Job Market grim for Information Technology professionals

 Job Market grim for Information Technology professionals

Job Market grim for Information Technology professionals as it is leading the way to fewer prospects for new jobs being created.  Just last month there were eight (8) states with unemployment rates in excess of 6%.  That along with the loss of 27,700 jobs makes many wonder if we are facing a possibility of a new recession.

US job market grim
8 states have unemployment in excess of 6% and that is with 94 million individuals who have have dropped out of the labor market making the true unemployment number closer to 13% – depression era levels,
 Job Market grim for Information Technology professionals
IT job market grim – Janco may revise its forecast for the IT job market to shrink if this trend continues.

Job Market grim for Information Technology professionals as 2016 fall behind 2015 in creating new IT jobs

IT Job Market growth is 57,300 worse in 2016 than 2015 as of May
If the loss of jobs continues at this rate all of the recovery achieved in the IT job market over the past several quarters could be lost.
Order Salary SurveyDownload Selected PagesDownload Selected Pages

Top 10 Cloud SLA Best Practices identified by GAO

Top 10 Cloud SLA Best Practices identified by GAO

Cloud SLA Best Practices
Cloud SLA Best Practices

Top 10 Cloud SLA Best Practices are:

  1. Define SLA roles and responsibilities for the enterprise and cloud providers. These definitions should include,the persons responsible for oversight of the contract, audit, performance management, maintenance, and security.
  2. Define key terms. Include definitions for dates and performance. Define the performance measures of the cloud service, including who is responsible for measuring performance. These measures would include: the availability of the cloud service; the number of users that can access the cloud at any given time; and the response time for processing a customer transaction.
  3. Define specific identifiable metrics for performance by the cloud provider. Include who is responsible for measuring performance. Examples of such measures would include:
    SLA Best Practices
    SLA Best Practices
    • Level of service (e.g., service availability—duration the service is to be available to the enterprise).
    • Capacity and capability of cloud service (e.g., maximum number of users that can access the cloud at one time and ability of provider to expand services to more users).
    • Response time (e.g., how quickly cloud service provider systems process a transaction entered by the customer, response time for responding to service outages).
  4. Specify how and when the enterprise has access to its own data and networks. This includes how data and networks are to be managed and maintained throughout the duration of the SLA and transitioned back to the enterprise in case of exit/termination of service.
  5. Specify specific SLA infrastructure and requirements methodology:
    • How the cloud service provider will monitor performance and report results to the enterprise.
    • When and how the enterprise, via an audit, is to confirm performance of the cloud service provider.
  6. SLA DRP and Security for Cloud
    SLA DRP and Security for Cloud

    Provide for disaster recovery and continuity of operations planning and testing. Include how and when the cloud service provider is to report such failures and outages to the enterprise. In addition, how the provider will re-mediate such situations and mitigate the risks of such problems from recurring.

  7. Describe any applicable exception criteria when the cloud provider’s performance measures do not apply (e.g., during scheduled maintenance or updates).
  8. Specify metrics the cloud provider must meet in order to show it is meeting the enterprise’s security performance requirements for protecting data (e.g., clearly define who has access to the data and the protections in place to protect the enterprises’s data). Specify the security performance requirements that the service provider is to meet. This would include describing security performance metrics for protecting data, such as data reliability, data preservation, and data privacy. Clearly define the access rights of the cloud service provider and the enterprise as well as their respective responsibilities for securing the data, applications, and processes to meet all mandated requirements. Describe what would constitute a breach of security and how and when the service provider is to notify the enterprise when the requirements are not being met.
  9. Specify performance requirements and attributes defining how and when the cloud service provider is to notify the enterprise when security requirements are not being met (e.g., when there is a data breach).
  10. Specify a range of enforceable consequences, such as penalties, for non-compliance with SLA performance measures. Identify how such enforcement mechanisms would be imposed or exercised by the enterprise.

Technology Application Trends

Technology Application Trends

Technology Application Trends – 2010 – 2015 was the true start of the digital technology revolution that fundamentally altered the way we live, work, and relate to one another. In its scale, scope, and complexity, this transformation was unlike anything we have experienced before.

Everything was affected – politics, media, social interactions, commerce and technology itself.

