I attended the 2018 Saint Louis Cybersecurity Conference with one of my team members today. It was only one day and when compared to other conferences that I have had the pleasure of attending in the past would be considered small, but it was actually quite good and informative. Dynamite in small packages.
Not much on actual database specific topics, but heavy on related topics that any database admin team should stay up to date on. Using the proverbial onion analogy, the data, and thus databases lie at the center of the onion. Being of the more proactive mindset, first as a DBA, and now as the head of a department of DBA’s, I do not like boundaries either self perceived or otherwise when it comes to trying to protect the data that I am responsible for, so I like to explore the other layers and stay abreast of best practices, even if I am not technically implementing or responsible for them. I blame it on my proclivity for anal retentiveness.
Database conferences generally have some sessions on database security, however I am generally dismayed when I attend something that is specifically for security and there is nothing truly database centric. This is a large hole that leaves one to wonder how many organizations out there rely on all of the layers and ignore the data itself at the center. Of course the audience must be considered as well, and most of the attendees are going to evolve around the security role and many may not even grasp or care about database technologies and securing them. This does beg the question as to how many security applications leverage a database for backend storage.
I am not knocking this conference in any way, shape, or form, however, again with my as already stated personal weakness for analytical thought, these are just the type of things that I process. The conference was actually very well organized and run. We found many interesting topics and even learned a few things. There was an FBI agent who gave an excellent talk on cybercrime, security, and etc.
One of the biggest threats discussed was that of other countries, China for instance, and their intentions not being to steal money, identity theft, and implementing ransom ware, but to steal and/or damage government secrets, corporate secrets, trade secrets, technology designs and secrets, and research information related to all of these topics. Where is most of this information stored? In a database.
I was also brought back to reality of work-life in the technology sector during this session. When it started, the man introducing the special agent very clearly and authoritatively stated, “during this presentation no pictures of the slides or the agents themselves are allowed and are strictly prohibited”. The agent wasn’t a few sentences in when a guy at the table in front of us started taking pictures of the slides and the agent speaking!
The inability to follow instructions and process is what causes us all insurmountable pain in the form of down time, lost productivity, and of course maintaining secure environments.
Kudos to the organizers of the Saint Louis Cybersecurity Conference for 2018! I hope and plan to send other team members next year.
Related LinkedIn article: https://www.linkedin.com/pulse/data-security-audits-mariadb-william-wood