48 responses out of 172 attendees. Not bad numbers if you ask me. The response rate is a bit over 25% which is pretty good from what I understand. I was surprised and pleased at the number of attendees. I was part of the Security Learning Path so that might account for it.

Ratings

Over all I was quite pleased. The lowest value was on How well did this session meet your expectations and based on the comments I’m guessing this was primarily because people thought the session was too basic and/or didn’t cover what they specifically wanted it to. I’m a little surprised at the balance of education content vs sales etc since I had absolutely no sales or marketing in the session. I guess some people felt there should have been more?

Comments

I’m skipping the comments about the event logistics since there isn’t much I could have done there. That’s basically about the room and temperature and such and so has very little to do with me.

How well did the sessions title, abstract etc align with what was presented?

• Abstract says we would be learning the why of security but seems lacking.
• This was perfectly well described.
• I didn’t realize when I went to this session that it was level 100. I saw the security track under my schedule and decided to take them. Only on the web version is the level given. It was way too simple for me and i had to redo my whole schedule. The level should be marked every where. Maybe even after the title. Wasted time looking at events for junior dbas.

 
This actually is a nice cross section of what I expect with these things. One was “You did a good job” which I always appreciate. One was something I had very little control over. I mean I wasn’t given any input on how the schedule looked and I ran into similar issues. The title has “From the ground up” and I mention that it’s a beginner session in the first few minutes of the session I’m hoping that’s enough to demonstrate it’s a beginners session. And one was actually very useful. Looking back at the session the why of security is probably a bit lacking. I’ve focused a lot more on the how.

How well did this session meet your expectations?

• Hoping for info on encryption; but, understand that it wasn’t in scope.
• Ken discussed the relevant information on SQL security and laid the ground work for the future sessions in This years PASS security thread
• Not the level I expected, but still a good presentation
• A little lower level than I thought but that may be me.
• Little too slow in the beginning
• This should have taken a deeper dive into security best practices.
• Was hoping for a little more advanced security functions covered.
• I think you should cover ownership chaining, as this is a core feature in the SQL Server security model.
• Tough topic, wish had more time…or perhaps sessions 1,2,3 that were back to back? Hoped to take more away
• Excellent presentation. I was familiar with majority of the subjects discussed, which improved my self confidence. However, i was able to pick up a very valuable tip, which will make my job easier
• This session was excellent. I got many good tidbits to take home and utilize.
• There were number of important points were missing such as
  sp_configure settings which is a potential security risk
  sql logins , DAC related security issues and BP
• After going back and reading the outline I was mistaken as to the 100 level
• I thought this would be more of an intro class on SQL server security. Instead, it focused more on granting permissions, etc. that we do not do in our current role.
• I would have liked more depth

 
Lots of comments here. Most of which were topics they wished I’d covered. Unfortunately I have a limited amount of time and bairly cover what I have in there. And again, yes it’s basic but that’s the intent. I did appreciate the comment from the person who said they already knew most of it but it was still helpful. I feel the same way about a lot of basic sessions. A few things I did take away were that I need to work on the interest level of the beginning of the presentation and maybe change the abstract to point out this is mostly a very basic how to.

Session or speaker comments

• The session was not a marketing session. The session outlined the technical definitions and usage of permissions within SQL Server
• A bit dry but well spoken.
• Loved the speaker’s approach to the content.
• Speaker was very clear and available for further questions. Excellent session.
• Really made it easy to understand! Thank you!
• Speaker had long monologues…just few questions taken
• Speaker kept it interesting
• I didn’t stay because there was another session that I felt I would get more value from
• SQL Security is very important in our shop. This was a great reference to make sure we are following best practices.
• For future sessions, I recommend giving a clearer picture of what the session will cover as well as recommended jobs that would be relevant to this course (i.e. DBA’s, etc.)
• A good speaker who knows his stuff

 
Even more very nice comments and a few helpful criticisms. Specifically, again, I need to work on my abstract. I’ve always thought it was pretty clear but I’ve had enough people comment on it now I think I need to re-do it. The long monologues and dry comments tell me I need to work on making things a bit more interesting. This is where I wonder if I’m a bit too comfortable with this session. I’ve tried to put a few humorous stories in there but I have a dry sense of humor so they may not be coming off the way I want. The comment on questions bothered me a bit. I hope I didn’t miss anyone’s questions. I didn’t notice any raised hands that I didn’t get to but I certainly could have missed something.

