Archive for 2011
Becoming a sought-after industry expert requires dedication, planning, and hard work. Here are some things you can do to make it happen
You have long years of experience in the IT field and you really know your stuff. But when you go to conferences or offer to speak to local user groups, nobody knows your name and you can’t command the high consulting rates the IT superstars are bringing in. How do you establish yourself as an expert in this industry and build a reputation outside your own organization? It requires a lot more than just being good at your job. Here are 10 things you can do to get yourself recognized as one of the IT elite.
1: Gain experienceEven though IT experience isn’t enough to get you recognized as an expert in an industry that’s filled with experienced IT pros, it is the first prerequisite. No matter how brilliant you are, regardless of the fact that you were building your own circuit boards as a kid and made straight A’s in comp sci, real-world experience still counts. You probably won’t begin to be taken seriously until you’ve been working in the real world in some capacity for at least five years (10 is better).
The good news is that the form your experience takes can be flexible. It can be gained through working in the corporate environment, doing IT work in the military or for a governmental entity, running your own IT-related business, consulting, etc.
If you’re a midlife career changer (as both my husband and I were), you can even leverage your experience in a different field to help build your reputation in IT. As a former law enforcement officer, I had “instant credibility” in the areas of security and cybercrime. Tom, an M.D., was able to speak more authoritatively on IT subjects related to medicine and health care, such as HIPAA compliance, than someone without that background. And that brings us to the next tip.
2: Concentrate on a specialtyThe IT field has grown to the point where, as with the medical field, it’s impossible for one person to master all of it. If you try to be a jack of all trades, you’ll probably never become enough of an expert in anything to stand out from the crowd. Sure, it’s possible to be an IT generalist, but the quickest route to “fame” (and some measure of fortune) is to find yourself a niche.
When Tom and I started to build our reputations in IT, we began by specializing in Microsoft’s ISA Server, later branching out to firewall technology in general and then to the broader field of computer and network security.
You can focus on a particular product as we did, on a brand (such as becoming an expert in Microsoft technologies or Cisco technologies), on a branch of IT, such as security or network interoperability or mobile computing, or on a subfield, such as cryptography or computer forensics or scripting. The key is to pick something that really interests you, something you can get enthusiastic about — because enthusiasm about your area of expertise is what others pick up on and it’s what sets the top “experts” apart from others who know just as much (or sometimes more) but to whom it’s all “just a job.” The second important factor in choosing a specialty is to pick one where there is currently no one established expert. That leads into our next tip.
3: Take ownershipOnce you’ve decided on an area of expertise, your goal should be to take ownership of that particular product or topic area. You want to become the person whom everyone thinks of when they think about that topic. You want your name to be inextricably associated with SSL VPNs or VoIP security or whatever you’ve chosen as your specialty area.
If you don’t like being locked into such a narrow area, don’t worry. Remember that this is advice for becoming recognized in the field. After you’ve accomplished that, you can branch out to other technologies. For years, Tom was known as “Mr. ISA Server.” Then ISA became a part of Microsoft’s Forefront family and he became known for his knowledge of Unified Access Gateway (UAG), as well as ISA’s successor, the Threat Management Gateway (TMG). That led to expertise in DirectAccess, which is part of UAG but also part of Windows Server 2008 R2, and so forth.
4: Start smallNo matter how ambitious your ultimate goal is, you’re more likely to attain it if you’re willing to start small and get there in increments. Begin by becoming well known and respected in one particular venue — such as on a particular Web forum or within a local IT user group. Hone your leadership skills and become a big fish in these small ponds, and that will lead to opportunities to swim in much bigger waters.
When Tom and I started our IT consulting business back in the 90s, we began building relationships with local businesses. But at the same time, we became extremely active on a few of the biggest IT newsgroups and mailing lists. We posted frequently to those groups and attempted to answer as many of the other group members’ questions as we could. Sometimes that meant extensive research, but it quickly got us both recognized as “helpers” — people who had some knowledge about IT and were willing to share it to help others.
What we didn’t know at the time was that publishers of IT books lurked on those mailing lists, looking for potential authors. Because we demonstrated knowledge of IT in our posts and because we were articulate in expressing ourselves, Tom was soon contacted by Syngress Publishing and I was contacted by Cisco Press with offers of contracts to write books. And writing a book on a subject is one of the very best ways to become recognized as an expert.
