New IT jobs created in 2015 forecast is 160,000 according to research firm
New IT jobs created in 2015 forecast is 160,000 according to Janco – With the completion of the 2015 Mid-Year IT Salary Survey and interviews with over 100 CIO, Janco forecasts that a total of 160,000 new IT jobs will be created in 2015 by the end of the 4th quarter.
Forecast of IT Job Market Growth
Driving that growth is the demand for IT jobs and an overall improvement in the current economic environment
In the short term it looks like companies are looking to hire IT staff, contractors and consultants. For the first time in several months the IT Job Market looks strong.
Based on Janco’s interviews and survey data the following positions are in high demand.
2015 Mid-Year Salary Survey Released by Janco
2015 Mid-Year Salary Survey – Janco Associates, Inc. has just released its 2015 mid-year salary survey. To read about the salary survey go to http://www.e-janco.com/salary.htm.
IT Median Salaries Mid-Year 2014 vs. Mid-Year 2015
The major finding are:
- In the prior 12 months the IT job market grew by 139,100.
- IT compensation for all IT Professionals has increased by 1.22% in the last 12 months.
- CIOs compensation across all organizations has shown another increase. The mean compensation for CIOs in large enterprises is now $189,324 (up 2.14%) and $174,520 (up 1.44%) in mid-sized enterprises.
- Positions in highest demand are all associated with security, training, large data center management, distributed/mobile system project management, quality control, BYOD implementation, capacity planning and service level improvement.
- Over the long term IT executives have fared better in large companies than mid-sized companies.
- On shore outsourcing has peaked and companies are looking to bring IT operations back into their direct control and reduce operating costs.
- Mandated requirements for records management systems and electronic medical records have increased the demand for quality control staff and custodians (librarians) of mechanized records.
- Companies are continuing to refine the benefits provided to full time IT professionals. Though benefits such as health care are available to 80%, IT professionals are now paying a greater portion of that cost.
Digital Disruption is a critical concern of executive management
Digital Disruption – The digital narrative is continuing to gain prominence in Boardrooms and there is a need to understand the impact of digital disruption.
Digital data now can and does disrupt the business model and changing business outcomes in most companies.
It has been predicted by industry experts that 70% of IT will be absorbed into business in the future. Talent is paramount for success in the digital world. The role of CIO is changing to become the strategy officer, chief technologist of the company, and preparing the company for infusion of technology in their products, processes and every sphere of business world.
Digital data is accelerating advanced security initiatives for enterprises: The world of digital is ubiquitous and highly connected. The connectivity is increasing at an exponential pace. It is estimated that wearables will be 30 billion devices by 2020.
Security is a risk and also an opportunity to increase the pace of innovation. Focus on security brings peace of mind. With recent incidents in large enterprises, organizations have stepped up their pace of investing in security initiatives. Innovation is paramount and instead of playing a catch up game, it is time for enterprises to move ahead of the curve.
CIO security role
CIO Security Role – CIOs have an evolving role, and are more than ever concerned about IT security and data breaches. World Class CIOs are strategic partners to the board, the CEO and CFO. They are the risk manager and communications specialist with a focus on all of the information assets of the enterprise.
These CIOs know that preparation can make all the difference in a later outcome. The governance of the cybersecurity program, the adherence to the security infrastructure, media and interested parties communication plans and the creation of metrics are key components of preparing for a breach and the public information about a security incident.
A key question to ask is what the primary concerns of the board are, CEO and CFO— are they afraid of financial loss or are they more concerned with reputational and regulatory risks? Who would be most affected by a data breach? How will you provide information to those who have had their data breached — by mail, email, newsletters, through call centers, through social media?
Security Tools for the CIO
Analytics – Why CIOs Should Lead the Effort
For every business process to be truly successful there needs to be a infrastructure underlying the analytics effort and a leader in order for it to be effective. CIOs are the logical choice to manage analytics and put it to work to serve the organization’s needs.
- CIOs manage most of the massive quantities of data that companies are collecting from their own operations, supply chains, production processes and customer interactions. Many CIOs are already using analytics to better understand where the business is strong and where it needs improvement, and how to allocate limited resources more effectively. Analytics empowers CIOs communicate information necessary to control operational business decision-making. Profit can fall between the operational cracks and analytics can be a game changer by leading to improved operational discipline.
- Many organizations are already using analytics to address their strategic issues. With analytics, CIOs can continue to expand their management and leadership roles in improving ROI, strengthen their ties throughout the business and expand their influence outside the technology function.
