CERTIFICATION SKILLS CASE STUDY How hacking

CERTIFICATION How hacking
is becoming a sought-after skill 12
SKILLS Adressing the skills gap
through skills frameworks
16
CASE STUDY Introducing ITIL
to crisis-proof processes
26
COMMENT Why conferences
play an important role in L&D 34
Spring 2011
Leading
virtually
Tackling the challenge of
managing global teams p18
www.bcs.org/ittraining
899_books_it_training_fp_ma_Layout 1 02/02/2011 11:09 Page 1
Better business skills
Discover a range of books that support your business and IT needs.
Master the Moment
The powerful ideas
in this book are
supported with scientific
research in areas such
as motivation and
physical fitness.
NLP for Project
Managers
This is the only book
on neurolinguistic
programming written
specifically for Project
Managers.
ISBN: 978-1-906124-73-1
Published Dec 2010
ISBN: 978-1-906124-68-7
Published Feb 2011
£12.95
£24.95
Working the Crowd
Business Continuity
Management
This is an excellent
book for anyone planning
to use social media
whether individually or
for business.
ISBN: 978-1-906124-71-7
Published Nov 2010
£14.95
A clear template-based
approach to producing a
practical business
continuity plan that
ensures the safety of
your business.
ISBN: 978-1-906124-72-4
Published Nov 2010
£20.95
Special offers
For details of pre-publication and special offers visit:
www.bcs.org/bookoffers
*Forthcoming books are available to pre-order with 15% discount.
Free postage and packing on all online orders in Europe and North America.
Buy online at: www.bcs.org/businessbooks
Also available from bookshops and ebook stores.
Telephone: +44 (0)1793 417 440
Email: [email protected]
Scan the QR Code opposite using your smartphone and a QR Code Reader
for full details of our current range of books.
Contents
26
24
22
18
15
News
Features
Skills watch
06 Update
12 Securingthedefences
24 Microsoftvs.opensource
Trainingbudgets2011Itseems
theoutlookfortrainingbudgets
in2011isnotasbleakassome
mighthavefeared.
LackofstaffThelackofqualified
ITstaffturnsrecruitmentintoa
challengeformanycompanies.
07 Supplierbriefs
32
15 Buidlingskills
Makingnewconnections
TheL&DSGisestablishingsome
newandexcitingconnections
acrosstheL&Dsector.
www.bcs.org/ittraining
Someinsightsfromlast
December’sSFIAconference.
16 Frameworkforthefuture
Newchairandsomeacquisitions E-skillsappointanewchairand
twocompaniesbroadentheir
18
reach.
InstituteofITTraining
Masteringonlineinteraction
Deliveringonlinetraining,the
launchoftheLearningYearPass 22
andalearningsurvey.
08 BCSL&DSG
Ethicalhackingisbecomingan
increasinglypopularwayoftesting whetherITsystemsaresafe.
Howusingaskillsframeworkcan
helptoaddresstheloomingskills
gapintheITandtelecomssector.
Leadingvirtually
Whatarethesecretsofcreating
realteamspiritandeffective
leadershipinaglobalteam?
Long-termskillingtrendsin
operatingsystems,databases
anddevelopmentenvironments.
Trainer to trainer
11 Groups–mixedandonline
Trainingformixedsenioritygroups
andcreatingonlinecommunitites.
Self study
30 Bookreviews
Leadership,programming,security,
bloggingandcloudcomputing.
Comment
Movingforwardin2011
08 L&Din2020
Establishingaframeworkforthis
year’sbudget.
AlanBellingerwonderswhatL&D
mightlooklikeinnineyear’stime.
26 LaunchingITIL
34 Conferences
AnNHSTrustintroducedITILto
improveprocessesandcreate
crisis-proofITservicemanagement.
CliveShepherdlooksatwhy
conferencesaresuchausefultool
foranL&Dprofessional.
Spring2011ITTraining03
Editor’s intro
Ethics, rockets and goodbye
We’ve got a wide-ranging mix of
topics for the first issue of IT Training
2011. From ethics in hacking and
what rockets have to do with service
management, to how globalisation
affects the way CIOs manage their
teams and why frameworks can help
to fill IT skills gaps.
For most of us, hacking will have
negative connotations, especially when looking back at the last
year when security scares and threats could be found all over the
news. Yet, as you can read on page 12, certifications in ‘ethical
hacking’ give people the skills they need to keep their companies’
networks safe and secure, and in this article we have a closer look
at what distinguishes these ‘good guys’ from the ‘bad guys’ in the
hacking world.
It’s not only a world of increasing security threats for IT, but also
of increasing globalisation. Many IT managers find themselves in
a position where they are faced with the challenges of managing
a global team of people they might never meet face-to-face – as if
‘normal’ management wasn’t difficult enough! On page 18 Gary
Flood investigates what help is out there for anyone who finds
themselves in that position.
We also take a closer look at ITIL, the challenges of service
management implementation and how a rocket launch
simulation can help with identifying strengths and weaknesses
when it comes to team work (p. 26).
On page 22, Alan Bellinger takes the learning and development
budget discussion one step further and finds that things are not
looking quite a bleak as first assumed. Similarly, in our report on
last December’s SFIA conference, Kevin Streater shows that using
skills frameworks can help address the looming IT skills gap this
January’s e-Skills report predicted.
Acting Editor
Managing Editor
Advertising
Jutta Mackwell
Brian Runciman
Bob Jalaf
BCS, The Chartered Institute for IT
First Floor, Block D, North Star House,
North Star Avenue, Swindon, Wiltshire SN2 1FA
Registered Charity No 292786
Editorial telephone +44 (0) 1793 417 512
Editorial email: [email protected]
Advertising telephone +44 (0) 20 7878 2344
Advertising email: [email protected]
Subscriptions: www.bcs.org/ittraining/subs
IT Training is published under licence from Haymarket Specialist.
www.haymarket.com
Tim Bulley, Licensing Director.
Telephone +44 (0) 20 8267 5078
Email: [email protected]
IT Training magazine is published quarterly.
The opinions expressed herein are not necessarily those of
BCS or the organisations employing the authors.
© 2011 British Informatics Society Limited
Copying: Permission to copy for educational purposes only
without fee all or part of this material is granted provided that:
the copies are not made or distributed for direct commercial
advantage; the BCS copyright notice and the title of the
publication and its date appear; and notice is given that copying is
by permission of BCS. To copy otherwise, or to republish, requires
specific permission and may require a fee.
Printed in the UK by St.Ives Plc, London.
www.bcs.org/ittraining
And lastly (and sadly), it’s time for me to say goodbye to
IT Training. After three years with BCS, the magazine is moving
back under the auspices of Haymarket and therefore, this will be
the last issue of the magazine for me as editor. I have very much
enjoyed working with the IT training crowd and will certainly
miss editing this magazine. However, BCS will continue to cover,
in some form or other, subject-related areas, so I hope there will
be opportunities to keep in touch with the world of L&D and
training. So just to say a huge thank you to everyone who has
contributed to this magazine over the years it has been with BCS,
and all the best for the future.
Email [email protected]
04 IT Training Spring 2011
www.bcs.org/ittraining
Update
A round-up of the latest news and developments for IT training professionals
A survey by SkillSoft found
that over 80 per cent of
UK managers expect their
training budgets to
either remain static or
increase over the year ahead.
Two-thirds are saying that they
have not been affected by the
difficult economic conditions.
The survey of 96 business
decision-makers also revealed
that 95 per cent now matched
their training provision to
business goals and strategy in
order to measure return on
investment.
These findings were
mirrored in a study undertaken
among a larger group of 748
organisations in the US by
Bersin & Associates, which
established that companies saw
a two per cent increase in their
training budget after two years
of double-digit cuts.
IT is seen as one of the
key drivers for revenue
growth in 2011, a survey
of more than 2,000 CIOs by
Gartner found. While CIOs
do not report IT budgets
returning to their 2008 (prerecession) levels, the number
of those experiencing budget
increases in 2011 outnumbered
those reporting a cut by
almost three-to-one. CIOs
are also expected to
adopt new cloud services
much faster than originally
thought, with the percentage
of those running IT in the
cloud or on SaaS technologies
forecast to rise from three per
cent to over 40 per cent.
06 IT Training Spring 2011
Growth in IT sector jobs
A survey by KPMG and the Recruitment and Employment Confederation (REC) found a skills
shortage in .Net and Java development for temporary roles as there was an increase in IT sector jobs
in December 2010, which occurred mainly in the private sector.
Yet despite this potential of
IT to drive a company’s growth
and competitive advantage, a
study of 1,000 IT professionals
by Virgin Media Business
showed that over 40 per cent
went into IT with the belief
that they could change how
it was perceived across the
business and bring real change
to their company, but over
two-thirds say they’ve failed to
achieve their personal goals in
their job. The study found that
London is home to the most
frustrated IT workers, with
three in four admitting that
they’ve fallen short of changing
the way that the IT department
is perceived across their
organisation.
2011 could prove to be
the tipping point at which
IT becomes integral to
business strategy, but
the shift will only happen if
the profession can overcome
its perception as a non-critical
implementer, according to
Modis International, a global
leader in IT recruitment.
Modis’ research found that
while the majority of IT leaders
were under pressure to develop
transformational changes for
their businesses, traditional
views of IT’s function were
holding back the pace of
change.
www.bcs.org/ittraining
Update
The next few years will
see a big increase in the
number of recruits needed
in the IT industry, with the
industry set to grow five times
faster than the average UK
industry. A report by e-skills
UK said that employment in
the IT industry over the next
10 years is expected to grow
by 2.19 per cent a year, which
means over 100,000 new
recruits will be required to keep
pace with demand.
While this is a positive
development, e-skills UK
expressed concern with figures
showing that the proportion of
IT and telecoms professionals
under the age of 30 had
declined from over 30 per cent
in 2001 to only 19 per cent in
2010. E-skills predicted that the
UK economy could be boosted
by £50bn over the next five to
seven years by exploiting the
full potential of the technology
sector.
The lack of qualified
IT staff also hinders IT
department recruitment,
according to research
conducted by CompTIA.
Almost two-thirds of the
1,385 IT managers surveyed
said their IT department was
understaffed and planned to
recruit in 2011, but 60 per cent
also voiced concerns about
finding new employees next
year, while 31 per cent said they
will struggle to retain existing
workers.
