It is Time to End the Debate and Move Forward with Solutions


One of the bright spots in an economy persistently checked by uncertainty is the prediction that technology companies are looking to hire more employees over the next year. But as with all good news about the current state of the economy, the good news is accompanied with a qualifier. While 63 percent of large technology companies intend to hire new technical professionals over the next twelve months, they worry that there will not be enough qualified candidates to fill the vacancies. The survey, conducted by the trade group Technology Councils of North America, also indicates that 70 percent of small to mid-sized tech companies are looking to expand their tech staffs as well.

A debate over the shortage being real or myth has been going on for years. While hiring organizations see an IT talent shortage, third-party recruiters say that hiring managers have to get more creative and realistic about candidate job requirements, and job seekers complain that the whole candidate evaluation process is “screwed-up”. Whether it’s a talent shortage or a messed-up hiring process the issue is causing delayed IT projects, poor quality, reduced competitiveness and productivity and missed opportunities for growth in the technology sector. The very sector economist identify as the most likely sector to put the “robust” back into describing the economy.

Discussions over solutions to the problem include employer pay, benefits, and performance expectations. Some talk of increasing efforts to further education in science, technology, engineering and math (STEM) and others even advocate reforms to the immigration system to bring in more skilled foreign workers. Listening to all sides of the debate it is clear that the solution doesn’t lie with how many IT job applicants there are in the talent pool, or about the IT hiring process, but rather with all of the above. And regardless of what it is called, the problem is real; likely to be with us for years to come; and will require both short term and long term solutions.

According to Manpower Group 2014 Talent Shortage Survey Key Findings, nearly half of IT employers have begun addressing talent shortages through increased training for existing staff and implementing non-traditional recruitment practices. One in four employers is exploring new talent sources according to the study and others are implementing alternative work models to focus on improving their talent pipeline.

But effective, long term solutions will demand all stakeholders to collectively coordinate and facilitate efforts to revamp secondary, collegiate and technical education programs that produce students who have the specialized skills that are required of a career in a dynamic and ever expanding industry. It is time to end the debate and move forward on identifying and implementing real solutions.

Image courtesy of Stuart Miles at

Compressing the Detection Process


Perhaps the most alarming subtitle to the prolific headlines touting the latest breaches of cybersecurity is the fact that the discovery of the intrusions took many months to be revealed. The latest release of Mandiant M-Trends report indicates that on average, breaches of security take 229 days to be discovered.  The recent broad attack on JPMorgan Chase, which compromised information for 76 million households and seven million small businesses, took the bank’s security team more than two months to detect before it was stopped. Imagine being the president of the bank and learning that your vault was broken into and pilfered only after a depositor presented a valuable family heirloom, just purchased at the local pawn shop, which they thought was securely locked away in the banks vault. A far-fetched scenario? Not really, especially when two thirds of all cybersecurity breaches are discovered by an outside third party.

The reality is that most organizations today are slow to detect breaches and most organizations are sadly misinformed when it comes to how long it really takes for intrusions to be discovered. The lack of awareness allows unlawful intruders the time to roam around inside an organizations system, seeking out the best information to pilfer and planting seeds of opportunity for later harvesting. Detecting a breach sooner rather later can be crucial to how much damage is inflicted upon the organizations financial health. “The longer it takes to respond, the more firmly rooted the attacker will become, and more difficult and costly it will be to find and remove all of their implants,” says James Phillippe, leader of threat and vulnerability services for the U.S. at Ernst & Young.

The issue of untimely discovery can be compounded because of the sheer number of attacks occurring every day and the increasing number of ways intruders can attempt to access a system. Implanted detection software, designed to warn security professional of an unlawful intrusion, often produces an overwhelming amount of data which needs to be evaluated and verified by security professionals. Companies looking to improve detection and response times must refocus their efforts on improving their data analytics capabilities, and provide appropriate numbers of resources necessary to respond properly to legitimate threats.

Breaches, even in organizations with an effective defensive security strategy in place, will occur. Investing as much effort on breach detection as breach prevention is essential to improving discovery. “We know that breaches are going to happen,” says Mike McCann, a consultant at Signum Security, “What can we do to mitigate response times and mitigate the impact?” Deploying predictive analytic tools will help manage the volume of data and speed-up the detection and response to a cyber-attack.

