Session Evaluations from “SQL Server Security from the Ground Up”

I was recently given the opportunity to speak at Pass Summit. As always (this is the second time) this was an amazing opportunity for me and I really appreciated it. This particular session is one I’ve given a few times and I’m the most comfortable with. Possibly too comfortable but I’ll get to that in a minute. Our session evaluations came back recently and I thought I would share.

48 responses out of 172 attendees. Not bad numbers if you ask me. The response rate is a bit over 25% which is pretty good from what I understand. I was surprised and pleased at the number of attendees. I was part of the Security Learning Path so that might account for it.

Ratings

Over all I was quite pleased. The lowest value was on How well did this session meet your expectations and based on the comments I’m guessing this was primarily because people thought the session was too basic and/or didn’t cover what they specifically wanted it to. I’m a little surprised at the balance of education content vs sales etc since I had absolutely no sales or marketing in the session. I guess some people felt there should have been more?

Comments

I’m skipping the comments about the event logistics since there isn’t much I could have done there. That’s basically about the room and temperature and such and so has very little to do with me.

How well did the sessions title, abstract etc align with what was presented?

• Abstract says we would be learning the why of security but seems lacking.
• This was perfectly well described.
• I didn’t realize when I went to this session that it was level 100. I saw the security track under my schedule and decided to take them. Only on the web version is the level given. It was way too simple for me and i had to redo my whole schedule. The level should be marked every where. Maybe even after the title. Wasted time looking at events for junior dbas.

 
This actually is a nice cross section of what I expect with these things. One was “You did a good job” which I always appreciate. One was something I had very little control over. I mean I wasn’t given any input on how the schedule looked and I ran into similar issues. The title has “From the ground up” and I mention that it’s a beginner session in the first few minutes of the session I’m hoping that’s enough to demonstrate it’s a beginners session. And one was actually very useful. Looking back at the session the why of security is probably a bit lacking. I’ve focused a lot more on the how.

How well did this session meet your expectations?

• Hoping for info on encryption; but, understand that it wasn’t in scope.
• Ken discussed the relevant information on SQL security and laid the ground work for the future sessions in This years PASS security thread
• Not the level I expected, but still a good presentation
• A little lower level than I thought but that may be me.
• Little too slow in the beginning
• This should have taken a deeper dive into security best practices.
• Was hoping for a little more advanced security functions covered.
• I think you should cover ownership chaining, as this is a core feature in the SQL Server security model.
• Tough topic, wish had more time…or perhaps sessions 1,2,3 that were back to back? Hoped to take more away
• Excellent presentation. I was familiar with majority of the subjects discussed, which improved my self confidence. However, i was able to pick up a very valuable tip, which will make my job easier
• This session was excellent. I got many good tidbits to take home and utilize.
• There were number of important points were missing such as
  sp_configure settings which is a potential security risk
  sql logins , DAC related security issues and BP
• After going back and reading the outline I was mistaken as to the 100 level
• I thought this would be more of an intro class on SQL server security. Instead, it focused more on granting permissions, etc. that we do not do in our current role.
• I would have liked more depth

 
Lots of comments here. Most of which were topics they wished I’d covered. Unfortunately I have a limited amount of time and bairly cover what I have in there. And again, yes it’s basic but that’s the intent. I did appreciate the comment from the person who said they already knew most of it but it was still helpful. I feel the same way about a lot of basic sessions. A few things I did take away were that I need to work on the interest level of the beginning of the presentation and maybe change the abstract to point out this is mostly a very basic how to.

Session or speaker comments

• The session was not a marketing session. The session outlined the technical definitions and usage of permissions within SQL Server
• A bit dry but well spoken.
• Loved the speaker’s approach to the content.
• Speaker was very clear and available for further questions. Excellent session.
• Really made it easy to understand! Thank you!
• Speaker had long monologues…just few questions taken
• Speaker kept it interesting
• I didn’t stay because there was another session that I felt I would get more value from
• SQL Security is very important in our shop. This was a great reference to make sure we are following best practices.
• For future sessions, I recommend giving a clearer picture of what the session will cover as well as recommended jobs that would be relevant to this course (i.e. DBA’s, etc.)
• A good speaker who knows his stuff

 
Even more very nice comments and a few helpful criticisms. Specifically, again, I need to work on my abstract. I’ve always thought it was pretty clear but I’ve had enough people comment on it now I think I need to re-do it. The long monologues and dry comments tell me I need to work on making things a bit more interesting. This is where I wonder if I’m a bit too comfortable with this session. I’ve tried to put a few humorous stories in there but I have a dry sense of humor so they may not be coming off the way I want. The comment on questions bothered me a bit. I hope I didn’t miss anyone’s questions. I didn’t notice any raised hands that I didn’t get to but I certainly could have missed something.

Oh and the comment that they left to go to a session they felt they would get more value from? I think that’s fantastic. The whole point of Summit is to learn. If you are going to get more from someone else by all means, I encourage you to go there. No one was disruptive as they left (and a few did) so it’s all good.

Over all I was really pleased with how things went. I don’t speak frequently but almost always enjoy it when I do. And the comments and ratings are truly a gift. Which ties in nicely with T-SQL Tuesday earlier this week.