The research found the
most in-demand skills are
project management, database
administration, business
intelligence, PC and technical
support, cloud/software-asa-service as well as network
administration, virtualisation
and security. Most recruiting
IT managers (78 per cent)
said candidate certifications
and experience are a high or
medium priority in hiring.
www.bcs.org/ittraining
Supplier briefs
Andy Green new
Chair of e-skills UK
Name change at Kaplan
STT Trainer, Atlantic Link and
E-skills UK, the sector skills
Perform IT, former brands of
council for IT, has appointed Kaplan IT Learning (KITL),
Logica CEO Andy Green
are now operating under the
as its new Chairman. Andy
new company name of Kaplan
Green replaces Larry Hirst
Learning Technologies (KLT).
CBE, who will retire as
Over the past five years, Kaplan
Chairman of e-skills UK and IT Learning has expanded its
as Chairman of IBM Europe, products and services to meet
Middle East and Africa.
the growing needs of clients
around the world. In 2005, it
Cyber skills in short
acquired STT Trainer, in spring
supply
2009 it added Perform IT and
Recruiting and retaining
in 2010, Atlantic Link joined
people with cyber skills is one the company.
of the top challenges to law
SumTotal buys
enforcement, says the head
GeoLearning
of the Metro Police Central
Talent management
e-Crime Unit (PCeU), a
solution provider SumTotal
unit that is also tasked with
acquired managed services
improving national police
and on-demand learning
cyber capabilities.
As professionals with these management software (LMS)
skills are in short supply and provider GeoLearning. The
acquisition extends SumTotal’s
high demand, they often
string of mergers with other
move into the private rather
software companies and places
than the public sector. The
PCeU has started drafting in SumTotal in the lead among
LMS and talent management
expertise from the financial
companies, further distancing
and other key industrial
Saba, the nearest in size.
sectors.
Content Master
New certification in
and Jonckers form
storage networking
strategic partnership and information
Content Master, part
management
of CM Group, and
Jonckers Translation &
Engineering have formed
a strategic partnership to
provide e-learning and
other education, training
and reference materials
for clients who create
and deploy e-learning
programmes worldwide. The
two companies have now
integrated their production
processes to create, localise
and distribute learning
materials for their customers
on a global scale.
CompTIA and the Storage
Networking Industry
Association (SNIA) are
collaborating to develop and
market a new professional
certification for IT workers
responsible for storage
networking and information
management.
The credential ‘CompTIA
Storage+ Powered by SNIA’
will be a comprehensive
validation of the knowledge
and skills necessary to
support various solutions and
technologies in data storage,
storage networking, data
protection and the underlying
interconnect technologies.
A beta release of this new
examination and certification is
scheduled for Q2 in 2011 with
global availability in the second
half of 2011.
e2train acquires
Intraventure
Learning and performance
management system
provider e2train acquired
Intraventure, a provider
of succession planning,
talent and performance
management software and
services. e2train is the UK’s
largest supplier of learning
and performance management
systems and services. Both
organisations work for leading
blue chip organisations and
governmental bodies.
OU aligns higher
education with SFIA
The Open University (OU)
has developed a set of tools
and resources to enable
employers to identify
appropriate higher education
modules, qualifications and
continuous professional
development courses using the
internationally recognised Skills
Framework for the Information
Age (SFIA).
The OU has recently become
a SFIA Accredited Partner
and has developed tools that
will enable employers of
IT professionals to browse
potential courses and
qualifications available against
the SFIA skills required for
each role. By combining the
necessary SFIA skills for
professional profiles and
job descriptions, a skills
development path can be
identified.
Spring 2011 IT Training 07
Update
Alan Bellinger
L&D in 2020
BCS Learning and
Development
Specialist Group
Making new connections
What will L&D look like in
2020? To get some clues I
would refer you to a new report
from Forrester with the very
long title ‘IT’s Future in the
Empowered Era: Sweeping
Changes in the Business
Landscape Will Topple the IT
Status Quo’. The question that
lingers throughout the report
is whether corporate IT, as we
know it today, will even exist
in 2020.
Three forces are bearing
down on IT and will likely
have long-lasting ramifications,
according to the report. The
three trends include businessready, self-service technology
(including cloud and SaaS
adoption); empowered, techsavvy employees who don’t
think they need corporate IT;
and a ‘radically more complex
business environment’.
The interesting point is
that these three forces also
affect L&D. The first – new
applications in the cloud – has
the rather trite consequence
that L&D is no longer
dependent on IT for access to
learning technology; you can
get it wherever and whenever
you want. But the rather more
significant impact is that
application readiness is no
longer limited to Office and
ECDL. The term ‘application
readiness’ is an interesting
one, and I suggest that L&D’s
mission is not simply to
ensure that employees can
use technology, but rather
applications.
‘Empowered, tech-savvy
employees’ is definitely the
second major impact on L&D;
08 IT Training Spring 2011
it is the catalyst to change
L&D from its current ‘push’
approach to a ‘pull’ approach
as learning becomes more
embedded in work. L&D needs
a completely different mindset
to operate in the pull world
rather than the push world –
fundamentally, it’s the change
from controlling to facilitating.
But I believe it’s a given that we
will need to make that change
– and sooner rather than later.
That’s the fundamental reason
why business professionals
want L&D to keep their hands
off informal learning – the fear
that they’ll come in and start
trying to control it.
Forrester’s final point is
the one about increasing
complexity in the business
environment. And this is where
I feel the analogy between the
IT world and the L&D world
fails; or at least it does fail if
L&D fails to step up to the
issue. Let me explain; certainly
there will be increasing
complexity – and that will
affect the way in which we
deploy technology. But the
area that will have the greatest
impact on this complexity will
be the combination of analytics
and business management.
This, in turn, highlights the
biggest change that we as L&D
professionals need to make.
We not only have to focus
on performance rather than
training, on working smarter
and on embedding learning
into work; we also need to
be totally analytics-savvy and
use analytics to fuel the pull
approach to building capability
in the enterprise.
The BCS L&D Specialist Group
has acted upon a recent survey
in which its members expressed
a clear desire for the committee
to build relationships with
other relevant bodies.
The first such body is the
Worshipful Company of
Information Technologists
(WCIT). A Memorandum of
Understanding establishing a
formal partnership between
the BCS L&D SG and WCIT’s
Education Committee is
awaiting signatures, and will
open a wide range of events to
members of both organisations.
Most importantly it will
provide a framework for the
planning of joint events.
The City of London’s Livery
Company’s grew out of the
medieaval guilds and now
form a vital part of the City’s
constitutional fabric and
history. The WCIT received
its Royal Charter in June 2010
and currently has around
750 members, comprising
many of the most eminent IT
professionals (such as Sir Tim
Berners-Lee, Vint Cerf and
several former BCS Presidents).
The company has four key
themes: charity, education,
industry and fellowship.
Two of our committee
members, Paul Jagger and
Kevin Streater, have recently
been elected to the Freedom
of the WCIT, and the SG
committee already have
plans for similar MoUs with
a number of other leading
bodies that support workplace
learning in the field of IT.
L&D SG Committee Member Ed Monk
Profile
Ed Monk, Managing Director
at IITT since 2006, became
involved with the organisation
in 1998, when he worked as
operations manager for IT
Training. After successfully
building the magazine’s profile,
Ed joined the Institute, first
running the sales and then the
business development team.
His involvement with the
BCS L&D Specialist Group
began in 2010, when he was
invited by Jooli and members
of the board to join the
group. He is passionate about
raising the profile of the
L&D professional, especially
in the IT sector where, very
often, they are not necessarily
considered as ‘equals’.
Apart from his interest
in anything ‘L&D’, Ed plays
classical guitar, is fluent in four
languages and has set himself
two major goals for 2011: to
run the Berlin marathon and
begin learning Japanese.
www.bcs.org/ittraining
Deedgijc>In
89I"J^[9^Whj[h[Z?dij_jkj[\eh?J$
9^hXdkZg]dlWZXdb^c\V78HbZbWZg
XVcdeZcjei]Zdeedgijc^i^Zh!hjeedgi
VcYigV^c^c\ndjcZZYidhjXXZZY^c>I#
K^h^illl#WXh#dg\$deedgijc^in
@cdlaZY\ZGZXd\c^i^dcCZildg`^c\
SA
'OOD(2MAKESGOODBUSINESS
*
%
15
VE
Subscribe to Human Resources
It is people that determine an organisation’s competitive advantage.
A subscription to HR magazine will equip you with the latest issues in HR &
people management, helping you make the most of your staff and your business.
In-depth articles exploring the cutting edge of HR thinking
Invaluable insights via new and exclusive research
Best practice from HR strategists at the world’s top companies
Regular interviews with top names in business and people management
PLUS excellent regulars such as People on the Move and Hot Topic
Subscribing is easy
SUBSCRIBE
TODAY
FOR ONLY
£75.65*
08451 55 73 55 and quote HRMAG10
@
[email protected]
www.haysubs.com/hrmag10
*Direct Debit payment option – £75.65. Saving 15% against the annual cover price of £89.00
' & % $# "!
"#
"
%
"
Order details
" & !
HRMAG10
" %
"
#
% " ! !
#
Please choose one of these three options
Direct Debit
Yes, I would like a subscription for:
N I would like to pay by Direct Debit for £
Bank/Building Society account number
< £75.65 Direct Debit (saving 15% on 1 year rate)
< £89.00 Standard 1 year rate
< £160.20 Standard 2 year rate
Branch Sort Code
NNNNNNNN
Your details
Mr/Mrs/Miss/Ms
#
NNNNNN
Name and full postal address of your Bank or Building Society
Initials:
To:The Manager
Surname:
Bank/Building Society
Address
Job Title:
Company:
Address:
Reference Number – For office use only NNNNNNNNNNNN
Cheque
Postcode:
Tel:
N I enclose a cheque for £
Fax:
made payable to Haymarket Publishing Services Ltd
Credit/Debit card
Email:
N Please charge my credit/debit card for £
VISA/Mastercard/Maestro/Other (delete as applicable)
By signing up for a subscription, Haymarket Media Group will automatically provide you with information
relating to your subscription and other Haymarket-related products or services via email, direct mail or
telephone. Please help us to communicate with you by providing your current business email address in the
space provided. Open to UK subscribers only.
From time to time, Haymarket Media Group, will allow carefully selected third parties to contact you about their
products and services. Please indicate your preferences below.
< Yes I would like to receive carefully screened and work-related emails from third parties
< Please tick here if you do not want to receive work-related direct mail from carefully selected third parties
< Please tick here if you do not want to receive relevant work-related information by telephone from carefully
selected third parties
Card number
Expiry Date
NNNNNNNNNNNNNNNN
NN / NN Issue No NN(Maestro only)
Instructions to your Bank or Building Society to pay by Direct Debit
Originator’s Identification Number 756025. Please pay Haymarket Media Group Direct Debits from the account detailed in this Instruction
subject to the safeguards assured by the Direct Debit Guarantee. I understand that this Instruction may remain with Haymarket Media Group and,
if so, details will be passed electronically to my Bank/Building Society.
