David Strom

David Strom is an old hand at enterprise IT, having worked in the industry from the early days of the PC. He has developed numerous print and Web publications for IT managers and developers and runs the Dice Security Technical Community here.

6 Essential IT Certifications for 2015

Posted In Looking in Tech
shutterstock_69626098
Figuring out which IT-related certification program to pursue, from among more than 100 of them, can prove a daunting task for anyone. ITworld recently posted their top suggestions, based on a study from consulting firm Foote Partners. Add to that a very comprehensive annual evaluation guide from Pearson’s IT Certification website, which contains detailed information on many programs. Both are good places to start your own investigation. Any certification program is a compromise between your own skill and learning gaps,… continue…

How to Become More Marketable in IT Security

Cybersecurity
There are certainly plenty of opportunities for IT security professionals nowadays. They can get well-paid jobs that offer loads of advancement opportunity, as long as they’re motivated and have a deep interest in security. So what should you do to better position yourself? The Right Experience First, you should make sure that your technology experiences put you in contact with a wide assortment of IT and development teams. You don’t want to be a coder in a cubicle corner. The… continue…

Security Mergers Indicate Solid Job Prospects

Security Key
Recently, we ran a story about the number of VCs putting cash into security startups. That turns out to be the tip of the security spear. The past month has seen several acquisitions of note as well-established vendors sought to broaden their product line, complement security products with malware or detection services, or make noteworthy hires. For example, Milpitas, Calif.-based FireEye bought Washington, D.C.’s Mandiant for $1 billion. Mandiant made headlines last year by working with The New York Times… continue…

Time to Reassess Your Network Access Rights

Hacker Thumbnail
At the heart of the celebrated case of Edward Snowden lies one important fact: The infamous contractor gained access to the trove of documents that he ultimately leaked to journalists by escalating his access rights. And despite this very real poster boy having been in the news for the past several months, many enterprises haven’t done much with reeling in — or even auditing – the access rights they have in place. In fact, far too many enterprises don’t know… continue…

Is SAP the Latest Malware Target?

Stealing-Passwords-Thumbnail
Reports over the past several weeks have pointed to potential malware — a variation on the Shiz banking-related Trojan — that is targeting SAP installations. This nasty piece of business was originally designed to provide attackers with remote access to an infected PC and steal online-banking passwords and cryptographic certificates. According to Infoworld, the malware was discovered a few weeks ago by Russian antivirus company Doctor Web, which shared it with security researchers. Alexander Polyakov, chief technology officer at ERPScan,… continue…

Getting More Out of Your Data Warehouse

Linking datasets together, tracking persistent data across multiple Websites, and looking at “useless” data are all ways to milk more out of your infrastructure. continue…

Understanding the Complexities of Compliance

Docs-and-Regulations-Thumbnail
Almost every IT product out there – especially when you get to the enterprise level — includes some form of compliance module or report. Some of them are useful, some not so much. Whether they’re helpful or not, compliance is a tricky issue you’ve got to be familiar with. Among other things, you have to undertake some careful thought about what you are actually complying with, and for whom: The particular government regulations that cover your industry. Your legal or… continue…

Why Kali Linux Should Be In Your Security Toolkit

Kali-Linux-Thumbnail
Kali.org’s version of Linux is an advanced penetration testing tool that should be a part of every security professional’s toolbox. Penetration testing involves using a variety of tools and techniques to test the limits of security policies and procedures. What Kali has done is collect just about everything you’ll need in a single CD. It includes more than 300 different tools, all of which are open source and available on GitHub. It’s incredibly well done, especially considering that it’s completely… continue…

Protecting Logins with a Second Authentication Factor

mobile-login-screen
Two-factor authentication is catching on for a variety of consumer Web services. For those of you not in the know, this isn’t all that new. Years ago, various computer vendors set out to improve things with hardware-based two-factor authentication: Something uniquely in your possession that would generate a one-time code to work with a security appliance and better secure your logins. RSA made millions in this market, and over the years these tokens have been used by millions of users.… continue…

The Software Side of Sears

Leveraging Hadoop, Sears was able to transform its IT operations and decommission some mainframes. Here’s how. continue…