CyberCoders, a worldwide recruiting firm, has analyzed hiring statistics from a pool of more than 12,000 CyberCoders job listings to determine the top 10 tech jobs for 2011 — focusing on which job types offer the most open positions, career growth and compensation. CyberCoders finds that technical candidates often make more, are in higher demand, and have a better chance for career growth versus candidates who apply for marketing or health care positions.

Matt Miller, Chief Technology Officer of CyberCoders, says, “There is a resurgence of companies hiring tech candidates caused in part by industries which need to automate their business systems.” Miller says, “Automating business systems often results in an increased need for software engineers and technical specialty positions, especially among start-ups.” At the beginning of 2011, CyberCoders had more than 1,400 available positions in technology, up 196 percent from the previous year.

The slideshow highlights CyberCoders’ top 10 technical positions for 2011 ranked by salary.

CLICK HERE TO VIEW SLIDESHOW

I then added that the gift of interconnectivity does not come for free, it has opened all of us to threats to our privacy, identity, intellectual property and other confidential information that our society never have to face before.

That thesis was written when Web 2.0 and social media were still at their infancy. It was before the age of Facebook and iPhone. The best technology available for remote access to your work place is through an unstable Virtual Private Network (VPN) connection. The cloud computing concept was generally still pretty much a concept. And finally, even in the heart of the Silicon Valley, I still knew people who still have dial-up connection because neither DSL nor Internet Cable is available in their neighborhood. It seemed like ages ago. However, those statements still ring true, and I would dare say more profoundly, today than back in the early part of the decade.

Fast forward to the present, my mom just demoed her new Droid-powered smart phone and her Video phone to me and she essentially knows more about Facebook features than I do. It will be quite rare to meet someone who is still using dial-up (unless that person, of course, live somewhere in the far reaches of the galaxy or maybe somewhere very remote). In one of my trips from the Bay Area to San Diego, I met someone who works for Google and she bedazzled me with all the work she can do through the cloud. No VPN, no remote access software, just an Internet connection and the cloud.

Within the past half-decade we bear witness to evolution of technology’s usability and also the tech savviness of the end-user. To paraphrase one of my former instructors, “technology is ready for mass market once it becomes as easy as making a phone call.” Facebook, the iPhone, the video phone, cloud computing and the like, no matter how complex they are in the back-end, have made computing essentially as easy as dialing a telephone.

These innovations with all the benefits and promise they provide to the individual and businesses, they also make the task of insuring the confidentiality, integrity and availability of information a little bit more of a doozy than it was in 2004. Social media, portable mass storage present in outwardly benign devices such as smart phones, USB flash drives, digital cameras and even digital photo frames, availability of mass storage (often free) in the web, present a clear challenge for businesses to ensure the security of the information that they are responsible for.

Technology alone cannot provide the answer to the dilemma brought upon by these new technologies. Every security professional, and common sense should, attest to the simple fact that there is no silver bullet to information security. To effectively address the ever evolving threat presented by an ever-changing and extensively complex digital world, businesses of all sizes must be able adapt and effectively ensure the security of the information within their organization. Smart businesses understand that there is a need to develop a information security management strategy that focuses on development, delivery, implementation and enforcement of a comprehensive information security program.

Effective information security goes beyond the boundaries of technology solutions, businesses, specifically information security managers face a daunting, yet highly achievable, task of developing, implementing and maintaining an information security program that is both systematic and is aligned with the organization’s overall business objectives. This involves an extensive understanding the effective information security management will greatly involve a synergized integration of people, policy, process and technology.

An effective information security management strategy will typically involve understanding of and accomplishing key tasks within 5 key functional areas:

• Information Security Governance
• Risk Management Strategy
• Development of Information Security Program
• Management of the Information Security Program
• Incident Management and Response Strategy

Overall, an information security management strategy will need to address various threats faced by an organization with regards to its security posture and how it protects information. In addition, to addressing the obvious ones such as malware or malicious intrusions, it must also concern itself with non-technical threats such as legal liabilities and compliance issues. The organization must develop an information security program that is cost-effective and based on an effective assessment of risks faced by the organization and finally it must be able to develop a plan that will ensure effective response in the event of an incident or a disaster.