Please return coupon to: Haymarket Subscriptions, FREEPOST SEA10115, Southall, UB1 2WH
"
"
"
"
& # "
" @
# & %
!
#
& !
Trainer to trainer
On the ground
How do you optimise training for mixed seniority groups?
We know that interactivity in
a formal training course has
a beneficial impact on learning
retention and when individuals
share knowledge with each
other in more informal
ways, it helps to further
reinforce learning.
However, learners tend to
be more open if the group
contains individuals at the
same or similar levels of
seniority; mixed groups can
be more inhibited.
These barriers can be
broken down by taking
action in advance to level the
playing field. For example,
short introductory e-learning
courses can ensure everyone
has the same basic level of
understanding, so no-one
risks looking foolish.
Similarly, organisations
can benefit from establishing
social learning communities
where learners get to know
one another in advance,
identify shared interests and
experiences and list desired
outcomes for the course.
This is particularly helpful
in enabling lower-level staff
to get to know higher-level
managers as individuals – and
vice versa – thus building trust
and openness.
Such interaction affords
individuals with different skills
and abilities an invaluable
means of looking at the
subject matter from different
perspectives and enriches the
learning experience.
Moreover, if learners can
interact via online networks
after the training, they can
maintain the relationships they
have developed and call upon
their new network for advice.
This has the added benefit of
capturing vital information
for future knowledge sharing.
In short, social learning can
significantly improve training
outcomes among mixed
seniority groups.
Vincent Belliveau, Cornerstone
OnDemand
More advice and tips at:
www.bcs.org/ittraining
Advisers:
Jooli Atkins, Matrix FortyTwo
and Dave Britt, BCS Trainer of
the Year 2006.
Breaking developments
How to create and encourage online learning communities.
1.
2.
Online learning communities
must engage learners, provide
a true sense of community
collaboration and, most
importantly, provide an
environment where quality
learning and knowledge
transfer can take place. Here
are the top five steps to make
your learning community a
success.
www.bcs.org/ittraining
3.
Define your learning
domain. Make sure you
define your learning
domain and ensure that
community members
understand and share its
goals
Provide quality content.
The focus must be on the
content and not on the
user interface. A quality
learning experience
requires quality content.
Make an appropriate
technology choice. The
technology choices to
support online learning
communities are cheap
and plentiful. However,
some solutions are better
equipped than others to
encourage a vibrant and
•
•
•
•
4.
successful community,
supporting:
multiple media formats;
synchronous (instant
messaging, chat and voice
communication) and
asynchronous (email,
discussion boards and
possibly Wikis) forms of
communication;
presence awareness so
that you know who else is
online with you;
file sharing so users can
upload and share files.
Establish policies and
procedures. Who is
allowed to upload content?
What type of content is
permitted? Who are the
moderators? What is your
privacy policy?
5.
Encourage feedback. You
need ways of monitoring
the effectiveness of the
learning content and the
learning community as
a whole. Your solution
may include surveys,
assessments and
community-based (star)
rating schemes.
To succeed, your online
learning community must
encourage all participants to
be active, sharing their own
knowledge and experiences to
help each other. Your role is to
facilitate this with a friendly,
safe and easy-to-use solution
that they will both enjoy and
find valuable.
Alex Mackman, CM Group
Spring 2011 IT Training 11
Certification Ethical hacking
Securing the defences
Security of IT systems is a major issue in a world where they are
becoming more and more ubiquitous. One way to test defences
is by launching your own ‘friendly attack’ – employing penetration
testers or ethical hackers to find any potential weak spots.
In autumn 2010, an ‘ethical hacking’
experiment conducted in six cities
across the UK showed that almost
half of private Wi-Fi networks
could be hacked in less than five
seconds, even if they were passwordprotected. A report published
around the same time by internet
security and anti-virus specialist
Norton found that more than half
of UK adult internet users had been
the victim of a cybercrime at some
point.
In the corporate world, a cyber
security monitor report by BAE
Systems found that over 80 per
cent of companies believed that
cyber criminals were innovating at
a quicker pace than their security
measures.
12 IT Training Spring 2011
IT security issues featured big
in 2010 – from the Stuxnet worm
to ‘hacktivism’ in the wake of the
arrest of WikiLeak’s founder Julian
Assange, to scares about data
leakage on Facebook. In January this
year, the Organization for Economic
Cooperation and Development
(OECD) published a study that
found that attacks on computer
systems now have the potential to
cause global catastrophes, though
only in combination with another
disaster.
In the face of these ‘scares’, it is
not surprising that the demand for
IT security specialists is growing
at a rapid pace. ‘We have seen a
tremendous surge in information
security certified training
With the
rate of
cyber
attacks
doubling
each year,
IT security
has become
a valuable
profession
requirements,’ says Jay Bavisi,
President of International Council
of E-Commerce Consultants
(EC-Council), an organisation
that offers, among others, CEH,
the Certified Ethical Hacker
certification.
‘White hats’
One such specialist is the ‘ethical
hacker’ – another name for what
is also known as penetration tester
(note that there has been much
debate on whether the term ‘ethical
hacker’ is appropriate, with some
claiming that it is a contradiction
in terms – in this article, the terms
will be used interchangeably). With
the rate of cyber attacks doubling
every year, IT security has become a
valuable profession, and many in the
role of ethical hacker now demand a
six-figure salary.
An ethical hacker is usually
someone who is employed by an
organisation and can be trusted to
penetrate networks and/or computer
systems using the same methods
as a hacker would. The purpose
is to find, and then fix, computer
www.bcs.org/ittraining
Ethical hacking Certification
Certifications
security vulnerabilities. While illegal
hacking is a crime in most countries,
penetration testing or hacking
done by request of the owner of the
targeted system or network is not.
Ethical hacking in this sense
came about in the 1970s, when
the US government started using
groups of experts to hack its own
computer systems, and then became
increasingly widespread outside the
government and technology sectors.
An ethical hackers is sometimes also
called a ‘white’, a term that comes
from old Western movies, where the
‘good guy’ wore a white hat and the
‘bad guy’ wore a black hat.
Risk detection
While there is growing awareness
of the threats of cybercrime,
ignorance or maybe carelessness
regarding security issues still seem
to pervade both the world of private
and corporate IT. This is shown in
the BAE Systems report referred
to above, which also found that
companies were still confident about
the traditional tools they used, such
as firewalls, anti-virus programs and
www.bcs.org/ittraining
A report
found that
over 80
per cent of
companies
believed
that cyber
criminals
were
innovating
at a quicker
pace
than their
security
measures
The Council of Registered Ethical
Security Testers (CREST) is a
non-profit association created to
provide recognised standards and
professionalism for the penetration
testing industry.
For organisations, CREST
provides a provable validation of
security testing methodologies
and practices, aiding with client
engagement and procurement
processes and proving that the
member company is able to
provide testing services to the
CREST standard. It offers three
certifications: CREST Registered
Tester, CREST Certified Tester
(Infrastructure) and CREST Certified
Tester (Web Applications). It also
certifies companies.
www.crest-approved.org
The Information Assurance
Certification Review Board (IACRB)
manages a penetration testing
certification known as the Certified
Penetration Tester (CPT). The CPT
requires that the exam candidate
pass a traditional multiple choice
exam, as well as pass a practical
exam that requires the candidate to
perform a penetration test against
live servers.
www.iacertification.org
SANS provides a wide range
of computer security training
arena leading to a number of
SANS qualifications. In 1999,
SANS founded GIAC, the Global
Information Assurance Certification,
which, according to SANS, has
been undertaken by over 20,000
members to date. Two of the
GIAC certifications are penetration
testing specific: the GIAC Certified
Penetration Tester (GPEN)
certification and the GIAC Web
Application Penetration Tester
(GWAPT) certification.
Offensive Security offers an ethical
hacking certification (Offensive
Security Certified Professional).
The OSCP is a real-life penetration
testing certification, requiring
holders to successfully attack and
penetrate various live machines
in a safe lab environment.
Upon completion of the course
students become eligible to take
a certification challenge, which
has to be completed in 24 hours.
Documentation must include
procedures used and proof of
successful penetration including
special marker files.
www.offensive-security.com
The Tiger Scheme offers two
certifications: the first is Qualified
Security Tester (QST), an entrylevel qualification that is obtained
after successfully passing a written
examination set by the
Examining Body or by submitting
evidence of a recognised
qualification (e.g. certain MSc
courses). The second is the
Senior Security Tester (SST),
which requires the candidate
to pass a practical examination
demonstrating
network security vulnerability
analysis skills and to successfully
pass an interview in order
to demonstrate both their
understanding and their ability
to communicate their findings.
www.tigerscheme.org
The International Council of
E-Commerce consultants certifies
individuals in various e-business
and information security skills.
These include the certified ethical
hacker course, computer hacking
forensics investigator programme,
licensed penetration tester
programme and various other.
www.eccouncil.org
www.giac.org
Spring 2011 IT Training 13
Certification Ethical hacking
web filters. The report noted that
‘such a high degree of confidence
in existing defence systems was
surprising’, adding that ‘it suggests
that the reality and impact of the
threats are not visible to business or
that attacks are already happening
below the radar of their traditional
defences.’
Robert Chapman, CEO of
Firebrand Training, which has
been running Certified Ethical
Hacker (CEH) courses for several
years now, sees the same worrying
signs: ‘Firebrand has trained
hundreds of ethical hackers over
the past decade. However, major
companies – and indeed individuals
– still refuse to see the very real
threat of cybercrime. The biggest
concern is that hackers can threaten
national security, and cripple major
organisations. A company is only
as strong as its weakest link, and
if its employees are not aware of
the potential pitfalls, that company
could be destroyed with one
moment of carelessness.’
Ensuring ethics
Every
student
must
sign an
agreement
to ensure
that they
don’t use
their new
skills
illegally
As ethical hacking can easily reveal
sensitive information about a
company, many security firms take
care to show that all their employees Robert Chapman,
Firebrand Training
adhere to a strict ethical code, and
there are a number of professional
and government certifications
that vouch for a company’s
trustworthiness and conformance to
industry best practice (see box out).
‘The role of an ethical hacker
comes with responsibility,’ stresses
Robert. ‘Before we begin our fiveday course, every student must sign
an agreement to ensure that they
don’t use their new skills illegally.’
Only once they have signed the
agreement form do students receive
the course pack, which contains,
among other things, manuals,
DVDs with self-study material and
a large selection of tools. The second
module of the course itself then
covers hacking laws in the UK, the
US, in Europe and various other
countries.
