Hello everyone -- What an honor to spend my Friday with you today. This was truly a Happy Hour for me! Thank you for taking the time to speak with me today. I had a great time answering your questions, and I love your interest in the cybersecurity industry. I have to get back to work because as you know, cybercrime never sleeps, but I look forward to speaking with you again soon! Have a safe, secure, and awesome weekend!

(my intro: I’m Theresa Payton. I served as the first female Chief Information Officer at the White House, overseeing IT operations for President George W. Bush and the 3,000 members of the Executive Office of the President. I’m also the CEO of Fortalice Solutions, an industry-leading security consulting company, and co-founder of cybersecurity product, Dark Cubed (we have a super cool team). Most recently, I served as the Head of Intelligence on CBS’ new hit show, "Hunted." Ask Me Anything!)

Proof: https://i.redd.it/czrlx05329jy.jpg

Additional proof: https://twitter.com/TrackerPayton/status/840220796664582145

Comments: 579 • Responses: 61  • Date: 

seabowl495 karma

Do you cover the webcam on your laptop PC?

TrackerPayton642 karma

YES! I have a campatch card on every webcam. It doesn't stop the spying on the audio side but it stops the visual spying

OhNoRhino78 karma

what other things can a person with little to no tech knowledge do to protect their privacy and information?

TrackerPayton226 karma

(1) digital devices should stay out of private spaces; (2) keep the operating systems, browsers, and other software as up to date as you can b/c updates often include new security/privacy patches

OhNoRhino46 karma

can you elaborate on #1 or point me in the right direction for a more detailed explanation?

Cheers!

TrackerPayton173 karma

sure. smart phones and devices with webcams should either have their cameras covered or be placed device / camera side down when in your bedroom or closet. I know a lot of people use them for alarm clocks or charge these devices at night in their rooms. You get 2 bonuses here: (1) they can't spy on you via the camera and (2) you avoid suffering from "junk sleep" which is the slight interruption of sleep that happens when device screens / chargers/ etc. glow or blink in the dark while you sleep

grapefruitloop41 karma

Is there a percentage of the time that people may be spying on you through your webcam? Is it completely random if they're likely to spy on you versus someone else?

TrackerPayton196 karma

It depends. If you are interesting they would probably spy on you a lot. If you have a cover on your camera they may go away. It's hard to understand the digital creeps that do this stuff. We worked a case where a male college student left his devices around in girls' dorm rooms and then would spy on them while they slept, studied, got dressed. When pressed by the college, he didn't have a good reason for it...but then again there's not one.

svel33 karma

so it doesn't give any real security if your mic volume is muted or down to the lowest setting? i did not realise this....

TrackerPayton63 karma

sadly no, you just muffled them. You can elect to turn off your mic and camera in your privacy settings.

ermumok154 karma

Any tips for an "average" person who might not know much about cybersecurity?

TrackerPayton496 karma

this is a great question! and you are not "average" - you are great for asking a question! yes, (1) have more than 1 email address and separate your social media accounts on 1 email address vs. your online banking / confidential transactions (2) consider using 2 factor auth for ALL accounts (that's usually a code texted to your smart phone (3) get a google voice # and use that online vs. your real cell phone number (4) consider using encrypted apps such as threema or signal (5) and NEVER click on links even from people you know without checking them out first on a tool like virus total (free)

Tarah9468122 karma

Any advise on how we should be responding to the released documents by WikiLeaks pertaining to Vault7? I expect vendors will continue to release updates to their products in response to the leak, what can we do in the meantime?

TrackerPayton168 karma

Wikileaks announced they plan to share the code with the vendors. I highly recommend you be on high alert for scams and emails that act like they have the solution. Only download updates from the legit company sites for your Smart TV, Smart Phones, IoT devices, etc.

grapefruitloop103 karma

How did Hunted work without law enforcement or government help? Did you hack into stoplight cameras?

TrackerPayton142 karma

Tks for that question. I wasn't involved in the production side but I know they created a notional environment that was had the powers of the state. In Command we ran it as an investigation and submitted subpoena requests, requests for investigation, etc. as if it were a real world case. And just because we requested it, doesn't mean it was approved. We had lawyers and judges that approved or denied our requests just as in the real world! Cool and smooth move on production's part!

