DataCenterOperator

ITProTV Edutainer Daniel Lowrie explained that cybercriminals don’t need to install malware to gain access to your network. There are a number of ways they can live off the land and use the same tools you are, as well as your employees, to get in and conduct advanced persistent threats (APTs). “It's not malware, yet it's doing something that it shouldn't,” he said. “Hackers think, ‘I didn't have to install anything. I'm using what's there. Thank you for the lovely gift.’” He added that IT administrators and cybersecurity pros need to be especially vigilant in watching for these types of breeches. “A lot of the tools that are available could be used for privilege escalation, persistence and things of that nature, and they're just sitting right there for hackers to use on Linux systems. Administrators need them to do their jobs, but in the hands of the wrong person, they can be used against us,” Lowrie said. “It's up to us to say, ‘Something seems amiss,’

While I have been touting the benefits of cloud computing, I would not be telling the complete story without discussing its pitfalls. One is underestimating the costs associated with cloud computing. But the biggest pitfall is not completely understanding the business requirements, which could cause the misalignment of the cloud computing solution. A closely tied pitfall is not having complete stakeholder buy in. Security, audit, compliance, privacy and standards (SACPS) not being properly addressed is another. Latency could prove to not be sufficient. Are you certain that the success criteria have been defined with the appropriate performance benchmarks? This article highlights some of the key points from my ChannelCon session, The Role of Cloud Computing in Digital Transformation. I hope you’ll join me, either in person or online, to learn more and dive into the benefits and pitfalls of cloud computing and how it’s integral to digital transformation. Career Days for Adults Old fashi

To get out of technical debt completely, the industry needs to get together and conform to best practices. Organizations can commit to following secure software development lifecycle steps. But it’s really up to companies to actively manage the debt that they’ve incurred. Heaven knows, I (somewhat) manage my personal debt. If I can do it, then organizations can take the time to manage the IoT devices they use and create. The most productive way of tackling conscious technical debt is to actively manage development teams so they follow up on any debt that they incur. Follow-up is essential. Development teams will need to review documentation and code to identify the nature of the technical debt and then budget time to address issues in the code. In the case of accidental, or reckless, technical debt, code reviews, customer input and bug bounty programs can help remediate issues. Organizations are accountable for ensuring regular time is set aside to resolve any technical debt before it

So how do we ensure that any business is implementing – as reliably as possible – solutions that are necessary, valuable and provide ROI? It requires a thinking of a network and all of its functioning components as a platform in which each piece plays a carefully considered, justified role. Asking that all-important, simple question of why for every solution implemented or related business relationship will go a long way in building a platform with rational justification for each piece. In terms of cybersecurity solutions, this means conducting a proper risk assessment. How to Get a CompTIA Student Discount Go to the CompTIA Academic Store. Discounts are already applied and reflected in the prices you see in the CompTIA Academic Store, so simply add the item(s) you want to your cart. Please note there are limitations on quantity and frequency of purchases. Upon checkout, enter your student information for CompTIA to verify. You may be asked to upload supporting documentation. Start st

Security isn’t part of technology anymore, it’s part of business. That’s a concept that still eludes many businesses—which spells opportunity for solution providers. Businesses are changing the way they think of security, but they’re not necessarily investing properly, according to CompTIA research analysts Carolyn April and Seth Robinson, who talk about the state of security and preview CompTIA’s upcoming cybersecurity research report on the latest Volley podcast available here. Balance, Prioritize—and Have Backup Just having a disaster recovery plan is a given, but it’s also important that the plan is flexible enough to account for unforeseen circumstances. Everyone helping each other out can achieve a lot of things, said Jennifer Mazzanti, CEO of eMazzanti, a Hoboken, N.J.-based solution provider that had its headquarters (as well as those of many customers) partially submerged by flooding after Hurricane Sandy in 2012. “Every storm even now, we have certain employees on call. We a

