Most PMOs today are supporting both waterfall and agile methodologies and tools. Gartner calls this Adaptive Portfolio Management – the blending of differing methodologies within a PMO to execute on a portfolio. Many of these PMOs are struggling to bring the information from these two worlds together to effectively manage their resourcing requirements, budgets and portfolios. Join us in this webinar presentation as […]
|
0 Comments
[Webinar]: Lean Portfolio Management with Azure DevOps and OnePlan, 6/2/2022 @ 10am PST/1pm EST5/30/2022 If you are planning and tracking work in a complex domain, like software and product development, best practices dictate using an empirical process and leveraging shorter feedback cycles. Scrum is an easy-to-understand Agile framework that many teams use to manage their complex work. Azure DevOps supports Scrum out of the box. Regardless of the type of development, technology, or platform you are building, Team Services can manage your backlogs, boards, sprints, and releases.
In addition, top-down planning is still a requirement for Product Owners and Scrum Masters. All of this work, must be visible within your portfolio so all work can be managed within a single location. In many cases, most of the work across an organization is housed in multiple tools depending on the work type. Learn how you can manage all software and product development work within Azure DevOps and leverage OnePlan to bring all that work together in one environment for a complete Agile Portfolio Management solution. Join us as we show you how to manage all your Agile projects in Azure DevOps while removing the challenge of silo’d work across your organization and product teams. Last year, we saw a marked upturn in the volume, creativity, and audacity of cyber-attacks across the globe, targeting businesses, governments and in some cases, the critical infrastructure of countries
It doesn’t look like this will slow down in 2022, with large-scale attacks on KP Snacks, the Red Cross, Ukraine, Canada, and North Korea all hitting the headlines in recent weeks. While attacks hurt big businesses, down country operations and test customer trust, they’re not typically an extinction-level event. For smaller businesses, the threat is just as high, but their chances of making a full recovery are considerably slimmer. The impacts of a cyber-attack are unique to each organisation, dependant on the timing and duration, and the industry in which it operates. For example, a data breach may have more financial consequences for the financial sector than, say, in manufacturing. And there is no doubt that the aftereffects of an attack on a nation state will be felt operationally, far and wide. For most business however, there are five common impacts that should be considered when evaluating their security posture, including: Reputational damage Loss of customer and stakeholder trust can be the most harmful impact of a cybercrime, especially when considering the overwhelming majority of people would not chose to do business with a company that had been breached, particularly if customers’ data had been exposed. This can translate directly into a loss of business, as well as devaluation of the brand you’ve worked so hard to build. Although on a case-by-case basis it’s difficult to quantify the erosion of reputation due to a data breach, according to one industry insider speaking with ITPro, “we see a 60 percent failure rate among SMBs after a company discloses a breach within 6-12 months, partly due to confidence issues and partly due to recovery challenges.” Theft While a cyber-raid on a big-name bank may net the attacker a sizeable haul, smaller businesses’ defences are typically less sophisticated and easier to penetrate, making them a softer target. Cyber-enabled fraud leads to monetary losses, but stolen data can be worth far more to hackers, especially when sold on the Dark Web. A report by The Digital Shadows Photon Research team found that the average price for commercially traded logins on the Dark Web was a ‘modest’ $15.43; but when it came to domain administrator accounts that give access to internal business networks, (typically sold by auction because of their value to hackers), the price spiked to an average of $3,139 and, in select cases, reached an eye-popping price of $120,000. Intellectual property theft may be equally damaging, with companies losing years of effort and R&D investment in trade secrets or copyrighted material – and their competitive advantage. Financial losses Cybercrime costs small businesses disproportionately more than big businesses when adjusted for organisational size. For a large corporations, the financial impact of a breach may run into the millions, but at their scale, the monetary implications are barely a blip on the radar. According to the latest data breach report by IBM and the Ponemon Institute, the average cost of a data breach in 2021 is $4.24M, a 10 percent rise from its average cost of $3.86M in 2019. Even more troubling is the report’s finding that the longer a breach remains undetected, the higher its financial impact. For example, data breaches that were identified and contained within 200 days had an average cost of $3.61 million. But breaches that took more than 200 days