Often described as the 4th Industrial Revolution, this period of digitalization continues to intensify characterized by a fusion of technologies which are blurring the lines between the physical and digital spheres for the 21st Century Enterprise. The 4th Industrial Revolution is causing widespread disruption in almost every industry across the globe, with enormous change in the skill sets required to master this new landscape. We have tailored this year’s program to explore the exponential speed of current breakthroughs (which has no historical precedent), with the breadth and depth of these changes unleashing entire new systems of production, management, governance, and Information Technology.

As digital business now moves into the next phase, autonomous and algorithmic investments will be required to improve operational efficiencies, drive down costs to run IT, and deliver the self-funded returns necessary for additional innovation and business value creation.

We do not yet know precisely how the 4th Industrial Revolution will unfold, but one thing is clear: our response to it must be comprehensive and integrated, involving all global IT ecosystem stakeholders at the intersection of the public and private sectors, and within academia and civil society.

2016 Internet and IT Position Description HandiGuide Released

IT Job Descriptions

There are now 273 IT Job Descriptions available that that have been updated to meet the latest compliance and new technology requirements. The HandiGuide can be acquired in MS WORD and / or PDF format.  In addition we provide the option to get updates and free custom job descriptions.

The job descriptions that we have added are:

Top 10 benefits Cloud ERP

Top 10 benefits cloud ERP

Traditional ERP projects increase costs, take a long time to implement, and require larger and more specialized IT professionals

Cloud Based ERP
Cloud Based ERP

Top 10 benefits Cloud ERP — With the emergence of a secure clouds, moving to a new ERP solution is not as high-risk an event as it once was. There are some critical benefits that make a cloud based ERP a solution that should be looked at:

  1. Vendor packages are available that create an architecture that is easily customized, modified and maintained.
  2. Metrics can be defined up front which can be the road map for communication of the benefits and costs of the ERP solution.
  3. The staffing requirements for scores of ERP specialists is significantly reduced and there is less risk that staff attrition could cause a delay in the implementation and deployment processes.
  4. A cloud based solution eliminates the need for most of the on-site data center resources and is more cost effective (typically at least 30% less expensive than on-premise)
  5. There is much less of a requirement to “re-invent” the wheel and much less of likelihood that the ERP efforts will go down a non-productive path.
  6. Development and and implement cycles are reduced. As a result deployment is quicker, value of the precised benefits are received more quickly, and the organization faces significantly less risk.
  7. With the cloud the ERP is more easily sized for both features and number of users supported and costs can be aligned with company’s ROI objectives.
  8. Business continuity objectives are more easily managed as part of the core design of the ERP.
  9. New technologies and equipment is more easily supported as a well managed vendor based solution provides the ability for the vendor to support new technologies and devices as they hit the market.
  10. Better security and operations than companies can otherwise afford (monitoring and meeting the SLA requirements for response time, continuous backups, redundancy, SSAE 16, PCI certifications, etc.).

Order ERP Job DescriptionsDisaster Plan Sample

Disaster Recovery Business Continuity with Security

Disaster Recovery Business Continuity with Security

Every company, regardless of size, needs a concise approach  disaster recovery business continuity with security in case of an emergency.

Order DRP BCP Security Download Selected Pages

Disaster Recovery Business Continuity with Security
Disaster Recovery Business Continuity with Security

Data is the lifeblood of every company, and often, it is a competitive advantage and the only thing that differentiates one enterprise from another. Who has the most loyal customers, the best service, and the most innovative strategies all boils down to information residing on the enterprise’s Information Technology and application systems. For this reason disaster recovery and business continuity are a definite need.  In addition, there are  security requirements that need to be met.  With mandated requirements like Sarbanes-Oxley, HIPAA, PCI-DSS, and ITIL, executive management is depending on you to have the right security policies and procedures in place.

Disaster Recovery Business Continuity with Security

Google has addressed this and describes it in a video that is has placed on youtube.

10 step security implementation process :

  • Make security an executive directive
  • Implement clear security guidelines
  • Provide specifics for security compliance
  • Enforce that everyone follows the rules
  • Provide formal training program
  • Communicate Security
  • Monitor security compliance
  • Establish security compliance metrics
  • Provide security compliance feedback
  • Audit security with a third party 

Security breach cost $3.8 million

Security breach cost averages $3.8 million

Security breach cost – Cybersecurity threats are on the rise. In 2015 the average cost of a data breach was $3.79 million, and that figure is expected to grow to close to $5 million by the end of this year.