Businesses everywhere continue to wrestle with the disruption that stems from the global COVID-19 pandemic. While stimulus efforts are happening in many regions, those efforts only provide a small amount of relief for companies struggling with major challenges. The steps being taken to curb the spread of the virus have impacted many business models, and the ripple effects on spending are moving through the whole economy. In order to maintain operations, companies have had to move quickly. In many cases, this has meant elevating the priority of digital transformation activities, or even beginning those activities earlier than expected. Digital transformation has been a hot topic over the past five years or so, but there have still been different approaches as each company has their own culture around technology adoption. All of a sudden, innovation has become a matter of survival and not just a goal for the future. Here are four ways that businesses have accelerated digital activities

If your skill set is not where it needs to be, don’t beat yourself up. It’s more common than you think to feel like you’re behind the eight ball. Luckily, with IT training, IT certifications and resourcefulness, you can get yourself up to speed. 1. Why Are Your Skills Out of Date? This doesn’t have to be the blame game – but in order to move forward, you need to understand what you need to change. Were you so busy doing what you love that you didn’t have time to update them, or because you were so drained from a job you hate that the last thing you could think about was continuing your education? If you have been too busy to upskill, find a way to make time. Make a plan to get a new IT certification and block time on your calendar for studying. Some employers support IT pros doing this on the job, but you may need to sacrifice personal time to make it happen. Every little bit helps – whether you study during your lunch break, wake up an hour earlier to hit the books or swap out a few

Front line managers might need to know about a current investigation…or they might not. Most phishing attempts will force the issue, spamming the same illegitimate email message across the entire email domain, which will force the need to send a companywide email. If individual teams in the company are on separate VLANs, that can mitigate the reach across the domain. But one uneducated employee replying to a phishing attempt can expand the threat. How to Manage Internal Teams: Should their team members continue working? Should they disconnect from the Wi-Fi? Do they have to turn off their machines? Do they sign out of their most important software? These answers should be communicated to the front line managers so they can respond appropriately and safely. How to Manage Customers: If it was a phishing attempt, the entire address book of the user could have been contacted. Managers should have a templated email ready to send in case of an incident. Your company should decide if the ema

The common thread throughout the report is that IT pros feel less positive about the cybersecurity situation than their business counterparts. The issue starts at a very high level, with overall satisfaction around the current organizational state of cybersecurity. This plays out in two key areas where business staff may be less aware than IT pros: Current vulnerabilities (assuming the company hasn’t had a major breach yet) The relationship between new technology models and new security needs The first step IT pros should take is giving a clear description of the modern environment — the challenges in cloud/mobile architecture, the breadth of cyberattacks and the tradeoffs involved in balancing innovation and cybersecurity. There’s a good chance that satisfaction with cybersecurity and understanding of cybersecurity are closely related. Where most business staff feel that the organization has a high level of understanding around the topic, most IT pros feel that there is room for impr

Torvolds required a few simple steps by developers to comply with his mandates. First, he required embedded Linux OS and Kernel source code to be migrated into the main Linux OS and Kernel source trees. This would force embedded Linux developers to use existing source code and make modifications for embedded Linux that would be handled at compile time. In short, the same source code used for servers and desktop would now be the foundation for the embedded Linux devices as well. This standardized how embedded Linux systems were built and complied with open source standards. Now, when a Linux system build was customized, the source code would be migrated into the standard Linux source tree, making it available to all future embedded Linux systems built, which is exactly what open source compliance is all about: sharing innovations with everyone. Second, he forced embedded Linux developers to use a version of the device tree compiler that would utilize a master database of hardware compo

Kristoffer Marshall is a cyber defense team lead at Secure-24. He has the Certified Ethical Hacker (CEH) cybersecurity certification and recently earned CompTIA PenTest+. We asked him a few questions to learn more about what a cyber defense lead does, his opinion on Certified Ethical Hacker (CEH) vs. PenTest+ and how IT and cybersecurity certifications have helped him get into IT and advance his career without a college degree. 1. What does a cyber defense team lead do? A cyber defense team lead orchestrates penetration tests, identifies current and immediate threats to the organization and its clients, and is a subject matter expert on vulnerabilities. A lot of companies simply run vulnerability scans and patch, not really knowing which vulnerabilities pose a threat. While a quarterly pen test report is normally needed for compliance reasons, conducting mandatory pen tests puts us in a position where we know what the actual threats are, rather than reviewing vulnerability reports and

