Information Security Summit PreCon Recap

I have just completed teaching my 1st ever PreCon training event at the Information Security Summit. Earlier this year I resolved it to make this a reality and present on SQL Server Security. It has been a lot of work, consuming all of my spare time the past four months. Some thoughts in no particular order:

– I had 10 students. I was pleasantly surprised to see that many sign up. When I pitched this idea to my friend Gary Sheehan, CSO of the Information Security Summit over a year ago, we didn’t know if anyone would even show up.  We thought there was a hole there between the the SQL Server DBA world and the Security/Compliance/Audit Professional world in terms of training/education but were not sure what it might look like. This was an exercise in throwing something at the wall and see what sticks. I still believe this core tenet of bridging the gap remains valid but the message/content needs fine tuned.

– Attendee break out. I was even further surprised to see that the attendees were about evenly split out between SQL Server DBAs and IT Security/Audit/Compliance Professionals.  We had some interesting discussions and I think that was very helpful.

-Gigabyte Brix. My Demo Platform was a Gigabyte Brix ultra mini PC connected via a switch. It sounded like a good idea when I bought it but it was too complicated. I underestimated the complexity of the care and feeding of it. Powerful device but overkill for what I needed it for.

– Separation of Duties. I included a module on Separation of Duties. It wasn’t very well received. Maybe because of after lunch, I’m not sure.  The demos were a dismal failure and I gave up and retreated.

-Dress Up. I believe in overdressing a little bit and I wore a tie.

-Printed book. I had the course materials printed and bound into a mini book. It was very well received, with many positive comments on the quality. I also received positive comments from other attendees later on at the Summit itself so I guess it made a splash.

-USB Drive. I also supplied the course materials electronically on a cheap USB drive. Nothing to download. It was also a hit.

-Older versions of SQL Server. One recurring theme we discussed was the prevalence of older versions of SQL Server, even SQL Server 2000 in the real world. I’m not surprised with this. Part of the aim of some of material presented was to use older techniques as a “Stop-Gap” measure to achieve partial compliance.

-ISV / 3rd party applications. Another great discussion item that everyone had horror stories on is that many 3rd party applications are replete with security holes and poor on compliance in general.

-Prize giveaway. This was a big hit and I’m glad it worked out.

-Too much material. We didn’t get through the material and there was too much of it. This course could be a two day class. Some of the attendees even said so.

-Weak Demos. I didn’t spend enough time preparing for Demos and it showed.  About half of the demos either were cut short due to failure or time constraints.  I will follow Kevin Kline’s advice and Record my demos next time.

-Content balance. The content was too technical for Security/Audit/Compliance professionals.  I suspected this might be a problem but didn’t fully realize it until I looked at my audience.  By then it was too late. Several comments made indicated a high-level day would be desirable and a deep dive day. That’s really an indication that there’s two different audiences here and that a one size fits all approach cannot and will not work.

-Content focus. The initial focus vector was operational security for SQL Server. I later expanded it to include Regulatory Compliance topics like HIPAA and PCI-DSS and at the last minute added in short modules on SQL Injection and Securing the Platform for completeness. This led to a shotgun approach that lacked cohesion.  Trying to please too many people here.

In spite of all of the above. I have to declare this event a victory. This was a major personal and professional goal for me this year and I’m happy to have done it. I also learned a lot doing it. If you attended the event, I appreciate your coming and I hope you learned something.



 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn
No Comments  comments 

Auditing in SQL Server Slides and Sample Code

Thanks to everyone who attended my presentation today at the Information Security Summit. As promised, attached  is the slide deck and sample code. The sample code needs to be opened as a Solution inside of Management Studio.

 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn
No Comments  comments 

Information Security Summit PreCon

I will be teaching a one day Pre-Con session as part of the Information Security Summit 2014.  If you are a SQL Server DBA or Security Professional I urge you to check it out.

I have been a volunteer and supporter of the Information Security Summit for several years now. It is a good organization, run by good people, who want to do the right thing, and educate security professionals at a reasonable cost. Last year the event sold out at over 600 attendees over two days and was basically limited by building fire code. I predict this year will be pretty much the same.

