Three key challenges in vulnerability risk management

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Vulnerability risk management has re-introduced itself as a top challenge – and priority – for even the most savvy IT organizations. Despite the best detection technologies, organizations continue to get compromised on a daily basis. Vulnerability scanning provides visibility into potential land mines across the network, but often just results in data tracked in spreadsheets and independent remediation teams scrambling in different directions.

The recent Verizon Data Breach report showed that 99.9% of vulnerabilities exploited in attacks were compromised more than a year after being published. This clearly demonstrates the need to change from a “find” to “fix” mentality. Here are three key challenges to getting there:

* Vulnerability prioritization. Today, many organizations prioritize based on CVSS score and perform some level of asset importance classification within the process. However, this is still generating too much data for remediation teams to take targeted and informed action. In a larger organization, this process can result in tens of thousands – or even millions – of critical vulnerabilities detected. So the bigger question is – which vulnerabilities are actually critical?

Additional context is necessary get a true picture of actual risk across the IT environment. Organizations might consider additional factors in threat prioritization, such as the exploitability or value of an asset, the correlation between the vulnerability and the availability of public exploits, attacks and malware actively targeting the detected vulnerability, or the popularity of a vulnerability in social media conversations.

* Remediation process. The second and perhaps most profound challenge is in the remediation process itself. On average, organizations take 103 days to remediate a security vulnerability. In a landscape of zero-day exploits and the speed and agility at which malware developers operate, the window of opportunity is wide open for attackers.

The remediation challenge is most often rooted in the process itself. While there is no technology that can easily and economically solve the problem, there are ways to enable better management through automation that can improve the process and influence user behavior. In some cases, there are simple adjustments that can result in a huge impact. For example, a CISO at a large enterprise company recently stated that something as easy as being able to establish deadlines and automated reminder notifications when a deadline was approaching could vastly improve the communication process between Security and DevOps/SysAdmin teams.

In other words, synchronizing communication between internal teams through workflow automation can help accelerate the remediation process. From simple ticket and task management to notifications and patch deployment, the ability to track the remediation process within a single unified view can eliminate the need to navigate and update multiple systems and potentially result in significant time savings.

* Program governance. The adage, “You can’t manage it if you can’t measure it” is true when it comes to evaluating the success of a vulnerability risk management program. In general, information security programs are hard to measure compared to other operational functions such as sales and engineering. One can create hard metrics, but it is often difficult to translate those metrics into measurable business value.

There is no definitive answer for declaring success. For most organizations, this will likely vary depending on the regulatory nature of their industry and overall risk management strategy. However, IT and security teams demonstrate greater value when they can show the level of risk removed from critical systems.

Establishing the right metrics is the key to any successful governance program, but it also must have the flexibility to evolve with the changing threat landscape. In the case of vulnerability risk management, governance may start with establishing baseline metrics such as number of days to patch critical systems or average ticket aging. As the program evolves, new, and more specific, metrics can be introduced such as number of days from discovery to resolution (i.e., time when a patch is available to actual application).

Practitioners can start improving the process by making some simple changes. For example, most vulnerability assessment tools offer standard prioritization of risks based on CVSS score and asset classification. However, this approach is still generating too much data for remediation teams. Some organizations have started to perform advanced correlation with threat intelligence feeds and exploit databases. Yet, this process can be a full-time job in itself, and is too taxing on resources.

Technologies exist today to help ease this process through automation by enriching the results of vulnerability scan data with rich context beyond the CVSS score. Through correlation with external threat, exploit, malware, and social media feeds and the IT environment, a list of prioritized vulnerabilities is delivered based on the systems most likely to be targeted in a data breach. Automating this part of the process with existing technologies can help cut the time spent on prioritization from days to hours.

Today, vulnerability management has become as much about people and process as it is about technology, and this is where many programs are failing. The problem is not detection. Prioritization, remediation, and program governance have become the new precedence. It is no longer a question of if you will be hacked, but rather when, and most importantly, how. The inevitable breach has become a commonly accepted reality. Vulnerability risk management calls for a new approach that moves beyond a simple exercise in patch management to one focused on risk reduction and tolerable incident response.