On the day of the exam you were as confident as a porcupine with extended twills (imagine that …). You know in your heart you’ve done what you could. You are anxious. You are ready. Then here comes the first question. You think to yourself, “WTF is this? I don’t remember reading about this.” Then the next question was so vague you wondered if it was actually written in English. The third question, seemed like there are two answers instead of one. The fourth was no easier. By the fifth question, all that confidence went down the toilet and by the sixth you are in a near panic.By the time the exam was all over, you are so bewildered that you wonder if someone got the license plate of the truck that hit you. You have no idea if you passed or failed and wondering what you have done wrong and if you actually done enough. I have observed that often times the key reason for a person failing an exam was not because he or she did not know the material, but rather because he or she simply lost focus brought upon by the stress and sometimes panicked over the confusion brought about by how the questions in the exam was framed.

If you’ve gone through a similar painful situation or worried that you may go through the same situation as I have described above when you go take a cert exam, I’d like to share a simple secret that I always take with me whenever I take an exam. It all comes down to simple math.

Let’s look at the PMP exam requirement as an example:

“The PMP® exam is a 4-hour multiple choice exam. In these 4 hours, you are going to have to answer 200 questions. Each question is either scenario based or knowledge based and has 4 possible answers – A, B, C or D. You can only select one answer.

Out of these 200 questions, 25 are considered “pretest questions”. These pretest questions do not affect your score. The PMI uses them as an effective and legitimate way for testing the questions. In other words: new questions for the exam are first tried out in this way, to see how well they work. The pretest questions are randomly placed throughout the exam.

So you start out with 200 questions minus the 25 pretest questions which leaves 175 questions. Out of these, you must answer 106 correctly. That is 61%.” (Source: What is the PMP Exam Passing Score?)

So we know that out of 200 questions only 175 matters and to pass we only need to answer 106 of the 175 correctly. However, there is a wildcard here, we need to factor in the 25 that we have no idea which questions they are. 25 questions that we may all answer correctly, but don’t really count in the score. That would really suck if 1 of the 106 questions that you’ve answered correctly is a pre-test question and therefore your actual score is only 105, which means you fail.

So to negate the pre-test factor, we should set our goal to:  106 + 25 = 131. In other words, to be confident that we actually passed the exam, we will need to have a “buffer” of 25 questions. So in reality the surefire way to pass the exam is to get 65.5% of the 200 questions, vice 61% of the 175 questions. In the grand scheme of things and comparison of probability, it is not really a big jump. We will look at probability in a different context in a little bit. But for now, we’ve established that our passing goal is 65.5%.

Just FYI Formula: 131 / 200 = .655 or 65.5%

We also know that we have 4 hours to complete a 200 question exam. That gives you 1.2 minutes per question. Believe it or not this is actually pretty long. I would recommend targeting to spend only 1 minute maximum per question. This will give an extra 40 minutes to review your answers (that is after you follow the next steps below you still feel like doing a review).

Now that we now know what our passing goal and time/per question ratio is, we are now really prepared to take the exam. Most exams will allow you to have a blank sheet of paper and a pencil to use as a scratch paper. Make sure that you get them. You will need it. Also most cert exams allow you to mark the questions that you would like to go back to for a variety reasons, including, but not limited to:

• You are not sure of your answer
• You don’t know the answer

 As I mentioned there are a variety of reasons why you would want mark an answer, but the two reasons above are the only two that we will concern ourselves about.

This is where the next step of our technique comes in. In your scratch paper, set-up two columns. One column is going to be where you will write the question number of questions that you are not sure of your answer. The other columns is where you will write the question number of the questions that you don’t know the answer.

