Six entry-level cybersecurity job seeker failings

Here’s how many cybersecurity entry-level job seekers fail to make a great first impression.

When it comes to hiring, enterprise security teams can use all of the help that they can rally. But when it comes to hiring entry-level talent, that’s not as easy as it may seem.

According to a poll last summer of 1,000 18–26 year olds conducted by Zogby Analytics and underwritten by Raytheon, about 40 percent of Millennials reported they would like to enter a career that makes the Internet safer, but roughly two-thirds of them said they aren’t sure exactly what the cybersecurity profession is, and 64 percent said that they did not have access to the classes necessary to build the skills required for a career in information security.

That means, at least when it comes to the entry-level information security market, that there will be many job applicants continuing to enter the field with backgrounds that lack formal information security training. This echoes what we hear when we speak with CISOs and others who often hire security talent.

With all of this in mind, we recently reached out to those CISOs to see if there was a common thread of mistakes among information security career newcomers who are in the job market. Here’s what we found:

1. Fail to show oneself as a team player
Sounds like a no-brainer, right? But it’s not. Many of the hiring executives we spoke with say that personality can – and often does – trump technical assets. This is especially true as more and more information security roles interface with the rest of the business. It’s essential that applicants be themselves – amiable, articulate, and able to prove that they can work with different areas within the organization.

2. Sell one’s self as a jack-of-all-trades
“Entry level applicants across almost all verticals of information security make the mistake of trying to be a one-size-fits-all candidate,” says Boris Sverdlik, head of security at Oscar Insurance. “Security is broken up across many verticals and even among those who are experienced, it’s almost impossible to be well versed in all aspects,” he says. “The most annoying candidate is the arrogant know-it-all,” says Brian Martin, founder atDigital Trust, LLC. “I don’t mind arrogance when it’s earned, but not in a kid who’s never been tested. In cases where we’ve tried to work with these types, it hasn’t ended well.”

If you have interests in many skills in information security, highlight a couple that best meet the needs of the organization.

3. Falling flat on job search and interviewing basics
For many CISOs, such as Martin Fisher, manager of IT security at Northside Hospital, it is common for potential hires to harm themselves by flunking the basics of job seeking. “On resumes, misspell HIPAA, and I’ll toss the resume,” Fisher says. He also says that he too often encounters typos, punctuation errors, and resumes laden with information that’s not relevant to the role being offered.
INSIDER: 15 ways to screw up a job interview

Mike Kearn, principal security architect at US Bank, cited what job seekers don’t do when it comes to the basics of interviewing. “When I offer them an opportunity near the end of the interview to ask me anything, and I emphasize the word ‘anything,’ the majority ask me softball kinds of questions about culture or why I like working there. Missed opportunity on their part,” he says.

4. Believe certifications and degrees matter more than practical skills
“Many think that I care more about their degree or certifications than actual skills,” Kearn says, while others are under the misguided assumption that a degree or a certification equals a job. It doesn’t.”

Likewise, many entry-level applicants think technology is the hammer to squash every security risk nail. “Too many think that the solution to most problems is a technology control, rather than people and processes,” says Eric Cowperthwaite, former CISO for Providence Health and Services and currently advanced security and strategy VP at Core Security Inc.

Ben Rothke, senior eGRC consultant at Nettitude Group and former CISO, agrees. “The technology tools they have experience with are the definitive techniques for approaching information security. Not every security problem can be fixed by a firewall or IDS,” says Rothke.

5. Stretch the truth
This one certainly isn’t exclusive to information security, but it is especially silly to try to pull this off on experience security professionals who tend to be a suspicious bunch by nature. “You’ll notice that they tend to exaggerate their experience to impress hiring managers; some range from slight fibs to full-blown lies,” says Sverdlik.
Have you ever caught a candidate in a lie?

Yes, but yet they continued with the charadeYes, and they admitted to it No VoteView

Kearn concurs: “A lot of them attempt to inflate or enhance their resume by saying they know someone and are connected via LinkedIn. But when I press them on it, because I actually know the individual personally, they cave almost immediately.”

6. Don’t understand the highly interpersonal nature of infosec
Many entry-level applications come from workers in small businesses, and they are not prepared for or don’t seem to understand how large enterprises function. That’s fine, and part of the learning process for new professionals – but keep an open and learning mindset when it comes to practicing information security at a larger enterprise. “A lot of people have expressed ways to do business that simply won’t work in a large enterprise. Typically, the person would be very direct toward people who want an exception to security policy, avoid collaboration, avoid discovering why the person wants the exception, and just dictate behavior,” says Cowperthwaite.

“They often don’t realize that their excitement and sometimes irrational exuberance around all things information security is not shared by most people in the organization,” Rothke says.

