Security Tales from the Field

and security best practices.

Michael Hess

Do You Brush Your Teeth Daily?

Please text: 734-821-5212

Answer Choice Text Code:
Yes 4483
No 2983
I don't have any. 6276

Michael Hess

Current Drupal Security Team Lead.

Member of the Drupal Infrastructure working group

Senior technologist at the University of Michigan.

Supports around 1300 Drupal sites.

Twitter: @mlh407

At Michigan ...

Health System

School of Information

Large scale/big data health research



Stories and best practices

Focus on Drupal, but applies to all of the web.


The FBI notes that cyber attacks are eclipsing terrorism as the primary threat facing the US.

75% of small and medium business surveyed reported cyber attacks.

A single breach in 2010 reported 38 terabytes of data stolen. That is 2X the size of the Library of Congress.

Everyone gets hacked, so it must be trendy.


The Tale of the Red Ribbon Hacker

The Tale of the Ghost in the Website

The Tale of the Poisoned Update

The Tale We Have Heard Many Times

Overview of Drupal Security and the Drupal Security Team

Overview of Best Practices

On to the Tales

Please note, all details about the sites have been changed so they are not identifiable.


Thank you for your time!


Ben Jeavons for some of his background images