So what about my Pre-Con? I have discussed SQL Server Security with some colleagues both on the SQL Server side and Security Professionals who all have indicated that there is a need for SQL Server Security education. Earlier this year I resolved to present a Pre-Con at the ISS. So my focus for the past 6 months has been building , researching and preparing to deliver the workshop.

Take a look at the outline. It’s SQL Server security content mainly aimed at Security Professionals and Practitioners in the context of Regulatory Compliance.  But if you are a Professional DBA, there will be lots of challenging material as well. In fact, I hope to pair up “teams” of Security Professionals and Database Administrators in the class to maximize learning opportunities and team building.

I hope to see you at the Pre-Con and if not, I will be presenting a session on Auditing in SQL Server on Friday October 31st at the ISS.



 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn
4 Comments  comments 

Dog Food Conference 2014 Call for Speakers

Published on June 10, 2014 by in DogFoodCon

Earlier in the year, I was invited to participate in the steering committee for Dog Food Con as a SQL/BI track owner.  This Microsoft technology focused event will be hosted at the Quest Conference Center in Columbus, Ohio on September 29-30, 2014. The event last year had 585 attendees over 2 days. We are targeting 800 attendees this year.

A few days ago, the Call for Speakers was announced. We are looking for abstracts on Microsoft technologies like Powershell, SQL Server / Business Intelligence, Windows 8.1, Hyper-V, Exchange, Sharepoint, Lync and many others.  Special topics we are hoping to have presenters on this year include:

  • Office on the iPad
  • Project Roslyn and .NET open source Foundation
  • Hosting DNN, WordPress, Linux,  or Oracle on Azure
  • GitHub integration with TFS

The call for speakers will be open until July 9. Speakers will be notified on July 14. Please consider submitting an abstract paper today.

 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn
No Comments  comments 

Akron AITP April Meeting Recap

Published on May 1, 2014 by in Uncategorized
  • Meeting began at 6PM. There was a little networking going on and we started a few minutes before 6:30. Food was typical fare, sandwiches, veggies and fruit.
  • Guest speaker was Keith Mayer, a technical evangelist for Microsoft. I’ve known Keith for a few years now so it was good to catch up a little.
  • Topic was DevOps with Azure. The promise of DevOps is to let IT pros into the Dev Circle, and also to let Devs into the IT Pro land, all in the name of delivering solutions to the business faster.  Cross pollination, I guess. But I’m skeptical. Sounds an awful lot like RAD (Rapid Application Development) from my college days. Keith did a good job with the content, although I’m not convinced Microsoft isn’t just hanging on to the next buzzword using that to push Azure.
  • Attendance was 16, a little down from last month, where it was somewhere north of 20 I think.
  • Areas to improve: The pre-meeting should be called out on the agenda, with an encouragement towards networking.  Maybe have the soft drinks out early and do a mini bingo card or something to encourage people to mingle.

On my way out, I heard that next month is Bob Coppedge speaking on Google Glass. Should be a good one, as Bob is always an entertaining speaker. Hope to see you then.

 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn
No Comments  comments 

Upcoming Events

I’ll be presenting at a couple of IT Pro events in the next couple of months: First, SQL Saturday Detroit on May 17th. This is their second event held in the Motor City. I was happy to attend last year and it’s great to be going back. I’ll be talking about Achieving Compliance in SQL Server. This is a new topic for me. I’ve long been interested in SQL Server security and hardening the database platform. In addition I feel there has been a long gap between the SQL Database world and the Security/GRC/Audit professional community. This is a kind of prelude to some additional talks I will be doing on this thread in the near future in an effort to help bridge that gap.