- CIOs’ position as the managers of technology across the organization gives them the access to information that is needed when analytics produces insights that debunk some of the myths or accepted wisdom that can reside within the business, or about constraints on business performance. When people are provided observations that do not align with their thinking, there is a tendency to say, “That can’t be right,” and it can be challenging to convince them that the results and the data they’re based on are accurate. If they don’t trust the messenger, they are unlikely to trust the message.
The quality of IT systems and applications is driven by what is measured, the quality control, including version control, that is utilized as the standards of the enterprise. With that Janco with its clients has created infrastructure tools, which when implemented, assist CIOs and IT organizations to become world class providers of services to their enterprises and customers.
Employment picture is mixed in latest BLS data
Employment picture is mixed – The latest BLS data shows that there are 16 states that have unemployment rates that are over 6%. In addition there are 11 other states were the unemployment rates have gone up in the last 3 months.
Employment Picture for IT Job Market – On a monthly basis – typically on the first Friday of the month – Janco publishes an analysis of the IT Job Market utilizing the BLS labor data and it proprietary data. See the latest press clipping go to Janco’s Press Clippings and eJobDescription.com.
Historic State Unemployment Rate
Top 10 Best Practices Cloud Security Defined
Top 10 Best Practices Cloud Security
Top 10 Best Practices Cloud Security Defined – The need to lower cost, increase efficiency and conserve cash has increased the motivation of companies to turn to Cloud Computing and increased the appeal of alternative delivery models. The disruptive shifts in new demand and supply patterns drives changes for how IT services are bought and from whom. Cloud computing requirements need to be well defined. CIOs need to consider implementing these best practices.
- Utilize a SDM (System Development Methodology)
- Implement a disaster recovery and business continuity plan
- Implement metrics and cloud application monitoring
- Utilize a secure access and change management system
- Utilize a patch management approach to install revisions
- Implement a log management system
- Implement firm security policies (see http://www.e-janco.com/Security.htm and http://www.e-janco.com/cloud.htm)
- Review latest published cloud vulnerabilities
- Use independent 3rd parties to find security vulnerabilities
- Conduct a security compliance audit
The Cloud Guide and the Businesses and IT Impact Questionnaire are over 120 packed pages and include everything needed to plan for, negotiate, and manage an outsourcing process within an enterprise. The top 10 best practices cloud security were the base for the creation of this. The electronic document includes:
- Cloud Outsourcing Management Standard Overview
- Cloud Outsourcing Policy Standard Policy
- Cloud Outsourcing Approval Standard Process
- Sample Service Level Agreement
- Service Level Agreement Metrics Definition
- Outline for Contract Negotiation
- Base Case Development Detail
- Mutual Non-Disclosure Template
- Job Description for Manager Cloud Applications
- Job Description for Cloud Computing Architect
- Business & IT Impact Questionnaire
- ISO 27001 & 27002 Security Process Audit Checklist
10 Things To Avoid In Your Resume
10 Things To Avoid in your Resume – Your resume is the primary marketing tool that you have. Here are the 10 things that your need to avoid:
- Resume that is too long – Most resume readers will just look at the top 1/3rd of a resume in the first screen and many of them will “throw out” the multi-page documents. That is especially true of mid-level and senior level managers. Keep your total resume to 2 pages or less.
- Resume that does not represent you in the best first impression – Everything that the physical or electronic resume does is visual make sure that the resume looks good. There is your chance for a first impression and it need to be good.
- Resume that is not structured well – On first glance if a resume looks cluttered or is just a long set of words which is “difficult” to get a quick image of a candidate can be excluded by the resume reader. Bullets, limited bold text, and a summary at the top are key directions to take.
- Resume that contains spelling errors – If you make this mistake you often will not even be phone screened. This error is direct path to the circular file.
- Resume that contains grammatical and tense errors – This is just as bad as spelling errors in the minds of many resume screeners. Do not user complex sentences and avoid starting with prepositions.
- Resume that does not agree with your “social profile” – Recruiters now look at social media and their network of other professionals and you resume needs to be in agreement with what the rest of the world see about.
- Resume that contains a photo – Do not include anything that shows your age, race, or appearance. You could be excluded from an interview for being “too old” or “too young” or other non related factor.
- Resume that is not 100% accurate – Everything needs to be truthful and accurate. Not matter what the factor is there should be no grey areas or out right “lies” in the resume. Those will come back to bite you.
- Resume that is the same for each job and company – With word processors and email you should at least have a custom cover letter that address the “specific” job or company that you are sending the resume to.
- Not following up – If you do not hear back from a company and have sent a resume in, it is a must to follow up and see if the job is still open or if there is another position that you might be able to fill.
