Cyber Threats: Nation-States

This article is part of a series of called “Cyber Threats: Who Wants Your Money?”. If you missed the first post, you can read it here.

After the Operation Desert Storm, in 1998, USA for the first time has shown to the world their military prowess and how technologically advanced they were. Countries everywhere looked at how technology was being utilized by the US Marines and realized that simply no country was a match for them. The warfare landscape has been taken to a new level. The Chinese army were quick enough and studied how tech was applied by the USA and wrote a military study called “Unrestricted Warfare”. A classic now.

The summary of the book: A small nation can achieve a powerful hit against a bigger one by exploiting technological weaknesses. The technological warfare between nations started.

China then created a Cyber Militia, a group of hackers based on the findings of that study. Chinese schools invested heavily in programming and network computing. And I’ll use this Chinese event to explain a bit what goes behind the minds of a Nation-State Cyber Threat.


Why They Did it?

The answer to this question is similar to the answer “Why is Windows Phone trying to compete with iPhone?”. Because if they don’t, the competition will take over without resistance. And from a nation perspective, everyone was going to invest in cyber tech. China could not afford to be out.

Since then, reports of cyber attacks attributed as originating from China emerged in the news frequently.


What Is a Nation-State Attack?

Every western organization likely experienced an increase in port scans and access attempts to their systems around the year 2000. Port scans are considered attacks because they are done with:

  1. Explicit Intent to actively look for weaknesses in your security stance. These are not done for fun or curiosity, they carry a malicious purpose.
  2. Malicious Purpose. They are like “checking doorknobs on people’s houses”. Once they identify, the next step is to compromise information and integrity in exchange of political of financial gains

To mention a few examples:

Regardless where they came from, executives all over the world recognized the threats and the Three Warfares was written. A mark on defensive systems against Nation-State attacks.

People started to understand their devices could be attacked, casual conversations recorded and personal storage devices compromised.

Small and medium companies started to be attacked. They were used as a new attack vector against their partners, big corporations.


Why Nations Do This?

Because it is profitable and offer an upper hand in tactical politics. Big damage can be done by small groups against large organizations by a fraction of the invested cost. According to Interpol data, cyber espionage theft amounts to US $1 trillion.

The Center for Strategic and International Studies, estimated that cyber espionage incurs in losses of about US $100 billion per year to the US economy.


Most of Countries are Capable of Cyber Attacks

A few countries are the undisputed leaders such as USA, Russia, UK and France. That’s where the power of alliances come into play, but many small nations proved to be highly effective. Take for example Stuxnet, which has the power to take over power grids and nuclear plants.

Have a look at this video explaining how powerful Stuxnet can be for a Nation-State attack:



It is impossible to talk about Nation-State attacks and not to mention Edward Snowden famous for the Wikileaks whistleblowing and now writing for the Guardian which “confirmed” the USA actually created Stuxnet.


Cyber Threats: Who Wants Your Money?

Nowadays, no organization which is planning to go or it is already (partially or completely) in the cloud can minimize the importance of cyber-security. Like a fighter during the last round of a combat, an organization cannot let the guard down after hours.


photo courtesy: @MSAU

Virtually everyone, from employees to executives and partners, are always connected to the Internet. Internet access is ubiquitous and everyone is carrying super-computers in their pockets.

And that increased surface of utilization created by the possibility of “access everywhere” challenges cyber-security status, because the interaction between smart devices and users and locations (safe or not) exposes individuals and companies to several security threats. That’s why in many organizations employees with access to important documents should treat their personal devices with the same rigor as their computing systems at work.

At the end of the day, cybersecurity is risk management, and the best approach to handle this is by establishing a secure corporate culture with positive management practices.


“Know Yourself and Your Enemy” – Sun Tzu

The internet is a fantastic place. Any information at the reach of your fingertips, however evil lurks. Cyber-Criminals are on the look out, looking for the right person to prey on. Day in, day out, thousands of hackers navigate through the web, attacking systems, devising plans, looking to exploit weaknesses in someone’s environment. 24x7. 7 days a week. The importance of the right security partner is paramount because it doesn’t matter how secure you try to be, hackers will always outnumber the defence team.

And now, hackers are not only after fame and glory. They are after intellectual damage and financial loss. Countries are fighting each other using the cyberspace, which created a whole new of threat classification in itself. It is like the wild west out there, and they are after everyone weak enough.

