Policy Compliance or Network Configuration Management?

Posted on August 08, 2016
 

Is there a silver bullet for making policy and risk compliance easier? While there is no single solution which will manage compliance end-to-end, the answer may surprise you. But first a little background.

Introduction

Risk Management is fundamental to maintain a successful enterprise. The purpose of Risk Management is to identify uncertainties, hazards, exposures, liabilities and other risks which may cause harm to the organization, forecast the potential impact and then implement measures designed to reduce these affects. Considering IT operations is vital to business continuity, it should be no surprise that Risk Management is a central tenant of IT governance.

One of the tools used to manage risk is the Risk Policy. In IT, the risk policy is a top-level document which specifies what standards the organization will observe in order to safeguard the confidentiality, integrity and availability of its IT systems and data. The Risk Policy will often include additional sections addressing security and any obligations to industry and regulatory mandates like Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA) and similar.

It's important to observe that policy standards define what safeguards will be required but not how a standard will be implemented. For example, the PCI DSS policy has a standard which states that the organization will "install and maintain a firewall configuration to protect cardholder data”. However, it does not specify what type of firewall to use. It does not specify what firewall rules to deploy. It does not even specify what it means to maintain the firewall. Which leads us to our discussion on controls.

Policies are operationalized by implementing controls which support policy standards. There are two primary types of controls: technical and procedural. Procedural controls are "managerial” or "operational” in nature. They define how people are to perform a task or job function. For example an IT manager will retain a full system backup for seven years. On the other hand, technical control are directly implemented on IT systems using supported configuration options. For example, a server shall be configured to require a logon password. Once technical controls are in place, the challenge becomes to keep them in place. This leads us to the topic of compliance.

Policy compliance seeks to verify that all controls, as defined by policy, are: 1) implemented and 2) remain operational as implemented. As such, policy compliance can be thought of as a "continuous process” – one of implementation, monitoring and verification. While it's common to think that compliance is something an auditor does, in reality IT operations is responsible. An auditor only provides independent verification that policy objectives are being met.

As mentioned earlier, technical controls are implemented as configuration options. And more specifically, network controls are implemented as configuration options in network routers, switches and similar devices. So the big reveal here is that perhaps the best risk and policy management tool in your toolbox is your Network Configuration and Change Management (NCCM) software. By definition, NCCM software manages configuration changes and protects configurations and devices from unwanted changes.

Since the network forms the core foundation for IT services, and the quality of network service is defined by the configuration of its constituent routers, switches, controllers, access control devices and more, then it makes sense to carefully manage and monitor these configurations. This is why NCCM plays such a critical role in IT operations and risk management.

So just how does NCCM accomplish all of this? Here is a quick overview.

Configuration Management

Device access – Perhaps the first place to start is by removing ad-hoc access to devices. An NCCM will help you eliminate ad-hoc (un-authorized) device access and require configuration changes to be made using the NCCM management console.

Change control – By requiring all configuration changes to be made using the NCCM console, you are able to assign administrative privileges and implement a formal change review and approval process. This eliminates unplanned and unauthorized actions and maintains a history of all changes made.

Configuration templates – An NCCM will allow you to create a standardized script or change template for making reoccurring changes. This ensures that changes will be uniformly made as approved. Configuration change templates are device and vendor-neutral. They provide an automated way to mass-deploy new services, or quickly remediate a policy violation or security vulnerability across the network.

Job scheduling – Want to control when changes are made? An NCCM provides job scheduling to execute changes during maintenance windows.

Backup and recovery – Hardware failure and human error can break your network. Recover from these disasters quickly. An NCCM will schedule, back up, find, and restore device configurations.

Configuration Monitoring

Change detection and analysis – You've spent time and effort getting your configs to a baseline. How do you know when something changes? What if a change is made to the running config but not saved to the startup? An NCCM will monitor device configurations and notify you when any change is made. You can even compare two configs side-by-side and see what statements were added or removed.

Configuration Auditing

Audit Policies – Want to help ensure your do configs contain (or don't contain) specific configuration statements? An NCCM policy can be used to identify what is expected (or forbidden) in a configuration. Policies are useful to verify compliance with internal policies as well as DSS PCI, HIPAA, SOX, DISA STIG and other industry mandated policies.

Remediation – An NCCM will allow you to correct violations fast with remediation scripts (defined as part of the policy).

Summary

Change management, monitoring, and auditing are three ways an NCCM helps you manage and protect your network configurations as well as manage IT risk.

In March 2016, SC Magazine awarded SolarWinds Network Configuration Manager (NCM) with the "Best Policy/Risk Management Solution” for the fourth straight year. SolarWinds NCM won't manage every aspect of your risk policy. However, using a single tool, you can not only manage your network configurations, but also manage many of the procedural and technical controls for your network.

To learn about the SC Magazine 2016 awards and other category winners, read this article. To learn more about Network Configuration Manager, visit the NCM product page. To learn how to write a NCM policy, read this thwack® blog post.

SQL Server Performance Tuning Tips

Posted on August 08, 2016
 

Query tuning is often the fastest way to accelerate SQL Server performance. Most often system-level server performance (memory, processors, and so on) improvement measures are ineffective and expensive. Expert developers believe most performance issues can be traced to poorly written queries & inefficient indexing, not hardware constraints. In fact, some performance issues can only be resolved through query tuning.

But when it comes to SQL Server query tuning, DBAs often grapple with the question of where to start. How do you assess a query? How can you discover flaws in the way a query was written? How can you uncover hidden opportunities for improvement? Query tuning is half science and also, half art as there are no right or wrong answers, only the most appropriate solution for a given situation.

SQL Server query tuning can be categorized into three broad steps:

  1. Basic query analysis
  2. Advance query analysis
  3. Facilitate tuning by using DB Performance monitoring tool

Here are 12 quick tips that can help a DBA improve query performance in a measurable way and at the same time provide certainty that the specific alteration has actually improved the speed of the query.

1. Basic query analysis

DBAs need visibility into all layers and information on expensive queries in order to isolate the root cause. Effective tuning requires knowing top SQL statements, top wait types, SQL plans, blocked queries, resource contention, and the effect of missing indexes. Start with the basics—knowing exactly what you’re dealing with before you dive in can help.

