Archive for the ‘Tech’ Category

Six entry-level cybersecurity job seeker failings

Here’s how many cybersecurity entry-level job seekers fail to make a great first impression.

When it comes to hiring, enterprise security teams can use all of the help that they can rally. But when it comes to hiring entry-level talent, that’s not as easy as it may seem.

According to a poll last summer of 1,000 18–26 year olds conducted by Zogby Analytics and underwritten by Raytheon, about 40 percent of Millennials reported they would like to enter a career that makes the Internet safer, but roughly two-thirds of them said they aren’t sure exactly what the cybersecurity profession is, and 64 percent said that they did not have access to the classes necessary to build the skills required for a career in information security.

That means, at least when it comes to the entry-level information security market, that there will be many job applicants continuing to enter the field with backgrounds that lack formal information security training. This echoes what we hear when we speak with CISOs and others who often hire security talent.

With all of this in mind, we recently reached out to those CISOs to see if there was a common thread of mistakes among information security career newcomers who are in the job market. Here’s what we found:

1. Fail to show oneself as a team player
Sounds like a no-brainer, right? But it’s not. Many of the hiring executives we spoke with say that personality can – and often does – trump technical assets. This is especially true as more and more information security roles interface with the rest of the business. It’s essential that applicants be themselves – amiable, articulate, and able to prove that they can work with different areas within the organization.

2. Sell one’s self as a jack-of-all-trades
“Entry level applicants across almost all verticals of information security make the mistake of trying to be a one-size-fits-all candidate,” says Boris Sverdlik, head of security at Oscar Insurance. “Security is broken up across many verticals and even among those who are experienced, it’s almost impossible to be well versed in all aspects,” he says. “The most annoying candidate is the arrogant know-it-all,” says Brian Martin, founder atDigital Trust, LLC. “I don’t mind arrogance when it’s earned, but not in a kid who’s never been tested. In cases where we’ve tried to work with these types, it hasn’t ended well.”

If you have interests in many skills in information security, highlight a couple that best meet the needs of the organization.

3. Falling flat on job search and interviewing basics
For many CISOs, such as Martin Fisher, manager of IT security at Northside Hospital, it is common for potential hires to harm themselves by flunking the basics of job seeking. “On resumes, misspell HIPAA, and I’ll toss the resume,” Fisher says. He also says that he too often encounters typos, punctuation errors, and resumes laden with information that’s not relevant to the role being offered.
INSIDER: 15 ways to screw up a job interview

Mike Kearn, principal security architect at US Bank, cited what job seekers don’t do when it comes to the basics of interviewing. “When I offer them an opportunity near the end of the interview to ask me anything, and I emphasize the word ‘anything,’ the majority ask me softball kinds of questions about culture or why I like working there. Missed opportunity on their part,” he says.

4. Believe certifications and degrees matter more than practical skills
“Many think that I care more about their degree or certifications than actual skills,” Kearn says, while others are under the misguided assumption that a degree or a certification equals a job. It doesn’t.”

Likewise, many entry-level applicants think technology is the hammer to squash every security risk nail. “Too many think that the solution to most problems is a technology control, rather than people and processes,” says Eric Cowperthwaite, former CISO for Providence Health and Services and currently advanced security and strategy VP at Core Security Inc.

Ben Rothke, senior eGRC consultant at Nettitude Group and former CISO, agrees. “The technology tools they have experience with are the definitive techniques for approaching information security. Not every security problem can be fixed by a firewall or IDS,” says Rothke.

5. Stretch the truth
This one certainly isn’t exclusive to information security, but it is especially silly to try to pull this off on experience security professionals who tend to be a suspicious bunch by nature. “You’ll notice that they tend to exaggerate their experience to impress hiring managers; some range from slight fibs to full-blown lies,” says Sverdlik.
Have you ever caught a candidate in a lie?

Yes, but yet they continued with the charadeYes, and they admitted to it No VoteView ResultsPolldaddy.com

Kearn concurs: “A lot of them attempt to inflate or enhance their resume by saying they know someone and are connected via LinkedIn. But when I press them on it, because I actually know the individual personally, they cave almost immediately.”

6. Don’t understand the highly interpersonal nature of infosec
Many entry-level applications come from workers in small businesses, and they are not prepared for or don’t seem to understand how large enterprises function. That’s fine, and part of the learning process for new professionals – but keep an open and learning mindset when it comes to practicing information security at a larger enterprise. “A lot of people have expressed ways to do business that simply won’t work in a large enterprise. Typically, the person would be very direct toward people who want an exception to security policy, avoid collaboration, avoid discovering why the person wants the exception, and just dictate behavior,” says Cowperthwaite.

“They often don’t realize that their excitement and sometimes irrational exuberance around all things information security is not shared by most people in the organization,” Rothke says.

In the end, perhaps the most important thing is to be one’s self. “Show that you have a passion for security, be it examining logs, performing code review or risk assessments, or even administering security appliances. If you are good at critical thinking and have a good technical background, learning the rest is easy,” says Sverdlik.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

7 timeless lessons of programming ‘graybeards’

Heed the wisdom of your programming elders, or suffer the consequences of fundamentally flawed code

In one episode 1.06 of the HBO series “Silicon Valley,” Richard, the founder of a startup, gets into a bind and turns for help to a boy who looks 13 or 14.

The boy genius takes one look at Richard and says, “I thought you’d be younger. What are you, 25?”

“26,” Richard replies.

“Yikes.”

The software industry venerates the young. If you have a family, you’re too old to code. If you’re pushing 30 or even 25, you’re already over the hill.

Alas, the whippersnappers aren’t always the best solution. While their brains are full of details about the latest, trendiest architectures, frameworks, and stacks, they lack fundamental experience with how software really works and doesn’t. These experiences come only after many lost weeks of frustration borne of weird and inexplicable bugs.

Like the viewers of “Silicon Valley,” who by the end of episode 1.06 get the satisfaction of watching the boy genius crash and burn, many of us programming graybeards enjoy a wee bit of schadenfraude when those who have ignored us for being “past our prime” end up with a flaming pile of code simply because they didn’t listen to their programming elders.
ALSO ON NETWORK WORLD: How to lure tech talent with employee benefits, perks

In the spirit of sharing or to simply wag a wise finger at the young folks once again, here are several lessons that can’t be learned by jumping on the latest hype train for a few weeks. They are known only to geezers who need two hexadecimal digits to write their age.
Memory matters

It wasn’t so long ago that computer RAM was measured in megabytes not gigabytes. When I built my first computer (a Sol-20), it was measured in kilobytes. There were about 64 RAM chips on that board and each had about 18 pins. I don’t recall the exact number, but I remember soldering every last one of them myself. When I messed up, I had to resolder until the memory test passed.