to identify ad contain had an average cost of $4.87 million ― a difference of $1.26 million. Fines As if direct financial losses weren’t punishment enough, there is the prospect of monetary penalties for businesses that fail to comply with data protection legislation. In May 2018, the General Data Protection Regulation or GDPR went into effect in the EU. The enforcement powers associated with the law are significant. Fines for violations can reach up to 20 million Euros or 4 percent of a firm’s global annual revenue, per violation, whichever is larger. In 2020 European data agencies issued £159 million in fines for violations of GDPR, where the single highest penalty imposed was a £42 million fine French authorities issued to Google. Below-the-surface costs In addition to the economic costs of incident response, there are several intangible costs that can continue to blight a business long after the event itself. The impact of operational disruption tends to be woefully underestimated – especially among firms that have little in the way of formal business resilience and continuity strategies – and small organisations that already struggle to manage cash flow may face crippling rises in insurance premiums or see an increased cost to raise debt. Cyber security, resilience and incident recovery isn’t an IT problem. Instead, it’s a business imperative. With cyber criminals adopting more sophisticated attack methods, and data continuing to play an expanding role in operations, continuity strategies must become a priority. Implementing a comprehensive cyber security response strategy today can help organisations avoid having to shut up shop if hackers strike tomorrow. Guest post on my site - you get the credit, do-follow links and an image - fast, same day post and promotion to millions of potential readers and inclusion on a daily newsletter to 110,000+. To inquire about a guest post situation, contact me or email me. Thanks!
In a cybersecurity landscape marked by the pandemic’s upheaval, there’s considerable opportunity for bad actors and a persistent challenge for cybersecurity pros. It’s a dangerous time for critical infrastructure companies that are consistently outmatched by sophisticated and well-funded attackers. Improving industrial cybersecurity in 2022 and beyond requires that several trends and initiatives come to fruition that push back against attacks and protect the public.
Pressure On CISOs Coming From The Top In response to growing threats and the recent large-scale breaches, company boards are going to drive the need to elevate the CISO role. Over the last few years, there has been an elevated awareness among the media and executives about malware and ransomware incidents that have brought companies to their knees. Boards at critical infrastructure industry providers see the brand and cost impacts of these events and are pushing forward the need for an information security leader with strong decision-making authority. It pushes CISOs to stay on top of the latest threats while maintaining an agile and robust security strategy that aligns with the business’ revenue and growth targets. There’s also a shift in reporting structures, with the CISO moving out from being under the CIO or the COO. In the future, they’ll report to the CEO, CFO or the board of directors. CISOs need to have fluency in the current threats. If they have board reporting responsibilities, they need a security strategy that demonstrates how a cybersecurity program is both critical function and threat aware. CISOs need to shift the typical model from focusing just on risks and vulnerabilities to a broader track where they are critical function aware. A 2021 Gartner report supports the high-level attention on cybersecurity, stating, “By 2025, 40% of boards of directors will have a dedicated cybersecurity committee overseen by a qualified board member, up from less than 10% today.” Increase In Skilled Adversary Attacks And Nation-State Involvement Over the past decade, there’s been an increase in cyber-sabotage against critical infrastructure and companies’ critical functions. These attacks come through both nation-state actors and nonstate actors. Nation-state actors seek to push forward geopolitical actions and disruption and avoid attribution whenever possible to disguise their efforts. Nonstate actors often seek notoriety for their exploits and seek monetary gains. These two groups combine to form an ecosystem of brokers that provide information access and financial channels for those who are willing to pay. These cyberthreats will continue into 2022. Another factor driving such attacks on critical infrastructure is that there are many more nation-states that will ramp up their activities. Adversarial nations see that Russia is a “safe harbor” for ransomware attacks, and countries like North Korea, China and Iran see this dynamic and will expand their ransomware and malware efforts in the coming years. For a real-world example, the last few years have seen malware like Petya and NotPetya, which had catastrophic consequences for critical infrastructure companies like Maersk. These types of malware and ransomware have also been linked to infamous attacks. A significant portion of these attacks come from Russia, whether they are