Midlands PASS Meeting: 2016 SQL Server Security Refresher

The Midlands PASS Chapter will hold its next meeting on January 14, 2016 at Microstaff IT. We start the meet and greet at 5:30 PM and the main topic usually kicks off around 6 PM.

2016 SQL Server Security Refresher

Midlands PASS Chapter’s annual SQL Server security refresher! This is an open-ended discussing hosted by Data Platform MVP and resident SQL Server security expert, Brian Kelley. Bring your scenarios and questions and we’ll work through the best ways to build security solutions for and using Microsoft SQL Server.

You can RSVP here so we know how much food and refreshments to bring.

My Upcoming Speaking Engagements

March 4 – Charleston PASS, Charleston, SC

What Admins Absolutely Must Know About SQL Server Security

There are so many security tips out there for SQL Server. Almost all of them are rated as a best practice. What do you listen to? What do you focus on? In this session we’ll break down what you absolutely must know about securing SQL Server. We’ll look at the things to look for within SQL Server, including some of the nooks and crannies an attacker might use but what are rarely audited. You’ll leave with a checklist of what to investigate and a set of scripts to run on your own systems.

Register Here

March 12 – Webinar with MSSQLTips.com

SQL Server backup automation and best practices

Join us for this webcast to learn about best practices for backing up your SQL Server databases along with things you can automate to reduce your workload.

Having proper backups for your SQL Server databases is your last line of defense when things go wrong. Database backups are rarely used to restore a production database, but when they are needed, having a solid plan is paramount.

In this webcast we will cover:

  • The types of backups to setup for your databases
  • Proper database settings for backups
  • Protecting database backups
  • Backing up system databases
  • Automating backups with SQL Agent and other scheduling tools
  • Automating checks to ensure backups are successful
  • Setting up alerts and notifications for backup failures
  • and more

Register Here

March 12 – Midlands PASS, Columbia, SC

What Developers Absolutely Must Know About SQL Server Security

There are so many security tips out there for SQL Server. Almost all of them are rated as a best practice.What do you listen to? What do you focus on? In this session we’ll break down what you absolutely must know about building secure database using SQL Server. We’ll look at the SQL Server securables model, how you can simplify your security model using patterns and models you are already familiar with, how roles can be used to aggregate security cleanly, and how to put in triggers and other mechanisms to try and protect your databases from attack.

Register Here

Four Things PASS gets Right

PASS has taken a lot of heat recently. A few folks have pointed out that you only seem to hear when people are upset at PASS at something. So here’s my take on what PASS has done correctly.

The Summit

The Summit is a premier conference for SQL Server professionals. How do I know? Watch all the griping when speaker announcements are made. A lot of folks want to speak at the conference because they perceive it to have a lot of value. A lot of folks attend the conference because they perceive it to have a lot of value. A lot of value + financially affordable to PASS = premier conference.

Virtual Chapters

Virtual Chapters are awesome. Look at how many there are and how much FREE training they provide to the community. Yes, they are staffed by volunteers, however, they are still under the PASS umbrella.

Chapter Tools

First, there’s the free web hosting. It’s been around for a while. Yes, it’s DotNetNuke, but the templates are simple and workable for a chapter.

Second, there is the automated mailing. This allows a chapter leader to get the news out without having to go to MailChimp or some other resource. Also, as folks sign up at the chapter website, they are automatically added to the distro list. Easy all around.

Third, PASS has built the integrated events module. You set up the event details under the PASS Chapter tools and if you’re website is configured, the details automatically appear on your chapter homepage. In addition, the event details appear in the PASS master list of events. You don’t have to go to multiple places to get the word out.

The 24 Hours of PASS

More FREE training. And if you can’t stay around for the whole 24 hours, don’t worry, sessions are recorded and eventually available on-line.

Still a Need for a SQL Server Specific Organization

If you haven’t already, please read Denise McInerney’s post about why PASS no longer stands for the Professional Association for SQL Server.

The Growth of an Organization

If you’ve been involved with PASS lately, you’ve probably seen this change coming. When I read the post, I wasn’t surprised. PASS wants to grow. One area of growth is in data analytics and there’s a lot of non-Microsoft technologies out there in that space. There are a few non-SQL Server technologies belonging to Microsoft in that space, too. Therefore, at least for me, the change was expected.

Do I think PASS will be fine? I do. I think it’ll embrace the change and it’ll grow and things will continue to expand with regards to the organization. Am I disappointed? I am.  I’m not the only one.

The Need for a SQL Server Specific Organization

I am not disappointed because the organization is growing and expanding to encompass more people. I think that’s great. I think PASS, with its new mission and expanded focus, fills a need.

I am disappointed because there will no longer be a SQL Server-specific (or even centric) organization and I think there’s a need for that. SQL Server itself continues to get bigger and there’s a lot of folks using it. Therefore, I think an organization that supports the growth of the SQL Server community is a needed one. It’s not just about job security. As an infrastructure and security architect I work with a lot of different technologies. I learn about far more. If you aren’t already doing this, you should be. Don’t get tied to one technology. With that said, if a particular technology continually makes your job easier and helps you “ship,” by all means champion it.