In the end, perhaps the most important thing is to be one’s self. “Show that you have a passion for security, be it examining logs, performing code review or risk assessments, or even administering security appliances. If you are good at critical thinking and have a good technical background, learning the rest is easy,” says Sverdlik.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at

7 timeless lessons of programming ‘graybeards’

Heed the wisdom of your programming elders, or suffer the consequences of fundamentally flawed code

In one episode 1.06 of the HBO series “Silicon Valley,” Richard, the founder of a startup, gets into a bind and turns for help to a boy who looks 13 or 14.

The boy genius takes one look at Richard and says, “I thought you’d be younger. What are you, 25?”

“26,” Richard replies.


The software industry venerates the young. If you have a family, you’re too old to code. If you’re pushing 30 or even 25, you’re already over the hill.

Alas, the whippersnappers aren’t always the best solution. While their brains are full of details about the latest, trendiest architectures, frameworks, and stacks, they lack fundamental experience with how software really works and doesn’t. These experiences come only after many lost weeks of frustration borne of weird and inexplicable bugs.

Like the viewers of “Silicon Valley,” who by the end of episode 1.06 get the satisfaction of watching the boy genius crash and burn, many of us programming graybeards enjoy a wee bit of schadenfraude when those who have ignored us for being “past our prime” end up with a flaming pile of code simply because they didn’t listen to their programming elders.
ALSO ON NETWORK WORLD: How to lure tech talent with employee benefits, perks

In the spirit of sharing or to simply wag a wise finger at the young folks once again, here are several lessons that can’t be learned by jumping on the latest hype train for a few weeks. They are known only to geezers who need two hexadecimal digits to write their age.
Memory matters

It wasn’t so long ago that computer RAM was measured in megabytes not gigabytes. When I built my first computer (a Sol-20), it was measured in kilobytes. There were about 64 RAM chips on that board and each had about 18 pins. I don’t recall the exact number, but I remember soldering every last one of them myself. When I messed up, I had to resolder until the memory test passed.

When you jump through hoops like that for RAM, you learn to treat it like gold. Kids today allocate RAM left and right. They leave pointers dangling and don’t clean up their data structures because memory seems cheap. They know they click on a button and the hypervisor adds another 16GB to the cloud instance. Why should anyone programming today care about RAM when Amazon will rent you an instance with 244GB?

But there’s always a limit to what the garbage collector will do, exactly as there’s a limit to how many times a parent will clean up your room. You can allocate a big heap, but eventually you need to clean up the memory. If you’re wasteful and run through RAM like tissues in flu season, the garbage collector could seize up grinding through that 244GB.

Then there’s the danger of virtual memory. Your software will run 100 to 1,000 times slower if the computer runs out of RAM and starts swapping out to disk. Virtual memory is great in theory, but slower than sludge in practice. Programmers today need to recognize that RAM is still precious. If they don’t, the software that runs quickly during development will slow to a crawl when the crowds show up. Your work simply won’t scale. These days, everything is about being able to scale. Manage your memory before your software or service falls apart.

The marketing folks selling the cloud like to pretend the cloud is a kind of computing heaven where angels move data with a blink. If you want to store your data, they’re ready to sell you a simple Web service that will provide permanent, backed-up storage and you won’t need to ever worry about it.

They may be right in that you might not need to worry about it, but you’ll certainly need to wait for it. All traffic in and out of computers takes time. Computer networks are drastically slower than the traffic between the CPU and the local disk drive.

Programming graybeards grew up in a time when the Internet didn’t exist. FidoNet would route your message by dialing up another computer that might be closer to the destination. Your data would take days to make its way across the country, squawking and whistling through modems along the way. This painful experience taught them that the right solution is to perform as much computation as you can locally and write to a distant Web service only when everything is as small and final as possible. Today’s programmers can take a tip from these hard-earned lessons of the past by knowing, like the programming graybeards, that the promises of cloud storage are dangerous and should be avoided until the last possible millisecond.
Compilers have bugs

When things go haywire, the problem more often than not resides in our code. We forgot to initialize something, or we forgot to check for a null pointer. Whatever the specific reason, every programmer knows, when our software falls over, it’s our own dumb mistake — period.

As it turns out, the most maddening errors aren’t our fault. Sometimes the blame lies squarely on the compiler or the interpreter. While compilers and interpreters are relatively stable, they’re not perfect. The stability of today’s compilers and interpreters has been hard-earned. Unfortunately, taking this stability for granted has become the norm.

It’s important to remember they too can be wrong and consider this when debugging the code. If you don’t know it could be the compiler’s fault, you can spend days or weeks pulling out your hair. Old programmers learned long ago that sometimes the best route for debugging an issue involves testing not our code but our tools. If you put implicit trust in the compiler and give no thought to the computations it is making to render your code, you can spend days or weeks pulling out your hair in search of a bug in your work that doesn’t exist. The young kids, alas, will learn this soon enough.