Tip 1: Know your tables and row counts
First, make sure you are actually operating on a table, not view or table-valued function. Table-valued functions have their own performance implications. You can use SSMS to hover over query elements to examine these details. Check the row count by querying the DMVs.
Tip 2: Examine the query filters, WHERE and JOIN clauses and note the filtered row count
If there are no filters, and the majority of table is returned, consider whether all that data is needed. If there are no filters at all, this could be a red flag and warrants further investigation. This can really slow a query down.
Tip 3: Know the selectivity of your tables
Based upon the tables and the filters in the previous two tips , know how many rows you’ll be working with, or the size of the actual, logical set. We recommend the use of SQL diagramming as a powerful tool in assessing queries and query selectivity.
Tip 4: Analyze the additional query columns
Examine closely the SELECT * or scalar functions to determine whether extra columns are involved. The more columns you bring back, the less optimal it may become for an execution plan to use certain index operations, and this can, in turn, degrade performance.

2. Advanced query analysis

Tip 5: Knowing and using constraints can help
Knowing and using constraints can be helpful as you start to tune. Review the existing keys, constraints, indexes to make sure you avoid duplication of effort or overlapping of indexes that already exist.

To get information about your indexes, run the sp_helpindex stored procedure:
Tip 6: Examine the actual execution plan (not the estimated plan)
Estimated plans use estimated statistics to determine the estimated rows; actual plans use actual statistics at runtime. If the actual and estimated plans are different, you may need to investigate further.
Tip 7: Record your results, focusing on the number of logical I/Os
If you don’t record the results, you won’t be able to determine the true impact of your changes.
Tip 8: Adjust the query based on your findings and make small, single changes at a time
Making too many changes at one time can be ineffective as they can cancel each other out! Begin by looking for the most expensive operations first. There is no right or wrong answer, but only what is optimal for the given situation.
Tip 9: Re-run the query and record results from the change you made
If you see an improvement in logical I/Os, but the improvement isn’t enough, return to tip 8 to examine other factors that may need adjusting. Keep making one change at a time, rerun the query and comparing results until you are satisfied that you have addressed all the expensive operations that you can.
Tip 10: If you still need more improvement, consider adjusting the indexes to reduce logical I/O
Adding or adjusting indexes isn’t always the best thing to do, but if you can’t alter the code, it may be the only thing you can do. You can consider the existing indexes, a covering index and a filtered index for improvements.
Tip 11: Rerun the query and record results
If you have made adjustments, rerun the query and record those results again.
Tip 12: Engineer out the stupid
Lookout for frequently encountered inhibitors of performance like: code first generators, abuse of wildcards, scalar functions, Nested views, cursors and row by row processing.

3. Use a DB Performance monitoring tool to facilitate query tuning.

Traditional database monitoring tools focus on health metrics. Current application performance management tools provide hints, but do not help find the root cause.

Tip:
You can make query tuning significantly easier by using a continuous database performance monitoring solution such as SolarWinds Database Performance Analyzer (DPA) to consolidate performance information in a single place. With DPA you can:
  • Identify the specific query that got delayed
  • Identify the specific bottleneck (wait event) that causes a delay
  • Show the time impact of the identified bottleneck


Learn more about SolarWinds Database Performance Analyzer (DPA).

Top 50+ Tech Influencers and Thought Leaders You Should Follow

Posted on May 11, 2016
 

Today's technology is growing at an extraordinary pace, so it is important to follow industry influencers and thought leaders to stay in the loop and learn new trends and best practices. Keeping on top of things in the industry is a great way to make sure you are functioning most effectively every day.

We have compiled a list (in no particular order) of tech geeks from system, virtualization, storage, database, network, and security management domains, who we think are the top influencers and thought leaders you should follow.

Top Systems Management, Virtualization, and Storage Experts

Ethan Banks

Co-founder, Packetpushers.net He is a 20+ year IT veteran with hands-on experience as a network architect; CCIE #20655, serial podcaster, writer, and tech analyst. He speaks frequently at the Interop, co-hosts Packet Pushers, and writes various articles for many tech websites.

Rob Bogue

Owner, Thor Projects LLC He is a global speaker, author, and consultant. He helps organizations successfully implement Microsoft® SharePoint®, designing knowledge management solutions, creating flexible information architectures, etc. He has written 25 books, authors articles in Thor Projects, and offers consulting services.

Lance Boley

Technical Marketing Manager He is a technology enthusiast, works as a Technical Marketing Manager, and likes to share and talk about anything related to computers, IT, and data center technology. He was a VMware® vExpert™ in 2014 and 2015. He writes blogs in lanceboley.com and also hosts the Data Center Chic podcast.

Paul Braren

Founder, TinkerTry IT He has over 12 years of VMware experience, including project-managing and first-hand implementing a data center consolidation project. He is a VCP5-DCV, VMware vExpert 2014, 2015, and 2016. His specialties include storage, RAID, iSCSI, and SAN technologies, Remote Control, including Terminal Services, BladeCenter AMMs, and KVM-over-IP Remote solutions. He has produced over 500 articles and 250 training videos on topics that include efficient virtualization, storage, backup, and more.

Duncan Epping

Chief Technologist, VMware He is a VMware Certified Design Expert (VCDX007) and the main author and owner of VMware/Virtualization blog Yellow-Bricks.com. Duncan is currently the Chief Technologist working for VMware Office of CTO. In that role, he serves as a partner and trusted adviser to VMware's customers, primarily in EMEA. His main responsibilities are ensuring that VMware's future innovations align with essential customer needs and translating customer problems to opportunities.

Eli Etherton

Eli the Computer Guy He has 16 years of experience in technology, including time spent in the Army, building out new satellite offices for the enterprise, and running his own shop with nine full-time employees. He has real-world experience with almost all systems that technicians will be working with. He has a B.A. in Criminal Justice and 1600 hours of formal technical content training in technologies ranging from Avaya PBX/ Audix to Microsoft®, Red Hat®, Linux®, MySQL®, Cisco®, and much more.

