I contributed to Dan Tynan’s article on The 9 Most Endangered Species in the IT Workforce. In Endangered Species Number 5, I discuss how IT professionals are going overboard with the alphabet soup of certifications after their name. I discuss how HR and the automated systems and abysmal hiring practices have contributed to this trend.
I recommend that professionals to create their own Intellectual Property that will make them stand out from the crowd.
I have collaborated with Dr. Polack in the past; primarily on podcasts for Medical Practice Trends. This time we worked jointly on a piece for Ophthalmology Management magazine.
The article, Path to Paperless: Computer Security Lapses Can Be Costly, Dr. Polack and I lay out the regulatory burdens and high-level compliance frameworks that practices should measure themselves against. We also touch on the security risks and penalties that practices can face if appropriate steps are not taken to mitigate risk and meet federal and state compliance mandates.
Mobile Devices, Consumerization and daily news of sensitive data breaches has become the latest boogeyman of the security industry. One of the larger concerns is consumers using their smartphones to make micropayments or access their bank accounts via potentially .
In April 2012 Dark Reading gave me the opportunity to contribute to their article Making Mobile Banking Safe. In the piece I discuss some of the issues that the financial industry has had securing their smartphone applications.
I have developed dozens of webinars for the purposes of continuing education for a variety of companies. In the March 2012 issue of ADVANCE for Healthcare magazine, I contribute to the article What is a Webinar? on the topic of continuing education in healthcare and impact of webinar technology.
Continuing education is critical, especially in today’s ever-changing marketplace. Employees in all professions need to keep their skills sharp, but for healthcare staff it is even more critical due to the potential impact on patients.
Webinars and other online training provide the means for healthcare staff to take courses on their own time. Not only does this add to their value as employees and burnish their skills but it gives those individuals the opportunity to learn on their own time.
One of the larger dilemmas that information security professionals and technology consumers face is the battle over passwords.
Is 14 alpha-numeric characters sufficient for protection? How will users remember their passwords and generate unique ones for all the systems they access on a daily basis? Are Passphrases the answer to this problem or will they create even more issues?
Dark Reading provided the opportunity for me to contribute to their article Passphrases A Viable Alternative To Passwords? I cover the technological aspects of supporting the transition to Passphrases and why the shift hasn’t been made.
I have had quite a few clients in the Education sector; from a state-level Department of Education, down to a individual school. So I wanted to weigh in on what school administrators should look for in an Information Security Consultant.
The magazine, School Planning and Management, graciously presented the opportunity for me to contribute to their article, An Important Decision: Selecting an Information Security Consultant. I discuss some of the skill sets/experience these individuals should possess (Asset Management, Data Protection, Regulatory Compliance) as well as the challenges of serving the client.
The article begins on Page 26 of the print issue or is available on the SP&M website.
Update: The January 2012 issue of CIO India has also published this article with additional content
I regularly contribute to articles in InfoWorld and other IDG Network publications like CIO Magazine and ComputerWorld. This latest article is on the 5 Hot Tech Projects to Boost Your IT Career.
In the article I am quoted on Mobile Device Management (Project 2) and Social Media (Project 5) and how IT pros need to be well-versed with the latest strategies on how to push these initiatives along.
Both MDM and Social Media are disruptive technologies that enterprise IT has very little control over. These initiatives are either driven by the executives (Mobile Devices) or organically through the employees (Social Media). Getting a handle on both, with Executive Management support is very critical.
I have been actively interested in Smart Grid technology and have done quite a bit of research on the topic. I have contributed to articles in Defense Technology International and Heartland Institute as well as written articles of my own on the subject.
Site Selection Magazine gave me the opportunity to contribute to their article Economic Developers Need A Seat at the Smart Grid Table. In it, I discuss how commercial building managers can reap the benefits of Smart Grid technology by using it to monitor their properties. I also cover how these technologies can shorten emergency response times and save money in the bargain.
I have been engaged with several organizations on Mobile Device Management projects, either in the evaluation phase or implementation. A few dozen(s) or so vendor presentations later, I have come to believe that they are nearly all the same.
However, Processor magazine approached me to contribute to an article on Mobile Platform Security. In it I am quoted regarding the important of senior leadership sponsored mobile security policies that are enforced. I also touch on the impact of Cloud technologies on mobile technology and how it will add additional risks and reward for the enterprise.