Long ago, I heard that IBM did a study on usability and found that people’s minds will start to wander after 100 milliseconds. Is it true? I asked a search engine, but the Internet hung and I forgot to try again.

Anyone who ever used IBM’s old green-screen apps hooked up to an IBM mainframe knows that IBM built its machines as if this 100-millisecond mind-wandering threshold was a fact hard-wired in our brains. They fretted over the I/O circuitry. When they sold the mainframes, they issued spec sheets that counted how many I/O channels were in the box, in the same way car manufacturers count cylinders in the engines. Sure, the machines crashed, exactly like modern ones, but when they ran smoothly, the data flew out of these channels directly to the users.

I have witnessed at least one programming whippersnapper defend a new AJAX-heavy project that was bogged down by too many JavaScript libraries and data flowing to the browser. It’s not fair, they often retort, to compare their slow-as-sludge innovations with the old green-screen terminals that they have replaced. The rest of the company should stop complaining. After all, we have better graphics and more colors in our apps. It’s true — the cool, CSS-enabled everything looks great, but users hate it because it’s slow.
The real Web is never as fast as the office network

Modern websites can be time pigs. It can often take several seconds for the megabytes of JavaScript libraries to arrive. Then the browser has to push these multilayered megabytes through a JIT compiler. If we could add up all of the time the world spends recompiling jQuery, it could be thousands or even millions of years.

This is an easy mistake for programmers who are in love with browser-based tools that employ AJAX everywhere. It all looks great in the demo at the office. After all, the server is usually on the desk back in the cubicle. Sometimes the “server” is running on localhost. Of course, the files arrive with the snap of a finger and everything looks great, even when the boss tests it from the corner office.

But the users on a DSL line or at the end of a cellular connection routed through an overloaded tower? They’re still waiting for the libraries to arrive. When it doesn’t arrive in a few milliseconds, they’re off to some article on TMZ.

On one project, I ran into trouble with an issue exactly like Richard in “Silicon Valley” and I turned to someone below the drinking age who knew Greasemonkey backward and forward. He rewrote our code and sent it back. After reading through the changes, I realized he had made it look more elegant but the algorithmic complexity went from O(n) to O(n^2). He was sticking data in a list in order to match things. It looked pretty, but it would get very slow as n got large.

Algorithm complexity is one thing that college courses in computer science do well. Alas, many high school kids haven’t picked this up while teaching themselves Ruby or CoffeeScript in a weekend. Complexity analysis may seem abstruse and theoretical, but it can make a big difference as projects scale. Everything looks great when n is small. Exactly as code can run quickly when there’s enough memory, bad algorithms can look zippy in testing. But when the users multiply, it’s a nightmare to wait on an algorithm that takes O(n^2) or, even worse, O(n^3).

When I asked our boy genius whether he meant to turn the matching process into a quadratic algorithm, he scratched his head. He wasn’t sure what we were talking about. After we replaced his list with a hash table, all was well again. He’s probably old enough to understand by now.
Libraries can suck

The people who write libraries don’t always have your best interest at heart. They’re trying to help, but they’re often building something for the world, not your pesky little problem. They often end up building a Swiss Army knife that can handle many different versions of the problem, not something optimized for your issue. That’s good engineering and great coding, but it can be slow.

If you’re not paying attention, libraries can drag your code into a slow swamp and you won’t even know it. I once had a young programmer mock my code because I wrote 10 lines to pick characters out of a string.

“I can do that with a regular expression and one line of code,” he boasted. “Ten-to-one improvement.” He didn’t consider the way that his one line of code would parse and reparse that regular expression every single time it was called. He simply thought he was writing one line of code and I was writing 10.

Libraries and APIs can be great when used appropriately. But if they’re used in the inner loops, they can have a devastating effect on speed and you won’t know why.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at


70-461 Querying Microsoft SQL Server 2012

You use Microsoft SQL Server 2012 to develop a database application. You create a table by using
the following definition:
ActualPrice NUMERIC(16,9),
PredictedPrice NUMERIC(16,9)
You need to create a computed column based on a user-defined function named udf_price_index.
You also need to ensure that the column supports an index. Which three Transact-SQL statements
should you use? (To answer, move the appropriate SQL statements from the list of statements to
the answer area and arrange them in the correct order.)
Build List and Reorder:


You use Microsoft SQL Server 2012 to develop a database that has two tables named Div1Cust and
Div2Cust. Each table has columns named DivisionID and CustomerId . None of the rows in Div1Cust
exist in Div2Cust. You need to write a query that meets the following requirements:
* The rows in Div1Cust must be combined with the rows in Div2Cust.
* The result set must have columns named Division and Customer.
* Duplicates must be retained.
Which three Transact-SQL statements should you use? (To answer, move the appropriate
statements from the list of statements to the answer area and arrange them in the correct order.)
Build List and Reorder:


You administer a Microsoft SQL Server 2012 database that contains a table named OrderDetail. You
discover that the NCI_OrderDetail_CustomerID non-clustered index is fragmented. You need to
reduce fragmentation. You need to achieve this goal without taking the index offline. Which
Transact-SQL batch should you use?