Oh and the comment that they left to go to a session they felt they would get more value from? I think that’s fantastic. The whole point of Summit is to learn. If you are going to get more from someone else by all means, I encourage you to go there. No one was disruptive as they left (and a few did) so it’s all good.

Over all I was really pleased with how things went. I don’t speak frequently but almost always enjoy it when I do. And the comments and ratings are truly a gift. Which ties in nicely with T-SQL Tuesday earlier this week.

One of my bucket list things has always to live blog a keynote at Pass Summit and I’m actually doing it! I want to thank Kendra Little for talking me into it. I missed the signup to be one of the bloggers, but there was a free space next to her and she invited me to sit there. As always I have no clue what I’m doing so wish me luck!

Wendy Pastrick
Wendy starts us out with a rousing version of “Good morning to you” to thunderous applause.

Now she’s reminding us to do our evaluations .. got to remember to do that.

Finance report time! (It’s important stuff people, I want to be able to keep going to Pass events!)

(Paraphrasing) “Are we spending less, or are we really being more efficient.” Yea, based on the info she shared, more SQL Saturdays, more learning, more, more, more!

Thank the volunteers!

Tim Ford
Tim was told “Do not sing” (we dodged a bullet there!) (Just kidding Tim!)

Pass directly impacted 80,000 people in the past year!! That’s really impressive!

Thanking the partners that support us. (AWS, Quest, Dell, Redgate, SentryOne, and Idera)

And of course Microsoft. Couldn’t do much without them could we.

950th SQL Saturday coming up!!! Can you imagine? (I should point out if you’ve never been to one you should give it a shot, they are a lot of fun and a great opportunity to Connect, Share and Learn.)

Tim gives us stories of people who joined Pass and the hights they have reached in our community.

Time for the Passion Award! Based on the description this person really deserves it too!

Congrats Hamish Watson!

Tim says “Get Engaged”, not sure how my wife would feel about that though.

Tarah Wheeler
I’ve been excited about this part since I learned Tarah was speaking!

Cybersecurity is Everyone’s Problem
Three Internets and the Data Regulartory Climate

I’m really hoping to get to say hello after the keynote!

Not a lot of people work in Foreign policy and Infosec (there probably should be IMO)

There are more and more data breaches all the time.

(paraphrasing) “I see a room full of people who don’t know they are diplomats”
(cool thought)

How many people here feel qualified for their jobs (one or two hands up)
How many people have a degree in the field (one or two hands up)
There isn’t a lot of good training for what we do (She meant degrees etc, we tend to teach each other.)

Quick note: Tarah is a great speaker, the crowd feels really engaged.

“Cybersecurity is one of the only IT roles where there are people actively trying to ruin your day, 24/7.”
~Chris Schuler

The different worlds that data exists in.
We have three different internets.

• GDPR: “How do we fully delete an individual? How do we prove it?”
  (Paraphrasing) We may not be able to provide a product to the EU because we can’t handle GDPR.
• Dealing with data in China is wildly different. They store web usage data in a fundamentally different way. (among other things, and I hope I got that right)
• The rest of the world (some other groups may be splitting off as well).

 
(Note: There is a LOT of information here!)

• Data retention
  “Has anyone ever seen the amount of data your company collects go down?”
  Never shrinks, Only grows, Metadata counts, “Sensible data retention is governed not by technological limits, but by compliance and regulation.”
• Data backup
  It’s offsite (if you are a DBA you know it better be)
  “You can’t destroy backups for purposes of forensics”
  Interesting question: What happens if someone moves to the EU? Can they request their data be removed now?
  You can’t physically put your hands on it.
• Data restore
  Constant and continuous integration with production systems.
  There should be multiple ways to restore the data.

 
We end up in a state of conflict between Data Science and Cybersecurity. (I prefer to think of this as a balance/juggling act, but yea.)

Dump the data ASAP! vs Save all the data

Now it’s a triangle – Confidentiality -> Integrity -> Availability -> and back.

(I promise I’ll try to clean this up later, there is just SO MUCH INFORMATION)

What happens if you are an EU citizen in Beijing using SalesForce for your Calfornia clients?
Do the Chinese regulations, GDPR, or CCPA win? No one knows yet.

First impulse for DataSec “Delete it all!”

“No one wants backups .. What they want is restore!”
~Elizabeth Zwicky
(We all know this as DBAs, or at least you better)

The multitude of choices in data architecture to provide for security are sometimes in direct conflict with privacy. (This is going to become a bigger and bigger thing over time.)

