Tag Archives: 2014

Best Top-Paying and most in demand for Certifications 2014 – 2015

Best Top-Paying and most in demand for Certifications 2014 – 2015

Introduction
It’s always a good idea to take stock of your skills, your pay, and your certifications. To that end, following is a review of 15 of the top-paying certifications for 2014. With each certification, you’ll find the average (mean) salary and a brief description.

Based on the 2014 IT Skills and Salary Survey conducted by Global Knowledge and Penton and completed in October 2013, the rankings below are derived from certifications that received the minimum number of responses to be statistically relevant. Certain certifications pay more but are not represented due to their exclusive nature. Examples include Cisco Certified Internetworking Expert (CCIE) and VMware Certified Design Expert (VCDX). This was a nationwide survey, and variations exist based on where you work, years of experience, and company type (government, non profit, etc.).

1. Certified in Risk and Information Systems Control (CRISC) – $118,253
The non-profit group ISACA offers CRISC certification, much in the way that CompTIA manages the A+ and Network+ certifications. Formerly, “ISACA” stood for Information Systems Audit and Control Association, but now they’ve gone acronym only.

The CRISC certification is designed for IT professionals, project managers, and others whose job it is to identify and manage risks through appropriate Information Systems (IS) controls, covering the entire lifecycle, from design to implementation to ongoing maintenance. It measures two primary areas: risk and IS controls. Similar to the IS control lifecycle, the risk area spans the gamut from identification and assessment of the scope and likelihood of a particular risk to monitoring for it and responding to it if/when it occurs.

Since CRISC’s introduction in 2010, more than 17,000 people worldwide have earned this credential, The demand for people with these skills and the relatively small supply of those who have them result in this being the highest salary for any certification on our list this year.

To obtain CRISC certification, you must have at least three years of experience in at least three of the five areas that the certification covers, and you must pass the exam, which is only offered twice a year. This is not a case where you can just take a class and get certified. Achieving CRISC certification requires effort and years of planning.

2. Certified Information Security Manager (CISM) – $114,844

ISACA also created CISM certification. It’s aimed at management more than the IT professional and focuses on security strategy and assessing the systems and policies in place more than it focuses on the person who actually implements those policies using a particular vendor’s platform.

More than 23,000 people have been certified since its introduction in 2002, making it a highly sought after area with a relatively small supply of certified individuals. In addition, the exam is only offered three times a year in one of approximately 240 locations, making taking the exam more of a challenge than many other certification exams. It also requires at least five years of experience in IS, with at least three of those as a security manager. As with CRISC, requirements for CISM certification demand effort and years of planning.

3. Certified Information Systems Auditor (CISA) – $112,040
The third highest-paying certification is also from ISACA; this one is for IS auditors. CISA certification is ISACA’s oldest, dating back to 1978, with more than 106,000 people certified since its inception. CISA certification requires at least five years of experience in IS auditing, control, or security in addition to passing an exam that is only offered three times per year.

The CISA certification is usually obtained by those whose job responsibilities include auditing, monitoring, controlling, and/or assessing IT and/or business systems. It is designed to test the candidate’s ability to manage vulnerabilities, ensure compliance with standards, and propose controls, processes, and updates to a company’s policies to ensure compliance with accepted IT and business standards.

4. Six Sigma Green Belt – $109,165
Six Sigma is a process of analyzing defects (anything outside a customer’s specifications) in a production (manufacturing) process, with a goal of no more than 3.4 defects per million “opportunities” or chances for a defect to occur. The basic idea is to measure defects, analyze why they occurred, and then fix the issue and repeat. There is a process for improving existing processes and a slightly modified version for new processes or major changes. Motorola pioneered the concept in the mid-1980s, and many companies have since followed their examples to improve quality.

This certification is different from the others in this list, as it is not IT specific. Instead, it is primarily focused on manufacturing and producing better quality products.

There is no organization that owns Six Sigma certification per se, so the specific skills and number of levels of mastery vary depending on which organization or certifying company is used. Still, the entry level is typically Green Belt and the progression is to Black Belt and Master Black Belt. Champions are responsible for Six Sigma projects across the entire organization and report to senior management.

5. Project Management Professional (PMP) – $108,525
The PMP certification was created and is administered by the Project Management Institute (PMI®), and it is the most recognized project management certification available. There are more than half a million active PMPs in 193 countries worldwide.

The PMP certification exam tests five areas relating to the lifecycle of a project: initiating, planning, executing, monitoring and controlling, and closing. PMP certification is for running any kind of project, and it is not specialized into sub types, such as manufacturing, construction, or IT.

To become certified, individuals must have 35 hours of PMP-related training along with 7,500 hours of project management experience (if they have less than a bachelor’s degree) or 4,500 hours of project management experience with a bachelor’s or higher. PMP certification is another that requires years of planning and effort.

6. Certified Scrum Master – $107,396
Another project management-related certification, Certified Scrum Master is focused on software (application) development.

Scrum is a rugby term; it’s a means for restarting a game after a minor rules violation or after the ball is no longer in play (for example, when it goes out of bounds). In software development, Scrum is a project management process that is designed to act in a similar manner for software (application development) projects in which a customer often changes his or her mind during the development process.

