Let’s Call It What It Is: Complexity Debt

Technical debt get deprioritized too often because business sees the word, “technical.” It doesn’t matter what the true meaning is. And it’s a big problem. It really needs proper governance to make it a priority.

“Lack of governance over technical debt is also a problem.”

Michelle Leroux Bustamante, .NET Rocks!

Reading through The Unicorn Project, which is a newly released companion to The Phoenix Project, I came across this great nugget that might help others view technical debt properly.

“I’ve started calling all of these things ‘complexity debt,’ because they’re not just technical issues—they’re business issues. And it’s always a choice,” he says. “You can choose to build new features or you can choose to pay down complexity debt.”

Gene Kim, The Unicorn Project

Yes! When we replace the word “technical” with “complexity” we reframe the discussion. That may help discussions about what to prioritize and getting what we call technical debt paid off in a more timely fashion.

Midlands PASS: SQL Server Security Basics

Midlands PASS (Columbia, SC) will be meeting on March 3, 2020, for our monthly user meeting. We’ve been on hiatus since the holidays but we should be meeting regularly again for the rest of the year. The typical schedule (all times are Eastern):

  • 5:30 – 6:00 PM: Meet and Greet / Networking
  • 6:00 – 7:15 PM: Main Talk
  • 7:15 – 7:30 PM: Prizes (if we have any) / Networking

RSVP Link for the March 2020 Meeting: https://www.eventbrite.com/e/sql-server-security-basics-tickets-97152292121

This month I’ll be speaking. Here’s the talk:

SQL Server Security Basics

What do you need to know to work with SQL Server security properly? In this talk, we’ll look at the must knows. We will start with how a person or application connects to SQL Server and the types of authentication SQL Server provides. We will then look at the hierarchical security model SQL Server implements and how this flows down from server all the way down to tables, views, and stored procedures. Afterwards, we will discuss particular security roles which allows access without explicit permissions. Finally, we will look at ownership chaining and how that can also allow a user access to an object because of a reference from a different object.

Renewed as a Friend of Red Gate

I recently received the news that I’ve been renewed as a Friend of Red Gate. I’ve been a big fan of Red Gate since the days when SQL Compare first debuted. Tremendous tools are not the best asset, though. If you weren’t aware, the people are. Most folks are familiar with the more well known SQL luminaries like Grant Fritchey, Steve Jones, Kathi Kellenberger, and Kendra Little. However, everyone I’ve interacted with in the organization have been great.

 

SheLeadsTech Webinar: Braving the Wilderness of Cybersecurity

ISACA has a SheLeadsTech webinar for tomorrow, February 25, 2020 titled Braving the Wilderness of Cybersecurity.

Registration Link: https://www.isaca.org/education/online-events/lms_w022520

If you can’t make the talk, ISACA archives all webinars for one year.

Here’s the information on the talk:

Braving the Wilderness of Cybersecurity

Cybersecurity is one of the most exciting and most challenging career paths you can take. No matter your gender, your age or your experience, there will always be a time when you will feel like you don’t belong, and you are all alone in the middle of the wilderness.

In this webinar we will discuss how you can be brave through those times and what are the key values that will help you succeed and have a thriving cybersecurity career.

Speaker: Enkeleda Ibrahimi

Senior Security Consultant at KPMG, Founder & Community Architect at MeetCyber, IoT Security Enthusiast

Enkeleda is a senior cybersecurity consultant, with over 6 years of experience in different corporations like Vodafone, KPMG, PwC, and more. She is also the founder of MeetCyber, a global network of professionals who are passionate about cybersecurity. Enkeleda holds a master’s degree in Information Security from Stockholm University, is a certified ISO27001 lead implementer and co-author of several research papers in biometrics security and security governance. She was named one of top 50 European Women of Influence in Cybersecurity for 2019 by SC Media UK.

[Cross post] Innovating Yourself as an IS Auditor

This is also posted to the ISACA Journal blog, Practically Speaking:

As new technologies are developed, we have to stay up to date with them. More so than almost any other practitioner interfacing with information technology, auditors have to work hard at continual education. It is not just the technology, though. We are also seeing orders of magnitude more data. More data to process means we have to be more efficient at sifting through those data to ensure we can protect our organizations. So how do we stay up with what is current?

