10 ways Apple really has changed the (tech) world

Apple is both a creator of and a beacon for the technology future we now live in

10 ways Apple really has changed the (tech) world
From the beginning, Apple liked to proclaim how it was inventing the future with products that would change the world. That visionary impulse often comes across as stubbornness, with Apple ignoring what the pundits say — and it often comes across as overwrought, when Apple puts on its “it’s all amazing and revolutionary” dog-and-pony shows. Even when co-founder Steve Jobs wasn’t at Apple, that attitude has prevailed.

Yet no tech company in the past 35 years has done as much user-facing innovation as Apple. Never mind that most people don’t use Macs or iPads. Even when it doesn’t win the market, Apple defines the market time and again.

Here are the 10 most significant products Apple has created, ones that really have changed the world.

Macintosh: Defining the computer for the rest of us
Steve Jobs didn’t create the Mac, but he did create the mythos around it and recognized that it heralded a new, better way to use computers. Ironically, the horribly expensive Mac became the emblem of computing for the masses, a human device for real people who had seen computers as unfathomable tools used only by engineers and scientists.

Microsoft took the core principles of the Mac’s graphical, direct-manipulation interface, itself inspired by work at Xerox PARC, and brought them to Windows, delivering the promise of the Mac to the masses for real. Today, the approach pioneered by the Mac is simply how computers work.

OS X: No operating system does it better
At the core of the Mac today is OS X, Apple’s Unix-based operating system that remains the leader in intuitiveness and ease of use, yet offers sophisticated capabilities from data detectors to malware detection that actually work. The tight integration and intentionality of the OS and Apple’s bundled apps create a superior experience, even if many users don’t use much of what they could.

We forget that OS X was not the original Mac OS. In its 15 years of existence, OS X has pulled off the neat trick of evolving significantly while working as you’d expect. Each version arrives fresh and familiar. Microsoft certainly hasn’t had that happy result in its Windows versions over that same period, with two wins and two flops.

iPod: The music world, reinvented
After Steve Jobs’ 12-year journey in the wilderness of Next and Pixar, he returned to a near-dead Apple — and came up with the iPod. MP3 players already existed, but none really mattered. Portable CD players and the industry’s portability granddaddy, the Sony Walkman, still ruled.

In 2001, the iPod changed all that, thanks to a better user experience. It also changed the music industry: Songs now mattered, not albums, and with the iTunes Store, Apple shifted the distribution of music from physical stores to downloads. The music business — and music listening — in 2014 bears little resemblance to that of 2001.

The iPod also changed Apple, converting the computer company into a consumer technology company, which is the source of its strength today.

iPhone: The end of the cell phone, the beginning of mobile computing
When the iPhone debuted in 2007, InfoWorld’s Tom Yager derided it as a $1,975 iPod, due to its required data plan. A year later, Apple debuted the App Store, and the iPhone was no longer an iPod that could make calls. Apple smartly created several rich apps — iMovie, GarageBand, Pages, Keynote, Numbers — that to this day are unrivaled as mobile apps and show that a smartphone isn’t a cellphone that supports email, as the once-dominant BlackBerry had been, but a computer in its own right. Apple had this vision back in 1993 with its Newton MessagePad, which clearly presages the iPhone of 2007.

Today, Android rules much of the smartphone world; like Windows used the Mac as inspiration, Android used the iPhone.

App Store: A digital store for a digital world
Remember when software was a digital thing on an analog disk? It was back before there was an app for that.

The App Store did more than distribute bits as bits: It introduced the notions of curated content (which developers hate but has kept iOS largely malware-free), and it made possible the notion that you buy apps that can run on multiple devices you own — a major break from traditional licenses. Apple understood early on that in a digital world, endpoints are federated, and the software industry needs to think beyond physical installations. Now, an app store is just the way it’s done, including at Google and Microsoft.

iPad: The PC, reinvented — and the TV, reinvented
There were tablets, or at least slates, on the original Star Trek TV series in the 1960s. In the modern PC era, there’ve been Windows tablets since at least the XP days, but all were flops.

The iPad changed that, becoming the first tablet that people wanted, and spawning a copycat industry (some copies pre-dated the iPad itself, based on rumors). But no one does it as well as the iPad.

Tablets now sell as many units as PCs do, and the iPad was the fastest-adopted mass technology in human history. Tablets can be your mobile PC, but they’re as likely to (also) be your personal TV, among other things. Amazing.

Touch: The gestures we all use came from Apple
It doesn’t matter what devices or operating systems you run, when it comes to touch gestures, they all work very much the same way — at core, Apple’s way. Apple has vigorously protected some gestures through patents, but the basic gestures it introduced on the iPhone are practically universal. They’ve become like mouse movements, used by everyone.

