Security Architect

Security Architect Job Description

IT Job Descriptions
IT Job Descriptions are updated by Janco two to three times during the year. New job descriptions are added as they become hot

Security Architect is a position that has come to the forefront of CIOs.  This is a result of the latest ransomware attack.  Companies around the world are so dependent on the world wide web that cyber-attacks can and do impact the bottom line.

CIOs are aware of the potential exposure their enterprises face.  They see this new position, Security Architect, as a must have one.

Many organizations already have a Data Security Administrator.  That position looks at security from an administrative side after systems and applications are in place.  The new position is one that is proactive and address security from the perspective of what hackers are doing today and will be doing in the future.

Position Purpose – Broad Scope

The Security Architect, under the direction of the Manager Network Services, assumes responsibility for data security including the planning, design and implementation of security measures which safeguard access to enterprise terminal files and data elements.  The administrator provides rapid response to user community’s request for security assistance.

This position secures enterprise information by determining security requirements; planning, implementing, and testing security systems; preparing security standards, policies, and procedures; mentoring team members.

Security Architect read on…

Order Security Architect Job Description

 

 

Telecommuting Top 10 Reasons Why

Telecommuting Top 10 Reasons Why

Telecommuting Top 10 Reasons why
Telecommuting top 10 reasons why – the focus of many C-Level executives is addressed by this policy

Telecommuting Top 10 Reasons Why include the following:

  1. Flexible Work Hours – If employees telecommute then their schedules become more flexible.
  2. Reduce costs – Telecommuter’s can save money on transportation costs such as gas, parking, public transportation, work clothes, and dry cleaning bills. Employers can save money by reducing overhead and retaining employees.
  3. Ease strain on employees -Telecommuter’s have greater flexibility to plan non work-related activities around their business schedule instead of searching for time in the early morning, late evening, or during lunch.
  4. More Productive – Telecommuter’s will save the time they now take to commute to their place of employment.
  5. Minimize Non-Work Distractions – At times employees in an office setting can be distracted from their work by untimely interruptions from peers, impromptu meetings, or pulled away onto other projects. Telecommuter’s may find themselves more productive.
  6. Better Morale – Working from home usually means telecommuter have more time with their family.
  7. Green Solution  – Working from home part or full-time reduces the auto emissions and decreases gas consumption.
  8. Stay Healthy – Working from home decreases the stress caused by inflexible hours, commuting time and costs, continual rushing to unmet family needs, sitting idle during a commute and provides time to exercise or pursue endeavors of particular interest to you.
  9. Potential Tax Deductions – Income deductions are available for home-based work-related expenses such as fax, scanner, phone, computer and office supplies.
  10. Reduce the Need for Outsourcing – Working from home helps keep jobs domestic and reduces need or desire for business and industry to contract with other countries for work that can be done at sites other than the main office.
Order Telecommuting PolicyDownload Selected Pages

.

10 Best Practices for managing cyber-attack

10 Best Practices for managing cyber-attack

10 Best Practices for managing cyber-attack
10 Best Practices for IT Infrastructure are contained in this bundle of policies and procedures

10 Best Practices for managing cyber-attack have never been more important than today. They are:

  1. Stay calm, prioritize and don’t point fingers
  2. Assign response responsibility to a single point of contact
  3. Have both an incident response plan and a disaster recovery plan in place
  4. Take detail backups regularly – store backups on non-connected sites
  5. Have a business continuity plan in place with solutions that do not depend on the existing networks and data
  6. Have a PR/media and legal operational plan in place before the event
  7. Immediately notify customers
  8. Manage user/customer expectations
  9. Conduct a postmortem
  10. Implement policies and procedures that focus on infrastructure security
Order IT Infrastructure PoliciesDownload Selected Pages

 

H-1B visa holders paid less

H-1B  visa holders paid less

H-1B  visa holders paid less.  According to the latest filings by Apple Computer. 99.6% of the 4,807 visa applications for the current year have a “stated” average salary that is less than the going rate for the current year.

Apple Computer files average salaries that could lower for actual hires than the going rate for the San Francisco Bay area

Granted that Apple may pay individuals more than is stated in the application, but they do have the option to pay less.  That is the core of the issue with the H-1B visa program as it is implemented today.

The question is the program to be be altered in such a way to eliminate the possibility that companies like India based outsources can use the program for their own profit at the expense of US workers’.

In our next IT salary survey we will address this issue this issue in depth.  Janco’s survey is an industry standard and is (and has been) used by over 3,000 organizations in the US and Canada, In addition, the results of the survey have been published in the Wall Street Journal and CNN to mention a few media outlets.

Several major unions and governmental agencies use the survey for setting pay grades and overall compensation levels.

