Vlad Drumea
Principal DBA | SQL Server MCSE | OSCP | PNPT
๐ Biography
I'm a Database Administrator (DBA) specialized in SQL Server performance, security, and automation. With 14+ years in large, mission-critical environments, including substantial Oracle tuning work, I bring a cross-platform edge to every project. Holding a Data Platform MCSE, OSCP, and PNPT, I combine deep database expertise with an attacker's perspective on security. I'm the author of PSBlitz, an open-source SQL Server diagnostic tool, and I write about SQL Server, InfoSec, and PowerShell on my blog.
โจ High-Impact Contributions 5
This is a blog post in which I cover some unpleasant side-effects of using heaps in SQL Server for anything else than staging tables. I focus on side-effects such as forwarded fetches, empty pages not being de-allocated, and how heaps impact row-by-row inserts as well as updates. The impact being that it helps developers make an informed decision on whether heaps are good for their use case or if they should use clustered indexes instead.
In this blog I document my SSMS 22 configuration, while also pointing out new features such as the new tab layout, the ability to rename query tabs, resizing the result grid, etc. I also provide a JSON with my configuration for folks that want a quick way to implement most of the changes. Based on comments I've received when sharing the blog post on LinkedIn and reddit, the impact is that it makes folks aware of config options they did not know exist, as well as making them aware of new features available in SSMS 22.
In this post I go over some useful information that developers should be aware of when working with SQL Server's IDENTITY columns. I try to go as in-depth as possible and cover everything from setting up the IDENTITY column with different seeds, ways of seeing the current value and what might impact that value, what operations can be done on IDENTITY columns, how to reseed when needed, as well as the impact on large inserts. The blog post has been well-received on LinkedIn and it has also been referenced in my employer's internal development documentation.
In this post I explore the impact of SQL Server 2025's PBKDF2 hashing algorithm on password cracking and compare it with SQL Server 2022. For some technical details: PWDCOMPARE on the pre-2025 hash is near instant (0 ms), with the 2025 hash it's 150 ms on average. From a password cracking perspective from inside SQL Server: for 6 logins, with 171121 password candidates at 150 milliseconds per candidate, it would take 154008.90 seconds or 42.8 hours. This blog post has been cited by other professionals in the field as well as by security professionals. There is also a follow-up post in which I replicate SQL Server 2025's PBKDF2 hashing algorithm using pure T-SQL: https://vladdba.com/2025/11/02/replicating-sql-server-2025-pbkdf2-hashing-algorithm-using-t-sql/
A PowerShell-based tool that outputs SQL Server health and performance diagnostics to Excel/HTML, and saves execution plans and deadlock graphs as .sqlplan and .xdl files. Compatible with SQL Server (Windows, Linux, Containers), Azure SQL DB, Azure SQL MI, and Google Cloud SQL for SQL Server.