Steven Foskett

Owner, Foskett Services Stephen Foskett is an active participant in the world of enterprise information technology, currently focusing on enterprise storage, server virtualization, networking, and cloud computing. He organizes the popular Tech Field Day event series for Gestalt IT and runs Foskett Services. A longtime voice in the storage industry, Stephen has authored numerous articles for industry publications, and is a popular presenter at industry events.

Richard Hay

Owner, WindowsObserver.com He is a Microsoft MVP since 2010; hosts observed Tech PODCAST, a weekly look at all things tech with a decidedly Microsoft angle, where he discusses various topics, including security, social media, hardware, software, and more.

Chuck Hollis

Technologist, Blogger, SVP at Oracle Converged Infrastructure Systems Currently working for Oracle®, Chuck previously spent two years at VMware and 18 years at EMC®. He writes blog posts about a variety of technology topics on chucksblog.

William Lam

Staff Engineer II, VMware He works in VMware's R&D organization, where he focuses primarily on the automation, integration, and operation of VMware's Software Defined Datacenter (SDDC). William works closely with various engineering teams within VMware to help provide early feedback on usability, design, and architecture. He provides many tips and tricks for the various VMware products on his blog.

Dwayne Lessner

Technical Marketing Engineer for Nutanix He has over 10 years of experience in IT and writes articles on end-user computing and big data. He's given speeches at various BriForums, VMware User Group meetings, and VMware Forum events.

Thomas A. Limoncelli

Blogger, EverythingSysAdmin.com He is an internationally recognized author, speaker, and system administrator. His best known books include Time Management for System Administrators and The Practice of System and Network Administration. He blogs at EverythingSysAdmin.com and has worked at Google®, Bell Labs / Lucent, and AT&T®.

Scott Lowe

Engineering Architect, VMware He is a 20-year veteran of the IT industry and a focused technologist that specializes in virtualization, VMware ESX®/ESXi, VMware Infrastructure, VMware vSphere®, KVM, Open vSwitch, OpenStack, SANs, Storage, NFS, iSCSI, Networking, SDN, and OpenFlow. A former contributor to SearchVMware.com, a VMware-focused website with technical articles, how-tos, tips, and news, Scott also has six traditionally published books to his credit.

Scott D. Lowe

Co-founder, ActualTech Media Scott is a vExpert, MVP Hyper-V®, MCSE and co-founder of ActualTech Media and serves as Senior Content Editor and Strategist. He is an enterprise IT veteran with nearly 20 years of experience in senior and CIO roles across multiple large organizations. Scott is also a micro-analyst for Wikibon, and an InformationWeek Analytics contributor, having written thousands of reviews, articles, and technical blog posts.

Roger Lund

President, vBrainstorm He is a vExpert, VMUG leader, and tech field day delegate who blogs on VMware and cloud technology. He won the VMware VMUG award in 2013, and his specialties include managing EMC®, Dell® Compellent® Storage, VMware vSphere, VMware View® , VMware vCloud® , Veeam, Windows Server®, and Linux® servers.

Bob Plankers

Virtualization and Cloud Architect and Blogger With over 25 years of working experience in IT, he wears multiple hats as virtualization architect, system administrator, storage administrator, network administrator, end-user, project manager, and developer. He is an IT generalist who writes for various technology outlets. He also serves as an analyst with The Virtualization Practice.

Phoummala Schmitt

Exchange Goddess She is a Systems Engineer with a focus on messaging and collaboration, virtualization, storage, and smartphones. She was a VMware vExpert in 2014-2015. She co-hosts Current Status Podcasts and writes technical articles for the Petri IT Knowledgebase and blogs for 24x7ITConnection, Exchangegoddess.com, WeBreakTech.com, and The Register.

Eric Shanks

Consultant and Blogger He is a solutions architect with over 10 years of experience using a wide variety of data center technologies. He's a certified VMWare vExpert, Cisco champion, PernixPro, Microsoft IT professional, NetApp® data management administrator, and more. His background includes expertise in Microsoft operating systems, networking, storage, virtualization, automation, and software monitoring.

Matt Simmons

Author, Standalone Sysadmin He has been a system administrator since around 2002. He authored Standalone Sysadmin, and writes a semi-regular column called Confessions of a Sysadmin in the Simple Talk: Exchange magazine. He also contributes to Admin magazine, Linux Pro Magazine, and ;login. Currently, Matt is working on a new book dedicated to small infrastructure administration.

Larry Smith Jr.

Virtualization Expert He has over 11 years of everyday real-world experience in virtualization, specifically VMware. A VMWare vExpert from 2013-2016, he owns the website Everything Should Be Virtual, where he blogs about technologies, including virtualization, cloud, automation, and DevOPS.

Michael Stump

CTO at Holden Information Services, LLC He has over 24 years of experience in engineering and administration roles. He was a vExpert in 2014, and a PernixPro, VMWare, and SolarWinds certified professional. You can find his blog posts on various topics in #eager0.

Jon Toigo

Business Information Technology Advisor and Author He is an IT veteran with over 35 years of experience in progressively responsible internal IT positions in the financial industry, then as a senior consultant for two international systems integrators. He has authored 17 books on business technology, over 2000 articles, and writes seven ongoing columns in the technology trade press that garner a readership of over a half million monthly.

Keith Townsend

The CTO Advisor He is an IT architect with 18 years of experience helping organizations achieve their mission through optimized IT infrastructures. He is a recognized technology thought leader, whose articles have been published in TechRepublic and TechTarget. He has been quoted by leading online publications such as ZDNet, GigaOM, and TechCrunch.

Matt Vogt

Solutions Architect He is actively involved in the virtualization and storage communities as a Minnesota VMUG (VMware User Group) member and VMware vExpert. His specialties include VMware ESX(i) - VCP5-DCV, VCAP5-DCD (vExpert 2012, 13, 14), EqualLogic iSCSI/NFS/CIFS SAN, Active Directory®, Group Policy, Windows Server® 2000 - 2008R2, Windows 95 - 7, Mac OS X®, MS Office®, and networking.