Security RisksAreas of concern are:

  • Cloud Services – danger that they’re bypassing security protocols and systems in the process
  • Ransomware – Kits for this software are now readily availalbe. The attack encrypts important files, rendering data inaccessible until you pay the ransom.
  • Spear phishing – Phishing attacks are growing more sophisticated all the time, as official-looking messages and websites, or communications that apparently come from trusted sources, are employed to gain access to your systems.
  • Known vulnerabilities – Once these are published everyone is exposed
  • Internet of Things – As connectivity spreads into every corner of our lives and businesses, it becomes more and more challenging to maintain a clear view of entry points and data flow.

Order Security Manual Download Selected Pages

The top 10 drivers of security shortcomings include:

  1. Insufficient funding for security
  2. Lack of commitment by senior executive management
  3. Lack of leadership in the security arena by the CIO
  4. Belief that the organization will not be targeted
  5. Lack of internal resources who are “security” experts
  6. Lack of an effective IT security strategy
  7. Lack of an action plan on how to implement a solution before an event
  8. Infrastructure for IT that does not easily lend itself to security implementation including complex and disjointed applications and data
  9. No central focus with the enterprise that focuses on security
  10. Lack of a good termination policy for employees and contractors

Cost of business interruption

Cost of business interruption

Cost of business interruption – Calculating the impact and cost to an enterprise of a disruption of service is difficult.  It is a necessary planning step that needs to be re-visited on  an annual basis. Some of the factors need to be considered:

  • How will your clients, customers, and users react a disruption? Will they react in a way that will be more or less disruptive to the business and its operation?
  • Will the disruption have an impact on other activities? For example your sales force may still be able to make sales call but the distribution arm of the company may be at a standstill.
  • How will the event impact the overall reputation of the enterprise?  Will there be an adverse media or social networking publicity?
  • Once the event is over how quickly will you company be able to catch up and get back to business as normal?
  • During the outage and how much revenue will your company lose?
  • Will there be any contractual or legal penalties that will be imposed and how extensive will they be?
  • If the event impacts items that will need to be repaired or replaced, will the repair parts, maintenance staff, and replacement equipment be available?  At what cost?
  • If you activate other services, overtime, or incur other expenses what will the cost of that be?

To address those issues we have found that a speadsheet like the one below will help to summarize the information that you will collect and present.

Order DRP BCP Download Selected Pages

Unemployment rate grim for 13 states

Unemployment rate grim for 13 states

Unemployment rate is grim for 13 states.  Both Nevada and California have had the highest unemployment rates for over 24 months.  The numbers have improved in almost all of the states in the past 12 months save West Virginia.

When one looks at the detail, yes we seem to be better off now than a year ago but with the participation rate being the lowest it has been since 1977 the job market picture is not as rosey as the BLS is telling us.
Unemployment Picture August 2014 vs August 2015 States with Unemployment of 6% or greater

Granted that both Nevada and California look better it is not clear that the picture is improving.  Looking deeper into the number both states have a participation rate that is lower than the average and average compensation is significantly lower as high prices jobs have left both states,

On the bright side there now are 10 states that have an employment rate that meet the criteria for  being full employment states.

States that qualify as being full employment states

Order Salary Survey     Download Selected Pages

Lack of BYOD policy at State Department causes havoc in presidential campaign

Lack of BYOD policy at State Department causes havoc in presidential campaign

Lack of BYOD PolicyLack of BYOD policy and enforcement at the State Department have caused havoc in the presidential campaign. The secretary of state used her own personal Blackberry which was not secure. In addition it is not clear which versions of software were on her device and wither it was backed-up in accordance to mandated federal requirements for sensitive, confidential, and top secret information.

Bring Your Own Device Policy updated to to meet Disaster Recovery, Business Continuity and Corporate Intellectual Property Requirements

Download Selected Pages

With the advent of Bring-Your-Own-Device – BYOD and the ever increasing mandated requirements for record retention and security, CIOs are challenged to manage in a complex and changing environment.

