27 February 2014

Top 5 IT certifications to improve your career in the Government sector

The following are some qualifications that are relevant to the Government IT sector. Holding at least one of these will raise your standing before hiring managers. The ones you go for depend upon your skills and career aspirations.

These qualifications are suitable for people who want to understand how to use Microsoft software in a more professional manner, how to use computers and networks to an industry-standard level and how to manage projects.  I suggest that everyone should try to gain the first one shown in this list because ITIL is becoming the standard for IT service management and deployment of hardware and software in large organisations such as government.

ITIL (version 3) Foundation Certificate in IT Service Management

ITIL is a best-practice framework for IT Service Management that is being adopted by IT departments around the world, after being developed by the UK government. There are four levels of ITIL certification. The Foundation certificate is the entry level certification. It shows general knowledge of the key parts of ITIL v3. ITIL lays out guidelines and practises for the best utilisation of IT services within an organisation. Understanding these principles will help you know how IT services ought to be managed.

ITIL certifications are most beneficial to managers and team leaders, although junior staff will also benefit from knowledge about using ITIL standards.

MCITP – Microsoft Certified IT Professional

Microsoft Certified IT Professional certification enables IT professionals to demonstrate their skills and knowledge of planning, supporting, and maintaining IT infrastructure based on Microsoft technologies. There are various categories of MCITP qualification, each related to a particular area of expertise, such as Office 365, Microsoft Server 2012 or Microsoft Sharepoint.

Gaining a Microsoft professional certification will show that you strongly desire to help your colleagues and users to be more effective in their use of Microsoft software and it will help your own performance too. You will become more proficient in using their products.

CompTIA Security+

Network security is an important part of IT. The CompTIA Security+ certification is an international, vendor-neutral certification that demonstrates the holder is competent in network infrastructure, system security, access control and organizational security.  These are all worthwhile goals when working for a government department.

Although not a requirement, it is recommended that you have at least two years of technical networking experience, with an emphasis on security, before attempting this qualification.

CCNA – Cisco Certified Network Associate

CCNA is more advanced than the CompTIA Security+ certification. CCNA has become the standard for network and IT professionals who work in network-related areas. Cisco Certified Network Associate certification reveals your ability to install, operate, and troubleshoot routed and switched networks for small companies or the branch offices of larger ones, using Cisco-branded hardware.

It is recommended that people who sit the exam have 1-3 years prior networking experience with Cisco hardware, and maybe already have the lower-level qualification CCENT.

PMP – Project Management Professional

Since so much of what IT does today is project-related, a Project Management Professional certification from the Project Management Institute is a valuable certification for project managers. The PMP certification shows you have proved you have the knowledge and skills for leading and directing project teams and in delivering project results within your constraints of schedule, budget and resources.

Conclusion

Becoming certified in the IT industry shows that you are reaching out for more skills and it validates your past experience and knowledge.  Government departments may well pay staff more if they are recruited with an existing certificate or they obtain one while working for them. So becoming certified has many benefits.



Why Understanding Vulnerability Management is Important

Wikipedia describes vulnerability management as "the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities, especially in software and firmware". Vulnerability management is an integral part of computer and network security. If you are responsible for managing company servers and/or networks, it is vital for you to understand about, and implement, vulnerability management.

Where can vulnerability attacks come from?
  • From outside the network
  • From inside the network, perhaps via a VPN (virtual private network)
  • From outside over the telephone, using such tricks as social engineering
  • From an insider on the local network
  • From an insider on the local system
  • From malware
What might management fear from network vulnerability? These are a few examples:

  •  A web server compromise can expose the organization to widespread ridicule.
  • A server compromise might allow private customer data to be stolen, which could lead to claims for compensation, especially if it involves credit card details.
  • An insider who is angry might do something mischievous, like launch a logic bomb to destroy data.
  • An insider who feels aggrieved sells company trade secrets.
  • Employees might be deceived by social engineering tricks, which might leak sensitive data to the press.
  • A hacker who penetrates systems might find evidence of wrongdoing that can then be used to blackmail the company.


What should you know about vulnerability management?

