will come naturally.
Envision Ecommerce: What other important security tips do you recommend?
Talesh Seeparsan: Since you asked for tools and I didn’t give any specific examples in the last question. I would suggest at least starting with Magereport.com and the Magento Malware scanner which can be found on Magesec.org. Those are great starting points, however if you don’t have the people who understand how to use them or the importance of using them and especially the diligence for keeping up to date on them, then having access to these awesome free tools doesn’t help you.
Envision Ecommerce: Talesh, as a speaker, you have attended so many Magento Meetups, conferences and events, like Meet Magento Hrvatska 2017, Developer Paradise, MM15ES, etc. Please share your experience and what benefits do you get from such events? What has been your best event memory till now?
Talesh Seeparsan: My goal really is to step up the security maturity of the Magento world. I do a lot of tweeting but only a tiny percentage of the Magento world is on twitter, so reaching out to local communities working with Magento at these events has been key. It is hard to pick a best event memory, but I think my most cherished would be the first Magento Imagine in 2011 when I met Alan Storm and Ashley Schroder, and sat till wee hours of the night talking software and ethics with those two and realizing that Magento people was my people.
Envision Ecommerce: We know about your “MageDef – Building Defensible eCommerce”. What would you love to say about it?
Talesh Seeparsan: Magedef was originally started in 2015 because I realized in the Magento world there is this flurry of events in the latter half of the year, however in the beginning of the year there are few events leading up to Magento Imagine and I wanted to get information out to people on a more regular basis. So why not do a podcast? Unfortunately running a podcast is easy when you live in one place but shortly afterwards I started travelling which made it difficult to continue. Now that I am back in Canada, maybe it’s time to start it up again to bridge the gulf between the end of the year and Magento Imagine.
Envision Ecommerce: How do you see Magento 2 in terms of security compared to Magento 1?
Talesh Seeparsan: More care has been put into some areas of Magento 2 in providing the developer with better, or easier tools for extending the platform in a secure manner. However I think the most exciting part of the Magento 2 security maturity is that with the community engineering team in place and pull requests coming in from around the world we have even more people looking at the Magento 2 codebase critically.
Envision Ecommerce: As a part of our interview process, we request you to share a picture of your workstation or the best moment that you have captured in any events. Please share.
Talesh Seeparsan: Most of my favourite event photos are of people who we’ll need to start getting permissions before posting here. So instead I’ll share a photo of my old Linux workstation I ran my business from before leaving Canada to travel the world.
Envision Ecommerce: Talesh, we know you have been blogging. So when did you start blogging? As you said, “Writing English isn’t my strong point” – in your recent blog post, so can you please share with our readers some of the secrets behind your blogging logic?
Talesh Seeparsan: My secret when it comes to blogging is to make friends with authors and ask their advice. Lately I’ve been reading a book called “Writing Tools” by Roy Peter Clark which was referred to me an author I know. It has helped a bit. Second secret is to get a keyboard you enjoy typing on. 😀
Envision Ecommerce: What would you say if you are asked to give a piece of guidance to those users who think their Magento site has been compromised?
Talesh Seeparsan: 1. Don’t panic.
2. Make non-destructive backups of everything right away.
3. Go to https://github.com/talesh/response for a response plan template to help guide you through the next steps. Ideally you would want to fill out the incident response plan for your own organization before getting compromised and then practicing it with your team (and modifying it accordingly) before you even get compromised. But that document provides some insight on next steps.
Envision Ecommerce: Could you please share your most memorable moments in your professional life till date?
Talesh Seeparsan: In my professional life I work as a consulting architect for companies that have big complex projects and need to get a handle on it and determine how Magento can be best modified to fit their needs. In that role I also end up training developers who have this thing called Magento shoved upon them, and always my most memorable moments are 3-4 months into a project when I need to tell developers who used to hate Magento that I trust their judgement now, there is no need to run their proposed solution by me. In short order they’re coming up with solutions that are even better than mine and it’s time for me to start looking for a new job because my work there is done.
Envision Ecommerce: As we all have some inspiring people in our lives, so who are the five most important individuals inspired you all through your career journey?
Talesh Seeparsan: I’ll choose from the Magento world so others can relate:
1. Vinai Kopp is simply one of the smartest, kindest and most helpful people I have ever met in my life. The vastness of complex information I have learned from him over the years is humbling.
2. Alan Storm is a sheer force of nature. There isn’t much else I can say.
3. I personally am awed by the critical deep thought Kristof Ringleff brings to any topic. I find myself noting down things in my phone after listening to him speak. His train of thought is sometimes more important than the actual content.
4. Andra Lungu really shows that you can be a kickass developer and still be an incredibly empathic person which I think is incredibly important that our community has grown so big. I’m really good at being a developer thing, but easily go into a caveman developer mode sometimes.
5. Interestingly the last person is Andra’s boss: Alessandro Ronchi. Again a very deep thinker and I am inspired every single time I have a conversation with him. You can tell he has looked at many ideas and concepts of running a business and without judgement or favouritism, distilled the best ones down into a science.
Envision Ecommerce: Besides your passion for raising the bar on security in the Magento community, how you spend your time besides work? Are you a family guy? 🙂
Talesh Seeparsan: There is a smiley face on this question because you know the answer to this one. 🙂 I fill my non-Magento, non-security time with hiking nature, photographing landscapes, climbing mountains and doing all sorts of crazy adventure things. So I’m not raising a family right now…. although if I were, I’d probably take them on crazy adventures anyway.
Envision Ecommerce: We know about your love for the Mountains. Please share your best mountaineering experience till date?
Talesh Seeparsan: There is this challenge in this little Canadian town of Canmore called the Canmore Triple Crown. Simply: you have to climb three mountains during the summer and you’ve achieved the Canmore Triple Crown. Last summer, I met a bunch of friends and we decided to climb all three in one day—and we did it. We even stopped in town for a lavish sit down breakfast in the middle yet still had enough time to make it to the final peak right at sunset. Getting to that summit is a memory I will never forget, however the suffering it took to achieve it, I’ve already forgotten.