5: Take on writing assignmentsNot everyone has the time, interest, and stamina to write a book. It’s a lot of hard work. Sometimes it pays off handsomely but other times the earnings, given the hours you put in, don’t even add up to minimum wage. An easier way to make money writing about IT is to produce 500- to 2,500-word articles for IT webzines. Leverage the reputation you’ve built on forums and the relationships you’ve formed there to catch the attention of editors. Pitch a query, and when you get your first assignment, put your all into the article. In the beginning, don’t worry too much about the compensation — even consider doing a freebie or two to prove yourself and show the editor that you reliably produce accurate, well-written, on-time contributions.(Don’t continue to write for free, though, if you really want to be considered an expert. People intuitively know you usually get what you pay for, and those who are good at what they do rarely give it away without some special reason.)
6: Put your name on the WebEven if you haven’t yet reached the point where people are willing to pay you to write about IT, you can get your name out there: Put it on the Web. Create an IT-oriented Web site with your name prominently featured. It can be a help forum, where you answer questions and solve IT problems. It can be a gathering place for other IT pros to post on a Web board and do much of the problem solving. It can be just an ad for your consulting business or a showplace for you to brag about your awards (if you do it in the right way). The important thing is to get your name “up in lights.”
Your own Web site is just a start, though. You want a Web search on your name to return thousands of hits, and you want them to be connected to the “best” IT related Web sites. So get out there and post on other sites, exchange links with other IT folks, grant interviews to IT journalists, and get yourself known.
A blog is a great way to develop a following in the IT world. There, you can post articles about IT topics that are too short or not polished enough to market to the paying IT webzines or that cover things their editors aren’t interested in publishing. You can also get more “folksy” in blog posts and develop a more intimate relationship with readers than you can do on some of the more formal IT sites. And you don’t have to worry about anyone editing out the best part of your piece. Just remember to keep it professional and tech related. Set up a separate blog if you want to also blog about your personal life and non-tech-related interests.
7: Get socialDon’t get so busy building your business that you forget the importance of socializing. That includes both real-world and online social networking. Join LinkedIn and Facebook and set up a Twitter account, and use them to further your career ambitions. Seek out other IT pros as friends and followers and post with your business reputation in mind. Post tidbits of IT news, links to helpful IT articles, and of course, links to any of your articles, blog posts, etc. As with blogging, if you want to use social networking sites for more personal purposes, set up two separate accounts — one for business friends and one for personal friends.
IT conferences present another good opportunity to socialize and make contacts in the field and to meet and greet other members of the IT community.
8: Get out and aboutThe beautiful thing about the Internet is that “nobody knows you’re a dog.” Looks, race, gender, disabilities, etc., don’t matter. It is entirely possible to build a strong reputation and make a good living doing everything online. For several years, Tom and I made good incomes writing books, articles, and whitepapers without ever meeting, in person, any of the people we were working for. Some of them we never even talked to on the phone.
However, if you want to take your career to the next level, it pays to get to know your colleagues and “bosses” in person. There’s a good chance that after you’ve been working with them for a while, they’ll initiate the in-person meeting themselves (and pay for it). But if not, you can forge a stronger bond that may result in more favorable contract negotiations, better assignments, and so on, by taking a little trip to their locations and dropping by while you’re there. Or attend tech conferences you know they’ll be attending and get together there. Sure, it might cost you a little money (although you should recoup some of it from the tax write-off), but it’s likely to more than pay for itself in future work.
9: Seek out other superstarsWhen you’re socializing, whether online or at real-world events, hang out with the other superstars if you can. I don’t mean you should push your way into the inner circle, but you shouldn’t be shy about approaching the IT gurus you admire and letting them know how they’ve inspired you. Especially as you begin to be known for your own expertise, most of them will be happy to be contacted by you. Email is nonintrusive and a good way to introduce yourself. Look for commonalities: Did you both grow up in the same state or go to the same college? Do you have the same breed of dog? Are you both musicians? Support the same political candidates? Common ground makes a good basis for conversation. Who knows? Maybe you’ll become good friends with someone you once considered way above you. One day he/she might even be writing to you, asking for your help in getting work. That’s happened to me more than once.
While you’re making a place for yourself among the superstars, though, don’t ignore the “little people.” Remember that it’s your readers and “fans” who make you a star, not the other stars. When you attend a conference, go out of your way to spend time with those who have questions for you. If someone asks you to autograph a copy of your book, you should feel just as honored as you did the first time it happened. Even if you’ve “arrived,” stay humble. Your career path went up, but it can also go down. And others’ balloons may rise in the meantime. Be nice to everybody. You never know when today’s “nobody” might be in the position to hire you in the future.