  • Vulnerabilities are gateways through which threats become manifest.
  • Scanning for vulnerabilities without remediating them has little value.
  • A little scanning and remediation is better than a lot of scanning and less remediation.
  • Vulnerabilities that need fixing have to be prioritised based on those that pose the most immediate risk to the network.
  • Security experts need processes to allow them to stay focused on vulnerabilities so that fixes can become more frequent and effective.
All an attacker needs is a toe-hold. If there is a single vulnerability left unfixed and it can be reached from outside the organization AND it is compromised, then the vulnerability can be used as a springboard to attack other systems on the network. If a data breach occurs and it is traced back to a flaw the company was aware of but hadn't fixed, the consequences can be serious.  Think of the “damages” phase of a court case!

So the regular pattern of vulnerability management should be to: scan the network and identify vulnerabilities; prioritise those that are found; identify fixes; and, apply the fixes.

The starting point for managing computer vulnerabilities is an asset register. What hardware AND software does the company own? What versions are they? Where is it? There are many software packages that can be obtained to automate this process, normally by searching the company network for attached systems and devices, discovering disk drives and auditing them for installed software. Don’t forget to include backup or spare systems that may not be switched on all the time – they have to be audited too in case they contain risks from unpatched old software.

Depending upon the types of threats that an organisation might expect, it might be necessary to implement a networking monitoring system to check network traffic continuously for unusual activity. For example, if a little-used server suddenly receives many data transfer requests, this might be suspicious.  Some companies set up traps by loading a server with interesting – but fake – data with the aim of sidetracking hackers away from the real data they are after.

Vulnerability management should be high on the agenda of essential IT processes for most businesses. It is important, vital, for business management to understand it and how it can protect the company.

06 February 2014

Crowd-funding: a story of success and failure

This is a story of two multi-million dollar projects and two crowd-sourcing websites, Kickstarter and Indiegogo.  The fact that one was successful and one wasn’t, despite the amount of money pledged, gives an interesting slant to the word “failure”.

Pebble

The Pebble is a smartwatch created by Pebble Technology and launched in 2013 after a successful funding project on Kickstarter. Pebble Technology was originally called Inpulse and had some success with early smartwatches. But they wanted to achieve something greater.  Enter the Pebble…

The company started a funding project on Kickstarter in April 2012. The initial aim was to raise $100,000 to kick off production of the new Pebble watch.  Within two hours of going live, the project had met the $100,000 goal, and within just six days, the project became the most funded project in the history of Kickstarter, raising $4.7 million. There were still another 30 days to go in the campaign.

When the funding project closed on May 18, 2012, Pebble became the biggest crowd-funded project to date with $10,266,844 pledged by 68,928 people.

This project showed Pebble Technology that there was a huge demand for their new smartwatch. As a result, some time was spent revising the design based on customer feedback, and revisions to their plans for the manufacturing process. Pebble went into mass production in January 2013 with output of 15,000 watches per week. At the time of writing, sales have exceeded 300,000 units.  The Pebble is on sale at Best Buy and Amazon, as well as at getpebble.com.

Ubuntu Edge

The Ubuntu Edge was the design of a state-of-the-art smartphone announced by Canonical on 22 July 2013. The Edge was to run a mobile version of the Ubuntu operating system in a device with the power to run the full Ubuntu desktop when connected to an external keyboard and monitor. Its design was meant to stretch to the limits the capabilities of hand-sized devices.  Edge would have been powered by a super-fast multi-core processor and 4GB of RAM. Internal storage would have been 128GB. These figures have never been used in the context of a mobile phone before.

Canonical sought to crowd-fund the production of 40,000 units via the Indiegogo crowd-sourcing website. The aim was to raise $32,000,000 within a month, which is the biggest target of any crowd-funded project so far. The Edge was not intended to go into mass production after this initial run but to serve as a demonstrator of what can be achieved. The project fell short of its funding goal, with pledges reaching “only” $12,809,906 from nearly 20,000 people and businesses.

The fact that so many people pledged so much for the Edge caused some in the mobile phone industry to sit up and pay more attention to Ubuntu than ever before. Canonical has since started detailed negotiations with several phone manufacturers about developing one or more devices that will ship with the Ubuntu Touch operating system. There may still be success despite their initial failure.