Spring 2018 Agenda

Date: Wednesay April 18th

Time: 8:30-4:30pm

Location: Boston Scientific Arden Hills Campus

Map Link and Directions: Directions

Parking: will be available in a designated area across the street from the building entrance. The parking lot is at the corner of Boston Scientific Drive and Innovation Way.

Check In: Building 10 Visitor Entrance: Check-in with TCOUG board and security for visitor’s badge

Wifi : Wifi will be available for use

Food: Lunch will be provided


08:30 - 09:00 - Registration and Networking

09:00 - 09:20 - Welcome Remarks, Sponsor and Speaker Introductions

09:20 - 09:30 - DBA Threat Assessment

09:30 - 10:30 - Holistic Database Security - Rob Lockard

Abstract: For years we have been locking down software to protect information. This presentation puts the focus where it belongs: identifying, protecting, and selecting the correct tools to protect your data. Starting with a brief history of security breaches and the impact to both companies and consumers, the presenter will move through a methodology of identifying sensitive information, creating a risk matrix, and which tools are available to mitigate information leaks. Lockard will also explore Attack Vectors, how information leaks, including an open and frank discussion of organized gangs, and identifying the risks in your system and come up with mitigation strategies.

10:30 - 10:45 - Break

10:45 - 11:00 - Lightning Talk: Securing Database 18c With A Read Only Home

11:00 - 12:00 - Reinventing Enterprise Software Development with OMC and CASB - Dr. Matt O'Keefe


OMC is an integrated suite of capabilities that allow for you to

- Easy end-to-end application monitoring

- Reduce false alerts

- Quickly troubleshoot - bringing together the data needed to resolve issues

- Keep applications secure and compliant

- Auto-remediate the most common security and management issues and events

- Analyze data over a longer period of time to spot trends and issues

Whether applications are on-prem or in any cloud, OMC can provide substantial value

CASB stands for Cloud Access Security Broker. All Cloud's have one ... learn how Oracle's CASB can monitor and improve your database and application security

12:00 - 01:00 - Lunch

01:00 - 02:00 - PL/SQL Secure Coding Practices - Rob Lockard


The single greatest risk to Oracle Databases is SQL Injection and this presentation will help you secure your high performance code from this type of attack by examining the architecture and common errors in PL/SQL that lead to SQL injection attacks. The session will also cover Code Based Access Controls that enforce a trusted path to data and the new Database 12c features that can be used to limit access paths to data thereby implementing part of creating a trusted path.

02:00 - 02:15 - Lightning Talk: SQL Rewrite Vulnerabilities

02:15 - 02:30 - Break

02:30 - 03:00 - Q&A - Dan Morgan

03:00 - 03:45 - Row Level Security: Oracle's Best Security Tool - Dan Morgan


The Oracle Database holds more valuable PII, PHI, and proprietary data than any other. It is the most secure database in the world and also the biggest and easiest target for attackers. How can it be both the most secure and the most vulnerable at the same time? It is both because the overwhelming majority of the database's security features are disabled by default on installation and DBAs and Developers do not receive training on how to utilize the built-ins.

This presentation by Morgan will focus on the most valuable of these features, Row Level Security (RLS), as it comes included in the licensing for Enterprise Edition and the cost of implementing RLS is minimal. Live in SQL*Plus Morgan will show how, had Experian implemented this tool, the number of credit card accounts that would have been compromised would have been a very small fraction of those that were stolen

03:45 - 04:00 - Giveaways, Prizes, and Closing Remarks

About the Speakers

Dr. Matt O'Keefe, Oracle, Vice President and Corporate Technologist in the Cloud Infrastructure

Matt O'Keefe is a Vice President and Corporate Technologist in the Cloud Infrastructure group at Oracle who lives here in Minneapolis. Matt specializes in helping customers leverage the Oracle Cloud to build agile, next generation enterprise IT that supports game-changing cloud applications. Prior to joining Oracle Matt founded and sold two storage startups and was a tenured professor at the University of Minnesota teaching computer engineering and doing research on DevOps.

Robert Lockard, Oracle ACE Director

Robert Lockard is an Oracle ACE Director specializing in Database Security evaluating and securing Oracle Databases against internal and external threats. Robert resides in the Washington DC area and has been an independent consultant for more than 20 years. He has worked in financial intelligence tracking money laundering, terrorist money, and identity thefts. Robert has a number of interesting hobbies including flying vintage aircraft, racing sailboats, photography and technical diving.

Daniel Morgan - Oracle ACE Director Alumni

Daniel Morgan is an Oracle ACE Director Alumnus who has been actively engaged in data and database security since for more than 3 decades. Morgan is the "Morgan" behind the morganslibrary.org website and developed and was the primary instructor of the University of Washington's Oracle program for more than 10 years. Morgan currently resides here in the twin-cities area and serves as the Principal Advisor to Meta7 an Oracle Platinum Partner and a Sirius company.