The H-1B program is adversely impacting IT pros and the US job market as a whole. The idea of the program was to make easier to attract talented individuals to work in the US. It has now gotten to the point that it is just like manufacturing that the US has lost by encouraging companies to do it for “less”.
Companies like Tata (from India) are hiring workers at low wages from third world countries, moving them to the US so that US workers can train them, and ultimately be displaced via off-shoring or outsourcing.
The latest data from the Department of Labor shows that over 75% off all jobs foreign workers are getting visas for are in what they call the IT occupation.
Looking at the data, in 2015 only 112,000 new IT jobs were created. At the same time the over 400,000 visa applications were filed by corporations for foreign workers. There is something wrong with this picture as all of these jobs are high paying ones and the foreign workers are taking these jobs a wages that are lower than domestic IT workers would be paid.
Growth in IT Job Market has come to a standstill. For the first four month of this year. Each month this year the IT job market has not grown at all as compared to 2015.
There are some new IT jobs that are continuing to be created. However the number of this new jobs is small at best.
The CEO of Janco was quoted as saying, “There is an acceleration in the rate of slowdown in the IT Job Market. If this continues, as we think it will, there is a probability that there could potentially be a net decrease in the size of the IT Job Market in 2016. We will only be able to get visibility of that when we see one or two months of new data. However, we have already lowered our best case forecast for net new IT jobs for the balance of this year.” He added, “Many companies are cutting back significantly on contractors and consultants. That trend will continue until at least the 3rd quarter of this year.”
Top 10 Technology Travel Tips – When people traveling, especially internationally, not only is technology at risk but also sensitive personal and work information. Below are 10 tips taken from Janco’s Travel, Electronic, and Off-Site Meeting Policy.
If it’s not necessary, don’t travel with a computer or tablet.
Whenever possible, arrange to use loaner laptops and handheld devices while traveling.
If you are bringing a laptop with you, make sure you have the proper plug adapter.
Install a host-based firewall, and configure it to deny all inbound connections.
Disable file, printer sharing, and Bluetooth. Apply full disk encryption, picking a long, complex password
Update all software immediately before travel.
Always clear out browser cache before you leave.
Backup your computer
If you are bringing private data, not on a computer, copy the data onto an encrypted USB memory device
Change the password for your accounts email, Gmail, Facebook, etc.
Utilize complex passwords – Assume the workstation or medium will be lost or stolen.
Memorize the password, or keep it in a secure location on your person.
Password protect the login, and require the password after screen-saver.
Password Requirements and Management Issues Password Requirements and Management Issues The passwords should not be reused across many accounts, but should preferably be unique to each account. (single-sign-on services & password...
Top 10 Worst Passwords Top 10 Worst Passwords Users have continued to use the same worst passwords to access secure systems for several years Top 10 worst passwords –...
Wearable Device Security Concerns Wearable Device Security Concerns Wearable Device Security – Over 300,000,000 wearable devices are going to be deployed in the next several years Wearable Device Security –...
SEnuke an adventure into poor service management. We have just spent a week of our lives working to get SEnuke – an SEO google search tool to work and have been frustrated beyond belief.
They came out with a new version that looked like the best thing since sliced bread. Here are the problems that we encountered.
Day 1 when when they launched the site was “down” in that you could not download the program. The page said try back in 30 minutes. It took a full day to get the download to work.
When it installed, it did not uninstall the older version but left traces of it on so that “mysteriously” over the next week at times the older version executed confusing the heck out of me.
The marketing material said that Captcha was included – however the SEnuke Captcha did not work for the better part of a week so that I had to purchase a service for that.
When tried purchasing Captcha, all of the listed companies did not work. Links were to sites that were disable or not there. In addition each of the sites had their own userids and passwords. By the time that I was done shopping I have over 7 sets of them.
The application was to create links and URLs. It did not do that. The help, which was via a blog forum, after two days told me I had to get the update.
I got the update. However, it could not be installed because it was classified as an UNSAFE publisher. The certificate they had from GODADDY.com had been REVOKED.
When I posted on the SEnuke forum the response I got was that I had to put an exclusion in my Norton. I had already done that and even turned off Norton, but it still did not install.
I posted that we would PAY for support to get it to work. No response from them.
Considering they want close to $150 a month for their product it is not worth it. Finally after almost a week of effort I cancelled the service and created this review of the product.
