Johan Edholm is one of the founders of Detectify and a well-established profile in the Swedish IT security community. With his strong presence on online forums, IRC channels and conferences, he has built up a large network in the world of web security. At Detectify, Johan plays a vital role in shaping the vision and values that the product and company culture build upon. “No bullshit” and ”honesty and transparency” are the keywords that describe Johan’s view on how businesses should act internally and externally – a perspective that has permeated the entire company from the beginning. Meet Johan Edholm, Detectify’s moral compass and inspiring member of the security community.
How it started
Today, Johan is closely connected with the web security world and everyone at Detectify turns to him if they need advice about anything related to hacker culture. However, his path to where he is now was far from straight. Johan, who’s also known as “Norrland” as he was born and raised in Northern Sweden, became interested in computers when he was 11 years old. He had borrowed a friend’s computer to play games, but quickly started installing and fixing what needed to be fixed. “I tested different things to see what worked and that’s how I learnt. Trial and error, so to speak.”
Coded profiles on Lunarstorm
His interest in programming grew together with the explosion of social media networks. Lunarstorm, then Sweden’s largest social network, was Johan’s first coding platform. “I used to code different profile layouts on Lunarstorm. A friend’s brother was surprised and asked me if I knew HTML, but back then I had no idea what I was using to code.” In order to be more efficient, he created multiple accounts he could program and experiment with. “The profile I was most happy with was one I had made to look exactly like Lunarstorm’s own theme”
Discovered hacker forums
At the same time, Johan became curious about hacking and used resources like e-zines and online forums to find like-minded people. “On the forums I used back then, nobody talked about Black hats and White hats, it was all about “Hackers and Crackers”. Generally speaking, the competence level was so low in those days that you didn’t really need to take a stance on it – as long as you only wanted to learn and didn’t break the law or get in trouble with the police…”
From plumbing to IT
Despite his growing interest in web security, Johan picked plumbing training when the time came to choose a high school program. “I didn’t even think that IT could be a career path. My dad is a farmer, many of my relatives are plumbers, so becoming a craftsman felt natural.” As luck would have it, he read about the International IT College of Sweden on IRC and found the courses interesting, so he changed his mind. Even though he was a little worried that everyone else would have a higher level of technical knowledge, he applied and accepted the offer that landed in his letterbox. “My fears were unfounded, the majority didn’t have a strong passion for IT,” Johan says.
The idea of Detectify is born
Despite being eager to learn and make the most out of his education, Johan found that he could not develop as much as he wanted to during his school years. When he asked if he could read more IT courses, the answer was no. “Much of my time at school was dedicated to correcting my teachers, not because I was trying to make a point, but because I didn’t want my coursemates to learn things wrong,” he explains. However, school was not all bad. It was there Johan met the other co-founders of Detectify and the idea of making the internet a safer place could begin to grow.
Although they spent two evenings every week coding and working on their business idea, Detectify was nothing more than a hobby project back then. It took a couple of years until the founders were together again and could give Detectify a proper chance.
The role at Detectify
Johan’s role at Detectify is a mix of front end development, product development and sysadmin tasks. He’s passionate about sharing the benefits of of web security in an educational and helpful way: “Web security in itself is very complex and technical, but we try to turn it into something people can understand and create a service that can help them. It’s an amazing challenge.”
Johan also has an important task in passing on Detectify’s background in the white hat world to all his colleagues. His lecture “History of Hacking” is a mandatory (and much appreciated) step in new employees’ onboarding, allowing them to get a better idea of Detectify’s soul and history.
Johan is looking forward to continue building Detectify’s product together with the team: “In five years’ time we will have many employees and will be known for being really good at security – not bullshitting about security, but being good at real security.”
Volunteering at IT security conferences
Johan is among of the organisers of SEC-T, one of Sweden’s largest security conferences, which he works with in his free time. It has been nearly ten years since he read about the conference for the first time and went there as the youngest (by far) attendee. Since then, Johan has joined the organisers and has been especially active in inviting extremely driven people who he thinks can give back to the community. He obviously has an eye for talent – two of those he has contacted online and invited to the conference are Linus Särud and Kristian Bremberg. Both of them now work at Detectify.
While it might sound like Johan’s days are already jam-packed with Detectify and engaging with the web security world, he has plenty of other exciting projects on the go. “I’m going to hack my modem at the weekend” was a statement we heard from him recently and his “Monthly challenge” (which can involve anything from eating vegetarian food to being offline in his free time) is something everyone in the office follows with great interest!
Q&A with Johan Edholm
iPhone or Android? One is an operating system, the other one is a phone, so it really depends a lot on which Android.
Mac or PC? PC (Thinkpad x201 is my favourite computer at the moment)
Favourite security resource? Apart from internal discussions at Detectify, it’s IRC.
#1 security advice? Don’t use the same password in more than one place because if you do that, you’re fucked. 2FA is also good but it all depends on the threat picture. If you, for example, think that who you date is a sensitive topic, you probably shouldn’t do online dating.
Want to find out more about Johan and his work? Follow him on Twitter.