IT Infrastructure Policies and Procedures

One of the best ways to communicate and understand a company and its operating culture is through its policies. Designing and writing policy and communicating it effectively is an essential skill for professionals to have. By having policy carefully developed and communicated, employees will clearly know what the organization expects from them, the degree of control and independence they will have, and what the benefits and consequences are in regard to adhering to policy.

Order Infrastructure PoliciesDownload Selected Pages

Cloud Disaster Plan lacking

Cloud Disaster Plan lacking

Cloud Disaster Plan lacking and is not enough to protect your data.  Google with all of its resources had data destroyed and lost due to 4 lighting strikes at one of it data centers.

Cloud Disaster Plan lacking
Cloud Disaster Plan lacking

While four successive strikes is rare, lightning does not need to repeatedly strike a building in exactly the same spot to cause additional damage.

A project manager for the lightning protection service of one major company, said lightning could strike power or telecommunications cables connected to a building at a distance and still cause disruptions.  The cabling  outside of a data center can be struck up to a mile away, bring the power surge back to the data center and cause extensive damage.

In an online statement, Google said, “… data on just 0.000001% of disk space was permanently affected.” Some people have permanently lost access to their files as a result of this event.

Disaster Recovery Security Cloud DRP Security Incident Communication Policy Security Audit Program
 Order Disaster Plan Template Disaster Plan Sample

Digital Disruption is a critical concern of executive management

Digital Disruption is a critical concern of executive management

Digital Disruption – The digital narrative is continuing to gain prominence in Boardrooms and there is a need to understand the impact of digital disruption.

Digital data now can and does disrupt the business model and changing business outcomes in most companies.

It has been predicted by industry experts that 70% of IT will be absorbed into business in the future. Talent is paramount for success in the digital world. The role of CIO is changing to become the strategy officer, chief technologist of the company, and preparing the company for infusion of technology in their products, processes and every sphere of business world.

Digital Disruption Life Cycle

Order DRP BCPSample DRP BCPDRP Customers

Digital data is accelerating advanced security initiatives for enterprises: The world of digital is ubiquitous and highly connected. The connectivity is increasing at an exponential pace. It is estimated that wearables will be 30 billion devices by 2020.

Security is a risk and also an opportunity to increase the pace of innovation. Focus on security brings peace of mind. With recent incidents in large enterprises, organizations have stepped up their pace of investing in security initiatives. Innovation is paramount and instead of playing a catch up game, it is time for enterprises to move ahead of the curve.

Employment picture is mixed

Employment picture is mixed in latest BLS data

Employment picture is mixed – The latest BLS data shows that there are 16 states that have unemployment rates that are over 6%.  In addition there are 11 other states were the unemployment rates have gone up in  the last 3 months.

Salary Survey Job Descriptions IT Job Families IT Hiring Kit Interview Guide

Order Salary Survey    Free Salary Survey

Employment Picture for IT Job Market – On a monthly basis – typically on the first Friday of the month – Janco publishes an analysis of the IT Job Market utilizing the BLS labor data and it proprietary data. See the latest press clipping go to Janco’s Press Clippings and

Employment Picture
Historic State Unemployment Rate

Disaster Recovery Backup Solution

Disaster Recovery Backup

Disaster Recovery Backup and Backup Retention Policy Template

CIOs and IT Managers need to consider mandated compliance requirements

Disaster Recovery Backup Solution – Just added Best Practices for Backup, Cloud Backup and Mobile Device Backup. IT organizations of all sizes contend with a growing data footprint with more data to manage, protect, and preserve for longer periods of time. Online primary storage, has focus a on fast low latency, reliable access to data while near-line secondary storage has a focus on low cost and high capacity.

Disaster Recovery BackupQuestion that need to be answered are:

  • Is our data safe in transit and at rest?
  • What prevents hackers from gaining access to our data?
  • Is our data properly handled, stored, and deleted?
  • Who can access our data?
  • What are the benchmark measurements?
  • Is our data backup strategy compliant?
  • Will our recovery be successful?



10 Step Disaster Plan Testing

10 Step Disaster Plan Testing

10 step Disaster Plan Testing

10 step Disaster Plan Testing – Almost every organization has a disaster recovery and business continuity plan on the shelf.  The question that every CIO needs to have answered is will the plan work?