That universality has quickly let the gesture approach to computing take off, as both developers and users can focus less on learning the UI and more on, well, using it. Most of Apple’s impact has been on mobile devices, but its adaption of touch to computers via touch-enabled mice and trackpads probably means when touch PCs finally get popular, they’ll use Apple’s gestures, too.

Autodiscovery networking: Connecting a connected world
IT has long hated Apple networking technology because it’s chatty, inefficient, and not concerned about IT control. But if you want things to connect in the world of people, you count on Apple technology.

Want to share files or music on a Mac? It’s automatic, thanks to built-in discovery protocols. Want to print from an iPad or iPhone? Select a printer and let AirPrint do the work, no drivers needed. Want play music at someone’s house? Turn on AirPlay. (If they have an AirPlay-enabled device.) Video and presentations are likewise a snap. File sharing is follow these lines via AirDrop in ad hoc networks. And Handoff is a step in this direction for app interactions.

Apple knows the secret: It’s about connecting, not networking.

iBeacons: Contextual technology for the real world
Apple’s location-aware sensors are only a year old, so it’s too soon to call them a revolution, but I think they’re well poised to be.

It’s not the hardware that’s key, but the APIs and hooks in iOS that let an iPhone or iPad — and future devices — combine location information with both local and cloud data to open a new world for users. I’m sure that iBeacons, motion coprocessors, HealthKit, CloudKit, CarPlay, and other contextual technology are part of an Apple 3.0 that has just begun to emerge.

 

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

‘Bigger than Heartbleed’ Shellshock flaw leaves OS X, Linux, more open to attack

Well, this isn’t good. Akamai security researcher Stephane Chazelas has discovered a devastating flaw in the Unix Bash shell, leaving Linux machines, OS X machines, routers, older IoT devices, and more vulnerable to attack. “Shellshock,” as it’s been dubbed, allows attackers to run code on your machine after exploiting the flaw, but the true danger here lies in just how old Shell Shock is—this vulnerability has apparently been lurking in the Bash shell for years.

Why this matters: A large swath of the web-connected devices, web servers, and web-powered services run on Linux distributions equipped with the Bash shell, and Mac OS X Mavericks is also affected. The fact that Shellshock’s roots are so deep likely means that the vulnerability will still be found in unpatched systems for the foreseeable future—though the odds of it directly impacting you appear somewhat slim if you use standard security precautions.
MORE ON NETWORK WORLD: Free security tools you should try

Heartbleed redux

The news comes as the security community is just shaking off the effects of Heartbleed, a critical vulnerability in the widely used OpenSSL security protocol. “Today’s bash bug is as big a deal as Heartbleed,” says Errata Security’s Robert Graham, a respected researcher.

Hold your horses, Robert. Before we dive into dire warnings, let’s focus on the positive side of this story. Numerous Linux variants have already pushed out patches that plug Shellshock, including Red Hat, Fedora, CentOS, Ubuntu, and Debian, and big Internet services like Akamai are already on the case.

But Graham says Shellshock’s danger will nevertheless linger for years, partly because “an enormous percentage of software interacts with the shell in some fashion”—essentially making it impossible to know exactly how much software is vulnerable—and partly because of the vulnerability’s age.

“Unlike Heartbleed, which only affected a specific version of OpenSSL, this bash bug has been around for a long, long time. That means there are lots of old devices on the network vulnerable to this bug. The number of systems needing to be patched, but which won’t be, is much larger than Heartbleed.”

Now consider that more than two months after Heartbleed was disclosed, hundreds of thousands of systems remained vulnerable to the exploit.
Maybe not Heartbleed redux?

But don’t panic! (Or at least not yet.) While Heartbleed had the potential to be widely exploited, Jen Ellis of security firm Rapid7 says the Shellshock bug’s outlook isn’t quite as grim, even if it is rampant.

“The vulnerability looks pretty awful at first glance, but most systems with Bash installed will NOT be remotely exploitable as a result of this issue,” Ellis writes. “In order to exploit this flaw, an attacker would need the ability to send a malicious environment variable to a program interacting with the network and this program would have to be implemented in Bash, or spawn a sub-command using Bash.”

As a result, Ellis and Rapid7 urge keeping a level head about the bug.
“We’re not keen to jump on the ‘Heartbleed 2.0′ bandwagon. The conclusion we reached is that some factors are worse, but the overall picture is less dire… there are a number of factors that need to be in play for a target to be susceptible to attack. Every affected application may be exploitable through a slightly different vector or have different requirements to reach the vulnerable code. This may significantly limit how widespread attacks will be in the wild. Heartbleed was much easier to conclusively test and the impact way more widespread.”

While older Internet-connected devices (like, say, security cameras) seem to be likely victims of Shellshock, respected security researchers Michal Zalewski and Paul McMillan note that many embedded devices don’t actually use the Bash shell at all.

