Oh wow. That was another fantastic presentation from Alex, Chris. What did you think about that?
Well, I didn't think I could be more impressed or overwhelmed than Paula. But I-- Alex blew my mind equally as much. I really like this idea of the M&M security. I never even thought about that.
But the crunchy exterior and soft interior like that makes sense, kind of a little bit more outside but watching inside. Did you have anything that particularly jumped out at you? There was a lot in his talk.
Yeah. He mentioned on Premises is where we're being attacked. We're moving to the cloud, a majority of our systems and infrastructure is in the cloud. But it's still on Premises is where we're being attacked. And I remember during Tech Atlanta, someone had tweeted out a screenshot and quoted him. And then he-- they said, "I need my management to hear this."
That really struck out at me because that is huge. That's part of what Paula was talking about watching the privileged users. A lot of what we-- he talked about today is that on Premise area is still definitely a big part of the infrastructure that we have to make sure that we're secure. And we can't just forget about it even though we're in the new wonderful place up in the cloud. That was fascinating.
Also the fact that-- I'll be honest with you. I try to use all the good security principles. But I'll be honest, over the past four or five years, I've become a lot more sensitive. I think part of it was during the pandemic, I had time to actually to start to really think about all of my different secured systems.
But just I think as one that was in 2018, only less than 2% of the people were using MFA. Whereas now in 20-- I think it was in 2022 is almost 27%. So that's a big jump in people.
Huge jump. Yeah, I--
Still not high enough.
Well, no-- I mean, one, it's an amazing job but still just over a quarter of folks have accounts. But what fascinated me, was everything else is going up too. The breach we play, password spraying-- phishing I mean, passwords by itself went up. Almost more than five times up from like 350,000 accounts compromised to password spraying of 5 million.
I mean, just the volume and the velocity that hackers are taking. We might be securing ourselves more. But they're still coming at us very ferocious.
Well, as we learn from Paula, they're being paid well to do so.
Yeah. Wrong industry.
Wrong industry. And the last thing I really took away from here is that was really interesting was the social aspect of all the security. He had this interesting stat like if you don't make people type in a number to say yes, that's OK, they would just say yes automatically.
And I just thought to myself people are so used to hitting that yes button. But unless you make them stop and type in the number, like please put in the four digit code, they'll just approve just about anything. And I thought to myself, that's so true. Because whenever I'm forced to put in those four digit codes I get texted, I slow down for a minute. It certainly makes me clench up a little bit when I get one of those codes on I didn't ask for it.
Yes, definitely slowing down. I can't tell you how many times I've sort of hit something on my phone, just I'm like-- I've got-- I'm focused. I want to do something. And the screen pops up. And I just hit OK or cancel and keep moving forward. I can see why they want to make us slow down, for sure. Well, I know that you have some thoughts-- additional thoughts on this bringing this home personally but what he talked about. I'd love to hear more of what you have to say, Chris.
Thank you. I do have a little bit more to share. And hopefully, you guys will come along on my wacky little adventure one more time. I have this idea I'd like to introduce to you guys of Security After Dark.
Now, a lot like Paula's talk where I mentioned that we were raising hackers with Security After Dark. I want to actually start to address with all these statistics and all these things we're doing at the Office, what are we doing at home and our personal lives? We might be raising hackers, but are we actually raising a secure family? So let's talk about Security After Dark.
Just like I shared before about my evolution growing up, my evolution for security has changed a little bit too. Because of where I am in my career, I grew up in this age of what I would call file permissions. All my security for most of my early career, I'll be honest with you, I was just securing directories and file shares. It was like all I had to worry about.
I'm telling you I must have typed "change mod" about 100 times. I lived in the terminal. I think last year at TEC, we had the creator of PowerShell. But that's neither here nor there. We're in this year's TEC.
And then as that age permissions change the age of file questions, slowly but surely, files themselves have vanished over the last 20 years. When you think about the applications and services and companies that we've all started to use, so much of that content and so much of those permissions and things slowly evaporate. Just try to find an old photo in your phone.
Then got me thinking. OK, this really was never about files or solely about the device permissions. And I started thinking about how all the different devices I've had to secure over the last, for me, 15 years but more than that, 22, during my whole career.