NopSec provides precision threat prediction and remediation workflow solutions to help businesses protect their IT environments from security breaches. Based on a flexible SaaS architecture, NopSec Unified VRM empowers security teams to better understand vulnerability data, assess the potential business impact, and reduce the time to remediation.

Click here to view complete Q&A of 70-355 exam

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft 70-355 Training at


98-364 Database Administration Fundamentals

The terms “bitmap,” “b-tree,” and “hash” refer to which type of database structure?

A. View
B. Function
C. Index
D. Stored procedure
E. Trigger

Answer: C

One reason to add an index is to:

A. Decrease storage space.
B. Increase database security.
C. Improve performance of select statements.
D. Improve performance of insert statements.

Answer: C

You have a table that contains the following data.

You break the table into the following two tables.

This process is referred to as:

A. defragmentation
B. normalization
C. fragmentation
D. denormalization

Answer: B

You have a table that contains the following data.

Which database term is used to describe the relationship between ProductID and ProductCategory?

A. Cohort
B. Relationally dependent
C. Deterministic
D. Functionally dependent
E. Compositional

Answer: D

Which key uniquely identifies a row in a table?

A. foreiqn
B. primary
C. local
D. superkey

Answer: B


Click here to view complete Q&A of 98-364 exam

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft 98-364 Training at

74-678 Designing and Providing Microsoft Volume Licensing Solutions to Large Organisations

A Datum wants to extend its on-premises server farm by deploying SQL Server to virtual machines in Microsoft Azure for a short-term development project.
How should you recommend that Contoso license the deployment?

A. Purchase virtual machines that run Windows Server through Azure and assign existing SQL Server licenses by using License Mobility within Server Farms.
B. Purchase virtual machines that run SQL Server through Azure.
C. Purchase virtual machines that run Windows Server through Azure and assign existing SQL Server licenses by using License Mobility through Software Assurance (SA).
D. Use MSDN licenses for Windows Server virtual machines and for SQL Server.

Answer: C

Explanation: * With License Mobility through Software Assurance, you can deploy certain server application licenses purchased under your Volume Licensing agreement in an
Authorized Mobility Partner’s datacenter. * Use License Mobility to:
Extend the value of your server application license by deploying them on-premises or in the cloud.
Take advantage of the lowest cost computing infrastructure for changing business priorities.

A Datum plans to implement the VDI.
You need to recommend a solution to ensure that the sales office users can access their corporate desktop from a company-owned iPad. The solution must be the most cost-effective solution today and must ensure that the company meets the licensing requirements of the planned IT strategy.
Which two licenses should you include in the recommendation? Each correct answer presents part of the solution.

A. A Windows Virtual Desktop Access (VDA) license for each tablet
B. A Windows Companion Subscription (CSL) license for each primary device
C. A Windows 8.1 Enterprise Upgrade license for each tablet
D. An RDS User CAL for each sales office user

Answer: A,D

Explanation: A: VDA licensing is the recommended license for VDI access devices that do not
qualify for SA. VDA provides organizations with the ability to license Windows for use via devices that do not traditionally come with a Windows license, such as thin clients, smartphones, and tablet devices. Organizations can also use VDA to license devices that the organization does not own, such as employees’ home PCs and contractor devices.
D: The RDS CAL is the primary license for Microsoft VDI. It offers the flexibility to deploy both VDI and RDS Session Virtualization so that you can provide access to full desktop and shared desktop experiences. You must purchase one RDS CAL for each device or user that accesses VDI. A
* Scenario: A Datum plans to implement a Virtual Desktop Infrastructure (VDI) by using Remote Desktop Services (RDS) on Windows Server 2012 R2.
In line with the VDI implementation, all of the sales office users will be issued a tablet. A Datum wants to enable the users to work from their home computer as well, as the need arises. In addition, the company plans to enable a Bring Your Own Device (BYOD) strategy.

Which two goals are met by the company’s current licensing solution given the planned changes? Each correct answer presents part of the solution.