14 IT Training Spring 2011
Certifying skills
Ethical hacking certification
programmes aim to equip people
with the ability to understand
and know how to look for the
weaknesses and vulnerabilities
in target systems, using the same
knowledge and tools as malicious
hackers. Much is based on offering
students practical experience in a
hands-on environment where they
can scan, test, hack and secure their
own systems.
Mark Rouse, Director at FTI
Consulting, who took the CEH
course with Firebrand Training,
found one of the most interesting
elements of the course was
discovering how readily available
hacking tools were. ‘The reason I
took the qualification was to get
a comprehensive grounding and
understanding of the different
tools and techniques that could
be used by a fraudster to hack a
corporate database system,’ he
says. ‘Up until then, my primary
focus was in using technology and
techniques to uncover the hidden
and usual patterns, relationships
and anomalies in data that are
symptomatic of potential fraud.
Studying for the certification
has allowed me to explore a
further avenue of hi-tech fraud
investigation, that of database
intrusion and compromise
detection.’
Others look at certification as
a stepping stone in their careers
development. Scott Dougherty, for
example, decided to take the CEH
course with Firebrand as part of
his career goal of working in the
computer security field. ‘I took a
number of certification courses
from 7Safe, and during these
courses I met various people who
had done the CEH course and they
commented how their employer
had specified this course as a
prerequisite for security jobs,’ Scott
explains. ‘The other qualification
that was mentioned was CISSP.’
‘I found the whole experience
very rewarding,’ he adds. ‘There
was a lot of information to take
in and a lot of tools to get familiar
with. The breadth of the tools
presented allowed me to refine
my “toolkit” to be used in
penetration testing.’
www.bcs.org/ittraining
SFIA Conference
Building skills
BCS remains an active member
of the SFIA Foundation, and its
standard, SFIAplus, offers greater
detail on the skills required for each
role and the necessary development
to progress through the ranks. The
Institute is planning to update the
standard in line with SFIA version 5.
At the conference, multinational
health care company KimberlyClark presented how SFIAplus
helped them to develop their
in-house IT talent.
Why SFIAplus
The tenth annual SFIA conference
took place on 1 December last year.
Here are some glimpses of the day.
The event hosted presentations
on technological trends such as
green IT, the use of social media
in business and the challenges of
ensuring business has the skills it
needs for tomorrow. SFIA is a skills
framework for benchmarking IT
skills. It was created over 20 years
ago from information donated by
BCS, The Chartered Institute for IT.
The SFIA framework is regularly
updated by academics and industry
to represent the current skills and
responsibilities IT staff require. The
most recent update, which will be
released in December 2011, has
seen sustainability skills introduced
to reflect this growing area in IT.
Backed by the UK government
and translated into several
languages, the framework is used
all over the world.
www.bcs.org/ittraining
SFIAplus
allowed
us to
standardise
roles and
tailor them
to the
specific
needs of our
customers
Gene Bernier,
Kimberly-Clark
Kimberly-Clark’s strategic focus on
growing talent coupled with rapidly
changing technology and increasing
demand to contain spend meant
that SFIAplus offered good value
for money. Employees were seeking
clearer understanding of their roles,
so the need to move fast with the
L&D standard was ever growing.
One of the reasons for using
SFIAplus was that it enables users
to build job descriptions quickly
and the descriptions can be edited
and added to so that they fit the
organisation. Once job descriptions
have been created, staff skills gaps
can be analysed, necessary skills be
identified and development plans be
created and managed.
Benefits
Using the framework also enables
individuals to create their own
development plans. ‘We now have
a basis on which to build future
talent management programmes,’
says Gene. Picking two or three
subcategories per job description,
the team found the process useful
to see where other IT departments
overlapped as well as where the
skills gaps were.
Recruiting has also been made
easier, as Gene explains: ‘With
detailed job descriptions and a
strong L&D strategy in place, we
can recruit more effectively into our
team and maintain the good work
we have done in the future.’
For more information on
SFIAplus, call 01793 417 747 or go
to www.bcs.org/sfiaplus
Dos and Don’ts
•
•
•
Approach and challenges
The multinational decided to roll
out SFIAplus using a pilot test
first. They focused on building
comprehensive role definitions
including skills and technical
requirements at specific job levels.
‘We found it a challenge aligning
our organisational role structure
with the SFIA job levels,’ says Gene
Bernier, Director of Integrated
Solutions Delivery. ‘Having
professional consultants really
helped us to overcome this and
build a sustainable model.
‘Also standardising some of
the roles in our company proved
difficult at times. However SFIAplus
offered the flexibility to tailor
roles to the specific needs of our
customers,’ he added.
•
•
•
•
Do couple SFIAplus job
development with your
organisation’s talent
management initiatives.
Do get the buy-in of senior
IT and HR management
from the start as successful
implementation is key.
Do invest in change
management and good
communication once job
descriptions have been
created.
Do invest in expert advice
when implementing
SFIAplus to ensure you fully
understand the impact of
your decisions and you get
it right first time.
Don’t roll out SFIAplus to
the entire IT department if
you are a large organisation
without running a pilot
scheme.
Don’t embark on building
skills into the job description
before you agree the role
structure.
Don’t let perfection be the
enemy of good progress.
Spring 2011 IT Training 15
Conference SFIA
A framework for the future
Kevin Streater, Executive Director, IT
and Telecoms at The Open University
(OU), looks at how the university is
helping employers tackle the IT skills
shortage through SFIA.
real business world. This means
dispensing with the traditional
course brochures and starting to
speak the industry language of IT
skills and competency rather than
certifications and accreditations.
The start of 2011 has seen concern
about imminent skills shortages
in the IT industry continuing to
grow. The latest e-Skills UK report
predicted IT sector growth up to
five times faster this year than the
UK industry average, with estimates
of more than 100,000 new jobs.
However this was accompanied with
strong concerns that, without urgent
changes to the way we develop our
IT professionals, the falling number
of IT graduates will starve the
industry of talent and create serious
skills shortages.
Recipe for success
Higher level skills
A large
number of
IT graduates
enter the
workforce
at a high
academic
level, only
to attend
lower level
training
courses
throughout
their career
From talking to employers it seems
a large number of IT graduates enter
the workforce at a high academic
level, only to attend lower level
training courses throughout their
careers. As a result there are far
fewer postgraduate qualifications
amongst IT professionals than
in other sectors like medicine,
engineering, accounting and law.
Kevin Streater, OU
Increasingly, IT departments
are operating in an environment
where graduates are frustrated
at the standard and relevance of
their personal development and
employers are concerned that the
graduates they take on lack the
skills and experience to transfer
their understanding of IT into the
workplace.
Speakers at the SFIA conference
described greater collaboration
between industry and education
as the first step towards a more
sustainable future. It’s up to us
in the education sector to better
understand how the courses we
offer fit within the structures of the
16 IT Training Spring 2011
The SFIA framework is the best
example in the UK of bridgebuilding between industry and
professional development. Over
the past year there has been greater
emphasis on harnessing business
expertise in the development of
accurate IT job profiles that meet
the capability requirements of
modern business. These have been
put together in association with
employers and break down the
business-driven competencies for
each role into a selection of skills
elements. From this analysis we see
a change in skills demand as you
work your way up the IT ladder,
where an initial focus on technology
skills gives way to an emphasis
on building interpersonal and
management competency.
These component skills can
then be mapped to a programme
of learning solutions that will
transform staff performance. In the
longer term CIOs and IT managers
can be enabled to create a skills
development path that will put in
motion a conveyer belt, turning
entry-level staff into the company’s
future senior management.
Sustainable growth
By working in partnership with IT
education specialists to develop
a professional development
programme that incorporates
short courses and higher level
education within a qualifications
framework, organisations will see
improved IT capability and will
ensure that capability is transferred
into real work situations. Whatever
the uncertainties around the
economic climate, one thing that
is increasingly clear is that the fate
of the IT and telecoms sector will
be central to the UK’s economic
recovery.
The e-Skills UK report predicted
the UK economy could be boosted
by £50bn over the next five to
seven years by exploiting the full
potential of the technology sector.
But as we have seen from concerns
over imminent skills shortages,
the assumption that we have the
workforce to fill a widening job
market is far from assured. If we
are to realise the potential role
our sector can play in the UK’s
economic recovery, then we need
industry to get on board with this
new learning approach.
In doing so we can create clear
career paths up to well paid senior
management roles that may even
help reverse the declining interest
in IT as career option for schoolleavers. A recent study by High
Fliers Research suggests that just
three per cent of the 16,000-plus
graduates it surveyed in 2010 want
to work in IT, down from 12 per
cent of graduates in 2000.
From our experiences working
with students and employers, a
lot of this dissatisfaction comes
from perceived barriers to the
senior management roles that offer
the greatest financial rewards. If
companies want to attract and
retain the best talent coming out of
university into entry-level positions,
they need to demonstrate clearer
career pathways supported by
intuitive and strategic staff learning.
With this change in IT education
underway, the onus is now on
industry to commit to this new
vision for producing and developing
our well-rounded IT professionals.
2011 could see unprecedented
growth in UK IT with far-reaching
benefits across our commercial,
government and public sectors.
www.bcs.org/ittraining
Develop your
IT workforce
without disrupting
the working day
Our professional development programmes can give
your organisation a competitive edge and your employees
the relevant practical, technical and managerial expertise
they need to work in today’s constantly changing global
IT & Telecoms environment.
Solutions range from IT professional practice,
enterprise software development, information security
management, systems integration, computer forensics
and project management, to awards in IT business and
management including our triple accredited MBA.
Your employees can study outside of working hours
using the latest learning technologies alongside ongoing
support from us and what they learn one day can be
applied the next.
Did you know?
• Our specialist programmes are developed by experts
in association with professional bodies, sector skills
councils, IT vendors and IT & Telecoms employers
• We’re the largest and fastest growing Cisco Academy
in the UK and among the top 5 universities for computer
science
• Our triple accredited business school is in the world’s
top 1%.
Develop your workforce
www.openuniversity.co.uk/it
[email protected]
0845 758 5097
Quote: ZAMAAG
INSPIRING LEARNING
The Open University is incorporated by Royal Charter (RC 000391), an exempt charity in England and Wales and a charity registered in Scotland (SC 038302).
Skills Virtual leadership
Leading – virtually
in three different time zones and
in at least two cultures you’ve no
experience of. Time to hand back
the promotion and scarper?
The reality is that many IT leaders
find themselves in just this sort
of situation, especially in today’s
increasingly interconnected world,
with the management of widely
distributed, heterogeneous teams
a necessity for a growing number.
