Certification – Personal Picks – Vendor Management
- At June 24, 2008
- By Josh More
- In Business Security
- 0
We are exploring my personal picks for areas in which to certify. Today we will look at Vendor Management
As the industry moves away from everything being internal to more “just in time delivery” and subscription-based software, individual businesses will become increasingly tied to vendors. As the vendor loses money when they have to deal with the business, they may not always be completely willing to add functionality, solve problems, or generally do anything that falls outside of their business model. This puts YOUR business in a very difficult position. It will be increasingly difficult to move away from a vendor, and the vendors will be providing a decreasing quality of service. Therefore, managing your vendors will become a key skill.
Sadly, there are no certification or training programs out there (that I know of) that can help you with this. There is one segment of one course (SANS MGMT 512) that touches on this, but there will soon be more. As the work landscape flattens out and there are more and more connections between the outside world and your business, there will need to be a new level of manager. We have middle managers that manage the people in your organization. We have account managers that manage your customers. We have C-level managers that manage the business as a whole. What we do not have are vendor managers, or professional customers. Soon, we will, and those of us who are good at it will blaze that trail and define the profession.
Then, we’ll be able to certify in it.
(Disclaimer: As this certification does not yet exist, I am not yet certified in it.)
Certification – Personal Picks – Security
- At June 20, 2008
- By Josh More
- In Business Security
- 0
We are exploring my personal picks for areas in which to certify. Today we will look at Security
Security touches on all aspects of business and tends to come in two flavors: management security and technical security. No matter which direction the industry goes (barring a whole-scale collapse), both will be needed. Management security will be more stable than technical security. In other words, the general principles behind security do not change no matter how the attacks do. As attackers improve their technology, the defenders improve theirs. This means that education on general concepts is a better bet than education on specific technologies. (Of course, if you have a specific technology that you have to implement, by all means, study it and learn how to implement it properly. Just try to understand the big concepts too.)
Unlike virtualization, security certification is a mature industry and there are oodles of players. Before you can evaluate them, you have to consider what your goals are. If you want to be an implementer, you will want to go down the technical security line — though it changes so quickly you will need to plan for multiple certifications, at least one per year. If, however, you want to be more of a management-level security person, you need to understand the concepts very deeply and merge them into your life. This is also a path to general paranoia, as management security impacts all aspects of life, not just the tech world.
At this time, the two key players in security certification that I recommend looking at are as follows:
(Disclaimer: I have both a CISSP and GIAC certification)
ISC2
ISC2 offers a handful of generalized security certifications. The “Gold Standard” of these is the CISSP, which also has some specializations. There are some lower-level certifications that are intended as stepping stones towards the CISSP. Personally, I say to develop the prerequisite experience needed for the CISSP and then go for it. This is an excellent management-level certification and you will learn a great deal while pursuing it.
SANS
SANS offers several certifications in many areas: Security, Audit, Management, and Legal. However, SANS is primarily an educational organization, not simply a certification body. Yes, it is possible to get a SANS certification (called a GIAC) without taking a class, I do not recommend it. The point the a GIAC is the experience and learning that you get along the way. A SANS class is excellent and well worth your time. They have multiple formats, from the week-long security conference to small, do-it-on-your-own systems like SANS Mentor and SANS @Home. You will probably have a more holistic experience at the conference, since a lot of the learning comes from talking with multiple people. However, if your budget doesn’t allow the conference or class, you will still learn plenty in a Mentor or @Home class.
Note that SANS offers training in so many fields, that you can get a management security OR a technical security certification through them. Remember that the point is education, so choose the certification based on what you need to learn (and are passionate to learn). I doubt that most hiring managers / bosses will distinguish between the different GIAC certifications, so don’t worry about that. Just pick the experience that you need to have and the rest will follow.
Certification – Personal Picks – Virtualization
- At June 17, 2008
- By Josh More
- In Business Security
- 1
So now, we finally get to the point you all wanted: which certifications should you pursue? There are lots of lists out there that discuss the “hot certs”. I’m not going to do this. Instead, here are the certifications that I think would probably teach you the most, and therefore advance your career in actuality and not just on paper.
Everyone talks about virtualization like it is the new technology that is going to save the world. It’s good, but it’s not THAT good. It is, however, highly disruptive. First, it abstracts the operating system from the hardware. Different virtual technologies do this in different ways, and each one has its own advantages and problems. Learning about this and, in particular, learning how to troubleshoot in this environment will be huge for your future career. Secondly, virtualization merges the networking on the switch level with that of the server. This can be drastically more complicated and understanding how it works is essential to your future.
Consider virtualization another fundamental technology. If you do anything with system administration, you need to understand it. As the various operating systems become increasingly easier to use, the importance of understanding them deeply will wane and the importance of virtualization will increase. That said, the difference between a de-facto admin (deal with break/fix) and a professional admin (plan/build for growth) will continue, it’s just that the role of admin will grow to include the virtual environment as well as the operating systems.
