Pass Summit 2019 Keynote Day 2


I’m blogging they Keynote!

One of my bucket list things has always to live blog a keynote at Pass Summit and I’m actually doing it! I want to thank Kendra Little for talking me into it. I missed the sign up to be one of the bloggers, but there was a free space next to her and she invited me to sit there. As always I have no clue what I’m doing so wish me luck!

Wendy Pastrick

Wendy starts us out with a rousing version of “Good morning to you” to thunderous applause.

Now she’s reminding us to do our evaluations .. got to remember to do that.

Finance report time! (It’s important stuff people, I want to be able to keep going to Pass events!)

(Paraphrasing) “Are we spending less, or are we really being more efficient.” Yea, based on the info she shared, more SQL Saturdays, more learning, more, more, more!

Thank the volunteers!

Tim Ford

Tim was told “Do not sing” (we dodged a bullet there!)

Pass directly impacted 80,000 people in the past year!! That’s really impressive!

Thanking the partners that support us. (AWS, Quest, Dell, Redgate, SentryOne, and Idera)

And of course Microsoft. Couldn’t do much without them could we.

950th SQL Saturday coming up!!! Can you imagine? (I should point out if you’ve never been to one you should give it a shot, they are a lot of fun and a great opportunity to Connect, Share and Learn.)

Tim gives us stories of people who joined Pass and the hights they have reached in our community.

Time for the Passion Award! Based on the description this person really deserves it too!

Congrats Hamish Watson!

Tim says “Get Engaged”, not sure how my wife would feel about that though.

Tarah Wheeler

I’ve been excited about this part since I learned Tarah was speaking!

Cybersecurity is Everyone’s Problem
Three Internets and the Data REgulartory Climent

I’m really hoping to get to say hello after the keynote!

“Not a lot of people work in Foreign policy and Infosec” (there probably should be IMO)

There are more and more data breaches all the time.

(paraphrasing) “I see a room full of people who don’t know they are diplomats”

(cool thought)

“How many people here feel qualified for their jobs” (one or two hands up)

“How many people have a degree in the field” (one or two hands up)

“There isn’t a lot of good training for what we do”

Quick note: Tarah is a great speaker, the crowd feels really engaged.

“Cybersecurity is one of the only IT roles where there are people actively trying to ruin your day, 24/7.”

~Chris Schuler

The different worlds that data exists in.

We have three different internets.

GDPR: “How do we fully delete an individual? How do we prove it?”

(Paraphrasing) “We may not be able to provide a product to the EU because we can’t handle GDPR.”

Dealing with data in China is wildly different. They store web usage data in a fundamentally different way (among other things, and I hope I got that right)

The rest of the world (some groups may be splitting off as well).

There is a LOT of information here!

— Data retention

“Has anyone ever seen the amount of data your company collects go down?”

Never shrinks, Only grows, Metadata counts, “Sensible data retention is governed not by technological limits, but by compliance and regulation.”

— Data backup

It’s offsite (if you are a DBA you know it better be)

“You can’t destroy backups for purposes of forensics”

Interesting question: What happens if someone moves to the EU? Can they request their data be removed now?

You can’t physically put your hands on it.

— Data restore

Constant and continuous integration with production systems.

There should be multiple ways to restore the data.

We end up in a state of conflict between Data Science and Cybersecurity. (I prefer to think of this as a balance/juggling act, but yea.)

“Dump the data ASAP!” vs “Save all the data”

Now it’s a triangle – Confidentiality -> Integrity -> Availability -> and back.

(I promise I’ll try to clean this up later, there is just SO MUCH INFORMATION)

“What happens if you an EU citizen in Beijing using SalesForce for your Calfornia clients?”

Do the Chinese regulations, GDPR, or CCPA win? No one knows yet.

First impulse for DataSec “Delete it all!”

“No one wants backups .. What they want is restore!”

~Elizabeth Zwicky

(We know this as DBAs, or at least you better)

“The multitude of choices in data architecture to provide for security are sometimes in direct conflict with privacy.” (This is going to become a bigger and bigger thing over time.)

“Encryption at rest and in transit are best practices but later audit trails can be unusable if the data itself has been deleted.” (This is kind of scary IMO, but so is security in general at times)

“GDPR is retroactive” (Yikes)

I’m going to summarize a bit here. We are not in a position to be able to delete a person’s data and maintain our ability to recover, or audit.

“Is there a sufficient amount of encryption on a piece of data and it be considered deleted?”

“We know that storing too much data badly lead to the use of AI-powered cyberattacks”

(paraphrased) “Do scenario-based tests on the idea that all of your databases are now on the dark web”

“What if an EU citizen demanded the deletion of all of her data in an ongoing US legal case?”

Original post (opens in new tab)
View comments in original post (opens in new tab)