More than technology
They’ve just given you a team of hundreds who
mostly are gone to bed before you’re logged in.
So what are the secrets of creating real team
spirit and effective leadership when your meetings
literally straddle the globe, asks Gary Flood.
So this morning they promoted
you to global CIO and the glass
of champagne you permitted
yourself at lunch is still fizzing
18 IT Training Spring 2011
round your system pleasantly. Then
they told you that as a result of an
unexpected merger you now run
a global team of hundreds of staff
While PowerPoint, email and
instant messaging have always
been part of the virtual manager’s
armoury, along with the good old
daily international mass conference
call, the rise of virtual collaboration
tools such as WebEx and Microsoft
Lync have created a new vision. Add
a bit of telepresence, SharePoint,
a soupcon of social media and all is
well, surely?
The temptation is to assume that
technology is all that is needed
here. However, that is just where
new virtual team managers make
their first mistake, say both experts
and veterans. It turns out that
making a team work where it may
involve individuals you’re very
likely to never meet in real life is
a lot more complicated – and
may even take formal training to
get right.
‘Technology can shrink
geographical distances, yes. But it
can’t make people feel closer
unless you work on that, too,’ says
Liz Timoney-White, learning
giant QA’s Learning Programmes
Director for Professional
Development.
‘It’s more than being able to see
your
face across a thousand miles,’
It’s more
adds
Ian
Mills, Chief Executive
than being
of performance improvement
able to see consultants Transform People
your face
International, a firm that has
trained managers in just this issue
across a
for corporations like Cisco and
thousand
American Express. ‘It’s also about
miles
etiquette, knowing that your
Ian Mills, Transform
People International “pants” is your American peer’s
“trousers” – and having real
www.bcs.org/ittraining
Virtual leadership Skills
insight into some basics of human
psychology and team dynamics.’
Attention to context
That’s not to say technology has
no role to play – far from it, it is
central, as we’ll see. But practitioners
counsel that attention paid to the
context of whatever communication
technology you will use is vital, or
you’ll end up with a collection of
people in different offices, not the
global team you are aiming for.
‘Leading geographically dispersed
teams effectively requires both
technological enablement and
some clarity on working practices
Flexibility
that reinforce/support the required
is key,
leadership style and team culture,’
especially
warns David Smith, CTO and CIO
for IT services supplier Fujitsu
where new
UK & Ireland. ‘In my experience,
technology
there is ultimately no substitute
and
for having a team spend time faceregional
to-face in the same location as
that interaction enables the teamdifferences
forming process. If you can’t do
are
that, it’s still perfectly possible to
concerned
create a high-performing team
Kevin Addington,
that collaborates and works
Global Knowledge
smoothly together, enabled by
technological solutions.’
‘As a CIO, it’s important to be
able to inspire your virtual group
and team leaders by providing clear
and positive communication. But
it’s vital to never become autocratic
and misunderstand the difference
between “business” and “personal”
communication – both are vital
to make this work. In fact, the
best thing you can do, if you find
yourself in this sort of position, is
to go to the other extreme and start
off by “overcommunicating”,’ adds
Allan Pettman, UK MD of training
firm Global Knowledge.
Culture change
Indeed, Pettman’s company is, in
the context of this article, not a
supplier of training for CIOs in this
position, but a case study, as he has
to do this every day. Or rather, his
colleague Kevin Addington, the
firm’s European IT Director, who
www.bcs.org/ittraining
manages a team across multiple
regions including Europe and the
Middle East, does.
Addington says that managing a
virtual team has had a direct impact
not only on the way IT systems
are being managed, but also onthe
tools that are being used as part of
everyday working life. The merging
of roles is an inevitable consequence
of smarter and more efficient IT
systems – a cultural change aspect
that needed careful handling to get
accepted.
‘What would have originally
taken a team of 14 can now be
done by one person,’ Addington
continues. ‘As an IT director,
it’s important to be aware of the
consequences and manage these
changes effectively from region
to region.’
Moving to a virtual team basis
of over 750 staff has brought some
inevitable challenges, he says – but
has also made some outstanding
contributions, prompting both
organisational and team success.
‘From my perspective, flexibility
is key, especially where new
technology and regional differences
are concerned.’ he explains. ‘That’s
been revolutionary in bringing the
team closer together and boosting
morale – it’s as simple as walking
over to someone’s desk. The country
managers and home workers now
feel more connected to the office,
which in itself has dramatically
reduced communication barriers.
For example, we recently deployed
a cross-country IT team for
an important system upgrade.
Microsoft collaboration technology
was key in creating a quick team
dynamic, giving us agility and
breaking down barriers in team
discussions. As a result, we were
able to deliver meaningful changes
over a short implementation period.’
It’s worth pointing out at this
point, by the way, that we’ve
assumed that your difficulties will
mainly lie in making people coalesce
as a team who don’t speak English
as their first language. However,
actually there may be people who
speak the Queen’s English and who
work downstairs you also may find
a bit opaque, as Fujitsu’s David
Smith notes: ‘GenYers [young
people between 16 to 25] do have a
different set of expectations coming
into the workforce and so present
different leadership challenges
– mix that with the stereotypes
or cultures that value face-to-face
interaction and it becomes an
interesting skillset to mould all this
into a high-performing team.’
Top tips for virtual management
‘Make your information environment as rich as possible. Regularly
scheduled Skype calls, video conferencing and advanced mobile
applications have made remote management a painless task. Our success
is due in part to our superior technology, but mainly to the enthusiasm of
our people. Here we have an intranet that links all our hundred developers
with email, documents, PDFs, videos, sales engagement forms, CRM,
down to people’s birthdays. It all helps to make people feel they are part
of a real global family.’
– Helmut Reketat, Global Sales Leader at German IT security firm
G Data Security
‘Processes and governance are also very important to make a global team
work as one. Consistency and clear communication of what I expect from
my 600 employees is vital. As leader, I think that’s very much part of what
you have to reach out and establish from the start.’
– Mandy Edwards, CIO of Sitel, a global outsourced call centre specialist
Spring 2011 IT Training 19
Skills Virtual leadership
‘Overcommunciation’
The task, then, is not just making
sure all your team have as much
connectivity software on their
desks as they can to see other
members via webcam, to share
project resources and so on. It’s also
about putting a priority on people
skills – what Pettman means by
‘overcommunication’.
Expert virtual managers thus need
to have – or need to be coached in
and encouraged to develop – solid
skills around awareness of self
and others. ‘It can be as subtle as
taking time to explain the unspoken
things in your office, as much as
establish the lines of hierarchy and
communication,’ suggests QA’s
Timoney-White. ‘When do people
leave the office in London? Do
people eat at their desks? If you’re in
Bangalore, that kind of thing can be
very useful to know, as you’ll know
if you have any chance of finding
someone at a specific time to ask
a question. You may also need to
be explicit that it’s OK to ask your
boss’s boss things, which in his
culture may not be allowed.
‘You need to think less about
telling and controlling, basically,
and think more about ways to foster
genuine cooperation and sharing.’
So – no need to panic and run out
of the building. You can manage
that virtual team of hundreds in
You need
to think
about ways
to foster
cooperation
Liz Timoney-White,
QA
all those exotic parts of the world.
But don’t even start until you have
assimilated some best practice
on making bonds work through
technology, boned up on some
cultural awareness and acquired
a commitment to make a real
mini online community of your
new team.
Resources
Transform People International, based in Newbury, which specialises in learning and
development consultancy in the areas of leadership, management, sales, collaboration
and communication, says it recently trained 4,000 IT staff at Royal Bank of Scotland
in remote working skills www.transformpeople.com
Confronted with the need to understand some of the subtler cultural clues of the way
people work in other countries? You may find these sites useful
www.kwintessential.co.uk/cross-cultural
www.worldbusinessculture.com/
At least two organisations offer specific training and/or mentorship to CIOs faced with global
team integration and leadership responsibilities. Go here for the QA course, but note that it
tends to be run as a bespoke course, hence there are not many public dates:
www.qa.com/mpdlvt
HRD Conference and Exhibition
6–7 April 2011, London
SPARK NEW IDEAS TO SOLVE YOUR
L&D AND TRAINING CHALLENGES
•
Over 30 conference sessions covering training, E-learning, OD,
coaching, talent and more.
•
Attend the FREE exhibition: meet top suppliers and attend
free topical updates.
•
Visit the Professional Development Zone and network in the
NEW HRD Interactive Zone.
FIND OUT ABOUT HRD 2011 TODAY
cipd.co.uk/trainingsolutions
20 IT Training Spring 2011
www.bcs.org/ittraining
Strategy Budget
Public sector
Moving forward
in 2011
Do you have your new budget yet? If you do, then how did you
get on? And if you haven’t, then what should you expect?
Alan Bellinger sets a framework.
In the last issue I set out some
strategic planning assumptions
for 2011 and sought collaboration
on them. There were twenty
planning assumptions in all; and
people found most of them generally
acceptable. However, there was one
area in particular that attracted a lot
of debate – the issue of budgets.
In researching this issue it has
become clear that there is an
enormous level of variation – far
more than I had anticipated in the
last article – and that has led me to
develop a model that explains the
way in which budget expectations in
different sectors are moving.
Market model
To make sense of this massive
variation, I have developed the
following model that looks at the
range I was hearing about in the
collaboration exercise we followed.
22 IT Training Spring 2011
The model starts with an obvious
There was
split – the public sector and the
one area in
private sector (I accept that there’s
an argument for charities and others particular
to be referred to as the third sector – that
but, for simplicity, I’ve treated them
attracted
as ‘quasi-government’).
a lot of
Figure 1 highlights the spread
that I have been hearing of from the debate –
different sectors – the upper figure
the issue of
in the table represents the top 10
budgets
per cent and the lower figure is the
Alan Bellinger
lower 10 per cent. So, to check how
you did, simply pick your cell.
Admittedly, this is a very
simplistic model as it ignores criteria
such as the size of your organisation
or the market sector in which an
organisation operates. Those factors
will skew your eventual budget
to one end of the range, but it’s
interesting to see that a company’s
performance profile seems to be the
key determinant.
I’ve split the public sector into
the conventional central and local
government; but the third sector
here is something of a misnomer.
Although I’ve used the term ‘quasigovernment’, I’m not referring
specifically to quangos. Rather,
I have included organisations
like the emergency services and
organisations that are close to
the public sector and are largely
dependent on the public sector for
their funding.
From all the people I’ve spoken
to over the last couple of months,
it’s clear that the public sector
is having a very hard time at the
moment. However, although
initially there was a fair level
of doom and gloom, that soon
changed and I’ve noticed now that
there is a far more positive view
emerging across different types of
organisations in the public sector.