Chris Wahl

Tech Evangelist, Rubrik Chris holds two VCDX certificates (Data Center Virtualization and Network Virtualization) and has over 10 years of IT experience in enterprise infrastructure design, service orchestration, and building policy-based automation tasks. He co-authored Networking for VMware Administrators for VMware Press, and has published hundreds of articles. Chris hosts the Datanauts podcast, which covers all things virtual.

Kong L. Yang

Virtualization and Cloud Practice Leader He has over 20 years of practical enterprise IT experience, including Tier 1 application capacity sizing and performance optimization in virtualized and cloud environments. He is a U.S. patent holder and a globally recognized virtualization and cloud leader. He was awarded the VMware vExpert designation in 2010-2015 and the Cisco Champion designation in 2014-2015.

Top Network Management Experts

Mitchell Ashley

President and General Manager of Kyrio, Inc. He has co-founded startup ventures serving network security, SaaS, Internet applications, telecommunications, and IT services industries. He has written for industry publications, including USA Today, NetworkWorld, ComputerWorld, InfoWorld, CIO Magazine, InformationWeek, CRN, and others. He writes blogs on Converging Network, Network World Microsoft Subnet, DevOps.com, and has co-hosted the StillSecure After All These Years podcast.

Lee Badman

Network Engineer and Wireless Technical Lead Lee is a wireless network architect for a large private university, and authors articles at Network Computing. He has also taught classes on networking, wireless network administration, and wireless security. He helped organize and has presented at several higher education and industry conferences, and has written for a number of IT, low voltage, and communications periodicals.

Ryan Booth

Network Engineer Most of his 10 years of experience has been focused on routing and switching (R&S). He is a Cisco Champion 2015 who currently holds a CCIE in RS and several CCNP certifications (R&S and Design). He writes on a wide range of topics in the networking realm for the blog, Moving Ones & Zeros.

Teren Bryson

Network Geek He has over 22 years of professional experience in computer networks. He has various certifications, ranging from Cisco certifications to Microsoft™ MCSE. He's also a VMWare and UNIX™ geek who writes blog posts on various topics in packetqueue.net.

Nick Buraglio

Principal Network and Security Architect, ForwardingPlane, LLC He is a network engineer and architect with practical knowledge of a broad range of network hardware, software, and security tools. He has published articles in TechTarget and blogs for ForwardingPlane.net about the security and networking industry. His specialties include FTTP, FTTC, Metro networks, community fiber projects, BGP, DNS, security, and network analytics, including flow data, IDS, capacity planning, and IPv6 integration.

Wesley David

The Nubby Admin He's a system administrator specializing in Windows Server and Linux platforms communicating over wired and wireless networks. He writes blog posts for The Nubby Admin and various other tech sites, including Simple Talk, SysAdmin Talk, Royal Pingdom, Petri, and more.

Jeffrey Fry

Network Guru He has over 25 years of experience in computers and networks. He's a Cisco CCIE in Routing and Switching #22061, and authors Fryguy's blogs on various tech topics. His specialties include Cisco IOS®, Cisco IOS XR, Cisco NX-OS, Juniper® Junos, OpenFlow®, SDN, MPLS, Service Provider Networks, ASA Firewalls, Juniper EX Switches, Juniper Q-Fabric, MPLS Core Networks, and Nexus data centers.

Tom Hollingsworth

The Networking Nerd He has 12 years of experience in the IT industry working with enterprise networking and wireless, server virtualization, and unified communications. He's a CCIE #29213 and holds a variety of certifications from Novell™, Microsoft, VMware, and ISC2. He currently organizes Tech Field Day event series, focusing on networking and wireless events.

Patrick Hubbard

The IT Management Head Geek He has over 20 years of IT experience, and is involved in product management and strategy, technical evangelism, sales engineering, and software development, all with a focus on application and service delivery for startups and Fortune 500 companies. He runs customer education and training programs to empower IT pros to resolve their IT management problems quickly and easily. He is also a Cisco NetVet and a regular speaker at technology conferences for Ethernet, IPv6, and SDN.

Amy Renee

Senior Network Engineer She's a network engineer and authors the blog amyengineer.com. She's certified in CCNP/DP, CCNP- voice, CCNA wireless, CCNA – voice, CCNA, LPIC- 1, MCSE, and PMP.

Top Security Experts

Dr. Anton Chuvakin

Security Expert Dr. Anton Chuvakin is a Research Vice President at Gartner's Gartner for Technical Professionals (GTP) Security and Risk Management Strategies team. He is a recognized security expert in the field of log management, SIEM, and PCI DSS compliance. He authored Security Warrior, Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management, and contributed to Know Your Enemy II, Information Security Management Handbook, and others. Before joining Gartner in 2011, Anton was running his own security consulting practice www.securitywarriorconsulting.com, focusing on SIEM, logging, and PCI DSS compliance for security vendors and Fortune 500 organizations.

Graham Cluley

Independent computer security analyst Graham Cluley is an award-winning security blogger, researcher, and public speaker. He has been working in the computer security industry since the early 1990s when he worked as a programmer, writing the first version of Dr. Solomon's Anti-Virus Toolkit for Windows. Graham has spoken at events around the world, such as RSA, InfoSec, Web Summit, Microsoft Future Decoded, EICAR, AVAR, ICSA, ISSA, Virus Bulletin, Ja.net, Campus Party, and the European Internet Security Forum. He has worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Jack Daniel

Technologist and Security Professional He is a network and security systems engineer focusing on practical information security for the small enterprise, now focusing on enterprise security and integration of emerging technologies. He holds several leadership positions in the community, including board positions on three Security BSides 501(c)(3) corporations. He is a Microsoft MVP for Enterprise Security, CCSK, Increasingly Reluctant CISSP, and is a frequent speaker at major conferences, including ShmooCon, SOURCE Boston, DEFCON, RSA, and many BSides events.

Rob Graham

CEO, Errata Security He writes blog posts about cyber rights, Internet security, and other security-related topics. He’s the CEO of Errata Security, an online community of security researchers who are engaged in practicing offensive security. The insight gained from research is delivered to clients through Hacker Eye View reports that cover a variety of topics and real-world scenarios.