When you jump through hoops like that for RAM, you learn to treat it like gold. Kids today allocate RAM left and right. They leave pointers dangling and don’t clean up their data structures because memory seems cheap. They know they click on a button and the hypervisor adds another 16GB to the cloud instance. Why should anyone programming today care about RAM when Amazon will rent you an instance with 244GB?

But there’s always a limit to what the garbage collector will do, exactly as there’s a limit to how many times a parent will clean up your room. You can allocate a big heap, but eventually you need to clean up the memory. If you’re wasteful and run through RAM like tissues in flu season, the garbage collector could seize up grinding through that 244GB.

Then there’s the danger of virtual memory. Your software will run 100 to 1,000 times slower if the computer runs out of RAM and starts swapping out to disk. Virtual memory is great in theory, but slower than sludge in practice. Programmers today need to recognize that RAM is still precious. If they don’t, the software that runs quickly during development will slow to a crawl when the crowds show up. Your work simply won’t scale. These days, everything is about being able to scale. Manage your memory before your software or service falls apart.

The marketing folks selling the cloud like to pretend the cloud is a kind of computing heaven where angels move data with a blink. If you want to store your data, they’re ready to sell you a simple Web service that will provide permanent, backed-up storage and you won’t need to ever worry about it.

They may be right in that you might not need to worry about it, but you’ll certainly need to wait for it. All traffic in and out of computers takes time. Computer networks are drastically slower than the traffic between the CPU and the local disk drive.

Programming graybeards grew up in a time when the Internet didn’t exist. FidoNet would route your message by dialing up another computer that might be closer to the destination. Your data would take days to make its way across the country, squawking and whistling through modems along the way. This painful experience taught them that the right solution is to perform as much computation as you can locally and write to a distant Web service only when everything is as small and final as possible. Today’s programmers can take a tip from these hard-earned lessons of the past by knowing, like the programming graybeards, that the promises of cloud storage are dangerous and should be avoided until the last possible millisecond.
Compilers have bugs

When things go haywire, the problem more often than not resides in our code. We forgot to initialize something, or we forgot to check for a null pointer. Whatever the specific reason, every programmer knows, when our software falls over, it’s our own dumb mistake — period.

As it turns out, the most maddening errors aren’t our fault. Sometimes the blame lies squarely on the compiler or the interpreter. While compilers and interpreters are relatively stable, they’re not perfect. The stability of today’s compilers and interpreters has been hard-earned. Unfortunately, taking this stability for granted has become the norm.

It’s important to remember they too can be wrong and consider this when debugging the code. If you don’t know it could be the compiler’s fault, you can spend days or weeks pulling out your hair. Old programmers learned long ago that sometimes the best route for debugging an issue involves testing not our code but our tools. If you put implicit trust in the compiler and give no thought to the computations it is making to render your code, you can spend days or weeks pulling out your hair in search of a bug in your work that doesn’t exist. The young kids, alas, will learn this soon enough.

Long ago, I heard that IBM did a study on usability and found that people’s minds will start to wander after 100 milliseconds. Is it true? I asked a search engine, but the Internet hung and I forgot to try again.

Anyone who ever used IBM’s old green-screen apps hooked up to an IBM mainframe knows that IBM built its machines as if this 100-millisecond mind-wandering threshold was a fact hard-wired in our brains. They fretted over the I/O circuitry. When they sold the mainframes, they issued spec sheets that counted how many I/O channels were in the box, in the same way car manufacturers count cylinders in the engines. Sure, the machines crashed, exactly like modern ones, but when they ran smoothly, the data flew out of these channels directly to the users.

I have witnessed at least one programming whippersnapper defend a new AJAX-heavy project that was bogged down by too many JavaScript libraries and data flowing to the browser. It’s not fair, they often retort, to compare their slow-as-sludge innovations with the old green-screen terminals that they have replaced. The rest of the company should stop complaining. After all, we have better graphics and more colors in our apps. It’s true — the cool, CSS-enabled everything looks great, but users hate it because it’s slow.
The real Web is never as fast as the office network

Modern websites can be time pigs. It can often take several seconds for the megabytes of JavaScript libraries to arrive. Then the browser has to push these multilayered megabytes through a JIT compiler. If we could add up all of the time the world spends recompiling jQuery, it could be thousands or even millions of years.

This is an easy mistake for programmers who are in love with browser-based tools that employ AJAX everywhere. It all looks great in the demo at the office. After all, the server is usually on the desk back in the cubicle. Sometimes the “server” is running on localhost. Of course, the files arrive with the snap of a finger and everything looks great, even when the boss tests it from the corner office.

But the users on a DSL line or at the end of a cellular connection routed through an overloaded tower? They’re still waiting for the libraries to arrive. When it doesn’t arrive in a few milliseconds, they’re off to some article on TMZ.

On one project, I ran into trouble with an issue exactly like Richard in “Silicon Valley” and I turned to someone below the drinking age who knew Greasemonkey backward and forward. He rewrote our code and sent it back. After reading through the changes, I realized he had made it look more elegant but the algorithmic complexity went from O(n) to O(n^2). He was sticking data in a list in order to match things. It looked pretty, but it would get very slow as n got large.

Algorithm complexity is one thing that college courses in computer science do well. Alas, many high school kids haven’t picked this up while teaching themselves Ruby or CoffeeScript in a weekend. Complexity analysis may seem abstruse and theoretical, but it can make a big difference as projects scale. Everything looks great when n is small. Exactly as code can run quickly when there’s enough memory, bad algorithms can look zippy in testing. But when the users multiply, it’s a nightmare to wait on an algorithm that takes O(n^2) or, even worse, O(n^3).

When I asked our boy genius whether he meant to turn the matching process into a quadratic algorithm, he scratched his head. He wasn’t sure what we were talking about. After we replaced his list with a hash table, all was well again. He’s probably old enough to understand by now.
Libraries can suck

The people who write libraries don’t always have your best interest at heart. They’re trying to help, but they’re often building something for the world, not your pesky little problem. They often end up building a Swiss Army knife that can handle many different versions of the problem, not something optimized for your issue. That’s good engineering and great coding, but it can be slow.

If you’re not paying attention, libraries can drag your code into a slow swamp and you won’t even know it. I once had a young programmer mock my code because I wrote 10 lines to pick characters out of a string.

“I can do that with a regular expression and one line of code,” he boasted. “Ten-to-one improvement.” He didn’t consider the way that his one line of code would parse and reparse that regular expression every single time it was called. He simply thought he was writing one line of code and I was writing 10.

Libraries and APIs can be great when used appropriately. But if they’re used in the inner loops, they can have a devastating effect on speed and you won’t know why.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

Oldest dot-com address sits sadly underused 30 years after its historic registration

Someone had to go first, so on March 15, 1985, Lisp computer maker Symbolics, Inc., registered the Internet’s first dot-com address: Symbolics.com.