Despite that, successful enterprises didn't get there by avoiding risk. Instead they managed them to obtain a competitive edge on the competition.


The Enemy

The main cyber threats to organizations nowadays can be categorized as:

  • Poor or Malicious Products
  • Internal Threats (Insiders)
  • Hacktivists
  • Terror and Crime organizations
  • Nation-States

Today we will start a series of posts targeted to “know your enemy”. We will identify the players in the current cyberwars, their threats and how to manage them.

Let’s start talking about the threats posed by Nation-States.


The World in the Year 2020, According to Gartner #GartnerSYM

Every year, Gartner releases a list of predictions in a huge simultaneous event across the globe (respecting the individual location timezones) which are followed closely by strategists, IT thought leaders, futurists et all from all over the world. The 2015 event key takeaways were:

  • Autonomous Software,
  • RoboBoss and
  • Smart Devices.

I’ll spare you the suspense. Let’s go straight to them. Here are are Gartner’s top 10 predictions for 2020.


#10 - Writers Belong to the Past

Machines will be responsible for 20% of all business content created. In fact, these “robowriters”, as they are called, already produce reports, sports tickers, graphics etc. Once you stop to think about it, yeah, they are here already.

#9 - Connected “Things” will Need You

6 billion connected things will be requesting support. This “things” are smart-devices living in the Internet of Things (IoT)  needing services, data etc. It is expected that campaigns of new business models will be developed targeting these “things” which will then influence their owners.

#8 - Software that Works on its Own

Autonomous software”, that’s the keyThese are agents working independent of human interaction. They will participate in 5% of all financial transactions across the globe. Machine learning systems and predictive algorithms are actually beginning to perform transactions in many banks without our help as of now.

#7 - Meet Your New Boss: A Robot-Drone

3+ million workers will have a roboboss. It is unclear at this stage how this interaction will develop, as in a employee-boss setting or if it will be on a employee-watchdog basis. Either way, artificial intelligence will play a big part in this story.

#6 - RoboCop Buildings

20% of smart buildings will experience digital vandalism. From hacking to physical damage, these are smart, automated constructions which will affect the lives of communities around them. Hacking IoT is a new attack vector.

#5 - Top Companies will Have Machines as Employees

50% of the top IT companies will have more smart machines than smart employees. That’s because several smart machines will be easy to leverage new ones by the same group of smart employees.

#4 - Digital Assistants Will Interact with People

Digital assistants will finally recognize and interact with individuals by face and voice, a bit like what Microsoft Kinect does today. They will open the doors for a new age of biometric security, incorporated with a much powerful and consistent delivery.

#3 - All Your Health and Fitness Data Are Belong to Us

2 million people will be required to wear fitness tracking devices as a condition of employment. This will affect deeply the insurance industry and the design of smart cities. People will be encouraged to be healthier and with the “open doors privacy” (allowing iWatch, Facebook etc read and share individual data) currently being the status-quo, that trend will definitely get stronger.. Overall this is clearly a fantastic benefit for the community living in the year 2020. Likely people won’t be using independent trackers, but instead this tech will be incorporated into their current devices.

#2 - Apps will Use Apps for You Better Than You

40% of mobile interactions will be done paired with smart agents. Yet again another prediction following the mantra of autonomous apps and software.

#1 - When a Cloud Security Breach Happens, It is Because of You

Cloud security will be so powerful and so pervasive that 95% of all failures happening in the cloud will be due to  customer's fault (not the vendor’s), varying from poor usage and risky user behaviours up to incompetence. Did your data leaked to 4Chan? Don’t blame AWS or Microsoft. It was you!


Personality and Imperative Test: Ambassador

I’m not a big fan of personality tests. I think that sometimes they show a different side of us that might not represent our individual as a whole. However I took the suggestion of a friend over twitter and gave the a try. And I was pleasantly surprised. The description is very very accurate about my drivers in life.

I am not sure if you believe these things or not, either way give it a try. Worst case scenario it will be fun.

Meanwhile have a look at my profile. Below are my results:

The Ambassador

You make your mark on society by facilitating authentic human connection.

Edge Pereira: My imperative is to shape societies and communities to help them overcome societal barriers engaging them and bringing them together.