Andrew Hay

CISO at DataGravity, Inc. He is a security expert who is frequently approached to provide expert commentary on security industry developments, and has been interviewed by Forbes, Bloomberg, Wired, USA Today, International Business Times, Sacramento Bee, Delhi Daily News, Austin Business Journal, Ars Technica, RT, VentureBeat, Le Monde Informatique, eWeek, TechRepublic, Infosecurity Magazine, The Data Center Journal, TechTarget, Network World, Computerworld, PCWorld, and CSO Magazine. He also has written articles for several trade publications, such as Information Week Magazine, DarkReading, and Network Computing on various security-related topics. He has authored four books on security.

Troy Hunt

Troy is a Pluralsight author and Microsoft MVP for Developer Security. Troy focuses on online security, technology, and the cloud. He is the creator of @haveibeenpwned. He speaks at technology events around the world, usually on security topics. He enjoys showing people how easy it is to break software on the Web today.

Brian Krebs

Investigative Reporter He has been writing Internet security-related stories for the past decade and maintains KrebsOnSecuriy.com, a blog focused on computer security and cybercrime. He wrote NYT bestseller Spam Nation, 1,300 blog posts for the Security Fix blog, as well as hundreds of stories for WashingtonPost.com. In 2014 he was profiled in The New York Times, Business Week, and by Poynter.org.

Martin McKeay

Information Security Expert With over a decade of experience in the IT and security field, he is a well-seasoned professional dedicated to spreading awareness about security and privacy. He is the host and author of a pair of the longest- running podcasts and blogs in the security industry, the Network Security Podcast and the Network Security Blog.

Jason Pubal

Director, Visa He is an accomplished information security professional with a decade of experience in diverse technical environments. He owns the blogging website Increased Visibility, where he shares his thoughts on security events, technology news, and ideas and tips to security personnel.

Bruce Schneier

Security Guru He is an internationally renowned security technologist, dubbed a security guru by The Economist. He is the author of 13 books, including Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, as well as hundreds of articles, essays, and academic papers. His influential newsletter, Crypto-Gram, and his blog, Schneier on Security, are read by over 250,000 people.

Randy Franklin Smith

Windows Security Expert Randy Franklin Smith is an internationally recognized expert on the security and control of Windows and Active Directory software. He performs security reviews for clients ranging from small, privately held firms to Fortune 500 companies, and national and international organizations.

Christophe Veltsos

Cyber Risk Strategist | Digital Trust Advisor Chris, aka Dr.InfoSec, is passionate about helping organizations take stock of and manage cyber risks across the intricate landscape of technology, business, and people. He enjoys working with business leaders to improve their organization's cyber risk posture. Dr. Veltsos regularly teaches Information Security and Information Warfare classes and authors Dr.InfoSec blogs.

Top Database Experts

Denny Cherry

Owner, Denny Cherry and Associates Consulting He is the owner, founder, and principal consultant for Denny Cherry and Associates Consulting. He has over a decade of experience in the IT field. He started working first with SQL Server™, then he branched out into VMware’s vSphere and Microsoft’s Hyper-V platforms. He holds an impressive set of credentials, including being a Microsoft MVP award winner since 2008, VMWare vExpert, Microsoft Certified Master for SQL Server 2008, and more.

Joey D’Antoni

The SQL Herald He is a Microsoft MVP and VMWare vExpert who has strong understanding of technologies, including Microsoft SQL Server, VMWare Virtualization, Oracle, Microsoft Clustering, and Red Hat Linux. He has given technical presentations at various events on a range of topics, such as High Availability and Disaster Recovery with AlwaysOn in SQL Server 2012, Virtualization for DBAs, Building Your First SQL Server Cluster, and more.

Pinal Dave

Technology Evangelist He has been a part of the IT industry for more than 13 years. He received his Master of Science from the University of Southern California, a Bachelors of Engineering from Gujarat University, and holds many Microsoft certifications. Pinal writes frequently on his blog http://blog.SQLAuthority.com about various subjects concerning SQL, NoSQL, and Business Intelligence. Known for translating complex subjects into simple context and applications, Pinal attracts over a million visitors a month to his site. His passion for helping the community drives him to share his training techniques and professional knowledge. When he is not in front of a computer, he is usually traveling to explore hidden treasures in nature with his family.

Argenis Fernandez

Field Solutions Architect He is a SQL Server Solutions Architect, certified master on SQL Server 2008, Microsoft Data Platform MVP, and MCM. He authors articles in Pure Storage™ and SQLblog.com.

Tim Gorman

Technical Consultant He is a technical field consultant for storage virtualization of databases based on Oracle, SQL Server, PostgreSQL™, Sybase™, and applications based on file-systems on UNIX/Linux, and Windows platforms. He has co-authored six books, performed technical review on eight more books, has been an Oracle ACE since 2007, and an Oracle ACE Director since 2012.

Kyle Hailey

Technical Evangelist He is a specialist in data virtualization technology, databases, and DevOps. He shares his expertise by presenting at conferences, blogging, giving webinars, meeting with analysts, organizing events, and so on.

Kathi Kellenberger

SQL Server Consultant She is an independent SQL Server consultant and Teammate at Linchpin People. She wrote Beginning T-SQL 2008 and co-authored Professional SQL Server 2005 Integration Services, Beginning T-SQL 2012, and SQL Server MVP Deep Dives.

David Klee

Founder and Chief Architect of Heraflux Technologies He is a Microsoft MVP, VMware vExpert, and SQL Server and infrastructure performance tuner. He is the founder of Heraflux Technologies and regularly contributes to the PASS Virtualization, Performance, and High Availability and Disaster Recovery virtual chapters. He also helps the Maine SQL Server Users Group.

Thomas LaRock

The Database Management Head Geek He is a Head Geek at SolarWinds and a Microsoft Certified Master, SQL Server MVP, VMware vExpert, and a Microsoft Certified Trainer. He has over 15 years of experience in the IT industry as programmer, developer, analyst, database administrator, and more.

