Share your story to become the next MongoDB Certified Professional of the Year
August 10, 2018 | Updated: March 11, 2019
Has becoming MongoDB Certified affected your life in any way, big or small?
Whether being MongoDB Certified has helped transform your career, connect with your community, or just see the world a little differently, we want to hear your story! MongoDB and the open source community want to learn from your success.
Since 2013, MongoDB has recognized a current MongoDB Certified Professional who demonstrates ingenuity, hard work, and expertise as the MongoDB Certified Professional of the Year. Tell us why you should be the next MongoDB Certified Professional of 2018 by answering a few questions here.
We'll choose a winner with the most interesting and compelling certification story. The winner will receive a free trip to the MongoDB Europe 2018 conference in London, including flight, conference pass, and hotel accommodation.
Submissions are open through October 4, 2018. Submit your entry today.
*See complete contest rules here.
The MongoDB Summer ‘18 Intern Series: From Hackathon to Haskell
Mihai Andrei is going into his senior year at Rutgers University, the alma mater of MongoDB CEO Dev Ittycheria. While Dev received his BS in Electrical Engineering, Mihai is studying Computer Science and minoring in Mathematics. Mihai is also extremely involved in HackRU, a 24 hour student run hackathon at Rutgers. Andrea Dooley : Hackathons are very popular amongst CS students. What roles have you played for Rutgers HackRU? Mihai Andrei : If you are an organizer you’re not able to participate in the event, but this coming year I will be one of two Executive Directors, essentially overseeing the entire thing. In the past I have played the part of Director of Finance for the event, so I know this will be a particularly challenging role, but nonetheless an exciting one. AD : You’ve been involved with HackRU for quite a while. Is that where you first learned about MongoDB? MA : I actually learned about MongoDB during a student demo at a tech talk on campus. The first time I ever used MongoDB was at a previous internship for a data warehouse application we were developing. I was looking online for internship opportunities in the software industry and came across an opening for the MongoDB internship program. AD : What made you interested in interning at MongoDB? MA : My previous experience interning has mostly been with financial institutions, so this time around I wanted to take a different route to a company with more emphasis on tech and tech culture. I was able to get a good sense of the culture during the recruiting process, so I was really excited when I got the offer. AD : Did you know our CEO was a Rutgers alum? MA : I learned that Dev attended Rutgers a bit later on, but I think it’s really cool that someone from my university became the CEO of such an awesome company. AD : What MongoDB Eng team are you on, and what projects were you responsible for this summer? MA : I’m on the query team working on the MQL model, which is a model implementation of the query language built from scratch, serving as a reference. The reason for creating it from scratch is to identify flaws and iron out changes for future implementations, and the model can be a point of reference for how we create future versions of the query language. There are some flaws in the current version of the language that need sorting out for future iterations. AD : What were some of the flaws present in the query language? MA : An example of a flaw in the query language is the difference between find and aggregation projection. They are ambiguous and one will allow you do things the other doesn’t. For example, in aggregation you are able to use nested documents to specify how to project your output. That is not possible in find, but in find you have special operators to customize an output for arrays such as $elemMatch that you can’t use in aggregation projection. The ultimate goal is to unify the semantics. AD : Did you have any previous experience working to improve a programming language, or did you find there was a learning curve? MA : I took a programming languages class last year so I was able to learn about what goes into creating a programming language. I spent my first few weeks at MongoDB learning Haskell. I had to sit down with other team members to go through the code base and get ramped up. It’s been very rewarding from an educational and experience standpoint. AD : What would you say is one key takeaway from your experience at MongoDB this summer? MA : Beyond learning a new programming language and what goes into writing the MongoDB query language, what I wanted to get out of my summer internship was to learn how to develop software more collaboratively. MongoDB has a code review process, so you’re given a ticket but just completing the ticket is not enough. You have to run it by other members of the team to ensure it meets expectations. There’s been really great quality control feedback from the team. AD : How has the level of feedback helped to benefit you as an engineer early in your career? MA : Every week I sit down with my mentor for a thirty minute one on one to discuss how things are going. The continuous feedback has been very helpful because it helped me to improve the quality of the comments I left in my code. It was easy for me to understand what I did and how I did it, but I learned that you need to be very thorough in order for other people to understand as well. AD : What would you say to someone considering an internship opportunity at MongoDB? MA : I would absolutely recommend it. It’s a great environment to intern in, and I have really been able to grow my skills. The work is very challenging, but very rewarding, and I understand exactly how my project is going to impact the work my mentor and other members of the query team will continue doing after I leave. To learn more about the MongoDB internship program, click here .