You change the world by connecting and bringing people together. Driven to promote fairness and equality to ensure equal access to opportunities - you work to empower communities and enable them to tackle significant challenges that bring about large-scale change. By connecting people through a shared vision and fostering commitment and ownership, you ignite the collective energy and drive needed to move towards concrete societal progress. Your work feels especially worthwhile when you see your contributions leading to widespread changes that expand opportunities for all.


Who Do I Want to Impact: Society

You seek to impact communities and society. You find purpose when you:

  • See others promote your solutions and ideas
  • Implement a new policy
  • See a change you made have long term impact


Why Do I Work: Harmony

You are driven to ensure everyone has access to opportunity. You find purpose when you:

  • Level the playing field
  • Help others overcome barriers
  • Ensure everyone is heard


How Do I Solve Problems: Community

You bring groups together to build engagement and ownership. You find purpose when you:

  • See a team come together to accomplish a goal
  • Connect two people who would get along
  • Empower a group solve its own problems


Defining Motto

“Equality is not a concept. It's not something we should be striving for. It's a necessity. Equality is like gravity.”-
Joss Whedon


ASN Website Security Flaw

This is really a bit disappointing. YET ANOTHER website that stores and sends login information as plain-text. guys, please fix this. If you can’t see how is this an issue, please have a look at this article explaining: Ticketek Website Security Flaw.


You tell me that ASN does not involve a lot of credit card processing. OK, I grant you that. But the issue is a lot of people use the same password for several websites. You get hold of someone’s password then this password might work in other websites.

Come on ASN, you can do it! Smile


What’s the Problem with Plain-Text Passwords? A Disaster Waiting to Happen.

TickeTek is a great site. Actually, I love all the online booking capability industry. These guys apply a lot of cool stuff over the internet to make our lives easier when booking tickets for events. No more queuing to get to that place and worrying about where one will be seated. (unless you’re an iFan)


And because they deal with personal details and personal information, they should be extra careful to make sure data don’t get leaked for criminal purposes. Which brings us to the reason I am writing this post.

The other day I went on to book tickets for my family so we all could go see the Australian football competition. We picked the Brisbane Roar vs. Central Coast Mariners game. It has been a while since I bought my last tickets and I forgot the site password.

No worries, just click the option to remind the password, right? so, I did that and this is what I’ve got in my email.


Yep. They sent me my username and my password, in plain text to my email. To the unaware or naive mind, this doesn’t look too bad, actually some people think this is very cool, so you don’t think about a new password. Just use this one, right?

Here’s the problem: If they are sending me my password then…

  1. They are storing my password as it is or;
  2. They are storing my password in a way that it can be scrambled/descrambled

Either way, they are storing my password somewhere. And that’s not great! Room for improvement here….

Why is this a Problem?

There are a lot of problems with this, but I’ll nail it down to 2 points:

  • Email is not a safe environment. There are hundreds of types of attacks that can be done on emails. The email protocol itself is not encrypted.
  • Easy as copy/paste. If someone get hold of my email account, they can go and search for the text “password” and voila…there it is for the taking. And there is no need for hacking to be involved. Just need to leave your browser accessible for a few minutes while you go do something else and you’re done. The options go from someone lurking behind your back and writing down the password, until virus that take screenshots of your computer.
  • Multiplication of the weakness. Now your password is stored: at your place, at TickeTek and now in your email server. Like it or not, every time that email gets forwarded it increases the chances of someone getting hold of it.

So, here TickeTek is telling me that “hey, if you forget your password don’t worry, we are storing it for you in plain-text, or using a reversible encryption process to get it for you”. This is a big no-no! This is a sign of poor thought out security here.

Another problem is that if a hacker gets a very limited, very restricted access to the system…let’s say, “read-only” kind of access, he/she still can read the password and from there empower themselves to a higher ground of disaster. This is not unheard of. If you don’t believe me ask the folks at:

All these people said they used secure procedures to safeguard user’s details, yet when they were hacked it was all exposed they did not go through the steps to make sure it was secure enough. The sad conclusion here: This is still a very common vulnerability even among big companies. Sad smile


General rule: Nobody, nobody except you, should know your password.

Who Owns My Data?

