Advanced Data Modeling: Data Modeling for Security, Privacy, and Compliance

Modern database systems have introduced more support for security, privacy, and compliance over the last few years. We expect this to increase as compliance issues such as GDPR and other data compliance challenges arise. In this session, Karen will be discussing the newer features from a data modelers/database designers' point of view, including:

Data Masking
End-to-End encryption
Row Level Security
New Data Types
Data Categorization and Classification

We'll look at the new database and modeling tool features, why you should consider them, where they work, where they don't. We will also discuss how to negotiate on behalf of data protection in a world of Agile, MVP, Lean and DevOps.

This session can be given in 1-4 hour sessions. Hands-on labs can be added for full-day sessions.

KEYNOTE: Data Happens: How to Get Through Your Day

What have the ancient thought leaders and philosophers said about data, lives, and suffering? And what tools have the given us to make it through our days when debates, dilemmas, and just plain disagreements seem to be happening all around us?
In this session, Karen covers some of the truths, guidelines, and frameworks that have helped her get through her days (and late nights) working with others and their own belief systems about data.

You’ll learn about:

What thought leaders over the centuries have observed about struggles
What frameworks Karen uses to deal with day-to-day debates, challenges, and just plain “ughs”
What ideas all these leaders and frameworks have in common
What practices can help you and your data be more successful

Advanced SQL Data Security and Privacy - Full Day

Modern database systems have introduced more support for security, privacy, and compliance over the last few years. We expect this to increase as compliance issues such as GDPR and other data compliance challenges arise.
In this advanced workshop, we cover data security and privacy protection for SQL Server and Azure SQL Database. With demonstrations and several exercises, this workshop uses group labs to cover database and data protection techniques, including threat analysis and remediation. We'll look at the new features, why you should consider them, where they work, and where they don't.
Discussion topics will include:
• Data Categorization and Classification
• Encryption; Transparent Data Encryption, Always Encrypted
• Data Masking
• Row-level Security
• Security Center and Scores
• SQL Assessment API
• Azure Defender for SQL
• Vulnerability Assessments
• Advanced Threats
○ SQL Injection
○ Data Exfiltration
○ Information Protection
○ Anomalous Login attempts
• Monitoring and Alerting with Azure Services
• Azure Data Explorer

Attendees will leave this session with an understanding of the following:
• How to find and assess data assets, using modern tools and techniques
• How to identify and tag sensitive data
• How to perform cost, benefit, and risk analysis on threats and solutions
• How to deploy features in the right location to best protect data
• How to leverage security services to protect data
• The day will include lecture style format as well as interactive discussions and lab exercises.

Protecting Data in SQL Server and Azure SQL DB with Data Masking

Dynamic Data Masking (DDM) is a feature in both SQL Server and Azure SQL Database. In this session, we review the features, trade-offs, and some unique outcomes of applying data masking to your data. This session includes:
- Default Masks
- Custom Masks
- Costs, Benefits, and Risk in applying masks
- Masking roles and responsibilities.

The Tricky Part of Doing Tricky Things in your Database

We've mastered the basics of basic database design patterns, but what happens when you or a teammate wants to use THIS ONE WEIRD TRICK to improve on your database design? Have you just discovered a brilliant new trick that no one else has ever thought of? Or will your new design cost you more, take on more risk and cause all kinds of pain for both IT and your business users?

We'll demo tricks that we've seen in our database design reviews and show you how they work and talk about the trade-offs for using them. You' learn about: Building a database engine inside your database, Implementing Hierarchies, Dealing with data structures that don't do as well in RDBMSs, Generating code out of the database, Optimizing the developer versus the data or the app, Using design patterns that don't reflect modern architectures and tools, …and a lot more.

RDBMS agnostic or specific.

What's That Smell? Working with Open Data

Sometimes Open Datasets have left us with more questions than answers. In this presentation, Karen discusses the types of data anomalies that organizations can run into when they use external data, the wrong datasets for the right reasons, and the right datasets for the wrong reasons. Karen uses real-life examples of her own data to show the impact of bad data decisions.

These errors in design, oversights, and old-school, traditional practices can impact the success of your projects, even if the open data was perfect at the time it was published.