Top 10 Reasons Why Security Breaches Occur
With all of the concerns about security breaches, still one out of ten CIOs and CFOs feel they do not have an adequate security strategy in place and are reactive when an incident does occur. Many of them find out, the hard way, that the cost to react to an event is significantly greater than it would have been to implement an adequate solution before hand.
The top 10 drivers of security shortcomings include:
- Insufficient funding for security
- Lack of commitment by senior executive management
- Lack of leadership in the security arena by the CIO
- Belief that the organization will not be targeted
- Lack of internal resources who are “security” experts
- Lack of an effective IT security strategy
- Lack of an action plan on how to implement a solution before an event
- Infrastructure for IT that does not easily lend itself to security implementation including complex and disjointed applications and data
- No central focus with the enterprise that focuses on security
- Lack of a good termination policy for employees and contractors
In a review of over 200 incidents we have found the frequency of these types of breach losses to be as depicted in the chart below:
CIO responsibilities – The Chief Information Officer (CIO) and Chief Technology Officer (CTO) traditional responsibilities has been expanded to be have major value added component. There are seven (7) responsibilities the CIO and CTO have are:
- Strategy and Planning
- Risk Management
- Business Processes
- Strategic IT Initiatives
- Enterprise Infrastructure and Applications
Chief Information Officer – Chief Technology Officer
The traditional roles include the following:
- Define, update, and Implement IT Strategy
- Manage IT across the enterprise
- Align IT team with enterprise performance objectives
- Control performance objectives
- Control overall technology budget
- Acquire software/hardware
- Select, manage, and control IT providers
- Align IT risk management with IT productive objectives
- Defer to enterprise operational requirements
- Follow IT System Development Methodology (SDM)
- Plan and manage strategic IT initiatives
- Manage application portfolio
- Manage IT projects
- Define standards and architecture
- Coordinate (consolidate) IT processes across the enterprise
The value added r0les include:
- Align IT objectives and programs to enterprise objectives and strategies
- Coordinate IT across the enterprise
- Define metrics based on overall business objectives
- Report performance status
- Coordinate overall technology budget
- Maximize mix of in house versus outsourced services
- Establish strategic service provider partnerships
- Align IT risk management with enterprise-wide risk management
- Optimize and design enterprise process
- Define and adjust IT standards and technologies
- Shift decisions to enterprise operations
- Include business process executive in IT governance
- Optimize cost of services through a mix of internal and external sources
- Coordinate security and compliance
The table below summarizes the roles by area of responsibility
10 actions to protect data assets
10 actions to protect data assets — Janco has found that more than 90% of all data breaches affecting 500 or more individuals are caused by an organizations’ own employees, not hackers. Since ninety percent of an organization’s data breaches are due to “friendly fire” – the mistakes and transgressions of the business’s own employees and business associates CIOs and CSOs need to take a leadership position in managing this. By taking specific actions, a company can greatly reduce the likelihood of these internal breaches – both the careless mistakes and the malicious acts.
Here are 10 actions that a CIO or CSO can take are:
- Instill on all employees that they are the first line of defense when it comes to data protection and data security.
- Develop and implement specific policies and procedures regarding the handling of proprietary or sensitive information. Have employees sign an acknowledgement form indicating that they have read the policies and understand their responsibilities.
- Validate that the policies and procedures meet all industry and mandate compliance requirements.
- Improve training and require all employees to take. Many organizations think that a general 30-minute online information-security training followed by 10 questions is sufficient for employees to know what they should do in a given situation. However, the lack of specificity to their own responsibilities opens the possibility of unintentional exposure of, or unauthorized access to, protected information.
- Maintain a tight control on all data assets and ensure only the minimum necessary access to the information. Organizations need to take the time to assess the functions or roles in the organization that need access to confidential information, and to document the process for initiating and terminating that access. The most damaging impact on an organization can be caused by a disgruntled employee who is terminated from the organization, yet his or her access to information is not cut off in a timely fashion.
- Require all passwords be changed frequently and not be repeated.
- Communicate, enforce and apply consistent sanctions for information privacy or security violations. If there is no punishment for accessing or sharing information, people are more apt to do so. For example, rural hospitals and health plans have significant problems with employees snooping into medical records of colleagues, ex-partners, and others in the community. Larger hospitals and rehab centers have to address the improper snooping into the medical records of celebrities and prominent public figures. An organization can suffer significant financial and reputational damage if steps aren’t taken when bad behavior occurs.
- Monitor employee activity both on PCs and mobile devices. Doing so ensures appropriate access and can unearth any unusual activity. Take the time to review or randomly sample usage reports to identify any potential problems early and initiate remediation activities.