considered direct acts of the state or whether they are state-sponsored through various affiliates. This presents a considerable challenge for cybersecurity service providers, especially as other nation-states like China, Iran and North Korea emulate the way Russia’s acting. On the protection side, we’ll have to do attributions where there are enough signatures and signals that allow cybersecurity teams to pinpoint where the attacks come from. An Evolution Toward Mitigation The global cybersecurity talent shortage reached an estimated 3.5 million workers in 2021, and the shortage of skilled practitioners presents an extraordinary risk for critical infrastructure organizations. It coincides with the evolving threats which damage private industries and the U.S. economy. To combat these threats, organizations in 2022 and ahead will prioritize cybersecurity as a core principle. Firms need robust awareness training to prevent human-based access points and a broader evolution of cybersecurity capabilities that outpaces those of the threat actors. This isn’t happening yet and is often increasing due to accelerating digitization which increases attack points and vulnerabilities. And the bad actors have ready access to qualified people and capital resources as well as a steady slate of exploitable vulnerabilities. It’s time for critical infrastructure providers and cybersecurity pros to recognize that the current methods aren’t working. They implement safeguards at every substation and plant, patch systems and perform other tasks continually. Despite these efforts, boards, CEOs and CISOs still see a determined adversary can break a company’s defenses and hold them for ransom. Developed by Idaho National Laboratory to create a new approach, consequence-driven, cyber-informed engineering, or CCE, presents a different way to mitigate risk. It’s the approach taken by third-party firms, like 1898 & Co., who use strategies purpose-built for critical infrastructure. CCE requires accepting that attackers will succeed, especially when they’re determined and well-funded. It’s a philosophy that risks are inherent in human-developed systems, and there are always imperfections. CCE builds roadblocks, so if there are undetected vulnerabilities in a power company’s infrastructure, an attack won’t cause grid failure. CCE practitioners get organizations to think like their foes, to rank the most vital systems, and then consider how those systems are best shielded from a hacker’s attack. While digitization offers value for customers and shareholders, it’s often enacted without cybersecurity considerations. CCE enables OT cybersecurity teams to prioritize consequences, collect data about systematic interdependencies, find the attack pathways that will achieve the highest impacts and then disrupt these paths if possible. These trends all point to a broader need for an OT-centered approach, more resources directed toward cybersecurity, OT-focused managed services offerings and the usage of CCE to reshape threat recognition and mitigation. The importance of privacy and security cannot be overstated in an age where so much of our business infrastructure relies on technology. Unfortunately, it’s also this reliance that makes our infrastructure the perfect target for malicious actors.
To combat and adapt to these threats, many companies, including Skillsoft and at least 16 US states, have appointed a chief information security officer (CISO) dedicated to minimizing technology risks for the organization. A big part of the CISO's job is to encourage employees to be security-minded. I've found that providing positive security experiences help create a partnership mindset between security and staff. Because while security focuses on malware and malicious attacks, human error presents the most significant risks. As a CISO, you must educate employees to guarantee the security of your organization. Ninety-four percent of organizations report that they've had an insider breach. The average cost of a data breach is $4.7 million, and 20% of breaches can be avoided by providing educational resources for employees. Often, it's an employee that grants bad actors access to your organization's digital infrastructure; nearly 30% of employees fall victim to a phishing attack because of a lack of training, and 86% of companies had at least one employee try connecting to a phishing site. Cybersecurity training is key to keeping your organization safe. I see cybersecurity training — for leaders, practitioners, and other staff — as an essential part of a broad security strategy. When staff knows what to look for and have a clear picture of what their security teams do, they can better protect themselves and the organization's data. A solid cybersecurity culture thrives when employees are educated and enabled. Getting them enthusiastic about their personal cyber safety will help them understand why they should be vigilant regarding their employers' security. Sometimes, however, training can fall short of expectations because the content is outdated, not engaging, doesn't meet them where they are, and doesn't allow them to train in the ways they prefer. You can work 24 hours a day and seven days a week to be secure, but if even one member of the company isn't