Read on IT Salary Survey

 

 

 

Tenure of Telecom pros exceeds that of CIOs

Tenure of Telecom pros exceeds that of CIOs by 18 months

Tenure of Telecom pros – In the process of preparing for our mid-year IT salary survey, we have started to review the impact of the baby boomers who are now starting to to retire in droves.   The issue that CIOs and CSOs face is wither they have the resources in place to fill those positions as these professionals retire.

Employee Tenure
Telecom professionals have a median tenure of six years. That is 18 months longer than for CIOs.

Added to this is the fact that over the last several quarters the total number of job in the telecom field has shrunk significantly. This has also dampened the number of new entrants into that job market.

Preliminary data that we have seen shows that telecom salaries are not keeping up with the rest of the IT industry.

CIOs and CSOs are going to have to address succession planning for not only the telecom pros retiring, but also for the rest of the baby boomers that they have on their staffs.

10 steps to a raise

10 steps to a raise as the IT Job Market Improves

10 Steps To A Raise - IT Salary Survey
10 Steps To A Raise – IT Salary Survey provides data on 73 unique positions in over 100 metropolitan areas in the US and Canada.

10 steps to a raise is a program that anyone can follow.  They are easy and something that IT pros (and others) can implement fairly quickly.  However the results may take some time.

  1. Make users love you
  2. Understand where the CIO and company are moving
  3. Learn how to implement and apply the latest technology
  4. Get certification or first hand experience
  5. Market your skills
  6. Have and use the latest technology and tools
  7. Provide peers with insight and training on your area of expertise
  8. Fit into the organization as a team player
  9. Be a focal point in the latest technologies
  10. Network with IT Pros in other organizations that have the same technical responsibilities

Janco and eJobDescription.com has conducted salary surveys of the IT Job market since 1989. The data from this survey has been published in the Computer Industry Almanac, the Wall Street Journal, the New York Times, eWeek, and many other business and industry publications. In addition over the years it has been featured on CNN, the Wall Street Journal, and several national and international media outlets.

The salary survey is updated twice a year; once in January and then again in July. Janco and eJobDescription.com not only look at base salaries, they also report on total compensation.

Read on…

CIO Role Changes with Each Technology Types

CIO role changes and faces new challenges – no longer just a technologist now a business partner

The role of the CIO and CTO is changing as more enterprises more towards a “Value Added” role for the Information Technology function. The Strategic Implications of each type of technology are different.  The CIO, as a result needs to be able to adapt qucikly

CIO Role Changes
The chief information officer’s (CIO) role, responsibilities and influence is growing in today’s boardroom. And the CIOs job itself is expanding as well. The CIOs of the next decade face many challenges.

The job of overseeing technology at corporations is changing as fast as the technology itself. No longer is the chief information officer the “nerd-in-chief,” merely chasing after viruses and ordering new mouse pads. Now the CIO is finding ways to utilize hardware and software for strategic business purposes, such as discerning market opportunities and improving customer service. The high-tech tools of choice can include sophisticated data mining like social networking, and enhancements to the company website.

As the CIO’s role changes, a key question for the chief executive is whether the individual in that position can handle all of these new challenges. Today, the CIO often is working directly with all of the other C-Level executives. He or she now has to undertake customer-service, marketing, and new-product analysis. This can require “people” and analytic skills in addition to advanced e-knowledge. CIOs are called upon to think like business people.

Order CIO Job Description

Read on… CIO Role

 

Hiring right employees

A critical CIO skill – hiring the right employees

Hiring the right people – Career path definition and compensation planning need to be in place along with well defined job descriptions.

Hiring right employees is one of the most critical factors in the success of a CIO.  The right people will have the skills, aptitudes and attitudes  to help mobilize and evolve systems and technology solutions necessary to compete in today’s ever changing environment.t. With the right people, CIOs can move ahead and have a team that supports the enterprise’s and CIO’s success.

CIOs in today’s tough economic conditions have to know the answer to the questions of what they can do to ensure they hire the right people?  A first step Before CIOs start the  recruiting process, they need to a good handle on:

  • Understanding the job requirements and expectations from the employee
  • Understanding the working style of the managers and staff where the position will be
  • A consistent and robust interview process is a must for a successful recruiting process

    Understanding the company’s culture and communicate that to the candidates

  • Have detail job descriptions in place for each position to be recruited
  • Conducting structured interviews that get to the true fit of the candidates with the enterprise, and
  • Managing the process to minimize your enterprise’s legal exposures
  • Remembering that a large percentage of those hired will only be with the company for fewer than 7 year – some will leave voluntarily others will be terminated.

After CIOS have completed  planning, screened the applicants and interviewed job candidates, the decision to hire a person ultimately rests on your intuitive sense of whether this is the right person for the job.

Nothing can prepare any hiring manager  for that decision except their own experience supplemented with hard facts and discussions with the other interviewers.