A. A Datum must run the most up-to-date versions of the desktop platform products to access the custom application.
B. A Datum wants the users to be able to access their corporate desktop from their home computer.
C. A Datum wants to deliver Windows and Office in a virtual desktop to the users.
D. A Datum wants to be able to install multiple virtual desktops on the device of each user.
E. A Datum wants the flexibility to deploy virtual desktops to the cloud.

Answer: B,C

Explanation: Not A: The latest versions can not be used. Not D, not E: No current cloud licensing exists.
* Scenario:
/ Current Licensing Solution
A Datum recently signed an Enterprise Agreement that includes Office Professional Plus, Windows Enterprise Upgrade, and Microsoft Core CAL Suite licensed per user.
Currently, all of the licenses for SQL Server are assigned to long-term workloads.
/ A Datum uses Microsoft Lync Server 2010, Microsoft SharePoint Server 2010, and Microsoft Exchange Server 2010. Various versions of Microsoft SQL Server are used heavily across the server farm both as an infrastructure product and as a data warehouse tool.
/ Business Goals
A Datum spent a significant amount of time developing a custom application that will be used by hundreds of the company’s partners and suppliers. The application will always run on the latest version of SQL Server and SharePoint Server. A Datum wants the application
to be available to the users immediately.

A Datum purchases Windows 8.1 Enterprise Upgrade licenses through their current agreement.
What are three benefits of these licenses compared to the Original Equipment Manufacturer (OEM) licenses? Each correct answer presents a complete solution.

A. License Mobility rights
B. Rights to reassign licenses
C. Re-imaging rights
D. Perpetual usage rights
E. Windows Virtual Desktop Access (VDA) rights

Answer: B,D,E

Explanation: B: Windows Enterprise use rights are bound to the existing PC if SA is allowed to expire. And as before, Windows Enterprise edition upgrade licenses can be reassigned to a replacement device while SA is active, as long as the replacement device has a “qualifying OS.”

A Datum is evaluating moving the licensing of its desktop platform products to Office 365.
Which three licenses will make up its desktop platform? Each correct answer presents part of the solution.

A. Office 365 ProPlus
B. Windows Intune
C. Windows 8.1 Enterprise
D. Microsoft Core CAL Suite Bridge for Office 365
E. Office 365 Enterprise E3

Answer: A,D,E

Explanation: A: When you deploy Office 365 ProPlus, it’s installed on the user’s local computer. Office 365 ProPlus is offered as a monthly subscription.
D: Microsoft Client Access License (CAL) Suite Bridges are used when you are transitioning from a CAL Suite (on premises) to a comparable Product and Online Service combination.
* Scenario:
A Datum wants to improve the manageability and control of the users’ desktops. In the short term, the company will deploy Windows 8.1 Enterprise and Office Professional Plus 2013 internally. During the next six months, A Datum plans to implement a Virtual Desktop Infrastructure (VDI) by using Remote Desktop Services (RDS) on Windows Server 2012 R2.


Click here to view complete Q&A of 74-678 exam

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft 74-678 Training at

74-343 Managing Projects with Microsoft Project 2013

You use Project Professional 2013 to manage a project that has customer-required milestone
completion dates. You need to see graphically that your milestones have slipped beyond your
customer-required dates. What should you add to the project milestones?

A. a Must finish on constraint
B. a finish date
C. a deadline
D. a Finish no later than constraint

Answer: C

You manage a project by using Project Professional 2013. Your project is updated with changes to
the baseline for selected tasks. You back up your project fife before you start your next tracking
cycle. After completing the tracking cycle, you notice that the baseline duration values on some
of the summary tasks are not correct. You need to correct these values before re-entering the
tracking data. You open the backed up version of the project schedule. What should you do next?

A. Manually update the summary tasks with the new duration values.
B. Reset the summary tasks to manual scheduling.
C. Ensure the tasks durations are of the same denomination values. Then reenter the tracking data.
D. Reset the baseline checking the Roll up baselines to all summary tasks option. Then reenter
the tracking data.

Answer: D

You are a program manager. Your project managers use Project Professional 2013 to manage
projects. The project managers want to utilize the same resources across their projects. You need
to combine the projects, as well as the project resources, to see allocations across the projects.
What should you do?