Beyond Linux-based systems, Graham and Ars Technica report that Mac OS X Mavericks contains a vulnerable version of Bash.

To test if your version of Bash is vulnerable to this issue, Red Hat says to run this command:

$ env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”

If the system responds with the following, then you’re running a vulnerable version of Bash and you should apply any available updates immediately:

vulnerable
this is a test

“The patch used to fix this issue ensures that no code is allowed after the end of a Bash function,” Red Hat reports. So rather than spitting out “Vulnerable,” a protected version of Bash will spit out the following when you run the aforementioned command:

$ env x='() { :;}; echo vulnerable’ bash -c “echo this is a test” bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x’ this is a test

What does this mean?

When it boils down to brass tacks, most major websites and modern gadgets you own likely won’t be affected by this Bash vulnerability, and Apple will no doubt patch the OS X implementation quickly. (Here’s a highly technical DIY fix for now.)

It’s impossible to know just how far this flaw reaches, and it’s likely to linger on in neglected websites, older routers, and some legacy Internet of Things devices—many of which are impossible to patch—providing an opening for determined hackers to sneak into those systems.

So what should you do? Here’s some actionable advice from security researcher Troy Hunt’s tremendous in-depth primer on Shellshock:

“In short, the advice to consumers is this: watch for security updates, particularly on OS X. Also keep an eye on any advice you may get from your ISP or other providers of devices you have that run embedded software. Do be cautious of emails requesting information or instructing you to run software – events like this are often followed by phishing attacks that capitalize on consumers’ fears.”

PCWorld’s guide to protecting your PC against devious security traps can help you I.D. bad actors, while Ian Paul has three tips for spotting malicious emails over at his Hassle-Free PC column.


 

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

 

 

How iOS 8 makes email, contacts, and calendars work better

8 cool and useful improvements to business communications on the iPad and iPhone

How iOS 8 makes email, contacts, and calendars work better
There are many amazing productivity apps for the iPad and iPhone, but the truth is that most people use iOS devices for business communications — what they do in Outlook on their computer. iOS 8 adopts several key Outlook features that have long been missing in mobile, and it adds a few twists that make business communications easier when on the go.

I tour those new communications capabilities here. Note that although I show iPad screens, they’re also available on the iPhone.

Mail: Manage email from the Notification Center
We all get emails we don’t need to pay attention to, from spam to minor replies in an email conversation. iOS 8 lets you trash emails or mark them as read without going to the Mail app. Now, you can manage them from the Notification Center or lock screen. Just swipe to the left over an email preview to get the Mark as Read and Trash buttons. As before, you can also tap a message to open it in Mail, for when you do need to engage with it.

Remember: You have to enable mail from whatever accounts you want to appear in the Notifications Center and/or lock screen. You do that in the Settings app’s Notifications pane.

Mail: Get alerts for message threads
Then there are times when you’re part of an important message thread, and you want to know when something new occurs. Sure, you’ll get the email in Mail and, if you enable it, in the Notification Center. But iOS 8 lets you designate specific message threads for special attention, notifying you when new messages arrive.

To do that, tap the Flag icon and choose Notify Me in the popover. That makes iOS 8 monitor for new messages in that thread. (You also use the Flag popover to stop notifications, with its Stop Notifying option.) In the Settings app’s Notification pane, you set how thread alerts are presented to you. In the Mail app’s mailbox list, tap Edit to enable a smart folder to collect thread notifications.

Mail: Set up out-of-office alerts for Exchange

It’s long frustrated me that I can set up out-of-office alerts for Exchange accounts from the Mac’s Mail application but not iOS’s Mail. Now I can, and so can you. Say bye-bye to that awkward Outlook Web Access browser interface on your iOS device.

You set up out-of-office notifications in the Settings app’s Mail, Contacts, Calendars pane. Tap your Exchange or Office 365 account, then tap Automatic Reply to open the form shown here. It has the same options as Microsoft’s OWA for iPad app: You can set an end date and a reply that everyone sees when they email you during that period.

Note: This feature is available only for Exchange accounts, not iCloud, Gmail, or IMAP.

Mail: Add new information to Contacts
Apple has long used data detectors to scan emails for actionable info such as phone numbers, addresses, flight numbers, tracking codes, and dates. Tap the information on your Mac or iOS device to have Apple act on it for you, such as create an event in Calendar or open the FedEx website to track a package.

iOS 8 takes data detectors to a new level. If it detects contact information in an email, such as from an email signature, it looks in your Contacts app to sees if that information is also there. If not, it lets you create a new contact from it or add new info to an existing contact, with a toolbar that displays at the top of the email message.