In traditional project management, the request to change something impacts the entire project and must be renegotiated-a time-consuming and potentially expensive way to get the changes incorporated. There is also a single project manager.

In Scrum, however, there is not a single project manager. Instead, the team works together to reach the stated goal. The team should be co-located so members may interact frequently, and it should include representatives from all necessary disciplines (developers, product owners, experts in various areas required by the application, etc.).

Where PMP tries to identify everything up front and plan for a way to get the project completed, Scrum takes the approach that the requirements will change during the project lifecycle and that unexpected issues will arise. Rather than holding up the process, Scrum takes the approach that the problem the application is trying to solve will never be completely defined and understood, so team members must do the best they can with the time and budget available and by quickly adapting to change.

So where does the Scrum Master fit in? Also known as a servant-leader, the Scrum Master has two main duties: to protect the team from outside influences that would impede the project (the servant) and to chair the meetings and encourage the team to continually improve (the leader).

Certified Scrum Master certification was created and is managed by the Scrum Alliance and requires the individual to attend a class taught by a certified Scrum trainer and to pass the associated exam.

7. Citrix Certified Enterprise Engineer (CCEE) – $104,240
The CCEE certification is a legacy certification from Citrix that proves expertise in XenApp 6, XenDesktop 5, and XenServer 6 via the Citrix Certified Administrator (CCS) exams for each, the Citrix Certified Advanced Administrator (CCAA) for XenApp 6, and an engineering (advanced implementation-type) exam around implementing, securing, managing, monitoring, and troubleshooting a complete virtualization solution using Citrix products.

Those certified in this area are encouraged to upgrade their certification to the App and Desktop track instead, which focuses on just XenDesktop, taking one exam to become a Citrix Certified Professional – Apps and Desktops (CCP-AD). At this point though, the CCEE is available as long as the exams are available for the older versions of the products listed.

8. Citrix Certified Administrator (CCA) for Citrix NetScaler – $103,904
The CCA for NetScaler certification has been discontinued for NetScaler 9, and those with a current certification are encouraged to upgrade to the new Citrix Certified Professional – Networking (CCP-N). In any case, those with this certification have the ability to implement, manage, and optimize NetScaler networking performance and optimization, including the ability to support app and desktop solutions. As the Citrix certification program is being overhauled, refer to https:://training.citrix.com/cms/index.php/certification/ to view the certifications available, upgrade paths, etc.

9. Certified Ethical Hacker (CEH) – $103,822
The International Council of E-Commerce Consultants (EC-Council) created and manages CEH certification. It is designed to test the candidate’s abilities to prod for holes, weaknesses, and vulnerabilities in a company’s network defenses using techniques and methods that hackers employ. The difference between a hacker and a CEH is that a hacker wants to cause damage, steal information, etc., while the CEH wants to fix the deficiencies found. Given the many attacks, the great volume of personal data at risk, and the legal liabilities possible, the need for CEHs is quite high, hence the salaries offered.

10. ITIL v3 Foundation – $97,682
IT Infrastructure Library (ITIL®) was created by England’s government in the 1980s to standardize IT management. It is a set of best practices for aligning the services IT provides with the needs of the organization. It is broad based, covering everything from availability and capacity management to change and incident management, in addition to application and IT operations management.

It is known as a library because it is composed of a set of books. Over the last 30 years, it has become the most widely used framework for IT management in the world. ITIL standards are owned by AXELOS, a joint venture company created by the Cabinet Office on behalf of Her Majesty’s Government in the United Kingdom and Capita plc, but they have authorized partners who provide education, training, and certification. The governing body defined the certification tiers, but they leave it to the accredited partners to develop the training and certification around that framework.

The Foundation certification is the entry-level one and provides a broad-based understanding of the IT lifecycle and the concepts and terminology surrounding it. Anyone wishing for higher-level certifications must have this level first, thus people may have higher certifications and still list this certification in the survey, which may skew the salary somewhat.

For information on ITIL in general, please refer to https:://www.itil-officialsite.com/. Exams for certification are run by ITIL-certified examination institutes as previously mentioned; for a list of them, please refer to https:://www.itil-officialsite.com/ExaminationInstitutes/ExamInstitutes.aspx.

11. Citrix Certified Administrator (CCA) for Citrix XenServer – $97,578
The CCA for XenServer certification is available for version 6 and is listed as a legacy certification, but Citrix has yet to announce an upgrade path to their new certification structure. Those with a CCA for Citrix XenServer have the ability to install, configure, administer, maintain, and troubleshoot a XenServer deployment, including Provisioning Services. As the Citrix certification program is being overhauled, refer to https:://training.citrix.com/cms/index.php/certification/ to view the certifications available, upgrade paths, etc.

12. ITIL Expert Certification – $96,194
The ITIL Expert certification builds on ITIL Foundation certification (see number 10 above). It is interesting that ITIL Expert pays less on average than ITIL Foundation certification. Again, I suspect the salary results may be somewhat skewed depending on the certifications actually held and the fact that everyone who is ITIL certified must be at least ITIL Foundation certified.