Image courtesy of Stuart Miles at

The Changing Dynamics of Application Performance Management


In an era when companies are connecting with consumers through digital media and technology with greater frequency, maintaining high levels of customer service has never been more important for those companies that are experiencing significant increases in customer encounters through websites and social media connections. The day when a website was nothing more than electronic yellow pages advertisement has long past. In an effort meet their customer elevated expectations today’s websites have become far more complex and interconnected within the cyber-world.

Managing website performance is vastly more complex than it was in the early days of the web, primarily due to the introduction of mobile applications and multiple third party services. “Most web pages and mobile apps these days are composed of multiple services – anywhere from dozens to hundreds,” explains Jyoti Bansal, Founder and CEO of Dynatrace. “All of the moving parts may be working all right by themselves but there may be issues with how they interact with each other.” In a highly competitive digital marketplace, consumers are exorcising their power of influence to raise the bar when it comes to website speed, functionality and user simplicity. Application performance management (APM) is now all about the customer’s experience and no longer just the focus of the company’s team of IT professionals.

APM is a discipline within systems management that focuses on monitoring the performance of software applications and strives to detect and diagnose application performance problems in an effort to maintain an expected level of service. As the digital world becomes a more predominate vehicle where companies attract and interact with their customers, the APM industry is experiencing a rebirth and is challenged not only by systems complexities but with bringing digital professionals and IT personnel together.

Consumer expectations of website performance have never been higher. Users of traditional digital, and now mobile, are commanding faster and greater interactive levels of performance making effective APM more critical to a company’s bottom line. Today’s digital enterprises have only seconds to gain a customer’s loyalty and to keep them from moving on to a competitor.

However, the rapidly changing dynamics of APM is leading many business leaders to question its value, leading to delays in the deployment of the technology. The complexity in implementing and running APM tools, along with high upfront costs, are a concern to organizations leaders resulting in many of them to seek a more integrated approach to initiating APM. “As the approach towards model-driven, user-based app development becomes mainstream, APM will evolve into a priority for companies striving to meet high customer expectations,” said Frost & Sullivan Information and Communication Technologies Research Analyst Vu Anh Tien.

Solving the problems caused by the increased complexity of distributed applications operating in new environments like the cloud and mobile, will be challenging issues to for providers of APM going forward. An effective strategy will reduce the impact of poor application performance on business operations and create better IT convergence on business objectives focused squarely on an improved end-user experience.

Image courtesy of ddpavumba at

Jobs Report May Indicate it is Time to get back to Work


Private sector employers have been steadily adding jobs for four years, and hiring has rebounded from a slowdown in late 2013 through the first quarter of earlier this year, but the report comes at a time when the labor force participation rate is at the lowest rate in 36 years. Average hourly earnings fell last month but the workweek increased to 34.6 hours prompting many workers to question when the reported recover will have a positive effect on their lives.

While the numbers are moving upward in the right direction, the feeling of uncertainty continues to temper any overt celebrations of optimism.  In their annual forecast, Indiana University Kelley School of Business economists were more optimistic than they have been in recent years, suggesting that 2015 could be the best year of economic recovery since the Great Recession. Bill Witte, associate professor emeritus of economics at IU said, “this favorable outcome is far from a sure bet; the level of uncertainty in the current environment is high.”

But a new report from Michigan State University is projecting some good news next year for all those college graduates still living at Mom and Dad’s house. Hiring for college graduates in 2015 is expected to jump by 16% and the numbers could go even higher according to Phil Gardner, director of Michigan State’s College Employment Research Institute (CERI), which conducted the survey. Last year the overall hiring increase for new grads was just 7%.

Hiring among telecommunications companies, motion pictures, broadcasting and publishing, will jump by 51% over last year with the second-fastest-growing category being Finance & Insurance. The “Professional, Business & Scientific Services” sector which includes jobs in management consulting, accounting, law, engineering services and computer design and services will round out those likely to be at the top of the hiring list.

IT hiring is expected to continue their upward trend next year, mostly in jobs associated with cybersecurity, cloud computing, business analytics, application development, wireless and mobile technology.  Starting salaries are expected to increase over 5% from 2014 numbers.

Whether the current trend in employment and economic optimism comes to fruition will depend on some stubborn uncertainties and world economic factors, but most will agree that they are tired of patiently waiting for meaningful and sustained jobs recovery. It is time to get back to work!

Are we prepared for a Cyber-attack of Nuclear Proportions?