Contacts: Quickly connect to recent contacts
If you double-tap the Home button to open the App Switcher, where you can navigate among running apps, in iOS 8 you’ll now see the Recents row of people you’ve interacted with recently via FaceTime or Messages (or, on the iPhone, that you spoke with). Tap a person’s icon to get a menu of connection options: Messages, FaceTime video, FaceTime audio, and (on an iPhone) Phone. Then tap the desired option to initiate that connection.

If you don’t want to use this feature, go to the Settings app and turn off the Show in App Switcher option in the Contacts section of the Mail, Contacts, Calendars pane.

Calendar: See if people are free for a meeting
If you use the Exchange server from a computer with the Microsoft Outlook client (as most businesses do) or Apple Mail client, you know how handy it is to see if people you are inviting to a meeting are actually free. (Both applications use Exchange’s ability to check the schedules of other Exchange users in your company to do this lookup. Sorry, it doesn’t work with Google Calendar or iCloud.)

iOS 8’s Calendar app can do it too. When you invite fellow Exchange users to a meeting on your Exchange calendar, the Invitees popover automatically shows if there are any scheduling conflicts. It even proposes dates and times that would work better based on people’s availability. No scheduling conflict? Then nothing displays.

Calendar: Keep your schedule private
It’s great that Exchange can look up colleagues’ calendars to make scheduling easier. But it’s not so great that they can see personal information such as medical appointments you keep on the calendar, so they know not to schedule meetings with you at those times.

The Outlook and Apple Mail clients on the desktop, like Microsoft’s OWA for iPad, let you mark an Exchange event private, so people see you’re busy but not why. Calendar in iOS 8 now adds the same option when setting up events in your Exchange calendar. (It doesn’t work with Google Calendar or iCloud.)

Messages: Opt out of conversations
Text messaging is great, but sometimes you want to mute a conversation so that you’re not constantly pinged with notifications about new messages — especially in group conversations. But if you turn on Do Not Disturb, you no longer get notifications for any app.

iOS 8 to the rescue: It lets you selectively turn Do Not Disturb On for individual conversations in Messages, allowing you to opt out of notifications for a chatty conversation while still seeing notifications for the rest. Tap Details (a new option in the Messages app) for a selected conversation; then turn on Do Not Disturb to mute notifications for that conversation. (You’ll still see the conversation in the Messages app.) Turn off the switch to resume getting notifications for that conversation.

 

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

 

 

Sneak Peek: New features coming to Internet Explorer

Microsoft’s new Developer Channel offers glimpse into upcoming features of IE.
Microsoft recently released a “Developer Channel” edition of Internet Explorer, launching a new way in which upcoming features will be previewed, and laying the groundwork for a business strategy focusing on web services. Here’s what you need to know about the future of Internet Explorer.

Developer Channel version offers sneak peek at new features
Though it’s available for the public to freely download and install, Internet Explorer Developer Channel is not meant for everyday use, whether business or casual. As its label implies, IE DC is primarily geared toward developers with which to play around. But anyone can try out the browser to see what new features are being worked on by the IE development team.

No more betas
Instead of releasing betas, the IE development team will update IE DC with the latest features, fixes and optimizations. Throughout this process, you’ll be able to keep up with the work-in-progress of IE by downloading the most current release of IE DC. When the IE team determines this code is ready for public consumption, it will then be rolled out as the next version of IE.

Compatibility is limited to Win 7/8.1
IE DC is available for Windows 7 and Windows 8.1 only. Either OS also must have Internet Explorer 11 installed on it. You should probably also ensure your Windows 7 or Windows 8.1 system has the latest official updates for the OS installed, as recommended by Windows Update, prior to installing IE DC.

Caveats
IE DC runs within a virtualization system, which keeps the browser in a “sandbox” operating separately from the rest of your Windows environment. This is for reasons of security. The consequences are that IE DC cannot share add-ons or settings that you already have in place with your installation of IE 11; IE DC may run slower than IE 11; and it cannot be used as the default browser.

Tracking features in development
The IE development team set up a web page where you can follow the latest features they’re working on to possibly add to future versions of IE. It also lists features that are already in the most recent final releases of the browser, and ones they are considering, but not officially developing yet. You can easily set this list to show only features that are in development, under consideration, under which version number of IE they first appeared, or their interoperability with the other major web browsers.

New features in IE DC
As of this writing, release of IE DC includes only a few new technologies being actively worked on. Two are interesting for the average user: GamePad and WebGL Instancing. They obviously tell that the IE development team is expanding the capabilities of the browser for gaming. (WebGL Instancing utilizes a system’s GPU, graphics processing unit, to more efficiently draw copies of an object without hitting up the system CPU for this task.) These technologies could alternately be integral for less leisurely pursuits, like using a controller to interact with a productivity web app.