- Ensure adequate oversight or governance of information security programs. This is necessary to evaluate the causes of security or privacy incidents, apply consistent sanctions, monitor training activities, provide resources for mitigation and remediation of impermissible disclosures, and make information security part of the organization’s culture.
- Have independent 3rd parties test the data protection and data security compliance practices.
Security Policies – Procedures – Audit Tools
Top 10 CIO Concerns
Top 10 CIO Concerns – With the changing economy and improved outlook for IT spending, Janco has identified the top 10 CIO concerns.
The top 10 concerns are:
- Security – as more instances of cyber-attacks are identified CIOs are well aware that their jobs are at risk if this occurs under their watch,.
- Cloud Computing – This is the new hidden IT that is driving many new applications and is not under the complete control of the CIO and IT organization.
- Infrastructure – No longer are those interacting with the data and systems in a single location utilizing standard hardware and software. Records management, retention and destruction as well as version control are just a few of the areas that CIOs need to manage and control.
- Consolidation – Islands of data and computing continue to exist as new technologies are implemented. Redundancy leads to disparate information and needs to be resolved.
- Big Data – As data is consolidated it needs to be analyzed more quickly so that decision making within the enterprise is improved.
- Automation – Traditional functions are now being eliminated and automation needs to take placed which will meet the strategic objectives of the enterprise.
- Mobile Computing – BYOD and mobile applications are where users are looking for support in order to improve their bottom line results.
- Staff Retention – During the past few years that has not been an issue but now with an improved IT job market staff will leave.
- Social Networks – This is the wave of the future and needs to be managed more effectively.
- Succession Planning – Not only for the CIO role but for all of the other key roles within the IT functions. Job family definition is now a priority.
Disaster Recovery Backup
Disaster Recovery Backup and Backup Retention Policy Template
CIOs and IT Managers need to consider mandated compliance requirements
Disaster Recovery Backup Solution – Just added Best Practices for Backup, Cloud Backup and Mobile Device Backup. IT organizations of all sizes contend with a growing data footprint with more data to manage, protect, and preserve for longer periods of time. Online primary storage, has focus a on fast low latency, reliable access to data while near-line secondary storage has a focus on low cost and high capacity.
Question that need to be answered are:
- Is our data safe in transit and at rest?
- What prevents hackers from gaining access to our data?
- Is our data properly handled, stored, and deleted?
- Who can access our data?
- What are the benchmark measurements?
- Is our data backup strategy compliant?
- Will our recovery be successful?
Malware mobile devices are reasonably safe from them
Malware mobile devices are reasonably safe from those attacks based on a number of reviews of malware attacks. Typically new malware attacks are only in play for a week and after that fewer than 2% go on for more than 30 days.
That is not to say that malware will continue to be a non-issue. With the new move to mobile devices we expect this profile to change and malware as well as other attacks to become more common, extensive and pervasive.
CIOs and CSOs will need to watch this closely. This is especially with the new changes that Google is putting in place for it ranking systems and adding focus on mobile sites that are responsive.
Security Manual Template and Compliance Tools
Security Policies – Procedures – Audit Tools
ISMS 10 reasons why CIOs should implement
ISMS – 10 reasons why — Some CIOs believe that their companies do not need a formal Information Security Management System (ISMS) because they already have security policies and procedures along with controls in place or are deploying other technologies to protect their enterprises from cyber-attacks.
However here are ten reasons CIOs should implement an ISMS in their enterprises:
- An ISMS includes people, processes and IT systems, acknowledging that information security is not just about software, but depends on the effectiveness of organizational infrastructure, processes, and the people who manage and follow them.
- An ISMS provides standard set of terms and communication methods for everyone to be educated in.
- An ISMS helps enterprises to coordinate all security efforts (both electronic and physical) coherently, consistently and cost-effectively.
- An ISMS provides enterprises with a systematic approach to managing risks and enables enterprises to make informed decisions on security investments.
- An ISMS can be integrated with other management system standards (e.g. ISO 22301, ISO 9001, ISO 14001, etc.) ensuring an effective approach to corporate governance.
- An ISMS creates better work practices that support business goals by asserting roles and processes that have to be clearly attributed and adhered to.
- An ISMS requires ongoing maintenance and continual improvement, which ensures that policies and procedures are kept up to date, resulting in better protection for your sensitive information.
- An ISMS gives enterprises credibility with staff, clients, suppliers, customers, and partner organizations, and demonstrates due diligence.
- An ISMS helps enterprises comply with corporate governance requirements.
- An ISMS can be formally assessed and certified against ISO 27001, bringing additional benefits such as demonstrable credentials, customer assurance and competitive advantage.