Minimally Viable Security

Posted on January 5, 2026 by way0utwest

Security has been a constant concern for many IT professionals over the years. Many of us are trying to implement better security controls, and yet at the same time, we try to avoid anything that slows us down. Security clearly hasn’t been a big enough concern, as we’ve had more than our share of SQL Injection issues. These often come about from poor practices, lack of education, and too many people not learning to adopt better habits across time.

We’ve also had no shortage of lost backups, open cloud buckets, and more over the years. While security (or cybersecurity) is listed as a concern for tech management, they are quick to avoid slowing down any development or deployment of software. While it is easier to get time for patching these days, it’s still not easy. There are plenty of organizations that prioritize resources spent on tasks other than patching, upgrading systems, or training developers.

One of the ideas in modern software development is to often build an MVP, a minimally viable product, where we can test ideas and determine if our solution is worth pursuing. This could be a greenfield application, or even a feature enhancement to an existing system. In the age of GenAI, vibe-coding, and more, this might be MCP or agent-based AI additions to software that are being developed and enhanced rapidly, incorporating feedback from customers.

If we allow minimal amounts of features to test things, shouldn’t we have minimal levels of security as well? That’s the thrust of a blog post from Forrester that discusses how we might look forward in 2026 to protecting our digital systems. There ought to be a minimum set of controls, testing, and more that ensures we can build software that doesn’t cost more from security issues than it generates in revenue. This might be especially important in the age of GenAI-coding where we can have less experienced engineers or even helpful agents committing lots of code they expect to deploy to production.

Education is important here to ensure everyone is aware of your MVS (minimal viable security) before they get too far along. It might be especially important in helping others guide their GenAI tools to ensure security is being considered early on. Adding in security requirements as a standard for your tools, such as in a Claude.MD file is a best practice that should be required for all future software development. You never know who might start to add AI coding tools or agents to your codebase, so be prepared now.

Education isn’t enough. It’s too easy for someone to forget what they learned. It’s also easy to assume many people have learned something when they haven’t. To me, part of an MVS is ensuring you have a framework or platform that can test all code and ensure that your systems are being securely built and deployed. This includes third-party software, especially SaaS products, where vendors might be tempted to sell you their own MVP without any MVS.

Steve Jones

Listen to the podcast at Libsyn, Spotify, or iTunes.

Note, podcasts are only available for a limited time online.

Posted in Editorial | Tagged , , | Leave a comment

Monday Monitor Tips: Learning While Using the Tool

Posted on January 5, 2026 by way0utwest

A customer was asking about what certain items in Redgate Monitor mean. They have a variety of skills on their staff, and they have developers accessing Redgate Monitor. This post explains how your staff can start to learn a bit more about SQL Server as they use the tool.

This is part of a series of posts on Redgate Monitor. Click to see the other posts.

Tool Tips

There are lots of little tips and documentation available in Redgate Monitor. These have been added with various references to help you learn more about the data collected by Redgate Monitor, as well as assist you in tuning your system for optimal performance.

For example, there is an Impact column when I look at a server and see the queries that have run. Next to this is a question mark in a blue circle. Clicking this lets me learn about what this column is and how it is calculated.

2025-12_0281

Similary, if I didn’t know what a Logical Write was, I can click this item and see where the data comes from. I also get a link to the Microsoft documentation at the bottom.

2025-12_0282

If I want to see actual plans rather than estimated ones, I have a link by the details of a query that sends me to the Redgate Monitor docs.

2025-12_0283

Below this I see waits that are significant. Next to the wait description, I can learn about what this wait means.

2025-12_0284

If I click this, I get a long description of what this is and where I might look to investigate this or fix it.

2025-12_0285

In the Alerts section, there is a description tab for each Alert. If you check this, it explains what this alert is, when it is raised, and potential reasons. Here is the Disk Space alert description

2025-12_0287

Here is the one for Job Failures.

2025-12_0288

If you are analyzing metrics, we give more details when you select a metric in the Analysis tab. This is handy if here are metrics you don’t understand and want more information without spending time Googling or asking an AI.

2025-12_0289

We even have some guidance in the Estate tabs, such as this tooltip on the License Req column. We let you know what we are showing and why, and a link to guidance from Microsoft.

2025-12_0290

Summary

This post shows some of the places where you can learn more about how Redgate Monitor works, or how you should use the data displayed. There are many more places inside the product where you get assistance that helps you get the most out of your monitoring solution.

SQL Server, PostgreSQL, Oracle, and other platforms have become very complex. Redgate Monitor tries to help simplify your workload by giving you a single pane of glass across the cloud, different platforms, and different environments, but it can be hard for anyone to manage an estate.

This post gives you an idea of how Redgate Monitor tries to help you learn, or reminds you, of what you’re seeing.

Redgate Monitor is a world class monitoring solution for your database estate. Download a trial today and see how it can help you manage your estate more efficiently.

Posted in Blog | Tagged , , | Leave a comment

The North Star for the Year

Posted on January 2, 2026 by way0utwest

It’s the beginning of the year, and some of you likely have today off. But plenty of you are at work, moving slowly through this Friday at the start of the year—handling busywork, catching up on maintenance you’ve let slide, or preparing for the tasks you know will start coming Monday.

At Redgate, most engineering teams work toward a North Star goal: a high-level direction that guides your various tasks. Perhaps it’s growing a customer base or achieving an overarching product specification. For example (this is completely made up), one North Star might be achieving feature parity across all platforms for SQL Compare.

Many people set New Year’s Resolutions to adjust their behavior for the year ahead. Many of us also need to set work goals—often SMART goals—that support company direction or personal ambitions. I’m setting mine for Q1 right now, though we’re still negotiating the exact items and measures. Some organizations require these in December, others allow January. Some require them multiple times throughout the year.

As we kick off the new year, take a few minutes to think about where you’d like to be at this time next year. What would you like to accomplish? How would you like your career to change before 2027 begins? Whether you formally set goals in your organization, have them assigned to you, or pursue personal aims, the first Friday of the year is likely slower than most—making it perfect for reflection.

Think about your career, your ambitions, and your future direction. Let your dreams and desires guide you.

Set that North Star today and keep it in mind as you move through 2026. It might help guide you toward a better career.

Steve Jones

Listen to the podcast at Libsyn, Spotify, or iTunes.

Note, podcasts are only available for a limited time online.

Posted in Editorial | Tagged | 1 Comment

Advice I Like: Pyramid Schemes

Posted on January 2, 2026 by way0utwest

If someone is trying to convince you it’s not a pyramid scheme, it’s a pyramid scheme – from Excellent Advice for Living

For sure. As much as I am optimistic and think the world is amazing, I also know there are lots of bad people out there. There are especially lots of scams, or scam-ish things happening. I’ve certainly seen a lot of ads for low-quality products trying to compete by producing great ads and exaggerating the benefits.

Pyramid schemes may be less common, but the idea remains. If someone is trying to convince you their offering isn’t a scam, it likely is.

Be careful out there on the wild Internet.

I’ve been posting New Words on Fridays from a book I was reading, however, a friend thought they were a little depressing. They should be as they are obscure sorrows. I like them because they make me think.

To counter-balance those, I’m adding in thoughts on advice, mostly from Kevin Kelley’s book. You can read all these posts under the advice tag.

Posted in Blog | Tagged , | Leave a comment