The mission of the Security Virtual Chapter is to provide guidance and education, and to foster open discussion on security topics as they pertain to SQL Server and its environment.
2014 Presentations
March 2014
Microsoft SQL Server 2014 Countdown: Buffer Pool Extension and Resource Governor for IO
Presenter: Microsoft

Buffer Pool Extension can potentially increase performance of OLTP application by allowing extension of SQL Server buffer pool to non-volatile disks, such as Solid State Drives (SSDs). In addition, enhancement of Resource Governor in SQL Server 2014 on IO allows much better control of physical IO in SQL Server resource pools.

See the full Microsoft SQL Server 2014 Countdown Webinar Schedule at:

Session recording: Streaming video

February 2014
Configuring SQL Access for the Web Developer
Presenter: Kendal Van Dyke

This session will demonstrate the ways that ASP & ASP.NET applications can be configured to make connections to SQL Server from different versions of IIS so that we can keep our servers secure and our DBAs happy. Session Goals:
1) Learn when to use SQL logins and when to use Windows Authentication
2) Understand the concept of impersonation
3) Learn how ASP and ASP.NET applications can be configured to use impersonation to make secure connections to SQL Server
4) Learn how to configure IIS and Windows to support impersonation.

Session slides and code: Configuring SQL Access for the Web ( 679.9 KB)
Session recording: .zip ( MB)

January 2014
Code-Less Securing of SQL Server
Presenter: Argenis Fernandez

Learn from a Microsoft Certified Master how to secure your SQL Server infrastructure and your Windows installations to enhance resiliency and minimize exposure to attacks—all without touching any of your code!

Session recording: 2014-01-23 10.00 Code-Less Securing of SQL Server.wmv (46.9 MB)

2013 Presentations
December 2013
SQL Security Best Practices & Shrinking Your Attack Surface
Presenter: Matthew Brimer

SQL Security is a very broad and scary topic, one which many days could be dedicated to speaking on it. In this session Matt will give a high level overview of what Database Security is, what tools Microsoft gives you to accomplish it and some simple things that you can do to shrink your attack surface.

Slide deck and other session files: Database Security.pptx (1499 KB)
Session recording: (331.7 MB)

November 2013
Presenter: Andy Warren ( blog|@sqlandy)

Are you storing or planning to store credit card numbers? If so, you need to learn all you can about the requirements for PCI compliance. We'll cover how PCI works from the requirements to the final audit, and eveything in between that you'll need to know something about. We'll talk about encryption, key management, logging, alerting, administration access, granular permissions, tokenization, and as much more as we can fit into an hour. It's a complex topic, but that just makes it more interesting!

Slide deck and other session files: PCI for the SQL (2.1 MB)
Session recording: PCI For The SQL DBA (50.4 MB)

Implementing a HIPAA Compliance Strategy with SQL Server
Presenter: Brandon Leach (@SQLServerNerd)

HIPAA puts a lot of responsibility on our companies and compliance can be hard to maintain. Today medical data is more valuable on the black market than a social security number or a credit card. As DBAs we're charged with the security of our data and thus act as front line defense. In this hour long session We'll delve into the Health Insurance Portability and Accountability Act (HIPAA) and what implications it has for us as data professionals. We'll discuss SQL Server best practices that can help protect ourselves, our company, and the people whom we serve. We'll also dive into features in SQL Server that can help in this endeavor.

Slide deck: ImplementingAHIPAAComplianceStrategy.pptx (1341 KB)
Session recording: (35.64 MB)

August 2013
Cure your sysadmin addiction
Presenter: Ronald Dameron

Learn how to use the Separation of Duties Framework and a Privileged Identity Management suite to minimize the permissions needed by DBAs to do routine work. I'll review the Separation of Duties Framework and an easy to implement, low hassle solution that provides DBAs the minimum necessary access required to maintain the server but not be able to view user data. I will prove that sysadmin is not always required more often than most DBAs think. Also, attendees will learn how to define a permission set with a single script that allows your company’s DBAs to do routine work and how to elevate DBA permissions quickly to respond to production emergencies.
Slides and demos: (668 KB)
Session recording: Not available due to technical difficulties.

July 2013
SQL Server Encryption Decrypted
Presenter: K. Brian Kelley (blog|@kbriankelley)

In this session we'll look at Microsoft SQL Server's built-in encryption options and how best to use them. We'll discuss best practices with respect to speed and security in the options available to us. Also, we'll briefly cover Transparent Data Encryption, a new feature in SQL Server 2008 Enterprise Edition, which encrypts the whole database at rest.

Slides and demos: (248 KB)
Session recording: 2013-07-18 10.02 SQL Server Encryption (22 MB)

For updates on future meetings and events, follow us on Twitter at @PASS_SecurityVC.