Features in development
Other technologies listed as “In Development” (which also means they are not yet implemented into the actual IE DC browser) include Media Capture and Streams, and Web Audio. The first indicates a web app in IE would be able to access audio or video from your computer’s or device’s mic or webcam. Web Audio would enable a web app to produce audio through JavaScript.

Features that are being considered
Listed as “Under Consideration” are features that point to granting web apps even more access to control or receive feedback from the hardware of a computer or device (Ambient Light Events, Battery Status, Vibration). Web apps could also be allowed to encode audio or video from within the browser (MediaRecorder), incorporate speech recognition and synthesis (Web Speech), and manipulate the local files on a Windows system (Drag and Drop Directories, FileWriter).

End of numbered versions?
This new system of providing early looks at IE under a continuous development cycle could suggest Microsoft may de-emphasize version numbering. If this happens, then, as far as the general public is concerned, the upcoming 12th release of IE could be referred to by Microsoft as simply “Internet Explorer.” As for new features, IE appears to be becoming a more technologically capable browser for using with sophisticated web apps. The IE development team isn’t just looking to make a better browser; they’re aiming to make Internet Explorer a better web app platform.

 

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

 

Apple now emailing users when iCloud accessed via Web

It’s one of several security improvements expected from the company following its involvement in last week’s celebrity photo theft

In the wake of last week’s theft of celebrity photos, Apple has started beefing up security for its iCloud service. The move, part of improvements also promised by Apple CEO Tim Cook last week, comes just a day before one of the company’s biggest events of the year.
icloud security logout

On the Web, iCloud’s advanced account settings allow you to log out all currently logged in sessions.

As first reported by MacRumors, Apple will now send iCloud users an email whenever they (or someone purporting to be them) log into iCloud.com via a Web browser. This seems to happen even if the browser and computer in question are ones that a user has previously logged in with. Apple’s email advises users to change their Apple ID password if they believe someone else is accessing their account. (As an additional tool, iCloud’s Web interface does provide the ability to log out every currently logged in browser in its Account Settings > Advanced.)

Granted, in my brief test, the email arrived ten minutes after I logged in, which could still give an interloper plenty of time to do some damage. Currently iCloud’s Web interface does not have the option to require two-step authentication when logging into your account.
icloud security login

Apple now sends you an email, notifying you when someone has logged into your iCloud account via the Web.

Given the broad publicity over this security issue, it seems likely Apple will take at least some time at Tuesday’s event to respond and potentially discuss what measures are being taken to ensure the security of its users. No doubt the company hopes that this incident won’t overshadow what most assume to be the launch of the next iPhone.


Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

 

Let’s scuttle cybersecurity bachelor’s degree programs

It may sound counterintuitive, but the way to increase the number of cybersecurity professionals is not to start granting degrees in cybersecurity

I suppose it sounds logical.

We’re hearing that the best way to deal with the shortage of cybersecurity professionals is to funnel students into cybersecurity degree programs.

And while we’re at it, let’s address the problem of all those hackers who are thinking outside of the box by recruiting them for these degree programs.

Unfortunately, the logic of these statements is about a micron thick.

Let’s look at those cybersecurity degree programs first. In no other computing discipline do you have a specialized degree program. You do not earn a bachelor’s degree specifically in software engineering, computer graphics, artificial intelligence, database management, systems administration, Web applications programming or project management. Why should there be a bachelor’s degree specific to cybersecurity? (And please note that I am talking about undergraduate cybersecurity programs, not graduate-level programs.)

There shouldn’t be. Security professionals need to function in a variety of disciplines. They can be called upon to evaluate software for security vulnerabilities, to determine whether a user interface is suffering from information leakage, to design secure databases, to secure operating systems, to assess and shore up the security of websites, to incorporate security requirements into new developments and so on. The person you ask to do all of those things needs to be well rounded. But a cybersecurity degree program offers many security classes at the expense of classes that would normally be required to get a general degree in computer science or information systems.

With exceptions like architecture and nursing, bachelor’s degree programs are not intended to be trade schools. The best college degrees strive to help people have a broad understanding of not just their field, but culture in general. Personally, the skills that have helped me most in the cybersecurity field did not come from computer courses, but from the mandatory writing and business classes I took, which taught me to be a better communicator and how to determine what was valuable to decision-makers.

To paraphrase Jim Rohn, the value of going to college is not in the degree you are awarded, but in what you had to become to earn that degree.

My feelings about cybersecurity degree programs isn’t bias of the “that’s not how it was done in my day” variety. I sincerely believe that cybersecurity degree programs are producing graduates inadequately prepared for the positions they believe they are training for, and quite possibly compromised in their ability to get any job at all.