Security in Government Solutions: Why Secure By Default is Essential
Data security in government agencies is table stakes at this point. Everyone knows it’s essential, both for compliance and data protection purposes. However, most government agencies are working with solutions that require frequent security patches or built-on tools to protect their data. Today, the federal government is pushing its agencies to move to modernize their solutions and improve their security posture. For example, the DHS and Cybersecurity and Infrastructure Security Agency’s recently issued technical rule for modernization of the Protected Critical Information Infrastructure program – a program that provides legal protections for cyber and physical infrastructure information submitted to DHS. “The PCII Program is essential to CISA’s ability to gather information about risks facing critical infrastructure,” said Dr. David Mussington, Executive Assistant Director for Infrastructure Security. “This technical rule modernizes and clarifies important aspects of the Program, making it easier for our partners to share information with DHS. These revisions further demonstrate our commitment to ensuring that sensitive, proprietary information shared with CISA remains secure and protected.” So how can government agencies modernize their data infrastructure and find solutions that not only protect data but also power innovation? Let’s look into a few different strategies. 1. Why secure by default is key Secure by default means that any piece of software uses default security settings that are configured for the highest possible security out of the box. CISA Director Jen Easterly has addressed how using solutions that are secure by default is critical for any organization. “We have to have [multi-factor authentication] by default. We can't charge extra for security logging and [single sign-on],” Easterly said . “We need to ensure that we're coming together to really protect the technology ecosystem instead of putting the burden on those least able to defend themselves.” “The American people have accepted the fact that they’re constantly going to have to update their software,” she said. “The burden is placed on you as the user and that’s what we have to collectively stop.” Easterly is right. Secure-by-design solutions are vital to the success of data protection. The expectation should alway be that solutions have built-in, not bolt-on security features. One approach that’s gaining traction both in the public and private sectors is zero trust environments. In a zero trust environment, the perimeter is assumed to have been breached. There are no trusted users, and no user or device gains trust simply because of its physical or network location. Every user, device, and connection must be continually verified and audited. As the creator of zero trust, security expert John Kindervag, summed it up: “Never trust, always verify.” For government agencies, that means the underlying database must be secure by default, and it needs to limit users’ opportunities to make it less secure. 2. Security isn't just on-prem anymore; cloud is secure, too Cloud can be a scary word for public sector organizations. Trusting your sensitive data to the cloud might feel risky for those who handle some of the country’s most sensitive data. But, cloud providers are stepping up to meet the security needs of government agencies. There is no need to fear the cloud anymore. Government agencies and other public sector organizations nationwide are navigating cloud modernization through the lens of increased cybersecurity requirements outlined in the 2021 Executive Order on Improving the Nation’s Cybersecurity . “The Federal Government must adopt security best practices; advance toward Zero Trust Architecture; accelerate movement to secure cloud services, including Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS); centralize and streamline access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks; and invest in both technology and personnel to match these modernization goals.” Also, the major cloud providers are well established, purpose-built options for government users. AWS GovCloud, for example, is more than a decade old and was “ the first cloud provider to build cloud infrastructure specifically designed to meet U.S. government security and compliance needs.” This push by the federal government toward cloud modernization and increased cybersecurity will be a catalyst in upcoming years for rapid cloud adoption and greater dependence on cloud solutions designed specifically for government users. 3. Security features purpose-built for goverment needs are essential Government agencies are held to a higher standard than those in the private sector. From data used in sometimes life-or-death missions to data for students building their futures in educational institutions (and everything in between), security has real-world consequences. Today, security is non-negotiable and like we explored above, it’s especially crucial that public sector entities have built-in security measures to keep data protected. So, what built-in features should you look for? Network isolation and access It’s critical that your data and underlying systems are fully isolated from other organizations using the same cloud provider. Database resources should be associated with a user group, which is contained in its own Virtual Private Cloud (VPC), and access should be granted by IP access lists, VPC peering, or private endpoints. Encyption in flight, at rest, and in use Encryption should be the standard. For example, when using MongoDB Atlas, all network traffic is encrypted using Transport Layer Security (TLS). Encryption for data at rest is automated using encrypted storage volumes. Customers can use field-level encryption to encrypt sensitive workloads which enables you to encrypt data in your application before you send it over the network to MongoDB clusters. Users can bring their own encryption keys for an additional level of control. Granular database auditing Granular database auditing allows administrators to answer detailed questions about systems activity by tracking all commands against the database. This ensures you always know who has access to what data and how they’re using it. Multi-factor authentication User credentials should always be stored using industry-standard and audited one-way hashing mechanisms, with multi-factor authentication options including SMS, voice call, a multi-factor app, or a multi-factor device, ensuring only approved users have access to your data. MongoDB Atlas for Government: Purpose-built for public sector As we’ve discussed, solutions that are purpose-built with built-in security are ideal for government agencies, and choosing the right one is the best way to keep sensitive data protected. MongoDB Atlas for Government on AWS GovCloud recently secured its FedRAMP Moderate authorization thanks to these security measures built into the solution. FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. To ensure the utmost levels of security, Atlas for Government is an independent, dedicated environment for the U.S. public sector, as well as ISVs looking to build U.S. public sector offerings. Public Sector organizations carry a heavy burden when it comes to keeping data protected. However, with the right data platform underpinning modern applications – a platform with built-in security features – progress doesn’t mean you have to compromise on security. Want to learn more about data protection best practices for public sector organizations? Attend our upcoming webinar on April 12 for deeper insight .