Order IT Hiring Kit

If many individuals are interviewed for many position, interviewers  will learn the signs that indicate a potential hire is right. If interviews and hiring is infrequent, hiring managers will have to depend on less-intuitive methods and other people to help you.

If the company believes in high quality employees, you should be really enthusiastic about the person you want to hire, not just lukewarm.

Read on… IT Hiring Kit

Common Security Concerns

Common Security Concerns that CSOs and CIOs have

Security Manual Template - Common Security Concersn
CIOs and CSOs often are tasked to address user and C-Level management’s common security concerns. The Security Manual Template and its associated items address each of these in detail.

When the CIOs and CSOs discuss common security concerns these five topics always seem to appear:

  1. Surfing the web anonymously is a thing of the past – As online tracking systems become more sophisticated and harder to shake, the likelihood of private, anonymous browsing is becoming a long-ago memory. Take into account the latest ISP changes, where the U.S. government allows providers to not only track, but sell your browsing history without your consent. These changes in “net neutrality rules” require users to be more vigilant about their own browsing patterns. You can guard your activity by logging out of search engines before browsing, clearing your cache and search history, and switching to a private browser to minimize the various ways your browsing history is catalogued.Order Security Policies and ProceduresDownload TOC security policies
  2. Anyone gain access your webcam – Hackers can and do target cameras by disabling the light that notifies of access, and keeping tabs in order to commit some sort of crime. Many users have responded by putting dark tape or coverings over their computer’s webcam. But as more smart devices are created and purchased, the surface area for webcam hacking only expands. Think, for example, of all the places you take your smartphone, with its built-in camera almost always pointing in your direction. The malware used to hack webcams, known as RAT (remote access Trojan), is often spread through spam email. Once clicked, the software is capable of disabling your light so you’re never made aware of anyone watching.
  3. How to protect against identity theft – Be wary of sites asking for personal information to complete a basic task, such as subscribing to a newsletter. When submitting personal information, such as your address or payment method, check for https versus http and never submit this information to a party you’re not familiar with or for a request you don’t remember making.Protecting your identity, at its core, always comes back around to common sense behavior online. Understand risks, practice careful consuming, and taking precaution to diversify passwords and watch out for phishing schemes.
  4. Free antivirus software is not free – You get what you pay for in the area of antivirus and malware protection. If it is free a lot of people use it and when there is a security hole – hackers will attack.  That is opposed to paid programs were vendors constantly update the software to address new issues as the occur.
  5. Are tablets, Smartphones and Macs safe without antivirus software? – Though the Android and Mac OS X boast of operating systems that claims they are tough to breach, they still contains weak access points. Just like any tool that surfs the web or connects to wireless routers, security is needed to scan all those items you click. (Recent research suggests Macs are now more vulnerable than PCs.)While these devices have often carried around the title of most-secure operating system, it doesn’t hurt to back up your devices with the latest antivirus security protection.

Top 10 tips to minimize wild fires

Top 10 tips

Fire season is just around the corner. With the wet winter, when the ground days out this summer the danger to life and property will be great. These are must follow tips.

Top 10 tips that business can follow to minimize the risk of wild fires around their sites and remote offices.

  1. Have a clear area of at least 100 yards around the business park.
  2. Keep lawns hydrated and maintained. Dry grass and shrubs are fuel for wildfire.
  3. Landscape with native and less-flammable plants. When landscaping, choose slow-growing, carefully placed shrubs and trees so the area can be more easily maintained.
  4. Create a ‘fire-free’ area within ten feet of the property, using non-flammable landscaping materials such as rocks, pavers and/or high-moisture content annuals and perennials.
  5. Have no tall vegetation immediately adjacent to structures.
  6. Clear leaves and other debris from gutters, eaves, porches and decks. This helps prevent embers from igniting the property.
  7. Remove dead vegetation from around the property, especially within 50 feet of the premises.
  8. Remove flammable materials from within 50 feet of the property’s foundation and outbuildings.
  9. If you have trees on your property, prune so the lowest branches are 6 to 10 feet from the ground and none overhang the structure.
  10. Don’t let debris and lawn cuttings linger. Dispose of these items quickly to reduce fuel for fire.

Order Disaster Recovery Business Continuity Template Download Selected Pages Disaster Recovery Business Continuity Template

IT Related Fraud issues addressed by Janco

 IT related fraud occurred in over 70% companies

Malware exposure is high in many enterprises

IT related fraud and alware infections cause a number of problems. Machines become unresponsive or sluggish resulting in users become frustrated and administrators spending precious time trying to find the problem.

Once an attacker is on the inside, his or her work is significantly easier since on most networks, systems on the inside are trusted.   To that end, in a review of over 300 security audits Janco has found a list of the greatest security weaknesses.