10: Talk the talkWriting will get you name recognition, but to get face recognition, you need to do more. Real-life meetings and conferences will do that, to a degree. But it you really want to be a superstar, you shouldn’t be just attending those conferences; you should be presenting at them. They say public speaking is the number one fear, even above death — but it’s a fear that anyone can get over with a lot of practice. When I was in high school, I was super shy and literally trembled and got sick to my stomach at the idea of standing up and talking in front of an audience. A wise counselor forced me into the speech and debate class, and what started as agony ended up being a huge source of self-confidence and something that shaped my life. After that, I went on to become a police officer, police academy instructor, college criminal justice instructor, and later an IT trainer and speaker at various events.
You can start by speaking at local user group meetings or volunteering to teach a class in computer usage for your library, city community center, or community college. With speaking experience under your belt, start submitting presentation proposals for larger events, such as TechEd, BlackHat, or the whatever regional, national, or international conferences focus on your area of expertise. If you’ve published articles or books on the topic, that gives you more credibility as a speaker.
When you’re standing up in front of a room full of IT pros at one of the well-known industry events, you’ll know that your plan to become an IT superstar is working.
By Debra Littlejohn Shinder
Takeaway: CIOs that aren’t doing the things that pundits look at as future skills aren’t really CIOs. They may be CIOs in title, but perhaps not in function.
I do a lot of reading of blogs, articles, magazines and the like. In many of these publications, I keep reading about the “CIO of the future” or “CIO 2015″ and the like. In these readings, the authors are making the point that the CIO role is changing and outline the kinds of skills that these future CIOs will need. I actually believe that they are correct with one very key differentiator. The future is now. CIOs that aren’t doing the things that pundits look at as future skills aren’t really CIOs. They may be CIOs in title, but perhaps not in function.
Cloud skillsIf you’re actively rejecting any and all requests for third party services, it’s time to reconsider your stance. Whether you know it or not, business users are identifying point solutions to meet their individual challenges. If you simply say no to all of the requests that come your way, you will soon be the victim of shadow IT deployments that pop up all over the enterprise.
Instead of simply saying no, define processes and policies around application governance, if you haven’t already. Provide users with a roadmap that they can follow as they evaluate services and act as a partner in the process - a partner with veto power in certain circumstances, of course.
The CIO needs to identify and develop the parameters under which applications can make their way into the organization. As a minimum, I recommend including the following provisions in such policies:
Vendor security requirements. Ensure that vendor systems meet your company’s requirements.
Federated authentication requirements. Ensure that vendor systems can authenticate against your internal systems. This way, regardless of what happens, IT continues to control access to key business systems and users retain their single set of access credentials.
Integration requirements. Ensure that services can adequately and in an automated way integrate with existing systems. There should be no data islands or introduction of data inconsistency as people move toward the cloud.
Service DecentralizationHere the thing… IT isn’t going to have the level of direct control that has been enjoyed in the past (which makes the three items in the “Cloud skills” section so important). Services are going to begin to decentralize as they’re moved toward other platforms. But, here’s the thing: The ERP and similar systems aren’t going to be gone by 2015. So, if you’re read articles claiming that IT in 2015 will look nothing like it does now, think again. Companies have made massive investments in their business systems and it’s going to take a whole lot of ROI to supplant systems that work. Of course, these systems may be joined by cloud-based relatives, but under the right set of policies, that’s ok.
IT InfrastructureI’ve read a lot of punditry claiming that the CIO will need to eject or seriously deemphasize infrastructure from his personal portfolio in order to be an effective CIO in 2015. Except, here’s the thing: Infrastructure is really, really important. Let’s say that the CIO decides to place little to no focus on it at some point in the future. What do you think is going to happen to that CIO’s credibility when the network is constantly down and people can’t do their jobs? It’s not going to be pretty.
Although CIO aren’t generally going to be walking around configuring switches and the like, there must be some level of focus on the nuts and bolts of the operation, even if that function is delegate to a trusted lieutenant.
The current and future CIO will continue to ensure that infrastructure performance remains top notch, but the people occupying this key business position should already be business strategists capable of understanding the organization’s revenue and expense drivers and understanding how the various portions of the business operate. This isn’t a 2015 thing. This is a now thing.
Process IntegratorAlready, today’s CIO are becoming or have become masters at reengineering and integrating new processes into key systems. The CIO is enough of a business strategist that he and his staff can sit with counterparts from other divisions and speak intelligently about needs in that area and assist in process-based improvements.