This positive attitude is almost
totally dependent on the approach
that the public sector operation is
taking to the budgetary constraints.
It ranges from ‘better skills leads
to efficiency savings’ to ‘we can’t
afford any training.’ However, the
number of organisations that are
turning towards the first approach
(skills equals savings) is growing
significantly.
Now that’s not to say it’s business
as usual; the focus is much more
on enabling staff to work smarter
rather than bringing back lots of
training schedules. But it’s certainly
a case of finding critical areas in
which focused training can lead
to productivity enhancements. In
short, the performance mindset
rather than the training mindset.
I found that this performance
mindset was especially prevalent
among police forces, where there
is a strong focus on operational
capability and the effectiveness of
back-office services, and among
local government, where the centre
of attention for IT training tended
to be application readiness. What
an interesting move – from ECDL
www.bcs.org/ittraining
Budget Strategy
as the evidence for IT capability to a
clear focus on applications and what
they represent in terms of service to
the citizen.
Public sector
Private sector
The A organisations were setting
extremely challenging goals for
2011. In the vast majority of
cases there was a strong focus on
performance objectives, and the skill
sets that were being defined were all
closely mapped to the organisation’s
specific needs. The idea that training
has become a commoditised service
was long gone.
I believe that this is symptomatic
of the role of leading-edge
organisations in 2011; the idea
that L&D can pick solutions from
www.bcs.org/ittraining
**
Local government
ABC model
There are many ways to classify
operations in the private sector, and
I have chosen to ignore the two most
popular. Firstly, while the sector
in which they operate (e.g. retail,
telecoms, finance etc.) is certainly
the most popular method of
classification, I couldn’t find much
commonality in that classification.
The second classification is based
on size, and again, there was little
commonality in budget expectations
and size of the operation.
The Gartner Group use the ABC
model to define organisations’
approach to new technology
adoption – the As tend to adopt
I firmly
it rapidly, the Cs are the laggards
believe
and the Bs fit in between. I have
adapted this model to refer to
that the IT
high, medium and low performing
department
enterprises. For example, if we take
is one of
the recently reported sales figures
L&D’s key
over the Christmas period, Ocado
reported superb results and would
challenges
clearly be in the As. Sainsbury’s and in 2011
Tesco’s results were pretty good and Alan Bellinger
therefore they’d be in the Bs. And
HMV would clearly be in the Cs.
There was a very high correlation
between the ABC classification and
the way that budgets were trending,
and this is what I’ve shown in the
table above.
Central government
Quasi-government
Private sector
A’s
****
B’s
**
C’s
*
Figure 1: L&D budgets
a smorgasbord of options from a
range of providers is somewhat past
its sell-by date. As a consequence,
training providers that are able to
advise on different approaches,
adapt their content to the specific
needs of the client and support the
business in the deployment process
are the ones that are having a better
time at the moment.
The B organisations also tend to
look for specific solutions, but are
likely to go for standard options
(specifically scheduled courses) if
there is a small audience. Among
those I have spoken to,
B organisations tend to be
rather more risk-averse and seek
comprehensive justification for
their actions before commencing.
In this group, there is a higher focus
on compliance and on successful
technology roll-outs.
L&D in C organisations tends
to be very conservative and the
approach is limited to the basics
only – especially compliance and
risk avoidance. As new system rollouts tend to be on hold or delayed,
they do not figure prominently
in the L&D organisation’s plans;
and usually there aren’t many new
employees who need induction.
However there was one approach
that was common across most
of the L&D organisations in the
private sector – the need to adopt
new ways of looking at the whole
issue of skills development in the
organisation. There was a clear focus
on saving money and ensuring the
effectiveness of L&D’s interventions.
Management expectations
Although it could be argued that
management is not being terribly
generous towards L&D at the
moment, it is no less demanding
that it has been in the past. The
one cry I came across more than
any other was the need for L&D
to be closely aligned to the needs
of the business and, specifically, to
initiatives that were critical over the
next 12 to 24 months.
In addition to alignment,
the other pressure was to be
able to demonstrate value. The
soft argument – namely, that
incremental skills lead to higher
motivation and commitment to
the organisation – simply won’t
wash in today’s high pressure
business environment.
L&D challenge
There was an interesting blog over
the Christmas period saying that
the CIO should be referred to as
chief innovation officer rather than
chief information officer – and
what an interesting thought that
represents. I firmly believe that
the IT department is one of L&D’s
key challenges in 2011 and there
is no way that L&D can deliver
on its commitments without close
collaboration with IT. It’s true
that cloud-based services have
reduced that dependency, but only
to an extent.
However, if the CIO focuses on
innovation and L&D is the key
agent of change, then 2011 really
will be a case of shared destiny.
Spring 2011 IT Training 23
Skills Trends
Microsoft versus open source
In the second edition of IT Training Skills Watch Paul Savill,
Director of Marketing at C.B.Learning, takes a look at the
long-term skilling trends in operating systems, databases
and development environments.
Nothing is ever likely to get more
heated debate in IT circles than
Microsoft versus open source
(ok, don’t mention Mac versus PC).
Here we are going to take a look
at the long-term skilling trends in
operating systems, databases and
development environments by
examining a slice of book sales
over the last decade (2.5 million
data points).
OS rather than a desktop one (not of
Note that
course strictly true).
demand
Windows server has peaks after
for skills
the release of the new versions in
2004 and 2008 (not really a surprise does not
there), but interestingly started and
necessarily
ended the decade with 36 per cent
match
share of the market.
software
In comparison Linux has not
performed quite as brightly, having demand
dropped to 28 per cent from a 35
Paul Savill,
C.B.Learning
per cent opening. There is the peak
Round one – server
of nearly 44 per cent in 2003, this
operating systems
being partly attributed to the Red
To make the comparison valid,
Hat versions 8 & 9. Consideration
we have included UNIX and
must be paid to the fact that demand
virtualisation and have also assumed for skills does not necessarily match
that Linux is predominantly a server the software demand. According
24 IT Training Spring 2011
to the Linux Professional Institute
(LPI) they are seeing exponential
growth in deployment of enterprise
Linux offerings, most notably Red
Hat 6 (5 per cent of all Linux book
sales last year) and Novell Suse.
However, the real surprise was
the rise in virtualisation. This is
predominantly from the growth of
VMware, so clearly this is a growing
trend that cannot be ignored.
Round one result – A DRAW…
but watch out for virtualisation skills!
Round two – databases
This is more clear-cut as Microsoft
have done an excellent job in
promoting SQL server as a true
enterprise database, which resulted
in a real growth spurt after the
release of Microsoft SQL Server
2005 to nearly two thirds of the
total market. The loser here is in
fact Oracle, which is down to 28 per
www.bcs.org/ittraining
Trends Skills
cent from 50 per cent at the start of
the decade. Open source databases
(90 per cent of which are MySQL
or PostgreSQL) peaked at 20 per
cent during 2003 and 2004 and
now account for just about 10 per
cent. However in terms of skills, we
believe that, of the 50 or so
open source databases, the
community has greater involvement
in enabling the deployment rather
than through more formal books
or indeed courses.
Round Two result – WINNER
Microsoft …no contest really!
Third and final round –
development environments
This is probably the area with
the fiercest rivalry. Database
connectivity means that you can
work in your favourite integrated
development environment (IDE)
and connect to any database you
need to. But again, like server OS,
there is a usurper in the ranks …
For the purposes of this analysis
we have put generic C/C++ books
www.bcs.org/ittraining
The growth
in mobile
could be
a factor
contributing
to the drop
in share for
Microsoft
Paul Savill,
C.B.Learning
into their own category and
have grouped together a number
of technologies around mobile
(iPhone, Android, Objective C ,
Windows Mobile, etc).
Microsoft is still dominant,
certainly when compared to the
traditional open source groups like
Java, though it dropped below
40 per cent for the first time last
year, having grown to nearly 55
per cent in the middle of the decade.
The growth in mobile could be a
factor contributing to the drop in
share for Microsoft, as Microsoft
programmers seem to be adding
mobile technologies to their skill sets.
Open source has had a gradual
decline in share from 38 per cent
down to 28 per cent and does not
seem to have been affected by
mobile in the same way.
Currently dominated by the
iPhone, mobile holds over 20 per
cent of the development market.
However, as we commented on last
time, Android is growing rapidly
and with the release of the
Windows Phone 7 and the
rumoured release of the new iPad,
2011 is set to be an exciting year for
this fast growing area.
Round Three – WINNER
Microsoft … just and on points.
Conclusion
Microsoft is the winner of the
contest in terms of the overall
numbers. However the analysis
has identified a shift in computing,
with virtualisation and mobile
programming both growing at a
remarkable rate.
The debate will continue over
Microsoft versus Open Source,
but, with the nature of computing
rapidly changing again as the
analysis highlights, it could be
argued that this rivalry may now
be a little anachronistic. It really is
the age of computing anywhere….
cloud anyone?
In the next issue we will be
looking at certification trends and
which ones are growing rapidly and
which seem to be in decline.
Spring 2011 IT Training 25
Case study ITIL
Launching ITIL
Improving processes and creating crisisproof IT service management were the
objectives of introducing ITIL principles
to the informatics department at Leeds
Teaching Hospitals NHS Trust.
26 IT Training Spring 2011
www.bcs.org/ittraining
ITIL Case study
Service and process improvement
were on the agenda for the Leeds
Teaching Hospital NHS Trust
informatics department when
Alison Dailly took over as director
of the department in 2009. In a
bid to improve service and bridge
gaps between various elements of
IT, the department decided to look
at ITIL best practice as a catalyst
and enabler to implement a service
improvement project.
The informatics department at
Leeds Teaching Hospitals NHS
Trust, one of the biggest Trusts
in the UK and home of two of
the largest teaching hospitals in
Europe, is split into various parts,
most notably between IT in the
traditional sense, i.e. infrastructure,
servers and so on, and informatics,
which is mostly concerned with the
delivery of reporting.
‘It’s an artificial split, really, but
there were also problems within
the informatics department,’
says Richard Long, Technical
Information Manager at the Trust.
‘It didn’t quite gel, and our new
director was looking to move the
department forward.’
Problem areas
Some of the areas that Dailly, who
had come in from a different trust,
identified was that the department
seemed too busy, but at the same
time it was difficult to see why that
was the case. Another problem was
that it was very much structured
in silos and there was not much
communication happening between
the different areas. So the question
was, how do you break down silos
and encourage interoperability?