But then I got realizing, actually, so many of my devices are disappearing too. I'm going from all these hundreds and hundreds of devices I'm kind of famous for to just a few devices. Heck, just today, one watch does what 15 sensors used to do five years ago. That's an amazing statistic.
Then I thought, well, of course, it's-- everything's in the cloud. So it's really about the age of the interface. We've got mobile interfaces. But then something started happening. The interface started dissolving around me.
It wasn't just my phone or what was on my body. It was what-- it was all over my home and all over my family's bodies. And then what are we heading to? Where is all this data going to be in 10, 20, 30 years when some of us aren't here?
Which got me thinking. Are the interfaces that we're so used to securing and changing just over the last 50 years-- if I go back to when I was in high school and used punch cards to do my program and computing all the way through to the '90s when I got my first job in tech. And I was using a mouse and an ergonomic keyboard. Remember the one that makes you look like you were a claw and you'd had to claw people.
All the way into the 2010s where everybody had a mobile device but not at work, but then at work. And then we had two phones, then we had three phones that work. All the way to now, people have fitness trackers on them all the time. They're wearing technology in them.
Heck, I even had a jacket on at TEC that was full of technology. So the interface is advancing. Which got me thinking, one of my points I'd like to bring up to you guys. We cannot secure what we do not understand. And so much of what we understand at work and is changing at work is being mirrored by what we just don't understand about our homes and our lives.
And my security, and even modern day stuff. Yeah, I do all the regular stuff to secure my life like most of you, I hope, MFA. I work to make sure my devices have firewalls. And they're patched.
I make sure I've got antivirus and I'm backed up. I'd love to back up by the way. Backups just make-- they're like a journal for your soul. But I won't get into the mentality of how much I love backups.
My connections. I make sure my Wi-Fi secure. I've got a VPN. That's always good to see TV shows you're not allowed to see.
I've got redundant networks. I literally have a satellite and a home internet both just so I don't go down. Multiple phone numbers, MFA, my new phone allows me to have 2 eSIMS, even down to behaviors. I make sure my entire family knows about strong passwords and phrases. We have devices that we can lock with other devices, biometrics, MFA, we're doing all of that stuff. But then there's still the stuff that I couldn't see.
And this is what I like to talk about the security after dark about mapping your legacy. Because there's so much of our life that we can't secure because it's beyond the stuff we immediately understand. So when I got to that point in my life or my story ended recently, where I got married just in 2018, I had to relook at my life.
And I had to look at the way my life interacted with all the points that I knew about but now, with my new spouse and my family. And mapping those dependencies meant I had to really start to understand not just my connections but my spouse's connections. And not only my spouse's connections, our family, my sister-in-law, our pets, my business, my home. How were all of those things coming together?
How many of you have actually taken time to write down or try to secure or even understand how your family is connected? Because something coming through your children or coming through your spouse or coming through a home account can easily get to you. And it's only a few steps between those connections and some of your most secure and important data if you want to actually lock down.
Which got me thinking about the big issues. Back in 2017, right before I got married, we bought our first home in Texas. We were left in Nashville. But that home wasn't the safest. It was actually on an active floodplain.
We thought we were safe. We got flood insurance. But sure enough, within a year, that house flooded. Which got us thinking about well, not only do we have all these soft connections We need to map for security. We need to think about all the hard connections.
So when we bought that house, we bought it knowing that even if it flooded, we had certain infrastructure directly around us. Now, you probably don't go to Zillow and say how close is the local water-- clean water source? Or how close is it the local animals are hunting? But that was something we actually did.
We even made sure there was a church. Because churches are usually the first places that will get food in disasters. And we even made sure we were close to a police station. Not because we would need the police. Because power grids, if they need to cut them off, or power outages are usually kept on or around police stations.
So it's about understanding that security. This was truly the after dark security. Our home, I even made sure that I understood the fuel routes and what would get refueled if there was a hack. And sure enough, within six months, the Colonial Pipeline hack happened after that. And when our flooding happened, we were safe because we made [? sure replace. ?]
We even had temporary bags to help keep the water out of our house. Air pollution was something we had to face down in Texas. Electricity-- we had a big freeze, so I made sure we were redundant, because we were on that power grid that didn't catch the time when everyone else did. And even for water outages that we would experience, we have backup water supplies.
So it's really about understanding all the ways our home could be secure. But then we went further. We talked about those privileged accounts. Our privileged accounts were tied to sensors outside our house that tracked rain, air quality. They were tied to our cameras and our other security devices.