adequately trained, you are open to risk. Organizations should establish a broad data privacy strategy, including high information governance standards for themselves that meet or exceed regulations. Creating such a culture of compliance around cybersecurity will not only avoid the risk of regulatory sanctions, costly reparations, and incalculable reputational damage, but also reap competitive advantage in terms of consumer trust. Data security is not simply an IT responsibility. In fact, among the greatest risks to privacy and information security are employee actions. While bad actors certainly exist, even well-meaning but uninformed employees can cause a breach by falling for a phishing scam, inadvertently downloading malware, or clicking on a malicious link. Therefore, any training should encompass both broad data privacy concepts as well as specific requirements and cyber threats. LEARN WHY DATA PROTECTION AND PRIVACY IS NOT JUST AN IT ISSUE HERE ARE FIVE WAYS TO PREPARE YOUR WORKFORCE FOR TODAY'S ANS TOMORROW'S THREATS: 1. ADOPT A CULTURE OF REGULAR, PERSONALIZED TRAINING Tuning significantly benefits individuals and their organizations. Training improves morale, fosters high-quality outcomes, and faster resolutions. However, the biggest inhibitor to security training is often employees' workload. If they have too much going on, asking them to make time for security training can lead to burnout or disengagement with the material. But, if training is the key to warding off phishing attacks and bad actors, leadership must build in time to complete training correctly. As a security leader, it's crucial to help reinforce the value of training and prove how effective it can be. We also see that when employees have a variety of ways to consume training, it allows them to engage better. If they prefer books, on-demand training, or instructor-led courses, it's essential to provide them with the modality that fits their preferences. Our annual Lean Into Learning Report compiles findings from surveys and research, industry analysts, and Skillsoft customers to share the state of training and the importance of creating a culture of learning. SEE REPORT 2. ALIGN THE SECURITY TEAM AND WORKFORCE Something I'm excited to be working on at Skillsoft is creating more substantial alignment between our security teams and disciplines and our workforce. We plan to improve communication with monthly newsletters and other internal initiative and become more visible within the organization. The goal is to be present and transparent. If we want their partnership in protecting the organization, we must keep them aware of our efforts and give them insight into our workflow. For us, it's a two-way street. 3. PAY CLOSE ATTENTION TO TRENDS IN YOUR ORGANIZATION Take note of your attack surface regularly. The only way to successfully stave off threats is to be aware of all possible entry points. You must be able to message how you, your team, and every member of the organization affect and are affected by it. Make that information widely and readily available. Not only must you develop contingency plans and protocols, but keep them updated. Refresh documentation regularly, make it accessible to the team and broader organization as appropriate. Doing so will help ensure you minimize attacks when — not if — they occur. 4. COLLABORATE WITH YOUR PARTNERS & CUSTOMERS You can use the same strategy you used to transform your workforce to engage with your partners and customers more regularly. By sharing trends, strategies, and new developments as they happen, you're giving those who rely on you insight into how you're keeping them safe. Education and communication help create a cyber-aware community where we're all looking out for each other. 5. FOCUS ON THE RIGHT METRICS My key takeaway for leadership, especially other CISOs, is to remain focused on being prepared. It's terrific if you're able to block 99% of attacks, but if you don't stay perpetually ready, that 1%will sneak through. Of course, scoring a five on your NIST assessment would be an outstanding achievement, but you must find balance and comfort in the level of risk you manage while working within the constraints of the organization. Having plans to combat attacks is ultimately a better use of your organization's resources. If you include your workforce and remain transparent, you will continue to have security allies throughout the organization. Skillsoft continues to see security training rise in importance for organizations across industries. Since last year, security training consumption rose nearly 60%, according to user data in Percipio. From security awareness to advanced skills for practitioners, Skillsoft offers professionals a blended approach to build critical skills to protect organizations from bad actors, phishing schemes or simply misconfigurations. You've probably wondered at some point if you're getting paid what you deserve. You've likely also thought about how your pay compares to your teammates who are doing the same kind of work. And you may be tempted to just compare numbers. At many companies, there is not only a hush-hush culture around discussing your pay, it may even be a rule, whether communicated verbally or written down in employee rules and regulations.
