-->
SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 

Databases – Infrastructure – Security

Brian Kelley is an author, columnist, and Microsoft SQL Server MVP focusing primarily on SQL Server security. He is a contributing author for How to Cheat at Securing SQL Server 2005 (Syngress), Professional SQL Server 2008 Administration (Wrox), and Introduction to SQL Server (Texas Publishing). Brian currently serves as an infrastructure and security architect. He has also served as a senior Microsoft SQL Server DBA, database architect, developer, and incident response team lead.

Settings Goals Professionally

I was reminded of this topic after yesterday’s #SQLChat. Have you set professional goals for yourself? If so, have you set them professionally? What do I mean?

There’s a difference between a wish and a goal. A wish is something we want to happen but we don’t make any effort… Read more

0 comments, 1,599 reads

Posted in Databases – Infrastructure – Security on 8 February 2018

Tinker as You Learn

In recent weeks I’ve seen my brother from another mother, Andy Leonard (twitter | blog), write or post about his learning activities. In one case he remarked that he liked it when he went to complete a learning lab exercise and it didn’t work as expected the first… Read more

0 comments, 1,634 reads

Posted in Databases – Infrastructure – Security on 24 January 2018

WIT: A Quick Thought

I recently had the opportunity to be a Dungeon Master (DM) at a gaming convention. It was my first time. I loved it. So what does that have to do with Women in Technology (WIT)?


The young lady standing up also DMed her first convention. She’s my daughter and she’s… Read more

3 comments, 1,238 reads

Posted in Databases – Infrastructure – Security on 22 January 2018

DevOps Does Not Make Admins Obsolete

As a follow up to my tweet, I stand by my belief that DevOps does not make administrators obsolete. I include Database Administrators in my statement. The core point of embracing DevOps is to determine what is repeatable and see if you can automate it. Why?

  • You’re trying to move…

Read more

0 comments, 840 reads

Posted in Databases – Infrastructure – Security on 3 January 2018

BK’s Professional Learning Plans for 2018 #tsql2sday

With 2018 coming, I’ve thought about the question, “What do I want to be when I grow up?” I ask this question every few years because it helps me develop a plan of attack with respect to learning and opportunities to pursue. As a result, this T-SQL Tuesday topic comes… Read more

1 comments, 1,132 reads

Posted in Databases – Infrastructure – Security on 12 December 2017

Learning to Give Presentations Well (Part 3)

See Part 1 and Part 2.

Perfect Practice Makes Perfect

I can remember my Air Force ROTC class on communications skills where we had to put together a “talking paper” and give a presentation to the class. We were advised to practice with our peers before the… Read more

0 comments, 1,205 reads

Posted in Databases – Infrastructure – Security on 11 December 2017

Register for Red Gate’s SQL in the City

Aunt Kathi. Grant Fritchey. Steve Jones. They’re part of five hours of training on SQL Server performance and DevOps with the database in mind. And it’s free. And it’s on-line. I’m looking forward to this. If you’re not familiar with what I’m talking about, it’s Red Gate’s SQL in the… Read more

0 comments, 221 reads

Posted in Databases – Infrastructure – Security on 8 December 2017

Kalen Delaney’s Weekly Webinars

Anyone who has been working with SQL Server for any length of time should be aware of the name Kalen Delaney. She is one of the luminaries in our community. Therefore, the opportunity to learn from her is definitely one you should seize upon.

Back in September she began a… Read more

0 comments, 177 reads

Posted in Databases – Infrastructure – Security on 7 December 2017

Webinar: Understanding SQL Injection and Its Consequences

On Thursday, December 14, at 3 PM Eastern, I will be giving a presentation on SQL injection. Registration is required but otherwise the webinar is free:

Register for Webinar

This is put on by the MSSQLTips folks and we hope you’ll find it informative. If there’s anything specific you’d like… Read more

0 comments, 296 reads

Posted in Databases – Infrastructure – Security on 6 December 2017

More Beginner / Fundamentals Content

Not surprisingly, there are folks who want beginner / fundamentals presentations and blog posts. 



