Finland Security Meetup 2020

Tuesday February 4th 2020 there will be a security meetup in Helsinki Finland. I will be there speaking on Secure coding and the impact of emerging technology will have on security.

Julian Dontcheff will be speaking on “The Power of Autonomous Database Security”

Kamil Stawiarski will be doing two hacking sessions.

  • Oracle Hacking Session The live demo, presenting a real-life experience in penetration testing of the consolidated Exadata database environment
  • Oracle Hacking Session – part II. We believe so much in technology, that we stopped believing in people.

Hope to see everyone there, this will be exciting. https://www.ougf.fi/events/security-meetup/

#Oracle Database Application #Security book is finally out. #infosec #encryption #audit #SecureCoding #PrivilegeAnalysis #OID #OAM #OIM

https://www.amazon.com/Oracle-Database-Application-Security-Directory/dp/1484253663/ref=sr_1_1?keywords=oracle+database+lockard&qid=1573050833&sr=8-1

It’s been a year long process now the book is finally been released. There are a few things I would have written different and a few other subjects I would have liked to cover. Perhaps that will come in my next book or future posts.

In this book we cover Secure Coding, setting up Encryption, and audit. We also dive deep into performing privilege analysis.

Emerging Technology Security Day 2019

Status

Between ongoing data breaches and emerging technologies constantly coming out, you need to ask the question. “Is my information secure?” On October 11th we will be hosting a security day with Oracle Corporation in Reston Virginia.

When: October 11, 2019

Where: 1910 Oracle Way, Reston, VA, 20190

Executive level presentations on: Cybersecurity Challenges, 5G Security, Machine Learning and AI Security, Blockchain, Cloud Security, and Cybersecurity Maturity Model Certification (CMMC)

We will be having executive level and technical discussions on the information security challenges we will be facing from emerging technology. All talks are geared to Executives and Senior Technical Leads.

8:00 – 8:30   – Arrival and Registration

8:30 – 9:00  – Morning snack (pastries), Welcome, and Introductions

9:00 – 11:30  – Executive Sessions
9:00-9:30 Cloud Security
9:30-10:00 Governance and Compliance
10:00-10:30 Data Security
10:30-11:00 Emerging Tech Security
11:00-11:30 5G/Communications Security
11:30-12:30  – Lunch
12:30 to 2:55  – Track Sessions   Track 1:  Cloud Security
12:30-1:15 Multi-Cloud Considerations
1:20-2:05 Cloud Access Security
2:10-2:55 Mitigating Threats (Insider, lateral movement, exfiltration, spoofing, etc)
Track 2:  Data Security
12:30-1:15 Database Application Development Tools Security (SQL Developer)
1:20-2:05 Maximum Security Architecture (MSA) – Data Architecture
2:10-2:55 Data Encryption/Key Management
Track 3:  Governance and Compliance
12:30-1:15 CMMC/IDAM
1:20-2:05 STIG/Patching
2:10-2:55 NIST/FedRAMP
Track 4:  Emerging Technology Security
12:30-1:15 AI/ML, Augmented Reality Security
1:20-2:05 Blockchain Security
2:10-2:55 IOT/Connected Device Security
Track 5:  5G/Communications Security – 12:30 to 2:55
12:30-1:15 5G Security
1:20-2:05 SDWAN Security
2:10-2:55 Session Border Control, Hardware Security

Closing Discussion/Q&A with Experts – 3:00-3:30

Thank you to our Primary Sponsor is Oracle Corporation for helping put on this event.

Register Here.

“Free cheese is only in the mousetrap” #DataPrivacy #InformationSecurity #DeepFake

#DataPrivacy, #InformationSecurity all require critical thinking. Sadly, there is not a lot of that going around these days. People are purposely sending photos to have them aged without vetting the company they are going to. We are now have #DeepFakes that use AI to blend faces into composite images and video. Just google DeepNude, that uses AI to undress photos of women. The company based in Estonia closed its doors; however, if you check the website, they are now selling their product for someone else to make money off it. I personally don’t care what country data is stored in. I care about the stewardship of the information. I care about the manipulation and misuse of your data

To quote a dear friend of mine. “free cheese is only in the mousetrap.”