A. CREATE INDEX NCI_OrderDetail_CustomerID ON OrderDetail.CustomerID WITH DROP
B. ALTER INDEX NCI_OrderDetail_CustomerID ON OrderDetail.CustomerID REORGANIZE
D. ALTER INDEX NCI_OrderDetail_CustomerID ON OrderDetail.CustomerID REBUILD

Answer: B

You develop a Microsoft SQL Server 2012 database. The database is used by two web applications
that access a table named Products. You want to create an object that will prevent the applications
from accessing the table directly while still providing access to the required data. You need to
ensure that the following requirements are met:
* Future modifications to the table definition will not affect the applications’ ability to access
* The new object can accommodate data retrieval and data modification.
* You need to achieve this goal by using the minimum amount of changes to the existing
What should you create for each application?

A. views
B. table partitions
C. table-valued functions
D. stored procedures

Answer: A

You develop a Microsoft SQL Server 2012 database. You need to create a batch process that meets
the following requirements:
* Returns a result set based on supplied parameters.
* Enables the returned result set to perform a join with a table.
Which object should you use?

A. Inline user-defined function
B. Stored procedure
C. Table-valued user-defined function
D. Scalar user-defined function

Answer: C

MCTS Training, MCITP Trainnig

Best Microsoft MCSE: Business Intelligence Certification, Microsoft 70-461 Training at

Oldest dot-com address sits sadly underused 30 years after its historic registration

Someone had to go first, so on March 15, 1985, Lisp computer maker Symbolics, Inc., registered the Internet’s first dot-com address:

Someone had to go first, so on March 15, 1985, Lisp computer maker Symbolics, Inc., registered the Internet’s first dot-com address:
job searching akamai

The Cambridge-headquartered company went out of business about a decade ago (though remnants live on) and in August 2009 the address was sold for an undisclosed sum to Investments, whose CEO Aron Meystedt said in a press release: “For us to own the first domain is very special to our company, and we feel blessed for having the ability to obtain this unique property.”

Today it looks like more of a white elephant than a blessing, what with a largely empty “cityscape” design and a blog that hasn’t been updated in two years. Yet Meystedt remains optimistic, at least outwardly.

“We created the city concept to make browsing the site fun, but it also could grow into a revenue-generating property if we allow advertisers to sponsor elements in the cityscape,” he says.

The design includes clickable elements that reward the visitor with nuggets of information about the Internet, such as: “Gmail first launched on April 1st, 2004. It was widely assumed the service was an April Fools Day joke.”

Not exactly Reddit’s “Today I Learned.”

“As far as traffic, the daily visitors can range from several hundred to several thousand,” Meystedt says. “This usually depends on how well is circulated on social media or news blogs.”

And that probably picks up around March 15.

The problem here appears obvious: is not Plymouth Rock; it would appear to be valuable – at least in a business sense – only if you’re running a company called Symbolics.

I asked Meystedt if might be for sale.

“We have no plans to sell the name at this time.”

Make him an offer.


MCTS Training, MCITP Trainnig

Best Microsoft MTA Certification, Microsoft MCTS Training at

The Big Question Rises How To Become Microsoft, Cisco, ComTIA Certified

The big question rises how to become the Microsoft certified , All Microsoft certifications are acquired by simply taking a series of exams. If you can self-study for said exams, and then pass them, then you can acquire the certification for the mere cost of the exam (and maybe whatever self-study materials you purchase).

You’ll also need, at minimum (in addition to the MCTS), the CompTIA A+, Network+ and Security+ certs; as well as the Cisco CCNA cert.

Microsoft Certified Technology Specialist (MCTS) – This is the basic entry point of Microsoft Certifications. You only need to pass a single certification test to be considered an MCTS and there are numerous different courses and certifications that would grant you this after passing one. If you are shooting for some of the higher certifications that will be discussed below, then you’ll get this on your way there.

Microsoft Certified Professional Developer (MCPD) – This certification was Microsoft’s previous “Developer Certification” meaning that this was the highest certification that was offered that consisted strictly of development-related material. Receiving it involved passing four exams within specific areas (based on the focus of your certification). You can find the complete list of courses and paths required for the MCPD here.