A new study from the Pew Internet and American Life Project is revealing that more than 60 percent of the experts in technology and other related fields expect a major cyber-attack that will cause “widespread harm to a nation’s security and capacity to defend itself and its people, ” by the year 2025. Perhaps the best question coming out of the survey results isn’t whether or not such an attack is likely to occur, but who really thinks that it is going to be that long?  The recent persistent and rampant uptick in the number of cyber-attacks, and their exponential volume of pilfered data, begs reasonable minds to question to why anyone thinks it is going to be 10 years before practice makes it perfect and an adversary unleashes a major calamity.

J.J. Thompson, CEO and managing director of Rook Security says, “We are moving toward a connected world through not only the Internet of things, but through critical infrastructure. In the absence of adequate security controls, the results can be catastrophic.”  While the Pew Research Survey raises some genuine concerns, there has been significant progress in the threat detection and threat intelligence sharing spaces that has better readied us to mount a serious defense and minimize the damage such a major attack would cause. But mounting an effective coordinated defense will require increased collaboration and vigilance from both government and the private sector.

Admiral Michael S. Rogers, chief of the U.S. Cyber Command and director of the National Security Agency believes, “as companies, governments and individuals continue to fear and deal with theft of their property by cyber-criminals, we have got to find a framework that we can use to bridge all the different players and bring them all together into one integrated team.” Forming an army of security professionals, sufficient in size and expertise, to successfully defend a major threat to info structure and the world’s information systems may be the most pressing and formidable challenge.

The reported shortage of cybersecurity professionals, both in the private and government sector, is a major concern for those responsible for security. A recent increase of government hiring of IT security professionals has compounded the problem. Cisco estimates that the shortfall in qualified candidates will exceed 1 million workers worldwide.  More than half of private firms say the lack of skilled professionals is a major reason for their inability to properly secure their data systems.

It would be easy to dismiss this heightened level of concern as just an over-reaction to a flurry of data system intrusions, but with the catastrophic impact a major cyber-event would have on today’s technology dependent societies all over the world, over preparation seems prudent and collective complacency foolish.

Admiral Rogers encourages us to ponder, “What if we had an Ebola-like challenge in the Internet? Not something actually infectious, but what if we had something equivalent to that in digital form, that could replicate on a global scale, with the potential ability to impact our information flow? That’s pretty amazing to me, but we’ve got to think about it.”

Image courtesy of digitalart at

Cyber-Breached Consumers May Be Short On Forgiveness


According to a study released this week by, more than 45 percent of the consumers surveyed indicated that they would either “definitely” or “probably” not shop at a retailer who mishandled their private information.  The price tag to Target so far has topped $148 million since the breach was announced last year, this new survey may suggests additional costs due to lost revenues going forward may increase the overall pain level for the giant retailer. It remains to be seen if consumers can be induced into a state of amnesia with creative marketing ploys and big discounts.

Financial institutions may be taking a lesson from retailer’s “How Not To” manual of experience.  A record 84 percent of financial institutions responding  to a survey by Depository Trust & Clearing Corporation (DTCC), listed cyber-risk as one of their top five concerns, an increase of 25 points since the last survey. It would be hard to imagine the negative financial impact on a Target or a J. P. Morgan if they were to experience another breach.

The increased volume of breaches and cybersecurity attacks this year, and the vast amounts of negative press that has followed each event, has Americans more afraid of becoming the victim of identity theft or other online crimes than they are of being shot, according to a new academic study. Chapman University in California released the results of its inaugural Chapman Survey on American Fears this week and although it found that people most fear walking alone at night, the next two most popular answers were “becoming the victim of identity theft” and “safety on the internet.”

With consumers so keenly focused on the potential miss handling of their personal financial information, retailers and bankers alike will need to be acutely and actively involved in efforts to avoid another major breach this holiday shopping season. “With major breaches being reported regularly now, it is critical for businesses of all sizes to make protection of their IT infrastructure their top priority, especially given the damages that arise from each successful targeted attack,” says Chris Doggett, managing director at Kaspersky Lab North America.

Image courtesy of hyena reality at

Looking to the Millennials for Careers in Cyber-security

cybersecurity image

There is little argument that a severe shortage of information security professionals is the leading concern for employers looking to secure their data systems. In this “breach-a-day era”, where a new major cyber-security incursion is revealed nearly every day, it is impossible to deny the shortage of cyber-security professionals and the impact it is having on the effort to respond to the hacking war. And industry experts say it’s only likely to get worse.