The article, Mobile Platform Security. Protect Your Enterprise & Data On Employee-Issued Mobile Devices, ran in the print version of Processor Magazine. It begins on page 28 and my contributions begin in the second paragraph of the iOS vs. Android: Which Is More Secure? section.
I worked with CNBC.com to craft an article, Consultants Thriving as Businesses Struggle to Survive, on the state of the consulting profession, how the Great Recession has impacted it and how consultants are perceived by clients for good or ill. I cover how the right consultant can bring outside expertise and experience into a client organization that would be too costly to build in-house or within the required time-frame. Also, I mention how a positive consulting engagement should leave the client in a more profitable state.
Once of the points I am proud of in the article is that Alan Weiss also contributed to it. Mr. Weiss is one of the top and most successful consultants in the world and it is an honor to be in the same article as him.
Transaction World published my contribution to their article on “The Card Industry, Regulatory Reform and the Case for Competitive Improvement“. I discuss the impact of Sarbanes-Oxley, Gramm-Leach-Bliley and the host of other regulations that impact Financial entities and publicly traded companies. I also cover the latest impact of the Durbin Amendmentand how it may push the domestic transaction industry further afield, potentially exposing them to more risk.
This article ties in nicely with my previous contribution to Transaction world back in August 2011.
Smart Computing contacted me and asked that I contribute to an article on Windows 8 and how it stacks up with Windows and Vista. While Windows 8 isn’t scheduled to come out until late 2012 there has been some information available on the subject. I write about Microsoft’s strategy of packaging virtualization and cloud technology into their new OS. Also I discuss some of the challenges Microsoft has been having with convincing their customers to stick with a client-based OS.
Currently the article is only available in print.
Update: CIO Magazine does a great treatment for this article in their November 2011 issue.
I was contacted by InfoWorld to provide some real-life examples of “IT Superheroes” and what are the pros and cons of these type of individuals. The article is entitled “7 IT Superheroes and Their Fatal Flaws“. I contribute to a few superhero stories in the article.
Superhero Number Two, who can stretch to cover any crisis or is relied upon to fill the gap when all other resources are unavailable.
With Superhero Number Five I discuss how IT pros are often called upon to improvise when plans are outdated, support has been canceled and executives are on the golf course.
I was asked to contribute to a PC Today article on Software as a Service (SaaS) and the impact it will have on Information Technology professionals. The article is titled “SaaS Brings Change to IT“. I cover the pros and cons of SaaS, discuss how IT professionals and Business Managers view the service and review the maturity of cloud offerings.
This article ties in with my other published cloud computing work and has been published online and in print.
I have worked with large financial clients and one of the evergreen topics of discussion is the impact of Federal and industry regulation. PCI, the CARD Act, Durbin Amendment, Sarbanes-Oxley, Dodd-Frank and Graham-Leach-Bliley weighs heavily on all corporate decision making, so a consultant must be familiar with the appropriate portions of these regulations to be the most effective. In that vein, I contributed to the an article in Transaction World magazine whose readership includes Independent Sales Organizations and Merchant Service Providers in the electronic transaction processing industry. The article “Embracing Opportunity in a Regulatory Environment” covers the latest regulatory pushes by Congress, near-future trends and recommendations on how capitalize on these new regulations.
I discuss how the government needs to clarify and assist smaller organizations on how to comply with the laundry list of regulations that impact them. This article appeared both online and in print.
IEEE is the world’s largest professional association dedicated to advancing technological innovation. Recently they published an article “Career Focus: Cyber Security — A Growing Threat, a Growing Career” in their monthly professional journal Today’s Engineer. I had the opportunity to collaborate with them on the article. The article covers the current state of information security, delves into the future of the profession and the key skills that infosec pros should attain.
My contribution begins in “The Opportunities” section and continues throughout.
CIO Update published my contribution to their article “The CIO’s Role Morphs Yet Again“. The piece covers the rapidly changing role of the CIO from a Chief Technologist to a Business Transformation leader.
I discuss how information security responsibility has shifted to the Chief Information Security Officer (CISO) with a dotted line to the CIO. However the CIO is still on the hook for the overall enterprise risk management. My contribution begins on paragraph four in the CIO Update site.
CTOForum picked up the article and published it in their August 2011 printing. The article begins on page 24.
Often I am engaged to lead enterprise business and technology solutions for my clients. However, in this article I contributed to for eSecurity Planet, I discuss tips and techniques on how to remove local malware outbreaks. I touch on how large organizations normally deal with malware and some of the pros and cons of attempting to remove them yourself.