To become an ITIL Expert, you must pass the ITIL Foundation exam as well as the capstone exam, Managing Across the Lifecycle. Along the way, you will earn intermediate certifications of your choosing in any combination of the Lifecycle and Capability tracks. You must earn at least 22 credits, of which Foundation accounts for two and the Managing Across the Lifecycle exam counts for five. The other exams count for three each (in the Intermediate Lifecycle track) or four each (in the Intermediate Capability track) and can be earned in any order and combination, though the official guide suggests six recommended options. The guide is available at https:://www.itil-officialsite.com/Qualifications/ITILQualificationScheme.aspx by clicking on the English – ITIL Qualification Scheme Brochure link.

13. Cisco Certified Design Associate (CCDA) – $95,602
Cisco’s certification levels are Entry, Associate, Professional, Expert, and Architect. Those who obtain this Associate-level certification are typically network design engineers, technicians, or support technicians. They are expected to design basic campus-type networks and be familiar with routing and switching, security, voice and video, wireless connectivity, and IP (both v4 and v6). They often work as part of a team with those who have higher-level Cisco certifications.

To achieve CCDA certification, you must have earned one of the following: Cisco Certified Entry Networking Technician (CCENT), the lowest-level certification and the foundation for a career in networking); Cisco Certified Network Associate Routing and Switching (CCNA R&S); or any Cisco Certified Internetwork Expert (CCIE), the highest level of certification at Cisco.
You must also pass a single exam.

14. Microsoft Certified Systems Engineer (MCSE) – $95,276
This certification ranked number 14 with an average salary of $95,505 for those who didn’t list an associated Windows version and $94,922 for those who listed MCSE on Windows 2003, for the weighted average of $95,276 listed above.

The Microsoft Certified Systems Engineer is an old certification and is no longer attainable. It has been replaced by the Microsoft Certified Solutions Expert (yes, also MCSE). The Engineer certification was valid for Windows NT 3.51 – 2003, and the new Expert certification is for Windows 2012. There is an upgrade path if you are currently an MCSA or MCITP on Windows 2008. There is no direct upgrade path from the old MCSE to the new MCSE.

15. Citrix Certified Administrator (CCA) for Citrix XenDesktop – $95,094
The CCA for XenDesktop certification is available for versions 4 (in Chinese and Japanese only) and 5 (in many languages including English). Those with a current certification are encouraged to upgrade to the new Citrix Certified Associate – Apps and Desktops (CCA-AD). In any case, those with this certification have the ability to install, administer, and troubleshoot a XenDesktop deployment, including Provisioning Services and the Desktop Delivery Controller as well as XenServer and XenApp. As the Citrix certification program is being overhauled, refer to https:://training.citrix.com/cms/index.php/certification/ to view the certifications available, upgrade paths, etc.

Rounding Out the Top 25

A few popular certifications just missed the Top 15 cut due to a low total number of responses or an average (mean) pay just outside the threshold. Due to their popularity, I have included them for informational purposes.

Certification Average Pay
CISSP: Certified Information Systems Security Professional $114,287

MCSE: Microsoft Certified Systems Engineer 2003 $94,922

RHCSA: Red Hat Certified System Administrator $94,802

VCP-DCV: VMware Certified Professional – Data Center Virtualization $94,515

JNCIA: Juniper Networks Certified Internet Associate $94,492

MCTS: Windows Server 2008 Applications Infrastructure Configuration $91,948

MCITP: Enterprise Administrator $91,280

CCNP: Cisco Certified Network Professional $90,833

WCNA: Wireshark Certified Network Analyst $88,716

CCNA R&S: Cisco Certified Network Associ te Routing and Switching $81,308


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCSE Training at certkingdom.com

The top infosec issues of 2014

Security experts spot the trends of the year almost past

There is still time for any list of the “top information security issues of 2014” to be rendered obsolete. The holiday shopping season is just getting into high gear, after all, and everybody knows it was from late November to mid-December last year when the catastrophic Target breach occurred.

But this list is about more than attacks and breaches – it is about broader infosec issues or trends that are likely to shape the future of the industry.

Several experts offered CSO some thoughts on their top picks, what can be learned from them and whether that knowledge can help organizations improve their security posture in the coming year.

Cyber threats trump terrorism
An Associated Press story this past week on the federal government’s $10-billion annual effort to secure its multiple agencies noted, almost in passing, that, “intelligence officials say cybersecurity now trumps terrorism as the No. 1 threat to the U.S.”

That makes sense to Sarah Isaacs, managing partner at Conventus. While cyber attacks have been expanding and evolving for decades, Isaacs said there has been a qualitative change: It is not just criminals trying to steal money – it is nation states using it for espionage and even military advantage.

Be sure not to miss:

Free security tools you should try

In May, “the Department of Justice indicted five members of China’s People’s Liberation Army on felony hacking charges for stealing industrial secrets,” she said. “We’ve never seen that before.”

Then in September, “NATO agreed that a cyber-attack could trigger a military event,” she said. “This is about more than protecting credit cards. This is escalating to new levels.”
“Everyone is oversharing everything. The threats are broad and potentially catastrophic.”
sarah isaacs

Sarah Isaacs, managing partner, Conventus
Author, security guru and Co3 Systems CTO Bruce Schneier, would likely agree. In a recent blog post, he wrote that increasingly sophisticated attacks, especially advanced persistent threats (APT) that are not about financial theft, are coming from, “a new sort of attacker, which requires a new threat model.”

