Friday, 29 November 2013

Hacker Halted Europe Interviews Part 5 – Alexander Polyakov


By 


In October, EC-Council’s Hacker Halted came to Europe for the first time. Firebrand attended the conference in Reykjavik, Iceland and interviewed industry experts about the hottest topics in cyber security.

Alexander Polyakov is the co-founder and CTO of ERPScan Security Monitoring Suite for SAP. He’s an expert on the security of enterprise business-critical software, such as ERP, CRM SR, as well as enterprise applications developed by SAP and Oracle. Alexander is the author of numerous surveys and whitepapers devoted to IT security research in SAP.

The conference organisers invited Alexander to speak about vulnerabilities, threats and trends of SAP in 2013. The presentation outlined the importance of raising awareness on securing ERP Systems based on SAP. As business critical data is often stored in the SAP system, it is absolutely essential to ensure that there are no vulnerabilities. Alexander also pointed out that the exposure of SAP systems to the internet can bear serious consequences, as cybercriminals might gain access to them, using simple vulnerabilities.

To learn more about the latest threats and trends of SAP systems, watch the full interview: 


About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Thursday, 28 November 2013

Microsoft Jump Start - Learn, compete and get certified


By 


Technology is fast and it never stops evolving, so if you want to stay ahead of the curve and be successful, you must keep on learning. Microsoft supports continuous learning through the Microsoft Virtual Academy (MVA). It offers free online training and self-study material for hundreds of courses, in 11 languages. MVA’s mission statement is “to help developers, knowledgeable IT professionals and advanced students learn the latest technology, build their skills, and advance their careers.”

As an MVA member you will be earning points for your learning and achieving different levels of badges and status, whilst competing with other learners. However, if you want to use your personal learning goals as a benchmark, you can also do that with your dashboard, which helps you to track your progress.

Kick-start getting your MCSD with Jump Start         
      
To maximise your online learning experience, MVA delivers a series of live events, including Jump Start training and MVA Live Q&A sessions, where you can interact with experts, and an audience of fellow students from around the globe.

If you are passionate about coding and building apps or you’re interested in managing projects using Microsoft Visual Studios 2012 products, we have great news for you. With MVA you can now start preparing to get the following certifications:

Building apps is great and now you can get two of the most valuable certifications for coders interested in creating amazing apps using HTML5 or C#. Pick your path and watch the corresponding Jump Start training sessions, with experts taking you through everything you need to know. Once you’ve watched them all, you’re on your right way to pass your exams and get certified.

If your interests are different and you’d rather earn an MCSD in Application LifecycleManagement, Jump Start will help you in that too. Watch the sessions with Anthony Borton and Steven Borg and prepare for passing your exams.

If you want to learn more about MCSD certifications visit our website.

About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Tuesday, 26 November 2013

“Culture of carelessness” – losing devices, endangering company data


By 


BYOD (Bring Your Own Device) policies have been causing headaches to IT managers and company executives, ever since they became popular. However, a recent survey reveals that there is something even worse than careless employees using their own devices for work. Can you guess what it is? It’s none other than careless employees using and losing work devices. Information Age collected the most alarming figures from a recent survey of 2,500 UK adults, by Vision Critical and Trend Micro.

The most disturbing news to IT managers is that more than one quarter (27 per cent) of participants have reported having up to three work devices lost or stolen, while only 11 per cent have ever lost a personal device.

But the so-called “culture of carelessness” stretches well beyond losing devices. Although 31 per cent of participants use Wi-Fi hotspots on a regular basis, less than half of them (44 per cent) check security levels of networks before connecting. The same percentage said they are more concerned about losing personal content, like photos, documents and banking details, than sensitive business data. Only 3 per cent were concerned about enabling cybercriminals to access corporate data.

Rik Ferguson, global VP of security research at Trend Micro said: “The survey shows a worrying attitude of carelessness towards work devices and an ignorance of the full impact of losing data without the correct security measures being put in place.”

“Employees should take the same amount of care with their work device as they do with their personal ones, and be made fully aware of the procedures and risks before a device is given to them.”

About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Monday, 25 November 2013

Free PMP practice exercises help you prepare for certification success.