10 steps to implement cloud SaaS – As more CIO and other C-Level executives look have Software as a Service (SaaS) for interaction with their users, customers, suppliers, and markets there are some best practices that they should follow.
Evaluate the current capabilities of their IT infrastructure and application portfolio. Included in that an assessment of the competition and the state of opposing competitive solutions.
Develop a roadmap with priorities for SaaS/cloud deployment. Establish who the drivers and owners of the SaaS process are.
Establish clear governance that considers key stakeholders for cloud deployments. Include budgetary responsibility as well as for achieving stated goals.
Develop metrics for performance and for measuring success in meeting cost and other deployment goals. Include a process for dissemination of the results in a timely manner
Adopt vendor management practices to monitor SLA performance and define responsibilities.
Provide active project management to keep implementation on time and on budget. Steering committees and SDM (System Development Methodology) need to be included in the mix.
Plan for ongoing support, acquiring or training resources for the necessary skills, and address skills gaps. Budgets and associates service levels need to be defined before the SaaS development begins.
Regularly evaluate performance and goals/metrics to ensure they are being met. Utilize every form of communication possible so the enterprise as a whole knows what the state of the SaaS activity is.
Audit compliance with security and other standards and practices and privacy policies. Build compliance into the SaaS process.
Ask suppliers to provide specific data and experience with cloud-to-cloud integration and performance.
To stop a breach tomorrow, what does the enterprise need to differently today?
Does the enterprise know if the company has been breached? How does it know?
What assets are being protecting, what are they being protected from (i.e., theft, destruction, compromise), and who are they being protected them from (i.e. cybercriminals or insiders)?
What risks does the enterprise face if it is breached (i.e., financial loss, reputation, regulatory fines, loss of competitive advantage)?
Does the enterprise’s IT security implementation match the enterprise’s business-centric security policies?
Are formal written policies, technical controls or both in place? Are they being followed?
What is the enterprise’s security strategy for IoT?
What is the enterprise’s security strategy for BYOD and “anywhere, anytime, any device” mobility?
Does the enterprise have an incident response plan in place?
What is the enterprise’s remediation process? Can the enterprise recover lost data and prevent a similar attack from happening again?
Security Compliance – Comprehensive, Detailed and Customizable for Your Business
The Security Compliance Policy and Audit Program bundle provides all the essential sections of a complete security manual and walks you through the creation of each step. Detailed language addressing more than a dozen security topics is included in 220 plus page Microsoft Word document, which you can modify as much or as little as you need to fit your business requirements. The template includes sections on critical topics like:
Risk analysis – Threat and Vulnerability Assessment via Electronic Forms
Define SLA roles and responsibilities for the enterprise and cloud providers. These definitions should include,the persons responsible for oversight of the contract, audit, performance management, maintenance, and security.
Define key terms. Include definitions for dates and performance. Define the performance measures of the cloud service, including who is responsible for measuring performance. These measures would include: the availability of the cloud service; the number of users that can access the cloud at any given time; and the response time for processing a customer transaction.
Define specific identifiable metrics for performance by the cloud provider. Include who is responsible for measuring performance. Examples of such measures would include:
Level of service (e.g., service availability—duration the service is to be available to the enterprise).
Capacity and capability of cloud service (e.g., maximum number of users that can access the cloud at one time and ability of provider to expand services to more users).
Response time (e.g., how quickly cloud service provider systems process a transaction entered by the customer, response time for responding to service outages).
Specify how and when the enterprise has access to its own data and networks. This includes how data and networks are to be managed and maintained throughout the duration of the SLA and transitioned back to the enterprise in case of exit/termination of service.
Specify specific SLA infrastructure and requirements methodology:
How the cloud service provider will monitor performance and report results to the enterprise.
When and how the enterprise, via an audit, is to confirm performance of the cloud service provider.
Provide for disaster recovery and continuity of operations planning and testing. Include how and when the cloud service provider is to report such failures and outages to the enterprise. In addition, how the provider will re-mediate such situations and mitigate the risks of such problems from recurring.
Describe any applicable exception criteria when the cloud provider’s performance measures do not apply (e.g., during scheduled maintenance or updates).