There is evidence of that in a recent study by ISACA on APTs. CEO Rob Clyde said 92% of respondents, “feel APTs are a serious threat and have the ability to impact national security and economic stability.”

Clouds – private, public and hybrid – are not new. But the steady increase in the use of cloud storage services is posing larger risks to businesses.

Schneier, in his blog post, said the continuing migration to clouds means, “we’ve lost control of our computing environment. More of our data is held in the cloud by other companies …”

While experts say cloud service providers frequently provide better security, that may not be true of so-called “shadow” or “rogue” use of clouds by workers who believe that is an easier way to do their jobs than going through IT.

Internet of Everything (IoE) – a hacker frontier

The Internet of Things (IoT) is so last year. It is now the IoE. Smart, embedded devices in homes, cars, electronics, machines, and worn by individuals are now mainstream. They already number in the billions, and estimates of their growth range from 50 billion by 2020 to more than a trillion within the next decade.

And that means a growing tsunami of data flowing to the Internet, where it can be sold for marketing purposes or stolen for more malicious means.

Isaacs, who says she is among those who uses an exercise wearable, said she used “dummy data” to register it. “So nobody knows it’s my data,” she said. “It can’t be mapped directly to me.”

In general, however, she said, “everyone is oversharing everything. The threats are broad and potentially catastrophic. I’m very nervous about the smart cars I see.

There does seem to be an increasing awareness of the privacy implications of smart cars. The AP reported this week that 19 automakers that make most of the cars and trucks sold in the U.S. signed on to a set of principles, delivered to the Federal Trade Commission (FTC), that seek to reassure vehicle owners that the information gathered by those vehicles, “won’t be handed over to authorities without a court order, sold to insurance companies or used to bombard them with ads … without their permission.”

The vulnerabilities of “smart” devices to hacking have been demonstrated numerous times, prompting Phil Montgomery, senior vice president of Identiv to call for, “a more regimented standards-based security approach that relies less on outdates processes around username/password technology and more on stronger forms of authentication.”

No parties for third parties
This was the year that the risks of breaches through third-party contractors made it into mainstream consciousness. The Target breach, which exposed 70 million records, was just one of many that came through outside vendors.

Regulatory agencies are trying to maintain that awareness. Stephen Orfei, the new general manager of the Payment Card Industry Security Standards Council (PCI SSC) noted in a recent interview that, “security is only as good as your weakest link – which means the security practices of your business partners should be as high a priority as the integrity of your own systems.”
“Employee negligence was at an all-time high in 2014.”
christine marciano

Christine Marciano, president, Cyber Data-Risk Managers
Christine Marciano, president of Cyber Data-Risk Managers, said that in addition to vetting vendors for rigorous security standards, companies should, “require their vendors to carry and purchase cyber/data breach insurance, to indemnify them for any costs associated with a data breach caused by the vendor’s negligence.”

The porous, sometimes malicious, human OS
While third parties may be a weak link in the security chain, that is less likely due to technology and more due to the human factor.

It was former National Security Agency contractor Edward Snowden who brought the risks of malicious insiders to international attention in 2013, but the danger to enterprises can be just as great from loyal insiders who are simply “clueless or careless,” and fall for social engineering scams.

Joseph Loomis, founder and CEO of CyberSponse, said he is, “sure there are major companies out there with little controls over their employees and their access rights. Who is watching who and what they’re doing?”

It is also about employees controlling themselves when presented with ever-more persuasive social engineering attacks.

The federal government reported earlier this year that 63 percent of the breaches of its systems in 2013 were due to human error.

According to Marciano, “employee negligence was at an all-time high in 2014,” with the problems ranging from, “failure to perform routine security procedures to lack of security awareness, routine mistakes and misconduct.”

Eldon Sprickerhoff, cofounder and chief security strategist at eSentire, noted that, “phishing emails are getting better and better. I’ve seen some that were so well targeted, so well done that I could not tell the difference.”

And it is not just the average worker who is a problem. Identity Finder CEO Todd Feinman said the problem goes all the way to the top. “Many executives don’t know where their sensitive data is so they don’t know how to protect it,” he said.

Ubiquitous BYOD
While BYOD is now mainstream in the workplace, Isaacs calls the increased focus on mobile computing, “very scary, and it’s going to get even worse.”

BYOD is now bringing, “extremely unreliable business applications inside the walls of corporations,” she said. “There are a lot of software vulnerabilities. Every app that is free or 99 cents, probably doesn’t have great level of security. And people don’t install patches either.”

According to Clyde, “there are now many times more mobile devices than PCs in the world. In fact, in many regions of the world, mobile devices are the only way most users connect to the Internet,” yet security remains a relative afterthought.

ISACA found that, “fewer than half (45%) have changed an online password or PIN code.

And now, connected wearable devices (BYOW) are becoming common in the workplace, yet, “a majority of professionals say their BYOD policy does not address wearable tech, and some do not even have a BYOD policy,” Clyde said.

The age of Incident Response (IR)
All of the above issues have led to an increased focus on IR. According to Schneier, this is not just the year but the decade of IR, following a decade of protection products and another of detection products.