Third step start answering the questions, keeping in mind your time constraint of 1 minute max per question. You don’t have to distract yourself by really counting every second of the clock. Just have a feel for it and keep it in the back of your mind. Once you run into a question that you are not sure of, pick the one that you think is the best answer. Then write the question number in the appropriate column. Do the same for questions that you don’t know the answer. DO NOT SKIP A QUESTION. Pick an answer and move on. Just make sure you mark that question number.

Once you’ve finished all the questions and stayed true to the self-imposed time constraints (in our case one minute per question), you should have plenty of time for the 4^th step. Count the total number of questions that you were not sure of and count the number of questions that you did not know the answer. If the total number of questions you were not sure of and don’t know the answer to comes out to be less than 69 questions (based on our PMP example), then I would highly recommend: STOP!!! Stop pulling your hair out, you are done.

But just for giggles, let’s assume that it is a little bit more complicated than that. Somehow, you marked even the questions that you have only a slimmer of doubt as to the answer. Continuing with our example the numbers came out as follows:

• Not sure: 60
• Don’t know: 25

Do you start the sweat pumps and start going through each “Not sure” question? I say, hold your horses, mate! Let’s do some math, actually probability to be exact. Let’s throw away, the 25 don’t know. Let us assume, you have the luck of a possum crossing the I-5 Freeway in the middle of rush hour in Los Angeles. Essentially, no way you can get lucky in getting a right on the 25 guesses that you’ve made in the “Don’t know” column.

You have 115 answers that you are pretty sure of. If you go with the 106 mark as originally suggested to be the passing score out of 175 non-pre-test questions, you’ve already passed. But since you’ve set a higher goal of 131 to get a surefire-no-way-you-can-fail score, you need 16 more correct answers. 16 is 27% of 60. With this info, ask yourself this:

1. What are the chances of me missing more than 70% of the questions in the “Not sure” column?
2. What are the chances of 10 or more of the pre-test questions being in the 115 answers that I am pretty sure of?

The answer to question two is actually hard to really know and it is a gamble. However, it is negated by your answer to question one. Question one is really a gut check. It’s not exact math or science, but its all about probability with margins of error. But in the end, you will know the answer to this. So this goes without saying that if the answer to 1 and 2 is “pretty low chance.” Take a deep breath, stretch and submit your answers. In the case of the PMP or other computer-based certs you will immediately know the results. In the case of scantron-based exams such as CISSP, you will not immediately know the results, but you will be confident that there is a very high probability that you’ve passed.

I have used this technique in all the cert exams that I have taken and the results were obviously great. I also used this in taking college exams, although slightly adjusted based on the target score that I want beyond what is required to pass. Obviously, college exams are not simply pass/fail as cert exams, so I have to tweak my goals to ensure that I have the best score possible.

In summary, here are the steps of using math and probability to help you pass the exam:

1. Know your “true” passing goal and time/question ratio
2. Set-up two columns in your scratch paper: “Not sure” and “Don’t know”
3. Answer the questions. Mark columns with question numbers as appropriate. DO NOT SKIP A QUESTION. Even if you don’t know the answer, make your best guess.
4. Do the math, sum up “Not sure” and “Don’t know” and compare with your passing goal.
5. If necessary, do a probability/gut check. How many of the “Not sure” do you think you will miss? Is it pretty high? Or is it low?

All that said, I wish you the best of luck. Yes LUCK does help, but I prefer to understand probability .

Some of the entries in that document are a little outdated and I am still trying to nudge my lazy self in drafting an updated version.

Below are some of the key points of the framework.

