My upcoming Spring events @OracleACE #InfoSec

March 5 – 8: I will be speaking at the Hotsos Symposium in Dallas Texas. I will be showing how to secure your high performance code. We will be looking at some coding standards, what common errors we are making that makes our code less secure, and how to implement a trusted path for your data.

March 15: We have managed to wrangle Bobby Curtis, and Steven Feuerstein to come out to Oracle’s Columbia Maryland office to give a couple of presentations. Maybe it’s the Maryland Crab Cakes or could be they are really nice guys. 🙂

Bobby Curtis, Oracle ACE Director Alumni and Product Manager for Oracle Golden Gate will be giving a presentation on Golden Gate Security.

Steven Feuerstein Oracle ACE Director Alumni and Oracle’s Developer Advocate for PL/SQL for Oracle DevGym. This will be a great opportunity for an Oracle DevGym Workout. Steven will go through the exercises with you and will be giving prizes for the best performers.

March 21 – 22: I will be speaking at Utah Oracle Users Group Training Days (and getting some Spring Skiing in.) I will be speaking on Holistic Database Security and Secure Coding. My Holistic Database Security presentation has come a long way over the past ten years. As new attack vectors, mistakes, mitigations come out I update this presentation. So, if you’ve seen this presentation before, don’t worry there is a lot of new material in there. My Secure Coding Presentation goes through coding standards, common errors, and how to implement a trusted path for you data.

April 18: I will be speaking at Twin Cities Oracle Users Group on Oracle Database Vault and a Hybrid Holistic Database Security presentation that will be focused at DBA’s. Many DBA’s fear or don’t like Oracle Database Vault, because it changes the paradigm of how they work. We are accustomed to being the God of our databases. We will be looking at how to make Database Vault your friend, and customizing it for your needs.

May 22 – 23: I will be speaking at Oracle Users Group Finland.

Again I will be speaking on Holistic Database Security and Secure Coding.

And the BGOUG Spring Conference. I’m just waiting on the confirmation.

More to come. 🙂

2017 was a crazy year, 2018 is going to be challenging

It’s been a crazy year. In 2017 I’ve done talks in Paris France, Helsinki and Rovaniemi Finland, Sofia Bulgaria, Moscow Russia, Denver Colorado, Las Vegas Nevada, San Antonio Texas, Krakow Poland, Dushanbe Tajikistan, and Raleigh North Carolina. A few of these cities, (Helsinki, Moscow, and Sofia) getting there more than one time this year. And these don’t count the side trips to places like Saint Petersburg and London to see the ballet, visit friends, visit a pub, or see a football game. It’s now coming on the end of the year and thankfully I don’t have any travel planned for the rest of the year. You should see my frequent flier statement, but we all know it does not compare to Heli’s frequent flier statement.

Also in 2017, I made Oracle ACE Director. Now if you do the math, estimating there are over 500,000 Oracle Customers and if each customer has five Oracle professionals on staff, that would mean there are over 2.5 Million Oracle professionals in the world. As of this day there are 107 Oracle ACE Directors (the top tier professional advocates) in the world and I am one of them.

Robert Lockard – Oracle ACE Director

Then last month, I was asked by Oracle Magazine about doing a peer-to-peer profile. That was published this morning.

Oracle Magazine Peer-To-Peer

Now when Oracle Magazine asked me to do the Peer-To-Peer, it also included doing a short video. It’s hard to believe, but this short video took me four hours to shoot.

Oracle Magazine Peer-To-Peer Video

What is the plan for 2018? Well it’s going to be hard to beat 2017, But I’m up to the challenge. I hope to spend a little more time in Saint Petersburg Russia to explore the city some more. This is a seriously beautiful city and I think late May would be the perfect time to explore it. Fortunately, it will be just in time for White Nights.

I’ve decided that in 2018 I will be focusing more on the smaller Oracle Users Groups. Yes, Collaborate, KSCOPE, and RMOUG are great conferences, and I am not abandoning them for good, I’ll return to them perhaps in 2019. On January 1 when I’ll be heading back to Europe for a week that will include another new place for me, Tbilisi Georgia and I also have tickets to see the Nut Cracker in Moscow that week. I have two papers into the UKOUG Ireland event in March. I also plan on speaking in Utah, Ohio, Atlanta Georgia, Helsinki, Moscow, Poland, Paris, London, and of course, Bulgaria again. Maybe I’ll also get to do a talk in Saint Petersburg while I’m there.