Microsoft Certified Solutions Developer (MCSD) – This is Microsoft’s most recent “Developer Certification” which will replace the MCPD Certification (which is being deprecated / retired in July of 2013). The MCSD focuses within three major areas of very recent Microsoft development technologies and would likely be the best to persue if you wanted to focus on current and emerging skills that will be relevant in the coming years. You can find the complete list of courses and paths required for the MCSD here.

The Microsoft Certifications that you listed are basically all of the major ones within the realm of development. I’ll cover each of the major ones and what they are :

Most people, however, take some kind of course. Some colleges — especially career and some community colleges — offer such courses (though usually they’re non-credit). Other providers of such courses are private… some of them Microsoft Certified vendors of one type or another, who offer the courses in such settings as sitting around a conference table in their offices. Still others specialize in Microsoft certification training, and so have nice classrooms set up in their offices.

There are also some online (and other forms of distance learning) courses to help prepare for the exams.

The cost of taking classes to prepare can vary wildly. Some are actually free (or very nearly so), while others can cost hundreds of dollars. It all just depends on the provider.

And here’s a Google search of MCTS training resources (which can be mind-numbing in their sheer numbers and types, so be careful what you choose):

There are some pretty good, yet relatively inexpensive, ways to get vendor certificate training. Be careful not to sign-up for something expensive and involved when something cheaper — like subscribing to an “all the certificates you care to study for one flat rate” web site — would, in addition to purchasing a study guide or two at a bookstore, likely be better.

If you want a career in IT, then you need to have both an accredited degree in same (preferably a bachelors over an associates), and also a variety of IT certifications. The MCTS is but one that you will need.

You should probably also get the Microsoft MCSE and/or MCSA. The ICS CISSP. And the ITIL.

There are others, but if you have those, you’ll be evidencing a broad range of IT expertise that will be useful, generally. Then, in addition, if the particular IT job in which you end-up requires additional specialist certification, then you can get that, too (hopefully at the expense of your employer who requires it of you).

Then, whenever (if ever) you’re interested in a masters in IT, here’s something really cool of which you should be aware…

There’s a big (and fully-accredited, fully-legitimate) university in Australia which has partnered with Microsoft and several other vendors to structure distance learning degrees which include various certifications; and in which degrees, considerable amounts of credit may be earned simply by acquiring said certifications. It’s WAY cool.

One can, for example, get up to half of the credit toward a Masters degree in information technology by simply getting an MCSE (though the exams which make it up must be certain ones which correspond with the university’s courses). I’ve always said that if one were going to get an MCSE, first consult the web site of this university and make sure that one takes the specific MCSE exams that this school requires so that if ever one later decided to enter said school’s masters program, one will have already earned up to half its degree’s credits by simply having the MCSE under his/her belt. Is that cool, or what?

I wouldn’t rely on them over experience (which is far and away the most valuable asset out there) but they are worth pursuing especially if you don’t feel like you have enough experience and need to demonstrate that you have the necessary skills to land a position as a developer.

If you are going to pursue a certification, I would recommend going after the MCSD (Web Applications Track) as it is a very recent certification that focuses on several emerging technologies that will still be very relevant (if not more-so) in the coming years. You’ll pick up the MCTS along the way and then you’ll have both of those under your belt. MCPD would be very difficult to achieve based on the short time constraints (passing four quite difficult tests within just a few months is feasible, but I don’t believe that it is worth it since it will be “retired” soon after).

No job experience at all is necessary for any of the Microsoft Certifications, you can take them at any time as long as you feel confident enough with the materials of the specific exam you should be fine. The tests are quite difficult by most standards and typically cover large amounts of material, but with what it sounds like a good bit of time to study and prepare you should be fine.

Certifications, in addition to degrees, are so important in the IT field, now, that one may almost no longer get a job in that field without both. The certifications, though, are so important that one who has a little IT experience can get a pretty good job even without a degree as long as he has all the right certs. But don’t do that. Definitely get the degree… and not merely an associates. Get the bachelors in IT; and make sure it’s from a “regionally” accredited school.

Then get the certs I mentioned (being mindful, if you think you’ll ever get an IT masters, to take the specific exams that that Strut masters program requires so that you’ll have already earned up to half the credit just from the certs).

If you already have two years of experience in working in the .NET environment, a certification isn’t going to guarantee that you will get employed, a salary increase or any other bonuses for achieving the honor. However, it can help supplement your resume by indicating that you are familiar with specific technologies enough to apply them in real-world applications to solve problems.