At this year’s Black Hat USA 2014 conference the topic took center stage, and more often than not, the conference floor as well as more than one security firm openly sought resumes from anyone and everyone. The International Information Systems Security Certification Consortium has calculated that more than 300,000 cyber-security professionals are needed to maintain and manage business systems.

Just this week, the director of the National Security Agency announced that an additional 1,000 cyber-security professionals will be hired by his agency over the next three years to work on Department of Defense cyber-security initiatives. Demand for cyber-security professionals is growing 3.5 times faster than the overall IT job market and 12 times faster than the total labor market.

Industry leaders are looking to the next generation to fill the open positions but while Millennials, those who are aged 18 to 26, don’t understand the importance of system security as a profession. Among the age segment,  60 percent were unaware of the cybersecurity profession and what the job involves, making them less likely to pursue a career in the field. “There’s an information gap,” Michael Kaiser, executive director of the National Cyber Security Alliance (NCSA), has said.

Almost two-thirds of the respondents in a recent survey indicated that high school computer classes did not provide the skills needed to pursue a career in cybersecurity or a related degree in college. According to Jeff Jacoby, program engineering director of cybersecurity at Raytheon, “We have to develop programs and we have to develop curriculum and we have to have a mature conversation around career opportunities.”

The answer to filling most of the security jobs may not be found in advanced college degrees in cyber-security but rather with individuals, often called “computer geeks, who demonstrate a unique skill-set and experience with data systems and their inner-workings. Being a certified “Computer Geek” may just trump a Master’s Degree in Computer Science at a time when responding to a crisis and getting a solution implemented is more important than analysis.

Filling the demand in the future will require the union of efforts of secondary schools, technical educators, colleges and industry leaders. The vast majority of Millennials, 87 percent, are reported to believe they have a personal responsibility for keeping themselves safe online. We just have to convince many more of them to consider a career that will keep the rest of us cyber-safe as well.

Cost of Cyber-Crime Surging in a World Economy



Cyber Access Security

According to new research from the Ponemon Institute, the annual cost of cybercrime to U.S. organizations has topped 12.7 million, an increase of 96% in the past five years. The average cost to resolve a single company attack exceeds $1.6 million with a single incursion costing as much as $61 million. The average time to resolve a cyber-attack climbed to 45 days, up from 32 days in 2013.

The highest annual cost per organization was reported in the energy and utilities and defense industries, but major breeches involving the retail industry have more than doubled since 2009. More than 55% of all cybercrime costs per organization were caused by denial of services, malicious insiders and malicious code. The time it takes to detect and resolve a cyber-attack has increased by 33% or 170 days and once detected the average time to resolve a cyber-attack is about 45 days.

It is not just organizations in the United States that are bearing the increase in costs; the global costs associated with cybercrime could be even more staggering. A recent report, “Estimating the Global Cost of Cybercrime”, by McAfee reveals that the world economic impact of cyber insecurity could top $575 billion a year. The report warns that as more businesses and consumers move online and more devices connect to the internet of things, cybercrime will continue to grow. Intellectual property (IP) theft will also increase as those countries which acquire it become more adept at building a competitive advantage.

IP theft, performed almost exclusively by insiders, will costs U.S. businesses more than $250 billion a year. Business information such as billing records, price lists, source codes, proprietary software, customer information and proprietary data leads the list of favored, ill-gotten bounty. The majority of IP theft is committed by company engineers, scientists, managers, or programmers usually within 30 days of leaving an existing employer for greener pastures. The majority of inside criminals use a network email, a remote network access channel, or network file transfer to remove the stolen data. “Most organizations are aware of the security threats posed by outsiders, but the malicious insider within their own ranks may pose an even greater risk,” said Francis deSouza, group president, Enterprise Products and Services, Symantec Corp.

Tony Caine, vice president and general manager for enterprise security at EMEA, said in a recent article in Infosecurity, “An infrastructure is only as secure as its weakest link and in many cases this is caused by human error and, no matter the complexity of the defenses in place, basic security procedure still needs to be carried out – secure passwords and increased workforce awareness.”

What steps is your business taking to protect against IP theft?