A. Copy and paste all resource assignments into a Master file.
B. Share resources from an external resource pool.
C. Create a Master project and insert subprojects by using Link to project.
D. Open all projects in a new window.

Answer: B

Your company uses Project Standard 2013 to track project progress. You need to accurately
calculate cost performance index (CPI) as a health indicator. Which three actions should you
perform? (Each correct answer presents part of the solution. Choose three.)

A. Ensure there is a value in the Status Date field.
B. Ensure there is a value in the Standard Rate field.
C. Ensure Task Dependencies exist in the schedule.
D. Enter actual progress information.
E. Level resources within available slack.

Answer: ABD

You are a project manager who uses Microsoft Excel 2013. Your company decides to migrate all of
the current projects in Microsoft Excel 2013 to Project Professional 2013. They allow all
employees to spend 8 hours migrating each project plan. Your current and unique project plan
has 462 tasks with duration in days, and resources have been assigned and named. You have a
status meeting in two days. You need to provide your project’s information by using Project
Professional 2013. What should you do?

A. Create a new project plan in Project Professional 2013 and use the Gantt Chart Wizard to
import from an Excel Workbook.
B. Rename the Excel file from .xlsx to .mpx, and open it by using Project Professional 2013,
activating the Mapping Excel Workbook feature. Map tasks, durations, and resources
assigned into Microsoft Project fields.
C. Open the Excel File .xlsx directly from Project Professional 2013, which will convert and map
tasks, durations, and resources assigned into Project fields.
D. Create a VBA macro by using the Excel Record Macro feature to import all tasks, durations,
and resources assigned from Excel into your new Project Professional 2013 project plan.

Answer: C


Click here to view complete Q&A of 74-343 exam

MCTS Training, MCITP Trainnig

70-695 Deploying Windows Desktops and Enterprise Applications

70-695 Deploying Windows Desktops and Enterprise Applications

Published: January 23, 2015
Languages: English
Audiences: IT professionals
Technology: Windows 8.1, Windows Server 2012 R2
Credit toward certification: MCP, MCSE

Skills measured
This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area on the exam. The higher the percentage, the more questions you are likely to see on that content area on the exam. View video tutorials about the variety of question types on Microsoft exams.

Please note that the questions may test on, but will not be limited to, the topics described in the bulleted text.

Do you have feedback about the relevance of the skills measured on this exam? Please send Microsoft your comments. All feedback will be reviewed and incorporated as appropriate while still maintaining the validity and reliability of the certification process. Note that Microsoft will not respond directly to your feedback. We appreciate your input in ensuring the quality of the Microsoft Certification program.

If you have concerns about specific questions on this exam, please submit an exam challenge.

Implement the Operating System Deployment (OSD) infrastructure (21%)
Assess the computing environment
Configure and implement the Microsoft Assessment and Planning (MAP) Toolkit, assess Configuration Manager reports, integrate MAP with Microsoft System Center 2012 Configuration Manager, determine network load capacity
Plan and implement user state migration
Design considerations, including determining which user data and settings to preserve, hard-link versus remote storage, mitigation plan for non-migrated applications, and wipe-and-load migration versus side-by-side migration; estimate migration store size; secure migrated data; create a User State Migration Tool (USMT) package
Configure the deployment infrastructure
Configure Windows Deployment Services (WDS), install and configure Microsoft Deployment Toolkit (MDT), identify network services that support deployments, select Configuration Manager distribution points, support BitLocker
Configure and manage activation
Configure KMS, MAK, and Active Directory–based activation; identify the appropriate activation tool

Implement a Lite Touch deployment (18%)
Install and configure WDS
Configure unicast/multicast, add images to WDS, configure scheduling, restrict who can receive images
Configure MDT
Configure deployment shares, manage the driver pool, configure task sequences, configure customsettings.ini
Create and manage answer files
Identify the appropriate location for answer files, identify the required number of answer files, identify the appropriate setup phase for answer files, configure answer file settings, create autounattend.xml answer files