Mafiya_chlenom_K85 karma

If a packet hits a pocket on a socket on a port,

and the bus is interrupted as a very last resort,

and the address of the memory makes your floppy disk abort,

does the socket packet pocket have an error to report?


On a more serious note, recently James Comey has said "There is no such thing as absolute privacy in America". With that in mind, are there any software suites that you could recommend to help better preserve our privacy online? Maybe MIT's upcoming Riffle network?

TrackerPayton97 karma

Great poetry. I had to talk to my kids the other day about floppy disks and what they were. Oy! I did read what James Comey said and I respect his service and opinion very much but respectfully disagree. Democracy dies when the citizens believe they cannot say a cross word or voice an opinion of disagreement. Privacy can be preserved, we just have to be more diligent about it. Starting with a few simple things like browsing online and using tools such as the EFF's Privacy Badger and Ghostery can be quite helpful. Using comms tools such as Signal, Threema or email platform of Proton mail can also be useful.

TrackerPayton122 karma

and "Listen. Strange women lying in ponds distributing swords is no basis for a system of government. Supreme executive power derives from a mandate from the masses, not from some farcical aquatic ceremony."

OROS_Rover71 karma

How secure are products like Amazon Echo and Google Home? Do you use them in your own home?

TrackerPayton151 karma

Great question. Just know that all new tech is completely hackable. Sorry to be a downer on that. I love Google home. Advice: (1) create a separate wifi access point for your smart devices so it's separate from the wifi that you use for confidential trans; (2) choose wisely how much you integrate the echo or home devices into your home.

OROS_Rover46 karma

This is part of the reason I've been so hesitant to get a Google Home. But then again, I know I have a phone, computer and everything else that's hackable too..

TrackerPayton66 karma

It's okay to start slow when you integrate these devices. Maybe start off with a Google Home and give it, it's own Wifi segment on your home network. Consider just linking your calendar to it and using it to help you manage your day, the traffic, the weather, etc until you get comfortable with the next place in your house you would like more integration and automation. Although everything is hackable the security teams at Amazon and Google are really smart and work very hard to keep things secure.

DivestTrump71 karma

What are your thoughts on Trump's claim that Obama wiretapped Trump?

TrackerPayton169 karma

I candidly don't know what to think on that one. Maybe he was trying to find out who was getting the job of running the show the Apprentice?

samwise091269 karma

On a personal level, what are a few of your favorite films?

TrackerPayton259 karma

Thanks for asking! The Princess Bride is an all time favorite of mine but it's hard to compete with Monty Python's Holy Grail.

TrackerPayton168 karma

Who can resist: Your Mother was a Hamster, and your Father smelt of Elderberries!

Spontex153 karma

Hi, thanks for doing this AMA!

What are the best certifications to have in infosec? In coding you can prove your skills with the quality of your code without the need for certifications.

Is there something similar to this in infosec?. Like finding vulnerabilities and relevant bugs.

TrackerPayton100 karma

OSCP is a favorite. Try online classes at coursera too to find your favs.

AbsolutZer0_v244 karma

Do you feel like the Hunted show suffered because of the endgame for the final two pairs? Watching it, we felt as though the last two pairs were dealt a crappy hand. They manage to last 28 days, and then the "endgame" was 1) tell the hunters where they are, twice. 2) Make them move on foot to an extraction when the hunters knew their locations, exit methods, and had vehicles.

My wife and I were a little disappointed. Either pair could have been caught simply by happenstance of a hunter team being close to an extraction location. All the other tracking methodologies were cool, but saying: They are at this bank, and they are leaving by air really makes it easy to find them. Like, ridiculously easy.

TrackerPayton45 karma

Thank you for watching Hunted! I love our Hunted fans and appreciate you so much. The fast paced editing of the finale was awesome wasn't it? What I think was hard to relay is we had reduced the number of ground hunters we had in the field and we still had 100,000 square miles to cover. Yes, they did have go to a bank to get their $ but we had no idea what town they would be in, we had to make calculated guesses. AFTER they made the transaction & left the bank is when we got an alert with an address and had to track that down. Soooo....if our cars were not close by, they were in the wind before we could get to the branch.

roochenz41 karma

What are your thoughts on traditional/legacy antivirus solutions, and the new trend of 'next-gen' endpoint solutions?