Consider the National Security Agency, a promoter of the cybersecurity degree movement and a highly coveted employer in the field. The NSA designates some cybersecurity degree programs as Centers of Excellence in Information Assurance Education. So, the graduates of those programs should have no problem getting hired by the NSA in a cybersecurity capacity, right? Well, maybe not. Take a look at the NSA’s cybersecurity professional development program. It wants people with strong programming skills. But many cybersecurity undergraduate programs do not offer any programming coursework. It’s been cut out to make room for more classes in things like writing security policies.

Now, a general degree in computer science can pretty much qualify a person for any entry-level position in the computer profession, including a cybersecurity position. But a person with a highly specific degree may have a problem getting a broader position. And I don’t think new graduates armed with a bachelor’s degree in cybersecurity are going to want to limit themselves to that relatively small subset of available jobs.

Think of it from a hiring manager’s perspective. She has an opening for a database manager and must choose between two candidates. One has a general CS degree, and his studies included classes in database management. The other has a cybersecurity degree, but though he says he can write a database management security policy, he never took a course in database management. Welcome aboard, CS graduate!

While you might contend that the cybersecurity graduate will look for the plethora of cybersecurity job openings, and not a database management position, this first assumes that the new graduate wants to limit themselves to a very specific, and small, subset of computer related job openings. Again, they will still be competing with general computer degree holders.
My Magic Wand

If I could wave a wand to fix the problem of a lack of information security knowledge in college graduates, I would have the NSA and other stakeholders invest their time and money not in developing Centers of Excellence, but in influencing computer science and information systems departments to incorporate security into all relevant courses and degree programs.

This is actually the direction recommended by the Association for Computing Machinery and the IEEE Computer Society in their most recent update to their recommended curriculums for computer science programs and for information systems programs.

Unfortunately, I recently reviewed introductory computer science courses from a wide variety of prestigious universities, and none of the courses that I looked at seemed to be implementing the guidance. Incidentally, in the course of doing some volunteer work, I spoke to some college officials about adding a security course to their curriculum. Next to impossible, they said, since curriculums go through lengthy approval processes. To get a course to include security, you have to find a textbook that covers the subject. Good luck. Few of the most popular textbooks used in computer science classes have even one chapter devoted to security, and many have no specific content. Some of the newer introductory IS textbooks cover security to some extent, but I have yet to see any detailed security content in textbooks for advanced courses.

So, magic wand, let the NSA and other organizations begin to write content for such textbooks, and then offer grants to colleges to enhance their curriculums.

The issue is to create not a handful of people who have a little extra specialized education, but to ensure that the future computer professional community, as a whole, at least has the fundamental knowledge to begin proactively securing their work products.
Thinking Inside the Box

And what about the idea that the graduates of cybersecurity programs should be drawn from students who somehow are better at thinking outside of the box? Quite simply, it is a notion that is grossly ignorant of what has actually been working for decades.

Until recently, the NSA had never hired anyone with a cybersecurity degree. And yet the NSA is widely considered to be the world’s leader in information security and information warfare. How then did the NSA establish such pre-eminence in the field?

It searched among its employees for high-caliber people and then cross-trained them. It is that simple. The NSA continues to do so in many fields, including information assurance.

But will cybersecurity degree programs give the NSA and other employers people who think outside of the box? And will such new graduates have an edge over experienced professionals? No; that is frankly delusional. The proponents of such nonsense argue that hackers are able to get through the strongest security countermeasures by dint of some unique thought processes.

Wrong. Teenagers have been able to break into systems not because of superior skills, but because the people running the systems in question have inadequate professional security training. The hackers aren’t thinking outside of the box; they are just thinking about the task at hand.

Skilled professionals are not usually asked to break into computer systems. As a rule, violating laws is not their task at hand. But look at what happens when you make it their job. When I recruit a new trainee for penetration testing, I look for the smartest, most experienced computer professional available — not a teenager. When I tell them what I want them to do, they’re generally shocked. They have never applied their skills to such a purpose. But after they get over the surprise, they do things that make my head spin. What they tend to do is to perfect the attacks that they have had experience repelling on a regular basis, and incorporate their detailed knowledge of operating systems gained from years of administering systems.

(Some IT professionals do indeed pursue such activities as part of their job, but we only catch glimpses of the successes of these U.S. government “hackers,” who break into highly secure foreign government systems, such as Iraqi air defense systems. They were also prepared to cripple the Iraqi financial system. There are also claims that U.S. cyberwarriors designed the Stuxnet virus to damage Iran’s nuclear capability. These hackers accomplish tasks that teenagers think are science fiction. Their exploits are just rarely publicized.)

But we give young hackers more than their due. Some people say we should harness their supposedly superior knowledge of security and recruit them to protect the systems they break into. Need I point out the absurdity of this idea? It is akin to thinking that just because some idiot is capable of stealing a car and crashing it into a wall, he should have the skills to fix the damage. I’m sorry, but anyone claiming that the idiot could fix the car should likewise be thought an idiot. It is exponentially easier to break something than it is to fix it, especially when computers are concerned.
The System Ain’t Broke

I find the idea that what the U.S. government really needs is a crop of new cybersecurity graduates to be insulting to the hundreds of thousands of current government computer professionals. The government needs to stop this nonsense and focus on expanding programs to cross-train highly skilled and immediately available workers.