In his blog post, he cited three trends: More data held in the cloud and more networks outsourced; more APTs by nation states and; a continuing lack of investment in protection and detection, leaving the bulk of the burden on response.

But IR has been more on everybody’s lips in 2014 than even a couple of years ago. The mantra of security experts is that it is not a matter of if, but when, an organization will be breached, and that an effective IR plan (combined with detection) can make attacks more of a nuisance than a disaster.

Getting IR right is crucial, but Tom Bain, vice president of CounterTack, calls it, “the hardest job in security. You can have all the technology in place to detect, prevent and analyze, but if your workflow is broken, or the team is so inundated with incident investigation, you are still vulnerable,” he said.

More regulation, please
An industry that generally decries government regulation – retail – is now singing the opposite tune when it comes to cyber security.

A Nov. 6 letter signed by 44 state and national organizations representing retailers, addressed to the leaders of both houses of Congress, called for, “a single federal law applying to all breached entities (to) ensure clear, concise and consistent notices to all affected consumers regardless of where they live or where the breach occurs.”

Sprickerhoff said such a law would be, “a good first step. There are 38 states with different definitions of what is a breach, so things are getting a bit out of hand,” he said. “If you had unifying description of what needs to be done, that’s not a bad thing.”

Richard Bejtlich, chief security strategist, FireEye
“I worry that ‘compliance with frameworks’ attracts a lot of attention,” said Richard Bejtlich, chief security strategist at FireEye. “I would prefer that organizations focus on results or outputs, like what was the time from detection to containment?

“Until organizations track those metrics, based on results, they will not really know if their security posture is improving,” he said.

What to do?
There are, of course, no magic bullets in security. Isaacs said, noting that it’s almost impossible to say what is the biggest threat. “I heard a speech where it was described as, “death by a thousand cuts,” she said.

But experts do have suggestions. Sprickerhoff said more training is crucial, not just the security awareness of employees, but the next generation of IT security experts.

“I don’t think it’s ever been harder to find good people in IT security,” he said. “There’s not much in course work at the college level.”

Eyal Firstenberg, vice president research, LightCyber, said improving security is going to take a combination of technology and training.

“There is a need for fast and accurate alerts and notifications, which ultimately determine the outcome of these cyber engagements,” he said, but added that, “organizations need more professional diagnosticians on staff who are trained to know what threats are real and need to be addressed, and which ones aren’t.”

Ashley Hernandez, an instructor for Guidance Software, calls for more communication among organizations. “Security professionals need to have a way to share intelligence about patterns or attack types to others in their industry or trusted security groups,” she said.

Clyde notes that ISACA, “has a number of programs, from risk governance frameworks like COBIT 5 to the Cybersecurity Nexus (CSX), to ensure cybersecurity professionals have the skills they need to defend enterprises from the plethora of threats.”

Finally, Loomis offers a short list:
Improve procurement processes. “It takes too long to buy new tools,” he said.
Start educating your staff on what the DHS and NIST Frameworks really are. Read the MITRE book on the 10 strategies to a world-class SOC.
Stop believing the marketing and get real-world feedback on tools. “Security has put a lot of money into marketing, but that doesn’t mean the solution is right for the organization,” he said.
Run simulations. “When was the last time a company ran a real cyber drill?” he asked.
Stop following paper policy, “Militarizing your team, running drills, making it second nature is what will help the response process, not following a check list,” he said.


 

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

3 Ways Enterprise IT Will Change in 2014

The holiday season is a great time to look back at the year, with an eye toward what we in the ever-changing world of information technology can expect in 2014. These three trends warrant your close attention in the new year.

In Light of NSA Revelations, companies Will Be Wary of the Cloud
For most businesses, 2013 was the year of the cloud. Companies that still hosted their email in house would in large part move that expense and aggravation to someone else. Microsoft SharePoint and other knowledge management solutions could be run in someone else’s datacenter, using someone else’s resources and time to administer, thus freeing your own people to improve other services or, gasp, work directly on enhancing the business.

But then Edward Snowden came around in June and started to release a series of damning leaks about the United States National Security Agency’s capability to eavesdrop on communications. At first, most folks weren’t terribly alarmed. But as the year wore on, the depth of the NSA’s alleged capabilities to tap into communications – both with and without service provider knowledge – started to shake the faith of many CIOs in the risk/benefit tradeoff for moving to cloud services.

For companies in heavily regulated industries, it’s hard to ignore the continued discovery of the depths to which the NSA has the capability to read data both in transit and at rest. Patient privacy records, sensitive financial transactions and any other data that must by law be kept private – is it now considered private? Can you warrant that to your customers? Can you warrant that to your regulators? Can you afford the risk that NSA access to your data represents? Is it even something that you can control, or do you just ignore it and hope for the best? (That is said with no judgment; given the realities of your business, that could very well be a valid strategy.)

How-to: 5 Tips to Keep Your Data Secure on the CloudMore: Who Can Pry Into Your Cloud-based Data?
In 2014, we’ll see a continued analysis of just what services make sense in the cloud, but some old cherished low-hanging fruit, like email and collaboration, will no longer be considered “easy wins” because of these continuing allegations. Perhaps the cloud will not be the default choice going forward but, rather, a choice made after careful study of the environment, using these PRISM leaks as one important bit of context.