Implement a Zero Touch deployment (20%)
Configure Configuration Manager for OSD
Configure deployment packages and applications, configure task sequences, manage the driver pool, manage boot and deployment images
Configure distribution points
Configure unicast/multicast, configure PXE, configure deployments to distribution points and distribution point groups
Configure MDT and Configuration Manager integration
Use MDT-specific task sequences; create MDT boot images; create custom task sequences, using MDT components

Create and maintain desktop images (21%)
Plan images
Design considerations, including thin, thick, and hybrid images, WDS image types, image format (VHD or WIM), number of images based on operating system or hardware platform, drivers, and operating features
Capture images
Prepare the operating system for capture, create capture images using WDS, capture an image to an existing or new WIM file, capture an operating system image using Configuration Manager
Maintain images
Update images using DISM; apply updates, drivers, settings, and files to online and offline images; apply service packs to images; manage embedded applications

Prepare and deploy the application environment (20%)

Plan for and implement application compatibility and remediation
Planning considerations, including RDS, VDI, Client Hyper-V, and 32 bit versus 64 bit; plan for application version co-existence; use the Application Compatibility Toolkit (ACT); deploy compatibility fixes
Deploy Office 2013 by using MSI
Customize deployment, manage Office 2013 activation, manage Office 2013 settings, integrate Lite Touch deployment, re-arm Office 2013, provide slipstream updates
Deploy Office 2013 by using click-to-run (C2R)
Configure licensing, customize deployment, configure updates, monitor usage by using the Telemetry Dashboard


Click here to view complete Q&A of 70-695 exam

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft 70-695 Training at


98-361 Software Development Fundamentals

You are employed as a developer at You make use of C# and ASP.NET for
development purposes.
You have been asked to create a new program for Prior to creating the new program,
you plan to create an algorithm to fully comprehend how the processes of the program must run.
The algorithm will list the required actions for completing a process in the appropriate sequence.
You are informed that your method for creating the algorithm should be as simple, and clear as
What option should you use?

A. You should consider making use of the flowchart method.
B. You should consider making use of the pivotchart method.
C. You should consider making use of the data table method.
D. You should consider making use of the XML method.

Answer: A


You are employed as a developer at You are creating a .NET Framework application.
You have been instructed to make sure that you make use of Common Intermediate Language
(CLI) for programming the application.
What options are TRUE with regards to CLI? (Choose all that apply.)

A. CIL is the highest-level human-readable programming language defined by the Common
Language Infrastructure specification.
B. CIL is the highest-level human-readable programming language defined by the Common
Language Infrastructure specification.
C. CIL is an object-oriented assembly language, and is entirely stack-based.
D. CIL is an object-oriented assembly language, but is not stack-based.

Answer: A,C


You are employed as a developer at You make use of Visual Basic .Net for
development purposes.
You have written the code shown below for declaring an array of a new application:
Dim myArray as String = { apples, pears, plums, grapes, oranges, bananas}
You want to return the third item in your array.
What code would you employ?

A. myArray[1]
B. myArray[2]
C. myArray[3]
D. myArray[4]
E. myArray[5]
F. myArray[6]

Answer: B


You are employed as a developer at You are in the process of creating code for a
method that does not retrieve a value for the calling code.
You want to make sure that this is reflected when declaring the method.
What option should you use?

A. You should consider making use of the void keyword in the method declaration.
B. You should consider making use of the sealed C# statement in the method declaration.
C. You should consider making use of the internal C# statement in the method declaration.
D. You should consider making use of the public C# statement in the method declaration.
E. You should consider making use of the protected C# statement in the method declaration.

Answer: A


You are employed as a developer at You make use of C# and ASP.NET for
development purposes.
You have received instructions to create a new program for using C#. You are informed
that the new program should allow for intricate multi-way branching. Furthermore, the code used
must not be difficult to make sense of.
What is the option you should use?

A. You should consider making use of the foreach C# statement.
B. You should consider making use of the while C# statement.
C. You should consider making use of the protected C# statement.
D. You should consider making use of the switch C# statement.