Ok, further in the process. Now I have the right username and password, then I proceed to buy the tickets. Because I once bought tickets with the site, they stored my credit card details. Now you see the danger brewing…

Imagine if someone grabs my password. Because the site stores my credit details, now the hacker have my credit card. The party is getting better.


The Privacy Policy

The publication BusinessWeek did a report on internet privacy where the results show that the majority of internet users are worried about how their personal information can be used. From a customer respect perspective is it always good to have a privacy policy. A privacy policy’s objective is to disclose, to inform people (visitors/customers). TickeTek is doing the right thing here. They also have a privacy policy. That shows they care for how the information is handled and they have guidelines. Great job here TickeTek.


However, by looking at the policy (something I am sure a large parcel of the visitors don’t do) we see statements like this


I would say that text is missing some points because as you could see they store my password. But maybe here’s the reason why. Apparently the personal information collected is stored outside TickeTek on a 3rd party vendor database.


Which can get even more complicated. This increases the surface for attack. Here are some possible attack vectors:

  • What if such database is backed up by yet another external company
  • What if the operating system from these companies are not fully patched against security risks
  • What if there are weak points in any other hardware or software firewall involved
  • What if a given user that have access to this database get a virus that could exploit the data
  • What if this database, for whatever reason, ends up in a computer, laptop, removable media and it gets stolen
  • What if a frustrated employee, not related to Ticketek at all, decides to "hit back"

All these are plausible scenarios and require appropriate mitigation strategies in place. In-depth security: every layer in the system needs to be hardened individually.

In short, here’s the diagram explaining this. Look at the attack vectors in red:


So now, there you go, your password is stored in yet another place, a 3rd party company. And again, to bring up the point of the security vulnerability: This 3rd party company might have a team of IT professionals that can handle the data stored. So now your password is stored:

  • In your email server
  • In anyone’s email server if you forward the message in anyway
  • In your ISP
  • In your laptop or mobile
  • In someone’s else company …

So the threat model now has additional attack points, because now you are involving more parties. And again: the password it is still stored either in plain-text or in a way that it can be deciphered. Regardless the way you want to look at it, this is a bad practice….but salvation is at arms length and it is not complicated at all to fix !!

Fixing This: How Should Passwords Be Stored?

Well, ideally you wouldn’t want to store a password. Let’s take a step back and see the purpose this: Authentication. If we stop to think about it, we don’t need to check if the password matches, we need to check if the password is right! And there are several ways to do this, one way is to generate something called “hash”. A hash is a code generated using your password as initial value and an additional value called “salt” which is random and individual per password. That code is always unique and that’s the value you should store. I like the analogy that the hash is like putting meat through a grinder. Anyone can manipulate the meat afterwards but there is no way you can restore the meat to the original state. Likewise, you can always verify the hash generated based on the password the user provides in the website, but there is no way to process it and to revert the password back.

And because nobody knows the user password, no email can be sent to them with a plain-text password. Instead, an email will be sent with instructions to set a new password, which is not only a good security practice but also forces the user to recycle an old password.

It is All About Reducing the Surface for Attack

Techniques like this will not avoid a website from being attacked. If you were patient enough to read up to here (thanks for that, I really appreciate it! Smile) you see that all we want to do is reduce the surface for attack and minimize the damage. Adding enough security measures in place to make sure that even if an attacker can get hold of this data, the potential for damage is minimized.

One More Thing Before You Go

I wanted to point out also 2 cool things the website is actually doing very well. See this image below, this is me sniffing all the internet traffic between my computer and TickeTek website during the credit card processing. Everything is using SSL/HTTPS, which means all the communications are encrypted. Good job!


Also TickeTek has a Privacy Officer, which is pretty cool if you ask me. If you’re a customer and have any concerns about your data and how it is being handled by them, just contact these folks and they will address your concerns. Good job again !!


On a final note, all this thing about sending passwords in plain-text via email is a big security issue because it comes from a weak security stance, which then projects an image of “hey, other places might not be using the best security practices”; however this fix is extremely common and, I dare to say, is a bread-and-butter of any decent programmer.

I really hope they fix this soon! By the way, I did send this post to their Privacy Officer.