At this time, the technology is undergoing a shake-up with the leading players being VMWare, Citrix/Xen, and Microsoft. The only player with a mature certification program is VMWare, so I would focus there. Keep an eye on Citrix though, as it is likely that they will add Xen to their highly-successful certification line.
(Disclosure: I do not currently possess a virtualization certification)
Certification – Which certifications to pick – Tech Levels
- At June 12, 2008
- By Josh More
- In Business Security
- 0
We are exploring key considerations for when you are choosing a certification. Today’s consideration is the disparity between levels of technologies.
So, when you’re looking at a certification you may be forced to choose between new technology and current technology. It can get quite confusing. New technology is bright and shiny, and it is often easy to get the passion to study it. However, the problem with this is your career path may not wind up heading in that direction. New technology is fickle and can change or even vanish before it gets stable enough to become mainstream. Consider the risk. If you think that this technology will be around for at least five years, it may be worth learning deeply enough to get a certification. If not, you should probably keep an eye on it and see where it goes.
Current technology has the opposite problem. It’s easy to tell if it’s on your career path, but since it’s been around for a while, it may be hard for you to get up the passion needed to succeed. Also, you run the risk of deprecation. Many technologies (basic languages in particular) expire after a certain period of time, so by the time a technology stops being “new”, it has also lost a certain amount of it’s lifetime.
Of course, it’s never possible to foresee the future, so in the end, you will just have make a best guess and go with it. However, there are a couple things that you can do to mitigate the risks. First, try to pick a general technology, not something overly specific. The more specific something is, the bigger the risk that you are specializing in the wrong area. That said, don’t pick something so general that it’s so watered down that it is useless. Secondly, you might want to hedge your bets. If you see the industry going down two possible paths, pick a certification in each path. That way, you will gain learning that will help and still have a good story to tell.
Certification – Which certifications to pick – Career Path
- At June 10, 2008
- By Josh More
- In Business Security
- 0
We are exploring key considerations for when you are choosing a certification. Today’s consideration is your Career Path.
After all my talk on passion, here is where the practical side has to come forward. It’s well and good to be passionate about something, but if it doesn’t relate to your job, you might not be able to get the full value out of the certification. You also have to consider what the certifications would convey to someone who looks at them. We live in a world where, to be successful, a person has to be good at both doing their job and talking about their job. One of the ways that a person talks about their job is with their job history, also known as a status report, yearly review, or resume.
It is important that your job history tells a story about you, and that that story is the same as the one that you are telling about yourself. For example, if you have been working in IT for over a decade, you might want to say that you have deep experience and can really do your job well, but all you have is a collection of low level certifications, your resume will say that you have no drive and always try to take the easy way out. Similarly, if your job history is focused on one technology, but you are certified in another, you are saying that you can do one thing well, but you really want to be doing something else. This is probably not what you want to say.
It is best to figure out where your career is headed, and pick a few certifications on that path. Be able to explain to anyone who asks why you have that exact certification and what distinguishes it from others in your field. You WILL be asked, and if you do not have a good answer, it weakens both you and the certification in general.
So, take a quick look at the certification you are considering and ask yourself why you want it. If your answer is one of the following, stop and pick a better one:
- It’s easy to get
- Everyone has one
- It’ll get me a good raise
Certification – Which certifications to pick – Passion
- At June 05, 2008
- By Josh More
- In Business Security
- 0
We are exploring key considerations for when you are choosing a certification. Today’s consideration is Passion.
As with many things in life, success comes down to passion. If you are a salaried worker, you are likely expected to work 40 hours a week. If you ONLY work 40 hours, that means that you are doing the MINIMUM expected of you. That’s not exactly the quick path to success. Thus, if you want to succeed, you have to be passionate enough about what you are doing to put in 50 hours and have it feel like 30. If you’re really passionate, you can put in 60 hours and have it feel like 20.
This works the same if you are hourly. An hourly employee is expected to get a certain amount of work done in a hour. Thus, your minimum is to do X work for $Y in compensation. If that’s all you do, then you are again meeting the MINIMUM expected of you. To succeed in this model, you have to figure out what X work is, and try to do 2X work in each hour. The only way to work this hard on a consistent basis is to be passionate about that you’re doing.
In most cases, when you start on a certification path, you will not be able to stop your day job. Thus, in either model, you have to do more than the minimum amount of work AND spend the time to learn and prepare for the certification. This is HARD. The only thing that can help is to really WANT it… really badly.