If your ready for career change and looking for Microsoft MCTS Training, Microsoft MCITP Training or any other Microsoft Certification preparation get the best online training from they offer all Microsoft, Cisco, Comptia certification exams training in just one Unlimited Life Time Access Pack, included self study training kits including, Q&A, Study Guides, Testing Engines, Videos, Audio, Preparation Labs for over 2000+ exams, save your money on boot camps, training institutes, It’s also save your traveling and time. All training materials are “Guaranteed” to pass your exams and get you certified on the fist attempt, due to best training they become no1 site 2012.

MCTS Training, MCITP Trainnig

Best Microsoft MTA Certification, Microsoft MCTS Training at

70-481 Essentials of Developing Windows Metro style Apps using HTML5 and JavaScript

You are preparing to write code that configures a CredentialPicker object. The code should allow
for platinum members to save their user credentials according to business authentication
Which of the following is the property that should be included in your code?

A. The PreviousCredential property.
B. The AuthenticationProtocol property.
C. The CredentialSaveOption property.
D. The TargetName property.

Answer: C


You are preparing to write code that enforces the technical search capabilities requirements.
Which of the following is a method that should be included in your code?

A. The appendSearchSeparator method.
B. The appendResultSuggestion method.
C. The appendQuerySuggestions(suggestions) method.
D. The appendQuerySuggestion(text) method.

Answer: C


You have been instructed to make sure that customers and visitors are shown in keeping with the
prerequisites. You are preparing to write the necessary code.
Which of the following should be included in your code?

A. The CommitButtonText property of the ContactPicker class.
B. The SelectionMode property of the ContactPicker class.
C. The Email property of the ContactPicker class.
D. The DesiredFields property of the ContactPicker class.

Answer: D


MCTS Training, MCITP Trainnig

Best Microsoft MCSD: Windows Metro style Apps using HTML5 Certification,
Microsoft 70-481 Training at

IT certifications that deliver higher pay 2015

Certifications abound in the IT industry, but they are not all equal. To help you find the ones that will result in the most financial gain, twice a year we look at which certifications are poised for the biggest growth.

2015’s Hottest IT Certification
Ever wonder how much that certification is worth? While it’s hard to put a dollar sign on certifications, CompTIA offers some insight in the results from a recent survey.

65 percent of employers use IT certifications to differentiate between equally qualified candidates
72 percent of employers use IT certifications as a requirement for certain job roles
60 percent of organizations often use IT certifications to confirm a candidate’s subject matter knowledge or expertise
66 percent of employers consider IT certifications to be very valuable — a dramatic increase from the 30 percent in 2011

Numbers like these make it hard to discount the validity of certifications. That said, all certifications are not equal, which is why twice a year we look at which certifications are poised for growth over the next six to 12 months. And with 2015 upon us, we turn to Foote Partners and its recently released “IT Skills Demand and Pay Trends Report” to find out which certifications will carry the most weight throughout 2015 in terms of pay and demand.

“The hot list is put together by looking at 3-6-12 month value growth vectors then vetting it via interviews with about 400 CIOs and other decision makers on their skills investment plans for 2015,” says David Foote, chief analyst and research officer with Foote Partners.

“Historical pay premium performance is only one of many factors we consider in forecasting. It is normal in our forecasting that 50 percent or more of the skills showing the most growth in the prior three months and six months do not make our Hot List of skills that we are certain will increase in value in next 6 months,” says Foote.

Citrix Certified Enterprise Engineer for Virtualization
Citrix Systems, a leader in the software virtualization niche, owned 56 percent of the virtualization market as of January 2014. That number highlights why demand and pay premiums for this certification is so strong and expected to grow. However, this certification has been retired as of November 2014, replaced by Citrix Certified Professional – Virtualization (CCP-V).

“The value of this certification is in the confirmed ability of the owner to be able to implement and validate varied Citrix implementations. Strongly recommend for experienced engineers looking to validate their skills and ability to design and support complex implementations,” says Elaine Cheng, CIO at the CFA Institute.

CompTIA Security+
Security should be at the forefront of every CIO’s mind. In fact, pay value for this certification based on Foote Partners data has grown 40 percent over the last 12 months and is expected to continue to rise. “A solid certification that shows an understanding of best practice security approaches across several areas. This is a great second-level certification for the individual wanting to expand into the security aspect of IT,” says Cheng.

GIAC Certified Windows Security Administrator
Although Windows is behind in the mobile game, it still dominates the desktop and the enterprise and Microsoft is making strides towards being more mobile-centric. Combine that with mounting security risks and it’s easy to see why the GIAC Certified Windows Security Administrator should continue to be in demand.

“This is a broad and complex certification that a successful Windows engineer should have. It is in no way an easy exam and truly validates a strong engineer skill set across all aspects of Windows security. Our own engineers have tried for this exam several times. It is challenging and a high bar to meet,” says Cheng.