From an integration perspective, today’s CIO must already have created an environment that is integration friendly as the aforementioned cloud based apps begin to descend upon the organization. Again, this isn’t a 2015 thing. This is happening in the here and now and CIO’s can’t think that this is tomorrow’s problem.
SummaryI know that these traits will be obvious to some and that there are many more. However, I believe that it’s important that CIOs and senior IT leaders make sure they realize that 2015 isn’t going to happen in 2015. The CIO of 2015 is needed in the here and now.
By Scott Lowe
December 6, 2011, 4:04 AM PST
In spite of a constant drumbeat of news about hacking and cracking computer accounts, users still are employing extremely common and obvious phrases as passwords. A compilation of the most commonly used — and potentially most insecure — passwords seen over the past year was recently drawn up by Splashdata and reported in Mashable. Splashdata found that incredibly enough, the leading password in use today is the word “password.” Interestingly, number 4 on the list, the keyboard lineup of “qwerty,” is counterbalanced by item number 23, “qazwsx,” which is the first three rows of keys typed vertically.
The list closely parallels that developed close to two years ago by Imperva, showing that these terms never go out of vogue.
Here is this year’s list:
SmartPlanet colleague Tuan C. Nguyen provides a surprisingly simple technique for deriving a strong password that makes it difficult for hacking programs to arrive at the right brute force combination — employing a symbol in combination with an upper-case and lower-case letter.
Not everyone thinks that strong passwords are the answer, however. In another study on passwords, a Microsoft researcher conducted a cost/benefit analysis of efforts to encourage stronger passwords, and questions whether the costs of strong password management outweighs the benefits.
By Joe McKendrick | November 18, 2011, 9:54 PM PST
1. The Productive Enterprise
Nudged by the ready adoption of Facebook, many enterprise software vendors are incorporating social capabilities to their apps. But, according to Nucleus, for every organization that has successfully adopted social capabilities, there are two that struggle to make it work. The biggest concern is that social media will leach productivity (like Facebook does) without adding to the collaboration wanted. Savvy enterprises will find a way to align social tools to support clear business purposes.
2. The cloud will change development
The cloud has made development faster and more iterative. When changes can be made on the fly, companies can deploy once and then adapt an app as business needs change. As we go forward, the cloud will make development more virtual. Crowdsourcing efforts and the integration of social networking tools into the dev environment will provide opportunities for developers no matter where they live.
3. SAP will reemerge
SAP revenues have gone up and the company has introduced innovations in areas like mobile device access. According to the report:
We’ve started to see real traction with Business ByDesign. This is partly because customers that have growth aspirations are also risk averse given the economy. Also, cloud delivery makes Business By Design less onerous to support than traditional ERP deployments.
Nucleus also cites last year’s exodus of top-level executives to be a good thing for its future.
4. Going big
Nucleus thinks that tech buyers are increasingly “going to look at big vendors with an 80 percent solution versus a best-of-breed application that must be managed, integrated, and negotiated separately.”
5. More ways for everyone to manage big data
Nucleus recognizes that although big data is definitely being overhyped, “companies will soon make smarter decisions using analytics to comb through huge amounts of data.” (I recently ran a piece about how to get started in the data analytics field.) The report says that this is one area where we’ll continue to see innovation, like integration of field-programmable gate arrays.
6. Capital will move from labor to technology
While the unemployment rate will continue to hover near 10 percent, Nucleus sees technology hiring going up. A recent Nucleus survey (Nucleus Research 106, Nucleus 2012 IT spending survey, September 2011) found that technology spending is winning hands down. And there will be the need for people to support those technologies and to train end-users.
7. Smarter software
Nucleus says, “We expect to see more intelligent applications that search for and push information related to what workers are doing directly to their desktop, a rise in usability for analytical and text mining tools whose capabilities were previously only for the gearheads, and presence and location monitoring to drive new ways we interact with enterprise software.”
8. Labor will get optimized
Nucleus claims that workforce management software will change to show which employees are the most productive, show up on time, and create the least scrap. “Workforce management vendors such as Dayforce and Kaba are now delivering this data to managers by combining analytics tools with data gathered at time and attendance kiosks.” Slackers, beware!
9. Healthcare investment
Although the technology for moving paper health records into electronic form as been around for a while, Nucleus says that the availability of low-cost secure cloud applications such as those from Digitech Systems will drive significant investment in 2012.