Richard, who had taken part in
a taster session on ITIL before,
suggested bringing in a consultant
to look at processes and structures
in the department and at ways of
introducing ITIL best practice to
improve services.
They decided to bring Sysop
on board, an ITIL training and
professional services company,
to run a series of training events
www.bcs.org/ittraining
and workshops for all senior level
informatics staff.
Mapping the purpose
The
workshop
highlighted
that we did
have some
structure,
but that a
lot wasn’t
joined up
Richard Long,
Leeds Teaching
Hospitals NHS
Trust
The purpose of the programme was
• to introduce the team
members to the concepts
and benefits of ITIL best
practice;
• to identify current strengths
and weaknesses drawing out
pain points and identifying/
qualifying the impact of
problem areas on the services
provided internally and to
the organisation as a whole;
• to formulate and articulate
a vision of the goals and
end-plan of a service
improvement project
– creating a coherent
understanding of where
the department ‘needs to be’
in three to five years time;
• to define and outline a plan
of the steps to be taken and
priorities attached to reach
the agreed goals; and
• to engage and motivate
team members to embrace
the twin pillars of ITIL best
practice and the philosophy
of continual service
improvement.
Using a combination of training
events, facilitated workshops,
mentoring and guidance, Sysop
consultants facilitated discussions
and exercises to help and encourage
the team members to contribute
towards the objectives.
At the end of each workshop,
discussion points were collated and
summarised. These then formed
an essential review element for the
following workshop, so that each
built on the other.
As staff were very busy and the
workshops usually lasted around
five hours, it was necessary to hold
the sessions on a monthly basis.
‘It wasn’t ideal, but it was difficult
to take people out for a whole day.
We ended up taking about five
months for four training sessions,’
says Richard.
Obstacles
The first workshop session,
‘An Introduction to ITIL,’ didn’t
go as well as expected. ‘There was
an initial degree of scepticism
that a best practice methodology
adopted principally by traditional
IT departments in the private
sector would bring benefits to
an informatics group who were
largely non-IT, particularly in the
specialised environment of
an NHS Trust,’ Stuart Sawle,
Founder and Managing Director
of Sysop, explains.
‘I think one of the main problems
was that we didn’t have a proper
discussion about what we, as a
department, actually did,’ adds
Richard. ‘Most of the examples used
were IT helpdesk-related, which is
more relevant to the other branch
of our IT department, and people
were slightly bemused, wondering
what this had to do with their jobs.
Of course there were some people
who were rapid converts, but from
some it was quite difficult to get the
buy-in.’
Establishing values
After this first experience, many
members of the team weren’t too
enthusiastic about attending the
second workshop, which aimed
to set out common values and see
where the department was in terms
of ITIL best practice.
‘There were some positive
outcomes from this workshop,’ says
Richard. ‘It highlighted that we did
have some structure, but that a lot
wasn’t joined up. However, people
still struggled to see what the vision
was and where we were going.’
‘It took a lot of energy to recap
essential learning points before we
could have a fruitful discussion,’
Stuart agrees. ‘Still, there was major
progress in the area of team
building and cooperation, and we
managed to agree a common set
of values.’
The agreed values were:
• making a difference;
• achievement;
Spring 2011 IT Training 27
Case study ITIL
• challenge;
• respect; and
• humour.
Once these values were
established, it was possible to
move on to discuss, in ITIL service
management terms, areas of
concern within the department as
well as looking at areas that were
managed well.
Still, problems remained: ‘Most
team members could not relate to
the relative abstract concept of a
“process” being applied to their
function,’ explains Stuart. ‘Their
thinking and mindset was still very
much on what they did, rather than
on the how.’
Tackling the problem
‘It was a matter of converting
ITIL language into a language that
was meaningful to our department,’
explains Richard. ‘So Stuart
decided that he needed to gather
more information about roles and
responsibilities of the team
members and he spent a lot of time
talking to senior people to find out
about their job and how things
fitted together.’
This investment brought the
breakthrough in the next session,
which was made up of elements
from Sysop’s Apollo 13 simulation.
Apollo 13 is an exercise that has
teams building a communication
system for the launch and flight
of a rocket. When the rocket is
‘launched’, the team encounters
various problems that test the
communication system and the
processes that have been put
in place.
‘It’s a demonstration of what
would happen if workloads were
stress-tested without adequate
management controls and how
this would improve if these controls
were better managed,’ explains
Stuart. The team had 30 minutes
to design the system and, after the
rocket crashed at the first attempt,
it got together again to reflect on
how it could build a better process
and redesign the system.
28 IT Training Spring 2011
It was clear
that team
members
were
extremely
able in the
delivery
of their
functions,
but lacked
effective
management
controls
Stuart Sawle,
Sysop
Even though the rocket also
crashed the second time, the team
learned valuable lessons from
the exercise, found Richard. ‘The
point was driven home that, in the
normal run, we coped, but when the
pressure was on, to the point of a
crisis, we didn’t.
‘A lot of what we did was done
on goodwill and mostly we couldn’t
provide evidence for what we were
doing,’ he continues. ‘It also meant
that we weren’t very good at coping
with big new projects because we
didn’t have a process to deal with
anything extra while maintaining
the standard service we provided.’
Stuart adds: ‘From the comments
made by team members, it was
clear to us that they are extremely
able in the delivery of their
functions to the trust, but lack
effective management controls
to, for example, help determine
priorities, measure effort, manage
capacity or predict and manage
delivery timescales. What was
particularly concerning was that it
was only the dedication and values
of the team members that allowed
them to deliver an acceptable level
of services despite the lack of
control processes.’
Knowledge management
The objective of workshop session
four was to gain agreement that
correctly implemented service
desk functions were critical to
successfully improving services
and to work out how this could
be achieved. In ITIL terms, the
emphasis should be on request
fulfilment rather than incident
management - the usual key driver
for an IT service desk.
Knowledge management was
considered to be a key factor. It
was recognised that there is a lot of
knowledge and experience within
the department and controlling,
centralising and accessing this
knowledge would be key for a
successful service desk function.
Standard operating procedures
were given as an example, as each
team has operating procedures at
one level or another, but they are
neither adequately documented nor
shared or, in many cases, do they
even work.
‘Requests usually come in through
various routes, they are dealt with
in different ways and there’s no
agreement on how the service will
be provided,’ explains Richard.
‘There was no systematic way of
working. So we had to ask ourselves
the question “If you want to change
the way you work, what would it
look like and what part of ITIL
would you want to look at first?”’
The session delivered very
important results, in particular
through providing a common level
of communication. While in the
beginning, many of the senior staff
felt that ITIL was not relevant to
the public sector and, more
specifically, their role, they now
saw the benefits of implementing
ITIL processes, even though
they were not a ‘traditional’ IT
department as such.
Implementation
The next phase of the project,
namely the implementation of ITIL
best practices, was scheduled to take
place over 12 weeks starting from
November. Additionally the trust
has agreed 12 consultation days with
Sysop to give guidance and advice
throughout the implementation and
review process.
After agreeing what to implement
first, the team initially got together
to define the services it provided
and work out a hierarchy of
importance, define request
processes, both current and new
ones, and catalogue services.
The next step then is to set up a
communication strategy and plan
for the rest of the organisation,
to inform key people of the
changes and also to define key
performance indicators. The
12-week cycle will finish with a
review, and then there will be the
ongoing work of rolling out the
principles to all services.
www.bcs.org/ittraining
New Specialist qualifications
in IT service management
Our new series of qualifications focus on specific IT service management job roles.
The six qualifications:
•
•
•
•
•
embrace best practice from COBIT®, ISO/IEC 20000, SFIA/SFIAplus and ITIL®
enable job specific skill development
are industry-relevant and internationally recognised
are endorsed as ITIL Complementary Products
attract credits towards ITIL Expert
Find out more at www.bcs.org/iseb/specialist
ITIL® is a Registered Trade Mark of the Office of Government Commerce in the United Kingdom and other countries.
The British Computer Society (Registered charity no. 292786) 2011
MTG/AD/889/0211
Self study
Book reviews
Our IT experts review a selection of recently published books covering an
array of subject areas. For more reviews, see www.bcs.org/bookreviews
1.
Commit to leadership
first, everything else
second.
2. Lead differently than you
think.
3. Embrace your softer side.
4. Forge the right
relationships, drive
the right results.
5. Master communications:
always and all ways.
6. Inspire others.
7. Build people, not
systems.
The
concepts
highlighted
The CIO Edge: Seven Leadership
are relevant to anyone in a
Skills You Need to Drive Results
leadership role. It is packed
Graham Waller, George Hallenbeck,
with inspiring and insightful
Karen Rubenstrunk, 256pp
examples and testimonials from
Harvard Business Review Press, £21.99
highly respected CIOs; many
ISBN 978-1-4221-6637-6
of which are refreshingly open
Rating
HHHHI about the mistakes they have
made and what they have learnt
The CIO Edge explores what it
along the way.
is that makes CIOs successful.
The book feels contemporary
The findings are that IT
as it makes relevant references
knowledge and technical skills
to the ever-changing nature
are of secondary importance – of the CIO role and the need
it is soft skills (the building of
to respond to an increasingly
relationships and the ability to connected and socially
communicate in all directions) integrated world – all of which
that distinguish a great CIO.
has implications for the CIO
Some of the enduring
and the wider enterprise.
messages from the book are
The book is approachable
the importance of human
and a very enjoyable read.
relationships; the importance
Each of its seven chapters
of staff development; the need
includes a summary and a
to lead by example. Throughout set of steps and activities to
the book a key theme is that
support development of the
anything of value is only ever
skills described. The principles
achieved ‘through people, by
of leadership described in this
people and with people’.
book are universal and despite
The book is based on
the title, this book would be
extensive research and
a very worthwhile read for
interviews with CIOs from a
anyone in a senior
number of large organisations. management position.
The authors present the
information they collated in the Reviewed by Dean Burnell
form of seven key principles:
MBCS CITP
30 IT Training Spring 2011
the theoretical underpinnings
of the languages that we use,
but also the way in which
they have been guided by
the development of the
computer architecture. This
trend continues with the
challenges of exploiting multi/
many-core architectures, with
a new chapter devoted to
concurrency. Further updates
in this new edition include
virtualisation, run-time
systems, dynamic compilation
and binary translation.
Programming Language
While this may be heretical
Pragmatics (3rd ed)
to
some, Programming
Michael L. Scott, 944pp
Language
Pragmatics provides
Morgan Kaufmann, £47.99
a
more
accessible
introduction
ISBN 978-0-123-74514-9
to
many
of
the
key
topics
HHHHH
Rating
than the classic Compilers:
This book is a key resource for Principles, Techniques and
any computer science student.
