SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

Spotlight on SQL Server - Raul Garcia

By Steve Jones,

Welcome to the Spotlight Behind SQL Server, a new series from SQLServerCentral.com. As we've grown and spent more time covering SQL Server, we've slowly gained a number of contacts inside Microsoft, including those that develop the product. And we decided to try and interview the SQL Server people inside Microsoft. There are lots of people working on SQL Server 2005 and our goal to is to eventually get to them all.

We know that there are lots of technical things we could ask, and lots of easy marketing questions we could get from them, but you probably read most of those questions elsewhere. So we thought we'd make them think a bit more and get some interviews that showcased the people behind SQL Server. To that end, these interviews will be a little bit different and give you a look at the amazing team that builds SQL Server.

We caught up with Raul Garcia after reading his wonderful blog on MSDN. He was kind enough to give us a few minutes.

SSC : What's your official title and responsibility at Microsoft?

Raul : I am a software design engineer in testing for the SQL Server Engine, to be more specific, for the SQL Server Engine Security team. I am part of the team responsible for testing the security infrastructure in SQL Server engine; we work in features such as execution context switch, encryption, module signatures, authentication, authorization, password policy and SQL Express RANU. Besides testing the security infrastructure features, I am also deeply involved in pen-testing SQL Server and helping in the review of other features from the security point of view.

SSC : What feature(s) of SQL Server 2005 did you really enjoy working on?

Raul : My favorite feature in SQL Server 2005 is module signature. It is a superb and solid feature that opened the possibility of unique scenarios that would otherwise require granting excessive trust to some otherwise low-privileged principal, or creating a set of permission too granular to be manageable (not to mention that I love crypto).

SSC : It seems the security paradigm changed quite a bit with SQL Server 2005. Do you think we'll see more issues because people do not fully understand the new model?

Raul : Yes, in part I think this is the right moment for a paradigm shift in security. Never before security was so important, not only for Microsoft, but for all our customers, and the SQL Server 2000 model was starting to show its age.

The security infrastructure has changed a lot in SQL Server 2005. Now we have a much richer and granular set of functionality, small changes in behavior of existing features to favor security, and new really interesting features that will hopefully trigger a paradigm shift where developers will be able to design and write secure applications.

I truly hope the model has not changed that much that people will find it too difficult to get used to it. I really feel happy to see people getting interested in security and in security features such as encryption and digital signatures.

The challenge for us now is to continue improving the new model and make it easier to use and to expand it to fit the new needs that will arise.I really want to encourage anyone facing a security problem, or anyone who just want to ask a question or share some comments in the new security model to post it in the MSDN SQL Server security forum, we will be really glad to help and to hear back from you. Also, please feel free to send me any question and feedback on my blog (http://blogs.msdn.com/raulga/), I will be glad to hear back from you and help whenever I can.

SSC : Favorite encryption algorithm? (and why)

Raul : XOR!!!(I couldn't resist it)... My favorite ones are public key algorithms in general, to be more specific RSA. I know it is not the best algorithm for encrypting your data, theoretically speaking these algorithms have not been proven to be mathematically secure, and they are orders of magnitude slower than symmetric key algorithms; but it is the concept of asymmetric encryption that is fascinating as well as all the applications that they can enable, such as binding public key with identities, digital signatures, etc.

SSC : Do you get to take any of the SQL Server code home? Is it encrypted?

Raul : No, I don't keep the product code on my laptop, not even portions of the code. I only carry with me testing code and specs, and I always encrypt important documents such as specs and some dangerous testing code using EFS.

SSC : Give us a little background on yourself, how did you get into computers?

Raul : I was around 10 years old when my dad bought an old computer for his business; it was a very simple machine with no HD, one 5 1/4 FDD and a minuscule monochromatic monitor. I was really impressed by that machine, but I wasn't really allowed to use it without my dad's supervision (and obviously I couldn't really "play" with it).

As a high school freshman I had a chance for the first time to use what I would call a real computer, and I admit that I was really excited about it! I learn how to write some simple code and manipulate the computer beyond what my school typically allowed (I even got my access to the machines revoked a couple of times for modifying the boot scripts of these machines).

Between high school and Colleague, I started spending a lot of time just playing and learning more on my own beyond my regular courses. Eventually I joined a group of friends who were also interested in computers, a few of them worked at school, and soon we were all working in the computer labs at school, helping to answer questions, reinstalling machines, etc. This gave a chance to experiment with different OS, different architectures and eventually introduced me to the wild world of computer security.

SSC : Where did you attend college and what was your degree/major/concentration?

Raul : Instituto Tecnologico y de Estudios Superiores de Monterrey, Campus Estado de Mexico (ITESM-CEM), in Mexico. Bachelor of Computer Science.

