BK’s Professional Learning Plans for 2018 #tsql2sday

With 2018 coming, I’ve thought about the question, “What do I want to be when I grow up?” I ask this question every few years because it helps me develop a plan of attack with respect to learning and opportunities to pursue. As a result, this T-SQL Tuesday topic comes at exactly the right time.

Back on the Certification Train – IT Architecture

I maintain some legacy certifications, MCSE (NT 4 – yeah, I’m a grey beard) and Security+, and I have an on-going certification, CISA, that requires continuing education credit renewal. However, I’ve not working on any certifications in a while now. Within the IT architecture realm there are several certifications that are out there and they’re becoming more well known in the industry. So one of my focal areas will be preparing for those certifications.

However, there’s a difference between pursuing certifications to get the credentials and preparing for certifications to ensure you have the knowledge those certs are supposed to represent. I’ve always been a believer in the latter category and I tend to “over prepare” for the test because I care about the knowledge. I know this is the right way to go, so there’s a lot in this area alone I’ll need to work on. As with any infrastructure architect, I have areas of deep knowledge in particular segments of IT, however, it will be good to go back and fill in gaps and strengthen areas where I don’t know as much because it’s not an area I work with regularly.

Data Science

I was a physics and mathematics major as an undergraduate at The Citadel, the Military College of South Carolina. Before that, I went to a specialized magnet school for science and mathematics for high school, a school consider a “super school” here in the United States. As a result, the fundamentals of data science are something I’ve been working with for a long time, just not specific to business. You don’t face performing aerodynamic testing (high school) or trying to solve elemental abundance / nucleosynthesis questions (college) without having to do data science. We just didn’t call it data science. We considered a part of proper research. However, as a “separate” discipline, data science is an area I’ve always loved. Looking at data, understanding what it’s trying to tell us, and figuring out the patterns in it – those are things I’ve always loved doing. So naturally I’ll be working on the Data Science track from Microsoft. I’m about a third of the way done, so I’ve got a lot of work in the coming year.

Cloud Stuff

Not “star stuff,” but cloud stuff (physics pun intended). The majority of my experience has been with on premises solutions. While I understand the cloud solutions at the 10,000 foot level and I have a lot of experience in virtualization specifically along with some experience in Azure, none of it compares with what my on premises skill set looks like. The reality is that cloud isn’t going away, whether we’re talking private or public cloud offerings. Cloud offers the ability to get a jump start on delivering a product. That’s a compelling reason right there to pursue a solution using it for organizations. After all, the usual advice is to either be the first or the best in a space. But the reality is that if you’re first with a great story, it’s harder for anyone else to make a presence. It takes a lot more resources to do so. Therefore, I expect that the cloud trajectory is only going to continue upward.

Don’t get me wrong: there’s still a huge place for on premises solutions. That won’t be going away any time soon. However, most organizations of any size have moved to a hybrid approach. If you’re in the data field and you aren’t prepared or preparing for this, you’re making a huge gamble. Our data skill sets will always be useful. After all, we’re collecting more and more data each and every day. However, being able to apply the skill set to where the new technology is will be a determining factor for career/employment security.



Learning to Give Presentations Well (Part 3)

See Part 1 and Part 2.

Perfect Practice Makes Perfect

I can remember my Air Force ROTC class on communications skills where we had to put together a “talking paper” and give a presentation to the class. We were advised to practice with our peers before the class. Several folks did so, and still did poorly when it came time to give their presentations. Why? It’s because although they practiced, they didn’t practice “perfectly.” Let’s look into what that’s like.

Gather People You Know Will Give You the Truth

If you’re learning to present, you need to know what you’re doing right and what you’re doing wrong. The knowing wrong part is especially important because a lot of times we don’t realize we have a bad habit or issue and it takes someone pointing this out. When we start working with a new speaker in Toastmaster, the mentor should be available to help that person prepare for their icebreaker speech. Part of this is to give feedback before the actual presentation. Truth be told, some folks need several attempts to practice before they are ready even for that initial speech.

After the initial speech, and after every speech for that matter, in Toastmasters there’s an evaluator assigned. The evaluator talks about the good and the bad. Even great speeches have something about them which the speaker can improve upon. As a result, in good Toastmasters clubs, you’ll hear evaluators say things like, “It’s a great speech for all the reasons I’ve already given. If there is one thing you might be able to improve upon…” Obviously, if a talk needs a lot more than that, the evaluator may remark on a few things, but usually focuses down to one thing to work on for the next speech. When giving this feedback, the evaluator is supposed to be honest, but kind. The criticism is supposed to be constructive and encouraging.

If you’re preparing for a presentation, you want the same kind of feedback. Gather folks who will be honest with you, but in a constructive way. If it takes a few attempts to polish your talk, that’s okay. Listen to the feedback, think about how you might incorporate it, and try again. Each attempt to improve moves you towards that perfect practice.

Practice in Similar Conditions

If you’re giving a talk, practice with the conditions that you expect where you’re giving a talk. Have the lights dimmed. Have the projector going. Make sure someone’s running a clock to keep track of how long or how short your practice session goes. If you make a mistake or have a glitch with the demo, don’t stop unless it’s catastrophic. Instead, recover and continue. After all, such an issue might happen during your actual talk. Plan to have time for questions. Your “test viewers” should expect to give you a few.