This is where passion comes in. If you are pursuing a new lover, you will throw caution to the winds and devote all your resources towards being with that person. If you are training for a marathon, you will spend many months getting into shape, constantly keeping your goal in mind. Similarly, if you want to get ahead professionally, you have to approach the project with that level of passion. Pick what you like BEST about your job. Pick something that you can eat, breathe and sleep for months. Only when you are at that point and level of interest can you have a strong likelihood of success.
If you have that level of passion, you will get closer to your goal on willpower alone. Sure, you need other things like a rational plan, a schedule, and the support of your friends and family… but if you approach with ONLY conservative rationality, your journey will take so long that you may not even complete it. The passion will be your guide to your goal. The practicality will be the tools that you need to blaze your trail.
So, choose what you are the most passionate about. If you do not, you will likely not have the desire to complete the certification journey.
Certification – Which certifications to pick
- At June 03, 2008
- By Josh More
- In Business Security
- 0
So, at this point, you have decided to pursue certification. Good for you. The question that is likely on your mind is “what certification should I pick?”. At this point, a lot of people often fall back on the “more money” thing. It is true that some certifications cost more than others, and those ones are often ranked more highly on a salary survey. So, you need to start by considering salary surveys (which could be a whole other series).
Salary surveys are often sent out to people on a list. This list if often made from people who signed up to take a certification test or who requested the results of a salary survey in the past. This makes such surveys inherently unreliable and skewed in favor of certifications. In the real world, most businesses will not give you a salary increase just because you passed a test. So, if you want to get the salary boost that people think a certification brings, you’ll have to change jobs. At that point, soft skills like negotiation, interviewing technique, and a solid ability to perform the job will impact your salary MUCH more than having passed a test.
To say it more simply, getting certified will not get you rich. Being good at what you do and being good at managing your money will get you rich. Getting certified will just make you better at what you do… if you choose to do it right. So, the next three posts will explore key considerations for when you are choosing a certification.
Certification – Why certify
- At May 29, 2008
- By Josh More
- In Business Security
- 0
Certification is a bit of a contentious topic. Before you start on a certification journey, you should first determine why you want to be certified. For many, certification is simply a path to more money. For others, certification (and other formal education) is worthless, as the only way to truly learn something is through experience or “the school of hard knocks”. If you agree with either of these viewpoints, you probably shouldn’t read the rest of this series.
Of course, there is an element of truth to both of these viewpoints. Yes, getting certified may well help land you a better paying job. Yes, a worker who has completed a certification path will not necessarily better than one who spent the same time working on non-academic learning. However, both of these may also be false, depending on the situation. So, why should you get a technical certification?
To me, certifications have a value that goes beyond the dollar amount and beyond the daily practicality. Much as a college degree doesn’t really measure one’s level of knowledge in a subject area (it measures dedication and general ability), a certification doesn’t really measure a practical skill-set. Similarly, much as a college degree is worth less than you paid for it (the actual degree probably costs about $5.00 to print and put in the holder) and more (the college experience will alter you for life), a certification is worth less than you pay for training and testing and more in the terms of what you learn while pursuing it.
If you pursue a certification correctly, it will be in an area in which you already have experience. The process of studying for and attaining the certification serves more to round out your knowledge and give you a chance to think about the subject holistically. It’s up to you to take advantage of this opportunity. See, any subject that you work in on a day to day basis is, by necessity, approached on a tactical level at best. Problems and deadlines arise and get handled. The daily ebb and flow of tasks is what is most important. You can get excellent at doing by taking the experiential approach. However, this approach is limited in effectiveness because you can only get so efficient at any job. To get beyond that plateau, you need to take a step back and think about what you’re doing in a different way. The structured academic approach to most certifications is an excellent way to do this.
Also, in any daily job, there are a certain number of repetitive tasks that must be performed. As you do this, you become very familiar with the tools and concepts that these tasks require. Thus, when a new problem arises, you tend to try to solve it with the same tools you already know. Since technology is growing increasingly complex, this can often result in the misapplication of a tool or idea, which can cause problems down the road. The holistic approach that a certification offers exposes you to the rest of the technology so that when these problems arise, you have a better idea of both the problem and some ways to solve it.
Thus, there are only a handful of scenarios in which certification is a valid path.
- If you need a new learning opportunity in your life, to kick-start your brain into thinking about your work in a different way.
- If you know that you have gaps in your knowledge and need to fill them in.
- If you feel a strong need to prove to yourself (or your boss) that you know what you know.
- If the specific certification meets a regulatory requirement so you need it to keep your job (and you want to keep your job, of course).
If any of these four scenarios fit you, stick around for the rest of this series.
Productivity in the Workplace (and at home): Conclusion
- At March 03, 2008
- By Josh More
- In Business Security
- 0
I was recently interviewed by the Juice on ways that I stay productive at work. I thought that I would write a short series on my particular methods of productivity. This is more of a description of how my system works, there will be very little technology mentioned. If there is interest, I could write a followup for the specific techniques that I use, however, I suspect that such information would be less useful to others than the general overview that follows in this series.
