PASS Board Elections Update: Protecting PASS Member Information

Sept. 27, 2014 – As many of you know, to help manage this year’s Nomination Committee (NomCom) and Board of Directors elections, PASS implemented a web-based online voting system called Simply Voting, one of the largest and most respected online voting solutions.

In response to questions about the security of member passwords in the voting process, we wanted to share how member passwords were communicated and authenticated between PASS and Simply Voting in June’s NomCom elections, as well as the steps taken to add SSO integration for Simply Votes and to add SSL certificates to all PASS websites to better secure member login information for this year’s Board elections and beyond.

To the best of our knowledge, no PASS member information has ever been compromised or misused by any party. However, protecting the integrity and security of PASS members’ information is paramount. With the steps we’ve taken to tighten security, explained below, we ask that all members take the opportunity this weekend while this information is fresh in your mind to update your password. With these changes, you can make your updates with confidence that your profile information is secure. 

SSO Integration for Voting
In our initial implementation of Simply Voting for the NomCom election, we used the system’s standard security option, which prompted the voter for his/her PASS username and password. Simply Voting then passed those credentials via SSL to PASS for validation and at no time stored the voters’ login information.

Simply Voting is certified with TRUSTe, the same certification used by websites such as eBay, Apple, and those of other retail giants. And while the standard Simply Voting implementation is faster and easier for organizations to deploy and the single link to the ballot is more straightforward for voters, there is still risk – however small – associated with giving a third party access to login data.

During the NomCom elections, several community members contacted PASS about the process and expressed concerns about that risk. The PASS Board agreed with the community’s concerns and implemented the stricter single sign-on (SSO) security protocol with Simply Voting for this and future PASS elections.

In the updated SSO solution for the PASS Board elections, voters log in to sqlpass.org to access a personalized voting URL that redirects them to the ballot on Simply Voting. No external log-in is required.

IT updated the API with Simply Voting and made the necessary UI changes under myPASS to set up and display the voting URL to eligible voters. The extra effort was well worth it to ensure the security of member information. While we appreciate that Simply Voting is a TRUSTe certified vendor, the security of our members’ information is our utmost concern.

SSL Certificates for PASS Websites
However, we weren’t quite finished. Community members noted this week that we still had a security vulnerability because PASS’s website didn’t have SSL certificates installed. In the case with Simply Voting, a query string containing the username and salted hash (composed of the username and a system security passphrase) is passed from the PASS website to Simply Voting, which validates the information and allows the member access to his/her ballot. Without an SSL certificate to validate our website's identity and encrypt all information sent to and from it, that string is still viewable and potentially vulnerable.

Over the past 36 hours, the PASS IT team applied SSL certificates to the main sqlpass.org site, our event sites and VC/Chapter sites, as well as SQLSaturday.com (public and admin sites). This effort resolves both the Simply Voting query string issue and the issues our members have raised about overall login security on our sites themselves. 

For the peace of mind and security of all PASS members, and especially those who voted in the NomCom elections, we ask that you please take a moment to update your password if you haven’t already. Note that all member passwords are encrypted in the database.

We apologize for the oversight in not having SSL certificates implemented earlier and for the inconvenience this has caused.

Thanks to everyone who provided feedback on better securing PASS’s environment and member information, and please let me know if you have other questions or concerns.
– Adam Jorgensen,
PASS Executive VP, Finance and Governance


FY2015: Supporting Another Year of Growth

August 19, 2014  As PASS moves into a new year, I'm excited to announce that the Board of Directors has approved the Fiscal Year 2015 budget and positioned our organization for another great year of growth and service to the data community.

This year's budget process highlighted – perhaps more than ever before – the incredible community expansion that PASS continues to experience. We saw an array of innovative ideas from Board members, community volunteers, and HQ department heads that build on those successes, and I'm excited that many of those are in the budget and underway.

Budget planning and approval can be a long and tedious process, but this year’s tasks were accomplished well within our timeline, thanks to engaged Directors and portfolio owners and the strong relationships they have with their HQ counterparts. In addition, our Finance team worked long hours to assemble research and make the numerous changes that occur during the process, all while keeping our many stakeholders informed. They deserve our huge thanks!

