This year has been busy, and I don’t see it slowing down anytime soon. Life is good. The my chapters are all finally in for the Database Security book, now it’s time to edit. After reading the audit chapter, I’m not really happy with it. Once I’m done editing it, the version APRESS gets back may not look a lot like v0.1.

This May my travels are going to take me to Kiev Ukraine, Chișinău Moldova, Helsinki Finland, Stockholm Sweden, back to Kiev, and home just in time to celebrate my 59th birthday (am I starting to get old?). I’ll be speaking in Helsinki at the Full Stack Developers Conference on PL/SQL Secure Coding Practices https://fsdc.fi/ then heading over to Stockholm to do a couple talks on Holistic Database Security, Secure Coding Practices, and discuss Privilege Analysis.

June is going to be a bit easier, I’ll be in Bulgaria for BGOUG to talk about Privilege analysis and Leadership; then back to Chișinău and Barcelona to take care of some business.

July, oh, that’s simple, back to Bulgaria again (third trip there this year) where I’ll be speaking at the IEEE International Conference on Software Quality, Reliability, and Security. https://qrs19.techconf.org/track/tutorials The topic, Database Secure Coding and Design.

I’m going back to my speaking roots in May. Oracle Users Group Finland gave me my first opportunity to speak on database security many years ago.

This year we’ll see some of my favorite speakers in Helsinki.

First up, Heli From Finland. (she uses that because nobody can pronounce her last name.) Feel free to try at her last name Helskyaho, bet you can’t pronounce it either. Some of the things you may not know about Heli, she was a ballerina, travels more than me, and loves to show people her city Helsinki, is an Oracle ACE Director, and a PhD student. This year, she’ll be speaking on “The Basics of Machine Learning.”

To register for the Full Stack Developers Conference, follow the bouncing link. 🙂
https://fsdc.fi/

This is my favorite time of the year. The weather is starting to get warm, the sun is shining, and my passport is in my pocket.

We are in for a special treat. I had the pleasure to meet Olesya when I spoke to students at Moscow Polytechnic University last November. She’s one of those people you meet and immediately know she has her act together. Olesya’s super power is art, creativity, and the art of communication (check out her Instagram page @lezka) An associate professor at Moscow Polytechnic University for 20 years, she is responsible for soft skills. (If you’ve spent any amount of time in this industry, you know some people what could use some soft skills training.)

Olesya will be giving two presentations at BGOUG this June.
“Creative Thinking in Digital Cosmopolitans’ world” and ” Communication  Trends in Global Village: way to utopia or skepticism.” Part of her abstract for “Creative Thinking” says, “Think as…”strategy” (Think as a child, Think as a minimalist, Think metaphor, Think visually,”) I’m chomping at the bit to hear what she has to say. We are living in a time when things are changing fast; her message is vital to staying ahead of the curve. Can you tell, I’m excited about having the opportunity to listen to her? You should be too. Sign up for the BGOUG Spring Conference to have the opportunity to meet and listen to some of the top speakers in the world. (I have it on good authority that even Martin Widlake will be there) http://website.bgoug.online/en/events/details/103.html

Next week, April 4 – 5, I’ll be in Dublin Ireland for OUG Ireland 2019 https://ukoug.org/page/ougIreland2019 where I’ll be speaking on Holistic database security, and secure coding, followed by heading to Belgrade Serbia, and Sofia Bulgaria to give my talk on staying ahead in an ever changing IT environment. Sounds kinda anticlimactic compared to Olesya 🙂

I learned this morning a dear friends elderly relatives received a number of calls from someone claiming to be from their bank. I won’t go into all the issues; however there are some things everyone should be aware of. BTW: This not only applies to banks, this applies to any call you receive (Bank, IRS, Police, Insurance Company). There are a lot of criminals out there, please, don’t be a victim. For those who don’t know me, I spent twelve years at Financial Crimes Enforcement Network (FinCEN) I know a bit about this.

1. Remember the criminals top priority is to steal from you.
2. Your bank will never call you and ask for personal information. Sometimes this is hidden with, “we must verify your identity.” Bottom line, your bank will not do this. This is a trick to steal from you.
3. It is very easy to spoof a phone number. Do not trust the phone number that is displayed.
4. If you receive a call from someone claiming to be from your bank, get their Name, Phone number, and department. Then call the bank at a phone number you know is good and ask to be connected.
5. If the bank can’t find that person, ask to speak with the fraud department. They can investigate.
6. These call will try to create a sense of urgency, that you must talk to them now. Do not fall for it. This is just another trick criminals use to steal from you.
7. Last piece of advice, Hang up the phone and block the number.

This morning I learned of a young friend who was scammed out of some money online. Things like this always make me angry and I did not think I would ever have to post something like this because we all know these things right? Well no, some people have not been exposed to criminals and are trusting souls. This is for you gentle souls out there; and hope you don’t have to become callous and paranoid like me.

I spent about twelve years working in Financial Crimes (FinCEN), combined with being the Information Security Guy; you listen to me, this is something I know a great deal about.

Rule #1: I live by simple rules. Simple rules have kept me alive for almost 59 years; simple rules work.

Rule #2: When it comes to dealing with anything that has to do with money and the internet – be paranoid, be very paranoid. I always assume the person on the other end is a criminal, because there is a very high probability the person is a criminal.

Rule #3: If someone is offering to pay you money, they will not ask for any kind of payment from you. If you are asked for a payment, even a tiny amount this is a scam. You are dealing with a criminal who wants to steal from you.

Rule #4: If someone is offering you something of value for a service, opinion, survey, etc, they will not ask for any kind of payment from you. If you are asked for a payment, even a tiny amount, this is a scam. You are dealing with a criminal who wants to steal from you.

Rule #5: If you believe someone is a public figure and they are asking you for money or anything of value, it is a scam. You are dealing with a criminal who wants to steal from you.

The book I’m currently working on is a technical book on Database Application Security. While writing, I frequently find myself trying to explain something and I can’t quite come up with a good explanation. This normally indicates I don’t understand something well enough to explain it; therefore it goes into my “What I don’t know book.” (we can discuss that another day.)

So I’m working on a book, and get stuck. The first thing I do is write down what I don’t know in the form of a question. Case in point, working on the Unified Audit section and I wanted to explain, “how come unified audit does not immediately write to the database, you have to turn immediate write on.” Many years ago, I learned not to go with the first answer that comes to my mind. It may be right, it may be wrong.

To keep me moving forward on the chapter, I could either 1) start researching the answer and wind up going down a rabbit hole. Or 2) I can insert the question into the chapter in the form of a question.

<QUESTION> why does unified audit pause writing to the database? </QUESTION> Then scribble that same question into the notebook I carry with me.

I choose to use #2, because it allows me to stay focused on writing. I can then come back to the question, do my research and get an accurate answer.

Inserting and tagging questions is a great way to keep the focus on the work you are currently doing. You can research later, then maybe talk a walk and ponder just how your are going to answer the question.

Shaka

When using ENCRYPTION_PASSWORD with expdp and impdp, your history file (ie .bash_history) will store the password in plain text and if you’re sending the password over the wire, your network better be encrypted.!!!!!