John Sterrett

Group Principal, Linchpin People John is a consultant who specializes in SQL Server performance tuning, high availability, disaster recovery, database design, development, and database administration. He is a Microsoft Technology Specialist – SQL Server 2005 and 2008, and was nominated for Microsoft MVP Award for SQL Server in 2012 and 2013.

Jason Strate

Database Architect He is a Microsoft SQL Server MVP and a highly skilled database administrator with a strong background in database/data warehouse architecture and best practices, business analysis, mentoring, and leadership. His specialties include performance tuning, architecture design, environment assessments, data processing (ETL/ELT), business analytics and resource management/mentoring.

How to Get an IT Job: Succeeding in Your IT Career

Posted on August 08, 2016
 

Whether you are preparing to enter the job market for the first time, or have been working for the majority of your life, now is an excellent time to begin a career as an IT professional. The tech market has been booming over the past few decades and shows no signs of slowing down with so much growth and such a high demand for new gadgets, apps, and software.

One of the most difficult parts of applying for a job is getting started, especially when you don’t really know where to begin. If you find yourself in this position, the best resource available to you is one that can offer not only information to help you every step of the way, but also tips from professionals already working and hiring employees within the technical field. This is that resource.

Browse a category by clicking on any of the links below:



Resume, Interview, & Networking Tips

Resume vs Curriculum Vitae

Prior to updating your resume or curriculum vitae (CV), it is important to know which one a company prefers. The biggest difference between the two is that a resume is typically limited to one page, while a CV is usually two pages, three at the most. Resumes tend to be more to the point, while CVs allow you to expand on your qualifications, focusing on education, experience, research, publications, and awards.

Check out these resume and CV samples for more ideas.

Good First Impressions

Your resume or CV is the first impression a potential employer will have about you, so take the time to make sure your resume paints a complete and positive picture about who you are. Before sending out your resume or CV, look the piece over to ensure it’s professional and has no typos and is clearly written.

Find a Balance

One of the hardest parts about writing a resume or CV is finding the balance between talking yourself up and finding a balance in how much to embellish your achievements. You want to be sure everything you include on your resume is valid and is backed up by a reference, or exemplified by your own working knowledge or accolades.

Coordinate Your Resume for Each Job

While it may be easy to send out a carbon copy of your resume for every position you’re applying for, don’t.

Job Brown, IT & Web Manager at Wooden Blinds Direct, says, “as is the case in any job, tailor your CV to the specific role. Do as much research on the company as you can and see if you can find out what software they are using. Be sure to keep your CV broad, highlight specific pieces of software from your research of the job specification. Don’t forget to show your passion – IT is a vital part of practically every business today, but companies want people with a genuine flare and interest in the area, as well as the skills to do the job.”

Key takeaway: Include power words in your resume and relevant keywords to make your resume stand out.

Stick To Relevant Information

Potential employers are interested in the experience you’ve had that pertains to the job you’re applying for. Make sure those skills and qualifications stand out above the ones that have nothing to do with the position.

According to Anthony Jullien, Director of IT at Dupray, the best resumes are the one that are tightly relevant to the job description. If you’re applying to become a web designer, your time as a waiter doesn’t help. Ultimately, hiring managers want to know about that server job, but you need to find the right balance between telling them about your general work experience and your relevant work experience. Your ability to be patient and diligent is noted as a server. Yet, hiring managers need to see tangible experience or ability in the areas that you’ll actually be working in.

Mary Davenport, President & CEO at TransTech recommends pretending you have two minutes in front of the hiring manager to convince them why you are worth the time to interview. The best approach to making your resume stand out is to tailor the resume to fit the 2-3 most critical aspects of the role and demonstrating competency through behaviors and past experience. Every hiring manager is different, but every hiring manager has tendencies and hot buttons. Do you your research and play to those tendencies.

Backup What’s On Your Resume

As mentioned above, it’s imperative that everything on your resume or CV is accurate. While the layout of an interview varies from company to company, you’ll be asked questions about your work experience, education, and any skills you have listed on your resume. If you can’t exemplify the knowledge that you claim to have, the interview will most likely not go well.

Know the basics, nothing looks worse in an interview than being able to answer complex questions but not knowing how to ping a machine. You should also be ready to demonstrate everything you have listed on your CV. — Job Brown, Wooden Blinds Direct

Prepare and do your homework on the company, the interviewer, and the job. There’s an abundance of information on sites like Glassdoor and LinkedIn. Generally, the first five minutes and last five minutes of the interview are the most impactful way of differentiating yourself from the rest of the field. Don’t be afraid to enthusiastically convey to the hiring manager why you want the position and why you want to work on their team. — Mary Davenport, TransTech

Master Your Interview Skills

After submitting your resume and securing an interview, it’s time to start preparing for your first face-to-face meeting with your potential future employer. Keep in mind how important first impressions are and verify you dress appropriate and professional for the interview.

Do your due diligence about the company before your interview to show the hiring manager that you’re genuinely interested in that specific position with that specific company.

Dress for success with these tips and tricks.

Know the Company

If you’re honest on your resume and have properly researched the company, you’ll feel confident going into the interview. Be ready to ask any questions you have about the position—doing so will once again show your interest in the job and prove that you’ve done your research.

The worst mistake someone can make is to not ask return questions at the end of the interview.

“We just spent an hour asking you forty or so questions. You have nothing on your mind? You’re not interested about your day-to-day duties? What about the company dynamic? What about the people who you will work with? You have no questions for me about tools and technology that we use? People who don’t ask questions in an interview show me that they just want a job—not this job. They want to come to work for eight hours a day, get paid, and leave. I need to be shown that this person cares about the role and will eventually care for their work and the company. Even if you only have time for one question to be asked, it better be a thoughtful one.” —Anthony Jullien at Dupray

Key takeaway: Take time to do your due diligence and know the company culture and your prospective employers.

Network, Network, Network

Regardless of your past work experience, you’ve no doubt heard or learned first-hand how important networking can be. The whole idea is to find other people with similar career goals and connect with them in hopes that one of these connections will lead to a job within your desired career field. Thanks to social media, it’s now easier than ever to network.