Someone had to go first, so on March 15, 1985, Lisp computer maker Symbolics, Inc., registered the Internet’s first dot-com address: Symbolics.com.
job searching akamai

The Cambridge-headquartered company went out of business about a decade ago (though remnants live on) and in August 2009 the Symbolics.com address was sold for an undisclosed sum to XF.com Investments, whose CEO Aron Meystedt said in a press release: “For us to own the first domain is very special to our company, and we feel blessed for having the ability to obtain this unique property.”

Today it looks like more of a white elephant than a blessing, what with a largely empty “cityscape” design and a blog that hasn’t been updated in two years. Yet Meystedt remains optimistic, at least outwardly.

“We created the city concept to make browsing the site fun, but it also could grow into a revenue-generating property if we allow advertisers to sponsor elements in the cityscape,” he says.

The design includes clickable elements that reward the visitor with nuggets of information about the Internet, such as: “Gmail first launched on April 1st, 2004. It was widely assumed the service was an April Fools Day joke.”

Not exactly Reddit’s “Today I Learned.”

“As far as traffic, the daily visitors can range from several hundred to several thousand,” Meystedt says. “This usually depends on how well Symbolics.com is circulated on social media or news blogs.”

And that probably picks up around March 15.

The problem here appears obvious: Symbolics.com is not Plymouth Rock; it would appear to be valuable – at least in a business sense – only if you’re running a company called Symbolics.

I asked Meystedt if Symbolics.com might be for sale.

“We have no plans to sell the name at this time.”

Make him an offer.


 

MCTS Training, MCITP Trainnig

Best Microsoft MTA Certification, Microsoft MCTS Training at certkingdom.com

The Big Question Rises How To Become Microsoft, Cisco, ComTIA Certified

The big question rises how to become the Microsoft certified , All Microsoft certifications are acquired by simply taking a series of exams. If you can self-study for said exams, and then pass them, then you can acquire the certification for the mere cost of the exam (and maybe whatever self-study materials you purchase).

You’ll also need, at minimum (in addition to the MCTS), the CompTIA A+, Network+ and Security+ certs; as well as the Cisco CCNA cert.

Microsoft Certified Technology Specialist (MCTS) – This is the basic entry point of Microsoft Certifications. You only need to pass a single certification test to be considered an MCTS and there are numerous different courses and certifications that would grant you this after passing one. If you are shooting for some of the higher certifications that will be discussed below, then you’ll get this on your way there.

Microsoft Certified Professional Developer (MCPD) – This certification was Microsoft’s previous “Developer Certification” meaning that this was the highest certification that was offered that consisted strictly of development-related material. Receiving it involved passing four exams within specific areas (based on the focus of your certification). You can find the complete list of courses and paths required for the MCPD here.

Microsoft Certified Solutions Developer (MCSD) – This is Microsoft’s most recent “Developer Certification” which will replace the MCPD Certification (which is being deprecated / retired in July of 2013). The MCSD focuses within three major areas of very recent Microsoft development technologies and would likely be the best to persue if you wanted to focus on current and emerging skills that will be relevant in the coming years. You can find the complete list of courses and paths required for the MCSD here.

The Microsoft Certifications that you listed are basically all of the major ones within the realm of development. I’ll cover each of the major ones and what they are :

Most people, however, take some kind of course. Some colleges — especially career and some community colleges — offer such courses (though usually they’re non-credit). Other providers of such courses are private… some of them Microsoft Certified vendors of one type or another, who offer the courses in such settings as sitting around a conference table in their offices. Still others specialize in Microsoft certification training, and so have nice classrooms set up in their offices.

There are also some online (and other forms of distance learning) courses to help prepare for the exams.

The cost of taking classes to prepare can vary wildly. Some are actually free (or very nearly so), while others can cost hundreds of dollars. It all just depends on the provider.

And here’s a Google search of MCTS training resources (which can be mind-numbing in their sheer numbers and types, so be careful what you choose):

There are some pretty good, yet relatively inexpensive, ways to get vendor certificate training. Be careful not to sign-up for something expensive and involved when something cheaper — like subscribing to an “all the certificates you care to study for one flat rate” web site — would, in addition to purchasing a study guide or two at a bookstore, likely be better.

If you want a career in IT, then you need to have both an accredited degree in same (preferably a bachelors over an associates), and also a variety of IT certifications. The MCTS is but one that you will need.

You should probably also get the Microsoft MCSE and/or MCSA. The ICS CISSP. And the ITIL.

There are others, but if you have those, you’ll be evidencing a broad range of IT expertise that will be useful, generally. Then, in addition, if the particular IT job in which you end-up requires additional specialist certification, then you can get that, too (hopefully at the expense of your employer who requires it of you).

Then, whenever (if ever) you’re interested in a masters in IT, here’s something really cool of which you should be aware…

There’s a big (and fully-accredited, fully-legitimate) university in Australia which has partnered with Microsoft and several other vendors to structure distance learning degrees which include various certifications; and in which degrees, considerable amounts of credit may be earned simply by acquiring said certifications. It’s WAY cool.

One can, for example, get up to half of the credit toward a Masters degree in information technology by simply getting an MCSE (though the exams which make it up must be certain ones which correspond with the university’s courses). I’ve always said that if one were going to get an MCSE, first consult the web site of this university and make sure that one takes the specific MCSE exams that this school requires so that if ever one later decided to enter said school’s masters program, one will have already earned up to half its degree’s credits by simply having the MCSE under his/her belt. Is that cool, or what?

I wouldn’t rely on them over experience (which is far and away the most valuable asset out there) but they are worth pursuing especially if you don’t feel like you have enough experience and need to demonstrate that you have the necessary skills to land a position as a developer.

If you are going to pursue a certification, I would recommend going after the MCSD (Web Applications Track) as it is a very recent certification that focuses on several emerging technologies that will still be very relevant (if not more-so) in the coming years. You’ll pick up the MCTS along the way and then you’ll have both of those under your belt. MCPD would be very difficult to achieve based on the short time constraints (passing four quite difficult tests within just a few months is feasible, but I don’t believe that it is worth it since it will be “retired” soon after).

No job experience at all is necessary for any of the Microsoft Certifications, you can take them at any time as long as you feel confident enough with the materials of the specific exam you should be fine. The tests are quite difficult by most standards and typically cover large amounts of material, but with what it sounds like a good bit of time to study and prepare you should be fine.