TrackerPayton104 karma

Great question on anti virus solutions. Since every 90 seconds a new deviant of malware is released in the wild, these solutions have a hard time keeping up. It's like Lucy and Ethel in the chocolate factory when the conveyor belt sped up. They are important tools but they sometimes give users a false sense of security.

TrackerPayton35 karma

Was that helpful?

Chtorrr37 karma

What is the craziest IT situation you have experienced?

TrackerPayton88 karma

Complete server failure when trying to do a demo for the executives of my company to convince them to spend money on it. Talk about sweating bullets...I began to do drawings on note pads and telling stories about what the system could do . Oy. Horrible.

pleuvoir_etfianer21 karma

So... what's the conclusion of the demo? Were they empathetic?

TrackerPayton57 karma

they gave me the money to do the full system...the next time I did a demo it worked. Phew!

deytookourjewbs31 karma

Are there any signs that can help discovering someone that hacked your computer/phone? If there are have you noticed some of them sometime in your life?

TrackerPayton64 karma

Couple of telltale signs: (1) device reboots for no apparent reason; (2) slowness of device (3) files on the device seem out of order (4) check your sent files to make sure you really sent them all (5) when in doubt, I'm a fan of backing up data and doing a factory reset (6) microsoft, apple, and sophos all have free malware removal tools on their websites as well that may be of help

TrackerPayton66 karma

You asked if I had noticed a hacking sometime in my life, yes I have seen it. I also aways assume someone or some message could be hacking me. But it's only paranoia if you're wrong, right?

DownTrunk27 karma

How on earth did the English family evade y'all for 28 days? They did nothing and got like 5 minutes of airtime on Hunted.

TrackerPayton64 karma

Well, for starters the English family didn't go to taco bell!

Rexferal000926 karma

People have given up allot of privacy in the digital world. We like things to be convenient, so we voluntarily give up allot of private info. Do you see this trend continuing? or do you think people are becoming more savvy about privacy?

TrackerPayton61 karma

What I love about the privacy discussion is we are FINALLY having one. I don't believe people really understand up until recently that every finger swipe, mouse click, ATM visit, etc. was being memorialized, correlated, and categorized for future use. On the surface, this is data is collected to be "helpful" but that data in the wrong hands is actually not helpful at all. It was my hope with a show like Hunted that people would be entertained, engaged and a little enraged about their privacy. I do think privacy is a personal decision though. A famous chef may need to be wide open on social media to further their brand/career while a young teen needs more privacy and protection. So hopefully I can share info that will help you make good decisions that are right for you!

WickedPrince22 karma

Is Charles Debarber as savvy in person?

TrackerPayton15 karma

Charles is an American Hero, loyal, hard working, and yes, very savvy!

TrackerPayton16 karma

WickedPrince7 karma

I believe that. But, what's the budget for his hats look like? Inquiring minds want to know.

TrackerPayton20 karma

Charles told me his hat budget is classified (I'm assuming he doesn't want the missus to know)

TrackerPayton8 karma

Hmmm...I will ask him, he supplies his own but I have talked about buying him a team hat!

CodyGrammy18 karma

How did the team feel when the #lostwolves flew Beth into the Hunted game zone?

TrackerPayton37 karma

CAN'T.TALK.HURTS.TOO.MUCH.

ThemLuckyRabbits18 karma

What does your company Fortalice do? Do Charles, Landon, and Myke really work there?

TrackerPayton39 karma

Yes, Charles and Landon work for Fortalice. Myke is a great friend and sci fi author and works in cyber/intel for a large police unit (have to keep him covered) but we'd love to have him on team Fortalice one day. We protect Nations, Business, and People. We're hiring! Want to join us? :-)

Lulooney17 karma

With a high interest in this type of security and no professional experience, are you willing to train eager individuals?

TrackerPayton35 karma

We highly recommend classes and internships. We have an amazing intern, Steven, he rocks

mouthmachine13 karma

As someone who was at the absolute pinnacle of the IT industry, does your family ever stop asking you to fix their routers?

TrackerPayton34 karma

I get asked for tech and security support all the time. Even at cocktail parties. It makes me wonder if Doctors get asked for free medical advice like this too?