Similarly, private organizations need to properly invest in their staffs. Just as they expect to train new employees in their job functions, they need to expect to have to invest in the training of their cybersecurity professionals.

What we need are not a bunch of cybersecurity degree holders, but a willingness to invest in current employees. Employees who earned a broad-based CS degree and then gained years of experience on the job are quite simply a better resource than a green graduate.

Don’t get me wrong. I have nothing but admiration for the young people who are pursuing cybersecurity degrees. Most of these degree programs are tailored to part-time students, who usually have to juggle full-time jobs, coursework and a family life during a program that can take more than seven years to complete. That demonstrates true character and perseverance, which is more important than skills. However, a breadth of knowledge is still more important than the topic of the degree.

Unfortunately, the colleges are often selling these people hype, not reality. For example, one college is telling people that they are training them to be cyberwarriors, while the actual coursework teaches them to write security policies, not to be hands-on practitioners. This is like telling someone that you are training him to be a Navy SEAL, while you are only training him in logistics, qualifying him at best to be a quartermaster for the SEALs.

When you come right down to it, though, there is little in the world of information security that is more valuable than experience. And new graduates nearly always lack it to any significant degree. Just think about someone who takes a class in security policy. Say there are 15 class sessions that average three hours each. Then let’s generously assume that the student does 115 hours of work outside of class. By putting in 160 hours, the student can rightly be said to have worked hard for his grade. But all that time is still the equivalent of just four workweeks. Would you trust someone with that level of experience to develop a policy document for a large office or to meet some regulatory compliance standard? Clearly not. It is nice that they have this experience, but it just makes them better than a person with no experience at all.

Undergraduates don’t have expertise in their major; they have a slightly enhanced background. As for being qualified to combat the most elite hackers in the world, well, what exactly in a degree program that focuses on policies is preparing you to take on the hackers?

If the NSA and other parties want to reward promising students with scholarships for studying cybersecurity, then they need to think long and hard about what they expect to gain from such programs.

Scholarships are great. I believe in giving a hand to young people who show aptitude. But highly targeted scholarships can go wrong when the grantors expect to get certain results in return. And just consider some of the ways they could be disappointed in the results of their cybersecurity scholarship programs.

First of all, up to 80% of college students change their majors in college at least once. This means that as many as 80% of the people who receive cybersecurity scholarships are likely to not want to be in the cybersecurity profession by the time that they earn their undergraduate degrees.

Worse, in a way, are the incompatible goals of an organization such as the NSA. It wants to give cybersecurity scholarships in particular to young people who have a tendency to think outside of the box. The funny thing about young people who think outside of the box: They often do things that will disqualify them for the security clearance they will need to get a job at the NSA.
Opinion by Ira Winkler

Let’s say that they are encouraged to develop their hacking skills. Will they resist the urge to use those skills, or will they do something like join up with Anonymous? If they do, the NSA is not going to get the benefit of their education in cybersecurity. Even more common, though, are young people who download music and other intellectual property illegally. I have heard that this has become a reason for denying clearances. What I hear is that there is a floor in the value of what was downloaded for a clearance to be denied. OK, but students who were selected because they are on the edge are probably more likely than other students to breach that floor.

When you come right down to it, there is more than a little bit of wishful thinking in this entire drive toward granting cybersecurity degrees. This is actually a case where the thing that we have been doing for years, specifically taking high-caliber people and cross-training them for cybersecurity roles, is a better approach than what has been proposed to replace it. It puts highly skilled people to immediate use, solving immediate problems. We simply have to fully commit ourselves to expanding a proven model, instead of grasping on to what is literally a science fiction plot and hoping we will get results many years from now.

 


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

Tech giants appeal settlement decision in Silicon Valley hiring case

Attorneys for Google, Apple, Adobe Systems and Intel have appealed a judge’s decision to throw out a proposed settlement in Silicon Valley’s employee hiring case.

Attorneys for the companies filed a petition Thursday evening with the U.S. Court of Appeals for the 9th Circuit, appealing Judge Lucy Koh’s recent decision to throw out a proposed US$324.5 million settlement. Plaintiffs in the class-action case, Silicon Valley technology workers, accuse executives at the companies of conspiring not to hire each other’s workers between 2005 and 2009, which they say suppressed their wages and restricted their mobility.

Federal district court Judge Koh rejected the settlement in early August, on the grounds that it was too low given the strength of the evidence—specifically emails between executives—that would support a trial. That decision was a “clear error as a matter of law,” attorneys wrote in the Thursday filing.

