IT Employment Picture is spotty at best. Many CIOs were optimistic at the beginning of this year, but they have pulled back on hiring. After 5 months, there has a net loss of 7,200 jobs in the IT job market. In addition this year is trailing IT job creation of last last year by over 18,100 jobs.In interviews with over 100 CIOs, we found that CIOs are no longer as confident about the economic outlook as they were earlier in the year.
Whit this as a preamble, Janco has reduced its forecast for the number of new IT jobs to be added to be about 77,200 for the whole of 2017. Earlier we had forecast that well over 140,000 new jobs would be created.
When the CIOs and CSOs discuss common security concerns these five topics always seem to appear:
Surfing the web anonymously is a thing of the past – As online tracking systems become more sophisticated and harder to shake, the likelihood of private, anonymous browsing is becoming a long-ago memory. Take into account the latest ISP changes, where the U.S. government allows providers to not only track, but sell your browsing history without your consent. These changes in “net neutrality rules” require users to be more vigilant about their own browsing patterns. You can guard your activity by logging out of search engines before browsing, clearing your cache and search history, and switching to a private browser to minimize the various ways your browsing history is catalogued.
Anyone gain access your webcam – Hackers can and do target cameras by disabling the light that notifies of access, and keeping tabs in order to commit some sort of crime. Many users have responded by putting dark tape or coverings over their computer’s webcam. But as more smart devices are created and purchased, the surface area for webcam hacking only expands. Think, for example, of all the places you take your smartphone, with its built-in camera almost always pointing in your direction. The malware used to hack webcams, known as RAT (remote access Trojan), is often spread through spam email. Once clicked, the software is capable of disabling your light so you’re never made aware of anyone watching.
How to protect against identity theft – Be wary of sites asking for personal information to complete a basic task, such as subscribing to a newsletter. When submitting personal information, such as your address or payment method, check for https versus http and never submit this information to a party you’re not familiar with or for a request you don’t remember making.Protecting your identity, at its core, always comes back around to common sense behavior online. Understand risks, practice careful consuming, and taking precaution to diversify passwords and watch out for phishing schemes.
Free antivirus software is not free – You get what you pay for in the area of antivirus and malware protection. If it is free a lot of people use it and when there is a security hole – hackers will attack. That is opposed to paid programs were vendors constantly update the software to address new issues as the occur.
Are tablets, Smartphones and Macs safe without antivirus software? – Though the Android and Mac OS X boast of operating systems that claims they are tough to breach, they still contains weak access points. Just like any tool that surfs the web or connects to wireless routers, security is needed to scan all those items you click. (Recent research suggests Macs are now more vulnerable than PCs.)While these devices have often carried around the title of most-secure operating system, it doesn’t hurt to back up your devices with the latest antivirus security protection.
Wearable Device Security Concerns Wearable Device Security Concerns Wearable Device Security – Over 300,000,000 wearable devices are going to be deployed in the next several years Wearable Device Security –...
Top 10 CIO concerns Top 10 CIO concerns for the New Year Top 10 CIO concerns – Janco Associates has just completed an informal survey of 75 CIOs and...
eReader Security Template released with version 12
eReader Security Template has just been released by Janco with its latest update of the security manual. This is a major update as it the template now also includes KPI metrics and best practices for Security Information and Event Management (SEIM) as well as a chapter in Identity Protection.
This security template was first release in 1999 and has been updates between 3 to 4 times each year. Currently the template is over 250 pages and includes chapters on the following topics.
Security policies – scope and objectives
Minimum and Mandated Security Standard Requirements
Vulnerability Analysis and Threat Assessment
Risk Analysis – IT Applications and Functions
Facility Design, Construction and Operational Considerations
Media and Documentation
Physical and Virtual File Server Security Policy
Sensitive Information Policy
Internet and Information Technology Contingency Planning
What is Disaster Recovery Information on Disaster Recovery A disaster recovery is a response to a declared disaster or a regional disaster. It is the restoration or recovery of...
Cloud Based Disaster Recovery Cloud Based Disaster Recovery Cloud based disaster recovery is all the rage. May Disaster Recovery and Business Continuity experts are pushing this cloud solution because:...