CandidDuck12 karma

Would you rather fight one horse-sized duck, or 100 duck-sized horses?

TrackerPayton39 karma

Both and I would win.

TrackerPayton23 karma

“... a mind needs books as a sword needs a whetstone, if it is to keep its edge.”

darkfisher2312 karma

What do you recommend for all of the parents out there that are considering getting their middle schoolers or high schoolers a smart phone? How can parents protect their kids?

TrackerPayton30 karma

I would also talk to your kids about "stranger danger". When I asked middle schoolers if they would accept a friend invite from a stranger, they said no. Good answer! Not so fast... My 2nd question was, "Would you accept a friend request of someone connected to your best friend even if you don't know that person?" and 90% of the kids said THEY DO THAT ALL THE TIME. Yikes parents!

TrackerPayton20 karma

Additional advice, only you know if your child is READY for social media. Most platforms ask them to be a minimum age of 14. Be where your kids are on those platforms, including games. Just like you teach them to drive responsibly, teach them to be a digital citizen.

TrackerPayton14 karma

Landon from Hunted and who works for Fortalice recommends a flip phone instead of smart phone.

smcnabb110 karma

If you could choose between the power of realistic flight (You have wings and they get tired/speed is limited by strength) or the power to become a cat (for 12-hour long durations at a time), which would you choose any why?

TrackerPayton15 karma

May I choose both?

smcnabb18 karma

You have to choose between them!

TrackerPayton20 karma

I would go for flight. There is something about having a broader perspective on problems and issues that I would love to have so I could protect more people. Plus, I am a thrill seeker so that'd satisfy my need for speed / aerial acrobatics.

themarcmac9 karma

How you doing?

TrackerPayton14 karma

I'm great and have a great time chatting on Reddit. How are you? How's your Friday going so far?

ShameSpear9 karma

What's your security at home like? Do you have a router with built in VPN and a Faraday cage for your smartphones when you go to sleep? Just wondering how intensely an expert practices what they preach.

TrackerPayton20 karma

i'm off the grid at home...mostly.

locotxwork8 karma

With your so called fame, are you afraid you may be Hunted and doxxed . . also are you part of the Cicada 3301 team?

TrackerPayton12 karma

I cannot confirm or deny who actually belongs to the Cicada 3301 team. Being Hunted and doxxed should be a concern to everyone. Hopefully some of the tips I shared today will help ally fears and concerns and keep everyone a little safer.

ReliableSource8 karma

What makes/models of devices do you use personally?

TrackerPayton21 karma

Ah! Before I talk about what I use, just a comment that the big companies leap frog each other from time to time on privacy and security so some of this comes down to personal preferences. We run the company & my house mostly on Apples. We do have other operating systems in use at work and home but our day to day go to devices are mostly Mac, iPhone, iPad...

puffybunion8 karma

What are your thoughts on the fight against Cyber criminals? How do you think the world will look in that regard in 10-15 years?

TrackerPayton35 karma

I had a person say to me once, "if you and people that do security like you were doing your job, you should have worked yourself out of a job by now"...which is interesting and I asked him if he says that to fire depts and police units (with a smile of course) but candidly, I'm glad he said that to me because it got me thinking. First off, i cannot name 1 security problem that I or my colleagues in security have 100% eliminated for you. That's horrible! Here's why we haven't worked ourselves out of a job, the technology evolves and changes and with that so do consumer behaviors and with that so do the cybercriminal behaviors. My job in cybersecurity this year is very different than just a year ago. We build a wall to stop cybercriminals and then they find a way around it. The security profession, and I hold myself accountable here, has to change how we protect and defend you. It starts with me. So what does next 10-15 years look like? (1) we stop holding YOU as the consumer accountable for security and we do it for you (2) we think differently about the cybercriminals motives and tactics and shut them down (3) we develop international accords so when cybercriminals attack and we figure out who they are, we can put them through a legal process and perhaps jail

puffybunion8 karma

Do you still do any coding? What do you like most about your current work?