Answer: D




Click here to view complete Q&A of 98-361 exam

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft 98-361 Training at

7 serious software update SNAFUs of the last 25 years

Microsoft’s Windows 10 eager early upgrade wasn’t the first software update gone way too wrong.

Microsoft’s Windows 10 eager early upgrade wasn’t the first software update gone way too wrong. Here are seven (more) serious software update SNAFUs.

AT&T Update Hangs Up LD Calls
In January 1990, AT&T hung up millions of LD calls after updating its 4ESS network switches in December. The company had coded a single-line error into the program’s recovery software. When a New York switch reset, the recovery software sent all the network hardware “crazy”.

TrendMicro marks Windows OS a virus
In September 2008, TrendMicro’s AV update tagged critical Microsoft Windows files as a virus, producing the dreaded Blue Screen of Death (BSOD). “I fixed some of those PCs while working at BestBuy. TrendMicro was our preferred AV software so a lot of clients were affected,” says Mike Garuccio, Garuccio Technical Services.

NT service pack packs a punch on PD
In September 2005, an LA area police department and an Alvaka Networks customer saw the chief and his lieutenants’ PCs crash. Updating HP desktop Windows NT 4.0 machines to Service Pack 6a caused the crashes. “It’s not pretty when the top brass at the PD cannot work,” says Oli Thordarson, CEO, Alvaka Networks.

Drivers drive admins nuts
In February 2000, Windows 2000 unleashed an updated hardware driver model that drove systems administrators nuts. “Printers, scanners, and peripherals stopped working regardless of Microsoft’s Windows Driver Model, which Microsoft lauded as a solution to migrating from Windows 98 to Windows 2000,” says Clay Calvert, director of CyberSecurity, MetroStar Systems.

AVG saddles Wintrust.dll with Trojan moniker
In March 2013, an updated AVG anti-virus program stopped trusting the benign Windows wintrust.dll file in Windows XP, marking it as a Trojan horse. Unwitting users who removed the file at the behest of AVG saw their PCs go kaput.

Microsoft Office 2000 update bug bite
In April 2003, the Microsoft Office 2000 SR-1 update spun out of control and into a continuous software registration request loop, asking customers to register their Microsoft Office 2000 product again, over and over and over.

Microsoft WGA finds its own software disingenuous
In August 2007, a newly updated Windows Genuine Advantage (WGA), which Microsoft created to seek, sort, and send Windows XP and Vista software pirates walking the proverbial plank instead identified many thousands of licensed copies of the popular OSs as unlicensed, informing innocent users of their digital high crimes against the software vendor and in the case of Vista, disabling numerous features.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at


HP is now two companies. How did it get here?

HP’s split follows more than a decade of scandals and missteps

If Hollywood wanted a script about the inexorable decline of a corporate icon, it might look to Hewlett-Packard for inspiration. Once one of Silicon Valley’s most respected companies, HP officially split itself in two on Sunday, betting that the smaller parts will be nimbler and more able to reverse four years of declining sales.

HP fell victim to huge shifts in the computer industry that also forced Dell to go private and have knocked IBM on its heels. Pressure from investors compelled it to act. But there are dramatic twists in HP’s story, including scandals, a revolving door for CEOs and one of the most ill-fated mergers in tech history, that make HP more than a victim of changing times.

HP isn’t down and out: It could still confound skeptics and return some of its former glory. But the breakup is an inauspicious moment for a company that was once one of the tech industry’s finest. Here are some of the events that got HP to where it is today.

The Compaq acquisition: Much has been said about HP’s 2001 buyout of its larger PC rival, and the story is back in the news thanks to then-CEO Carly Fiorina’s U.S. presidential campaign. Without getting bogged down in whether Carly made a huge error, it’s safe to say that the deal did not set HP up for the future. Dell’s direct sales model was about to turn the industry on its head, and tablets and smartphones would deal a blow from which PCs have never recovered. HP bet big on a losing horse.

The pretexting scandal: You want a movie script? In 2006, HP admitted it had hired private investigators who spied on its own board members to figure out who was leaking company information to journalists. Criminal charges against HP executives were eventually dropped, but it cost the jobs of board chair Patricia Dunn and several other top staff. It was an embarrassing distraction at a time when HP needed to get down to business.