While various reports continue to highlight the billions of dollars that commercial drone technology will eventually be worth, we’ve also seen headlines that claim the drone bubble has burst, contributing to market softness that will not allow the technology to truly take flight. Given these disparate narratives, what’s the reality of the technology in the present, much less the future? It’s always fun to speculate about how things might not come together for a technology or an entire market but the bottom line is that the entire drone market environment in 2019 is much bigger than it was a few short years ago, when those reports about the billions of dollars first came out. What’s more is that the fifth annual Commercial UAV Expo Americas, taking place October 28-30, at the Westgate Resort & Casino in Las Vegas, is set to be the biggest one yet. That growth is indicative of what the technology looks like today, but it’s also just a hint at what’s in store for the industry tomor

In response to COVID-19 and the economic impact it is having on our country, the U.S. government has passed a sweeping $2.2 trillion economic stimulus package to help offset the devastating effects of the current downturn. Known as the CARES Act, the package includes $500 billion in assistance for distressed companies, $350 billion in loans for small businesses, $1,200 for low- and middle-income American workers, and more. CompTIA’s Advocacy team analyzed the package and identified the top 10 pieces that all tech businesses need to know, including: SBA Paycheck Protection Program SBA Economic Injury Disaster Loan (EIDL) Program Federal Reserve loans for larger businesses Payroll tax credit for impacted employers Paid family, medical and sick leave Broadband deployment funding Education funding Other federal IT funding Direct aid to states Individual rebates and expanded unemployment The Elastic Stack for Cybersecurity It is common for organizations around the world to use something c

Drones Integral to Construction Industry Capper explained how drones are becoming one of the most integral pieces of technology in the construction industry. There are multiple uses, including mapping construction sites for safety hazards and attaching thermal cameras that detect power line hot spots. In a recent project, Royal BAM Group used drones to create a 3D map of an entire construction site, which was able to show exact dimensions of how a finished build would look. Logistics and BIM Visualize Buildings Using logistics and business information modeling (BIM), Capper explained how Royal BAM Group can digitally construct a building, allowing them to "build" before breaking ground, putting every detail of a project together and visualizing each step of the process. This enables them to track the build, including any potential issues, and ultimately prevent problems that may arise during the actual construction—such as need for different building materials or sizes. Arti

verrated/Underrated is a monthly column featuring CompTIA members and experts sharing which tech trends are getting more buzz than they might deserve and which ones aren't getting enough. This month, we talked to Tony Francisco, CEO of CloudPlus, a private-labeled hosted-services platform developed entirely around the end-user experience. Overrated: Technology The concept of technology itself can sometimes be overwhelming and misleading—especially if it adds nothing of real value. Tony Francisco, CEO of CloudPlus and member of CompTIA’s Channel Advisory Board, believes technology is simply a tool to automate what’s being done manually, and the real focus should be on how the channel enhances the end-user experience. Why is technology overrated? Tony Francisco: It happens naturally. Marketing creates a hyped-up translation of the vision of what the product, service or widget can do, and that evolves into hyperbole. It becomes a vacuum to where everybody starts believing that this i

CompTIA Network+ prepares candidates to assume specific job roles and broadens their networking capabilities, although this will tip the scales in their favor. It is because employers trust CompTIA Network+. Because CCNA has very recently been revamped, employers don’t know what to expect from certified technicians. This may dissuade them from hiring CCNA practitioners. Systems Systemising your business can save you time, energy, money and stress and can lead to a more efficient business. Most business functions can be systemised or automated, from your operations functions to finance and HR. For example, the induction process for new staff members and teams can be systemised by introducing an online interactive training pack. You can monitor what videos staff have and haven’t watched during their induction to determine their readiness for certain tasks. Employee Engagement All individuals are on a journey, and not all of them want to sit next to you in the director’s chair. They all

