Programming has been Christoffer Fjellström’s hobby since he was a child, but it wasn’t always his dream career. As a Maths undergraduate, he considered doing a PhD and staying in academia, but eventually (and luckily for us at Detectify) decided that systems development offered him more room for creativity. At the Detectify office, Christoffer is known for his infectious laughter that brightens up everyone’s day, but his story also involves riding Icelandic horses, modding MMORPGs and working as a travelling boar kebab salesman. Read this article to find out more about Christoffer and his work as a Detectify backend developer and team lead.
Grew up in the country
Originally from Stockholm, Christoffer spent his childhood on a farm in Småland where his parents bred Icelandic horses: “We also had sheep that were adorable and super annoying. They had learned that electricity would not harm them, so they just went and scratched themselves on the electric fence. They would come out and eat all the flowers in the garden, so eventually we just gave up and let them roam freely.” It was back in those days that Christoffer wrote his first lines of code and he says he still remembers one of his very first projects that was used by other people, a mod for a popular MMORPG (massively multiplayer online role-playing game).
In between his childhood in Småland and starting his career as a developer, Christoffer worked a bunch of unusual odd jobs. “I’ve had some very strange jobs. The strangest one has to be, we went around from festival to festival selling boar kebabs. It was a lot of fun but also insanely stressful!” After taking Maths courses at Lund University, Christoffer went on to study Systems Development and worked on a number of development projects before joining Detectify.
From intern to team lead
In March 2016, Christoffer joined the Detectify team as a backend development intern. “I had a light interest in security, but I didn’t really know much. It seemed like a good fit, I tried it out and stuck around,” he smiles. Now, he is working full-time with various Detectify services and domain monitoring, and has recently become team lead of the backend team, adding sprint planning to the list of his everyday tasks.
Christoffer says that the best thing about his job is thinking up creative solutions to problems: “I get to create things and solve problems. At Detectify, a lot of what we do is new, we do new research and implement it and that is very interesting!”
Passionate about maths
Although he decided against building a career in academia, Christoffer is still passionate about maths. At the Detectify office, he shares his knowledge by holding short talks about encryption, one of the many maths-related topics he’s interested in. “It’s the problem-solving and the beauty of proofs,” he explains, adding that what he finds most interesting about maths is simplifying and codifying things: “Contrary to what people think, maths is all about making things simpler. All the answers are already there, but they can always be written down in a more understandable way.” This is something that maths and programming have in common and Christoffer says that the algorithmic way of thinking about problems is very helpful in his work as a developer.
Building big projects and “random rogue things”
The scope of the backend team is extremely broad, but Christoffer has two clear favourites when it comes to projects he has worked on. The domain monitoring system started out as a fun project the backend team worked on in their free time, but ended up becoming a fully-fledged service that helps customers discover subdomain takeovers. “Working with domain monitoring has been amazing, I have learnt so much about DNS and subdomain takeovers and getting to implement all the research that Fredrik (Nordberg Almroth) and Frans (Rosén) did was awesome,” he explains.
However, it is not all just about big projects. Christoffer says he is proud of what he calls a “random rogue thing”, a solution that worked so well it ended up saving the backend team plenty of time by helping them solve issues in the scanner. He points out that trying out new ways to solve problems is one of his favourite things about his job: “The best thing about working here is always getting to tackle new challenges and learning all the time.”
Learning about security
Despite having been interested in security before he started working at Detectify, Christoffer says he has learned a lot since then: “During one of my first weeks here, I found an XSS. I didn’t even know it was called an XSS, I just figured that what was happening was odd, but I didn’t have any formal knowledge. I think I’ve come a long way!”
Working alongside some of the world’s top ethical hackers has definitely rubbed off on Christoffer, who says he doesn’t do bug bounty hunting on a regular basis, but still reports vulnerabilities that he stumbles across. He explains that the challenge of discovering vulnerabilities is a lot of fun: “I find things every now and then that look interesting and then I poke them and see if they break. They usually do …”
Q&A with Christoffer
Mac or PC?
PC, because I like my freedom!
Android or iOS?
Same thing, Android, I do like my freedom.
Your #1 security advice?
Never make assumptions about user input. Everyone does this because it’s not always obvious. A lot of assumptions are assumptions of omission, you assume that this thing is here and you don’t have to be specific about it. There is a lot of hidden assumptions in code and getting rid of those will help you get rid of many risks.
Any tips for aspiring developers?
Code a lot! Work on your own projects, don’t be afraid to show your work, put stuff up on Github, my Github is full of old stuff I did when I just started programming and it’s awful, but I still let it be there.
Favourite programming language?
I’m pretty agnostic about it. I’d say my favourite is pretty much whatever I’m working with. My current favourite is Go, Golang, but that changes all the time. I see languages more like tools.
What’s the best thing about Go?
It’s very clear what you’re writing, it doesn’t do too much magic. A lot of new languages do a lot of magic things and golang tries to avoid that, but it’s still pretty modern. It has garbage handlers, for example, so it does some magic in the background, but it doesn’t bother you.