The title of the article is “The Best Malware and Antivirus Tool is Prevention” and I am quoted throughout.
InfoWorld has published their article “10 Hard Truths IT Must Learn to Accept“. I had the opportunity to contribute two of the hard truths IT professionals have to face. Truth #4 “Your systems will never be fully compliant” on page 3 and Truth #6 “You will never have enough hands on deck” on page 4.
I cover these topics in some detail, outlining how IT professionals should approach these issues. For Number 4, I recommend that IT should consider a balance between addressing enterprise compliance and actually meeting customer and security needs. For Number 6, I state that IT is always going to be first in line for outsourcing due to the maturity of the IT practice and recommend that IT pros keep their resumes shined and networking skills in shape at all times.
PR Newswire runs a service called ProfNet that connects journalists with industry experts. I personally use the service to reply to requests for expertise on a variety of subjects. ProfNet also runs an advice column which I recently contributed to, “Dear Gracie: Stay Smart With Smartphone Security Tips“. I talk about vulnerabilities in iPhone and Android App stores as well as phone physical security tips.
This article is complimentary to the recent ExecSense Webinar I gave on “What CIOs Need to Know About Mobile Device Security“.
The Heartland Institute published an article on Smart Grid and Smart Meters that I contributed to entitled “Smart Metering of Utilities on Rise Across Nation“. I have been delving into Smart Grid and Smart Technologies within the last year since I believe it will be a growth area for IT and business consulting. I have also written a pieceon the topic of Smart Grid and its associated technologies and I have others in the works. I discuss some of the consumer behavior challenges that smart grid/meters/technology faces and I cover a few case studies regarding their implementation. I briefly touch on some of the data privacy and security concerns as well in the article.
My contribution starts at the “Committed to Conserve Energy” section and continues throughout the article.
I have contributed to a few articles on the 14 Sony security breaches. My latest was with the eCommerce Times. In the article “Sony’s Exec Changes Fail to Impress” I discuss the recent executive leadership changes and how it is influenced by the recent spate of lawsuits filed against Sony.
It is my opinion that the Sony executive shuffling at the top is only be done to placate shareholders and customers and will not truly lead to any significant changes in security posture or the practices that lead to the breaches.
IT TechNewsDaily interviewed me on the difference between regulatory compliance and effective information security practices. In the article, “Are You Breaking the Law? Know How to Handle Sensitive Information” I discuss how regulatory regimes are only a baseline to a comprehensive security regimen. IT and Information Security professionals have to understand that they are directly responsible for selling effective information security practices to senior management. These policy and technology concepts have to be couched in business terminology. This is a conceptI have touched on before.
My contribution to the article starts in the fourth paragraph of the article and continues throughout.
I have contributed to The Progressive Physician before on the topic of mobile devices. In this article, “Super Mobile Physicians Lead Mobility Health Charge“, I discuss the regulatory impact of Protected Health Information (PHI) on mobile devices. Also, I touch on the issue of graphical user interface (GUI) problems on iDevices and how large vendors are addressing them. Large Electronic Medical Record (EMR) vendors were traditionally client/server-based applications that relied on keyboard and mouse interaction. Now these vendors are attempting to rework their traditional GUI to fit the touch-based interaction of iDevices.
My contribution picks up on fourth paragraph of the article and continues throughout.
Disaster recovery and business continuity is a topic that I have written or contributed extensively about. I contributed to an article in ITTechNewsDailyon the criticality of a written, tested and communicated disaster recovery (DR) and business continuity plan (BCP).
The article “When Disaster Strikes Your Data“, covers the critical issues the enterprise or organization must consider when developing an effective DR and BCP. I also touch on how Cloud services can enhance DR or provide a false sense of security.
I contributed to an article published in Medical Office Today entitled “Can You Leverage a Hospital for Technology?” The piece delves into the topic of small medical practices partnering with large healthcare providers in order to leverage Heath Information Exchanges and Electronic Medical Records solutions.
My contribution begins at the “Participate in Health Information Exchanges” section and then continues throughout. I provide tips on how to establish a relationship with larger healthcare providers and I cover the the risks and benefits utilizing HIEs and EMRs. Also, I briefly touch on the regulatory compliance issues that will affect the relationship.