And all of that was linked through my little wizardry to the sensors that the county used in the rivers. So every time it rained, we actually were to be able to do a delta between our house and our safety with the river near us. The entire neighborhood became dependent on our updates from Facebook.
Speaking of that, I thought to myself, how truly safe am if I'm not making sure my neighbors are safe? So one of the first things I did was I built a safety and security system for my neighborhood. It was actually featured in the Atlantic in 2020 at the beginning of the pandemic. It allowed us to not only be ready for disasters like floods and power outages, but actually rally our neighbors together to create useful things like stockpiles of food, medicine, or skills.
It was a remarkable thing. From there, we able to take that and create a front end to our community where anyone could come in and learn about the safety procedures in our community, whether they be at the state and local or community level and who could help us in our community. It was an amazing system. And I certainly made me feel more safe.
But with all the changes that were happening in my security after dark world, by the end of 2020, I got thinking I need to find someplace a little bit more resilient. But where do you even look for that? There are so many different things happening in the United States today depending on where you live.
Here is a map that shows you a little bit about what climate emergency is which are some of the biggest things we're going to be facing in the next 10 years and where they are in the United States. So I happen to find one of the few super safe climate resilient places, the darker purple on this map. You'll see that Colorado, a little bit out on the West Coast. But you see this big swath of purple up in the Northeast? That's exactly where I decided I was going to go.
So I went ahead and started thinking, how do I make sure I find a home up there that meets all the same safety and resiliency? So I built another system that would scrape houses off of Zillow, put them into a map, and then automatically send my realtor a note letting them know that we wanted to see those houses. Those houses had to meet certain criteria to make sure they were safe and address all the things that we want to do for me and my family to feel absolutely wonderful.
Once we found our house, we went ahead and purchased it. We went ahead and did a safety and security map on every single room and floor in the house making sure we understood anything. And just like in Texas, I replicated that for my village, the villageoffonda.com, where you can go and see right now if you wanted, the real-time safety and security issues that I'm monitoring with the health of the County and the Sheriff's department and the health department as of this week, making sure that we are healthy and well.
You see, institutional resilience starts with each and every one of us. We can't really depend on the world to be this safe place if we're not making sure we aren't doing our part in it. What about your security? Where do you start securing your life after dark?
well I'd like to think of these three places, biology, behavior, and environment. Biology. So many of you, like me, have a health sensor. If you don't, you've got a mobile phone, which is keeping track of some of your health.
These devices keep track of everything from your sleep to your activity, to your mobility, to your blood oxygen, your vital signs, all of this. But so many of us don't know where that data is. And if there's ever an emergency in your family, you're-- want to know that. So the first step is understanding where your health data is, securing your health data. Believe it or not, you should have a backup. Just don't rely on the health of the phone to do it. And number three, make sure that is resilient.
One of the things I like to do is backup my health data into another system that I can always get to or my family can. This came in handy because in 2021, I was having some issues with breathing. I wasn't sure if I had COVID or what had happened, went to my doctor. Doctor didn't know what it was. But I was able to pull out all of that information for the 12 months previous for him to be able to see this.
I then got a sensor that he put on me. But I tied it to a form I would fill it, so he'd have much, much more robust information. And even this year in 2022, I have a 25-year-old piece of dental work that I'm having to have redone. They're making me go to three different providers. So I actually built another whole system to map those three doctors together, so they could build their treatment plans.
So it's really about understanding and making yourself secure beyond your devices. Because you are the most important device you'll ever manage. But what about behavior? You've got your devices down pat. Understanding where your behavior is.
Where does it-- where do you keep the music you listen to? And where is that music stored? And what does it say about you? Securing that, like when you have credit card transactions that you do off of your phone-- now they're in the bank, but are they someplace else? But more importantly, making sure that data is available and resilient.
So if you have TD data, it sounds dumb, what shows have you been watching on television? What do those shows reveal about you? Are you aware of where they're-- where that data's stored? Are you benefiting from it?
Behavior data is one of the most outrageously untapped places that we can grow benefits for ourselves and secure our own lives. For instance, for me, for our behavior data, I built the system for my friends and family for them to be able to go in any time they wanted to interact with us and log those interactions. Like we all went on vacation, everyone had a system they could then log their favorite memories and put them into. And those things now today, show up on maps. They show up on our calendars, kind of a family reminder system, that syncs to everyone's calendar. It's just remarkable.