Going Forward

I still love Microsoft SQL Server. I love a lot of the roadmap I see going forward. Look at the feature set for SQL Server 2014, for instance. Think through how and where you could use some of those technologies. Because of this, I think SQL Server is going to continue to grow and flourish. Because of this, I’d like to see a new, SQL Server specific organization come into being. However, as Grant points out, it does need to do a better job of making itself known. What Grant expresses from his own experience is what I’ve seen as well when I step away from the formerly Professional Association for SQL Server events that I have participated in. When I spoke at code camps, for instance, few in my sessions knew about PASS. I found the same thing to be true at many developer user groups as well. In the IT auditor community, it seemed like no one had heard of PASS. So if a new organization does rise up, it needs to get its name out there. The more involvement, the more recognition, the better.

Should the organization be about the big events? I don’t think so, at least, not as a focal area. There’s a lot of opportunities at the grassroots level. I’m not just thinking about user groups and the equivalent of SQL Saturdays. I’m also thinking about code camps and non-SQL Server-specific conferences where SQL Server is still a heavily leveraged technology. I think learning, networking, and occupation growth would function better at a more organic level. But maybe that’s just me. Big conferences are great, but they shouldn’t be the focus.

In Conclusion (or, the TL;DR version):

I wish PASS well in its “new” direction. I’ll be a part of it where I fit in. I also want to see a SQL Server-specific organization be founded. I’d definitely be a part of that. Regardless of whether or not that organization comes into being, we should continue to network, continue to teach, continue to learn, and continue to work together as a community.

 

Midlands PASS July Meeting – July 10

The Midlands PASS Chapter will hold its next meeting on July 10. We meet at MicroStaff IT in Cayce, SC. Here is the main presentation:

Statistics, Indexes, and their Impact

Speaker: Brian Kelley, SQL Server MVP

Statistics. Indexes. Clustered Indexes. Non-Clustered Indexes. Covering Indexes. Bookmark Lookups. Perhaps you’ve heard these terms. They determine how well or poorly your queries run. In this session, we’ll look at what these things are, how they impact your queries, what to do to maximize their use, and when you should consider making changes.

This is a 100-200 level presentation.

You can RSVP for the meeting (it helps us plan for food) at the EventBrite Event Page for this meeting.

 

PASS Summit Session Selection

Let’s make it democratic. Let’s ensure we get solid sessions from key people. And let’s save a ton of work in the process.

Spotlight Sessions:

There are certain folks that are extremely knowledgeable in their areas of expertise. They also happen to be excellent presenters. Have the spotlight sessions and invite them to present a talk. Limit the number of these, obviously. However, this ensures top speakers are presenting.

Let the Community vote:

Since folks had to update their community profiles in order to participate in the voting, let’s go down that road, except for session selection. It doesn’t matter if it’s a pre-con, a regular session, or a lightning talk. Put the abstracts up, complete with who is giving them, and give the community a chance to vote on a particular number. Perhaps for each track you get to vote for your top 10.

Does this skew things in favor of those who are more popularly known? Yes. But it also means the community is seeing who they want. So what about those who don’t have as solid a reputation? Let them build a reputation via the following:

  • local user groups
  • SQL Saturdays
  • virtual chapters

That’s what’s effectively being done by having a speaker rating score, anyway.

Set the deadline, tabulate the votes, and then take the top presentations per track and schedule them.

What if there’s a tie? Use a random number generator to make the selection.

But what if there are too many tracks?

Limit the number of submissions. Perhaps:

  • 1 pre-con
  • 2 regular session talks
  • 2 lightning session talks

Speakers try to game the system today because they don’t know what the selection committee for the Summit or for a particular SQL Saturday will want. So they submit more sessions than they actually want to give. Limit the # of submissions. What about panels? If the panel discussion is that important to you, then it takes one of your slots. No apologies, because you know that ahead of time. This causes a speaker to focus on what topics he or she really want to speak on and think will go over with the audience.

Will there be issues?

Of course there will. But this is more transparent than having selection committees behind the scenes. PASS, after all, is a community organization. It also eliminates any board influence (and there has been board influence in the past). So let’s keep this simple.

But that’s not how XYZ Conference does it!

No, it’s not. But XYZ Conference is probably not run by a community organization. If it is, perhaps they should follow the same model.

The Scary DBA Comes to Columbia, SC

Grant Fritchey*sound of glass crashing* *cue theme music*

(in a wrestling announcer’s shocked voice) “It can’t be! He’s not supposed to be here! It’s the Scary DBA! What’s he doing here!”

That’s right, folks, SQL Server MVP Grant Fritchey (blog | twitter) will be coming to speak in Columbia, SC on May 22, 2014. You can register to attend (free) here:

Midlands PASS – May 22nd Meeting with Grant Fritchey

Here is what Grant will be talking about:

Building a Database Deployment Pipeline

The pace of business accelerates fairly continuously and application development moves right with it. But we’re still trying to deploy databases the same way we did 10 years ago. This session addresses the need for changes in organizational structure, process and technology necessary to arrive at a nimble, fast, automatable and continuous database deployment process. We’ll use actual customer case studies to illustrate both the common methods and the unique context that led to a continuous delivery process that is best described as a pipeline. You will learn how to customize common practices and tool sets to build a database deployment pipeline unique to your environment in order to speed your own database delivery while still protecting your organization’s most valuable asset, it’s data.

 

If you are closer to Raleigh or Charlotte, Grant will also be appearing in those venues. You can find details about those visits at the Charlotte SQL Server user group site.

 

Previous Older Entries