As a follow-up to my post on being at war, cyberwar:
If the experts are correct, this trend is only going to continue. Reading the article and others on the same situation, they all note that the unclassified email had been hacked, but not classified. That’s… Read more
In case you’ve not been following the news with regards to *government* breaches:
- White House computers hacked – Russia suspected
- US Postal Service hacked – China suspected
- NOAA hacked – China suspected
All three of these news articles released within the past few weeks. The reality is that our networks… Read more
If you’re looking to warm up for the winter, come on down to Charleston, SC, on December 13, 2014. Charleston will be hosting its second SQL Saturday. Why Charleston?
- Charleston continually wins the award for the friendliest city in the United States.
- Charleston isn’t far from 2014’s #2,…
I’ve stated quite often that being a generalist has generally been beneficial for my IT career (pun intended). That’s why I developed the professional development presentation, The Swiss Army Knife of DB Pros. It is also why I continue to bounce back and forth between technology areas rather than… Read more
I am consolidating my professional email accounts into one place. If you’ve previously contacted me using my linchpinpeople.com or either of my sqlpass.org email accounts, please use this instead:
I have been slow to respond at times to the other accounts, because I don’t check… Read more
If you’re not familiar with the Center for Internet Security, here’s the organization’s mission statement:
The Mission of the Center for Internet Security is to enhance the security readiness and response of public private sector entities, with a commitment to excellence through collaboration.
CIS produces consensus-based, best practice secure…
Here is my list of heroes for #TSQL2sday. None of them are directly tied to technology, much less SQL Server. However, all of them have made a deep impact on my life. I am where I am today because of these nine.
1. James Tiberius Kirk
I start my… Read more
Thank you for those who made it out to the SQL Server Innovators Guild last night in Greenville, SC. I hope you enjoyed the talk and that it’ll create conversations about how we better secure the ETL pipeline. With attacks against data becoming more and more prevalent, I only see… Read more
For those able to attend my session at this year’s Carolina Technology Conference, thank you! As promised, here are the slides, sample code, and audit scripts from my presentation on What You Absolutely Must Know about SQL Server Security:
In the wake of Shell Shock, I’ve seen some vendor advisories indicate that while their product is vulnerable, it’s only through the management interface but everything is okay because if best practices have been followed, the management interface isn’t/hasn’t been exposed to the Internet.
No, everything is not okay.… Read more
PASS has taken a lot of heat recently. A few folks have pointed out that you only seem to hear when people are upset at PASS at something. So here’s my take on what PASS has done correctly.
September is Childhood Cancer Awareness Month here in the USA. Here are some statistics:
- In 2014, an estimated 15, 780 children (ages 0-19) will be diagnosed with cancer in the USA.
- In 2014, an estimated…
I will be given a webinar on how to audit SQL Server through MSSQLTips.com.
Don’t become a statistic. With the numerous data breaches and internal data theft, securing your SQL Server environment can help keep your company out of the news. Unfortunately, a… Read more
I Don’t Have to Do It Alone
I’ve always worked hard in my IT career to be knowledgeable in my field. I don’t like not… Read more
Anything we can do to automate our builds and deployment should be considered. After all, the point isn’t just to write code, but to deploy working code. So what if we did the automated builds and deployed them to development or QA? No errors, so I’m good, right?
Not so… Read more
If you haven’t already, please read Denise McInerney’s post about why PASS no longer stands for the Professional Association for SQL Server.
The Growth of an Organization
If you’ve been involved with PASS lately, you’ve probably seen this change coming. When I read the post, I wasn’t surprised. PASS… Read more
I had the opportunity to write another guest post at SQL Authority:
This one covers how to determine who made changes in a database that has been deleted. This isn’t a situation where you can use the schema changes history report… Read more
I was reading a book about network security monitoring and it mentioned The Cuckoo’s Egg by Cliff Stoll. Stoll’s book has been around for a long time, and it’s considered a classic book with regards to information security. If you’re not familiar with it, it’s the story of a gentleman… Read more
My guest editorial is live on SQLServerCentral.com. My argument is a simple one: we don’t care about data and IT security. I don’t just mean IT folks. I mean most everybody. I include myself in this characterization. I know a few exceptions, but they are truly exceptions.
In the… Read more
I will be giving a presentation on ETL (Extract, Transform, Load) security at two user groups in the coming weeks.
Securing the ETL Pipeline
We’re going to look at typical ETL (Extract, Transform, Load) pipelines and consider the weak points an attacker might go after. Our goal in this isn’t… Read more