And last but not least, my favorite environmental. Listen, we've all got smart homes or some of us even have Wise Homes. They're doing everything from the cameras to the temperature, to making sure the sounds are not too loud or too bright. Understanding, securing, and making sure that data is available and resilient is one of the most important things we can do.
So much so that we sold our house, we went ahead and built a system for our old house that mapped over to our new house. And then today, we were able to sell our old house by ourselves before we bought this one and then our new house can be sold at any point. Because our security ended where our understanding stopped.
So your resilience. What are the three things you can do today to secure your life after dark? First thing, map your life. Understand you, your family, their accounts, what services they're using. You don't have to be intrusive.
Just ask. What is your phone doing? What are you connecting to? Find the holes in your family's life.
Number two, organize your systems. You might not have ever thought about it this way. But understanding the biology, behavior, and environmental systems in your life will help make you more resilient if you have a health care or a crisis that involves the safety and security of you or your family.
And then finally, in the least important, and I'd rarely talk about the analog of life, make a book. Make a book with all the most important documents, life insurance, extra credit cards, passports, put a note in it, tell people how to use it, deeds to the house, titles to the cars. Make that book someplace safe in your house where any member of your family can get it, because we can't always depend on our devices to have all the information at all the time. You see, it's time we stop valuing our tools and start tooling our values. And with that, I'm going to head back to Jen for the rest of our conference.
All right. That was wonderful, Chris. When you said our-- your security stops when your-- your security stops when your understanding ends.
I mean, I think that just really wraps up what you've been talking about. Alex, Paula, a lot of our session speakers yesterday and even today, I mean, so powerful. We need to continue to take our understanding further and further, really to try to stay up with or hopefully, ahead of the hackers that are trying to get into our environments.
Just a little bit-- just a little bit. Yeah. And I really-- I just-- I think a listen to Alex and listen to Paula really help me think more, I think, diligently about how we all think about security. But just not like the stuff we think about at work, but just how we secure each other in our communities and our families.
And it's the most important thing we could do. I mean, you have a beautiful family, Jen. I know you know what I'm talking about.
Yes. Yes, I do. Thank you. Well, looking forward to today, we have another great session, another great three tracks. Lots of sessions coming up for you to attend. We've got our Microsoft infrastructure security track, Microsoft 365, and then On Premises and Hybrid Migration and Management. Definitely make sure you check that out.
We've got folks like Etienne Bustarret and Jorge Lopez from Microsoft talking about identity and hybrid identities. We've got Habib Mankal talking about Teams Shared Channels and how you secure and govern that. Paul Robichaux is going to be talking about throttling and why it stinks so much. We've got some great migration sessions, so definitely stick around and watch the presentations today.
Remember, the recordings for everything will be available after today. The presentations, that is the number one question. The presentations will be available after today. And so I hope that you engage with that and engage in our live Q&A.
Make sure that you jump from the tracks which are in the live events over to the team meeting. You can find all those links on the home page for virtual TEC. Participate in those live Q&As, turn your camera, and ask your questions, and also participate in social media. And Chris, what's our handle here for TEC?
Don't forget the hashtag. You got to put the hashtag in there. I've seen people do it without the hashtag, it doesn't work. Yeah, so you have to have the hashtag.
Well, speaking of TEC, also make sure that you keep your eyes out for TEC 2023. Remember, we are in Atlanta at the Loews Hotel in midtown. Awesome, awesome place.
September 19? Was that September 19?
Yup. September 19 and 20.
And you can register now? I think.
It should be open. That's right.
Yeah. So we will be--
First one to register gets a prize.
No, I can't say that. You had so many good prizes last year. You having that many good prizes this year, the one coming up?
Of course. Of course.
It was like $25,000 worth of prizes, you had, wasn't it?
Yes. Oh my gosh, our sponsors were amazing, our equipment sponsors. And then of course, our swag is just amazing too. our speakers say we have the best swag, so.
You do. Yeti. Everything's Yeti.
We will see everybody here throughout the rest of today. Hopefully, I'll see you on some of those live Q&As after each session. And hopefully, we'll see you in Atlanta next year September 19 and 20. Thank you so much thank you, Chris, Alex, Paula. Thank you.