Encryption at rest and in transit are best practices but later audit trails can be unusable if the data itself has been deleted. (This is kind of scary IMO, but so is security in general at times)

GDPR is retroactive (Yikes)

I’m going to summarize a bit here. We are not in a position to be able to delete a person’s data and maintain our ability to recover, or audit.

Is there a sufficient amount of encryption on a piece of data and it be considered deleted?

We know that storing too much data badly lead to the use of AI-powered cyberattacks

(paraphrased) Do scenario-based tests on the idea that all of your databases are now on the dark web

What if an EU citizen demanded the deletion of all of her data in an ongoing US legal case?
We don’t know who wins yet.

Can you prove you’ve deleted data? Can you prove you haven’t?
Start thinking about it.

Be nice to your security team!

“CISO is an old Greek word meaning ‘goat which is first to be slaughtered'” (I think DBA is too sometimes.)

“Does it ever hurt less to bike up a mountain” “It never hurts any less, you just get to the top of the mountain faster”

Tips from Tarah:

• Your company had better have a “[email protected]” (I’m going to try emailing this later to see.)
• Take your Twitter DM seriously
• Have a vulnerability disclosure program

 
I think we are getting close to the end here. And I’m exhausted. And I’m excited. And I’m terrified. This was amazing!

Brief QnA. Two questions so far and it comes down to .. is there any kind of documentation available to help us with this?!?

Best answer: Start a GitHub.

Question: I’m doing genetic research, how does GDPR affect my ability to see genetic information from the EU, etc?
Answer: What is a person’s right to not have their information out there.
I think we will start to have the right to say our genetic information is unavailable for a certain amount of time (Kind of a reverse copyright)

Ending on a hopeful note
Over time all of these problems will be solved.

First let me say wish me luck. I’ve spoken a number of times before (don’t ask me what number, I haven’t kept track but it’s probably in the high single or low double digits) but each and every time I feel like I can use all the luck I can get.

This is my second time speaking at the Summit. Last time was in 2015 and I have to tell you, it was pretty cool. I’ve always felt like getting to speak is like getting to sit at the big kid’s table. Speaking at Summit is 10x that. I mean there are always some pretty amazing speakers there.

I’ll be giving my SQL Server Security from the Ground Up session. It’s a pretty good one if I do say so myself. I make no assumptions about your security knowledge and get you to where you can at least handle the basics of securing a SQL Server. After my session, there are 3 more.

1. How I Would Attack SQL Server
2. Capturing SQL Server Activity with SQL Server Audit
3. Six Ways to Improve SQL Server Application Security

 
As you can see, these sessions, along with mine, make a great progression from minimal security knowledge to a pretty solid start at protecting a SQL Server instance.

Some of the other pathways include Cloud Migration, Technical Leadership, Modernizing with SQL 2019, Linux for SQL Server Professionals etc etc. I have to admit there are several of these that I’m really excited about trying out. Can’t wait to see y’all there!

Now I want to point out something up front. I’ve spoken twice now but I still don’t really consider myself much of a speaker. I’m very new to this and still learning quite a bit. That being said these are the steps I took.

• Create an outline of what I expected my presentation to cover.
   
• Create PowerPoint slides to match my outline.
   
• Begin practicing my session.
  In order to get the most practice time I could, I printed out my slides and began practicing on my drive home. For those people who are freaked out by the idea of me reading while driving I want to point out that you aren’t supposed to read your slides. They are at most a place holder. Since I have a little over an hour drive home this meant I could practice the whole thing while driving. Not my demo, but the rest of it. This also helped me get my timing down since I had a clock right there.
   
• Tune my slides.
  As I practiced I found my slides weren’t quite what I wanted. I’d move slides around, add some, remove a few. I want to expand on that a little bit. In order to get the best presentation I could I found that I couldn’t be afraid to get rid of slides. Even if it was a slide I’d spent a great deal of time on. If it didn’t work, it had to go.
   
• Give it a shot in front of an audience.
  Once I had my presentation “done” I actually performed it for someone.
  In this particular case it was Jen (t) and Sean (t) McCown (b). I asked them for a couple of very specific reasons.
  • They have a great deal of experience speaking (not a necessity but it doesn’t hurt).
  • I trusted them to give me honest criticism. They wouldn’t be mean but they would be blunt. (I’m not easily offended and I’m not good at subtle.)
  • And one last reason that is specific for me. They were exactly the type of people I was most nervous about giving my presentation to. Highly knowledgeable and highly opinionated (but in a good way). If I made any mistakes they would not only know about it but call me on it.
  • Oh, and I consider them friends. This meant that I could give the presentation and even if I made a complete hash out of it they wouldn’t judge me, just give me advice.