What else will I be doing? Well, I’m working hard to bring speakers to the Baltimore Maryland area. I’ve already have Steven Feuerstein lined up for January 18th in Baltimore, Bobby Curtis and I are talking about him coming out in March. I would also love to get SQL Maria out here to do a deep dive into the Oracle Optimizer. Yes, 2018 is going to be a busy year, and I promise I also will be flying my plane more.

Yet another breach through #SQLInjection

The following quote bothered me a lot. “No amount of best practices or prohibitive steps is going to stop a determined hacker.” While this is a true statement, what it leaves out is if you make it difficult by securing the information, the hacker will move onto easier target.

Here is the full article: Yet another data breach

SQL Injection attacks continue to be successful. To secure your data from a sql injection attack, you can start by implementing secure coding standards. Here is a link to my write up on using a secure architecture that to date has been immune from sql injection.

Secure Coding, Code Based Access Control and using multiple schema

Upcoming #POUG17 and #tajoug #techconftj* #Oracle #plsql #infosec #fun

99% of my presentations are technical, addressing our information security needs. Then every now and again, I get to do something fun. There was “Hacking The Human Brain” last June at BGOUG.

My next trip in September is taking me to Krakow Poland, Moscow Russia and Dushanbe Tajikistan. While in Krakow, I’ll be presenting on “Secure Coding in the Cloud” and taking part of a panel discussion. On to Moscow, to see a concert on Red Square, and dinner with friends. Then off to Dushanbe where I’m privileged to present, “Secure Coding in the Cloud,” “Holistic Database Security,” and something fun. “Make a Difference, My 10 rules for a full life.” This will be a fifteen minute talk on, the rules I live by. Come on out to the Polish Oracle Users group or Tajikistan Oracle Users Group, September 7th. We are going to learn a lot and have fun doing it.

If you can’t make it to either of these two fine conferences, meet me in Moscow for a beer or two at Hotel Metropol.

What is it like on the Oracle User Group Speaking circuit?

This is how most of my trips start, a ride to the airport with my headset on. Listen to some easy listening music such as AC/DC or Iron 20161114_195431Maiden to get me in the mood for travel. Once at the airport; check into the business class lounge at Air France or British Airways to have a glass of Champagne wile waiting for my flight.

UPDATE: I pay for my own business class travel. Thanks for pointing that out Kent Graziano.

20170515_131521 20161107_114624
On some of my trips in the US, I’ll fly my 1948 Ryan Navion to the conference site. Many OSH1times while in Europe, I get asked if I flew my plane there. The answer is no. Single engine airplanes don’t do well when flying over thousands of miles of open ocean.
Who are you going to meet when you are out speaking. The most interesting people in the world. These people are some of the top experts in the world who volunteer their time to educate people. Once the best side effect of hanging around them, is they will inspire you to be better everyday. All if these people here have one other thing in common. They are all wonderful people who I’m happy to call friends.
20160124_132354 20170129_195220 
20170509_185627 20170517_174938
20170601_213052 20170603_210720
20170626_121538 IMG_3554
20170524_134852 20170624_213408
20170207_212104 20170207_195927
What happens when you get there. Well, there is the hotel you need to check into. Then you are going to need to find out where the reception is, head out to see the city, find out what the local beer is, and have a bit of fun.
20170520_080839 20161029_160629
20170530_195313 20170520_130123
20161113_222936 20170527_215202
FB_IMG_1484440268333 FB_IMG_1499123988544
20170527_183403 20170529_201317
20170530_122345 20160123_191934
IMG_5640 20161108_205224
You’ve found the reception, and taken in some of the city’s culture – it’s time to get ready to speak. No matter how many times you have done a presentation, it’s important to go through your presentation and demos before you get in front of your audience. You need to be ON. This may be your 20th time giving this presentation, but remember this is the first time this audience has heard it. Deliver your presentation like your reputation depends on it. Also remember, you may be asked a question that you’ve heard a hundred times. Again, the person you are talking to does not know the answer, that is why they are asking; so show that person the respect he/she deserves. You will also be asked questions that you don’t know the answer to. Write down the question, go back and research it; then provide that person the answer to their question.
FB_IMG_1492451855539 FB_IMG_1499123977327
FB_IMG_1499123992635 IMG_3020
IMG_5469 IMG_5471
You did a great presentation, you got to see the city and make new friends but don’t forget all the other great session that are being offered. Besides, because you are a speaker, you get to sit in on these sessions too. You also need to find time to get some work done.
IMG_5314 IMG_6104
FB_IMG_1499123999647 20170510_131025
IMG_5319 20161103_111804
It’s done, you finally made it home, you have customers that you need to take care of. In the past week, you traveled the equivalent of round the world. Get some rest, you really need it. The customer can wait for tomorrow, they wont mind. Smile


#Oracle #sqldev MAJOR improvement

This is going to be quick, I don’t get a lot of time to read new features documentation. I normally reserve that for once a month, print em’ out and read over a nice glass of Scotch. Hey it works for me.

