MySQL Boston May User Group: Auditing MySQL for Security and Compliance

I take the easy way out again this week by sharing Guy Kawasaki (of the How To Change the World blog) and his irreverent and truthful keynote at the 2007 MySQL Users Conference.

Kawasaki will challenge your thoughts about being an entrepreneur in the technology industry.

The big news is that soon I’ll be able to announce that the videos from the conference sessions are up….stay tuned!

Show Notes:
Guy Kawasaki’s Blog: How to Change the World
http://blog.guykawasaki.com/

Direct play this episode at:
http://technocation.org/content/oursql-episode-16%3A-art-innovation%2C-guy-kawasaki

Download all podcasts at:
http://technocation.org/podcasts/oursql/

Subscribe to the podcast at:
http://feeds.feedburner.com/oursql

Feedback:

Email podcast@technocation.org

call the comment line at +1 617-674-2369

use Odeo to leave a voice mail through your computer:
http://odeo.com/sendmeamessage/Sheeri

Or use the Technocation forums:
http://technocation.org/forum

Today I upgraded the blog software at sheeri.com (and sheeri.net and sheeri.org). Please let me know if you find something that doesn’t work as expected — awfief@gmail.com.

At the MySQL Users Conference, hepatitis prostate my good friend Mark Atwood (creator of the free Amazon S3 Storage Engine) mentioned that any site with a login should have OpenID as an option.

Mark, anabolics I upgraded for you! I was using WordPress 1.5.2, there now I’m at the “latest” version. Anyway, this is just to let folks know that if you so choose, you may now use OpenId if you wish to login and make comments.

Of course, I do not require login (and have a great spam filter) so that’s just another choice you have.
Today I upgraded the blog software at sheeri.com (and sheeri.net and sheeri.org). Please let me know if you find something that doesn’t work as expected — awfief@gmail.com.

At the MySQL Users Conference, hepatitis prostate my good friend Mark Atwood (creator of the free Amazon S3 Storage Engine) mentioned that any site with a login should have OpenID as an option.

Mark, anabolics I upgraded for you! I was using WordPress 1.5.2, there now I’m at the “latest” version. Anyway, this is just to let folks know that if you so choose, you may now use OpenId if you wish to login and make comments.

Of course, I do not require login (and have a great spam filter) so that’s just another choice you have.
You’ve heard me on the MySQL Podcast at http://www.technocation.org, urticaria now come work with me, prostate the “She”-BA!

The company I work for is an online social networking/dating site. Our main product is for men seeking men in 87 countries throughout the world. We’re looking for another MySQL DBA, as designing schemas maintaining data integrity for our 1 million users (and growing fast!). The salary is dependent upon experience of course, but the company I work for pays on the high side of the industry standard for the Boston area.

Application Instructions
Please send cover letter, résumé and sample schema to work@online-buddies.com, with “MySQL DBA” as your subject. The
sample schema should reflect your abilities, so if you send along a schema you would like to see improved, include a description of what you would love to do to that schema to make it better.

The fun “requirements”:

  • A schema of 1 database with 85 tables — all of which have an auto-increment id as their primary key — makes you cringe
  • Knowing the difference between InnoDB and MyISAM storage engines and when you might use them
  • You cry when you see field names like “ExtraInfo1” and “ExtraInfo2”
  • You want to poke your own eyes out when you see schemas full of varchar(20) default NULL
  • When someone says, “Can you add a [type, ie, INT, BLOB] field to the table for me?” your first response is, “Sure, why do you need it?”
  • You know that “data warehouse” is not a synonym for “replicated copy of the database” — and if you did not, your first thought upon reading that was “It isn’t? I wonder how the schemas would be different?”
  • When designing a schema, you draw out an ER diagram first (or are willing to learn how)
  • Thinking about what data will be stored is the most important thing to you when you’re creating a table, not how the application will access it
  • You are comfortable with a job that does not involve writing code in a procedural language, but are comfortable enough if you have to help debug code written in a procedural language that you could.
  • You answer the question ‘Do images belong in the filesystem or the database?’ with ‘it depends’ and can go through scenarios of when each one is appropriate. (Alternatively you say “I have no idea” and do some research)

On to the more boring description…..

MySQL Database Administrator

The MySQL DBA will ensure that all data remains consistent across the database, that the data is clearly defined, that all users access data concurrently, in a form that suits their needs, that there is provision for data security and recovery control (all data is retrievable in an emergency).

