Speaking at Charleston PASS on May 18, 2017

During the day of the 18th I’ll be at the Syntax Code and Craft Conference in Charleston, SC. That evening I’m stopping by Charleston PASS to visit and give a presentation.

Register for Charleston PASS’ May 18th Meeting

I’m stepping away from my comfort zone of security and presenting on an important topic I see getting less and less attention nowadays: data modeling.


Introduction to Data Modeling

Improperly built bridges and buildings fail and collapse. Improperly built database do, too. Unfortunately, database design is becoming a lost art, leading to issues with both performance and data integrity. In this presentation we’ll look at the keys to proper database design. We’ll start with requirements gathering. Then we’ll tackle the logical design of the database. We’ll consider entities, domains, relationships, and proper normalization. Finally, we’ll move on to discussing how to implement our design, specifically using SQL Server.


I hope to see you there!

Slides from 24 Hours of PASS – Data Security

As promised, here are my slides from the 24 Hours of PASS on Data Security:

S1 – Brian Kelley_WhatYouAbsolutelyMustKnowAboutSQLServerSecurity (.pptx – 733 KB)

S7 – Brian Kelley_ProtectingDataAcrossTheEnvironment (.pptx – 1.3 MB)

Thanks for those who attended!

Slides from SSWUG 2017 Spring Virtual Conference

As promised, here are the slides for my two presentations from SSWUG’s 2017 Spring Virtual Conference:

SSWUG_Spring_Building an Auditing Framework for SQL Server (.pptx – 152 KB)

SSWUG Spring Performing a SQL Server Security Risk Assessment (.pptx – 265 KB)

Thanks to those who attended!

Additional Presentation at 24 Hours of PASS

I’ve had another presentation added for the 24 Hours of PASS; this one is the first session of the line-up, 12:00 GMT on May 3, 2017. You can register for this session and any of the others at the registration link.

Here are the details about the added presentation:

What You Absolutely Must Know about SQL Server Security

There are so many security tips out there for SQL Server. Almost all of them are rated as a best practice. What do you listen to? What do you focus on? In this session we’ll break down what you absolutely must know about securing SQL Server. We’ll look at the things to look for within SQL Server, including some of the nooks and crannies an attacker might use but what are rarely audited. You’ll leave with a checklist of what to investigate on your own systems.

[Off-Topic] Dealing with Type 2

I had a brief conversation with Stuart Ainsworth yesterday over Facebook. In passing I mentioned that I was doing well managing blood sugar levels and he indicated he didn’t know I had been dealing with anything like that. It reminded me that I hadn’t said anything about being diagnosed with type 2 diabetes publicly. A few folks in the #SQLCommunity knew, but not a lot. So why this post?

I have found that like most things in our community, there are always folks who have been through it as well. and who are awesome supporters and encouragers. This time around it has been Kevin Kline, our Kevin Kline and not the actor (though the actor’s son has type 1). There are also encouragers who have been through or are dealing with something similar, like Mike Walsh. 

Also, I have seen a couple of folks talking on social media about watching carbs and the like and trying to avoid sliding into type 2. So this is a simple post to remind folks that our community is really awesome about supporting each other beyond SQL Server and technology. So definitely reach out. Someone has been where you are. 

For those who might be wondering how I’m doing, I’ve been diligent. When I was diagnosed, my A1C was 9.3. Since this my numbers have been 5.6, 5.2, and 5.2. That’s in the non-diabetic range for blood sugar level. However, it’s in that range because I am on Metformin, I watch what I eat, I have a plan for situations when I can’t control the meal or the timing, and I am more regular about my exercise. If I went back to my old habits, I’m sure I’d be up in the diabetic range again. 

Speaking at Syntax Code and Craft Conference 2017

On May 18, 2017, I’ll be giving a talk at the Syntax Code and Craft Conference in Charleston, SC. If you haven’t heard of this conference, it’s a 2-day affair primarily focused on developers. Here is my talk:



An app is a failure if it performs poorly despite a great UI. With applications relying on a database back-end, poorly written queries can wreck an otherwise outstanding application. This talk focuses on understanding how Microsoft SQL Server processes queries and what to look for to avoid poor performance.

Users want speed. Beautiful screens and an excellent user design experience are meaningless if a user has to wait too long to get the data. So what does it take to make queries scream in SQL Server? How do you get the data back faster? In this presentation we’ll look at the core rules and ideas for building well performing queries which you should be incorporating into your data design. We’ll consider the impact of non-SARGable predicates (WHERE clauses) and how this causes Row-By-Agonizing-Row table access and slow data retrievable. Throughout all of this we’ll be looking at execution plans and pick apart what they tell us in order to make the adjustments we need for better user satisfaction.


Since it is a physical conference, you can register to attend for one or both days. Here’s the registration link for the conference. Hope to see you there!

Speaking at the SSWUG 2017 Spring Virtual Conference

On May 2, 2017, I’ll be giving two talks at the SSWUG 2017 Virtual Conference. Here are the talks:


Building a Home Grown Auditing Infrastructure for SQL Server

Not everyone has the budget for 3rd party tools to provide audit / security information on their SQL Server environment. If you are in this situation, what do you need to build? What information should you be capturing in order to know what’s going on for each of your SQL Servers? How do you gather that information and store it? How do you report on it? In this presentation we’ll answer each of those questions, presenting options you can build yourself. We’ll look for the most efficient solutions because if you don’t have budget, you likely don’t have allocated time except for what you can carve out amidst your other responsibilities. Knowledge of T-SQL and Powershell is expected.

Performing a Risk Assessment for Your SQL Server Environment

You have SQL Servers you need to secure. But where do you start? In this presentation, we’ll look at how to do a security risk assessment on SQL Server. First we’ll start off with how to present your findings to management. What information do you need to give them? What will sway them to your side? We’ll then switch to the technical side and cover what to look at first: the issues that could lead to a server breach, data loss, and/or a system becoming unavailable due to mismanagement. Finally, we’ll discuss how to assess other problems you may find and how to rank and prioritize them.


You can register at the above link.

Previous Older Entries