To increase accountability and transparency, we focused this year on budgeting for our current initiatives and goals while committing to revisit further investments through our open budget-exception process for new ideas and future projects. Some key areas of focus in the FY2015 budget include:

    • Continuing support for SQLSaturday, Chapter, and Virtual Chapter growth around the world, capitalizing on amazing year-over-year performance in those portfolios 
    • Exciting growth of our major events, PASS Summit and the PASS Business Analytics Conference
    • Strategic planning and activities for growing and engaging our business analytics community
    • Increasing focus on our Global Alliance Program to continue its early success in aligning with key partners from the data community 
    • Continuing IT investments to modernize our platforms and take advantage of technology to enable a stronger, more connected community 

As you know, PASS generates a significant portion of its revenue from our event platforms. We are back in Seattle November 4-7 for PASS Summit 2014 and expecting our biggest and best gathering of SQL Server and BI professionals ever. Don't miss our all-star lineup of amazing sessions, non-stop opportunities for community engagement and networking, and perhaps even your first SQL Karaoke experience. We hope to see you there – if you haven’t already signed up, I encourage you to register today.

In addition, the PASS Business Analytics Conference is returning to Silicon Valley in 2015, and we expect this event’s growth to match the increasing community interest and enthusiasm in the analytics space. We have a strong group of influencers helping drive this event, and we're excited about its potential for PASS.  

From the governance side of the house, just a reminder that the PASS Board of Directors election is coming up next month. Thanks to our Nomination Committee members  for all the time and effort they’ve dedicated to helping streamline the application process for candidates and the work they’ll be doing over the next weeks to help you get to know the candidates. PASS supports the greatest community of technical professionals in the world – it's hard not to want to be a bigger part of that. Thanks and good luck to everyone who applied to run for the Board this year. I’m looking forward to a lively campaign season as the candidates and community discuss how to make PASS even better. 

It’s thrilling to see everything happening right now in PASS, our industry, and the data world at large. We're excited to share these experiences with you and help community members continue to connect, share, and learn. I can't wait to see you out there!
– Adam Jorgensen
PASS EVP, Finance and Governance
@ajbigdata


The Future of PASS

February 6, 2013 – PASS just wrapped up its first Board meeting of the year and, as the minutes* will show, we passionately discussed the future of PASS. We must continue to service and grow our existing community but also recognize the need to meet the changing demands of insight-driven organizations. Our challenges are similar to those your firm or customers are experiencing. PASS needs more data, better ways to analyze it, and a renewed focus on solving business questions instead of focusing directly on tools.

Chris Webb’s recent editorial  touched on this need for change. I agree with Chris’ position that organizations are driving toward more and more analytic insight. This insight goes beyond system performance, beyond report speed, and even what kind of charts or graphs to use. Today’s companies must explore their data in new ways, use more of it to model better decisions, and do it faster and more nimbly than ever before. They don’t care how it happens so it’s up to us to figure it out. What an exciting opportunity for all of us to tackle this challenge together. 

I feel blessed to work in an industry with so many strong players and vendor solutions that embrace the Microsoft Data Platform—giving us a strong lineage for the types of self-service solutions our companies and clients are looking for. The upcoming Business Analytics Conference focuses on these types of solutions. We’ve got sessions for the power analyst, BI practitioner, Excel guru, data scientist and anyone who is involved in solving these types of challenges for their executives. I know Chris said he is coming to the conference, and I’m looking forward to seeing him there.  Those of us in the business intelligence field have long wished for this type of knowledge sharing to help bridge the gap between building these solutions and achieving viral adoption— with the goal of having our organizations use these analytic-based solutions to their fullest potential. 

My challenge to you: explore the tools in this new area. We’ve got our Big Data and Business Analytics Virtual Chapters set up to start the transition and a top notch line of speakers for this inaugural event! I have carefully reviewed the program for the Business Analytics Conference and am very excited. It’s been a long time since we had more than a new cool feature to be excited about in the data platform space. These new tools, techniques and cross platform solutions are the kind of things a database person’s dreams are made of! I can’t wait to see you there. Stay up to date on the latest by following @sqlpass and @passbac.

* Board meeting minutes will be available at the end of February.
 

Top Speakers Invited to Submit Spotlight Sessions

They’re back! Favorite speakers from PASS Summit 2011 were invited late last week to submit special 90-minute Spotlight session abstracts for this year’s conference.

Spotlight sessions highlight top-rated Community speakers, as determined by attendee evaluations. To receive a Spotlight invitation, speakers had to receive an overall rating of 4.6 or higher for their PASS Summit 2011 session (excluding Lightning Talks and Chalk Talks), with a minimum of 15 attendees and 15 submitted attendee evals.