Introduction to Microsoft Purview

Demo-led overview of Microsoft Purview, Microsoft's new data governance and compliance services:
- Data Sources
- Data Maps
- Data Catalog
- Data Glossary
- Data Classification
- Data Lineage
- Data Discovery
- Data Security and Privacy
- Access Controls
- Data Sharing
- Data Health
- Policy-based enforcement
- Data Stewardship
- Risk and Compliance Management

Subtopics may be cut depending on the time allotment for the session.

Best and Worst Practices in Backup and Recovery

We’ve been deploying backup solutions since the beginning of computing, and the foundations of backup and recovery have stayed the same: make sure backups run consistently and set recovery objectives. Yet systems don’t work or act the same way they did decades ago.

Cloud data backups have helped us meet the need for offsite backups, as well as impacted how we budget for them. Ransomware has impacted how we store them. The laws of physics might be more of an issue than when we had tapes stored in a safe down the hall. Cost models have changed, too.

In this session, Karen Lopez covers best practices for modern data recovery…and she will share stories of worst practices just to keep it real.

Azure Arc-enabled SQL Server

Azure Arc-enabled SQL Server extends Azure services to SQL Server instances hosted outside of Azure. It works with your on-prem, edge, and even deployments in other cloud systems.

This session includes Azure features related to:
- security
- privacy and compliance
- monitoring
- performance tuning
- data classification
- availability

Finally, this session will offer ten tips for getting started with Azure ARC Enables SQL Server.

20 - 90 minute presentation options. Longer timeframes support more demos.

A Database Designer's Favorite Security and Privacy Features in SQL Server/Azure DB

SQL Server and Azure DB include multiple features that focus on data security, privacy, and developer productivity. In this session, we will review the best features from a database designer's and developer's point of view.

- Always Encrypted
- Dynamic Data Masking
- Row Level Security
- Data Classification
- Assessments
- Defender for SQL Server
- Ledger Tables
...and more

We'll look at new and older features, why you should consider them, where they work, where they don't, who needs to be involved in using them, and what changes, if any, need to be made to applications or tools that you use with SQL Server.

You will learn:

- The pros and cons of implementing each feature
- How implementing these new features may impact existing applications
- 10 tips for enhancing SQL Server security and privacy protections

Updating Data Programs with Responsible and Ethical AI

Artificial intelligence is a hot topic for the world and often a challenging subject in traditional data programs. What will be your response when AI is introduced to your organization? This workshop features discussions of recent successes and disturbing incidents. We will focus on understanding how they were discovered, their handling, and lessons learned. We will focus on people and process issues encountered with each incident. We will then lead discussions on these topics to help you build a strategy for updating your data governance and management programs.

-Transparency: Are AI models understood? Explainable?
-Data Quality: Do we understand the quality of the training data? -Does everyone else?
-Fair: Does our use of AI treat people fairly? Does it avoid and measure biases? What about the training data?
-Human Verification: Will we be using AI to make final decisions? -How do we know we can trust those decisions? Is there an appeal or reversal process?
-Privacy and Data Protection: Do we have consent to use the data we want to use? How do we know?
-AI and Data Literacy: Will knowledge workers be able to build and deploy AI solutions independently?
-Accountability: Is the organization ready to be accountable for the uses and outcomes of AI?
-Monitoring: How and who will monitor the AI process? Will there be reporting and oversight?

This can be a one-hour session, half-day, or full-day workshop with exercises.

Data Governance Contentious Issues

This is a highly interactive and popular session where attendees evaluate the options and best practices for common and advanced programs, people, tech, and management issues. Then, we debate the answers.

Modules may be voted on ahead of time by participants but could include:

- Who gets the final say in design decisions?
- Where should the data governance program sit in the org chart?
- Is there a role for DG professionals on software-as-service projects?
- Will AI improve data governance?
- Can AI be a data steward?
- Is data quality part of data governance, or is it a result of DG?
- How should enforcement work in a DG program?
- How long is too long for a naming standard?
- Is refactoring a help or a hindrance?
- Are data models part of data governance?
- Can an IT person be a good data steward/curator?
- Which is more important: performance or data quality?
- Is normalization the end of the world?
- Are naming standards just for the wicked?
- Should data governance teams review as-built systems?
- How much security should be in the database rather than the application?
- A faux NULLs dangerous?