10. Renewed focus on customer experience
Nucleus says it continues to see str5ong investment in CRM and related applications. They expect to see more investment in analytics, activity monitoring, and big data crunching as companies aspire to “the prefect combination of targeting, touching and treating their customers.”
by: By Toni Bowers
IntroductionDesigning, architecting, and implementing a corporate network is a daunting task. It is easy to become lost in
the minutia and overlook some big picture issues. This is especially true in regards to security. Some decisions that make sense in terms of efficiency, throughput, compatibility, ease of administration, etc., might not result in good security. This white paper presents 13 somewhat common infrastructure decisions that can result in poor IT security. (They are not in any particular order.)
1. Choosing Speed over SecurityA high-performance network that supports efficient productivity is highly desirable. However, when a decision must be made between a reduction in throughput versus increased security, security should be valued at least as highly as productivity. Without security, productivity will not last. Without proper and sufficient security controls, malicious code or hacker attacks can quickly render a network infrastructure unable to support legitimate communications or transactions. High-speed communications are important, but we must protect the availability of the network in order to have a network.
2. Implementing a Single Internet ConnectionAny single point of failure is a poor infrastructure and design decision. There should be two exits from every
room. There should be at least two copies of every file. And there should be at least two connection paths out to the Internet. (There is an assumption here that Internet connectivity is an essential utility of the organization. If not, then redundancy is not as important.) With only a single connection to the Internet, there is a single point of failure. One mis-configured connection device, one hardware failure, one payment lost in the mail, one misguided backhoe, and the connectivity is lost. Every aspect of a network should be designed with redundancy in mind in order to avoid single points of failure.
3. Failing to Implement Internal Traffic ManagementMore than half of security breaches are caused by internal personnel. It is often incorrect to assume all users, programs, and processes within the organization’s network are safe and trustworthy. Every moderate to
large network should implement traffic shaping, traffic throttling, and traffic control measures internally. By
implementing these features, no one network service, application, protocol, or user can fully consume all of the network bandwidth to the exclusion of others. Thus, mission- critical communications will always have sufficient bandwidth reserved for them.
4. Not Using Network Event AuditingEvidence of compromise is a valuable asset. However, it can only be obtained at the instant the compromise
is performed. If the network is not already actively recording network events into a log file or audit trail, then
security breaches will go unnoticed. It is better to record events to a log file that are not needed, than to not
record events that are essential to detection, response, and potential prosecution. Without an ongoing permanent record of events (i.e., log files), you have no evidence of benign or malicious activity, and trends toward bottlenecks will go unnoticed as well.
5. Depending on Physical SecurityEvery environment must properly address logical/ technical security, administrative security (i.e., policies and
people), as well as physical security. Each of these three areas is somewhat self-contained in that the security
measures of one do not ensure protection against threats from the other. In other words, logical protections
defend against logical attacks, and physical security defends against physical attacks. It is a mistake to assume a strong physical security solution is compensation for poor or lax logical security. Malicious code and social engineering attacks are still possible even with an impenetrable physical fortress. Just as with logical security, there are a wide variety of physical security options. You need to implement those that are relevant to your specific needs. However, some common examples of physical security controls include security cameras, security guards, lighting, conventional and electronic locks, burglar alarms, man traps, fencing, fire resistant building materials, and fire detection and suppression systems.
6. Assuming the Electrical Service Is Reliable and ConsistentElectricity is the life blood of computer technology. Without power, computers and networks fail. And not just any power; pure, consistent, clean, regulated power is necessary for the long-term viability and stability of computer networks. Power grids can and do fail. The power company cannot guarantee uninterrupted service or prevent electrical noise. You must use surge protectors, power line conditioners, uninterruptible power supplies, and on site power generators to ensure only consistent, conditioned power is fed to your electronics. The loss of power, even for short periods of time, means operational downtime and potentially lost or corrupted data.
7. Failing to Store Backups OffsiteBad things happen. You must be prepared. Backups are the only form of insurance against data loss. Without backups, your data is at risk. Serious risk. Real risk. You need to follow the backup 3-2-1 rule:
- There must be 3 copies of data
- There must be 2 different forms of media
- There must be 1 copy stored offsite
Failing to store a backup offsite is also a failure of taking the real world seriously. Complete and total destruction by fire, flood, tornado, and other acts of nature is common. No home or office building is completely protected. Assume the worst, and then plan to survive it. No, not just survive, but thrive through it. Be better prepared than your neighbors or competition. Be the first to fully recover and be back in business.