By


Over the last 10 weeks Firebrand Training have brought you all the course material from our official PMI PMP® course. Having worked diligently through all the modules, scribbling down notes and referencing a now slightly tattered PMBOK guide, you are probably asking yourself, how much of that information did I really take in? Am I really ready to take the exams?

Firebrand is here to take you one step closer to exam readiness. We have just launched a series of practice exercises specifically aligned to each module. Each exercise is aimed at helping you to gauge your understanding of individual modules, whilst helping put into practice what you have just learnt.

PMP Practice Exercises

Below are the full range of exercises currently available on the site. These can be worked through in isolation, or as part of your progression when working through the course material. 

Every exercise comes complete with a series of questions and answers, helping ensure your knowledge is up to scratch.

Project Management Process Groups
Project Integration Management
Project Scope Management
Project Time Management
Project Cost Management
Project Quality Management
Project HR Management
Project Communications Management
Project Risk Management
Procurement Management
Stakeholder Management

What Next...

Completed all the course material and exercises? Still looking for more information to boost your PMP knowledge? 

Over the next few weeks we will be preparing to launch a series of practice tests, which should take you one stage closer to exam readiness. Keep checking back on Firebrand's Google+ page for all the latest updates.


About the Author

As part of Firebrand's global marketing team, Edward actively works to serve the IT community with news, reviews and technical how to guides. Working in the Industry for almost 3 years years, Edward has a wide variety of experience with Microsoft Technologies including SharePoint and Windows Server and Exchnage Server. Edward is an active member of the IT community contributing to a variety of tech publications including Microsoft TechNet, Channel Pro and PC Advisor among others.

Yves Le Roux: How infosec pros can help EU data protection


By 


(ISC)2’s information security professionals publish articles regularly on Computerworld UK’s Infosecurity Voice blog. This time the author is Yves Le Roux, policy group lead at the (ISC)2 EMEA advisory board, who blogged about how “infosec professionals can help shape EU data protection”.  

Governments have finally realised the importance of recognising and controlling information security risk. With the new draft data protection legislation the EU’s cyber security strategy has made its first steps towards addressing the risks that people and businesses face on a daily basis in today’s technology-dependent world.

Although the initiative is taking on a serious matter, it does not mean that legislators have the relevant experience and knowledge to understand the impact and response that may be needed.
The new legal framework will affect us all; therefore it is vital that everybody involved considers the influence of such legislation.


It’s a task of great significance, so the advising security professionals must get to know the legislation first. Once all aspects, including the overall intent as well as the actual measures, have been assessed, infosec pros may point out all infeasible elements and make suggestions.

All in all, “the job ahead for legislators, privacy and compliance professionals as well as technology and information security professionals  is to understand the intent of what needs to be achieved , and then come together to understand the structures required to govern and properly manage the intent.”

To read the full article by Yves Le Roux visit Infosecurity Voice

About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Friday, 22 November 2013

SQL Server 2014 Event at Microsoft Redmond - Final Day

Today is my last day at Microsoft, flight this evening at 6:10pm back into Heathrow.

It has been a busy week and my plans to blog every day just didn't happen so here is a final update on my week at the SQL Server 2014 TTT.

Seattle is a cosmopolitan and vibrant city and evenings after class have been filled with taking in the atmosphere and the many retail experiences on offer in downtown Bellevue, so yes after class I have been "out & about" soaking up the local attractions!!

That is not to say that I didn't forget to visit the on-campus shop at Redmond to see what "geek-gifts" were on offer, ofcause I purchased many items that I don't really require but "hey" its all about capturing memories of an iconic visit, and you can never have too many pens!



I couldn't quite believe how large Microsofts Campus at Redmond actually was, it's a town in its own rights and getting from 1 building to the next can be quite a long walk so being able to catch one of the Shuttle Connect taxis to take you to your destination whether that be on campus or downtown Bellevue and even into Seattle itself was a blessing, and what a great service for the 60,000 Microsoft employees who work on campus for getting to and from work.


For me the highlight of the week was Day 3 focusing on the Self-Service BI tools and services for discovery, analysis and visualisations of on-premises and cloud based data.

Our presenter was a "SQL BI God" Peter Myers and for me this was a moment of being totally "Star Struck" as for many years I have followed and read Peters blogs and to finally attend an event where he was presenting was true "SQL Momemt" for me.