This year, 27 speakers received a Spotlight invitation and are also welcome to submit Regular and ½-Day sessions, up to an overall total of four submissions. If they meet the speaker requirements for Pre-Conference sessions, they can submit two pre-con abstracts as well. All Spotlight abstracts not selected for a 90-minute Spotlight session will be considered for a regular 75-minute session. (See the PASS Summit 2012 Call for Speakers for all the details.)

Congratulations to all the fantastic speakers who received a Spotlight invitation – we can’t wait to receive your abstracts!
– Adam | Adam.Jorgensen@SQLPASS.org | @AJBigData

 

In the Loop with PASS Summit

We've got some great things going on in the PASS ecosystem and I want to make sure you’re looped in!

The 2012 PASS Summit Preference survey has closed with nearly twice as many responses compared to last year. Thank you! Your feedback will help drive the content at PASS Summit this year.

On that note, the Summit Call for Speakers is open to all community and Microsoft presenters and I encourage you to submit an abstract by the May 13 deadline. You'll need to use your PASS member login to access the Call for Speakers site. If you don't have a login, you can create one now. This year’s program will span over 6 tracks and you can put forward up to 4 session abstracts and 2 pre-conference abstracts. It’s going to be great!

We have selected the remaining folks to help with the program committees. This excited group of volunteers is being notified of their committee assignments and going through training so we will be ready to get going as soon as the Call for Speakers closes. The invitations for spotlight sessions are also going out this week so keep your eye out, you might be invited to submit one of these sessions!

The PASS Summit Program portfolio is moving along nicely with great input and support from the rest of my team of board members. The best feedback I get however is from you, so please keep that coming. Stay on the lookout for my upcoming blog interview with Mike Lynn, our winner from the drawing we held from survey respondents. Mike will get a chance to share what he would like to see at PASS Summit, what he thinks about PASS and how we can continue to become more relevant to each of you in your day-to-day data world.

PASS SQLRally Dallas is upon us next week and this is incredibly exciting. I’ll be attending my second board meeting at the event and delivering some sessions with the rest of a tremendous cast of characters (yes I think you are all characters)! If you have not already done so, please consider making it out to the event and if you’re coming, take advantage of some of the amazing pre-cons that are happening. 

Speaking of board meetings, I am looking forward to this one. My first experience was better than expected and the group really aligned quickly to begin delivering on some commitments and planning for awesome happenings this year. There are some big topics to discuss, fun Summit planning, and some special projects being worked on by some great volunteers. Stay tuned for more info on some of these great initiatives.

– Adam | Adam.Jorgensen@SQLPASS.org | @AJBigData
 

What Do You Want to See at Summit?

Hey, SQL pros!

I’m excited to announce the first milestone from your hardworking Program Team! In the past, we have done a survey that asked you to help us get inside your head. (We were disturbed at what we saw, but we’re coming back anyway. :) We do this so we can find out what you’d like to see at PASS Summit – we use the information you share to help drive the session types and content we’ll be looking for soon when we launch the call for speakers. The survey gathered great information, but it was soooo looong and took a hunk of time to complete, so we’ve streamlined!

You can take the slimmed-down survey today at http://www.zoomerang.com/Survey/WEB22FAETXUTRH. The new survey has been reduced by over 50% in length and should take you only 60-120 seconds to complete. To help sweeten the pot, we’re giving you the chance to win a complimentary pre-con registration (whoa!) and a blog interview with me to share what you’d personally like to see at Summit. But don’t wait – the survey closes in 1 week, on April 11. Once the survey votes are tallied, we’ll draw for the winner.

This year, the Program Team aims to showcase the new and improved processes we’re putting in place to help make the Summit planning, session selection, evaluation, and feedback mechanisms more straightforward and streamlined. We will keep working with you to make Summit the most community-integrated event possible, always improving and learning.

You represent the strongest technology community out there (in my humble opinion), and your opinions give us the direction we need to implement the continuous flow of great ideas coming out of our volunteer teams. But we need everyone’s feedback. So get started on the survey now. Tell your friends and coworkers to take the survey, and get your dog or cat to take it too (this may not apply to you – maybe only my dog knows T-SQL).

And as always, let us know how we can keep making your PASS experience better. Reach out to me any time at Adam.Jorgensen@sqlpass.org with questions or feedback.