Enterprise Wde Security Weaknesses

The weaknesses are:

  • Using only single level verification for access to sensitive data
  • Having “public” workstations or access point is connected to a secure network
  • Sharing login credentials
  • Data validation for forms is contained in client-side JavaScript
  • Connect to network from an unsecure access point
  • Corporate web site is encrypted but the login process is not
  • Using weak encryption for back end management
  • Using unencrypted or weak encryption for Web site or Web server  management

Order Security Policies and ProceduresDownload TOC security policies

eReader Security Template

eReader Security Template released with version 12

eReader Security Template
eReader Security Template now address SIEM with both best practices and KPI metrics in addition to identity protection

eReader Security Template has just been released by Janco with its latest update of the security manual.  This is a major update as it the template now also includes KPI metrics and best practices for Security Information and Event Management (SEIM) as well as a chapter in Identity Protection.

This security template was first release in 1999 and has been updates between 3 to 4 times each year.  Currently the template is over 250 pages and includes chapters on the following topics.

  • Security policies – scope and objectives
  • Minimum and Mandated Security Standard Requirements
  • Vulnerability Analysis and Threat Assessment
  • Risk Analysis – IT Applications and Functions
  • Physical Security
  • Facility Design, Construction and Operational Considerations
  • Media and Documentation
  • Physical and Virtual File Server Security Policy
  • Network Security
  • Sensitive Information Policy
  • Internet and Information Technology Contingency Planning
  • Insurance Requirements
  • Security Information and Event Management (SIEM)
  • Identity Protection
  • Ransomware – HIPAA Guidance
  • Outsourced Services
  • Waiver Procedures
  • Incident Reporting Procedure
  • Access Control Guidelines
  • Electronic Communication
  • Mobile Access and Use Policy

Read on SecurityOrder Security ManualDownload Selected Security Manual Pages

 

 

Employment Improves

Employment Improves as only three states are above 6% unemployment

Employment improves as only New Mexico, Alaska, an Alabama have unemployment rates over 6%.  At the same time there now are 19 states that have unemployment rates at 4% or less. Six states have unemployment rates ar 3% or less.  Those states are Vermont (3.0%), Colorado (2.9%), North Dakota (2.9%), Hawaii (2.8%), South Dakota (2.8%), and New Hampshire (2.7%)

High Unemployment States - February 2017
States with the highest unemployment levels
Employment Improves
Employment Improves and unemployment rate is 4% or less in 19 states

At these levels salaries will start to rise and we forecast that the overall participation rate will begin to increase.  This in turn will cause salaries to edge up.

Order Salary SurveyDownload Sample salary survey

New IT Jobs 2017

New IT Jobs 2017 as the economy improves

New IT jobs 2017 will be driven by an improved manufacturing job market.  As of March 2017, Janco forecast that there will be a total of over 125,000 new IT jobs created.

New IT Jobs 2017
IT Job Market growth forecast from Janco Associates

Janco’s forecast is based on interviews with over 100 CIO, CFO, and HR professionals in the IT sector of the economy.

Close to 12,000 new jobs were created in the first two months of 2017.  With the model dreated by Janco, the firm believes that and additional 113K new jobs will be created in the balance of the year.

On a monthly basis Janco updates it model, forecast, an projections on its main web site at the page titled IT Job Market.

Factors driving the IT job  market in 2017 will be:

  1. The job market will be in favor of the IT professional job seaker
  2. IT will pay IT professionals to swith companies this year
  3. IT professionals will and should ask for pay raises this year
  4. There will be a labor shortage of IT professionals who are social media , programmers, security, and networking experts.
  5. More IT pros will become freelancers and contractors who prefer to telecommute and set their own hours.
Download Selected Pages

Women CIOs comprise over 20% of all CIO roles

Women CIOs  hold over 20% of all CIO roles according to data analyzed by Janco Associates

Women CIOs – In the process of capturing public data on CIO compensation, Janco has found that well over 1 out of 5 CIOs is a women.

Women CIOs and other C-Level positions

According to the CEO of Janco Associates, at least two thirds of large public companies doing CIO searches require the recruiter to include women in the candidate pool. Further, when “all else is equal”, between a male candidate and a female one, companies are tending to choose the latter specifically to enhance the diversity of perspectives on the management team.

Unfortunately, even with this data, there are still too few women in senior, experienced roles to populate the candidate pools of all diversity-minded companies. So it’s not enough to decide at the CIO level to hire a woman. The relevant decisions must be made and opportunities offered earlier, at the developmental stage of potential finance leaders.

Companies need to provide more mentors who can share wisdom about things like where to invest time and ways to be motivated.

For those with leadership potential who prioritize family and stability over always making the best career move, the path to the C-suite may be inherently more difficult in CEO and finance than in other functions, like IT and human resources.