   
  So what was the advice? A lot of it was specific to my presentation and won’t really help anyone but me. One big thing they mentioned however was Find your voice. For me this meant don’t give the presentation flat. I have a lot of snark and sarcasm (and bad puns) in my personality. Let them out! Have fun with the presentation and with the audience as much as possible.
   

• So now it was back to practicing.
  More printouts, more practicing in the car, more fine tuning. Of course I also had to practice with my computer in front of me so I could practice the demo, but I didn’t get nearly as many of those done as the other. I’d say over all I probably ran through the presentation 30+ times in the car and maybe 6 or 7 times in front of the computer. Oh, and when I was practicing in front of my computer I used my presentation clicker to make sure things were as close to the real presentation as possible.
   
• At some point you have to call it done.
  One thing I did notice was that almost every time I ran through the presentation I saw ways to improve it. Eventually I had to quit changing my slides and call them done. I still fine tuned what I was saying a little bit but I tried to keep that reasonably consistent as well. Of course now that I’m not on a deadline (getting the slides uploaded before the presentation) I can feel free to make more changes as needed.
   
• Actually giving the presentation to a group.
  This could have been giving it to my users group or some co-workers. But since my presentation was accepted for this years Dallas SQL Saturday I was able to give it there. This was a bit of a jump for a first time but I didn’t have enough time to schedule anything else. Presenting was exciting, it was fun, it was all around awesome. I found (not for the first time) that I’m one of those people who panics before hand, and even a bit afterwards but I’m pretty good during. In the end it went well, I got a few good laughs and hope everyone came away with a better understanding of security (the session is SQL Server Security Basics). I had several people come up to me afterwards to say they enjoyed it and really that’s all I could ask for.
   
• And yet more changes
  Once I’d done it in person I had yet more changes I wanted to make. Particularly since I had a comment that the session was a good intro for Devs & managers. That lead me to changing the title from “Security Basics” to “Security For Everyone” and changing my focus slightly.
   
• Presenting at the 2015 Pass Summit!
  Next I was told that I’d been accepted to speak at the Summit! Talk about exciting. More practicing, more nerves, and I finally gave my presentation at the Summit. I had a reasonably large room and it was ~75% full. I had enough nerves that I forgot a few things that I had wanted to do/say but on the whole it went very well. I had a crowd come up to me afterwards to ask for my card and ask some questions and then over the remainder of the summit I had several people come up to me and tell me how much they enjoyed it.

 
So there you have it. I’ve started speaking. I’m even working on my next abstract.

All kinds of great pictures were taken and I highly recommend spending a few minutes looking through them.

It’s now a year later and they are going to do it all over again!

To provide added incentive I’ve found this old picture of Argenis in a Ted costume.

So follow this link to the current campaign and donate! Donate $5, $10, $20, $200. It doesn’t matter, every little bit helps. And as of me writing this (11pm 7/21/2015) they are already up to ~$1900. So let’s see if we can’t continue to show what an amazing community we are and beat last year!

My session SQL Server Security Basics has been accepted as an alternate. This is my first time even getting an alternate spot let alone at Summit so I’m really excited. In fact I need to apologize for tweeting this a bit early Thursday night (we were supposed to wait till the official announcement Friday). I was over excited (as you may have noticed) and tired/busy so I didn’t read my email as carefully as I should have. Regardless, I have my spot. Now all I have to do is finish writing my session and practice practice practice.

Before I start that though I want to say a big THANK YOU to everyone involved. Thank you to those who read and reviewed the over 900 submitted sessions. Thank you to everyone who submitted a session regardless of if you got accepted or not. One of the most amazing things about this community is the level of competition to share what you know with others. Think about how many people around the country and the world who, at their own expense travel all over the place just so they can teach you and I. There are speakers dinners and speakers gifts, and those are fun I’m sure. But they certainly don’t meet the expense of traveling across the state (even a small one) let alone cross-country or to another country entirely. I won’t say things are perfect, because, well, people. But even with a few issues here and there I’m hugely proud to be a part of this community, and you can’t imagine (well maybe some of you can) how excited I am to be on the alternate list.

Thanks again to everyone

• Both Local and Virtual chapters
  A great way to get some free training and network with others who share your passion for data and SQL Server.
• SQL Saturdays
  A free day of training coming to a city near you.
• SQL Summit
  “The world’s largest gathering of SQL Server and BI professionals.”
• 24 Hours of Pass
  A solid 24 hours of free training.