Bring your votes, your debates, and your opinions.

This session would be very difficult for virtual attendees to participate in or hear unless the session room is designed for sharing audience audio with remote attendees.

Data Contracts for Successful Data Governance

Data Contracts help predict and prevent issues with data, especially across federated data estates. Are software engineers using data as it is intended? Are they asking for changes that might break downstream systems? Do you know what the cost of making a specific change is? Do we have enough resources to govern changes to data formats, types, values, and meaning?

This session will focus on:

- Key Components of Data Contracts
- Roles and Responsibilities
- Implementation Challenges
- Best Practices for Effective Data Contracts
- Where are they being used?
-Future of Data Contracts
-Ten Tips for Success

Evolution of Solution Evaluations and Selections Requirements

A rant/commentary on why you should change your thought process about evaluating, testing, and selecting vendor solutions.

Great fit for shorter format sessions, but can be a one-hour session, too.

Database Design Contentious Issues - in Person only

A highly interactive and popular session where attendees evaluate the options and best practices of common and advanced design issues. Then they argue about the answers.

Modules may be voted on ahead of time by participants but could include:

- Are NULLs evil?
- How many are too many joins?
- Who gets the final say in design decisions?
- How long is too long for a naming standard?
- Are GUIDs helpful?
- Is refactoring a help or a hindrance?
- Are all surrogate keys helpful?
- Are data models anti-agile?
- Is a database software or infrastructure or both?
- Which is more important: performance or data quality?
- Is normalization the end of the world?
- Are naming standards just for the wicked?
- Are repeating columns that bad?
- How much security should be in the database rather than the application?
- A faux NULLs dangerous?

Bring your votes, your debates, and your opinions.

This session needs a room with several whiteboards, either on the wall or portable. It can also be done with Post-it paper stuck to the wall or on easels. We can always make something work if we can discuss it ahead of time.

Migrating Data and Databases to Microsoft Azure - Full DAY

As the concept of Hybrid Datacenter becomes more mainstream data professionals will need to understand how to effectively manage and migrate data from Earthed to Cloud servers. In this session we will review how to decided if Iaas or PaaS is right for you, how to prepare your data for migration to Azure, and how to migrate your data in an efficient manner. Leave this session knowing how to best plan and execute your Azure data migration projects.

A Database Designer's Favourite New SQL Server Features

SQL Server includes multiple features that focus on data security, privacy and developer productivity. In this session we will review the best features from a database designer's and developer's point of view.

- Always Encrypted
- Dynamic Data Masking
- Temporal Tables
- Graph Data & Processing
...and more

We'll look at the new features, why you should consider them, where they work, where they don't, who needs to be involved in using them, and what changes, if any, need to be made to applications or tools that you use with SQL Server.

You will learn:

- The pros and cons of implementing each feature
- How implementing these new features may impact existing applications
- 10 tips for enhancing SQL Server security and privacy protections

Advanced Accidental Database Design - Full Day

In this advanced workshop we cover enhancements in SQL Server 2017 for building databases in an enterprise environment on modern project teams.

With demonstrations and several exercises, this workshop uses group labs to cover advanced database design skills…but this isn’t your average "Here's how to create a table, now go build a database" course. Our goal is to cover new features in SQL Server that are relevant to modern enterprise development practices. We’ll talk about some of the pain points designers feel as well as the costs, benefits, and risks associated with design choices.

Discussion topics will include:

• Advanced database design process
• Security/Encryption/Data masking/Audit
• Advanced Table design Topics {Temporal/In-Memory/Compression}
• Understanding when to scale out versus scale up, and how
• Other Advanced Topics

Attendees will leave this session with an understanding of the following:
• Advanced database architecture design process for modern enterprise development projects
• New and advanced features available in SQL Server 2017
• How to decide which design features are the right design choices for your needs

The day will include lecture style format as well as interactive discussions and exercises.

