Here are seven minutes of last week’s “Hacking Active Directory: An hour of critical thinking on the key business service that’s got serious vulnerability issues”.

If you’d like to see the entire video, go here.

Joining me in the discussion were

Got feedback? Join the conversation on LinkedIn.

Thanks to our sponsor, Semperis

Winner of “Best Bad Idea”

An absolutely mammoth collection of bad ideas from last week’s chat. We hit our record of 42 bad ideas. Dutch Schwartz of AWS wins again for the fourth time.

Other notable bad ideas:

“You get domain admin, you get domain admin, EVERYBODY GET’S DOMAIN ADMIN!!!!” – Shawn M Bowen, CISO, Restaurant Brands International

“Give your main Domain controller a 56K modem and hit the ‘sync now’ button.” – Eli Migdal, CEO, Boardish

“Remove Active Director and replace with shared accounts, the fewer the better.” – Caroline Saxon, director, cyber governance, Global Payments

(modifying Caroline’s bad idea) “Remove Active Directory. Use a chat room for all communications. The admin rotates to the newest employee on a daily basis.” – Dutch Schwartz, strategic lead, AWS Global Security Services team, AWS

Best quotes from the chat room

“Blockchain in my eyes is flawed by design in the public realm due to ‘authority’ issues. Nation state attacks can always win ‘critical mass’ of authority. Private blockchain still has a chance but how is it different from Active directory really? (macro level)” – Eli Migdal, CEO, Boardish

“Although IAM management probably belongs in security, there’s a need for an integrated process that includes IT, HR, and others too in some cases.” Ian Poynter, security consultant

“if people have an answer to ‘what is your password,’ that is clear evidence they only have one” – Cody Wamsley, cybersecurity and privacy associate, Dorsey & Whitney LLP