Most of All, Practice

If you want to give a solid presentation, you have to practice your talk. I had a lot of experience talking and presenting. I was a drug/alcohol prevention specialist in college, I gave briefings to colonels and senior federal civilians my whole time in the Air Force, and I had taught Sunday school and led children’s ministry programs for years before I ever gave my first technical presentation at SQL Saturday Jacksonville. However, that first session I ran out of time. I was rushing the last part of my talk and there was no time for questions. Even though I was a practiced speaker, I wasn’t a practiced technical presenter. I learned from that experience and became a better presenter. However, I still attempt to practice, at least solo, before I give any talk. You’ll find the best speakers often practice a lot. That’s part of what makes them the best speakers. Don’t neglect practice!


Register for Red Gate’s SQL in the City

Aunt Kathi. Grant Fritchey. Steve Jones. They’re part of five hours of training on SQL Server performance and DevOps with the database in mind. And it’s free. And it’s on-line. I’m looking forward to this. If you’re not familiar with what I’m talking about, it’s Red Gate’s SQL in the City. When SQL in the City was first envisioned, Red Gate put on sessions at various physical locations. There’s a problem with that: a lot of folks couldn’t make the travel. So now it’s virtual.

So when is it? Wednesday, December 13, 2017. There are two time slots for the event (times in GMT): 11 AM and 6 PM. One of those times will hopefully work for you. Here’s how you get to attend:

Register for Red Gate’s SQL in the City

As a bonus, they’re throwing in Grant’s new eBook on execution plans when it’s released. Again, free.

Kalen Delaney’s Weekly Webinars

Anyone who has been working with SQL Server for any length of time should be aware of the name Kalen Delaney. She is one of the luminaries in our community. Therefore, the opportunity to learn from her is definitely one you should seize upon.

Back in September she began a weekly webcast. They are up on YouTube and there is a playlist for them all. Therefore, if you want to learn more about SQL Server, here you go:

DB Best Technologies – Kalen Delaney’s Weekly Webinar Playlist

The first webinar is elementary, about SQL Server metadata, but it ramps up. For instance, the last couple have been on physical storage. Definitely something for everyone.

Webinar: Understanding SQL Injection and Its Consequences

On Thursday, December 14, at 3 PM Eastern, I will be giving a presentation on SQL injection. Registration is required but otherwise the webinar is free:

Register for Webinar

This is put on by the MSSQLTips folks and we hope you’ll find it informative. If there’s anything specific you’d like me to cover, please comment on this post and I will see if I can work it in. 

Here is the abstract:

While we might wish SQL injection was no longer a problem in our industry, multiple large breaches in 2017 alone reveals that it still is a problem. The largest among them was the Equifax breach, for which security researchers found a number of vulnerabilities in public facing web sites, which included sites vulnerable to SQL injection attacks. 

In this webinar we’ll look at how a SQL injection attack works, what an attacker can gain using a SQL injection attack, and how we might prevent such an attack. 

We’ll also look beyond Microsoft SQL Server, since the best layer for an attack is any layer that processes the input. 

More Beginner / Fundamentals Content

Not surprisingly, there are folks who want beginner / fundamentals presentations and blog posts. 

I put up the poll based on a brief conversation on Twitter about some folks wanting more advanced content and complaining when beginner content was offered. I’ve heard the same comments when I ran a beginner track at two SQL Saturdays years ago. I also know that some organizers have asked speakers to speak on advanced topics and discourage submitting basic ones. However, based on this informal poll as well as the current results on one running at SQL Server Central, we’d best serve the community to make sure there’s plenty of the lower level content available. 

I realize that there’s a low number of votes currently for both polls, but what they do show is there is a need for this type of content.  The reason I put the poll up was to get more support for what I’ve seen empirically: the beginner track sessions are almost always near full. Others have commented on similar observations. Therefore, if you’re a blogger, consider posting more basic content. Organizers, don’t chase away fundamentals presentations, especially from established and accomplished speakers. 

MSSQLTips: Author and Rookie of the Year Voting

MSSQLTips has opened voting for the 2017 author and rookie of the year. 

Vote at MSSQLTips

I’m included as a candidate for author of the year so if my articles have helped you the most, please cast your vote for me. If not, choose the author whose articles have. 

Security Architecture: Knowing the Adversary

When I present or teach on a security topic, I take the time to cover the mindset of the adversary. There are a lot of maxims out there to “know thine enemy,” but here’s a good recent one that explains why:

“Unless you can think the way that an evil person thinks, then you’re defenseless against them, because they’ll go places you can’t imagine and then they win.” – Dr. Jordan Peterson

Dr. Peterson said this as he was talking on the Jocko Podcast, specifically episode 98.

The context of the quote was Dr. Peterson and Jocko were discussing a particular foreign affairs official. That official, after a horrific incident, stated he couldn’t think like people who committed the evil act. Peterson’s disagreed. His view is someone in that position had to be able to think like an evil person. Otherwise, such a person couldn’t adequately do the job because they would continue to lose.

The same is true in security. We can laboriously implement best practices and benchmarks but unless we can think like someone who seeks to actively do harm to us, we aren’t going to see the gaps. We aren’t going to see where the weaknesses are. Those gaps and weaknesses will be exploited. We will lose every time we come up against a motivated foe. Therefore, it’s not enough to know what safeguards you should put into place. It’s also critical that you think about how someone might bypass those protections or how they might exploit them.