Microsoft’s CEO Search Will Define the Future of Their Products in Your Organization
The biggest story of the first part of 2014 will undoubtedly be Microsofts selection for only its third CEO in its history. This job is one of the most important positions in the technology industry; who is selected, and what he or she does in her first 100 days, will set the tone for the next five to 10 years.

Reports as of the Monday morning after Thanksgiving 2013 suggest that the Microsoft board of directors has narrowed its potential selections to two: Satya Nadella, the current chief of servers and tooling at the company, and outsider Alan Mulally, who currently is in charge of the Ford Motor Company and is widely credited for executing a fantastic turnaround of operations, profits, and shareholder return after joining the company from Boeing, a corporate neighbor of Microsoft. ( Mulally denies he’s interested in the Microsoft job, only heightening speculation.)

There are two main questions surrounding both the choice of chief executive and the immediate moves he makes in the first part of his tenure.

Will the new CEO continue the remake of Microsoft into a devices and services organization?
Steve Ballmer, the company’s current CEO, has tried to convert the software company into an organization that makes a variety of devices, such as tablets and phones, which connect to services that Microsoft runs. This has been done both to make those devices more rich and useful for the end user but also to monetize that usage through enhanced upgrade services, advertising revenue and subscription profits.

Of course, this represents a big switch from Microsoft’s traditional “pay us for the right to use this software in perpetuity” practice that propelled the business to its current height. Many investors and customers wonder if this transformation is beneficial to them. Will the new CEO elect to continue this transformation and carry on the vision of Steve Ballmer even after his departure? Or will the new CEO put pause on the progress and take a few months to assess whether that transformation is good for both Microsoft and its customers? The answers will have a big impact on the role Microsoft software and technology plays within your own business.

Will the cloud still be a huge focus of the company?
Will the continued preference of developing for Microsoft’ cloud-based services versus its traditional on-premises software erode the trust of corporate customers who still have significant investments in their existing on premises licenses?

Related: Why Microsoft SharePoint Faces a Challenging Future
Nowhere is this tension more evident than in the Exchange community, where Exchange Server 2013 customers feel as if they are a distant second cousin to the Office 365 subscription data center environment. Complaints abound, from poor patch quality to irregular updates to features arriving in Office 365 but not Exchange Server 2013 for some time. These on-premises customers, paying many thousands of dollars for their combined server and client access license fees, feel shafted on their investment. Will this tension bleed over into other areas? Is the Exchange model the new model, warts and all, for the company’s cloud focus? This is a trend to watch in 2014.

The Role of the Cloud Broker Will Emerge in 2014
Whatever Microsoft does and whatever the revelations about the NSA’s PRISM program mean for your business, the continued push around consumerization will mean more cloud services for your organization, not fewer. PRISM might eliminate email and other line of business data from being considered in a move to the cloud – but other, less sensitive data can still be stored in the cloud. The corporate IT department can take advantage of a number of cloud businesses that are designed to save money and lower the cost of access to data while revealing new insights and workflows that may not have been feasible for your organization before.

Blog: Dirty Secrets of Dropbox, Google Drive and Other Cloud Storage ServicesAlso: How to Find the Cloud Storage Service That’s Right for You
In 2014 that the cloud broker or cloud solution provider position will really come into its own and begin bearing fruit. Vendor neutral, pay-for-service cloud brokers will be able to consult on your situation and recommend both a provider and a strategy for making use of that provider’s products and services for any given task or workload.

IT departments will be in the drivers’ seats, able to really sit down with a knowledgeable set of professionals and figure out exactly what solution and what model works best. The cloud broker role will be best placed to help the furthering of the IT organization’s transformation from a cost center to a place where new revenues and profits are generated – an additional trend to watch in 2014.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

18 Hot IT Certifications for 2014

For years premium pay for IT certifications has been on the decline, but top pay for IT certifications has increased for two consecutive quarters and is up 1.5 percent; the largest quarterly increase since 2006. Read along as we look at the IT certifications predicted to grow in early 2014.

18 Hot IT Certifications for 2014
Foote Partners just released the November update to their quarterly report, the 2013 IT Skills Demand and Pay Trends Report in which they look at both certified and non-certified IT skills, 641 in all. They use what David Foote, founder and CEO of Foote Partners, refers to as, “a specialized methodology for collecting, and validating compensation data for workers with identical jobs titles that need to be differentiated pay-wise for specific IT and tech skills they possess.”

There are some surprising changes to the market over the last two quarters. The certified skills that seem to be flourishing the most fall into the architecture, engineer, security and database categories.


Certified in Risk and Information Systems Control (CRISC)
Premium pay for this ISACA certification has risen 9.1 percent in the last three- and six-month periods. In general, IT certifications from ISACA tend to center on IT governance. Originally offered in 2010, this certification focuses specifically on risk management. “The CRISC is awarded to those experienced in business and technology risk management, and the design, implementation, monitoring and maintenance of IS control,” according to CRISC.