Office 365 and the Australian Data Retention Laws

Since October 12th, 2015 all the online communications done in Australia now is being tracked, monitored and stored for 2 years via a new law enforced. The so called Data Retention Bill. All this info is valid as of October 2015, you know…in the cloud, things change rapidly Smile


The Data Retention Bill, also known as "Telecommunications (Interception and Access) Amendment" is a hot topic right now. And as in any new technology, a lot of misconception is around. Let’s talk a bit about it and how does it impact if you have data hosted with Microsoft Office 365.

I am not going into the merit of right or wrong, because I know you came here from a business perspective and with the question in mind “What can I do to make sure I am compliant?”. Also a good place to start is to have a look at my post about Cloud Data Governance.

Explaining the Australian Data Retention Law

To be quite frank, apparently the law has so many loop-holes that it is hard to explain, but the Australian Parliament website has a good summary its intentions which is to force Internet Service Providers to keep "Telecommunications Data" for 2 years, limiting the reach of agencies that are able to access this data and to provide record-keeping and reporting on the use and access of this data.

Important to note here that they are talking about generic, abstract data. Not necessarily content, which takes us to the next point

The Metadata

Quoting the back then Minister for Communications, and now Prime-Minister Malcolm Turnbull:
"The type of data referred to in the bill as telecommunications data, more often described as metadata, is information about a communication but not its content. So, in the telephone world, it reveals that one number belonging to a particular account was connected to another number at a time and for a duration, but does not reveal what they discussed. In the IP world it reveals that a particular IP address, which may have been observed to have been engaged in some unlawful activity, had been at the relevant time allocated to a particular account. In the context of messaging—email, for example—it reveals the sender, recipient, time and date, but again not the content. Access to content, I stress, requires a warrant."

In his explanation, on this telecommunications data monitoring, only source and destination endpoints that are tracked, not the content that is exchanged and any access to the exchange data would require a warrant.  So, the government will know that for example Mr John Bloggs send a message to Mrs Jane Citizen on 13 October 2015 at 11:30 AM but the content of the conversation is not covered by the law.

2 Years Data Retention

All these communications will be retained for a period of 2 years. Data retention is expensive, very expensive. It is still a bit unclear how all this will be paid for and covered, what agreements will be in place, recovery and disaster strategy etc.

How Prepared are Australian Business?

apparently, not much. According to research ~90% of business are not. So much so that Telstra just revealed it needed another 18 months in order to become compliant. That’s a complicated matter, as you can see.


You Have No Reason to Worry

For us, law abiding citizens, I expect we have nothing to worry about. All this things are being tracked, monitored, collected and so on. The amount of data is ridiculous, gigantic, and it is very unlikely that the government will pinpoint someone and start monitoring the internet movements without a good reason. At the moment, there is not enough manpower, bandwidth and time for this. Clearly, these laws are targeting people with criminal intents, people in blacklists and persons of interest. For example, when a crime is committed and a person is identified, then the stored metadata about his/her communications can be used to clarify the root cause of their intentions.

I like compliance, structures and mostly, I like the identified needs to treat about data better. Some might say this is a bit overrated but at least they are this from a security mindset, which is a good thing. If you have nothing to hide, then there is no reason to be worried about it.

On Office 365

We know that now Office 365 has datacenters in Australia, this means that this data falls into the category of the Australian cyber laws initiatives. Luckily for you, Microsoft has a strong tradition of working closely with law makers and make sure that all data in the cloud is compliant and secure. Your data is still YOUR data..

Here are some of the controls in Office 365 that addresses the legislation and regulatory needs. In some cases, you can go through them and make sure they are aligned with the current legislation:

In short, if you are an Office 365 customer you can see that most of the controls needed to make sure your business is engaged with the Australian Data Retention laws are there already. However, this is only the technological part…the biggest challenges are on the business’ processes and procedures.


Azure vs. Amazon AWS EC2 vs Google Cloud

Lately I’ve seen a few articles comparing the size of the clouds. Who is bigger? Who is more secure? Who has more customers? and unfortunately a lot of the links people send me are from 1, 2 years ago a time when Amazon AWS reigned supreme.

In this area things are literally changing every week! So while the number of costumers in Amazon AWS is still larger than anyone, both Microsoft Azure and Google Cloud are make huge leaps catching up with AWS.

Next time you see an article or when you are researching for a real comparison, I suggest to do 1 thing first: Check the date of the article and apply a gain of salt for anything written older than 6 months.

