Spring 2018 Agenda
Date: Wednesay April 18th
Location: Boston Scientific Arden Hills Campus
Map Link and Directions: Directions
Parking: will be available in a designated area across the street from the building entrance. The parking lot is at the corner of Boston Scientific Drive and Innovation Way.
Check In: Building 10 Visitor Entrance: Check-in with TCOUG board and security for visitor’s badge
Wifi : Wifi will be available for use
Food: Lunch will be provided
08:30 - 09:00 - Registration and Networking
09:00 - 09:20 - Welcome Remarks, Sponsor and Speaker Introductions
09:20 - 09:30 - DBA Threat Assessment
09:30 - 10:30 - Holistic Database Security - Rob Lockard
Abstract: For years we have been locking down software to protect information. This presentation puts the focus where it belongs: identifying, protecting, and selecting the correct tools to protect your data. Starting with a brief history of security breaches and the impact to both companies and consumers, the presenter will move through a methodology of identifying sensitive information, creating a risk matrix, and which tools are available to mitigate information leaks. Lockard will also explore Attack Vectors, how information leaks, including an open and frank discussion of organized gangs, and identifying the risks in your system and come up with mitigation strategies.
10:30 - 10:45 - Break
10:45 - 11:00 - Lightning Talk: Securing Database 18c With A Read Only Home
11:00 - 12:00 - Reinventing Enterprise Software Development with OMC and CASB - Dr. Matt O'Keefe
OMC is an integrated suite of capabilities that allow for you to
- Easy end-to-end application monitoring
- Reduce false alerts
- Quickly troubleshoot - bringing together the data needed to resolve issues
- Keep applications secure and compliant
- Auto-remediate the most common security and management issues and events
- Analyze data over a longer period of time to spot trends and issues
Whether applications are on-prem or in any cloud, OMC can provide substantial value
CASB stands for Cloud Access Security Broker. All Cloud's have one ... learn how Oracle's CASB can monitor and improve your database and application security
12:00 - 01:00 - Lunch
01:00 - 02:00 - PL/SQL Secure Coding Practices - Rob Lockard
The single greatest risk to Oracle Databases is SQL Injection and this presentation will help you secure your high performance code from this type of attack by examining the architecture and common errors in PL/SQL that lead to SQL injection attacks. The session will also cover Code Based Access Controls that enforce a trusted path to data and the new Database 12c features that can be used to limit access paths to data thereby implementing part of creating a trusted path.
02:00 - 02:15 - Lightning Talk: SQL Rewrite Vulnerabilities
02:15 - 02:30 - Break
02:30 - 03:00 - Q&A - Dan Morgan
03:00 - 03:45 - Row Level Security: Oracle's Best Security Tool - Dan Morgan
The Oracle Database holds more valuable PII, PHI, and proprietary data than any other. It is the most secure database in the world and also the biggest and easiest target for attackers. How can it be both the most secure and the most vulnerable at the same time? It is both because the overwhelming majority of the database's security features are disabled by default on installation and DBAs and Developers do not receive training on how to utilize the built-ins.
This presentation by Morgan will focus on the most valuable of these features, Row Level Security (RLS), as it comes included in the licensing for Enterprise Edition and the cost of implementing RLS is minimal. Live in SQL*Plus Morgan will show how, had Experian implemented this tool, the number of credit card accounts that would have been compromised would have been a very small fraction of those that were stolen
03:45 - 04:00 - Giveaways, Prizes, and Closing Remarks
About the Speakers
Dr. Matt O'Keefe, Oracle, Vice President and Corporate Technologist in the Cloud Infrastructure
Matt O'Keefe is a Vice President and Corporate Technologist in the Cloud Infrastructure group at Oracle who lives here in Minneapolis. Matt specializes in helping customers leverage the Oracle Cloud to build agile, next generation enterprise IT that supports game-changing cloud applications. Prior to joining Oracle Matt founded and sold two storage startups and was a tenured professor at the University of Minnesota teaching computer engineering and doing research on DevOps.
Robert Lockard, Oracle ACE Director
Robert Lockard is an Oracle ACE Director specializing in Database Security evaluating and securing Oracle Databases against internal and external threats. Robert resides in the Washington DC area and has been an independent consultant for more than 20 years. He has worked in financial intelligence tracking money laundering, terrorist money, and identity thefts. Robert has a number of interesting hobbies including flying vintage aircraft, racing sailboats, photography and technical diving.
Daniel Morgan - Oracle ACE Director Alumni
Daniel Morgan is an Oracle ACE Director Alumnus who has been actively engaged in data and database security since for more than 3 decades. Morgan is the "Morgan" behind the morganslibrary.org website and developed and was the primary instructor of the University of Washington's Oracle program for more than 10 years. Morgan currently resides here in the twin-cities area and serves as the Principal Advisor to Meta7 an Oracle Platinum Partner and a Sirius company.