Level - 300 (Intermediate)
Track - DBA
Other speakers: Karen Lopez

Attendee prerequisites:
Hands-on experience with SQL Server (any version) basic design concepts including normalization, constraints, indexes, datatypes and integrity features.
Basic understanding of database administration concepts.
Familiarity with basic Azure and Data Platform features.

Who's Pissing in Your Data Lake?

The new data terms of Data Lake, Data Reservoir, and Data Swamp have left me with more questions than answers. In this presentation, Karen discusses the types of data anomalies that organizations can run into when they use external data, the wrong datasets for the right reasons and the right datasets for the wrong reasons. She uses her own data to show you the impact of bad design decisions, incomplete testing, and other common mistakes.

These errors in design, oversights and old school, traditional practices can impact the success of your projects, even if you don't use any data lakes.

This session isn't really about data lakes, per se. It's about data quality and project processes.

Ledger DBs and Tables for the DBA & Data Professional

With all the hype around blockchain, why should a DBA or other data professional care? In this session, we will cover the basics of blockchain as it applies to data and database processes:
- Immutability
- Verification
- Trust
- Ledger Tables
- Ledger Databases
- Confidential Computing and Storage

We will look at current offerings for blockchain features in Azure SQL DB/SQL Server. Finally, we'll help you identify the types of business requirements that need blockchain technologies.

This session can be tailored to meet the needs of your audience, with focuses on analysts, architects, developers and DBAs.

SQL Data Discovery and Classification

SQL Server Management Studio (SSMS) recently introduced SQL Data Discovery and Classification. This new feature allows teams to find and categorize sensitive data. SSMS looks at the names of columns to help you find where your most vulnerable data resides.

We'll look at a new feature of SQL Server that supports maintaining the classification in auditing logs for columns.

For SQL DB and Azure Data Warehouse, we'll look at Advanced Data Security to classify and record data classifications. Finally, we'll quickly look at how these classifications can feed into Azure SQL Database Auditing.

Protecting Data with Data Masking in SQL Server and SQL DB

Dynamic Data Masking has been available since SQL Server 2016. In 2019, we now have an option for static data masking. But there are trade-offs with using both. In this session we will discuss:

- Overview of Data Protection with Data Masking
- Dynamic Data Masking
- Static Data Masking
- Security vs. Privacy
- Pros and Cons of Data Masking

Who's Pissing in Your Data Lake Now?

The new data terms of Data Lake, Data Reservoir, and Data Swamp have left me with more questions than answers. In this presentation, Karen discusses the types of data anomalies that organizations can run into when they use external data, the wrong datasets for the right reasons and the right datasets for the wrong reasons. Karen uses real-life examples of her own data to show the impact of bad data decisions.

This session will include recommendations for how to avoid or fix these data quality issues in SQL Server and SQL DB.

These errors in design, oversights, and old-school, traditional practices can impact the success of your projects, even if you don't use any data lakes.

Introduction to Azure Data Platform for Data Professionals

We will look at the core services of Microsoft Azure Data Platform offerings. Topics that may be included are:

Azure SQL DB
Azure Data Factory
Azure Databricks
Azure Synapse (formerly Azure Data Warehouse)
Azure Cosmos DB
Microsoft Purview
Azure Storage
Azure Stream Analytics
Azure Monitoring
Azure Defender/Security

We'll wrap up with the ways data professionals can get hands-on training and usage credits to learn on their own.

With so many topics to cover, we may cut topics based on audience interest.

Introduction to Azure Data Platform for Data Professionals

We will look at the core services of Microsoft Azure Data Platform offerings. Topics that may be included are:

Azure SQL DB
Azure Data Factory
Microsoft Purview
Azure Databricks
Azure Synapse (formerly Azure Data Warehouse)
Azure Cosmos DB
Azure Storage
Azure Stream Analytics
Azure Monitoring
Azure Defender/Security

We'll wrap up with the ways data professionals can get hands-on training and usage credits to learn on their own.

With so many topics to cover, we may cut topics based on audience interest.

NASA SpaceApps Challenge - Manage your time so it doesn't manage you

Karen shares her experiences in mentoring and judging hackathons, including tips about what order to approach the challenge throughout the weekend:
- Getting started
- Assigning roles
- Deliverables
- Open Data
- Judging process
- Subject matter experts