So here’s a summary of the Azure state of play as of October 2015. You can learn more about these numbers here.

Azure Datacenters

Azure has more datacenters than Amazon EC2 and Google Cloud combined.


Azure is also the first cloud service to open datacenters in India, which escalates the numbers of users to billions. Compare this with the size of the Amazon AWS EC2 and Google Cloud datacenters.



Trustworthy Computing


Microsoft invests heavily on compliance, data security, controls and transparency initiatives. As of today, Azure is the cloud service that has the broadest numbers of regulatory and data compliance certifications. This means that virtually any business environment can be delivered using Azure. That’s a challenge for Google and AWS for example, if they are not compliant with the Israel Government Data Compliance regulations, cloud solutions cannot be used for their projects.

One interesting fact on this about Google Cloud: With Google Cloud you cannot guarantee where your data will be located. Even if you select your datacenter to be in your own country. If you are an Australian customer, for example, Australian laws requires the data not to leave the country for some industries.

From Millions to Billions to Trillions


An interesting statistic not mentioned here is that more than 40% of the Azure revenue comes from start-ups and small ISVs building the next generation of businesses.

Fortune 500 Weapon-of-Choice


The proof is in the pudding. 80% of the largest companies in the world are using Azure. These guys don’t go picking up a cloud provider easily. They have specialized IT departments that take these decisions very seriously. Leverage their time and knowledge when considering your cloud decision.

Internet Of Things (IoT) Services


A lot of customers are already joining the IoT strategy to help them run their businesses more effectively and in a more innovative fashion. People like Rockwell Automation are using the Azure IoT API to manage gas dispensers across critical infrastructure around the world. From 2015/2016, all Ford vehicles will come out with dozens of IoT sensors and these guys will be streaming this data to the cloud. ThyssenKrupp is using IoT sensors in elevators all across the world tracking the equipment health of millions of elevators across the world and using Azure Machine Learning they will use these IoT signals to predict when these elevators will break down and be able to act of it before they do.


The Largest Cloud VM Infrastructure


With Azure, you can have virtual machines running on 32 CPU cores, 450 GB RAM, using SSD up to 6.5 terabytes of space, which combined can go up to 64 terabytes of storage per VM, all this with less than 1 millisecond latency. That’s huge and unparalleled at the moment.

Bring Your Own Enterprise Security Partner


Azure is already a very secure environment with platinum quality, and on top of that if your company already has a trusted security partner relationship you can bring this partner to your public cloud with Azure. The biggest and most common enterprise security firms are certified and can run on Azure as an appliance for your cloud. Implement their security protocols end-to-end with little impact on your security experience.


Windows 10 Hidden Screen Recording Tool

In my last presentation I used the Windows 10 built-in recorder feature. And for my surprise, a lot of people never heard of it!

So I thought about writing a post I can use and refer people to on how to use this “hidden” cool feature.

First think press “Windows Key + G”

This will bring up the following menu. Don’t worry if it is a game bar or not, just choose “Yes, this is a game” here.image

Next, you will see the following bar. In there you see the reb button which is the start/stop recording. As soon as you click on it, Windows 10 will start recording your screen.


When you’re happy with your recording, press/click the red button again. The recording will stop and you will see the following message in your notification area,


Your recording is saved in your Videos/Captures folder.

Well, that’s it. Simple, hey? I hope you found this tip useful. Let me know what do you think.


The Valley of the Kings Internet Version

The valley of the Kings is an archaeological site in Luxor, Egypt where 63 tombs and burial chambers are located. As you expect, several illustrious and very powerful people (aka. Pharaohs) from back then are buried there, hence the name “Valley of the Kings”. This was like 15 centuries BC. And they are all located in a small area. This has a strong symbolism.


Nowadays if you exclude the leaders of the powerful nations, the powerful folks are really the giant companies. From tech, to chemical and pharmaceutical…these guys rule our planet and the direction when the winds blow.

The Economist recently created a cool infographic about the Silicon Valley companies and their size in millions of dollars. When I saw this picture I immediately recalled the Valley of the Kings map. Have a look and tell me if that’s not strikingly similar…well, considering these companies are alive and kicking!



I’m Speaking at the Office 365 Saturday Australia 2015 #o365cbr

I am delighted and humbled to have been confirmed again as a speaker for Office 365 Australia.