We started the BI story looking at PowerPivot in Excel 2013 which was an refresher on skills and to set the starting point before our dive into the realm of Power BI, Power Query and Power Map.
Power Query was previously known as Codename “Data Explorer”. Similarly, Power Map was previously known as Project codename “GeoFlow”.

Available as an add-in for both Microsoft Excel 2013 and Excel 2010, Power Query makes it easy to discover, combine, and refine data from both public and private data sources, including HDInsight.

Being able to pull in any public dataset from the internet, such as census information, geographic data  or anything that is of interest to an organisation opens up the possibilities of analytical and data mining queries outside of organisational data. Ofcause IT can still have an involvement publishing their own organisational datasets and providing a controlled gateway with security and scheduled data refreshes to provide a more managed way of making data available.


The last 2 days were all about HDInsight and Big Data using tools such as MapReduce, Hive and Sqoop, Bill Ramos was the presenter for these 2 days.

HDInsight is a Hadoop-based service from Microsoft that brings a 100 percent Apache Hadoop solution to the cloud. A modern, cloud-based data platform that manages data of any type, whether structured or unstructured, and of any size, HDInsight makes it possible for you to gain the full value of big data. And running up a HDInsight Cluster couldn't be easier taking less than 45minutes to run up a 4 node cluster with 25 cores. At the moment only 4 of the Azure Datacentre locations support storage for HDInsight. 
This was a tough 2 days as the realms of Big Data was relatively new to the whole class and after the first 1 hour session my head was pounding with so much information. HDInsight and it's possibilities are going to take some time to digest and get my head around and at the moment I can only see large multi-national corporations utilizing such technologies to crunch data.

Our fun using HDInsight came to a crashing end when a gremlin popped up and brought down the internet and our access into the Windows Azure Portal. Questions were flying around the class had we brought down Microsoft Datacentres, or was it the Windows Azure team performing updates or was it even the millions of new Xbox1 customers somewhere in the world registering their new accounts and brining down Microsoft Cloud Services. My bet was on the Xbox1 customers!

Gradually the class came back online and we were to some point able to carry on with our HDInsight Clusters, unfortunately this was only for a small percentage of the class, myself not having the opportunity to complete my hands-on labs.

My week in downtown Bellevue, Seattle attending the SQL Server 2014 TTT Enablement Program has been an interesting one and I am sad to be leaving hoping that I will get another chance soon to return to Microsoft.

About the Author:

Angela works for Firebrand Training as a subject matter expert and instructor for SQL Server and System Centre. For over 10 years Angela specialized in SQL Server, delivering training and consultancy services to a number of companies throughout the UK and Europe guiding and mentoring customers to follow Microsoft Best Practice and assist in their understanding and adoption of SQL innovative features.

What the future holds – eight IT security predictions for next year


By 


Hope for the best and prepare for the worst. It may sound like an old cliché, but being prepared is the foundation of great IT security. This year we’ve seen some high-profile data breaches, ransom-demandingmalware and prominent cybercriminal arrests. After an eventful 2013, we are curious about what 2014 brings, and so are cyber-security researchers from Websense Security Labs, who compiled a list of their predictions* for the New Year.

Lower levels of advanced malware

According to Websense ThreatSeeker Intelligence Cloud, the quantity of new malware is heading towards a decline. However, this is bad news for companies, because cybercriminals are likely to switch to lower volume, more targeted attacks to decrease the risk of detection. Long story short, there’ll be less attacks, but they’ll bear greater risk.

There’s a major data-destruction attack on the horizon

In the past, network breaches have mostly been about selling information for money. In 2014, enterprises should be concerned about hackers destroying data. Small and medium-sized companies should also stay alert, as ransomware attacks are expected to target them.

Cloud data over network

Loads of sensitive business data have been moved to the cloud in the last few years. Therefore, it seems logical and perhaps even convenient for hackers to adopt a new approach, and target clouds rather than on-premise servers.

Power struggle in the exploit kit market

Following the arrest of “Paunch”, the alleged creator of the Blackhole exploit kit, the market is likely to see a power struggle for the leading position. The Neutrino and Redkit exploit kits are expected to consolidate their positions in 2014.