Certifications, in addition to degrees, are so important in the IT field, now, that one may almost no longer get a job in that field without both. The certifications, though, are so important that one who has a little IT experience can get a pretty good job even without a degree as long as he has all the right certs. But don’t do that. Definitely get the degree… and not merely an associates. Get the bachelors in IT; and make sure it’s from a “regionally” accredited school.

Then get the certs I mentioned (being mindful, if you think you’ll ever get an IT masters, to take the specific exams that that Strut masters program requires so that you’ll have already earned up to half the credit just from the certs).

If you already have two years of experience in working in the .NET environment, a certification isn’t going to guarantee that you will get employed, a salary increase or any other bonuses for achieving the honor. However, it can help supplement your resume by indicating that you are familiar with specific technologies enough to apply them in real-world applications to solve problems.

If your ready for career change and looking for Microsoft MCTS Training, Microsoft MCITP Training or any other Microsoft Certification preparation get the best online training from Certkingdom.com they offer all Microsoft, Cisco, Comptia certification exams training in just one Unlimited Life Time Access Pack, included self study training kits including, Q&A, Study Guides, Testing Engines, Videos, Audio, Preparation Labs for over 2000+ exams, save your money on boot camps, training institutes, It’s also save your traveling and time. All training materials are “Guaranteed” to pass your exams and get you certified on the fist attempt, due to best training they become no1 site 2012.

MCTS Training, MCITP Trainnig

Best Microsoft MTA Certification, Microsoft MCTS Training at certkingdom.com

IT certifications that deliver higher pay 2015

Certifications abound in the IT industry, but they are not all equal. To help you find the ones that will result in the most financial gain, twice a year we look at which certifications are poised for the biggest growth.

2015’s Hottest IT Certification
Ever wonder how much that certification is worth? While it’s hard to put a dollar sign on certifications, CompTIA offers some insight in the results from a recent survey.

65 percent of employers use IT certifications to differentiate between equally qualified candidates
72 percent of employers use IT certifications as a requirement for certain job roles
60 percent of organizations often use IT certifications to confirm a candidate’s subject matter knowledge or expertise
66 percent of employers consider IT certifications to be very valuable — a dramatic increase from the 30 percent in 2011

Numbers like these make it hard to discount the validity of certifications. That said, all certifications are not equal, which is why twice a year we look at which certifications are poised for growth over the next six to 12 months. And with 2015 upon us, we turn to Foote Partners and its recently released “IT Skills Demand and Pay Trends Report” to find out which certifications will carry the most weight throughout 2015 in terms of pay and demand.

Methodology:
“The hot list is put together by looking at 3-6-12 month value growth vectors then vetting it via interviews with about 400 CIOs and other decision makers on their skills investment plans for 2015,” says David Foote, chief analyst and research officer with Foote Partners.

“Historical pay premium performance is only one of many factors we consider in forecasting. It is normal in our forecasting that 50 percent or more of the skills showing the most growth in the prior three months and six months do not make our Hot List of skills that we are certain will increase in value in next 6 months,” says Foote.

Citrix Certified Enterprise Engineer for Virtualization
Citrix Systems, a leader in the software virtualization niche, owned 56 percent of the virtualization market as of January 2014. That number highlights why demand and pay premiums for this certification is so strong and expected to grow. However, this certification has been retired as of November 2014, replaced by Citrix Certified Professional – Virtualization (CCP-V).

“The value of this certification is in the confirmed ability of the owner to be able to implement and validate varied Citrix implementations. Strongly recommend for experienced engineers looking to validate their skills and ability to design and support complex implementations,” says Elaine Cheng, CIO at the CFA Institute.

CompTIA Security+
Security should be at the forefront of every CIO’s mind. In fact, pay value for this certification based on Foote Partners data has grown 40 percent over the last 12 months and is expected to continue to rise. “A solid certification that shows an understanding of best practice security approaches across several areas. This is a great second-level certification for the individual wanting to expand into the security aspect of IT,” says Cheng.

GIAC Certified Windows Security Administrator
Although Windows is behind in the mobile game, it still dominates the desktop and the enterprise and Microsoft is making strides towards being more mobile-centric. Combine that with mounting security risks and it’s easy to see why the GIAC Certified Windows Security Administrator should continue to be in demand.

“This is a broad and complex certification that a successful Windows engineer should have. It is in no way an easy exam and truly validates a strong engineer skill set across all aspects of Windows security. Our own engineers have tried for this exam several times. It is challenging and a high bar to meet,” says Cheng.

Certified Computer Examiner
Cybercrime, privacy and data security have been in he headlines over the past couple of years. Many analysts believe that 2015 is the year where organizations are going to spend more of their IT budgets on security. This vendor-neutral certification, open to both law enforcement and non-law enforcement personnel, created by the International Society of Forensic Computer Examiners, is yet another in the field of forensics that is rapidly growing in industry recognition.

AWS Certified SysOps Administrator-Associate (Cloud)
According to a recent ComputerWorld cloud computing is second only to security on the list of areas where CIOs plan to spend their money. Most organizations have deployed or are researching some cloud infrastructure, making it a great area in which to specialize. “This is a great entry-level certification for individuals looking to show an understanding of the Amazon Cloud solution for the IaaS solutions. It should be a recommended certification for any engineer supporting AWS,” says Cheng.

EC-Council Certified Security Analyst
Another security certification makes the list. This is one of the certifications that Foote says will pay off particularly well in 2015.

“In the case of security-related certifications such as CyberSecurity Forensic Analyst and Certified Ethical Hacker, [EC-Council Certified Security Analyst] is a requirement for companies because of the specific nature of the training/knowledge provided throughout the curriculum of the certification itself. Most of the requirements that ask for specific certifications are originated from organizations that must follow Security Compliance guidelines mandated by the government: HIPPA, SOX and PCI-DSS to name a few examples. It definitely makes it tougher for both the company and the recruiting firms from a supply standpoint because there is a higher demand than supply of these certified individuals across the industry,” says Katie Powers, national delivery manager of Network Infrastructure Services with TEKsystems.

Mongo DB Certified DBA
A recent Capegemini survey of 225 companies found that most organizations struggle to get actionable results from their big data initiatives. In fact, only 27 percent of those organizations described their big data initiatives as successful. Don’t be discouraged, however, if a career in big data is what you want. Big data is still growing and an additional fact to come out of the survey is that 60 percent of executives interviewed expect big data will disrupt their business within the next three years.

“With the continued need for security trained resources, explosion of the data and the need for tools and applications to manage and make this valuable for the business, increased consumption of the cloud – the need for structured avenues to train existing resources in new technologies as it relates to these areas has become critical,” says Bhavani Amirthalingam, vice president, NAM Region at Schneider Electric.