“The district court applied a mechanical formula that overrode sensitive judgements of the class’s own counsel based on confidential information regarding the serious risks posed by their claims and their chances of success at trial,” it said.

“The ruling will inflict significant harm on all parties and the class action procedure,” it said.

A proposed start date for a trial has already been set for Jan. 12. Attorneys for both the defendants and plaintiffs have until Monday to file a joint statement regarding the proposed pretrial and trial dates.

If there is a trial, the reputations of several major technology companies could be re=evaluated, particularly if executives like Google executives Larry Page or Eric Schmidt take the witness stand.

Google and Intel declined to comment beyond the filing. Apple and Adobe did not immediately respond for comment.


Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

 

 

How to Identify Soft Skills in IT Job Candidates

As IT departments are called upon to play larger, more public roles in today’s businesses, the skill set of the ideal IT employee has changed. How can companies identify whether a job candidate has the ‘soft skills’ to bridge the gap between IT and the rest of the business?

IT is out of the backroom and in the front office – so it’s time to hire candidates who match that new reality.

This presents a vexing problem for both recruiters and employers alike. In a recent survey, the National Association of Colleges and Employers found that employers look for candidates who are decisive, can solve problems, are good communicators and are analytical.

That need is the same for technology hires. Given how the role of IT has changed, employers see soft skills mattering more than ever.

“IT is no longer in the back room with the lights off writing code,” says John Reed, senior executive director at Robert Half Technology, an international technology recruiting and staffing company. “IT is in the room with the business leaders when decisions are made.”

It’s also important to consider whether your IT people are working directly with customers or internally with other employees, says Tammy Browning, senior vice president of U.S. field operations for Yoh, a consulting organization that provides IT talent.

“The heads-down IT person who’s just programming is becoming less and less attractive to employers, because you have to be able to communicate with your business partners or their customers,” Browning says.

What Soft Skills Do IT Workers Need?
Reed says you want your IT people, whether they’re servicing external customers or employees within the company, to be able to communicate efficiency, understand business issues and offer resolutions, and possess problem-solving skills.

A separate survey conducted by the Workforce Solutions Group at St. Louis Community College found that 60 percent of employers say applicants lack “communication and interpersonal skills.” According to the report, this is up 10 percent from two years ago. “Many people tell me they’re looking for someone who has almost a customer service mindset,” Reed says.

Browning says she looks for candidates who can act almost like consultants – people who “can really coach non-IT people on how to articulate their needs.” She wants people who can reverse engineer a solution to a problem for someone, or even change the mindset of a person who says she needs A but would really do better using Z – even if Z hasn’t been created yet.

“In IT, it’s important to go to the non-IT people who don’t understand what technology can actually do,” Browning says. That’s where soft skills in an IT person come into play.
How to Identify a Candidate’s Soft Skills in the Interview?

This isn’t always easy. At the recent Microsoft Worldwide Partner Conference, Reed says he found that soft skills were a clear differentiator in tech candidates. But soft skills are hard to find.

Beyond asking potential tech hires about their hard skills and abilities, include questions that you’d ask people you’re hiring in any other part of the company. “IT should come out of behavioral interviewing,” Reed says.

In talking about past work experience, or suggesting hypothetical situations, follow up with questions such as the following:

“What was your approach to resolving that issue?”
“Talk to me about scenarios you’ve had previously where you’ve been put in this position.”
“How did you use your analytical skills to solve those problems?”

Reed says this is “a very different interview process for a lot of people in tech.” While you may ask a candidate to architect a tech infrastructure on a whiteboard, make sure to follow up with questions that will help you see how that person would work with a team or interact with customers. Spend as much time in the interview on both hard and soft skills, he says.
What About People Who Aren’t Actively Looking for a Job?

If you’re recruiting from a pool of people who aren’t active job seekers, you can also look at a possible candidate’s interests and activities outside of their work lives, says Pete Kazanjy. He’s the co-founder of TalentBin by Monster, a company that recruiters use to find what TalentBin calls “unfindable passive candidates” – people who companies want to hire but who aren’t actively looking to change jobs.

“Individuals signify this kind of information naturally by virtue of what they’re doing on the Web as opposed to a more artificial approach that’s associated with LinkedIn or posting a resume,” Kazanjy says.

For example, in addition to being part of an Oracle Database group on MeetUp.com, the person may also be involved in mentoring programs or active in Oracle forums helping other people solve problems. This indicates that he or she would be a good mentor within your company and open to problem-solving activities, he says.

At the same time, someone who picks fights on Twitter or blogs about hating his or her current coworkers may not be the right person to call in for an interview, Kazanjy says. “Those are the sort of things that may fall out in the interview process and reference checking.”


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com