Vendor: ISACA
Certification: Certified in Risk and Information Systems Control (CRISC)

Prerequisites:

A minimum of three years of cumulative work experience executing the tasks of a CRISC pro across at least three CRISC domains.
Take and pass the CRISC exam
Adhere to the ISACA Code of Professional Ethics
Meet the terms of CRISC Continuing Education…


CWNP Certified Wireless Security Professional
Wireless security is hot, according to Foote, who goes on to say, “CWNP is a really small company and for them to be on this list is a headline.” This wireless security certification has been riding high. Premium pay is up 35 percent over the last 12 months, 28 percent in the last six months and 20 percent in the last three months, making it a marketable bullet point on your resume.

This advanced certification teaches individuals how to securely set up and run enterprise wireless LAN.

Vendor: CWNP
Certification: Certified Wireless Security Professional

Prerequisite:

To earn the CWSP certification, you must pass two exams


CWNP/Certified Wireless Network Expert
Here is another CWNP certification that is seeing a huge spike in premium pay. Value/demand for this role is up 42 percent in the last 12 months, 37.3 percent in the last six months and 30 percent in the three months.

This is the highest level of certification offered by CWNP. Recipients should have a mastery of skills relating to the installation, configuration, troubleshooting of enterprise Wi-Fi networks.

Vendor: CWNP
Certification: Certified Wireless Network Expert

Prerequisite:

Valid and current CWSP, CWAP and CWDP certifications (requires CWNA).
Three years of documented enterprise Wi-Fi implementation experience.
Three professional endorsements.
Two other current, valid professional networking certifications.
Documentation of three enterprise Wi-Fi (500 word essays.)
Re-certification every three years.


GIAC Certified Forensics Analyst (GCFA)
This intermediate forensics certification is targeting individuals in the information security, incident response and computer forensics field who focus on only Windows and Linux operating systems. Value/demand for this role has climbed an impressive 16.7 percent in the last 12 months.

Vendor: GIAC
Certification: Certified Forensics Analyst (GCFA)

Prerequisite:

One proctored exam
115 questions
Time limit of three hours
Minimum Passing Score of 69 percent

*No Specific training is required for any GIAC certification.


HP/Accredited Solutions Certification
Each of these HP certifications has seen gains of at least 9 percent over the last two quarters and Foote Partners is predicting that this trend will continue for at least the next three-six months. There are a number of different certifications offered.

Vendor: HP
Certification:
HP/Accredited Solutions Expert (ASE – all)
HP/Master Accredited Solutions Expert (MASE – all)
HP/Master Accredited Systems Engineer (Master ASE)

Prerequisite:
You can download the different HP certification paths here


Information Systems Security Engineering Professional (ISSEP/CISSP)
Developed with input from the NSA, this vendor-neutral security certification is about integrating security into all forms of information systems applications and projects. In a recent interview David Foote, the CEO mentioned that employers are paying less for security in a time where security is at the forefront, an interesting trend an keep an eye on.

Demand/pay premium has risen 8.3 percent in the last 12 months, 30 percent in the last six months and 18.2 percent in the last three months.

Vendor: ISC2
Certification: Information Systems Security Engineering Professional (ISSEP/CISSP)

Prerequisite:
There are several prerequisites for these IT security certifications.


Microsoft Certified Architect (MCA)
Microsoft announced in late August that this certification and others would be retired as of December 31 with no clear replacements, angering many people who are current or on the path to Microsoft’s highest level IT certifications. We reached out to Microsoft and was told that the program was too costly and time consuming for both MCSM candidates and Microsoft. They are now investigating future ways to make this program more scalable.

With that said, premium pay for this cert rose more than 10 percent in the last quarter and will likely continue to do so, according to Foote Partners.

Vendor: Microsoft
Certification: Microsoft Certified Architect (MCA)


Microsoft Certified Solutions Master (all)
This is another elite Microsoft certification that is being retired December 31st with no clear successor. However, employers are still willing to pay extra for these certifications. Individuals with this certification, according to Microsoft, have the deepest level of product expertise.

Here is Microsoft official statement on why the certifications are being retired: “The IT industry is changing rapidly and we will continue to evaluate the certification and training needs of the industry to determine what the right certification is for the pinnacle of our program.”

Vendor: Microsoft
Certification: Microsoft Certified Solutions Master (all)


Open Group Certified Architect (Open CA)
Currently, this vendor-neutral certification is focused squarely on IT architecture, but according to the Open Group website, the plan is to incorporate more business and enterprise architecture into the programs. Employers have paid a premium of 16.7 percent over the last 12 months to individuals with this certification under their belt.

Vendor: Open Group
Certification: Open Group Certified Architect (Open CA)

Prerequisite:
The program is based upon four key documents:

The Certification Policy, which sets out the policies and processes by which an individual may achieve certification.
The Conformance Requirements, in which the skills and experience that a Certified Architect must possess are documented
The Accreditation Requirements

Conformance requirements for the Open Ca program can be found here


Open Group Master Architect
Another vendor-neutral certification from the Open Group, this is the 2nd level of architect certification it offers. Business and enterprise architect certifications are in development but currently the focus is on IT architecture.

Premium pay for this architect certification is up 14.3 percent in the last 12 months and is forecasted to grow in the next three-six months.