Microsoft Certified Solution Developer: Applications Lifecycle Management
MSCDs or Microsoft Certified Solution Developers have passed exams to prove their ability to design and develop business applications using Microsoft’s suite of development tools that are within Microsoft platforms but also extends beyond what would be considered traditional platforms. IT pros who specialize in application lifecycle management help to increase overall efficiency and produce better overall products.

“At Schneider, Oracle and Microsoft technology would be key areas of interest,” says Amirthalingam.

Cisco Certified Design Associate
The CCDA is a vendor-specific certification that teaches students Cisco network design fundamentals. The main focus is on designing basic campus, data center, security, voice and wireless networks. Value/Demand has risen 16.7 percent in the last six months and, according to Foote Partners data, demand will continue to increase throughout 2015.

Certified in the Governance of Enterprise IT
A recent Capegemini survey of 225 companies found that most organizations struggle to get actionable results from their big data initiatives. In fact, only 27 percent of those organizations described their big data initiatives as successful. Don’t be discouraged, however, if a career in big data is what you want. Big data is still growing and an additional fact to come out of the survey is that 60 percent of executives interviewed expect big data will disrupt their business within the next three years.

“With the continued need for security trained resources, explosion of the data and the need for tools and applications to manage and make this valuable for the business, increased consumption of the cloud – the need for structured avenues to train existing resources in new technologies as it relates to these areas has become critical,” says Bhavani Amirthalingam, vice president, NAM Region at Schneider Electric.

Most Recent Additions to Foote Partner’s Hot List
In our most recent conversation with Foote, shortly before publishing this report, he said he was digging deeper into his data and interviewing process and called out these certifications as well, predicting them to be growth areas in 2015.

Below is the most recent data on certifications that just became available.

Lean Six Sigma 0% 7.1% 15.4%


 

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Can the enterprise allow employees to use the public cloud?

The theme today isn’t about enterprise clouds that are my normal topic, but instead, clouds where end users fly. Face it – your users are in their own clouds. Is that a nervous tic I see on your face?

iCloud OwnCloud

Dropbox

Magic sauce

Store my files

Store your files

Store our files

Mix them all together

Stir with random care

You said that file is where?
I find this harrowing. Users face no real way, without a lot of work that they’re disinclined to do or even understand, to know if a personal device’s files will be stored securely in any particular cloud provider’s bin.

There are no standards. No seals of approvals worth spit. Random selection will take place, with a bias towards something your operating system provider conveniently provides.

Or maybe the home machine is a Mac (see: iCloud) and the office machine runs Windows 7, and the phone is an Android. People interchange files frequently from one device to another without thinking about the ramifications of a differing cloud provider. More copies are better, of course, because people want the convenience of just getting their files, photos, music, videos, and yes, work products, on demand. Demand is for now, not hauling out another device, booting it up, waiting for a logon, logging in (too many machines don’t require passwords), maybe a signal, then maneuvering to some deep folder to fetch a file. Convenience rules.

This flies in the face of the hopes, dreams, and practical realities of security officers, policy makers, and IT professionals everywhere. It also explains the successful business model behind every convenience store in the world – time pressure.

There are ways to keep sensitive data from finding its way into someone’s messy cloud cache, ranging from draconian to astute. Much depends on the values an organization imposes on its users. Yes, they have to be based on trust, and yes, people – even organized and thoughtful people – can be messy with data assets.

Sophisticated data loss prevention schemes are in place in some environments. Others force users to logon to virtual sessions and work within the ostensibly safe boundaries of those sessions. Some use sophisticated document or work-product tracking. Others force and use seriously sophisticated, often OS-based, policy controls (ex: Microsoft’s Group Policy Objects) in an effort to impose moats around applications and, hopefully, their data. Swimming moats gets an airborne drone when clipboards are enabled…a trick I’ve had recently demonstrated to me.

Can you implement an approved cloud? How would you judge it? Encryption on the wire in addition to in-storage? Who do you whitelist?

My values, and those of most of my colleagues, say not to allow any organizational data to end up stored in places we don’t control and can’t audit – period, end of page, and job, if we catch you. Like BYOD, I also recognize that users will be users, and policies vary on the issue from draconian (yeah, you’re fired) to “this is our list of approved sites.” Don’t use XY or Z, as they’re unapproved, meaning blacklisting cloud storage.

If you get a chance, tell me which you – or your employer – might approve of, and why, in three sentences or less. You can also say things like: “No Way, I’ll be shot at dawn if I say this, but…” and/or if they would (Upworthy alert) Change This One Thing.


 

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

Google relaxes strict bug disclosure rules after Microsoft grievances

After dust-up between the companies over bug revelations, Google offers 14-day grace period before going public

Google today relaxed its strict 90-day vulnerability disclosure that put it at odds with rival Microsoft last month, saying it would give vendors a 14-day grace period if they promised to fix a flaw within the two-week stretch.

“If a 90-day deadline will expire but a vendor lets us know before the deadline that a patch is scheduled for release on a specific day within 14 days following the deadline, the public disclosure will be delayed until the availability of the patch,” Google’s Project Zero team said today in a blog post.

“Public disclosure of an unpatched issue now only occurs if a deadline will be significantly missed (2 weeks+),” the team added.

Google will also not reveal a vulnerability on weekends and U.S. public holidays, even if the timetable expires on those days.

Although Microsoft welcomed Google’s modifications, it continued to disagree with Project Zero’s patch-or-we-publish attitude. “While it is positive to see aspects of disclosure practices adjust, we disagree with arbitrary deadlines because each security issue is unique and end-to-end update development and testing time varies,” said Chris Betz, senior director of the Microsoft Security Response Center (MSRC), in a statement today. “When finders release proof-of-concept exploit code, or other information publically before a solution is in place, the risk of attacks against customers goes up.”

“These were the right things to do,” said Andrew Storms, vice president of security services at New Context, a San Francisco-based security consultancy, in a Friday interview. “Weekends and holidays are obvious. It’s true that the bad guys never sleep but you have to account for those days. And I like the grace period idea. It shows that Google is communicating with vendors.”

Project Zero is composed of several Google security engineers — including many of its most notable researchers — who investigate not only the company’s own software, but that of other vendors as well. Previously, its policy was to start a 90-day clock when it reported a flaw to an outside vendor, then publicly posted details and sample attack code at the expiration if the vulnerability had not been patched.

Over several weeks starting on Dec. 29 2014, Project Zero revealed numerous bugs in Windows before Microsoft patched them.

That quickly drew the ire of Microsoft. After Project Zero disclosed a Windows vulnerability on Jan. 11 — two days before Microsoft was set to patch it — the latter lashed out.

“We asked Google to work with us to protect customers by withholding details until Tuesday, January 13, when we will be releasing a fix,” said Betz said at the time. “[Google’s] decision feels less like principles and more like a ‘gotcha,’ with customers the ones who may suffer as a result.”
 