I have rather strong opinions about the information technology profession and IT certification trends. I got to share them with SC Magazine in an article entitled “CISSP. Who Cares?“. This article appears in the May 2011 print edition only. I discuss why you should pursue the certification route and the potential benefits and drawbacks. Many of these tie into my continuing posts on personal branding and marketing. I also mention how certifications impact your “Resume SEO” when you get fed into the recruiters automated tools.
My contribution begins in the third paragraph of the article and continues throughout. In the print edition, the article starts on page 25.
As the saga of Sony data breaches continues, I had the opportunity to collaborate with the eCommerce Times on an article that covered the current monetary losses incurred by Sony. In the article, “PlayStation Store to Limp Out of Hospital This Week“, I discuss the various factors that affect their mounting losses. Also, I delve into their previous sales numbers and how the widespread outage may effect 3rd parties that utilize the Sony infrastructure to sell their product.
My contribution starts at the “Wooing Back Customers” section and continues throughout the article.
I am fortunate enough to be a frequent contributor for articles in Processor Magazine. For the May 2011 print edition, I provided tips for a Disaster Readiness piece. In the article, entitled “Boost Your Disaster Readiness“, I discuss the importance of executive support for an organization’s disaster planning and continuity initiatives. Also, I cover some of the potential ways to reduce the cost of maintaining disaster preparedness.
The article begins on page 34 of the magazine. My contribution begins at the “Look Inside” section of the piece and continues throughout.
The Progressive Physician, a publication that showcases and provides expertise on medical technology, published my contribution to their article “Top iPhone & iPad Devices for Physicians“.
I discuss why iDevices have made in-roads into the medical profession and cover some of the top clinical apps for the hardware. My contribution begins on the fifth paragraph.
PCWorld Magzine, a leading publication for technology expertise published my contribution to their article on the PlayStation Network (PSN) security breach. The article entitled “Experts on PSN Hack: Sony Could Have Done More” covers the various opinions of security and game industry professionals on the PSN breach.
My contribution covers the “After the Attack” section of the article. I state the obvious signs that Sony wasn’t prepared to respond to a security breach and subsequent network downtime.
The International Public Management Association for Human Resources (IPMA-HR) has published their April 2011 issue of HR News. Inside, a broad array of topics on Outsourcing concerns for HR executives are covered. I contributed to the article “Security Pitfalls of Outsourcing and How to Avoid Them“. This article ties in very neatly to a webinar I gave for ExecSense in March 2011. The webinar, entitled “What Do Risk Management Executives Need to Know About Outsourcing in 2011“, covered a portion of the information I provide in this article. I am quoted throughout the article, which begins on page 10, on how to protect your organization during the outsourcing process.
Firms interested in outsourcing components of their business have to develop a relationship with their outsourcing providers to ensure a equitable deal on both sides.
An April 2011 article published in InfoWorld dealt with the subject of dubious consulting practices entitled the “Seven Dirty Consulting Tricks (and How to Avoid Them)“. The article covers a wide variety shady topics such as double-dipping, low-ball estimating and stalling tactics.
I am quoted on pages one and two of the article on how to combat against the “bid low/bill high trap”, and “bringing in the B-team”.
The April 2011 issue of Medical Office Today published an article on Electronic Medical Records (EMR) and their impact on Medical Practice marketability entitled “Does EMR Make Your Practice More Marketable?” The article touches on the patient care, business and technological impacts of an EMR solution. The article also provides tips for those practices who wish to delay the implementation of an EMR and how to communicate that to your patients.
I am quoted throughout the article on the marketing, patient care, business and technological considerations that practices must weigh to determine if they should move forward with an EMR solution.
Transaction Trends, the official publication of the Electronic Transactions Association, has published an article on PCI compliance for Level 4 Merchants in their March 2011 issue. The article, Coaxing Compliance, discusses the various strategies Independent Sales Organizations (ISO) can implement to encourage small to medium size merchants to become PCI compliant.
My contribution starts on page 14 and I cover the potential damages that can be inflicted on a small merchant if found non-compliant. Also, I cover the “safe harbor” and “death penalty” options that PCI could pursue if a breach occurs.
The Chicago Tribune published an article on paid versus free anti-virus products called “Scanning Anti-Virus Options“. The article outlines the differences between and recommendations for anti-virus suites.
I am quoted in the bottom paragraph about user behavior.