Specify metrics the cloud provider must meet in order to show it is meeting the enterprise’s security performance requirements for protecting data (e.g., clearly define who has access to the data and the protections in place to protect the enterprises’s data). Specify the security performance requirements that the service provider is to meet. This would include describing security performance metrics for protecting data, such as data reliability, data preservation, and data privacy. Clearly define the access rights of the cloud service provider and the enterprise as well as their respective responsibilities for securing the data, applications, and processes to meet all mandated requirements. Describe what would constitute a breach of security and how and when the service provider is to notify the enterprise when the requirements are not being met.
Specify performance requirements and attributes defining how and when the cloud service provider is to notify the enterprise when security requirements are not being met (e.g., when there is a data breach).
Specify a range of enforceable consequences, such as penalties, for non-compliance with SLA performance measures. Identify how such enforcement mechanisms would be imposed or exercised by the enterprise.
Documentation is a key part of security compliance — here’s how to do it right
Documentation Security Compliance – Maintaining security compliance is a multifaceted responsibility. It’s not enough to simply implement the required controls and enforce security policies. In order to remain fully compliant, businesses must thoroughly document their compliance efforts as well. Maintaining formal, written documentation of all compliance-related activities is a requirement of many regulatory guidelines, but all too often, it’s treated as an afterthought.
In many cases, compliance documentation is inadequate due to varying responsibilities. In many organizations, compliance efforts spread across departments and different individuals are responsible for various aspects of the security plan. As a result, documentation tends to be inconsistent at best, with varying standards and levels of detail. Unfortunately, such an approach to compliance can land your company in hot water should it ever be selected for a compliance audit.
Specific security compliance documentation standards vary by regulation (HIPAA has different requirements than PCI DSS, for instance) but there are some general best practices that you can follow to ensure that your compliance documentation is up-to-date and meets the requirements put forth for your organization.
Select the Right Manager
Even with a dedicated compliance department, many companies struggle with documentation. Regulatory requirements tend to be highly technical, and require writers with the technical expertise to develop them thoroughly and accurately. When the wrong individuals are tasked with creating compliance documentation, there is the potential for errors and omissions. If professional technical communicators are unavailable, establish specific standards for the creation of documentation for staff to follow, or consider outsourcing the project.
Understand the Requirements
The first step to managing compliance documentation is understanding what is required of your company and developing a consistent means of recording the necessary information. In general, this means:
Describing the specific requirement and how it relates to your business
Outlining the specific controls in place to meet that requirement
Listing the name and contact information for the person in charge of implementing the control
Designating the date that the control/documentation needs to be reviewed and/or updated
Many organizations implement a content management system specifically for the purpose of maintaining security compliance documentation. Doing so allows for information to be accessed and updated online in real time, without relying on paper copies. An efficient CMS allows for additional information to be imported as well; for instance, when you invest in a Cisco video conference system from KBZ, the information from training sessions completed by employees can be seamlessly added to the CMS, keeping records up-to-date.
Conduct Regular Audits
Compliance documentation is an ongoing process, and IT needs to schedule annual documentation reviews as part of their compliance activities. Ideally, reviews should not be conducted by those who have responsibility for specific security controls, but by other individuals who have knowledge of the controls and can identify gaps or other potential issues that need to be addressed when necessary. The annual documentation review should be focused on identifying required changes, as well as comparing the existing documentation to current regulations to ensure full compliance.
The best time to conduct documentation audits is in conjunction with your scheduled risk assessments. Most security regulations require regular risk assessments, with controls put in place in relation to the results of the assessment. Including a documentation review as a part of that process allows you to identify areas that need improvement or change, as well as activities that need to be added to your security controls.
Focus on the User
Finally, the most effective compliance documentation is user-focused, both in terms of employees who may need to access the information and regulators who will be auditing your efforts. While a focus on the technical aspects of the documentation is necessary, you also want to ensure that the documentation is usable. This means keeping it user-focused, easily accessible, and accurate. Nothing is more frustrating than attempting to find documentation that is hopelessly out-of-date or incorrect, so being user-friendly means committing to maintaining the most current documentation possible.
Failing to correctly maintain your security compliance documentation puts your company at risk for failing an audit, which could result in costly fines and other sanctions. A scattershot and disorganized approach to documenting your efforts is not adequate for anyone’s needs, and could leave your company vulnerable to security breaches in addition to regulatory infractions. By taking the time to develop a comprehensive and thorough approach to compliance documentation, you’ll save time and money in the long run.
10 Compliance Best Practices 10 Corporate Compliance Best Practices Compliance is a major issue that organizations of all sizes need to address. In the information technology field they range...