Essential Duties/Tasks

* assist in establishing the needs of users;
* plan dataflow for a new or revised database;
* help design databases;
* test all new systems;
* maintain data standards, including adherence to the Data Protection Act, C.I.S.P or other security requirements as implemented and dictated;
* write database documentation, including data standards, procedures and definitions for the data dictionary;
* control access permissions and privileges;
* ensuring that storage, archiving, backup and recovery procedures are functioning correctly;
* capacity planning;
* work closely with IT project managers, programmers and developers;
* provide technical support for outdated legacy systems;
* ensure the database integrity and security;
* commission and install new applications.

Knowledge of Industry, Product, and Technology

* Bachelor’s degree
* At least 2 years of experience that is directly related to the
duties and responsibilities specified.

Education and other Qualifications

* Knowledge of current technological developments/trends in area
of expertise.
* Ability to interpret data models and to develop database structures.
* Ability to use standard diagramming techniques to design and
develop computer data models.
* Ability to configure, manage, and maintain the operation of
complex relational databases.
* Ability to develop and manipulate large, complex data sets.
* Knowledge of computer and/or network security systems,
applications, procedures, and techniques.
* Ability to operate on a scheduled 24-hour on-call basis.
* Knowledge of data integrity methods and techniques a plus.
* Technical writing skills.
* Ability to install, maintain, modify, and upgrade MySQL.

About our Company
Founded in 2001, Online Buddies Inc., continues to enjoy extraordinary growth as we achieve worldwide recognition for our product range of alternative lifestyle online personals; each providing safe, friendly and exciting sites through which members can express themselves, communicate and interact with one another as they wish.

Our Mission is to build upon our reputation as an internationally regarded leader for online personals as well as an organization that positively impacts the communities we serve. We work to accomplish this goal through partnerships with local, state and federal health and human service organizations; providing our members with accurate and easily accessible health-related information.

We acknowledge that our success begins with our ability to select a uniquely talented and diverse workforce that is afforded equal opportunity to enjoy both personal and professional growth, contributing to our collective success as we work to achieve our individual aspirations.

Application Instructions (repeated from top)
Application Instructions
Please send cover letter, résumé and sample schema to work@online-buddies.com, with “MySQL DBA” as your subject. The
sample schema should reflect your abilities, so if you send along a schema you would like to see improved, include a description of what you would love to do to that schema to make it better.
Today I upgraded the blog software at sheeri.com (and sheeri.net and sheeri.org). Please let me know if you find something that doesn’t work as expected — awfief@gmail.com.

At the MySQL Users Conference, hepatitis prostate my good friend Mark Atwood (creator of the free Amazon S3 Storage Engine) mentioned that any site with a login should have OpenID as an option.

Mark, anabolics I upgraded for you! I was using WordPress 1.5.2, there now I’m at the “latest” version. Anyway, this is just to let folks know that if you so choose, you may now use OpenId if you wish to login and make comments.

Of course, I do not require login (and have a great spam filter) so that’s just another choice you have.
You’ve heard me on the MySQL Podcast at http://www.technocation.org, urticaria now come work with me, prostate the “She”-BA!

The company I work for is an online social networking/dating site. Our main product is for men seeking men in 87 countries throughout the world. We’re looking for another MySQL DBA, as designing schemas maintaining data integrity for our 1 million users (and growing fast!). The salary is dependent upon experience of course, but the company I work for pays on the high side of the industry standard for the Boston area.

Application Instructions
Please send cover letter, résumé and sample schema to work@online-buddies.com, with “MySQL DBA” as your subject. The
sample schema should reflect your abilities, so if you send along a schema you would like to see improved, include a description of what you would love to do to that schema to make it better.

The fun “requirements”:

  • A schema of 1 database with 85 tables — all of which have an auto-increment id as their primary key — makes you cringe
  • Knowing the difference between InnoDB and MyISAM storage engines and when you might use them
  • You cry when you see field names like “ExtraInfo1” and “ExtraInfo2”
  • You want to poke your own eyes out when you see schemas full of varchar(20) default NULL
  • When someone says, “Can you add a [type, ie, INT, BLOB] field to the table for me?” your first response is, “Sure, why do you need it?”
  • You know that “data warehouse” is not a synonym for “replicated copy of the database” — and if you did not, your first thought upon reading that was “It isn’t? I wonder how the schemas would be different?”
  • When designing a schema, you draw out an ER diagram first (or are willing to learn how)
  • Thinking about what data will be stored is the most important thing to you when you’re creating a table, not how the application will access it
  • You are comfortable with a job that does not involve writing code in a procedural language, but are comfortable enough if you have to help debug code written in a procedural language that you could.
  • You answer the question ‘Do images belong in the filesystem or the database?’ with ‘it depends’ and can go through scenarios of when each one is appropriate. (Alternatively you say “I have no idea” and do some research)

On to the more boring description…..