 
Well a number of these great sessions are saved for posterity on youtube under PassTV. If you follow the link and look under the playlists you will find, among others, the best of Pass Summit 2014, 24 Hours of Pass 2014 and Pass BAC 2015. For future reference I’ve added the link for PassTV to my Study and Reference Materials page.

Enjoy and happy studying!

Of the sessions I want to this particular weekend a number of them were performance tuning tips and I noticed one very common suggestion. In fact if you read blogs by experienced DBAs you will see the same thing over and over again. So what is this amazing tip that everyone seems to agree on?

Test first

Here’s the thing. If a setting worked best one way or the other every time then it wouldn’t be a setting would it? So before you make any changes, make sure you test first. The wider the change (instance setting vs query hint for example) the more careful you need to be. A lot of setting changes will only help occasionally or in fringe situations. Frequently you will find that the change you made that dramatically sped up one query dramatically slowed down multiple others.

You will occasionally find a setting that everyone pretty much agrees on. For example the setting cost threshold for parallelism. Almost everyone feels that it should be increased. Well, to be honest, everyone I’ve talked to thinks it should be increased. But you never know, there might be someone who disagrees. But now ask what it should be increased to. If you do some searching you can find a wide range of numbers and a lot of suggestions to, you guessed it, do some testing.

I want to add a little bit to the question. People are rarely completely selfless, we like to get something back when we give. I’m a blogger, I might even get into speaking. Although I’m not certain yet. So what’s in it for me?

I enjoy blogging. I’m about as active a blogger as you can get and I plan to continue in the next year. I love looking back over the posts I’ve done, and sometimes I see a post that I’m not terribly impressed with that for whatever reason is really popular, and sometimes I’m see a post that impresses the heck out of me even though I wrote it. So that’s part of what I get back. A sense of accomplishment.

Then comes that charge when someone tweets or retweets a link to one of my posts. And the even bigger one when someone uses one of those links to answer a question or includes one in one of their own posts. Best of all is when someone leaves a comment telling me that one of my posts helped them solve a problem. I also write articles (pretty similar to blogging to me), answer questions on dba.stackexchange.com (I even made the first page of all time users stats, right there at the bottom) and occasionally help out on #sqlhelp. All of which I also plan to continue into the next year. And again I get that same sense of accomplishment knowing I helped someone (sometimes even lots of someones).

So what do I get out of it besides that sense of accomplishment and to be honest a much needed boost to my ego? I learn. I learn a lot. I spend time studying background information on almost every post I do and certainly every question I answer. I test where possible and ask questions of those more knowledgeable than me when I have to. I hate posting incorrect information so I do my best to fact check. And that process is very similar to studying, which means that I come away knowing more than when I started. In fact I’ll bet if you ask almost anyone who does training videos, presents sessions, writes articles, blogs, or whatever, that they will agree with me. One of the best ways to learn material is to prepare it and present it to someone else.

Lastly, if you make any effort at all, when you give back to the community you make friends. And those friends are an excellent source of information and inspiration. They will help to prop you up when you need it. And if you ever need a job? You will get support from those around you who know what you are going through, maybe even some information about available jobs, and lots of unsolicited advice!

So how do I plan on giving back to the SQL Community during the coming year? I plan on doing pretty much the same things I’ve been doing in the past year. And I plan on continuing to get back more than I could ever give.

Why is this exciting? A number of months ago Kirsten photo-shopped Argenis into this self same hoodie. It was one of the funniest things I’d seen in awhile. And we now have a chance to see it for real! So why would Argenis do this? For a very good cause. He will only wear this awesome hoodie if we can collect $5000 for Doctors without borders. At the time I’m writing this (last night now) the total was already up to $1895 or over a third of the way there.

Now some of you may have never met Argenis. I consider myself lucky to have done so. He was my first timers mentor when I went to the Summit for the first (and only so far) time a few years ago. While there I saw a presentation by him about sysinternals and was frankly amazed at some of the things he could do. He later very kindly reviewed and edited my first article on SSC. Which in fact was my first writing project ever. He is a nice guy and a lot of fun to talk to on twitter if you get a chance. He is also a newly minted SQL Server MVP (Congrats Argenis if I didn’t get to say it earlier).

Doctors without boarders is also an excellent cause. These doctors provide medical help for those who need it throughout the world and deserve our help.

I’m not going to get to go to the Summit this year so I’ll only get to see this through pictures but I’m promised there will be LOTs of pictures. So please help Argenis reach his goal and wear his hoodie. Did I mention it has a TAIL?!?