The EDS purchase: Buying a big IT services company in 2008 looked like a smart way for HP to diversify into more profitable areas, but HP “never unlocked the value from the deal they were looking for,” says IDC analyst Crawford Del Prete. Soon after, the market turned from large outsourcing deals to smaller contracts, and HP was riding the wrong horse again. Its services business continues to struggle.

Mark Hurd scandal: Like Fiorina, Hurd is a divisive figure for HP watchers. What’s undeniable is that his relationship with R-rated movie actress Jodie Fisher cost him his job and kicked off a disastrous string of events for HP. More contentious is whether Hurd’s rampant cost-cutting stunted innovation and set HP up to fail. Del Prete doesn’t see it that way: Hurd slashed expenses, was adored by Wall Street, and probably would have reinvested some of those savings in the long term, he says. Regardless, his ouster kicked off the most damaging period in HP’s history. Hurd was forced to resign, ostensibly over an inaccurate expense report. If only his successor’s missteps had been so trivial.

Leo Apotheker. Oh Leo, what were you thinking? Or maybe that’s a question for HP’s board. The former SAP chief took over from Hurd in September 2010 and managed to do a lot of damage before his ouster 11 months later. “He was really a software sales and marketing executive,” says Del Prete. “He had a hammer and everything became a nail.” Among the highlights of his tenure:

The Autonomy debacle: The New York Times has called it “the worst corporate deal ever,” and it’s hard to argue it didn’t contribute mightily to HP’s woes. HP shelled out $11.1 billion for the U.K. software maker and took a write-down of $8.8 billion the following year, effectively admitting that it had drastically overpaid. HP claims it was hoodwinked by Autonomy’s management, and lawsuits are ongoing, but there’s evidence that HP rushed the deal without knowing what it was getting into. It was another big distraction for HP and gave more ammunition to investors who wanted change at the company.

The PC blunder: At the same time it bought Autonomy, Apotheker announced that HP was considering a sale of its PC division. It wasn’t a terrible idea — IBM did the same and hasn’t looked back — but dithering about it in public for many months caused uncertainty that hurt HP’s business and helped its rivals.Apotheker also killed off HP’s webOS smartphones and tablets, which HP gained when it bought Palm for $1 billion a year earlier. At a time when smartphones were the hottest item in tech, it was a curious decision, to say the least.

Revolving doors: Before a year was up, HP’s board had had enough and Apotheker was replaced by Meg Whitman, the company’s third CEO in 13 months. Her first move: announcing that HP would keep its PC division after all. Whitman seemed an unlikely choice after her 10 years running Ebay, but she’s won praise for making the best of a tough assignment.

Cloud confusion: It’s an open question whether an enterprise IT company needs its own public cloud, but it’s now clear that HP won’t have one. It said a few weeks ago it will shut down its Helion cloud services in January, and focus instead on “hybrid” infrastructure and partnering with other cloud providers. HP’s public cloud was another initiative started by Apotheker, though one wonders if HP couldn’t have done a bit more with it after four years of effort.

None of these events alone landed HP where it is today. The move to cloud computing and collapsing PC market played a role, along with the ongoing decline in proprietary high-end Unix systems. The failure of Intel’s Itanium processor, on which HP bet the farm in systems, was also a major setback.

Despite all the missteps, the two HPs remain formidable entities, each with some $50 billion in revenue. HP Inc., which will sell PCs and printers, is unlikely to produce much growth, but the PC business can generate a good amount of cash, as Michael Dell has proved. And the core infrastructure business of Hewlett-Packard Enterprise has “never been executing better,” according to IDC’s Del Prete, who pointed to its 3Par storage gear and industry-standard servers.

“We don’t see customers being at risk from the split,” he said, meaning IDC isn’t advising HP customers to shop around.

What matters, he says, is whether Hewlett-Packard Enterprise can make the right acquisitions and partnerships over the next 24 months to bring back some growth.


MCTS Training, MCITP Trainnig


Best HP Certification Training and HP Exams Training  and more Cisco exams log in to