Java will remain exploitable and therefore exploited

As most end point will continue running older versions of Java, they’ll be highly exploitable. Next year, cybercriminals will put great effort into developing new, multi-stage attacks, as well as making us of tried-and-true methods.

BreachedIn aka compromising organisations via social networks

Cybercriminals are expected to come up with more and more ways of luring executives and compromising networks, with the help of professional social media platforms, such as LinkedIn.

Only the strong ones will survive

This may sound a bit over the top, but similarly to a food chain, the weakest ones will be the primary targets. Obviously, they do not have to be afraid of being eaten, but if they’re the “weakest links”, they must watch their backs to avoid serious breaches.

“Offensive” security mistakes are likely to happen

Retaliatory actions against (alleged) attackers are the basis of “offensive” security. However, as in real warfare, tactical mistakes can happen, which might put innocent organisations in the crossfire.

*Original article written by Information Age editor, Ben Rossi. 

About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Thursday, 21 November 2013

Cisco launches Tech Huddle road show


By 


Learn how to keep your Cisco technology secure at an official Cisco Tech Huddle near you. You’ll also learn about the latest product updates and see some live demos.

Cisco will be discussing the latest innovations in security technology, including:

  • The integration of Cisco's virtual and physical security solutions providing dynamic secure services in the Data Centre
  • How you could be effectively protecting your environment against rapidly changing range of attacks with Cisco Sourcefire solutions.
  • Cisco and Lancope coming together to provide a detailed insight into the latest threats and best practices for thwarting a wide array of threats
  • Live demonstrations of how these products and services integrate to offer real value to your business!

There'll be dedicated 'Ask me about...' sessions, where Cisco experts will answer all your questions.  Plus, you’ll have the chance to win tickets to Cisco Live, as well as some Jabra devices.

When and where are these events happening?
  • Reading: 26th November
  • London City: 27th November
  • Dublin: 27th November
  • Glasgow: 27th November
  • Aberdeen: 28th November
  • Belfast: 3rd December
  • Manchester: 4th December

If you can't make the dates above, there's also a summary webinar taking place.

For all of the above dates, you can register on the Cisco website and see the full agenda here.

About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Wednesday, 20 November 2013

CryptoLocker attacks on the rise – SMEs in danger


By 


Imagine the following scenario: you are surfing on the web, checking your emails, opening the attachments and then suddenly your monitor displays a splash screen with a countdown timer and the message “Private key will be destroyed on [date]“, unless you pay. Your PC has just been infected by a relatively new, increasingly common Trojan horse malware, called CryptoLocker. All your photos, videos, documents and other important files have been encrypted and your only option appears to be to satisfy the demands of this ransomware and its creators by paying, hoping that your files will be decrypted and the nightmare ends.


The UK’s National Crime Agency has issued an urgent alert to PC users about CryptoLocker and the threats it poses. As described in the statement, tens of millions of UK customers are receiving emails that appear to be from banks and other financial institutions. However, the primary targets appear to be small and medium businesses.

According to recent reports and the NCA’s warning, the amount of “ransom” demanded by CryptoLocker is 2 Bitcoins (£550 as at 18/11/13).

What can you do against it?

Similarly to many other cases, preventive measures are more useful than trying to find a cure, especially when it’s too late. So what can we do? According to Graham Cluley’s extensive article on the matter, the answer is three-fold.
  • Keep your PC up-to-date with anti-virus and security patches and don’t open unsolicited email attachments.
  • Set a software restriction policy on your PC to prevent executables from running from certain location on your hard drive.
  • Make regular backups of your important data and keep them separate from your computer.
To learn more about CryptoLocker, read the full article on grahamcluley.com

About the Author:       
Peter writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself.

Tuesday, 19 November 2013

SQL Server 2014 Event at Microsoft Redmond - Day 1

I couldn't quite believe my luck when I received an email from Microsoft inviting me to attend the SQL Server 2014 Trainer Enablement event at Redmond, Seattle.

Of course my answer was "YES YES YES I would love to attend" !!

It was an early start arriving on campus at 8:30am, seeing that Microsoft sign as the shuttle bus entered campus sent me into geek overload, and as expected Microsoft really looks after it's visitors.