This fantastic event is held in most capital cities in Australia throughout the year. At each event there are no less than 10 fantastic sessions covering all aspects of Office 365 presented by respected professionals in various fields.

O365 Saturday Australia

Join administrators, end users, architects, developers, and other professionals that work with Microsoft Technologies for a great day of awesome sessions presented by industry experts.

The Session

My Session is called "eDiscovery and Privacy: All your data are belong to us!"
Abstract: "In the 90s, Legal and IT professionals began compiling computer data and legislation, eDiscovery started its first steps. Back then, nobody would believe email, let alone social media, could be used in court. 20 years later, eDiscovery is here to stay, but is the industry prepared?"

In this session, we will talk about the biggest challenges for eDiscovery and some solutions in the works, with focus on Office 365 technologies."


When and Where

O365 Saturday will happen in Canberra, Australia on 24th October at Cliftons - 10 Moore Street, Canberra ACT 2601. Registrations start at 8:30am.

Come and join the fun. This is a great opportunity to meet with our community, connect and grow friendships and discuss real life, everyday challenges with likeminded folks.


Collab365 Conference Social Media Numbers

We made it! Collab365 was a fantastic event. Truly global, multicultural, multi-time zone, multi-everything.
And I am humbled to have been part of the event sharing knowledge.

During 2 days, across the whole planet, experts on Office 365, SharePoint and Azure bonded in a series of presentations delivered from Europe HQ to the whole world all thanks to the magic of the streaming. At this day and age when everyone mostly (only) talks about the new buzzwords "innovation", "disruption", "internet of things"  the Collab365 team done it and shown it.  I have a few “Thank You” words to the organizers, presenters and attendees. If you this this is a TL;DR kind of text, feel free to skip straight to the nice pictures a bit later in this post. They have the social media data collected.

To the Organizers

You guys are awesome! (I mean, really). From the whole organization with tasks, electronic signatures, forms technology and all that jazz. I don't think people actually understand how big of a deal organizing such a thing is. I don't think I can write enough about how I appreciate your initiative and effort. I wish I could pay you a beer or a cup of coffee or whatever :) you guys and girls did it!

To the Speakers

I mean, we (the presenters) didn't do this for money (I know, I know..I can hear the arguments, but bear with me on this). We do this because we love to share knowledge! I do have a wife and 3 kids and a consulting job that makes me travel a lot, weeks away from home sometimes!! It is hard to find time and put together content, work on demos, test, present, adjust, cut here and there, lots of late nights...all this in the hope that people will find our knowledge useful. I am sure some demos did not go as well as expected, someone must have been sick on the day, the connection was not great, some presentations were longer than expected since we were streaming etc...but the knowledge is there and was shared. I believe that if at the end of the presentation people left knowing something new they didn't know before they started, that's a huge accomplishment. We did it awesome!     

To the Attendees

You guys rocked! all this effort wouldn't mean anything if nobody turned up. We connected at the coolest level, at the intellectual level and with the spirit that 2 + 2 = 5. The sum of our gathering makes something bigger the us. And that is now history, immortal. Be proud of that! If you see any the presenters or organizers online or in person, give them a beer :) It is hard finding the time to put a presso nicely and deliver to the masses. Harder that most people think! Well, some people are naturals at it but I am talking about what I do and what I see out there with other presenters :)

OK, Let’s Talk About the Stats

In the spirit of continuous improvement, I needed to find data about the past to improve the future thus delivering a even better next event. So, at the end of the conference on a Friday night I put the kids to sleep a bit early, prep myself the a cup of coffee and went on to collect data and analyse the numbers of the conference. My criteria used twitter hashtag #collab365 and the event organization handle @colla365 as starting points. No Facebook analysis was done. (Maybe in the next one…) From there a whole bunch of data is collected. Data about geographies, gender were taken from the twitter profiles that had them exposed. Data related to time and date were relative GMT (London). The collection stated 6 hours before the conference started and ended 6 hours after the conference finished. If I tried to collect the same data later tomorrow it is likely to be a bit larger because people might still be posting their sentiment online about the conference and still using the hashtag.

I will come back latter to update the text and stats comments in this post, so feel free to check  back this link from time to time.

Anyway, I won't take much from your time reading my musings here :) Let's go to the numbers.