Certified Computer Examiner
Cybercrime, privacy and data security have been in he headlines over the past couple of years. Many analysts believe that 2015 is the year where organizations are going to spend more of their IT budgets on security. This vendor-neutral certification, open to both law enforcement and non-law enforcement personnel, created by the International Society of Forensic Computer Examiners, is yet another in the field of forensics that is rapidly growing in industry recognition.

AWS Certified SysOps Administrator-Associate (Cloud)
According to a recent ComputerWorld cloud computing is second only to security on the list of areas where CIOs plan to spend their money. Most organizations have deployed or are researching some cloud infrastructure, making it a great area in which to specialize. “This is a great entry-level certification for individuals looking to show an understanding of the Amazon Cloud solution for the IaaS solutions. It should be a recommended certification for any engineer supporting AWS,” says Cheng.

EC-Council Certified Security Analyst
Another security certification makes the list. This is one of the certifications that Foote says will pay off particularly well in 2015.

“In the case of security-related certifications such as CyberSecurity Forensic Analyst and Certified Ethical Hacker, [EC-Council Certified Security Analyst] is a requirement for companies because of the specific nature of the training/knowledge provided throughout the curriculum of the certification itself. Most of the requirements that ask for specific certifications are originated from organizations that must follow Security Compliance guidelines mandated by the government: HIPPA, SOX and PCI-DSS to name a few examples. It definitely makes it tougher for both the company and the recruiting firms from a supply standpoint because there is a higher demand than supply of these certified individuals across the industry,” says Katie Powers, national delivery manager of Network Infrastructure Services with TEKsystems.

Mongo DB Certified DBA
A recent Capegemini survey of 225 companies found that most organizations struggle to get actionable results from their big data initiatives. In fact, only 27 percent of those organizations described their big data initiatives as successful. Don’t be discouraged, however, if a career in big data is what you want. Big data is still growing and an additional fact to come out of the survey is that 60 percent of executives interviewed expect big data will disrupt their business within the next three years.

“With the continued need for security trained resources, explosion of the data and the need for tools and applications to manage and make this valuable for the business, increased consumption of the cloud – the need for structured avenues to train existing resources in new technologies as it relates to these areas has become critical,” says Bhavani Amirthalingam, vice president, NAM Region at Schneider Electric.

Microsoft Certified Solution Developer: Applications Lifecycle Management
MSCDs or Microsoft Certified Solution Developers have passed exams to prove their ability to design and develop business applications using Microsoft’s suite of development tools that are within Microsoft platforms but also extends beyond what would be considered traditional platforms. IT pros who specialize in application lifecycle management help to increase overall efficiency and produce better overall products.

“At Schneider, Oracle and Microsoft technology would be key areas of interest,” says Amirthalingam.

Cisco Certified Design Associate
The CCDA is a vendor-specific certification that teaches students Cisco network design fundamentals. The main focus is on designing basic campus, data center, security, voice and wireless networks. Value/Demand has risen 16.7 percent in the last six months and, according to Foote Partners data, demand will continue to increase throughout 2015.

Certified in the Governance of Enterprise IT
A recent Capegemini survey of 225 companies found that most organizations struggle to get actionable results from their big data initiatives. In fact, only 27 percent of those organizations described their big data initiatives as successful. Don’t be discouraged, however, if a career in big data is what you want. Big data is still growing and an additional fact to come out of the survey is that 60 percent of executives interviewed expect big data will disrupt their business within the next three years.

“With the continued need for security trained resources, explosion of the data and the need for tools and applications to manage and make this valuable for the business, increased consumption of the cloud – the need for structured avenues to train existing resources in new technologies as it relates to these areas has become critical,” says Bhavani Amirthalingam, vice president, NAM Region at Schneider Electric.

Most Recent Additions to Foote Partner’s Hot List
In our most recent conversation with Foote, shortly before publishing this report, he said he was digging deeper into his data and interviewing process and called out these certifications as well, predicting them to be growth areas in 2015.

Below is the most recent data on certifications that just became available.

Lean Six Sigma 0% 7.1% 15.4%


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at

The downside to mass data storage in the cloud

The ability to access Dropcam video footage in the cloud is indicative of a broader trend in cloud computing that is eating away at privacy.

The cloud can be an enormously cost-effective way to increase storage and computing musculature, and also, sadly, a way to further add misery to those seeking privacy—or who just want to be left alone. It’s rare to see organizations stand up and shout, “we’ll not give your data to anyone!” or “the life of all stored data, except opt-in assets you want us to store, is always 90 days!” or “yes, we can determine in absolute certainty that your data has been erased to protect you and your identity.”