So after a long day I am now relaxing in my hotel in downtown Bellevue digesting the information of Day 1 and the roadmap for SQL Server 2014 Data Platform.

The first speaker was Ramink Gulati who presented the story of SQL Server 2014, a story that would wet the appetite of many customers proving that SQL Server is not a "toy database" as many do see it but a true runner to go up against the likes of Oracle, IBM and SAP.

Over 600 business's in the last year have moved from Oracle to SQL Server and we are not talking a hybrid database environment but pure SQL, this strengthens the position of SQL Server in the market place, soon to be Number 1 and knock it's competitor off the top spot once and for all. Currently SQL Server is 2nd in the marketplace and that's pretty good.

The second speaker was Darmadi Komo a senior technical product manager who presented the new standards for mission critical platforms.

For me the most exciting aspects of Darmadi presentation was SQL Server 2014 and it's hybrid capabilities, on-premise and cloud.

My top hybrid features covered today:


  • SSMS built-in tools for moving an on-premise SQL Database to an Azure VM, just a few clicks of the mouse and the database is in Azure, a good reason to implement Contained Databases now in SQL Server 2012 for ease of migration into Azure when upgrading to 2014.
  • Implement an AlwaysOn Availability Group with a asynchronous readable secondary in Azure for reporting requirements.
  • Backup an on-premise SQL Database to Azure storage and encrypt the backup. 
  • Take an on-premise database and move it's file structure into Azure Storage but still keep the compute environment of SQL Server local.


Let me expand on the last point as this was mind boggling! 

So you have an on-premise database which has many data files and a log file, as a DBA I can choose to move all or some of these files into Azure. Why would I do this I here you ask? We'll maybe 1 of those data files has archived data and is read infrequently so rather than using local disk space we can just move that 1 data file into Azure while the rest remain in local storage.  An application does not need to be aware of this remote file as SQL will just pull the data down from Azure, all you need is good bandwidth.

That's just amazes me that an on-premise database can have local storage and Azure storage, I think this will keep me thinking for many hours if not days.

The in-depth dive on day 1 into the Data Platform roadmap for SQL Server 2014 has strengthened my love affair with SQL Server and as an Instructor I am looking forward to sharing my knowledge
with my SQL classes.

A good nights sleep is needed after day 1 as tomorrow is all about Data Warehousing and more cloud features and a trip to the campus shop, so more to follow soon. 

About the Author:
Angela works for Firebrand Training as a subject matter expert and instructor for SQL Server and System Centre. For over 10 years Angela specialized in SQL Server, delivering training and consultancy services to a number of companies throughout the UK and Europe guiding and mentoring customers to follow Microsoft Best Practice and assist in their understanding and adoption of SQL innovative features.

Monday, 18 November 2013

Check out the final module of our free PMP course - Project Stakeholder Management



By 



This Monday brings about the completion of a 3 month project to bring you all the course material from Firebrand Training's accelerated PMP course on our FREE self-study platform, Learn. Having worked on the project i'm pretty excited to complete phase one of the launch, the course material.

Now we move to phase two which will roll out over the next few weeks:

Free Practice Tests - we will be bringing you a plethora of practice questions so you can gauge your knowledge on each module. There will also be two practice tests, which are 50 and 100 questions respectively, helping you to simulate the exam situation.

Exercises -  a series of exercises directly related to PMP course modules to help you put the knowledge into real life context, whilst testing knowledge from the respective modules.

Additional Resources - this will be a collection of expertly curated third party resources such as supplementary course material, exam preparation tips and alternative information deposits. 

Before we get to all that we must first look at this weeks module launch on project stakeholder management, followed by a comprehensive breakdown of all modules....


What is covered in Project Stakeholder Management?

These are the sub sections you will work through in this weeks module:
13.1 - Identify Stakeholders - Initiating
  • The process of identifying the people, groups, or organisations that could impact or be impacted by a decision, activity, or outcome of the project; and analysing and documenting relevant information regarding their interests, involvement, inter-dependencies, influence and potential impact on project success.
  • The process of developing appropriate management strategies to effectively engage stakeholders throughout the project life cycle, based on the analysis of their needs, interests and potential impact on project success.
  • The process of communicating and working with stakeholders to meet their needs/expectations, address issues as they occur and foster appropriate stakeholder engagement in project activities throughout the project life cycle.
13.4 - Control Stakeholder Engagement - Monitoring & Control
  • The process of monitoring overall project stakeholder relationships and adjusting strategies and plans for engaging stakeholders.