It’s long been considered taboo to discuss how much you’re making with your co-workers. But the truth is, you are allowed to talk about your salary with co-workers, by law. The National Labor Relations Act has been in place for nearly 90 years. This law dispels salary confidentiality “rules” at most companies and for most employees, and says that discussion of pay is allowed. Why employers don’t want you discussing wages at workIt’s pretty simple: if you found out that a co-worker doing the same job as you was making more money, you’d be understandably upset, right? Employers may not write a specific rule, but may say things like, “Discussing wages ‘creates tension.” What they’re referring to is the tension that people making less than their co-workers would feel if they found out their pay wasn’t the same. Keeping pay a secret could allow employers to pay unevenly, saving the company money but keeping people in a culture of secrecy and inequity. Unfortunately for employees, not knowing leaves them without increases in pay that would otherwise be equitable and fair. A study by four economists supports that prediction. To study the relationship between pay transparency, turnover, and workplace satisfaction, they selected a group of employees in the University of California system and showed them a website that lists the salaries of all UC employees. They found that employees who were paid above the median were unaffected by using the website, while those who were paid lower than the median became less satisfied with their work and more likely to start job hunting. This result shows why employers have an incentive to keep pay under wraps if they’re going to try to pay some less than the median. The wrong side of the lawThe National Labor Relations Board (NLRB) makes the law clear: You are allowed to discuss your pay, without fear of retaliation or retribution by your employer for doing so. It can be difficult to challenge a culture or rule at work. The pressure to conform can be intense, and you don’t want to do anything that will get you into trouble. But when it comes to discussing wages, you may want to consider going against the grain. Per the NLRB, pay secrecy policies may violate the law. If your boss, manager, supervisor, employee handbook, or any other person or entity at work tells you it is illegal to talk about wages, they may be wrong. Companies that direct you not to talk about your pay with your coworkers may very well be on the wrong side of the law. If you’re one of the many to whom this law applies, it is also unlawful for your employer to take retaliatory action against you for having such conversations. Additionally, it would be illegal for your employer to have a work rule, policy, or hiring agreement that prohibits you from discussing your wages with others, or that requires you to get the employer’s permission to have such discussions. If your employer does any of these things, find out if the NLRA applies to your employer and work so you can assert the rights that are there to help you advocate for your fair pay. Companies with wage transparencyOnly about 20% of companies practice open salary transparency. But, as more and more states require employers to at minimum post the pay ranges for open positions, this trend is growing. Companies like Glassdoor, which practice salary transparency, believe in ensuring employees are being paid fairly. What would it look like if the same was happening in your company? If you’re interested in working for a company that practices salary transparency, here are a few options:
Why you should talk about wagesPay secrecy furthers the wage gap and opportunities for discrimination, including sustaining the gender pay gap and keeping wages lower for people of color. Imagine how much positive change you could create within your organization if you pulled back the covers and started speaking honestly about your compensation. Whether you are getting paid more or less than your co-workers, you’d be helping to even the playing field and increase equity across the board. It’s also good for the company: understanding whether or not workers are getting paid what they feel they are worth is one of the key drivers of job satisfaction and retention. If you’re considering discussing your pay with a coworker to see if you are being paid the same thing, be aware of the legal rights you may have to discuss your pay, and ask yourself a simple question: do you want to be paid for your worth? Do you want that for others as well? I am available. 22 years experience. Private and public sector experience. High level security clearance obtainable. Contact me or email me.
Do you need long term or one-off expert project management help right now? I am a very experienced tech project manager with more than 20 years of successful project management experience. I can be available immediately and I can do remote or onsite, full-time or part-time, W2 or 1099. Contact me by email or through my contact form here. Let's discus. Thanks! My motto is: "You're only as successful as your last customer thinks you are..." What does your organization look for in a project management leader? A 'yes' man? Do you want someone who will listen to you and do exactly what you ask them to do? Hopefully not. My clients are intelligent and experienced, but they don't always know exactly what they need. They often don't even know for sure exactly what they want - though they may think that they do. That might be the case for you as well. If you decide to seek out my services, what you will get is an experienced professional who is more interested in actually understanding your true needs, how you got to where you are now, and what will satisfy you in the end. It's not about 'phoning it in' on a project. It's not always about getting it done in 'x' amount of time, either. But it IS always about customer satisfaction. It's about giving you - the customer - something you can live with and be happy with and that your end users can actually use. View my resume View my LinkedIn profile Expertise:
Industry Experience:
Highlights:
My Noteworthy accomplishments:
Serious about managing and leading Agile SDLCs and projects? Get Agile certified. Get noticed, get hired and earn more. Use 'BRADAGILE' code for 10% off your certification. Click on the banner below.    Data breaches are becoming a crucial problem for a rising number of companies across a wide range of industries. This is driving up the demand for highly qualified cyber security personnel.