Four organizations – CompTIA, Amazon Web Services (AWS), Google and ISACA – appear multiple times in the lists. AWS and Google certifications are vendor-specific and cover skills related to using those products. Certified Information Security Manager (CISM) and Certified in Risk and Information Systems Control (CRISC) from ISACA dive deep into security and risk management, validating the skills of experts with years of experience. But CompTIA Network+ and CompTIA Security+ are both vendor neutral – meaning the skills covered can be applied to any products and systems – and they can be taken early in your IT career. When paired together, the certifications lay the foundation for a successful IT career by covering the skills you need to build, maintain, troubleshoot and secure computer networks. In fact, combined with CompTIA A+, they make up the CompTIA Secure Infrastructure Specialist stackable certification. Global Expansion After launching a Benelux Business Technology Community in

UNIX was always designed to be scalable. In the early days, Linux ran on a PDP-11 minicomputer by Digital Equipment Corporation (DEC). Later, DEC branded its own version of the UNIX OS as Ultrix. Ultrix ran the Atex application, which was newsroom editing software for almost every major newspaper in the world. Atex was the publishing system to beat all publishing systems. But it wasn’t until Linux came along that both went down to nanoscale operating systems. The smallest computer I have ever developed with using Linux was the Intel Edison board, a postage stamp-sized multi-core Atom processor with several co-processors and plenty of input/output (I/O) pins. Another credit card-sized computer is the BeagleBone PocketBeagle, a credit card-sized computer has low power consumption, plenty of I/O and high-resolution graphics driven by a USB port for power. Going a little larger, we have the Raspberry Pi and Tinker Board computers, slightly larger than a credit card. On the larger side of

In a business environment dominated by discussions on emerging technology, it can be easy to forget that IT systems have many different components. It can also be easy to forget that the components outside of the spotlight are actually the ones that support the shiny new solutions. Infrastructure such as servers, cybersecurity and first-line IT support continue to be critical areas for any business trying to accelerate their technology strategy. Among all the foundational IT topics, computer networking may be the most important one for companies to get right as they go through digital transformation. Although the area of computer networking is very broad with many subcategories, Grand View Research projects that global spending on enterprise network solutions will hit nearly $65 billion by 2024. The connection between networking and emerging tech trends is the corporate data that fuels innovation, and CompTIA research from the past, present and future drives this point home. Of the Gl

DoD Directive 8570 did not specify which cybersecurity certifications meet the policy requirements. Instead, 8570.01-m was established to provide them. 8570.01-m is still used and actively managed by the DoD. An 8140 manual is expected to be released in the next year. Personnel required to obtain specific cybersecurity certifications for their position category may need training. DoD Directive 8570.01-m does not specify training requirements, so IT pros need to decide what training options will best prepare them for certification. How to Become DoD 8570.01-m Compliant DoD Directive 8570 and 8140 use 8570.01-m to outline cybersecurity certification requirements for specific job categories. Most DoD-related organizations are required to comply. Examples include cybersecurity workers in the Air Force and workers performing DoD work with defense contractors, such as General Dynamics IT (GDIT). Personnel receive a position category, such as IAT II. The category determines which certificati

The retail price for CompTIA A+ (220-1001 and 220-1002) is $219 per exam, and you need to pass two exams to earn your CompTIA A+ certification. Keep reading to learn more about bundles, which will be available soon and can save you money. You can also click on the ad on this page to get 10 percent off a voucher or training product. Cybersecurity Experience Levels All of this information is good to keep in mind while you are exploring a career in cybersecurity. Now let’s get a little more specific – what cybersecurity experience level is right for you? We’ve filtered through the information provided by CyberSeek by career level. Entry-Level Cybersecurity Jobs You may be surprised to hear that there are no entry-level cybersecurity roles in the software development pathway. If you consider the overall degree requirements shared above, it makes a little more sense since 94 percent of job openings require higher education. Software development, on the other hand, has entry-level opportuni