8. Leaving Unused Ports OpenLeaving unused ports open and active is the same as leaving your back door unlocked while you go on vacation. Anyone can connect an unauthorized system to an open port. System hardening has two basic steps: remove what you don’t need, lock down what is left. If a physical port is not in use, disconnect it, turn it off, make it go dark. When you need the port in the future, then re-enabled it. Don’t enable any connection path before it is secured or before it is needed for a business task.
9. Deploying Wireless NetworksWireless networks are a challenge to secure and support. Often, the cost in effort as well as budget is not worth it when compared to using a physical cable. Before deploying a wireless network, ask a few questions.
- Will a power cord be needed anyway? If so, running a network cable as well will not be much additional effort.
- Is the wireless for customers or visitors? If so, it does not need any link into the private LAN; a public ISP link would suffice.
- Are any essential business tasks dependant on wireless? If not, you might not be implementing wireless for a real business reason.
I would generally recommend against installing wireless networks for most organizations. This is because interference and DoS are always possible, even with the best wireless security configured and the strongest wireless encryption enabled.
10. Not Planning for Mission-Critical Task Interruptions or DisastersMurphy (as in Murphy’s Law) hates you. The universe tends towards entropy. The only thing that remains the same is change. Assuming your organization will continue to function into the future exactly the way is does now is a fantasy. Things will change; some for the good, many for the bad. Natural disasters, malicious code, fire, thieves, disgruntled employees, criminal hackers, and the rambunctious children of your employees can cause mission-critical task interruptions, downtime, and disasters. By failing to plan, you plan to fail. You must plan your response and recovery now before a business interruption occurs. Disaster recovery planning focuses your recovery on the most mission-critical processes in priority over less essential functions.
11. Avoiding Hardware Replacements Based on MTTF/MTBFThe most common cause of unplanned downtime is hardware failure. Most devices are tested and rated based on how long they should operate under normal conditions before experiencing their first failure. This is a time rating of either mean time to failure (MTTF) or mean time before failure (MTBF). MTTF is for devices that are usually replaced upon failure. MTBF is for devices that can be repaired and returned to service. The MTBF thus serves as the measure for the time frame before the first failure and between all subsequent failures. Hardware should be scheduled for replacement/repair around 95% of its MTTF/MTBF. While some statistical outliers will fail earlier, and some might last for much longer without failure, statistically, the odds are in your favor when you plan to replace devices just before their average failure time is reached.
12. Allowing Outside Portable MediaAny communication pathway that supports legitimate transmission of data can also be used to transfer malicious code. One of the more notorious culprits of this is removable media. Whether CD, DVD, floppy, zip disk, smart card, flash drive, or USB hard drive, all of them present a real and current risk. Many forms of malicious code can spread through removable media one machine at a time. If a system is infected, potentially any storage device connected to that machine can become infected. Then as that storage device is connected to other computers, the malicious code spreads. When anyone brings removable media in from anywhere there is a significant risk of infecting the company network. Make it company policy that all media from outside sources must be screened and scanned on a dedicated malware scanning system before being used on any other office computer.
13. Allowing End Users to Install SoftwareAnother common method of distribution of malicious code is the Trojan horse, which is a supposedly benign
program that happens to contain a hidden malicious payload. When the host program is used, the malware is
delivered. Trojan horses can be obtained from removable media brought in from outside sources, downloaded from the Internet, exchanged through peer-to-peer services, received as an e-mail attachment, and shared across network services. When regular users have sufficient permissions to install new software, they, in turn, also have permission to launch malicious code. One method to eliminate this risk (or at least significantly reduce it) is to prevent end users from being able to install software. One way to accomplish this is through the use of a white list. A white list is a file of the names and hash values of all executables that the organization has deemed safe and necessary for users to accomplish their work tasks. Only the applications on the white list will execute on the user’s system. All other programs, including any installation process or malware, will fail to execute as it will not have permissions to do so. White listing does restrict a user’s freedom, but on a work computer, security is often more important than granting users complete control over their workstations.
SummaryI hope your organization is not making all of these mistakes in its infrastructure decisions. It is possible that your organization can improve its security in one or more of these areas. Take the time to assess your current security policy in each of these areas to see if there is room for refinement or improvement. Keep in mind that security is never an accomplishable goal. Instead, it is a long and difficult journey that requires vigilance and persistence in striving towards improved security over time.