On June 7th I will be speaking at the Pittsburgh Techfest. This platform agnostic IT Pro event is coming back for a third year. I’ve attended it since it’s inception and it will be great to get back and see some old friends. I’ll be talking on Getting Started with Hadoop. This is a talk that I have been wanting to do for a while and I figured it would be a nice change from the usual SQL Server fare. I’m focusing on HDInsight Server (Hadoop on Azure) because I’m mainly a Microsoft guy so it makes the most sense. I’m planning on mentioning Hortonworks HDP 2.0 Hadoop for customers looking for an onsite install as well.
I hope to see you there if you are attending. Stop by my session and say Hi.

 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn
No Comments  comments 

Switch Upgrade

Published on March 13, 2014 by in Uncategorized


I recently undertook a project to upgrade my home network infrastructure. The existing core was a couple of old 3com 100Mbps hubs chained together, hardly an optimal setup. They had lasted many years and I decided to update to something more modern. I knew I wanted a 16 port Gigabit Ethernet (Gig-E). I shopped around some and got a little sticker shock when I started looking at managed switches. I wanted managed because was planning on handling iSCSI traffic. In the end, I decided on the unmanaged TP-LINK TL-SG1016 for around $75; with a smaller managed switch to come later dedicated to iSCSI traffic. As part of the project, I re-cabled all of the patch cables and made them nice and neat with wire ties. I’ve been very happy with the upgrade so far and have definitely noticed a speed improvement.

 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn
No Comments  comments 

SQL Saturday Cleveland Call for Speakers

Published on November 16, 2013 by in SQL Saturday

The call for speakers for our 3rd annual SQL Saturday in Cleveland remains open until December 10th. Checking the numbers this morning shows 44 sessions from 21 distinct speakers. There’s a good mix of local and regional/national speakers as well.

But we can do better. There’s a lot of interesting things that have not been submitted, like Hadoop and NoSQL topics for example. Have a professional development topic? Submit today. We had a PD track last year and it was pretty successful. I’d love to see it again. Are you a Sharepoint admin? Share your war stories with us!

If you need help with ideas or writing an abstract, please contact me and I’d be glad to help.

 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn
No Comments  comments 

SQL Saturday tip: Manually printing your SpeedPASS

Published on November 12, 2013 by in SQL Saturday

Manually print your SpeedPASSMost of the time when you sign up for a SQL Saturday, the event organizers will send out an email containing a link to your SpeedPASS. This is a pre-generated PDF that has your tickets and name tag. Just click on the link in the email and print it out.

If you register late or miss the email (sometimes it ends up in your spam folder), you can manually print your SpeedPASS:

– Login to the SQL Saturday site with your PASS login. Then click “View Profile” on the right.

– Scroll down to the bottom and locate the event you want. Then click the printer on the right.




 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn
No Comments  comments 

SQL Saturday Kalamazoo Recap

Published on November 4, 2013 by in SQL Saturday

I recently attended SQL Saturday #256 in Kalamazoo, MI.  I got the opportunity to go at the last minute due to some plans being reshuffled; so I eagerly signed up.  Oddly, this is my 2nd SQL Saturday event this year at which I did not speak. It gives you a different perspective on the day’s events. I definitely recommend trying it sometime, fellow speakers.

First off, I sat in Aaron Bertrand’s session on T-SQL: Bad Habits and Best Practices. I’ve been wanting to see this one for a while now and finally caught up with Aaron.  Next I attended Stacia Misner’s A Big Data Primer. Not very technical but a good perspective on the Big Data movement and where we may be headed. Afterward, I listened to Tamera Clark offer up good advice on SSRS Formatting Tips and Tricks.

After an excellent taco bar lunch, I sat in and listened to my friend Hope Foley speak on Server Side Performance Tuning. Lots of good advice and tips as well. Next up, Tim Ford on the Periodic Table of DMV’s: Collecting Baselines. Tim did an excellent job and I will be definitely be taking a look at his demo scripts. Finally, Karen Lopez and Joey D’Antoni presented on You wouldn’t let HR manage your databases for a great look at managing your career, recruiting, consulting, and insider tips.

I’d like to thank Josh Fennessy and his team of volunteers who did a really good job of organizing the event. Their experience clearly showed through.

 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn
1 Comment  comments