MySQL Database Administrator

The MySQL DBA will ensure that all data remains consistent across the database, that the data is clearly defined, that all users access data concurrently, in a form that suits their needs, that there is provision for data security and recovery control (all data is retrievable in an emergency).

Essential Duties/Tasks

* assist in establishing the needs of users;
* plan dataflow for a new or revised database;
* help design databases;
* test all new systems;
* maintain data standards, including adherence to the Data Protection Act, C.I.S.P or other security requirements as implemented and dictated;
* write database documentation, including data standards, procedures and definitions for the data dictionary;
* control access permissions and privileges;
* ensuring that storage, archiving, backup and recovery procedures are functioning correctly;
* capacity planning;
* work closely with IT project managers, programmers and developers;
* provide technical support for outdated legacy systems;
* ensure the database integrity and security;
* commission and install new applications.

Knowledge of Industry, Product, and Technology

* Bachelor’s degree
* At least 2 years of experience that is directly related to the
duties and responsibilities specified.

Education and other Qualifications

* Knowledge of current technological developments/trends in area
of expertise.
* Ability to interpret data models and to develop database structures.
* Ability to use standard diagramming techniques to design and
develop computer data models.
* Ability to configure, manage, and maintain the operation of
complex relational databases.
* Ability to develop and manipulate large, complex data sets.
* Knowledge of computer and/or network security systems,
applications, procedures, and techniques.
* Ability to operate on a scheduled 24-hour on-call basis.
* Knowledge of data integrity methods and techniques a plus.
* Technical writing skills.
* Ability to install, maintain, modify, and upgrade MySQL.

About our Company
Founded in 2001, Online Buddies Inc., continues to enjoy extraordinary growth as we achieve worldwide recognition for our product range of alternative lifestyle online personals; each providing safe, friendly and exciting sites through which members can express themselves, communicate and interact with one another as they wish.

Our Mission is to build upon our reputation as an internationally regarded leader for online personals as well as an organization that positively impacts the communities we serve. We work to accomplish this goal through partnerships with local, state and federal health and human service organizations; providing our members with accurate and easily accessible health-related information.

We acknowledge that our success begins with our ability to select a uniquely talented and diverse workforce that is afforded equal opportunity to enjoy both personal and professional growth, contributing to our collective success as we work to achieve our individual aspirations.

Application Instructions (repeated from top)
Application Instructions
Please send cover letter, résumé and sample schema to work@online-buddies.com, with “MySQL DBA” as your subject. The
sample schema should reflect your abilities, so if you send along a schema you would like to see improved, include a description of what you would love to do to that schema to make it better.
Mehlam Shakir, CTO of RippleTech, prescription discusses a practical approach for auditing MySQL databases to meet security and compliance regulations. Hear real-world cases and see a live demonstration of how RippleTech’s Informant solution compliments MySQL by adding a security layer without any performance impact.

For more information on RippleTech’s INFORMANT, mycoplasmosis visit http://www.rippletech.com/

I have to say, I was a bit worried this would be a typical vendor presentation where every other word is marketing speak for how great the product is. It actually just ended up being “here’s how Informant works, and here’s how auditing, security and compliance needs can be met,” presented in a way that’s useful and valuable to anyone who is interested in auditing or security.

Rippletech’s Informant is not only interesting because it’s currently the only software that audits MySQL, but it’s impressive in its simplicity and flexibility. I think my favorite surprise about Informant was that it has the ability to store a user session as just that.

Download the video of the presentation at:
http://technocation.org/movies/mysql/AuditingRippleTech2007MayUGbig.wmv”>http://technocation.org/movies/mysql/AuditingRippleTech2007MayUGbig.wmv

http://technocation.org/movies/mysql/AuditingRippleTech2007MayUGbig.wmv (446 Mb)

Comments are closed.