James Michael Stewart, Global Knowledge Instructor, CISSP, ISSAP, SSCP, MCT,
CEI, CEH, TICSA, CIW SA, Security+, MCSE+, Security Windows 2000, MCSA
Windows Sever 2003, MCDST, MCSE NT & W2K, MCP+I, Network+, iNet+
It’s easy to have a computer get loaded up with junk that slows it down. The worst part is, we invite this garbage into our lives by installing “helpful” utilities, toolbars, and other add-ons. I could easily write a list of 10 kinds of computer-stalling junk. Here are some of the things you’ll want to seek out and remove for best performance:
- Automatic update systems for various applications (but be careful: some apps, like Flash, Acrobat, QuickTime, and Web browsers are prime malware targets and you will want to keep these up-to-date)
- Things that run on startup
- Windows services you don’t really need
- Crapware from the PC maker
- Browser plug-ins (the Skype browser plug-in is an especially bad offender, I’ve found)
- P2P applications
- Web servers and database servers that were installed by since-removed applications, but left behind
Most ISPs love to brag about how much bandwidth they are giving you. But they don’t mind letting the rest of their infrastructure slowly get overwhelmed or deteriorate. Among the biggest offenders are the DNS servers our ISPs use. If you want to know why things seem to take forever to start loading, slow DNS servers are often the cause. Consider adding a fast DNS server as your primary DNS server in your TCP/IP settings. Google’s Public DNS server is a great option.
Defragging your hard drives is a great way to get some more performance. While modern Windows systems automatically defrag on a regular basis, I’ve found that the Windows defragging is fairly unaggressive. We’ve reviewed a lot of different defrag apps here at TechRepublic. I suggest that you check out your alternatives and find one that does a better job for you.
Time and time again, “system slowness” actually is caused by networking issues. Our computers do so much on the Internet that slowness there can affect just about everything you do on a regular basis. While there isn’t enough space to write an exhausting troubleshooting list here, some of the things you should try (or investigate) are:
- Replacing the network cables, switches, routers, WiFi access points, etc.
- Calling the ISP and checking the distance from the CO (for DSL) or the local segment’s current load (for cable); the ISP may need to rewire or rework its connectivity. Satellite customers will want to double-check their dish installation and ensure that it is tightly locked down and pointed in the right direction.
- Malware scanning on all PCs to see if malware is burdening the network
- Inspecting the wiring of the phone lines (for DSL) or coax (cable customers) to look for loose connections, corrosion, or flaky wires
- Cable customers will want to find out how many splitters are between the line from the pole and their modem. If it is more than one (and preferably only a two-way splitter), they should rewire so that they have only a single two-way splitter between the pole and the modem to ensure the cleanest signal possible.
By Justin James
September 9, 2011, 2:17 PM PDT
For some user - such as marketing people, company, etc.- who need to import a lot of contacts from their excel file will be paintful. Desktop manager provide the service, but sometime it fails.
After some experiments, import contact Blackberry using cvs file can be done with Gmail Contacts mediation.
Step 0 - Backup your dataThis is the most important step. For any experiment, ensure to backup the data first. Don't go to other step before you've completed this step.
Step 1 - Synchronize your blackberry contact to gmail accountSee this explanation, on section: Use wireless address book synchronization.
Step 2 - Export your gmail account into csv file
- Login to your Google Contacts
- Export your contact to csv file, choose gmail contact format.
Purpose of this step to get the gmail contact template.
Step 3 - Input your contact
- Adjust your contact data with csv format.
- Ensure to not include the same data with existing, to avoid duplicate contacts.
- Please ensure your header match with google format.
Step 4 - Import your contact
- Go to your Google Contacts, import it now.
- Wait for couple of minutes to Blackberry sync with your Google Contacts.
1: Tell us about your current positionEmployers want to know about what you are currently doing a lot more than they want to know about prior positions. The reason for this is simple: The world of software development moves so fast that what you did two or more years ago is interesting for background but probably has little bearing on their current work. When asking this question, the interviewer is trying to relate what you currently do to the position the company is offering, and you will want to answer with that in mind. For example, if the position you are applying for involves a lot of database programming, emphasize where in your current job you have worked with databases.
2: Programming challengesMany employers will present you with some sort of programming challenge. These range from being asked to sketch out a piece of pseudo code that implements some business logic or being handed a piece of code and told to find the bugs to being put down in front of a computer and asked to code away. What they are usually looking for is not just a certain level of competency — they also want to see how you go about solving the problem. You can offer to narrate your thought process as you solve the problem. If they take you up on it, that will help them to learn what they are looking for. Or perhaps when you are done, you could walk the interviewer through how you solved it.