[flickr]photo:708857272(small)[/flickr]And people said, Let there be differences in the systems to divide the people; and let them be for priorities, and for urgency, and for energy, and forever confusing.
And let them be for bright and shiny and distract the people from using the systems themselves, and for coworkers, and for family members, and friends.
And let them be for to light the way to productivity, to give light to the people: and it was do.There are numerous productivity systems. They are described in different ways, they are based on different principles, and people can argue for decades over the relative merits of each.They are also all the same.
Every single productivity system out there works by making people focus on what they’re doing and take a proactive approach to managing their resources. They work by making things a bit simpler and a bit more straightforward. They work by giving people a chance to take control of their lives.
There are two important things to keep in mind.
- Start. If you never start, you will never reap the benefits. If wait for the “perfect” time, or try to-do it in the “optimal” way, you will be nonproductive until you actually start.
- Don’t spend too much time tweaking the system. The more time time you spend adjusting the system, the less time you are spending using the system. I suggest making a repeating reminder (every 6 months works for me) to review the system, and make the necessary adjustments to tune it.
The way I implement GTD is flawed. I know this.
- I spend too much time worrying about work piling up in my automated in-boxes (email and RSS) and check email MUCH too often.
- I’m not always good about inputting ideas into my system, so I carry too much in my brain.
- I over-commit each week, so I am always sliding work out into the future.
- I’m not always good about doing a COMPLETE weekly review
- When I get sick, the entire system falls apart because I don’t have the energy to maintain it.
That said, I am significantly more productive than I ever was in the past. I am also significantly more productive and responsive than most people in my company. So, from a measurement perspective, I am winning.
However, I have not won.
Like life’s ultimate purpose is the journey, not the destination, a productivity system is only effective when it is actively used. It’s not a thing that you can have, it is a thing that you do.
Start doing.
- Any questions?
Productivity in the Workplace (and at home): Collection
- At February 28, 2008
- By Josh More
- In Business Security
- 2
I was recently interviewed by the Juice on ways that I stay productive at work. I thought that I would write a short series on my particular methods of productivity. This is more of a description of how my system works, there will be very little technology mentioned. If there is interest, I could write a followup for the specific techniques that I use, however, I suspect that such information would be less useful to others than the general overview that follows in this series.
[flickr]photo:3992081(small)[/flickr]And people said, let the world bring forth work, the clients yielding requests, the bosses yielding projects after their visions, whose success is in itself, upon life; and it was so.
And the system collected the work from the world, the requests from the clients, and the projects and visions from the bosses, and everyone saw that it was good.Most people start talking about GTD with this idea, but I held it for later because GTD is a cycle. As work flows, it has to flow somewhere. Most people put work in two places: their brains and their email box. Most people are also overly stressed and tend to not think ahead.How many emails do you have in your inbox? No, really Go count, I can wait.
I’m waiting.
…
OK, good. Want to know how many I have?
Zero.
I’m sure that right now, you’re thinking “how the heck is that possible?” It’s pretty simple. Every email represents an item of work. Work exists to be done. So, I went through my mailbox and read everything. I deleted what I didn’t need and processed what I did. That left a grand total of nothing left. Now, I just keep it there.
The same goes for my other in boxes. Here is how it works:
- Work email
- Home email
- Telephone
- RSS reader
- Physical in box
- Treo
- My brain
Those are the ONLY places that work can be. Four of those fill up automatically.
Email flows 24/7 and often requires something to be done other than just reading it. For me, about 60% of what comes in needs to be processed, not just deleted. This means that I either do the work right away or I make a to-do entry on my Treo and file or delete the email.
My telephone can ring at any time, but it doesn’t happen very often. When it does, I turn the call into a note on paper. Then, I either do the work, or convert the paper into a to-do item on my Treo.
My RSS Reader fills up constantly, but the vast majority off the items are to be read and not responded to. So, several times a day, I look at the headlines and read what’s important and mark the rest read. Sometimes I defer an item to be read later.
Two of these fill up manually.
My physical in box is the home for paper-based items, usually magazines. When I have time, I grab a magazine and read it. Then I either file or toss it.
My Treo holds all my to-dos. It’s where my tasks live when they need to be done, but not right now.
Lastly, my brain holds some information about what I need to-do when. This is a big NO in GTD. The idea in GTD is to empty your brain of what needs to be done, so it can focus on doing. However, for me, no matter what I do, I can’t get everything out. It’s just not possible. I aim to get most of what I need into my system, and I just accept that the rest will stay stuck in my brain. It’s just how my brain works.
- Do you know how your employees organize their work?
- Are you confident that your requests won’t get lost in someone’s email box?