MCTS Training, MCITP Trainnig

Best Microsoft MTA Certification, Microsoft 98-375 Training at certkingdom.com

Had the new grace period been in place, some but not all of the Windows vulnerabilities disclosed by Project Zero this year would have been kept under wraps until Microsoft had patched them, including the one Betz was angry about last month.

Some, however, would have still been revealed prior to patching.
One of those vulnerabilities had been reported to Microsoft on Oct. 17, with an expiration date of Jan. 15, when Google automatically unveiled details and proof-of-concept attack code. At the time, Project Zero’s bug tracker asserted that while Microsoft had initially intended to patch the vulnerability on Jan. 13, it pulled the fix “due to compatibility issues” and rescheduled it for the Feb. 10 collection. It was, in fact, patched earlier this week.

A two-week grace would not have helped Microsoft in that case.

But the grace period should answer critics who took Project Zero to task for its hard-liner policy.

“Microsoft is never going to get a fix into the first Patch Tuesday after a report, nor in the second depending on the timing,” said Chet Wisniewski, a security researcher with Sophos, in a January interview. Because of Microsoft’s similar-rigid Patch Tuesday schedule — the second Tuesday of each month — Google’s disclosure deadline could “push right against the deadline almost every time,” Wisniewski argued.

The automated disclosure system also removed the human element, critics said. “Google’s pretty big on things being automated, versus people-driven processes,” pointed out John Pescatore, director of emerging security trends at the SANS Institute, also in a January interview on Project Zero’s approach.

Wisniewski thought there was another reason for the automated disclosure, and the resulting inflexibility.

“If Google made it automatic, then it can’t be accused of being vindictive,” said Wisniewski, referring to previous clashes between Google security engineers and Microsoft, when that charge had been leveled against the former after they revealed bugs without giving Microsoft more than a few days to patch.

Storms saw the grace period as evidence that Google realized the all-automatic disclosure process wasn’t appropriate.

“It’s a ‘gimme,’ as in the vendor saying, ‘Gimme a break, I’m so close to a patch,'” said Storms of the additional time. “You have to consider the goal, which is not to shame people, but to get things fixed. [The grace period] adds a human element to it, which is necessary.”

As of Friday, there were two vulnerabilities on the Project Zero bug tracker that had exceeded the 90-day deadline. Both were for flaws in Adobe’s Reader; Adobe had patched the bugs in December in the Windows version of Reader, but has not yet addressed the same vulnerabilities in the OS X version of the PDF program.

Best Top-Paying and most in demand for Certifications 2014 – 2015

Best Top-Paying and most in demand for Certifications 2014 – 2015

Introduction
It’s always a good idea to take stock of your skills, your pay, and your certifications. To that end, following is a review of 15 of the top-paying certifications for 2014. With each certification, you’ll find the average (mean) salary and a brief description.

Based on the 2014 IT Skills and Salary Survey conducted by Global Knowledge and Penton and completed in October 2013, the rankings below are derived from certifications that received the minimum number of responses to be statistically relevant. Certain certifications pay more but are not represented due to their exclusive nature. Examples include Cisco Certified Internetworking Expert (CCIE) and VMware Certified Design Expert (VCDX). This was a nationwide survey, and variations exist based on where you work, years of experience, and company type (government, non profit, etc.).

1. Certified in Risk and Information Systems Control (CRISC) – $118,253
The non-profit group ISACA offers CRISC certification, much in the way that CompTIA manages the A+ and Network+ certifications. Formerly, “ISACA” stood for Information Systems Audit and Control Association, but now they’ve gone acronym only.

The CRISC certification is designed for IT professionals, project managers, and others whose job it is to identify and manage risks through appropriate Information Systems (IS) controls, covering the entire lifecycle, from design to implementation to ongoing maintenance. It measures two primary areas: risk and IS controls. Similar to the IS control lifecycle, the risk area spans the gamut from identification and assessment of the scope and likelihood of a particular risk to monitoring for it and responding to it if/when it occurs.

Since CRISC’s introduction in 2010, more than 17,000 people worldwide have earned this credential, The demand for people with these skills and the relatively small supply of those who have them result in this being the highest salary for any certification on our list this year.

To obtain CRISC certification, you must have at least three years of experience in at least three of the five areas that the certification covers, and you must pass the exam, which is only offered twice a year. This is not a case where you can just take a class and get certified. Achieving CRISC certification requires effort and years of planning.

2. Certified Information Security Manager (CISM) – $114,844

ISACA also created CISM certification. It’s aimed at management more than the IT professional and focuses on security strategy and assessing the systems and policies in place more than it focuses on the person who actually implements those policies using a particular vendor’s platform.

More than 23,000 people have been certified since its introduction in 2002, making it a highly sought after area with a relatively small supply of certified individuals. In addition, the exam is only offered three times a year in one of approximately 240 locations, making taking the exam more of a challenge than many other certification exams. It also requires at least five years of experience in IS, with at least three of those as a security manager. As with CRISC, requirements for CISM certification demand effort and years of planning.

3. Certified Information Systems Auditor (CISA) – $112,040
The third highest-paying certification is also from ISACA; this one is for IS auditors. CISA certification is ISACA’s oldest, dating back to 1978, with more than 106,000 people certified since its inception. CISA certification requires at least five years of experience in IS auditing, control, or security in addition to passing an exam that is only offered three times per year.

The CISA certification is usually obtained by those whose job responsibilities include auditing, monitoring, controlling, and/or assessing IT and/or business systems. It is designed to test the candidate’s ability to manage vulnerabilities, ensure compliance with standards, and propose controls, processes, and updates to a company’s policies to ensure compliance with accepted IT and business standards.

4. Six Sigma Green Belt – $109,165
Six Sigma is a process of analyzing defects (anything outside a customer’s specifications) in a production (manufacturing) process, with a goal of no more than 3.4 defects per million “opportunities” or chances for a defect to occur. The basic idea is to measure defects, analyze why they occurred, and then fix the issue and repeat. There is a process for improving existing processes and a slightly modified version for new processes or major changes. Motorola pioneered the concept in the mid-1980s, and many companies have since followed their examples to improve quality.

This certification is different from the others in this list, as it is not IT specific. Instead, it is primarily focused on manufacturing and producing better quality products.

There is no organization that owns Six Sigma certification per se, so the specific skills and number of levels of mastery vary depending on which organization or certifying company is used. Still, the entry level is typically Green Belt and the progression is to Black Belt and Master Black Belt. Champions are responsible for Six Sigma projects across the entire organization and report to senior management.

5. Project Management Professional (PMP) – $108,525
The PMP certification was created and is administered by the Project Management Institute (PMI®), and it is the most recognized project management certification available. There are more than half a million active PMPs in 193 countries worldwide.