I put up the poll based on a brief conversation on Twitter about some folks wanting more advanced content and complaining when beginner content was offered. I’ve heard the same comments when I ran a beginner… Read more

2 comments, 1,600 reads

Posted in Databases – Infrastructure – Security on 5 December 2017

Security Architecture: Knowing the Adversary

When I present or teach on a security topic, I take the time to cover the mindset of the adversary. There are a lot of maxims out there to “know thine enemy,” but here’s a good recent one that explains why:

“Unless you can think the way that an evil…

Read more

6 comments, 1,512 reads

Posted in Databases – Infrastructure – Security on 4 December 2017

Geek Sync Recording: Taking Control of Your SQL Server Sprawl

Back in July, I gave a webcast for Idera’s Geek Sync. They’ve published the recording. You can find it here:

Take Control of Your Organization’s SQL Server Sprawl

It’s about an hour long and it focuses on automation, setting up sized templates for servers, pushing and enforcing OS settings using… Read more

0 comments, 280 reads

Posted in Databases – Infrastructure – Security on 17 November 2017

Learning to Give Presentations Well (Part 2)

Presentation Zen cover

In Part 1, I gave some advice from Toastmasters. We’ll return to the Toastmasters advice in Part 3. In Part 2 we’re going to look at recommendations from Garr Reynolds. You can find this advice and more in Presentation Zen, which I found to… Read more

1 comments, 253 reads

Posted in Databases – Infrastructure – Security on 15 November 2017

Learning to Give Presentations Well (Part 1)

I’ve given technical presentations for years. I’ve also taught in churches and youth groups years before that. For me, speaking in public isn’t a big deal. However, I know that when someone is first starting out, it can be a challenging experience. Even though I felt comfortable speaking in public,… Read more

2 comments, 1,338 reads

Posted in Databases – Infrastructure – Security on 6 November 2017

If You’re Stuck at Home for the PASS Summit

Conferences are a great place to network, to see new technologies or to see existing technologies being used in new ways, or just to get away the day-to-day work. You may love your job, but having a break to refresh and re-focus is certainly good, too. So what if you… Read more

1 comments, 402 reads

Posted in Databases – Infrastructure – Security on 30 October 2017

Don’t “Test” Against Production

A few months ago, I was participating in a threat hunting exercise on the security side. The gentleman leading the exercise was discussing some scans to run. However, before we did anything, he made sure to state that we should run against a non-production environment first. Apparently, some of his… Read more

0 comments, 1,873 reads

Posted in Databases – Infrastructure – Security on 18 October 2017

Automating Everything with PowerShell – Getting Started #tsql2sday

I try to automate everything I can with PowerShell. Whether we’re talking SQL Server, WSUS, Active Directory, or any other product with active support in PowerShell, I try to write scripts to do everything. I believe in the old proviso that good engineers are lazy engineers (thank you, Andy Leonard Read more

0 comments, 717 reads

Posted in Databases – Infrastructure – Security on 17 October 2017

Randomness in Security Configuration

We were deploying a new web service. Because of the nature of the service, we wanted it to listen on a non-standard port. Security by obscurity doesn’t work against a real attacker or well-written malware. However, if someone was just attempting to check for a web server by doing the… Read more

0 comments, 1,233 reads

Posted in Databases – Infrastructure – Security on 14 August 2017

Just Say No to Social Engineering Memes

These memes, from a security and privacy perspective, are nothing but trouble. Here’s an example I just saw a friend respond to:


The reason I say trouble is because if you play along, they reveal a tremendous amount of personal information about you. That information is often used to secure… Read more

1 comments, 520 reads

Posted in Databases – Infrastructure – Security on 11 August 2017

#TSQL2sday: Interviewing Patterns

This T-SQL Tuesday is hosted by Kendra Little.

I’ve been told interviewing is an art. Perhaps it is. I view it more as an information exchange. The organization you’re interviewing with is trying to obtain information on you. You should be trying to obtain information on the organization. The… Read more

3 comments, 185 reads

Posted in Databases – Infrastructure – Security on 8 August 2017

Older posts