To that end we have defined and documented a testing process that will ensure that a DR/BC plan will work when it is needed after a disaster or business interruption occurs.

The 10 steps are:

  1. Identify people who will participate in the test
  2. Identify the enterprise operations that will be tested
  3. Train people before the test
  4. Establish test objectives
  5. Select test type
    1. A walk through
    2. A desktop
    3. A timed desktop
    4. Live or real time
  6. Document the test plan
  7. Manage pretest administration
  8. Conduct the test
  9. Do a post-test review of successes and failure – implement changes the test
  10. Schedule the next test

Each of these steps is discussed in detail in the Disaster Recovery Business Continuity Template.

 Order Disaster Plan TemplateDisaster Plan Sample

Disaster Recovery Business Continuity Plan Template

The Disaster Recovery Business Continuity template has been purchase by over 2,500 enterprise world wide in both the public and private sectors. To see the distribution of our customer base click here.

Disaster Recovery Security Cloud DRP Security Incident Communication Policy Security Audit Program
 Order Disaster Plan TemplateDisaster Plan SampleDR BC History

Top 10 Best Practices to meet IT governance and compliance requirements

Top 10 Best Practices to meet IT governance and compliance requirements

Top 10 best practices to meet governance and compliance requirements are a baseline tat “World Class” CIOs and enterprises all follow.

  1. Understand all existing and proposed regulation and compliance requirement.  This includes industry, state, local, federal and international regulations and mandates
  2. Have clear definition of duties (job descriptions) that meet all infrastructure, security and compliance requirements. These should be well documented and distributed throughout the enterprise.
  3. Continually assess the internal controls of IT that are in place. This requires interaction with both internal and external auditors.
  4. Establish a baseline of IT internal controls – include a definition of baseline policies and procedures that need to be in place in IT function.  Infrastructure policies and procedures must be constantly reviewed and updated.
  5.  Audit compliance to baseline of IT internal controls and governance requirements. All levels of management need to be involved.
  6.  Track access to all “protected” and confidential data. This has to be real time and responsive as the exposure the enterprise faces continues to increase over time.
  7.  Preserve audit data in secure long term storage.  After the fact reviews can not take place unless this occurs.
  8.  Establish and enforce separation of duties and management accountability are key.
  9.  Implement metrics that support the alignment of IT with enterprise requirements. To measure is to modify behavior.  The right metrics need to be in place.
  10.  Implement a function which focuses on implications of new technology on infrastructure and governance of IT.

One of the best ways to communicate and understand a company and its operating culture is through its policies. Designing and writing policy and communicating it effectively is an essential skill for professionals to have. By having policy carefully developed and communicated, employees will clearly know what the organization expects from them, the degree of control and independence they will have, and what the benefits and consequences are in regard to adhering to policy.

  • CIO IT Infrastructure Policy Bundle (more info…) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable
    • Backup and Backup Retention Policy (more info…)
    • Blog and Personal Web Site Policy (more info…) Includes electronic Blog Compliance Agreement Form
    • BYOD Policy Template (more info…) Includes electronic BYOD Access and Use Agreement Form
    • Google Glass Policy Template (more info…) Includes electronic Google Glass Access and Use Agreement Form
    • Incident Communication Plan Policy (more info…) Updated to include social networks as a communication path
    • Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy (more info…) Includes 5 electronic forms to aid in the quick deployment of this policy
    • Mobile Device Access and Use Policy (more info…)
    • Patch Management Policy (more info…)
    • Outsourcing and Cloud Based File Sharing Policy (more info…)
    • Physical and Virtual Security Policy (more info…)
    • Record Management, Retention, and Destruction Policy (more info…)
    • Sensitive Information Policy (more info…) HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form
    • Service Level Agreement (SLA) Policy Template with Metrics (more info…)
    • Social Networking Policy (more info…) Includes electronic form
    • Telecommuting Policy (more info…) Includes 3 electronic forms to help to effectively manage work at home staff
    • Text Messaging Sensitive and Confidential Information (more Info…)
    • Travel and Off-Site Meeting Policy (more info…)
    • IT Infrastructure Electronic Forms (more info…)

IT Infrastructure PoliciesInfrastructure Policy Sample