• Three-factor approach that I believe is important to meeting the 50-30-20 principle
• It is a lifecycle that continually evolves and allows for continued flexibility and adaptability based on the needs of the organization and the willingness of the stakeholders to support the organizational objectives
• This is a three-legged stool principle that relies on the effective planning, execution and support of each “leg” to ensure that the stool remains stable and standing
• Each of the leg has underlying milestones or procedures depending upon the scope of the task or project
• Assess – it is necessary to do a full assessment and/or analysis of the task, concept and their requirements. This includes, but not limited to, project/task feasibility study, analysis of business objectives, needs assessment, risk assessment, gap analysis, cost v. benefit analysis and project scope assessment
• Resolve – Once assessment criteria is addressed and outcomes are accepted, resolution begins, this includes the start of fully defining project scope, addressing resource requirements, implementation, testing, configuration and change management.
• Manage – Management involves more than simply making sure the program or project works, maintenance or delivering it on time, on budget and within specification, but rather to truly provide value to the organization, effective management requires continually looking into improving and streamlining the processes involved. This is addressed via measurable objectives, effective analysis of results and development of benchmarks and metrics. As the process, evolves, we continue to go through the ARM principle.

There are a multitude of methodologies, frameworks or what-have-you for effectively managing IT and information security. Each of these frameworks has their key strengths and weaknesses. I am in the belief that none really have a significant advantage over the other as each offer best practices principles that if effectively matched with the organization and properly planned, implemented and supported brings plenty of value to the overall evolution and effectiveness of the organization.

There is, however, three commonalities to each of these methodologies:
• The need to Assess the issue, problem or requirement and finding the right solution
• The need to Resolve the problem with the identified solution
• The need to Manage or Maintain the solution and adjust accordingly to ensure that the problem remains resolved

So within each key leg of ARM (no pun intended), you can insert applicable steps, processes, practices, controls, procedures as it apply to your specific business, field and/or requirements and be able to have a continuous process improvement process, which have goals that that is essentially pretty S.M.A.R.T. Okay, another acronym, but I did not invent this one. SMART means Specific, Measurable, Achievable, Realistic and Time Framed.

• IT is about 50% people, 30% process and 20% product (technology)
• Success of any IT department depends upon the people within the department and the people it supports. There has to be buy-in to IT initiatives and that the department offers value to its customer base
• Processes (Procedures, Guidelines, Standards and Policies) should be aligned with overall business objectives to ensure that IT is not simply a cost center for the organization but also a value-add and integral part of overall revenue stream of the company. A key factor to ensure that there is alignment between IT and Business and that these processes support the objectives is buy-in from all the stakeholders within the organization
• Product or Technology is actually the least important aspect of the overall IT Infrastructure. Unless People and Process are clearly onboard and aligned with the overall objectives of the organization, no hi-tech solution can solve any underlying problems with the organization

Assess-Resolve-Manage (ARM) Framework

• Three-factor approach that I believe is important to meeting the 50-30-20 principle
• It is a life cycle that continually evolves and allows for continued flexibility and adaptability based on the needs of the organization and the willingness of the stakeholders to support the organizational objectives
• This is a three-legged stool principle that relies on the effective planning, execution and support of each “leg” to ensure that the stool remains stable and standing
• Each of the leg has underlying milestones or procedures depending upon the scope of the task or project
• Assess – it is necessary to do a full assessment and/or analysis of the task, concept and their requirements. This includes, but not limited to, project/task feasibility study, analysis of business objectives, needs assessment, risk assessment, gap analysis, cost v. benefit analysis and project scope assessment
• Resolve – Once assessment criteria is addressed and outcomes are accepted, resolution begins, this includes the start of fully defining project scope, addressing resource requirements, implementation, testing, configuration and change management.
• Manage – Management involves more than simply making sure the program or project works, maintenance or delivering it on time, on budget and within specification, but rather to truly provide value to the organization, effective management requires continually looking into improving and streamlining the processes involved. This is addressed via measurable objectives, effective analysis of results and development of benchmarks and metrics. As the process, evolves, we continue to go through the ARM principle.

Copyright © 2010 HDM Clariza, CISSP, PMP, CISM
All Rights Reserved

Journal of Global Information Technology Management (JGITM) is a multidisciplinary journal. JGITM publishs articles and reports related to all aspects of the application of information technology for international business. The Journal is international in all aspects.