3: Do you have any examples of your work?Employers love to be able to look at real-world examples of your work. Unfortunately, this is rarely possible. The truth is, in most circumstances, your work is the property of your employer and you can’t be taking it outside of the building without permission. And it would be unusual to have a boss say, “Sure, go grab a couple of your best apps from source control to take on the job interview!” Instead of being unable to provide any samples, contribute to an open source project or work on an application at home that is sophisticated enough to let your skills shine. Then you will have something that you can show the interviewer and also be able to demonstrate an ability to work on your own and manage your own time, too. These side projects can often serve as a great talking point in the interview.
4: BrainteasersApart from asking you to demonstrate some programming abilities in the interview, some employers may give you a variety of brainteasers. Some people are really good programmers and stink at these, but the idea is to test your overall problem-solving skills. Luckily, you can prepare for these a little bit by picking up a few brainteaser books (usually only a dollar or two) at a book store or supermarket and doing a few every day. Most of these brainteasers follow a similar format, so by practicing, you will understand how to approach the most common types. There are also a few standard ones that come up on a regular basis, such as the one where you need to get a group of people across a river with a boat of limited capacity.
5: Do you have a security clearance?Depending upon the job, a security clearance may be required. Employers prefer hiring people with one already because it simplifies things. It would be a big hassle to hire someone and then discover that they can’t get the needed clearance to do the job. If you have a clearance, make sure that it is up to date. It’s also a good item to list on a resume.
If you do not have a security clearance, ask before you come in for the interview about any security requirements for the job and research whether you are eligible for any security clearances needed. This way, when asked, you can answer with something like, “No, I do not have that clearance, but I have looked into it and I can obtain one if needed.”
6: Background check and criminal history informationInformation about criminal history and other background check items typically will not come up in an interview with a hiring manager, but they will often come up in an interview with HR or a recruiter (especially the recruiters). They do not want details, for the most part, but they want to know whether it will be a waste of time interviewing you. Obviously, it is great to have a squeaky clean record, but there are plenty of good job candidates who don’t. You will need to be honest here, because things show up on the background check anyway. If what you say does not match the check, they will feel that you lied to them. At the same time, limit your sharing to the minimum. You can start with something like, “I have a misdemeanor conviction from three years ago” and take it from there.
7: What is your experience level with XYZ?When interviewers ask about your experience level with a technology, they really want to get a feel for what you have been doing with it, not how long you have been doing it. For example, if they are asking about SQL, is it important to them that you have been writing statements no more complex than, “SELECT id, name, city FROM people WHERE state = ‘NY’” for 10 years? Not really. Performing complex data transformations, correlated subqueries, etc., for six months will be much more impressive. When talking about your experience level, emphasize the kinds of challenges you solved with those technologies and the unique aspects of the technologies you used to solve the problems.
8: What’s the hardest challenge you have had to overcome — and how did you approach it?This is a stock interview question, but it has some special pitfalls for the programmer. One of the failures I’ve seen in interviews is that candidates do not properly set the context of their answer. I have faced some challenges that at that point in my career were difficult but that later on were trivial. If I brought them up in an interview without explaining my experience level when they arose, it would put me in a bad light. The interviewer would be thinking, “Why would someone with his experience struggle with this?” So when you answer, give a short (one sentence) scene setup. Also, put your focus on the problem-solving steps you took, not the technical details. No one really cares if the problem turned out to be that the variable was one character shorter than the data going into it; they want to know how you did the research to discover it.
9: Describe your programming habitsThere are a number of variations on this question, some of which just ask about things such as:
- Source control
- Variable/file/class/whatever naming
- Application architecture decisions
Other times, we simply have bad habits; in those cases, it is better to recognize them and show that you are trying to change them. You could say something like, “I tend to not write as many unit tests as I should, but I have been working hard to ensure greater code coverage.” Of course, don’t lie about this. But employers like to find people with enough self-awareness to see and correct their flaws, and the honesty to be able to discuss them.
10: Tell us a little bit about yourselfOften, job candidates go way off the deep end on this question, talking about things they do not need to be discussing in a job interview, personal stories and relationships, and so on. Or worse, they bring up things that present them in an unflattering light. What the interviewer is really looking to learn is how your personality relates to the job of software development. For example, if you enjoy restoring antique furniture, you could point out that it requires a lot of patience, eye for detail, research, and so on. Of course, you will want to talk about your personality traits as well. Unusual experiences or education can be brought up here, too. What you definitely do not want to do is talk too long. Try to make it a back-and-forth conversation, but if it isn’t, limit your time to a few minutes and don’t trip all over yourself trying to cram in every last detail.