Processor Magazine published my contribution to their article “Inside Data Center Preparedness” in their February 2011 issue. I outline the most critical component of Disaster Recovery planning (Communication). Also I discuss ways of packaging Disaster Recovery for Senior Management consumption. Basically, a means to “sell” the Disaster Recovery process and make the expense palatable to an organization’s leadership team.
My contributions begin in the fourth paragraph of the “Know Your Needs” section and continues throughout the article.
The Chicago Tribune published an article on the Gawker, McDonald’s and Walgreens customer data breach called “Security Breaches Highlight Need for Consumer Vigilance“. The article covers the personal information stolen from these large organizations and some strategies to combat this issue. I am quoted in the piece stating that consumers need to cultivate a “healthy level of skeptism” when browsing the web, sharing personal data and using personal computing devices. Many consumers do not understand the security risks that are out in the wild and how these could impact them negatively (Page 2, Paragraph 4).
The article was also published in the Los Angeles Times and The Republic.
SC Magazine, a security magazine for IT professionals, has published my contribution to their article “IT’s New Problem“. The article outlines the consumerization of the enterprise, the pervasiveness of social media and how to address this challenge.
I offer up that information security has been elevated to a business issue and social media is a way of doing business amongst younger employees. I recommend employers set acceptable use policies for social media and integrate this technology into the organization.
eCRMGuide.com, a sub-site of Internet.com, has published my contribution to their article “10 Benefits of Business Intelligence Software”. I make the point that BI solutions can add to the bottom line by determining customer purchasing habits. Capital One built their business model on this premise (Point 4, Page 1).
I get more specific on how Manufacturers can fine tune their profitability with BI by tracking manufacturing costs on a granular level (Point 8, Page 2).
Social Work Today, a professional publication for the continuing education of social workers, published my contribution to their article “Data Driven, People Focused“.In the article I speak to the prevalence of technology, particularly software, in the social work space. Also, I touch on the impact and issues that must be considered when attempting to implement technological solutions. Finally, I mention why stakeholders within the social work sphere are leveraging technology to meet business needs.
My contribution begins on the fifth paragraph of the linked article and on page 7 of the print edition.
IndustryWeek Magazine, a publication that targets manufacturing decision-makers, published my contribution to their article “Hard Choices in Software Spending”. I discuss the current trend of CIOs utilizing their technology assets to drive corporate profitability. This is a shift from considering information technology as only a cost-center.
My contribution begins on page two, second paragraph in the linked article.
American Medical News, an American Medical Association (AMA) publication, published my contribution to their article “Practice IT Systems Require Regularly Scheduled Checkups”. I provide guidance on what medical practices should consider when engaging an IT vendor. Also, I discuss some of the top areas of concern that need to be addressed by physicians in their practices, with an emphasis on security.
My contributions begin on the fourth paragraph and continue throughout the article.
Processor Magazine published my contribution to their article “Mapping the IT Capability Maturity Framework”(IT-CMF) in the September 2010 issue. I discuss some tips on how to get user buy-in on IT-CMF as well as some of the stratgies that can be used in implementing this methodology.
My contributions are within the “Breaking It Down” and “Pick & Choose” sections of the article.
Defense Technology Internationalissue on Cyber War published my contribution to Smart Grid vulnerabilities in their September 2010 publication. I provide some scenarios on hackers attacking a Smart Grid installation. Also I discuss some of the potential strategies behind these attacks and ways to mitigate the risks.
The article’s title is “Protecting Infrastructure”. It begins on page 39 of this issue and my contribution picks up on page 40.
Processor Magazine published my contribution to their Voice Over IP (VOIP) and Unified Communications (UC)article in their August 2010 edition. I provide input on the topic of “feature bloat” in VOIP functionality that can add additional licensing cost. This cost can be “hidden” within the licensing agreement, reminicent of cell phone plan features that are never used.
Scroll down to “Going All-In On Features” to read my take on this issue.
CTOFORUM Magazinepublished my Fraud as a Service article in their February 21st, 2010 edition of their magazine.
This is a topic that I am going to continue to explore since the concept itself is fascinating. Why? Because the fraudsters are incorporating important business structures into their activities, while remaining agile and creative. Unfortunately agile and creative for criminal activity.
Washington Technology article on the Virginia Department of Social Services DOLPHIN project. I was a consulting project manager for VDSS at the time. The project scope included a RFP all the way to implementation and maintenance. A multi-million dollar software package was rolled out statewide to hundreds of adult and childcare service providers. A challenging project, but in the end very rewarding.
Leave a Reply