Journal of Global Information Technology Management (JGITM) is a multidisciplinary journal. JGITM publishs articles and reports related to all aspects of the application of information tec (more…)

Repeaters (Layer 1) – amplify signal, no added intelligence, no filtering

Hubs (Layer 1) – used to connect multiple LAN devices, no added intelligence

Bridges (Layer 2)

• Amplifies signal and adds some intelligence
• Forwards the data to all network segments if the Media Access Control (MAC) or hardware address of the destination computer is not on the local network segment
• Automatically forwards all broadcast traffic

Planning to take the CISSP Exam? Get a copy of my personal notes (300plus pages worth) that I used to pass the exam for only $25.00. Click the Add To Cart Button to Purchase Plus you will also get copies of notes from other CISSPs. Learn more about this package by visiting this blog entry: CISSP REVIEW NOTES I USED TO PASS THE EXAM. CLICK BELOW TO MAKE YOUR PURCHASE NOW. All Purchases are securely processed through Paypal. Once you click the button please check your shopping cart at the upper right hand side of the page to complete your order. IMPORTANT NOTICE: I MANUALLY REVIEW ALL ORDERS. SO ONCE YOU PURCHASE THE PRODUCT, THERE WILL BE SOME DELAY ON YOU RECEIVING AN E-MAIL FROM ME WITH THE LINK TO THE DOWNLOAD AREA OF THE PRODUCT. YOU WILL GET A RESPONSE FROM ME WITHIN 24-48 HOURS. You may also want to consider these CISSP resources from Amazon.com

Switches (Layer 2) – Will only send data to the port where the destination MAC address is, not to all ports

Routers (Layer 3) – opens packet and looks at either MAC or IP address and forwards the packet to the destination network

Gateways – primarily software, can be multi-protocol and can examine the entire packet

Asynchronous Transfer Mode (ATM) Switches – use relay technology and typically used in WANs and CANs.

LAN Extenders

• Remote access multi-layer switch connected to a host router
• Filters based on MAC address, but not capable of firewalling

WAN Technologies

• Rules for communicating between computers on a WAN
• Communications between large disparate networks

Private Circuit Technologies

• Evolved before packet switching networks
• Dedicated analog or digital point-to-point connection
• Serial Line Internet Protocol (SLIP), Point-to-Pont Protocol (PPP), ISDN and xDSL
• Dedicated Line – indefinitely and continuously reserved for transmissions
• Leased Line – type of dedicated line leased from a carrier

Types and Speeds of Leased Lines

Digital Signal Level 0 (DS0) – single channel at 64KBps on a T1

Digital Signal Level 1 (DS1) – 1.544 MBps in US on a T1 and 2.108 MBps in Europe on an E1

Digital Signal Level 3 (DS3) – 44.736 MBps on a T3

T1 – transmits DS-1 data at 1.544 MBps on telephone switching network

T3 – transmits DS-3 data at 44.736 MBps on telephone switching network

E1 – predominantly used in Europe and carries data at 2.108 MBps

E3 – predominantly used in Europe and carries data at 34.368 MBps

SLIP (Serial Line Internet Protocol)

• Developed in 1984 to support TCP/IP over low speed serial interfaces
• Using Windows NT RAS, NT computers can use TCP/IP and SLIP to communicate to remote hosts

PPP (Point to Point Protocol)

• Used over dial-up and dedicated links
• Includes login, password and error correction
• Operates at Layer 2 and uses CHAP and PAP

ISDN (Integrated Services Digital Network)

• Integration of digital telephony and data transport
• Digitization of the telephone network, allowing voice, data, etc.
• Overtaken by DSL

xDSL (Digital Subscriber Line)