Looking back...

Check through this PMBOK® matrix to find all our course material which is also available on the course material homepage.

Projects, Project Management and Project Managers
Projects, Programmes and a Portfolio
Project Manager knowledge and skills
Organisation Structures for Projects
Understanding the Project Environment and Organisational Environment
Project Governance, Stakeholders and Project Sponsors
Product Lifecycle vs. Project Lifecycle

PMBOK's Project Managament Process Groups


Knowledge Areas Initiating Planning Executing Monitoring & Control
4. Integration Management 4.1 Develop Project Charter 4.2 Develop Project Management Plan 4.3 Direct and Manage Project Work 4.4 Monitor and Control Project Work 4.5 Perform Integrated Change Control 4.6 - Close Project or Phase
5. Project Scope Management 5.1 Plan Scope Management 5.2 Collect Requirements 5.3 Define Scope 5.4 Create WBS 5.5 Validate Scope 5.6 Control Scope
6. Project Time Management 6.1 Plan Schedule Management 6.2 Define Activities 6.3 Sequence Activities 6.4 Estimate Activity Resources 6.5 Estimate Activity Durations 6.6 Develop Schedule 6.7 Control Schedule
7. Project Cost Management 7.1 Plan Cost Management 7.2 Estimate Costs 7.3 Determine Budget 7.4 Control Costs
8. Project Quality Management 8.1 Plan Quality Management 8.2 Perform Quality Assurance 8.3 Control Quality
9. Project HR Management 9.1 Plan Human Resource Management 9.2 Acquire Project Team 9.3 Develop Project Team 9.4 Manage Project Team
10. Project Communications Management 10.1 Plan Communications Management 10.2 Manage Communications 10.3 Control Communications
11. Project Risk Management 11.1 Plan Risk Management 11.2 Identify Risks 11.3 Perform Qualitative Risk Analysis 11.4 Perform Quantitative Risk Analysis 11.5 Plan Risk Responses 11.6 Control Risks
12. Procurement Management 12.1 Plan Procurement Management 12.2 Conduct Procurements 12.3 Control Procurements
13. Stakeholder Management 13.1 Identify Stakeholders 13.2 Plan Stakeholder Management 13.3 Manage Stakeholder Engagement 13.4 Control Stakeholder Engagement

What next?

Stick with us for the final release of material by following us on Google+, get these dates in your diary and check back as we work towards completing the PMP course on Learn.

PMP Practice Exercises - Monday 25th November

PMP Practice Tests - Part 1 - Monday 2nd December

PMP Practice Tests - Part 2 - Monday 9th December

Additional Material - Monday 16th December

About the Author

As part of Firebrand's global marketing team, Edward actively works to serve the IT community with news, reviews and technical how to guides. Working in the Industry for almost 3 years years, Edward has a wide variety of experience with Microsoft Technologies including SharePoint and Windows Server and Exchnage Server. Edward is an active member of the IT community contributing to a variety of tech publications including Microsoft TechNet, Channel Pro and PC Advisor among others.

UK needs IT apprentices. Right now


By 


According to the estimations of the CPHC, the demand for new staff in the UK IT sector is between 150,000 and 180,000 people per year, yet there’s still an annual shortfall of around 40,000 skilled professionals. What's more, the European Commission states there will be 900,000 unfilled IT jobs across the EU in 2015. 

The opportunities are vast, career paths and jobs are varied, challenging and well-paying, yet there are still not enough young people pursuing a career in IT. What can be the reason for this rather paradoxical situation? It’s what they call the IT skills gap.

As written very accurately by Wired.co.uk: “We have a bold ambition for the UK to be a leading information economy; however getting there will be a task not just for the Government and its central policies, but one for the industry.” But what can the industry do to help the process? It’s a no-brainer: hire apprentices.

Attracting school leavers and other talented youngsters and persuading them to pursue a career in IT isn’t always easy, but more and more companies are recognising the value of apprentice schemes and hire hundreds of apprentices each year.