The best networkers are interesting and ask great questions. Get involved with one or two networking groups and dig deep, attend all of the scheduled meetings, and have something of value to offer the group. The law of reciprocity generally serves true and value will be returned your way. Most people give up on networking because they’re not patient enough to see the immediate value. The value comes over time, once people become familiar with you and build some level of rapport and trust. —Mary Davenport, TransTech

Not much of a networker? Take some time to practice and improve your networking skills.

Network On LinkedIn

A LinkedIn profile is a must. Make sure you fill out your profile in its entirety, complete with a professional profile picture, highlights of your accomplishments, and links to projects you’ve been a part of and papers you’ve written. An excellent LinkedIn profile can play a huge role in securing you a career as an IT professional by making your information available to employers searching for employees, and people who have connections within the field.

Take time to learn how to attract employer’s attention on LinkedIn.

Who You Know Can Help

Exchange business cards when you meet someone new, especially if they work within the IT field. Don’t be afraid to talk to friends and ask if they have connections they’d be willing to introduce your to. Being a hard worker with lots of experience can help you secure that job, but let’s face it, who you know could be what helps you get the interview in the first place.

Always Be Networking

Go to IT conferences, take classes to keep up on your skills and develop new skills along the way. See everyone you meet to be a potential lead, but remember to never be pushy. The key to successful networking is to be authentic and to find ways on how you can help someone else out. If you go into a networking event with an attitude of getting something instead of giving, people will pick up on that fast and you’ll lose potential connections who could help you further your career.

Best Degrees for IT Professionals

Most universities offer degrees in computer science, allowing you to gain a thorough and in-depth knowledge of the IT field. Nearly every university offering online courses has a computer science program that is often referred to as a Master of Information Technology. These online programs are an excellent option whether you’re simply looking to get started in the IT field, or hoping to make yourself more valuable at your current job, offering a flexible setting that allows you to make school fit around your everyday schedule.

The Top 10 Universities

When preparing to enter into the world of IT management, having a strong background in IT is important to help you stand out from the crowd and show hiring managers you have the education and expertise to do the job. Because of this, having a degree in IT is crucial and can give you some extra clout when applying for jobs.

If you are interested in earning your Master's in Information Technology degree, here are some colleges to consider:

  1. Carnegie Mellon University
  2. Penn State World Campus
  3. Creighton University
  4. Brandeis University
  5. Boston University Distance Education
  6. Arizona State University
  7. New Jersey Institute of Technology
  8. University of Illinois, Springfield
  9. Quinnipiac University
  10. Drexel University

For those interested in earning their Bachelor of Information Technology Degree, there are a lot of excellent online courses offered from accredible schools, such as Penn State World Campus, UMass Online, Drexel University Online, and University of Denver.

To learn more about these schools and many more, check out this article from TheBestSchools.com.

IT Tools and Resources

LinkedIn & Other Digital Platforms

LinkedIn is one of the most powerful networking tools at your disposal. Connect with people you work with, you never know, they might just be your next hire or manager. Not only that, but connect with recommended suggestions of people who work in similar fields, they may be the stepping stone to your dream job. — Job Brown, Wooden Blinds Direct

This networking tool allows you to connect with other people interested in or already working within the same career field as you. Even connecting with people who aren’t within the IT field can be beneficial, since you never know who might have the connections you need to land a job.

In addition to LinkedIn, Facebook and Twitter can be beneficial and aid in your search for an IT position. Use these platforms to discuss your passion for IT, answer questions, and build an authentic relationship with other people in your field. You never know when an interaction will turn into a lead.

Let your friends and family know the kind of job you’re looking for and see if they know of anyone or have connections to a job opening that would be a good fit for you.

Job Search Engines

Job search engines like Monster and Indeed are another excellent resource to use in your hunt for an IT position. Technical jobs are being posted on these sites more as the demand within the industry goes up. We are living in the age of the internet so take advantage of that and use these platforms as a tool to help you land your new job.

Utilize Every Resource

The IT job market is growing, and it’s important to utilize every resource at your disposal to keep up with it.

Alan Wisniewski, IT Sales Manager at Systematix, adds organizations are moving strongly toward Bring Your Own Device (BYOD) access, bringing outsourced activities back in-house, and finding ways to make use of the growing amounts of data flowing in from many new sources such as social media. These factors create an increasing shift in required and desired skills showing up in IT departments so anyone having these skills would have an advantage. The top IT skills sought are Programming and Application Development, Help Desk and Technical Support, Networking, Mobile Applications and Device Management, Project Management, Database Administration, Security, Business Intelligence/Analytics, Cloud and Interpersonal skills.

Not sure which skills are most beneficial for your career? Check out these IT skills that will pay them bills.

Certifications, Conferences, & Training Courses

With such constant change occurring in the IT field, you need to find a way to keep up. The best way do this is by following websites that will keep you updated on what’s new. DNSstuff is a great resource to keep you in the loop with up-to-date information on the happenings within the technical field.

IT Conferences

DNSstuff has excellent information about IT conferences happening in 2016, sharing their opinions on which conferences shouldn’t be missed, which are the most cost-effective, and which ones will help keep you ahead of the competition. This comprehensive list makes it simple to determine which conferences will best fit your needs and professional goals.

Certifications and Training Courses

There is no shortage of training courses to attend and certifications to earn within the IT field. The types of training and certification you need depend entirely on your IT position, since different jobs require different knowledge.

These 5 have all got a good success record for people obtaining jobs:

  • Cisco Certified Network Professional (CCNP)
  • Cisco Certified Network Associate (CCNA)
  • CompTIA A+ Technician
  • Project Management Professional (PMP)
  • Microsoft Certified Solutions Expert (MCSE)

However, it really depends on what area the person wants to work in there are separate certifications available for all the different segments such as Big Data, Cloud, Forensics, Database, Help Desk, Security, Governance, IT Trainer, Linux, Mobile App Development, Programming, Project Management and many more. — Alan Wisniewski, Systematix

Key takeaway: Enhancing your skills as an IT professional is a must if you want to excel in your career. Learn more for becoming an IT manager with these great insights.