• Uses existing twisted pair telephone lines
• ADSL (Asymmetric DSL)
  • More bandwidth downstream (1.5 to 9 MBps) than upstream (16 to 640 KBps)
  • Works at 18000 ft theoretical lengths and 14400 ft practical lengths over copper twisted pair
• SDSL (Single-line DSL)
  • Provides from 144 KBps up to 1.544 MBps in both downstream and upstream traffic, depending on the distance from the carriers point of presence (POP) over copper twisted pair
  • Works at 10000 ft lengths
• HDSL (High-rate DSL)
  • 1.544 MBps both up and down over two copper twisted pair (T1 speed)
  • Can do 2.048 MBps on three copper twisted pair
• VDSL – (Very High-rate DSL)
  • 13-52 MBps down and 1.5 MB to 2.3 MBps upstream over single copper twisted pair operating range 1,000 – 4,500 feet

You may also want to consider these CISSP resources from Amazon.com

Thoroughly Updated Sixth Edition! Social networks are transforming how people communicate, work, and play. This comprehensive new edition highlights this new technology and scores of others that are changing how organizations operate and compete in the current global environment. The cover depicts two examples of social network. The larger image is a visualization of the trust relationships in a web-based social network. The smaller figures are default avatars from Second (more…)

Information technology has changed how businesses operate and succeed in today’s global economy. Organizations can now use IT to transform themselves and achieve a tremendous competitive advantage. Information Technology for Management: Transforming Organizations in the Digital Economy, Seventh Edition highlights how this new technology is changing the current business environment and what effect it has on today’s students.  The text addresses the major principles of MIS in (more…)

One thing that I’d like to point out though, it does not take a genius to create a strong password, which for all accounts and purposes there is no such thing. It gives as much protection as a locked door knob to your house. It gives you a layer of protection, but not the protection. Just like a door knob, it can help prevent casual intruders, but not those who are really intent in breaking in. But, I digress.

In any case, I figured I give a quick comment on this matter since this somehow ties in to what I do for a living and what I preach to users practically on a daily basis.

First point of fact: It does not take a genius, knowledge of nuclear science or for that matter hours of deliberation to create a strong password. Typically a password with 8 characters utilizing 3 of the 4 types of characters in your keyboard is often sufficient.

Password1 is a strong password. Although I would not recommend using this password exactly, it meets the requirements I stated above. It has more than 8 characters, uses the upper case letter, lower case letter and a number, 3 of the 4 types of characters required. To make this password even technically stronger, add a special character, i.e. !Password1.

Now was that hard?

Second point of fact: even if your company requires you to change your password regularly, you don’t need to build a special database to maintain all these passwords. Going back to our Password1 example, if you need to change it, develop a simple system that will be easy to remember and follow. In this case a simple change, such as Password2, will often be sufficient. So all you have to remember is that you changed your password to the next number up. Many companies only prevent users from re-using passwords within the first three changes, so if your company requires a password change once very quarter, you can rotate from Password1 to Password4 every year: Password1 for the first quarter, Password2 for the second quarter and so on.

Now was that too time consuming?

Third and final point of fact: Companies and organizations who require password set-ups far and above what I mentioned above, i.e. requiring passwords 14 characters long, requiring all 4 character types used and not allowing reuse of passwords even after 4 or more changes (yes I’ve run into policies like these) are who this article should be referring to. In my personal and professional opinion, these policies, for a lack of a better word, are moronic policies and do not provide the organization with better benefits or security. They often tend make the organization more insecure as users will find ways to circumvent these rules like writing it on a post-it note and pasting it on the monitor. How many of you have passwords written behind your keyboard?

So what do I do personally?

Personally, I maintain only three password combinations and don’t change them unless I really have to. If I have to, I typically just do the slight variations that I mentioned above and no, Password1 is not one of them.

To read about the research by Cormac Herley mentioned in the article: The Rational Rejection of Security Advice by Users.

On a side note, I just found it peculiar that the research was sanctioned by Microsoft, a company well-recognized for their vigilance in maintaining the security of their products.