About CIO blog has proven tips and tools. This blog is intended for the CIO and IT Managers. The blog discusses Disaster Recovery Planning, Business Continuity,...
Tech savy young hires talent Shortage is real for many enterprises
Tech savy young hires talent shortage is widely discussed among CIOs. The shrinking unemployment rate has drained the talent pool in many corporate IT functions and industries, and companies continually complain that they can’t find qualified staff. For Information Technology departments, the problem is different: If they were looking solely for the technical skills they wanted years ago, they would be overwhelmed with candidates. Today, though, such skills are table stakes, and the focus is on finding people who stand out because they have other desired qualities as well.
Given companies’ increasing reliance on data in decision-making, demand is soaring for a demonstrated aptitude for analytics. Even more important for the long-term success of new hires, however, are assorted “soft” skills that allow them to communicate and collaborate with others, as well as influence others’ attitudes and behaviors.
According to some CIO, there is not a shortage of finance talent per se, but there is a shortage of people who have both technical expertise and these additional skills that will enable them to work well inside an organization.
Given this shortage, IT departments are aggressively positioning themselves as employers of choice. And they can’t allow themselves the luxury of easing up on that quest, since their competitors are doing the same thing.
What are CIOs and CFOs looking for
CIOs and CFOs are telling Janco Associates they want Information Technology students who know how important application strategy will be in any IT function and who show a willingness to embrace and explore analytical tools and methods. Students don’t necessarily need to know how to code. Many companies that are successfully hiring young candidates with prowess in analytics are looking beyond traditional sources like business schools and accounting firms.
The problem is that demand for those candidates far outpaces supply. CIO should be looking for people who may not have the desired business background or professional experience but who possess the analytical skills IT pros need now and in the future.
10 point DR power checklist defined in Janco DR/BC Template
10 point DR power checklist — After an event that disrupts a network, availability of power to recover and run the network often is critical. Below is a 10 item check list of what to consider in your disaster recovery – business continuity plan.
Electricity, water, broken wires do not mix. Before anything else validate that the power source and power distribution systems are dry and functional before power is turned on.
Understand the minimum power requirements to be operational. Have a clear understanding of a facility’s critical loads.
Have an adequate fuel supply to operate backup power sources. Make smart fuel and technology choices, considering things such as if natural gas pipeline service were to be disrupted in your community. Make sure that you have sufficient fuel storage capacity onsite for an extended outage.
Set reasonable response times for standby generator. Frequent outages of a few seconds, a few minutes, or more, can have significant cost implications for businesses. While some other generators take up to two minutes to engage, diesel-powered generators are uniquely able to provide full load power within 10 seconds of a grid outage.
Maintain your equipment and test it operations. Standby generators should be exercised periodically to ensure they will operate as designed in the event of an outage.
Understand your environment and geography. Even the best generators won’t work underwater when subjected to extreme flooding. Check unit location for protection from flooding and ensure you use the proper gauge extension cord.
Set up generators in an “open environment”. Use generators or other gasoline or charcoal-burning devices such as heaters in an open area or outside near an open window. Carbon monoxide fumes can build up and poison people.
Quarterly review your load. Know when there are any new demands or critical circuits to protect. If you’ve added new computers or other power-hungry devices, consider updating switchgear.
Meet all mandated compliance requirements. Make sure you have the proper permits and records on operations.
Optionally contract for a rental power source. Consider a rental generator power for use in the event of an extended outage.
10 Point Checklist DR Power Requirements 10 Point Checklist DR Power Requirements 10 point checklist DR power requirements in Janco’s Disaster Recovery Business Continuity template. The checklist addresses the issues associated with...
10 Disaster Recovery Lessons Learned 10 lessons learned in Sandy’s aftermath on disaster recovery and business continuity The impacts of Hurricane Sandy have crystallized many executives’ minds on the importance...
Top 10 tips and best practices to improve social networking security
Top 10 tips to improve social networking security are necessary in order to secure the enterprise’s data and reputation.
Educate employees – Educating employees of best practices can help improve the overall security of the business. Awareness through seminars, workshops, and other programs help educate how attackers use social media to target a brand via individual employees.
Have employees use different passwords for different system – Encourage users to have multiple unique passwords. This can be support by implementing a cloud based password management system.