Image courtesy

Exercise Caution When Burning Bridges on Camera

Leaving image


It is no secret that leaving a job can be very stressful, which may be one reason so many employees today are managing to mess-up the process. Breaking up is full of emotions and left unchecked can often lead to memorable moments of poor manners, inappropriate personal conduct or career damaging behavior. Even with the current tight job market, some disgruntled employees are losing their senses when demonstrating their lack of ability and foresight to politely call it quits with a current employer.

Recently a TV news reporter for an Alaska television station quit her job with a very public and memorable sign-off.  After finishing a segment on a pro-pot organization dedicated to promoting legislation to legalize marijuana, the reporter boldly announced that she was resigning her reporter job immediately to focus on supporting the organizations efforts. The resignation, complete with expletives left no mindful doubt, either for the employer or the thousands of viewers who found themselves sharing the experience, about the employees intent.  Either the she felt like she would never again need a job or she was clearly sampling too much of the subject matter detailed in her report.

While it is tempting for an employee to blame an employer for an unhappy relationship, incompatibility is most often a shared responsibility of both sides to the equation and the hurt, disappointment and negative emotions can be felt on both sides of the employee/employer relationship. Not long ago leaving a company was thought to be the ultimate criticism of an employer and was considered a sign of disloyalty. Remarriage was usually out of the question.

But a study titled, “Gone Today but here Tomorrow: Extending the Unfolding Model of Turnover to Consider Boomerang Employees”, was recently published in Personal Psychology and indicates that “boomerang” employees, or workers who return to a company after leaving voluntarily, can make-up about 10 to 20 per cent of an organization’s new hires. Rehiring former employees can offer substantial cost benefits for employers and potential career advantages for the returning employee.

The study found that repeat workers tend to be more familiar with company policies, procedures and culture and often show a higher level of loyalty upon their return engagement. Some estimates indicate that a typical Fortune 500 company will save $12 million annual by hiring former employees and some returning workers have learned just how beneficial their once former employers were to their career interest. The experience an employee received from working for someone else usually results in a fresh perspective and new insights for both the employee and the company.

The process of leaving a current employer should be respectful, to the employer and the soon to be former colleagues, and sufficiently polite to garner a future invitation to return. Making an exit should not exclude the possibility that someday you may look favorably on an opportunity to return.

And remember, if demonstrating your technique for burning a bridge on camera, a video will capture a failing career performance that can last forever.

Photo courtesy of

Does Failing to Secure Customers Data Constitute Criminal Negligence?


The vendor supplying point of sale systems to hundreds of restaurants has announced that it is the most recent victim of data stealing malware. Jimmy John’s chain of gourmet sandwich restaurants recently announced that they experienced a breach of customer credit card numbers, addresses and verification codes at 216 of their outlets located in 40 states. Signature Systems Inc. (SSI) is the vendor providing POS Systems for Jimmy John’s Restaurants and has stepped forward to say that, along with the Jimmy John’s locations, an additional 108 different restaurants have been compromised as well. Those stores impacted include local pizza restaurants, bakeries and bagel shops located in 18 states. The disclosure is the latest since the U.S. Secret Service recently announced that more than 1,000 small businesses could be affected by Backoff, a POS malware designed to capture customer credit card and personal information at the point of purchase.

This newest attack comes shortly after the release of a new study conducted by HyTrust which indicates that consumers are becoming increasingly frustrated and angered about the persistent violations of their personal information. The study revealed that more than half of the respondents indicated that they would take their business elsewhere after their information was breached and nearly as many felt that the company directors and management should be held criminally negligent for the breach of trust. The response should send chills through board rooms and executive suites throughout companies across America. Consumers are convinced that corporate management is not doing enough to stop the unwanted intrusions and loss of personal data.

Among all the different types of data being stolen, consumers reserve their biggest concern is for the loss of their social security number. While the loss of credit card numbers, emails and addresses can cause inconvenience and mayhem for consumers and companies alike, the social security numbers can lead to an individual losing their very identity.  Eric Chiu, president and co-founder of HyTrust, recently told eWEEK that, “This is the ultimate threat to consumers because it can ruin their finances and have serious, long-term impacts on their lives.”

Cybersecurity experts have been warning companies for some time now that the responsibility for securing their data systems needs to move up the management scale of and even into the board rooms. While large scale breaches are having a crippling effect on profits and operating costs for those who have fallen victim to a major breach in security, adding criminal liability to the experience would tend to have a compounding effect on company managers and officers who fail to heed the warning to beef-up their security efforts.