TrackerPayton39 karma

Great question. I'll be a student of my profession for life. I took an online python class last year via coursera. It was very helpful. I don't get the chance to do as much coding as I used too but I attempt to stay current. What I like most about my current work is working with really smart & passionate people to help our clients. When we help a company stop a breach or recover from one - the good guys win a little that day. When we help a person that's a victim of revenge porn and feels they have no hope of getting their privacy and their life back get those images offline...the good guys won a little that day. We're the Avengers righting the wrongs that happen via the internet...trying to make the internet a little safer so everyone can work, play, have fun on the internet.

puffybunion13 karma

That is very admirable. It definitely feels like a hopeless fight at times.

TrackerPayton20 karma

I don't want you to feel hopeless! Just know there are security professionals out there determined to watch your back!

thatonesxyasian6 karma

What would be your number one advice to give to someone wanting to get into cybersecurity?

TrackerPayton16 karma

Take online classes and intern! Best way to get rollling. Our intern Steven says he's happy to hire some unpaid interns and coach and mentor them.

foildetin6 karma

If you weren't certain that the news you were seeing was the news that other people were seeing, where, in a city, could you go to see what "generic" news was on tap for the day?

TrackerPayton18 karma

I subscribe to various global newspapers which helps me get news on the USA from the outside point of view. It's eye opening to see what the overseas news reports on the USA vs. what our home news reports.

TopCheetah6 karma

I am currently studying cyber engineering, and am really interested in the law enforcement aspect of cybersecurity. What course of action would you recommend I take to get there?

TrackerPayton12 karma

Join your local FBI Iinfragard. Great way to hear the legal side of the cybersecurity issues. It's free but you do have to pass a background check so if there's something shady in your past...well, you know.

pm_me_your_kindwords5 karma

What's your advice to enterprise executives wrt security. What should they be thinking about that they don't already know?

What do you think about the intersection between security and AI / Machine Learning?

TrackerPayton9 karma

Router security for executives vs. the geeks that configure and monitor them...executives should know that (1) going cheap on the devices not always a good move b/c there are counterfeit devices and the bonus you get is a backdoor phoning home to the real owner; (2) think about the data that you are trying to protect at the enterprise and name the most critical data elements you must protect and consider designing the WRT around those data elements perhaps even segmenting traffic so those elements are accessed/routed alone; (3) big fan of segmentation because it makes it easier to watch for anomalies; (4) have a governance board that develops the "gold standards" and approves few if any deviations from the gold standard .

TrackerPayton8 karma

Big fan of looking for design opportunities for AI/ Machine learning to guide security analysts in their day job. In some cases I believe the more mundane elements of cybersecurity can be handled by AI/Machine learning but we will always need smart people to tweak that tech as well as to be thinking one step ahead of the adversary and how to hide / squirrel away the data when the eventual data breach occurs.

TrackerPayton10 karma

for a sample of squirreling away something important -- https://www.youtube.com/watch?v=4yikpWtIFU8

Vote4PresidentTrump3 karma

What top certs do you feel garner the most respect in your field?

TrackerPayton13 karma

I am a fan of hard work in the field but if you want to add some certs, I like the OSCP ($$ and not for the faint of heart).

dangil2 karma

Hello

Do you think you are a better manager or a better technical expert?

TrackerPayton6 karma

More of a problem solver and whatever is required to solve the problem.

luke33111 karma

How much time does your job involve. Do you get a lot of free time? Also is the pay decent (sorry if that sounds a bit weird but i am thinking of getting a job in cybersecurity and i just wondered how good the money is)

TrackerPayton3 karma

Cybercrime never sleeps so neither do we. We tend to be on call a lot. It's an incredibly rewarding field - it's noble work protecting people from behind a keyboard. The pay is good and we're not running out of things to do. I don't have a lot of free time but when I do, I like to go running or hiking.

-UncleRapey--2 karma

Is there any way we can get President Obama back in the White House?

TrackerPayton10 karma

Sorry, I don't have a good answer for you, but Doc Brown is doing an AMA in a couple weeks, you should ask him! Seriously though, I believe the current POTUS would be wise to seek the advice and counsel of President Obama, President Clinton, President Bush 41 & 43, and President Carter. They are all in the same club after all.

TrackerPayton5 karma

I believe President Obama seems to be enjoying his time out of office - he even got some new jeans!

-UncleRapey-3 karma

And a new leather jacket

Snazzy!

TrackerPayton4 karma

Oh I missed the new leather jacket...send a link!