Best Cities & Average Salary Range for IT Professionals

Knowing the average salaries paid to IT professionals in various cities across the country is beneficial to not only help you determine your own worth, but perhaps to also help you decide where to relocate to make more money. While Silicon Valley has long been considered the place to be for tech careers, many other states are starting to attract tech companies, giving you more locations to consider when looking for an IT career.

Some of the top locations for careers in the technical field are and the average salaries include:

  • Silicon Valley, $118,243
  • Los Angeles, $105,091
  • Boston, $103, 675
  • Seattle, $103, 309
  • Washington D.C., $102, 873
  • Minneapolis, $100,379
  • San Diego, $98,934
  • Austin, $98,672
  • Denver, $97,882
  • Atlanta, $97,238
  • Sacramento, $97,237
  • Philadelphia, $95,579
  • Kansas City, $89,448

A few other cities to consider are:

  • Phoenix
  • Portland
  • New York City
  • Salt Lake City

Read more about the benefits of each location and salary ranges here.

Further Advice & Inspiration

In many business circles, there is often a phrase that elicits a huge opportunity for small businesses. This sentence is ‘I got a guy’. It sounds overtly simple and innocent, but at the end of the day, having somebody refer to you as ‘the guy’ or ‘the girl’ who can perform a highly specific task is an opportunity for you and your business. ‘I have a friend for taxes,’ or ‘I know a girl who sells the best flowers’ is basically the professional equivalent of a positive affirmation for your business. It is the equivalent of a positive review. You need to become that ‘guy’ or that ‘girl’ by putting yourself out there and by telling everyone you know about your expertise with a product or service. — Anthony Jullien, Dupray

Starting your hunt for a job as an IT professional should no longer seem daunting now that you have the resources you need to help you navigate the process from start to finish. Be prepared to pay your dues to ultimately get the job of your dreams, but never sell yourself short, and never give up. All of your hard work will pay off as you establish yourself within your newfound career.

As you move forward in starting your career as an IT professional, take two or three of the tips you’ve found most helpful and apply them to your own job search. While you move forward in your job search, refer to this article to provide you with further tips and insights for landing a job as an IT professional.

Like what you’ve read? Be sure to share the article on LinkedIn, Facebook, and Twitter.

Best Tech Conferences for IT Professionals

Posted on April 05, 2016
 

Are you looking for the best conferences or events to attend to learn what’s new in the IT world? We’ve put together the top conferences and organized them according to topic to help you choose the ones you want to attend in 2016.

Top Up-and-Coming Conferences

Spiceworld: Every year, SpiceWorks™ organizes this event to bring together IT pros and tech marketers to learn, meet, and share IT tech tips. Attendees have access to more than 50 IT and marketing sessions, and more than 60 expert speakers who deliver presentations on all things IT.
ILTACON: This four-day educational conference draws on the experience and success of professionals who employ technology within law firms and legal departments. A conference committee of more than 40 peers develops all the educational content presented at the conference.

Top Bang-for-Your-Buck Conference

AWS re:Invent: This is the largest global cloud community gathering. Attendees learn about new technologies that have just been released in the AWS marketplace and get hands-on experience with AWS problem solving.
PASS SQLSaturday: This one-day training event is aimed at SQL Server® professionals. Local speakers provide a variety of high-quality technical sessions, and volunteers make the whole event possible.
Dreamforce®: Salesforce® hosts this annual conference to bring together thought leaders, industry pioneers, and thousands of IT pros. It features keynote addresses, training sessions, and opportunities to network and earn certifications.

Free User Conferences

VMUGs: The VMware® User Group (VMUG) is created to maximize members’ use of VMware and partner solutions through knowledge-sharing, training, collaboration, and events. Attendees get to see tech and virtualization management organizations showcasing their capabilities to manage VMware infrastructure. VMware also organizes the VMware Technical User Group (VTUG), which informs IT pros about ways to make better decisions in their virtual environment.
Microsoft® Cloud Roadshow: The Microsoft Cloud Roadshow is a free, two-day technical training event for IT pros and developers. It offers best practices and insights directly from experts who build and run the cloud services across Office 365®, Microsoft Azure™ and Windows® 10.
Oracle® CloudWorld: This event brings together professionals and technologies in cloud, social, mobile, and big data, and shows how these areas are transforming the way business works. The event allows visitors to explore modern approaches to boosting sales, building brands, supporting customers, empowering employees, creating apps, and managing information.

Top Have-to-Be-There Conferences

OpenStack Summit: This gathering of IT leaders, telco operators, cloud administrators, app developers, and OpenStack contributors focuses on the idea of building the future of cloud computing. Attendees can hear business cases and operational experience directly from users, learn about new products in the ecosystem, and participate in hands-on workshops.
Cisco® Live: This is the premier education and training destination for IT professionals worldwide. The Cisco Live community helps you enhance your skills though global in-person events, live webcasts, and on-demand training focused on Cisco products, solutions, and services.
Interop: This event showcases the latest in network infrastructure. It offers ways to leverage the applications and technologies the network supports to help attendees get the tools they need to elevate drive business success.

Top Conferences That Get You Ahead

Google® I/O: This is Google’s premier event for developers from all types of technology platforms. Attendees see organizations and developers showcasing their products and have access to Google’s upcoming technologies through various seminars and sessions.
OSCON: Here is where the open source community gathers to celebrate achievements, spark new ideas, and map the future of open computing through collaboration and education.
DEF CON: This is one of the world's largest annual hacker conventions. Attendees include computer security professionals, journalists, lawyers, federal government employees, security researchers, and hackers with a general interest in software, computer architecture, phone phreaking, hardware modification, and anything else that can be cracked.

Top Monitoring Events

thwackCamp™: This is SolarWinds' virtual learning event that provides IT pros with intermediate to advanced educational content.
Monitorama: Focused on open source monitoring and hacking, Monitorama brings leading open source developers, Web operations experts, and associated thought leaders together. Attendees gain insights into the tools and techniques that are being used in use some of the largest Web architectures in the world.
DevOps Days: This one-day conference brings development and operations professionals together to improve the interaction and integration processes between these two traditional silos.