First and foremost, we need to use technology for our benefit when we can. Data is a big deal, but as it has exploded, it is a big deal for just about everyone. That means companies are investing a lot of capital in developing systems to handle the reams and reams of information we have at our fingertips. These systems are able to spot trends and exceptions both. Why should these solutions be limited just to the folks doing financial forecasting? We can use them, too. That is a key attitude for us to take: When technology helps us, we have to come up to speed on it and leverage it for all its worth.

Second, speaking of learning new technology, we are being exposed to new ideas, new protocols and new standards all the time. We have to set aside the time to understand all of these new things. It is not practical to try to learn any of them in great detail. However, we have to understand them well enough to understand what they provide, where they have issues and what they should actually be used for. If we are relying on what we learned just 5 years ago, some of our knowledge is already out of date.

Finally, we have to understand that with the changes we have in technology, whole disciplines may be completely upended. I can remember a time when organizations were on the Internet and firewalls were a very uncommon thing. Now we are in an era where we know the firewall is not enough. These concepts are more abstract than a protocol definition. However, it is just as important that we stay up-to-date in these concepts as well.

All of this adds up to continually innovating yourself to maintain your knowledge and skills. The good news is that if you keep up, you will never be bored. Technology is changing at a break neck pace. There is always something new to learn and pick apart!

Read related Journal article:

Innovation Governance: Innovate Yourself—Using Innovation to Overcome Auditing Challenges,” ISACA Journal, volume 6, 2019.  (requires access to ISACA Journal via ISACA membership)

Azure – BGP Community for Application Insights (Need Votes)

Working with Microsoft, we determined that there is no BGP community for Azure’s Application Insights. As a result, I’ve created a feedback request for Microsoft to consider doing just that.

Without this BGP community, you can’t route all Application Insights traffic across an ExpressRoute connection without routing for the entire region, something you may not want to do. Other offerings do have their communities, and I mention a few in the feedback request.

Some may ask, “What’s the risk?” Yes, the connection to Application Insights is encrypted. So it’s not so much about a security risk unless you have compliance requirements to keep traffic contained. Really, the risk is more about performance. For instance, we observed that when Application Insights routes over the Internet, sometimes the path chosen is less than ideal because a different region ends up being routed to based on DNS resolution. For instance, Microsoft observed cases where Application Insights traffic did not go to IPs within the region where Application Insight resources are provisioned (such as to West US when Application Insights was provisioned to Central US).

Feedback Request: Add BGP community for api.applicationinsights.io (Please upvote)

 

Personal Goal Accomplished: Speaking at the PASS Summit

I mentioned on twitter that a family tragedy about a decade ago had resulted in a false start with respect to this goal:

Ten years ago, we were expecting a baby, our fourth. Then an ultrasound revealed that we were having twins. Because we had “MoMo” twins, we immediately moved into the high risk category and that meant an appointment with specialists. Sadly, at that appointment we received devastating news: our twins had passed. If you’ve lost a child to miscarriage, you understand how painful and shattering that is. As the father, it tore my heart in two. The reality, though, is that it’s always worse for the mother. As the father, it took a long time before it was something I could fully come to terms with. I stand by the statement that it’s always worse for the mother. Anything can spark a grief reaction again, even many years afterwards. I’ve seen it with my wife and others I’ve talked to have shared the same thing.

Needless to say, this has always been in the background with me attempting to get back to PASS. There have been other, more prominent reasons. But the loss of the twins so close to going to a PASS Summit always held me in its grasp. A decade is a long time. Though I had faced my grief, our loss still affected me. As a result, when I applied again to speak at PASS, my wife and I talked. It was important for me to try and move forward here. So with much trepidation I made the journey, spoke today, and am glad for it.

So why do I share this? Kevin Kline gave a talk about how much of a family the SQL Server community is. It truly is. Members of the community helped me face my grief. Folks who had been through it, too. And they’ve been supportive over the years. If you’re dealing with something non-technical, chances are someone else in the community has dealt with it or is dealing with it, too. And you might be surprised how quickly they are to walk alongside of you if they just knew. We aren’t just here to help each other technically. We’re here to help each other, no predicate applied.

Previous Older Entries Next Newer Entries