The PMP certification exam tests five areas relating to the lifecycle of a project: initiating, planning, executing, monitoring and controlling, and closing. PMP certification is for running any kind of project, and it is not specialized into sub types, such as manufacturing, construction, or IT.

To become certified, individuals must have 35 hours of PMP-related training along with 7,500 hours of project management experience (if they have less than a bachelor’s degree) or 4,500 hours of project management experience with a bachelor’s or higher. PMP certification is another that requires years of planning and effort.

6. Certified Scrum Master – $107,396
Another project management-related certification, Certified Scrum Master is focused on software (application) development.

Scrum is a rugby term; it’s a means for restarting a game after a minor rules violation or after the ball is no longer in play (for example, when it goes out of bounds). In software development, Scrum is a project management process that is designed to act in a similar manner for software (application development) projects in which a customer often changes his or her mind during the development process.

In traditional project management, the request to change something impacts the entire project and must be renegotiated-a time-consuming and potentially expensive way to get the changes incorporated. There is also a single project manager.

In Scrum, however, there is not a single project manager. Instead, the team works together to reach the stated goal. The team should be co-located so members may interact frequently, and it should include representatives from all necessary disciplines (developers, product owners, experts in various areas required by the application, etc.).

Where PMP tries to identify everything up front and plan for a way to get the project completed, Scrum takes the approach that the requirements will change during the project lifecycle and that unexpected issues will arise. Rather than holding up the process, Scrum takes the approach that the problem the application is trying to solve will never be completely defined and understood, so team members must do the best they can with the time and budget available and by quickly adapting to change.

So where does the Scrum Master fit in? Also known as a servant-leader, the Scrum Master has two main duties: to protect the team from outside influences that would impede the project (the servant) and to chair the meetings and encourage the team to continually improve (the leader).

Certified Scrum Master certification was created and is managed by the Scrum Alliance and requires the individual to attend a class taught by a certified Scrum trainer and to pass the associated exam.

7. Citrix Certified Enterprise Engineer (CCEE) – $104,240
The CCEE certification is a legacy certification from Citrix that proves expertise in XenApp 6, XenDesktop 5, and XenServer 6 via the Citrix Certified Administrator (CCS) exams for each, the Citrix Certified Advanced Administrator (CCAA) for XenApp 6, and an engineering (advanced implementation-type) exam around implementing, securing, managing, monitoring, and troubleshooting a complete virtualization solution using Citrix products.

Those certified in this area are encouraged to upgrade their certification to the App and Desktop track instead, which focuses on just XenDesktop, taking one exam to become a Citrix Certified Professional – Apps and Desktops (CCP-AD). At this point though, the CCEE is available as long as the exams are available for the older versions of the products listed.

8. Citrix Certified Administrator (CCA) for Citrix NetScaler - $103,904
The CCA for NetScaler certification has been discontinued for NetScaler 9, and those with a current certification are encouraged to upgrade to the new Citrix Certified Professional – Networking (CCP-N). In any case, those with this certification have the ability to implement, manage, and optimize NetScaler networking performance and optimization, including the ability to support app and desktop solutions. As the Citrix certification program is being overhauled, refer to http://training.citrix.com/cms/index.php/certification/ to view the certifications available, upgrade paths, etc.

9. Certified Ethical Hacker (CEH) – $103,822
The International Council of E-Commerce Consultants (EC-Council) created and manages CEH certification. It is designed to test the candidate’s abilities to prod for holes, weaknesses, and vulnerabilities in a company’s network defenses using techniques and methods that hackers employ. The difference between a hacker and a CEH is that a hacker wants to cause damage, steal information, etc., while the CEH wants to fix the deficiencies found. Given the many attacks, the great volume of personal data at risk, and the legal liabilities possible, the need for CEHs is quite high, hence the salaries offered.

10. ITIL v3 Foundation – $97,682
IT Infrastructure Library (ITIL®) was created by England’s government in the 1980s to standardize IT management. It is a set of best practices for aligning the services IT provides with the needs of the organization. It is broad based, covering everything from availability and capacity management to change and incident management, in addition to application and IT operations management.

It is known as a library because it is composed of a set of books. Over the last 30 years, it has become the most widely used framework for IT management in the world. ITIL standards are owned by AXELOS, a joint venture company created by the Cabinet Office on behalf of Her Majesty’s Government in the United Kingdom and Capita plc, but they have authorized partners who provide education, training, and certification. The governing body defined the certification tiers, but they leave it to the accredited partners to develop the training and certification around that framework.

The Foundation certification is the entry-level one and provides a broad-based understanding of the IT lifecycle and the concepts and terminology surrounding it. Anyone wishing for higher-level certifications must have this level first, thus people may have higher certifications and still list this certification in the survey, which may skew the salary somewhat.

For information on ITIL in general, please refer to http://www.itil-officialsite.com/. Exams for certification are run by ITIL-certified examination institutes as previously mentioned; for a list of them, please refer to http://www.itil-officialsite.com/ExaminationInstitutes/ExamInstitutes.aspx.

11. Citrix Certified Administrator (CCA) for Citrix XenServer – $97,578
The CCA for XenServer certification is available for version 6 and is listed as a legacy certification, but Citrix has yet to announce an upgrade path to their new certification structure. Those with a CCA for Citrix XenServer have the ability to install, configure, administer, maintain, and troubleshoot a XenServer deployment, including Provisioning Services. As the Citrix certification program is being overhauled, refer to http://training.citrix.com/cms/index.php/certification/ to view the certifications available, upgrade paths, etc.

12. ITIL Expert Certification – $96,194
The ITIL Expert certification builds on ITIL Foundation certification (see number 10 above). It is interesting that ITIL Expert pays less on average than ITIL Foundation certification. Again, I suspect the salary results may be somewhat skewed depending on the certifications actually held and the fact that everyone who is ITIL certified must be at least ITIL Foundation certified.

To become an ITIL Expert, you must pass the ITIL Foundation exam as well as the capstone exam, Managing Across the Lifecycle. Along the way, you will earn intermediate certifications of your choosing in any combination of the Lifecycle and Capability tracks. You must earn at least 22 credits, of which Foundation accounts for two and the Managing Across the Lifecycle exam counts for five. The other exams count for three each (in the Intermediate Lifecycle track) or four each (in the Intermediate Capability track) and can be earned in any order and combination, though the official guide suggests six recommended options. The guide is available at http://www.itil-officialsite.com/Qualifications/ITILQualificationScheme.aspx by clicking on the English – ITIL Qualification Scheme Brochure link.