The cloud, in some warrens, has become a storage ground for the various factories of “big data,” whose ideals are generally to sell things to consumers and businesses. Correlating facts is huge. Ask Target, whose insight into discovering pregnancies helped them capture a nicely profitable market in the pregnancy and new mother world. Smart, you say. There is a downside to this.

Striking while the iron is hot is a great idea. This means harvesting information on searches to be correlated into ads at the next site you visit. Facebook and Amazon are famous for this, and it’s a huge amount of Google’s total business model. Google’s purchase of Nest last year, which gleefully rats out your utility use patterns, also meant the acquisition of Dropcam.

As ace reporter Sharon Fisher reported at TechTarget, Dropcam’s users allow cameras to send their data into Dropcam’s cloud, where it is archived seemingly indefinitely, to the delights of users, police warrants, and security monitoring individuals, who see the surveillance results at will, from any reasonable IP address. It’s inferred that some users monitor Airbnb suites (shouldn’t they disclose this?) and apparently users forget there’s a camera on and do, well, silly things that they may not want captured on digital film.

Google’s storing this sort of info, Amazon will be listening with Echo, and who knows what Siri knows but isn’t saying. This amounts to a comparative heap of very personal information, as though these were robots whose knowledge base was contained inside the physical unit we see on-premises, but it’s not—it’s in the cloud and not only hack-able, but perhaps being used to analyze us, sell us something, or maybe worse, refuse to sell us something or to used against us in a court of law.

Is this data tagged so someone knows to kill it? Is there a metadata tag saying this file or this datablock expires on April 19, 2017? Often it’s tied to an account. Does this data get reused somehow? Video, audio conversations scrubbed for keywords? Much is up to the user agreement, and what happens if you’re, say, a medical provider that’s amassing large quantities of personal medical data? Can that be used? Yes, an attorney would say, “stop right here, and let’s disambiguate these questions.” Clear as mud.

The average civilian has no “bill of rights” that’s common to these online personal information services, whose data is accumulated in cloudy locations. Murky might be a better way to think about it. You want to trust data storage providers – one wants to believe that data sources are somehow bulletproof – but with huge, emblematic recent breaches of retailers, insurance providers, and university alumni databases, that’s not so easy. In reality, some have already been hacked and we just haven’t discovered it yet because no one’s offering the information on dark markets….at least right now.

Is there a way for the app industries to have a common agreement about what can be shared, what is a reasonable life expectancy for personal data, how and to what extent personal data can be actually anonymized, and how data destruction can be audited to even a private detective’s satisfaction? I wish there were answers.



MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at

70-414 Implementing an Advanced Server Infrastructure

In order to adhere to the visualization requirements, what user role should you sign to the ABC1
group when you implement the delegation of the virtual environment?

A. You should consider utilizing the Activity Implementers user role profile for the ABC1 group.
B. You should consider utilizing the Problem Analyst and Self-Service User role profiles for the
ABC1 group.
C. You should consider utilizing the Administrators User Role Profile.
D. You should consider utilizing the Incident Resolvers and Administrators user role profiles for the
ABC1 group.

Answer: C

User role profiles –

In order to adhere to the visualization requirements, which of the following should be utilized when
you implement the virtual machine template which will be utilized by the Web server which hosts
the ABC Engineers applications?

A. You should consider utilizing a .bin file with the accompanying .cue file.
B. You should consider utilizing virtual hard disk (VHD) files.
C. You should consider utilizing a virtual machines and Windows PowerShell scripts.
D. You should consider utilizing .iso images and virtual machines.

Answer: B


In order to adhere to the visualization requirements, which optional Microsoft System Center 2012
features should you add when you implement Microsoft System Center 2012 Virtual Machine
Manager (VMM) to the network infrastructure?

A. You should consider adding the Microsoft System Center Orchestrator.
B. You should consider adding the Microsoft System Center App Controller.
C. You should consider adding the Microsoft System Center Data Protection Manager.
D. You should consider adding the Microsoft System Center Operations Manager.

Answer: D

Explanation: System center products –

In order to adhere to the visualization requirements, how would you update the virtualization

A. You should consider using WSUS and System Center Updates Publisher 2011.
B. You should consider using Microsoft System Center Operations Manager.
C. You should consider using Cluster-Aware Updating.
D. You should consider using Cluster-Aware Updating and Microsoft System Center App

Answer: C

Explanation: System center products –

In order to adhere to the visualization requirements and in order to allow the ABC2 group to
perform their functions, what should you consider creating?

A. You should consider creating sites and organizational units (OU).
B. You should consider creating collections and host groups.
C. You should consider creating organizational units and host groups.
D. You should consider creating a host group.

Answer: D


MCTS Training, MCITP Trainnig

Best Microsoft MTA Certification, Microsoft 70-414 Training at