Wednesday, November 21, 2018

How to Be an MVP in Life -- Launching Nov 27th

We are launching my new book, “How to Be an MVP in Life: Lessons in Living and Leadership from Sports & Tech MVPs” on November 27th. It is available now for Pre-order at Amazon.
Featuring an interview with the 2016 World Series MVP, Ben Zobrist, stories about 2-time Pro-Sports MVPs: Steve Nash, Dale Murphy, Steve Young and Sid the Kid Crosby, as well as interviews with 18 Microsoft MVPs.


Monday, October 8, 2018

Missing the old Directory Experts Conference? Try HIP!

On Monday, Nov 5th, and Tuesday the 6th I will be attending and speaking at the Hybrid Identity Protection (HIP) Conference in NYC. On Monday at 4 PM I will be giving an updated version of Top Lessons Learned from Disasters in Identity Management as well as a sneak peek of my new book, How to be an MVP in Life.

I am very excited to attend this conference. Thanks to Darren Mar-Elia and Micky Bresman at Semperis for putting it all together. This should be a lot like the old DEC -- Directory Experts Conference since it looks like DEC co-founder Gil Kirkpatrick is heavily involved.

I would recommend going to Sean Deuby's talk on Azure AD Protection but he and I are speaking at the same time.

I do highly recommend Brian Desmond's talk about 10 quick Identity Wins with Azure AD, and the Conditional Access Deep Dive with Joe Kaplan.

Wednesday, July 4, 2018

12 time MVP writes book on MVPs


Soon I will be adding the 2018-2019 ring onto this trophy. This makes 12 times starting back in 2007.

The MVP program means a lot to me. So I have written a book about MVPs in both tech and sports. It will be coming out soon. I could use your help with the title.

Thanks,
David

Thursday, May 17, 2018

European Identity Conference 2018 - Wednesday

Jet lag and other issues caught up with me the next day (Tuesday) and I didn't attend any sessions :(

One thing I love is that most presentations including keynotes are only 20 min long so even when we get a terrible one -- we know it will be over soon. But most of the sessions were good and some were great!

My first Wednesday session was listening to Sebastian Goodrick of SUVA and Dr. Jacek Jonczy discussing how agile methodologies did and didn't work well with replacing their existing Identity Management system with another one. Hire an agile coach! Recognize that replacing an existing system is often big bang and so you won't really be pushing out to production, but you can still do sprints.

Martin Kuppinger covered whether it is best to buy best of breed or a suite. The answer -- it depends! But Martin laid out a good model to help us evaluate the suites.

Matthias Reinwarth covered Privilege Management and Access Governance and how they can work together. Although one snag I see is that for access governance you need to have mature policies about who can access what and many organizations are still in adolescence or infancy. Still, it was really interesting to remember that integrating them is a good idea so that when people no longer need to be privileged we remove their privilege.

My favorite of the day was by Joseph Carson who talked about how a light bulb almost allowed pirates to ruin Christmas, in his talk "The Anatomy of a Privileged Account Hack."

Then we had a 20 min panel on How to Establish governance. Some interesting tidbits. Matthias determined that 20 min panels are hard to run but I don't mind it because it forces the panel to be prepared with two or three prepared responses to questions.

After the break, we returned with three sessions on lessons learned, starting with mine on Top Lessons from Disasters in Identity Management. Martin Kuppinger introduced me and wanted to know why I ended up doing the Top 13 lessons instead of Top 10 like I proposed. I told him that 13 is luckier than 10. The reality of it was just based on my stories. As I told my war stories I got some good laughs and lots of great comments. After, three people including Martin shared their stories. Another attendee even emailed me his story.

Following my presentation, Nishant opened our eyes to the importance of user experience. Finally, Andrea revealed something that in hindsight should be obvious that Separation of duties needs to be applied based on the effective permissions rather than roles. Because it is too easy for us to later modify roles in ways that could violate SOD but if our SOD check is merely to ensure that someone isn't in the two roles.

Then we had the evening Keynotes. Of the three, Ian Glazer's merits mentioning. It was very insightful as he presented how to evaluate our skills on competence and reputation. I really enjoyed it.


European Identity Conference 2018 -- Overview and Mon Night

I have spent this week in Munich Germany, where it has been mostly cloudy, lots of rain, and a little thunder.

I have seen a number of familiar faces to those who attended Directory Experts conference: Pamela Dingle, Alex Simons, Alex Weinert, Jackson Shaw, Jonathan Sander, Kim Cameron, and others. Also a lot of faces familiar to those who have attended Cloud Identity Summits: Andrew Hindle, Colin Wallis, Steve Hutchinson, Eve Maler, and Ian Glazer and fellow Microsoft MVP: Naohiro Fujie.

I have also seen a lot of new faces like the people from Kuppinger Cole, starting with Martin Kuppinger, but also Matthias Reinwarth, John Tolbert, and others.

The conference kicked off with a Blockchain slam. Not slamming Blockchain per se, although most examples of Identity and Blockchain are still full of potential and not a lot of practice. Most blockchain based identity proposals have blockchain way off to the side. With most of the proposals, I don't see how blockchain actually contributes value. One presentation showed how their proof of concept system would use blockchain for quick auditing to ensure that their logs have not been tampered with. One presentation got me thinking about potential uses for blockchain. Well, it solves the double pay problem really well without a central authority, so what about Napster, peer to peer sharing? We could use blockchain to ensure that I loan my music copies to one and only one user at a time.

Saturday, May 5, 2018

MIM Join and spaces

Working on a customer's lab and look what I found. They had created (through some other process) two user accounts for the same user, and the samAccountName was nearly identical, just a space, ascii 32, appended to the end of one of the samAccountNames differentiates the two. Apparently, AD allows this.

The account with the space was projected into the Metaverse, and then later in the sync the account without the space attempted to join, and it matched. The join failed because of the ambiguous import flow error. But samAccountName "myuser1" matched samAccountName "myuser1 " already in the metaverse.

Turns out this is a feature of SQL. Not just SQL Sever but the ANSI SQL spec created in 1992 ANSI/ISO SQL-92 specification (Section 8.2, , General rules #3).

Wow! So be aware that everywhere in SQL that we do a string comparison and one side has a trailing space or more it will show up as equal. So the consequence of this to MIM users is that when joining it will treat two strings one of which has trailing spaces as equal and try to join them.

Moral of the story: don't rely on trailing spaces to be the differentiator anywhere in any kind of data.

Thursday, March 29, 2018

Top 10 Lessons from Disasters in Identity Management


I will speak at Kuppinger Cole's European Identity Conference on Top 10 Lessons from Disasters in Identity Management in May in Munich.

With great automation capability comes great responsibility! Come discuss and learn vital lessons gleaned from disasters in Identity Management.

So if you would like your disaster story to be considered for inclusion let me know. I would love to add to the stories.

This will be a fun interactive session.