Indeed, as more businesses go online and become more digitally and technically savvy, the need for information security will only increase, and individuals with the necessary cyber security Course degrees and skills will prosper. Cyber security could be a lucrative career route for those interested in IT, computer science, or cybercrime. However, because cybersecurity is such a large area, and information security professionals might have a wide range of duties, not to mention work in a variety of businesses, information security specialists will require a comprehensive set of skills. Skills that will qualify you as a Cyber Security ProfessionalTo be a qualified cyber security professional the primary step is to attain all the necessary qualifications. To name a few, information technology, computer programming, internet marketing, online commerce, and cybersecurity are all feasible choices. A variety of degree programs and certifications are available to assist people to get started on this career path. A cyber security course combines information technology with cyber-crime prevention strategies. The university degree program, as well as a number of other cyber security courses and certifications, prepares students for a wide range of jobs, from protecting a company's online assets from intrusion to working in national security. The availability of a cyber security online course makes it even more convenient for aspirants to access training regardless of the location. Qualifications in Cybersecurity If you believe you have some of the abilities and the interest to work with the complexities of internet security and all other application of the field, getting ready with the inherent essential credentials is a must. A suitable degree subject accompanied by a fine cyber security course would prove one of the finest methods to break into the information security field. Although it is possible to transition from other IT professions to a cyber security post in some situations, as cyber security careers become more prominent, this is getting more challenging. If you're interested in cyber security career, one of the following degree disciplines can help you get started: IT Cyber security Computer science Computer Forensics Engineering of networks Security and networks Physicists, mathematicians, and other STEM subjects Cyber security is an ever-evolving field that requires professionals to be equally dynamic and evolving. Additionally, one needs to advance and grow in one's career. For those already employed as a cyber security professional pursuing a few additional certifications is mandatory in advancing and career progression. No doubt there is a plethora of industry-related certifications, however, the critical key is pursuing only those certification modules that are relevant to their area of expertise. The following are a few other qualifications available for cyber security experts to consider: Systems Security Certified Practitioner (SSCP) This accreditation is great for people just starting out in cyber security because it just requires one year of experience and allows students to demonstrate their technical prowess and security competence. It is mandatory for those wishing to attain this SSCP certification to have a thorough comprehension and knowledge of all the information and skills required for succeeding in this sector. The modules for SSCP training would typically include risk identification, and cryptography mainly. The final step to qualifying certification is cracking the certification exam which lasts for three hours. Certified Information Systems Security Professional (CISSP) The CISSP is by far the most popularly held information security certification. It is typically necessary for progress in the sector. This accreditation requires individuals vying for this certification to have work experience of four years or more and typically employed as managers or consultants. This certification is extensive and covers eight models of cyber security. This include management of identity and access, asset security, and security engineering and the deciding exam is of six long hours. The process may be demanding however it is worth it once you qualify and get certified. The accreditation is a worldwide recognized mark of quality and one of the ISO/IEC Benchmark 17024 standards. Certified Information Security Manager (CISM)The CISM accreditation is ideally suited for those who have a minimum of five years of working experience. In the cyber security sector as this is the trump card to career progression and advancement. Prior to attaining this certification, aspirants are required to have completed the requisite work experience of five years along with a minimum of three years of experience as a manager in Information security. The credentials also come with the condition that all these experiences must have been completed within the last ten years. So that they can be eligible for the certification. Skills to Qualify as a Cyber Security ProfessionalA job in cyber security necessitates the acquisition of certain skills. Aside from the credentials that answer what qualifies you to be a security professional. So having the prowess with all the skills relevant to the industry is the primary factor. The critical skills that will qualify you as a cyber security professional are as follows: Strong analytical skills are necessary, as well as a strong eye for data trends. Quality of team leader taking initiatives and making confident decisions. The potential to perform well under pressure, time crunch, and meet deadlines Pay special attention to the tiniest aspects and approach your work logically and objectively. They should be well-organized and able to manage their time well.The knack for thinking beyond the box and working in a creative manner. Strong communication skills, as well as the ability to adapt communication methods to fit the demands of different audiences Well-versed in the laws and regulations of security. A strong interest in the IT industry as well as an inquisitive nature. If this challenging and rewarding prospect piqued your interest, you must make sure you fulfill all these qualifications. Get to learning with a cyber security course online and begin your cyber security journey. While the cyber security course fees will vary depending on the level of course you choose. |
Author:
Brad Egeland
Archives
December 2022
|
RSS Feed