So today, things seem a bit odd, so I opened the SQL Developer Instance Viewer to get a picture of what the database was doing. WOW, thanks Jeff, Kris and team. Love the new look. Check out Top SQL.

Kinda disturbed by an article I just read. #infosec #rant

As most of you know I live on the defense side of infosec. As attack vectors are exposed, I study them to learn how to design systems that can defend against them. There are some biggies, sql injection, cross site scripting, insider threat and encrypted data leaking that burn a lot of my time.

I just read an article giving a detailed technical description on how to use randomized proxy chains to avoid detection. And by using proxies in different countries, it makes it difficult to find out who did the attack. Now of course this article said this should only be used for white hat pen testing and you should not use this for any illegal purposes.

Make no mistake, articles like this are not helping the good guys secure systems. You are only helping the bad guys.

Exciting times. #poug #tajoug #techconftj*

I will making my first trip to Krakow Poland and Dushanbe Tajikistan. This trip will cover over 24,000 miles in air travel and five different airlines.

POUG High Five. The Polish Oracle Users Group will be having their annual tech conference in Krakow Poland September 1 and 2. I’ll be speaking on secure pl/sql coding and taking part in a panel discussion. There is a very impressive group of speakers coming in from all over the world. This is a first class conference that will be held in a brewery.

Tajikistan TechConf. I don’t have a URL for this conference yet, it will be held Thursday September 7 in Dushanbe Tajikistan. Heli “From Finland” Helskyaho and I will speaking along with some local speakers. Heli is famous for her dynamic speaking style; she will teach you new information that will make you better at your job.

Come on out to either one of these two excellent conferences and I’ll help you wrap your brain around Oracle Database Security.

Between POUG and Tajikistan TechConf, I will be spending a couple of days in Moscow to go to a concert and visit with some friends.

Getting to know you, getting to know all about you. #infosec #windows10

Windows 10 has the capability to record everything you say, everything you type and everything you write. Okay, I have a fundamental problem with this. Microsoft implemented this feature in the Beta release of Windows 10 to help the product development troubleshoot problems and improve the product. The product development team loved it so much, they kept it in the production release of Windows 10.

I am not going to discuss Microsoft’s motivation for keeping this in the production product. I will give you my opinion: Information is leaking like a water from a broken colander, so why would we keep this around? Saving this information on your device and the cloud is a massive issue. Here is what you need to do, turn it off and remove the voice, writing, typing from the cloud.

Go to Windows Settings -> Privacy -> Speech, Inking, & typing. If you see Stop getting to know me then click on it and it will turn it off and remove all the data from your local drive. You also need to remove all the data from the cloud. So on that same screen “Go to Bing and manage personal info for all your devices” to clear the Getting to Know You Data from your Microsoft account.

This combined with the setting “Send Microsoft info about how I write” has me very concerned. So turn that off too. On the same screen click on “General” then the third item on the right, “Send Microsoft info about how I write to help us improve typing and writing in the future” Turn that off.

#quicktip #oracle #sqlcl logon.sql #PLSCOPE_SETTINGS and #PLSQL_WARNINGS

Quick Tip. My logon.sql file.

I don’t want plscope_settings and plsql_warnings set when I’m in production; but if I’m in my test / dev / sandbox environments, then I do turn them on.

This helps. Enjoy; this should be self explanatory.

set linesize 90
set pagesize 1000
col table_name format a35
col owner format a20
set timing on
 sInst varchar2(1);
 select upper(SUBSTR(instance_name, 1,1))
 INTO sInst

-- test to see if this is a production instance
 -- all production instances start with P so ...
 -- if it's not a production instance set up
 -- session properties approiate for dev / test / sandbox.
 IF sInst != 'P' THEN
   execute immediate 'ALTER SESSION SET PLSQL_WARNINGS=' || '''ENABLE:ALL''';
define _editor=vi

-- setup aliases for sqlcl
alias tab=select table_name from user_tables;