SSC : Did you see yourself as a programmer/developer when you were growing up?

Raul : No, when I was a little kid I wanted to be a plastic artist (seriously) and a doctor. When I was around 10 or 12 years old I wanted to become a scientist (I was interested in zoology, especially animal physiology) I read dozens of books on the topic, and I still conserve all these books at home in Mexico City. It was close to my last year of high school when I decided I wanted to be a programmer.

SSC : How did you get to Redmond from Mexico City?

Raul : I was working in security at the University (ITESM), I was a teacher assistant in the security course and helping as a penetration tester. Then I was recruited by a VA based company as a developer where I stayed for 4 years, working mostly on protocols and binary file manipulations.

Fortunately, I had an opportunity to get an interview at Microsoft and I decided to give it a try; when Microsoft offered me a position as a security tester I didn't think twice and accepted immediately... and here I am.

SSC : How do you like living in Redmond?

Raul : I like it a lot. The people in this area is fun and open minded, summers in the area are awesome (winters not so good, but not too bad either) and there are trees everywhere!

SSC : So do you get to take a siesta every day?

Raul : I wish! Unfortunately I cannot sleep if I am thinking about some problem or working on something interesting. I need to be relaxed if I want to sleep in the middle of the day. Usually I only take a nap during the weekends, after a nice walk while listening to music.

I can also fall asleep quite easily in any moving vehicle, especially if it is a bus or an airplane.

SSC : Who's the most fun to work with at Microsoft?

Raul : My whole team is great! We work hard, but we also have good times. Special mention to Tanmoy Dutta and Laurentiu Cristofor.

SSC : We've all heard stories of some characters at Microsoft. Any interesting ones that stunned you or surprised you when you first went to work in Redmond?

Raul : You mean besides me? You should have seen me last year when I didn't cut my hair for a little more than one year. Add 4 days without shaving, a black T-shirt and a gray zip-up "hoodie"... I looked really "interesting", and according to the passengers of a Mexico City bus I rode last December, I even looked scary.

SSC : What's your current favorite tech gadget?

Raul : My Xbox360... I am a videogame fan.

SSC : What's do you enjoy playing on the XBOX?

Raul : My Favorite 360 games are "Final Fantasy XI" and "The Elder Scrolls IV: Oblivion", as you can see I am a big RPG fan. For the original Xbox, my favorite game is "Ninja Gaiden Black", a quite challenging and fun game.

SSC : What does Raul like to do when he's not working on SQL Server?

Raul : Outside the office you will probably find me listening to music (classical music and heavy metal), playing videogames, watching a movie, reading a book (most of the time while drinking a cup of coffee), cooking (believe it or not I am a good cook), working on my garden, going out for a walk or sleeping under the shade of a tree (only if it is not raining), aAnd photography.

I shoot a lot of pictures, especially if it is an event such as my friends' weddings (My record is more than 160 pictures in one night). The funny thing is that right now I own 2 completely manual cameras but I have no digital ones; I gave my digital SLR to my dad as a gift last time I visited him. (One of Raul's pictures is above)

SSC : Best dish you cook?

Raul : My favorites are chicken in chipotle cream and spaghetti a la Carbonara; and my friends' favorite are butter cookies... they are pure evil!

SSC : Condolences for Mexico getting knocked out, but who's going to win the World Cup?

Raul : Thanks a lot... yes, we lost (sob)! But at least it was a great game, and Rodriguez's goal during the overtime was simply spectacular!!!

I really wish Mexico's team would always play like they did that day! They can really play great football (soccer) when they are decided, but unfortunately they are not always as motivated or focused as they should... Better luck next time, and remember team, "si se puede"!

Congratulations to Argentina, they really deserved to pass to the next round! Now that Mexico is out, my favorite team is Brazil! Go for the sixth championship!!! Good luck to all the remaining teams, give your best. I am really looking forward the following games, I am sure they will be great!

SSC : Will we see you at the PASS Summit this November?

Raul : This will be the first time I attend the PASS, but unfortunately I am not scheduled as a speaker. I am not sure how PASS works, but I will probably attend to the sessions, and if there is an opportunity, I will be really happy to have a chance to meet with other attendees and answer questions.

Total article views: 3907 | Views in the last 30 days: 2
Related Articles

SQL Server 2012 (“Denali”): New Security Features

SQL Server 2012 has many new security features, and three of the bigger new features are: Default Sc...


Webinar Followup: New Security Features in SQL Server 2016

I recently presented a free webinar for Pragmatic Works where I discussed new security features in S...


We Really Need Better Security

Some disturbing security issues reported this week.


Your Favorite Feature that Needs Work

This week Steve Jones asks what parts of SQL Server would you improve and why.


SQL Server Features

SQL Server Features Implemented