The Skills Show

The UK’s largest skills and careers event took place last week at the NEC Birmingham. Firebrand co-exhibited with Microsoft and BAFTA to answer the questions of aspiring apprentices and teach them how to code their own games.

The stand of BAFTA, Firebrand and Microsoft at The Skills Show 2013

Deputy Prime Minister Nick Clegg, who also attended The Skills Show, said:

"We need to get beyond this rather fusty, old-fashioned view that the only good thing for a young person to do after school or a college education is to take an academic qualification.

There are lots of really, really bright youngsters who will provide the economic backbone of this country for decades to come who just don't want to have their nose stuck in a book for three years.

They are people who actually want to get their hands dirty, literally and metaphorically. They want to learn while they earn."

Deputy Prime Minister Nick Clegg with Apprentice Assessor Charlotte Preece while visiting the Firebrand stand

Mr Clegg said he had met motivated and committed young people during his visit. He also added that he’d be happy to see his children choose an apprenticeship over a degree. 

About the Author:       
Peter writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself.

Friday, 15 November 2013

Point out ‘zero-days’ to Microsoft or Facebook and collect your bounty


By 


Zero-days by definition are previously unknown vulnerabilities to applications, online platforms or computer systems. The name originates from the simple fact that when an attack occurs, exploiting an unknown vulnerability, the developers have zero days to take preventive action.

Companies like Microsoft, Google, Yahoo! or Facebook run regular “bounty hunts” to encourage (ethical) hackers to track bugs and point out potential vulnerabilities in exchange of a cash prize. For firms like Facebook it is absolutely essential to secure knowledge and details of potential weaknesses before they hit the black market and fall into the hands of cyber-criminals. Therefore bounties are becoming higher, generating greater participation from researchers and cyber-security enthusiasts.  


Last week, it was announced that Microsoft and Facebook teamed up to sponsor the HackerOne programme, which rewards ethical hackers who ‘contribute to a more secure internet’.

Facebook’s Product Security Lead, Alex Rice, said even if companies tend to compete with each other, their security teams should not be rivals, as they have a common competitor: The bad guys.  


Zero-day attacks bear enormous technological threats, however they don’t stop there. According to internet security expert Graham Cluley companies also risk a PR catastrophe if hackers were to exploit an unknown vulnerability.

But then why don’t companies just hire the best security experts and pay them loads of money? Well, they do. However, as long as codes are written by man the potential of human error will always be there. 

About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Thursday, 14 November 2013

The impact of IT Security on business innovation


By 


According to the results of a survey of UK IT decision makers commissioned by NTT Com Security only one quarter of UK organisations see IT security and risk management as an enabler and driver to business innovation. Considering how significant roles they play in the lives of companies, it is definitely a strange outcome.

“It’s interesting that those companies who see information security and risk as an enabler of business innovation and value, and who proactively base their spending on assessed risk, are much more likely to have the topic on the board’s agenda… They are also much more confident when it comes to information security and risk matters” says Neal Lillywhite, SVP Northern Europe at NTT Com Security.

The survey reveals that six in 10 organisations view security and risk as critical components of their discussions and planning of new products and services. However, the findings also indicate that concerns over IT security and risk have stopped the progress of projects or business ideas in 49 per cent of the organisations surveyed. As results show, the financial sector worries most about risks and IT security, as 56 per cent of organisations have delayed or cancelled projects due to their concerns.

According to the research, confidence among businesses stays high, with 52 per cent of all respondents agreeing that their organisation is ‘completely in control of information risk’, rising to 72 per cent for financial services organisations.

However, it still seems that most organisations are taking a reactive rather than a proactive approach to risk management. Only 25 per cent of organisations base their spending on assessed risk and around 25 per cent base it on protecting against the next threat.

“While the majority see a benefit to having a proactive approach when assessing the risk of information assets, the fact that still only a fifth base their spending on assessed risk shows there is plenty of room for improvement and that there is still a lot of work to be done,” concludes Neal Lillywhite.

Do you want to make sure that your company is prepared to deal with risks and get back on its feet if the worst happens? Check out our BCI and APMG Management of Risk courses to learn more about how you can stay ahead of the curve.

For more articles on IT Security, visit IT PRO’s security section

About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.