Vendor: Open Group
Certification: Open Group Master Architect

Prerequisite:
Candidates must meet experience and skills requirements, Certification Policy, either from the Open Group or an ACP.

The Open Group Certified Architect (Open CA) program requires candidates to submit a comprehensive certification package detailing their skills and experience gained on working on architecture related projects, followed by a rigorous peer review process.


Oracle Certified Expert MySQL 5.1 Cluster Database Administrator
This certification was formerly known as MySQL Cluster Database Administrator (SCMCDBA). IT pros with his certification are experts at administrating designing, deploying, configuring and maintaining databases that utilize MySQL cluster technology and they are in demand in the enterprise according to Foote Partners 2013 IT Skills Demand and Pay Trends Report. Premium pay for this certification is up a 37.5 percent over the last 12 months.

Vendor: Oracle
Certification: Oracle Certified Expert MySQL 5.1 Cluster Database Administrator

Prerequisite:
You must have one of the certifications below first:

Oracle Certified Professional, MySQL 5 Database Administrator

OR

Sun Certified MySQL Database Administrator (SCMDBA)
Then you need to pass the exam


Oracle Certified Professional MySQL 5 Database Administrator
IT pros awarded this IT certification have mastered all Oracle server related issues. Premium pay/demand for this certification is up 12.5 percent over the last six months.

Vendor: Oracle
Certification: Oracle Certified Professional MySQL 5 Database Administrator

Prerequisite:
You must pass these two exams to get certified:
1Z0-873 MySQL 5 Database Administrator Certified Professional Exam, Part I
1Z0-874 MySQL 5 Database Administrator Certified Professional Exam, Part II


Oracle Database Administrator Certified Master
Oracle’s master level certification has risen 8.3 percent in value/demand over the last 12 months. Database certifications are another area that, according to Foote, is a headline. These certifications have been declining for years but recently the pay premium for them has risen. “What’s driving this is not the relational database stuff but the non-relational database stuff. It’s the NoSQL stuff. We’re seeing a lot of spending in data analytics, but we don’t see companies getting a lot out of it,” says Foote.

Vendor: Oracle
Certification: Oracle Database Administrator Certified Master

Prerequisite:
There are several paths to this certification.


PMI Risk Management Professional
The PMI-RMP certification ensures that the holders are capable risk management professionals schooled in international best practices for managing project and operational risks. Premium pay for this certification has risen 9.1 percent over the last year.

Vendor: PMI
Certification: PMI Risk Management Professional

Prerequisite:
A secondary degree (high school diploma, associate’s degree or the global equivalent), with at least 4,500 hours of project risk management experience and 40 hours of project risk management education.

or

A four-year degree (bachelor’s degree or the global equivalent), with at least 3,000 hours of project risk management experience and 30 hours of project risk management education.


Program Management Professional (PgMP)
The vendor-neutral program management professional certification from PMI is a way to demonstrate your ability to oversee several projects and programs. Premium pay is up 7.7 percent in the last 12 months and is expected to continue upward, according to Foote Partners research.

Vendor: PMI
Certification: Program Management Professional (PgMP)

Prerequisite:
A secondary degree (high school diploma, associate’s degree, or the global equivalent), with at least four years (6,000 hours) of project management experience and seven years (10,500 hours) of program management experience.

or

A four-year degree (bachelor’s degree or the global equivalent), with at least four years (6,000 hours) of project management experience and four years (6,000 hours) of program management experience.


Program Management Professional (PgMP)
The vendor-neutral program management professional certification from PMI is a way to demonstrate your ability to oversee several projects and programs. Premium pay is up 7.7 percent in the last 12 months and is expected to continue upward, according to Foote Partners research.

Vendor: PMI


Red Hat Certified Architect (RHCA)
The RHCA is Red Hat’s highest level of certification and recipients must hold the RHCE as a prerequisite. From deployment to systems management in larger enterprise environments this is the top tier. This certification has grown 25 percent in the last three months and is expected to trend upward in the next 3 to 6 months according to Foote Partners.

Vendor: RedHat
Certification: Red Hat Certified Architect (RHCA)

Prerequisite:
RHCE certification must be current in order to be eligible.
Earn the following Red Hat Certificates of Expertise:
Deployment and Systems Management
Directory Services and Authentication or Red Hat Certified Virtualization Administrator
Clustering and Storage Management
Security: Network Services or Red Hat Certificate of Expertise in Server Hardening
Performance Tuning


Teradata: Certified Enterprise Architect
Premium Pay for this architect certification is up 11.1 percent over the last 12 months. It’s made gains in the last three quarters and is expected to continue to grow. IT pros with this advanced certification will have an advanced knowledge of Teradata fundamentals such as SQL, design and implementation. It’s associated with data warehousing and big data.

Vendor: Teradata
Certification: 12 Certified Enterprise Architect

Prerequisite:
Candidate must currently hold one of the certifications below.
Teradata 12 Certified Technical Specialist
Teradata 12 Certified Database Administrator
Teradata Certified Solutions Developer
Teradata 12 Certified Enterprise Architect
Candidate must be in good standing with the TCPP program and not have violated security policies and procedures on the previous certification track.

MCTS Training, MCITP Trainnig