Mandate strong passwords – Make it a requirement to have unique strong passwords.
Have employees change passwords regularly – One every three or four months communicate with employees to tell them it is time to change their passwords.
Do not share accounts – For social accounts that represent the enterprise only have one user per each and the linking e-mail account should be one that is in the enterprise domain and will remain with the enterprise in case the employee leaves or is teminated
Implement two factor authentication – Many of the larger social networks provide two-factor authentication, commonly in the form of a code sent to their smartphone or email each time a new device or browser attempts to login to the account.
Educate employees to NOT open email attachments or go to links where the originator is not known – Stress the practices of carefully reviewing URL links before clicking to make sure the company and site name are spelled correctly. Cybercriminals will often blast out links that are very similar to a real address adding, subtracting or rewording parts to differentiate them.
Utilize antivirus and security software – . No matter how careful a user is, there’s always the risk of accidentally engaging with a malicious link – and just one unfortunate click can lead to months of recovery time.
Don’t friend people you do not know – Companies should encourage employees to thoroughly vet a friend request before hitting “accept”. They should check to see if other colleagues are also connected to the account. If the account seems suspicious or you don’t know the individual, ignore or report the user, and refrain from clicking on any links they may have sent.
Validate and verify – just because it is on the Internet does not make it true.
Top 10 WYOD Best Practices – Employees bringing their own smartphones into the workplace started the BYOD trend requiring enterprises to deal with the serious security implications that come from these devices. The decision for employees to wear their own device (WYOD), such as an apple watch that can link to your Wi-Fi; capture audio, video and data; store; and transmit poses similar problems for IT departments. Employees and individuals outside of the enterprise can use these devices, sometimes discretely, to access and share business content.
This puts corporate data and infrastructure at risk, and reinforces the need for IT managers to focus on securing the content, rather than the device that’s in use. Wearable devices simply add another level of access and security concern to what we’ve already seen with the BYOD trend.
Here are top 10 best practices for WYOD:
Have a strategy for how, when and why WYOD devices can be used
Implement an acceptable use policy
Identify the connectivity options that are available to both internal and external users
Approved devices should be easily connected to the available secure access points
Define a management process for the WYOD devices
Plan for the activity WYOD devices will add to the network
Make collaboration tools a priority
Secure the end points and isolate sensitive/confidential information and locations
Be prepared for little to no advance notice on upgrades
10 best practices electronic meetings 10 best practices electronic meetings 10 best practices electronic meetings have been identified by Janco Associates, Inc. They are: Have an agenda that is available...
10 BYOD Best Practices for CIOs BYOD Best Practices for CIOs Bring Your Own Devices (BYOD) is exploding all over corporations. CIOs are in the cross hairs and need to follow...
Why H-1B is wrong solution – a question that we have been asked
Why H-1B is wrong solution – a question that we have been asked by a number of reporters (see press release). Below are two tables that Janco has created in getting the answer to that question.
Below are some of the questions that we were asked by a reporter for a national publication.
Reporter: Is the Information Security Analysts job the only H-1B security job in your findings?
Janulaitis: Yes, that is the only pure security role. However, there are individuals who have those skills and are classified as Network and Computer Systems Administrators. They fill some of the roles of the security analysts.
Reporter: Do you have any insights into whether that number is so low because. A) no company’s are looking abroad for security skills. or B) people with these skills are applying but not getting accepted?
Janulaitis: First there has to be demand for that role. Many C-Level executives do not feel comfortable with security being done by non-US workers who are not on shore and/or are outsourced.
When C-Level executives have a choice, the idea that an H-1B is responsible for security is not one they relish. They need some assurance that H-1B employees will remain with the company. There have been too many hacks that have taken place where immediate response is required. There is less control when the individual is an H-1B employee that is a contractor. Companies like Microsoft and Apple (vs Tata’s) offer real opportunities for security specialists. These are US companies, not outsourcers, and have a long term view. I know both Microsoft and Apple have good internal training programs in place with real career paths for the “best of breed” technologist that they hire with H-1Bs.
Reporter: Do you think that IT security and cyber-security skills should be given special consideration for H-1B visas? Under the proposed revamping of the program that may include moving to merit-based selection program rather than a pure lottery system.