On the road again. #QRS19 in Sofia Bulgaria. Secure Database Design

On Monday July 22 I will be speaking at IEEE International Conference on Software Quality, Reliability, and Security. https://qrs19.techconf.org/ This is going to be a two hour tutorial on designing and coding a secure database system.

I see a lot of effort put into network and end point security; however, at the same time many organizations are only giving lip service to database security. You database is the last line of defense of your organizations crown jewels. So come on out, I will help you wrap your head around database #infosec.

Secure your insecure information

Make sure your private information is not exposed. Your disk still has all your information even if you delete the data. When you delete information from your disk, what happens is the index pointing to your data is deleted, your data is still on the disk. If you’re like me, you have photos, documents, and emails. I don’t know about you, but I don’t like people reading my private emails to friends, customers, and acquaintances.

Blancco and data recovery company Ontrack performed a study of 159 disk drives purchased on ebay. Ontrack recovered information from 42% of the drives. Now, personally I don’t sell my used equipment; however you might do that. There is an easy and safe way to sell your old devices and not worry about exposing your information to strangers.


I use the free version of CCleaner. (Note: I have not received any compensation for this, it’s just the tool that I use) CCleaner has the ability to securely delete information on the disk and also keep your disk from getting cluttered with junk that windows does not clean up. Personally I run this about once a week.

When you select wipe free space, You’ll get a popup window that will tell you the process will take a long time. So, this is not something you want to run on a regular basis. When I’ve run it in the past, it has taken three days to run on the 1T drive in my laptop.

Once you’ve installed CCleaner, select Options, then under settings select the Secure Delete and in the pulldown select how secure you want your deletion. I use Advanced Overwrite 3 pass, this is pretty secure. This option will overwrite your deleted files three times with random data and if you select wipe free space, it will overwrite your free space three times with random data.


May, June, and July – 2019 Crazy busy. :-)

Love my life

This year has been busy, and I don’t see it slowing down anytime soon. Life is good. The my chapters are all finally in for the Database Security book, now it’s time to edit. After reading the audit chapter, I’m not really happy with it. Once I’m done editing it, the version APRESS gets back may not look a lot like v0.1.

This May my travels are going to take me to Kiev Ukraine, Chișinău Moldova, Helsinki Finland, Stockholm Sweden, back to Kiev, and home just in time to celebrate my 59th birthday (am I starting to get old?). I’ll be speaking in Helsinki at the Full Stack Developers Conference on PL/SQL Secure Coding Practices https://fsdc.fi/ then heading over to Stockholm to do a couple talks on Holistic Database Security, Secure Coding Practices, and discuss Privilege Analysis.

June is going to be a bit easier, I’ll be in Bulgaria for BGOUG to talk about Privilege analysis and Leadership; then back to Chișinău and Barcelona to take care of some business.

July, oh, that’s simple, back to Bulgaria again (third trip there this year) where I’ll be speaking at the IEEE International Conference on Software Quality, Reliability, and Security. https://qrs19.techconf.org/track/tutorials The topic, Database Secure Coding and Design.

Heli From Finland – Full Stack Developers Conference

I’m going back to my speaking roots in May. Oracle Users Group Finland gave me my first opportunity to speak on database security many years ago.

This year we’ll see some of my favorite speakers in Helsinki.

First up, Heli From Finland. (she uses that because nobody can pronounce her last name.) Feel free to try at her last name Helskyaho, bet you can’t pronounce it either. Some of the things you may not know about Heli, she was a ballerina, travels more than me, and loves to show people her city Helsinki, is an Oracle ACE Director, and a PhD student. This year, she’ll be speaking on “The Basics of Machine Learning.”

To register for the Full Stack Developers Conference, follow the bouncing link. 🙂
https://fsdc.fi/