ISO 31000 Compliance – Risk Management ISO 31000 Compliance – Risk Management Cloud processing and outsourcing add external risks to a business’ operation. The International Standards Organization (ISO) has implemented a...
IT job market growth slows even more in the past month. Looking at
BLS’s data and the analysis done by Janco Associates it is very clear that job market picture for IT professionals is not as bright as it was last year.
In the first quarter of 2016 the total number of new IT jobs created was only 19,000 versus 33,900 in the first quarter of last year. This is on a base of 3.3 million jobs.
When you analyze the data it becomes very clear that the IT job market is not growing as fast as it was last year. In our interviews we discovered several causes:
Political instability both domestically and internationally – This causes enterprises to hold off on investments.
Focus on short term profitability – Investments like those with IT tend to have a much longer break-even point even if the ROI is better. With time there is risk and many C-level executives are paid on how well they are doing in the current period.
Outsourcing and H-1B workers lower demand for domestic IT pros – Both of those are like have a “guest worker” program. Costs tend to be lower and there is less of a requirement for internal IT staff.
Domestic IT pros do not have current hot skills – Skills that are in the greatest demand are too new to be in universities and technical schools. Potential employees know all about social media and smart phones. They do not have a clue or desire to “program” them. Foreign students arrive with those skills.
Now those are not the only factors, but they are key to addressing the issue of how do we create more IT jobs for domestic employees.
Both in an individual’s personal career planning and an enterprise’s staffing, promotion and compensation it is important to have benchmarks on the levels that individuals are at. To that end, one of the best objective ways to meet this goal is to have formal job descriptions and clear paths for promotion and compensation.
10 Tips to protect your personal information – According to the Identity Theft Resource Center, it takes 600 hours to restore your identity after a theft has taken place. The FTC’s new online resource aims to streamline the process of reporting identity theft to the FTC, IRS, credit bureaus, and to state and local officials.
ID theft happens when criminals use your personal information to file for a tax refund with the IRS or process a credit application to purchase an item or withdraw funds from the victims account(s). Victims usually learn of the crime after having their tax returns rejected because their impostors beat them to it, check bounce, or the victim receives dunning notices. N
Monitor credit reports – By law, you are entitled to a free copy of your credit report from the major bureaus: Equifax, Experian, Trans Union, and Innovis.
Never provide personal information over public Wi-Fi or a network that’s not password protected.
Password protections – the longer the better. Try disguising familiar phrases using a cipher.
Don’t use the same password on all accounts and change them up frequently. The more variation, the better.
Never store passwords on your computer. If you need to do it digitally, use an external hard drive or USB and disconnect it from the computer when you are finished.
Watch out for phishing emails – Throw up an immediate red flag if you receive any email asking to confirm passwords, bank account numbers, or Social Security Numbers. This includes any type of electronic communication, such as text messages and social media channels.
If you do receive a suspicious-sounding email, contact your service provider directly to verify its authenticity. If your bank is requesting updated information, log onto your online banking account and update it there (instead of clicking on the link in the email). If your account does not show need for an update, you’ll know the email was a scam.
Take physical precautions – Do not carry your Social Security card with you or write it down on checks. Only give out your SSN if it is an absolute necessity. When filling in forms for organizations, hospitals, clinics, and other companies, leave the area asking for your SSN blank.
Shred bills, credit offers, and expired credit cards to prevent dumpster divers from getting your personal info.
Layer your cyber-security – Layer defenses with a firewall, antivirus, and anti-malware that includes anti-spyware.
Password Requirements and Management Issues Password Requirements and Management Issues The passwords should not be reused across many accounts, but should preferably be unique to each account. (single-sign-on services & password...
10 actions to protect data assets 10 actions to protect data assets 10 actions to protect data assets — Janco has found that more than 90% of all data breaches affecting...
Technology Application Trends – 2010 – 2015 was the true start of the digital technology revolution that fundamentally altered the way we live, work, and relate to one another. In its scale, scope, and complexity, this transformation was unlike anything we have experienced before.
Everything was affected – politics, media, social interactions, commerce and technology itself.
Often described as the 4th Industrial Revolution, this period of digitalization continues to intensify characterized by a fusion of technologies which are blurring the lines between the physical and digital spheres for the 21st Century Enterprise. The 4th Industrial Revolution is causing widespread disruption in almost every industry across the globe, with enormous change in the skill sets required to master this new landscape. We have tailored this year’s program to explore the exponential speed of current breakthroughs (which has no historical precedent), with the breadth and depth of these changes unleashing entire new systems of production, management, governance, and Information Technology.