Janulaitis: In general, all H-1B visas should be merit based. My feeling is that the first choice for jobs should be US nationals who are qualified, then foreign nationals who are graduates of US Universities and want to become US residents and lastly, graduates of foreign Universities who want to become US residents. The idea that there is a lottery and companies like Tata win a large number of positions that they then use to “replace” US workers does not make any sense at all. The purpose of the program is to give the US a competitive edge in technology not reduce cost for US corporations.
Reporter: The question is being raised because the global demand for cyber-security workers is expected to reach 6 million by 2019. There is a projected shortfall of 1.5 million qualified security pros. More than half of organizations today say that finding and recruiting talented IT security staff with the right skill sets is a “significant” or “major” challenge.
Janulaitis: First we start to educate our IT pros in the disciplines required. Then have jobs for them when they graduate and there will be much less of a need for “foreign” workers. It should be a H-1B requirement that these individuals have a “desire” to become full time US residents. If companies like Tata game the system, they should be penalized. Perhaps they could be required to post a bond of say 20% of the annual salary be put in trust. That would be returned when the individual qualifies to be a permanent resident. If they do become full time residents within a specified period, then the bond would be forfeited and the individual would have to leave the US. We need to take the profit out of gaming the H-1B program.
Reporter: Any other insight you might have into this would be greatly appreciated.
Janulaitis: Companies like Tata should not be allowed to get the number of H-1B visas they do. They are gaming the system by creating US subsidiaries that are just a shell to get revenue out of the US and not necessarily help the US to be a technology leader. The focus of the H-1B program should be to get foreign nationals that are world class to come to the US, become full time residents, and contribute to our society. Currently students come to the US and take the limited number of advanced degree slots available we have and are capping the number of US nationals who can fill them. It is not the US’s role to educate the world. We need to do everything possible to have H-1B visa holders stay here. It is not good when over 75% graduates leave and go back to place like China and India.
I believe much of the problem we have is due to our educational system. We need to have more of a focus on math and science and less on social engineering. As a county we spend more on education but rank behind Poland. We have a bias towards foreign nationals in our graduate and doctoral programs. We need an educated population of college graduates who focus on both math and the science. Then we need to have jobs for the individuals that have STEM (Science, Technology, Engineering and Math) degrees. That includes undergraduate as well as masters and doctoral degrees. It is much easier to grow our skill base if we have the professors who can teach those subjects. China, for example, is graduating more students from it universities in robotics on an annual basis than we have in total.
Changing H-1B visa program should be a priority. There are too many companies that need top IT talent. We should not waste H-1B visas on companies that want to reduce costs. It would be better to pay foreign nationals who bring value to The US economy. There is no way that we can maintain a leadership position in IT by cutting costs and eliminating US based jobs and resulting experience and training.
The current H-1B system is being gamed by outsources. That just has to stop. Suggestions for changes that should be made are:
Eliminate the lottery.
Give priority to only those companies who have graduates from US universities. Do not allow companies to use foreign nationals who have not attended US universities. At the same time allow for exceptions for individuals who command salaries in excess of US median salaries for positions in question. Include a bond equal to 20% of annual salaries. Refunded to companies after individual becomes a full time resident.
3. Certify companies are NOT just replacing US nationals for profit. If they are, do not allow them to get any future H-1Bs and have them re- justify any existing H-1Bs. Use industry groups for the justification process not govt employees or agencies.
These are simple changes to the H-1B program but they need to be made if we are to maintain our technical leadership.
Janco Associates has just released its 100 IT Infrastructure Electronic Forms . Victor Janulaitis the CEO of Janco Associates, Inc. said, “Over 1,000 companies in over 120 countries have selected the Janco’s CIO IT infrastructure Policy Bundle with electronic forms.” He added, “Forms include all areas of IT including Disaster Recovery/Business Continuity, IT Service Management, Records Management, Records Retention, Safety Program and Threat/Risk Assessment.”
The CEO added, “Many of the best features are that they comply with US state and federal mandates, EU requirements, and ISO standards. Best practices are followed on all of the forms product.”