13. Cisco Certified Design Associate (CCDA) – $95,602
Cisco’s certification levels are Entry, Associate, Professional, Expert, and Architect. Those who obtain this Associate-level certification are typically network design engineers, technicians, or support technicians. They are expected to design basic campus-type networks and be familiar with routing and switching, security, voice and video, wireless connectivity, and IP (both v4 and v6). They often work as part of a team with those who have higher-level Cisco certifications.

To achieve CCDA certification, you must have earned one of the following: Cisco Certified Entry Networking Technician (CCENT), the lowest-level certification and the foundation for a career in networking); Cisco Certified Network Associate Routing and Switching (CCNA R&S); or any Cisco Certified Internetwork Expert (CCIE), the highest level of certification at Cisco.
You must also pass a single exam.

14. Microsoft Certified Systems Engineer (MCSE) – $95,276
This certification ranked number 14 with an average salary of $95,505 for those who didn’t list an associated Windows version and $94,922 for those who listed MCSE on Windows 2003, for the weighted average of $95,276 listed above.

The Microsoft Certified Systems Engineer is an old certification and is no longer attainable. It has been replaced by the Microsoft Certified Solutions Expert (yes, also MCSE). The Engineer certification was valid for Windows NT 3.51 – 2003, and the new Expert certification is for Windows 2012. There is an upgrade path if you are currently an MCSA or MCITP on Windows 2008. There is no direct upgrade path from the old MCSE to the new MCSE.

15. Citrix Certified Administrator (CCA) for Citrix XenDesktop – $95,094
The CCA for XenDesktop certification is available for versions 4 (in Chinese and Japanese only) and 5 (in many languages including English). Those with a current certification are encouraged to upgrade to the new Citrix Certified Associate – Apps and Desktops (CCA-AD). In any case, those with this certification have the ability to install, administer, and troubleshoot a XenDesktop deployment, including Provisioning Services and the Desktop Delivery Controller as well as XenServer and XenApp. As the Citrix certification program is being overhauled, refer to http://training.citrix.com/cms/index.php/certification/ to view the certifications available, upgrade paths, etc.

Rounding Out the Top 25

A few popular certifications just missed the Top 15 cut due to a low total number of responses or an average (mean) pay just outside the threshold. Due to their popularity, I have included them for informational purposes.

Certification Average Pay
CISSP: Certified Information Systems Security Professional $114,287

MCSE: Microsoft Certified Systems Engineer 2003 $94,922

RHCSA: Red Hat Certified System Administrator $94,802

VCP-DCV: VMware Certified Professional – Data Center Virtualization $94,515

JNCIA: Juniper Networks Certified Internet Associate $94,492

MCTS: Windows Server 2008 Applications Infrastructure Configuration $91,948

MCITP: Enterprise Administrator $91,280

CCNP: Cisco Certified Network Professional $90,833

WCNA: Wireshark Certified Network Analyst $88,716

CCNA R&S: Cisco Certified Network Associ te Routing and Switching $81,308


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCSE Training at certkingdom.com

2014 cyberattack to cost Sony $35M in IT repairs

Boosted by iPhone 6 image sensor demand, Sony said its earnings won’t be greatly affected by the cyberattack

Sony has put an estimate to the damage caused by the massive cyberattack against Sony Pictures Entertainment last year — $35 million.

While Sony said in an earnings report that the hack would cost $15 million “in investigation and remediation costs” for the quarter to Dec. 31, senior general manager Kazuhiko Takeda said Wednesday that the figure would be $35 million for the full fiscal year through March 31.

“The figure primarily covers costs such as those associated with restoring our financial and IT systems,” a spokesman at Sony’s Tokyo headquarters said later via email.

The U.S. Federal Bureau of Investigation held North Korea responsible for the attack, which came ahead of the planned release by Sony of a comedy movie about a plot to assassinate the country’s leader Kim Jong Un.

While the numbers for Sony’s Pictures segment are provisional, the company said Wednesday the damages weighed on the operating profit for the segment, which will be ¥54 billion (US$460 million) for the year ending March 31, up from ¥51.6 billion a year earlier.

“Sony believes that the impact of the cyberattack on its consolidated results for the fiscal year ending March 31, 2015 will not be material,” it said in the earnings report and updated forecasts for the year.

Sony’s other results were a mixed bag. The blockbuster sales of Apple’s iPhone 6 boosted demand for Sony’s image sensors, which power the phone’s camera system. That, combined with demand for PlayStation 4 consoles, encouraged Sony to reduce the net loss it predicts for the year to March 31 to ¥170 billion from the ¥230 it predicted in October. But that’s still worse than the ¥128 billion loss it posted for its previous fiscal year, when it incurred huge costs from exiting its Vaio PC business.

Sony said this week it would ramp up CMOS image sensor production capacity to about 80,000 wafers per month from the current 60,000 to meet smartphone demand.

Even though fourth-quarter sales of its Xperia smartphones rose year on year, Sony said it would cut 2,100 jobs in its struggling mobile communications segment, which will post a net loss of ¥215 billion for its fiscal year to March 31.

“In overall electronics excluding mobile, results are improving due partially to the impact of restructuring,” Chief Financial Officer Kenichiro Yoshida told an investor briefing.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Please don’t use these passwords. Sincerely, the Internet

You may have protected your personal data with strong passwords, but when hackers seize control of other computers, the resulting “botnets” can cause plenty of collateral damage. The depressing part is that one of the biggest holes is the easiest to fix: terrible passwords. SplashData has just released its annual list of the worst ones (gleaned from hacked file dumps), and things haven’t changed much over last year. The most common stolen password is still “123456,” which edged out perennial groaner “password.” Other top picks in the an alphanumeric hall of shame are “12345678,” “qwerty,” “monkey” and new this year, “batman.” According to security expert Mark Burnett, the top 25 (below) represent an eye-popping 2.2 percent of all passwords exposed.

The good news is that fewer people are using bad passwords than in 2013, perhaps thanks to some well-publicized data breaches at Sony, Target and elsewhere. SplashData reminds folks to create passwords with at least eight mixed characters — preferably more — not based on easy-to-brute-force dictionary words. As pointed out by Buffer Open, other methods include pass phrases, mnemonic devices and other memory tricks — including a gem from XKCD. You shouldn’t use the same password on more than one site, so if you have a lot, it’s a good idea to use one of the many password managers out there, like LastPass or SplashID. Those let you access your entire collection of passwords with just a single passphrase — one that had better be a lot stronger than “123456.”

Rank Password Change from 2013

1 123456
2 password
3 12345
4 12345678
5 qwerty
6 123456789
7 1234
8 baseball
9 dragon
10 football
11 1234567
12 monkey
13 letmein
14 abc123
15 111111
16 mustang
17 access
18 shadow
19 master
20 michael
21 superman
22 696969
23 123123
24 batman
25 trustno1


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com