As digital business now moves into the next phase, autonomous and algorithmic investments will be required to improve operational efficiencies, drive down costs to run IT, and deliver the self-funded returns necessary for additional innovation and business value creation.
We do not yet know precisely how the 4th Industrial Revolution will unfold, but one thing is clear: our response to it must be comprehensive and integrated, involving all global IT ecosystem stakeholders at the intersection of the public and private sectors, and within academia and civil society.
2016 Internet and IT Position Description HandiGuide Released
There are now 273 IT Job Descriptions available that that have been updated to meet the latest compliance and new technology requirements. The HandiGuide can be acquired in MS WORD and / or PDF format. In addition we provide the option to get updates and free custom job descriptions.
Cloud Technology Impacts Outsourcing Cloud Technology Impacts Outsourcing What makes cloud computing different from this “ordinary” system of computing is that the cloud functions as a collective computer that...
Traditional ERP projects increase costs, take a long time to implement, and require larger and more specialized IT professionals
Top 10 benefits Cloud ERP — With the emergence of a secure clouds, moving to a new ERP solution is not as high-risk an event as it once was. There are some critical benefits that make a cloud based ERP a solution that should be looked at:
Vendor packages are available that create an architecture that is easily customized, modified and maintained.
Metrics can be defined up front which can be the road map for communication of the benefits and costs of the ERP solution.
The staffing requirements for scores of ERP specialists is significantly reduced and there is less risk that staff attrition could cause a delay in the implementation and deployment processes.
A cloud based solution eliminates the need for most of the on-site data center resources and is more cost effective (typically at least 30% less expensive than on-premise)
There is much less of a requirement to “re-invent” the wheel and much less of likelihood that the ERP efforts will go down a non-productive path.
Development and and implement cycles are reduced. As a result deployment is quicker, value of the precised benefits are received more quickly, and the organization faces significantly less risk.
With the cloud the ERP is more easily sized for both features and number of users supported and costs can be aligned with company’s ROI objectives.
Business continuity objectives are more easily managed as part of the core design of the ERP.
New technologies and equipment is more easily supported as a well managed vendor based solution provides the ability for the vendor to support new technologies and devices as they hit the market.
Better security and operations than companies can otherwise afford (monitoring and meeting the SLA requirements for response time, continuous backups, redundancy, SSAE 16, PCI certifications, etc.).
Client Server Application Framework article was written on the Upper Setting. It not only defined what the future of mobile and IoT applications is, but it also defines an architecture that they have implemented with a unique tool kit.
The SDK provides a client/server application framework that implements an extendable binary protocol stack, supports SSL/TLS 1.2 connections, includes an extendable security framework, includes a keep-alive/heartbeat protocol and includes a C# API for Windows and Windows Mobile, a Java API for Android and Unix/Linux flavors and an Objective-C API for iOS and Mac.
A commercial product, DotNetCloudServer SDK, which is built on top of the DotNetOpenServer, includes support for remote method invocation (RMI), variable subscriptions and event notifications.
The full article is a definite must read for a CIO and their architecture development staffs. In summary the article includes:
Session Layer Protocol (SLP)
Capabilities Protocal (CAP)
Keep-Alive Protocal (KAP)
How to extend the architecture
How to create a server application
How to create an instance using app.config
How to create an instance programatically
How to create client applications
Links and 3rd party references
Upper Setting, Inc. – Upper Setting is a small Utah USA based software solution provider. They focus on providing software engineers with off the shelf tools, custom tools and software development services to quickly create secure real-time cloud based applications targeted for any server, desktop or smart mobile device.
Data is the lifeblood of every company, and often, it is a competitive advantage and the only thing that differentiates one enterprise from another. Who has the most loyal customers, the best service, and the most innovative strategies all boils down to information residing on the enterprise’s Information Technology and application systems. For this reason disaster recovery and business continuity are a definite need. In addition, there are security requirements that need to be met. With mandated requirements like Sarbanes-Oxley, HIPAA, PCI-DSS, and ITIL, executive management is depending on you to have the right security policies and procedures in place.
Disaster Recovery Business Continuity with Security
Google has addressed this and describes it in a video that is has placed on youtube.