The Infrastructure Electronic Forms are delivered electronically and comes as an easily modifiable Microsoft WORD and PDF documents. They include everything needed to implement a seamless electronic document management system which works on Smartphones, tablets, and desktops. The forms can be acquired with Janco’s CIO IT Infrastructure Policy bundle or a as a standalone item. Janco also offers and subscription update service for 12 or 24 months.
The CEO said, “Enterprises around the world are moving away from paper files to electronic ones. CIO who are on the top of their games have already started this implementation. It will only be a short time until electronic forms will be a best practice.
Mid-Year Salary Survey Released by Janco Mid-Year Salary Survey Released by Janco Mid-Year Salary Survey – Janco Associates, Inc. has just released its 2015 mid-year salary survey. To read about the salary...
10 best practices electronic meetings 10 best practices electronic meetings 10 best practices electronic meetings have been identified by Janco Associates, Inc. They are: Have an agenda that is available...
There are 10 burning questions that CIOs need to have answers to.
The chief information officer’s (CIO) role, responsibilities and influence is growing in today’s boardroom. And the CIOs job itself is expanding as well. The CIOs of the next decade face many challenges. The CIOs who will succeed will have a common set of skills.
The 10 CIO questions are:
Can the CIO and IT organization sustain technology hype and deliver value?
How secure is the data of the enterprise and its customers and suppliers?
What is the next core systems evolution that the CIO and IT organization going to undertake?
How and when will drones be used with the enterpriser?
What are the implication of “industry giants” like Goggle going to impact the operations of the enterprise?
Can Blockchain (a distributed database that maintains a continuously-growing list of ordered records called blocks that interconnect enterprise data) be implemented within the enterprise?
Can enterprise’s product designs keep up with opportunities from technology?
Will vendor consolidation continue?
Is digital distribution and marketplace about to take over?
Are KPI metrics and analytics investment paying off?
10 Security Assessment Questions 10 Security Assessment Questions Security Assessment Questions To stop a breach tomorrow, what does the enterprise need to differently today? Does the enterprise know if...
Top 10 Smartphone features to be added in the next new devices.
New designs: Samsung looking at a folding smartphone, Apple face lift to phone hardware and core application
Faster processors: Qualcomm has announced the Snapdragon 835, which could be installed in some premium Android smartphones from top mobile companies. Some may opt for Mediatek’s Helio X30, which has 10 CPU cores
Virtual reality: It’ll be possible to plug handsets into Google’s DayDream View VR headset to watch movies, play games, or roam VR worlds.
Improved LTE: LTE speeds will get a serious boost with new modem technologies. Smartphones like the Galaxy S7 and Apple’s iPhone 7 can download data over LTE networks at a maximum speed of 600Mbps (bits per second), and upload data at 150Mbps.
USB port upgrade: USB-C will replace the aging micro-USB 2.0 ports in Android handsets. USB-C is extremely versatile — beyond charging, it can be used to connect mobile devices to high-definition monitors, headphones, flash drives, and external storage devices.
More Wireless Audio (Bluetooth): This means the extra headache of buying and recharging wireless headsets, but getting rid of the headphone jack could result in thinner and lighter handsets with better battery life.
Quicker charging: Smartphones will charge much faster with USB-C cables, which can carry more power to a battery.
Smarter phones: Augmented reality smartphones can recognize objects, map out rooms, and present relevant information about objects in sight on a handset’s screen. Smartphones can already recognize images and speech recognition via online services, but deep-learning enhancements could bring those capabilities offline.
Faster Bluetooth: Bluetooth 5 wireless upgrade which will have two times the speed and four times the range of its predecessor
More Removable Storage – Currently, internal storage tops out at 256GB and SD storage at 512GB, but SanDisk this year showed a prototype 1TB SD card.
IT Infrastructure Policies and Procedures
One of the best ways to communicate and understand a company and its operating culture is through its policies. Designing and writing policy and communicating it effectively is an essential skill for professionals to have. By having policy carefully developed and communicated, employees will clearly know what the organization expects from them, the degree of control and independence they will have, and what the benefits and consequences are in regard to adhering to policy.
Mobile Computing Top 10 trends for CIOs Mobile computing should be the focus of CIOs Every organization needs to identify and develop mobile computing security policies to be deployed which will provide...