Tools by Aho et al. (a.k.a. the
The updated third edition
‘Dragon Book’) and provides
delivers the key concepts
a deep appreciation of the
of programming languages
design and implementation
and their implementation
issues of modern languages.
in a concise and intuitive
The material is aimed at an
way, illustrated with clear
undergraduate computer
explanations and examples.
science level, but is also suitable
In addition to the coverage
for self-study. Topics are often
of traditional language
independent of previously
topics, Scott’s book delves
presented material, making it
into the sometimes obscure,
easier to pick and choose areas
but essential, details of
for study. This is also supported
programming artifacts. The
by additional in-depth material
descriptions of language
and advanced discussion topics
theory, along with concrete
on the companion CD.
implementations of how to
In summary, this new
realise them, are presented in a edition provides both students
language-agnostic fashion. And and professionals alike with
therein lies the strength of this a solid understanding of the
book: whilst the main examples most important issues driving
have been updated, it provides software development today
an organisational framework
– an essential purchase for
for learning new languages,
any serious programmer or
irrespective of the paradigm.
computer scientist.
Over 50 languages are
discussed, illustrating not only Reviewed by Tom Crick MBCS
www.bcs.org/ittraining
Self study
The book’s secret and appeal
is that it’s a pick n’ mix of
eight mini-books. Each focuses
on a specific topic, so you
have titles such as ‘Joining
the blogosphere’, ‘Business
blogging’ and ‘Growing your
blog’.
With this in mind, the worst
thing you can do is expect to
start at page one and read to
the end. The scope of the book
is too broad for this approach.
Instead, be prepared to
organise your thoughts first
CISSP Practice Exams
and then read the relevant
Shon Harris, 414pp
mini-books. If you want
McGraw Hill, £29.95
to know how to get started
ISBN 978-0-071701-39-6
Reviewed by Mehmet Hurer MBCS or what makes niche blogs
HHHHI CITP
Rating
successful or how to assess
your blog’s commercial
Shon Harris is synonymous
potential or how to write
with CISSP exam preparation
content or maybe how to create
material. She is the author
a Vlog or blog with Twitter,
of numerous CISSP training
it’s all covered.
courses and exam preparation
Treat this book as a
guides, with over 10 years
reference tool. The author
experience in this area. This
makes it clear that the key to
new book is a great way to
success in blogging is focus
supplement other CISSP
– plus a whole lot of other
training material and prepare
things that are dealt with as
you for the exam.
well. She doesn’t guarantee
There is no preamble to the
success, but her own blogs
CISSP and the author dives
are testament to her personal
straight into exam questions,
success as a blogger.
so don’t expect this to be a
And she recommends
Blogging All-in-One for Dummies
complete training guide.
learning as you go along, so
Susan Gunelius, 720pp
There is one chapter for each
consider absorbing the book’s
Wiley, £24.99
of the ten CISSP domains,
content by setting up a blog
ISBN 978-0-470-57377-8
each containing 25 questions.
HHHHI and then continuing to read
Rating
In addition to giving a lengthy
and improve.
description for the correct
Within individual miniAspiring bloggers will find
answer the author explains in
books, the text is often
detail the incorrect answers and much in Blogging All-in-One for repetitive as the author drills
Dummies to fire them up for
why the answer is incorrect.
down with more detail, but
launch into the blogosphere. If the tried and tested Dummies
This is useful because one
that’s you, then buy one now. If format holds good with
of the ways of determining
you’re suffering from bloggers
whether you are ready to take
its icons and highlighting,
block, do likewise. If you’re a
the exam is by not only being
enabling the reader to dip and
seasoned campaigner and want dabble as needed.
able to determine the correct
to check your skills or improve
answer, but also being able to
If you only want to buy
understand and explain why an your ad hits, then take a cruise one book about blogging, this
through a library copy. You
incorrect answer is incorrect.
is good value.
will be rewarded. Librarians,
A great bonus included
this is an ideal title as it meets a Reviewed by Angela Wheatcroft
with the book is online access
variety of needs.
to training material. This
includes 30 hours of MP3
audios covering concepts and
review sessions, as well as over
a thousand online questions.
Although the audio courses
are a little dated, they are still
relevant. Be aware that access
is limited to 90 days from the
date of first registration.
The book can be used a
number of ways, for example,
before studying in order to
determine the areas you need
to focus on and/or use it prior
to the exam as a final practise.
Overall another winner from
Shon Harris.
www.bcs.org/ittraining
Enterprise Cloud Computing
Andy Mulholland, Jon Pyke, Peter
Fingar, 260pp
Meghan-Kiffer Press, $39.95
ISBN 978-0-929-65229-0
HHHHH
Rating
This book is a comprehensive,
up-to-the-minute compendium
of the state of the IT industry
with respect to these new
concepts and ideas. And in this
respect it is brilliant. It provides
an incredibly accurate account
of the meaning behind the
terms cloud, SOA, BPM, SaaS,
social networking, tweets and a
dozen other buzzwords.
How it manages to draw
upon so many different
viewpoints, from so many
experts and SMEs, and bring
all of this information together
to form a cohesive whole is
impressive. But it does so, and
captures how the IT industry
is and will evolve around these
issues at a strategic level.
If you are a business leader
wanting to see into the future,
then the only thing that would
make this book better is if it
was spherical and made out of
solid crystal.
Reviewed by Adrian Rossi
For further information on these
books please contact the sales team
at C.B.Learning.
Tel: 0121 702 2828
Fax: 0121 606 0478
[email protected]
Spring 2011 IT Training 31
NEWS
www.iitt.org.uk
course materials (textbooks, manuals, etc.)
are very expensive, and no-shows are all
too common.
For IT trainers the decision to move out
of the classroom and into online learning
is an economical no brainer.
Easier said than done
With the decision to move at least a
proportion of your training online a
seemingly easy one, most trainers fall
down on the delivery as delivering online
training requires a completely different
skill set from classroom-based training.
Although the growth of online training
has been swift, it has undoubtedly been
hampered by trainers who believe that
installing a webcam and web conferencing
software enables them to deliver effective
online learning.
Without understanding the change
in relationship and mindset that exists
in an online environment, training will
be clunky, ineffective and leave students
feeling short-changed and frustrated. I’ve
seen it happen on many occasions and I
can’t help but feel sympathetic towards
instructors who are clearly operating out
of their comfort zone.
We are living in a digital age where
the youth of today are already building
websites before they leave high school.
This advance in education continues to
the demands placed on training managers, raise the expectation levels of tomorrow’s
who are faced with decreasing budgets
students and, for IT trainers, the level
and increased pressure to deliver more
of expectation weighs heavier on their
training, it’s easy to understand why online shoulders.
learning is becoming commonplace across
Mastering interaction is key
all learning sectors.
In the 1800s, poet Ralph Waldo Emerson
In terms of IT training, the online
wrote: ‘We are shut up in schools and
versus classroom debate is even more
college recitation rooms for ten or fifteen
relevant. Classroom-based IT training
years, and come out at last with a bellyful
courses often require at least one highly
of words and do not know a thing.’
paid instructor, administration time to
Education has moved on since Emerson’s
coordinate scheduling of the course and
day, but this type of accusation is still
fully equipped training rooms. Printed
It ain’t what you do:
it’s the way you do IT
Online learning is far from a new or
emerging trend in the training sector. In
fact so much has been written about the
benefits of online learning that we could
all probably write our own articles on the
subject.
We know why online learning works –
it’s far more economical than traditional
classroom training, it’s more convenient
and flexible for the students and the
trainer, and the general consensus is that
online training yields higher pass rates.
If you compare these benefits against
32 IT Training Spring 2011
www.bcs.org/ittraining
These pages are produced by the Institute of IT Training
Westwood House, Westwood Business Park, Coventry, CV 8HS, United Kingdom
Tel 0845 0068858 Fax 0845 0068871
Email [email protected] Web www.iitt.org.uk
levelled at some classroom-based training.
Online learning has successfully shaken
off this stigma by promoting student
interaction.
In an online environment students
are expected to be more responsible and
display initiative in accessing the system
and contributing to class discussions
online. The internet lends itself to user
interaction to keep students engaged.
As human beings we are designed to
learn from one another with both verbal
and visual hints in order to retain new
knowledge. Harnessing this power of
interaction is a vital element in creating a
successful online learning environment.
The internet also opens up a new way
to introduce and interact with learning
resources. Online learning resources are
a fraction of their printed courseware
equivalents. Interactive videos, games and
drawing boards can all be blended into
online training courses to enhance the
learning experience.
Flexibility
Another major advantage of online
learning is the ability to deliver training
in small ‘chunks’. The accessibility of
online learning means no one is locked
in a classroom and subjected to a
tidalwave of information, of which a large
percentage may not be applicable. With
online learning, a well planned course
will enable students to log on and extract
only relevant pieces of information. For
example, a student taking an Excel course
may only need additional training on pivot
tables and IF functions – an online course
will enable them to access these specific
topics much easier.
Online delivery standards
Interaction and flexibility are two of many
facets that make up successful online
learning delivery. At the IITT we have
recognised the need to support trainers
and learning professionals who are
considering or may already be delivering
Ensure your opinion counts
IITT launches Learning Year Pass
On 10 January 2011 the IITT launched the
Learning Year Pass. The Learning Year
Pass brings together a host of learningrelated benefits including learning
technologies, exclusive access to over
100 hours of learning, learning resources,
discounts on products and services as
well as access to Training 2011 – the IITT
National Conference and Exhibition.
The pass is proving popular with
training managers looking to ensure
that they yield a greater return on their
investments in 2011. IITT Managing
Director Edmund Monk is confident
that the savings made by acquiring the
Learning Year Pass will make it popular
amongst training professionals across all
sectors. He said: ‘We understand
www.bcs.org/ittraining
online learning. In October 2010 the IITT
launched the Certified Online Learning
Facilitator course. The course provides
over 14 hours of live online instruction
and self-study assignments providing
delegates with the skill set needed to
deliver successful online learning. At the
end of the course these skills are assessed
in a live environment, culminating in the
award of The Certified Online Learning
Facilitator Certificate.
The certificate is awarded by the IITT
and validates the holder’s ability to deliver
online learning to Institute standards,
thus giving student’s confidence that
their online tutor has the necessary skills
to create a successful online learning
experience.
For further information about the
advantages and pitfalls of delivering online
learning and for details about the Certified
Online Learning Facilitator, register for
one of the free IITT webinars on
www.thetrainingprofessional.com
the economic pressures being placed
on trainers and in particular training
managers who have seen shrinking
budgets over the past few years. As an
Institute we are keen to help.
‘With the Learning Year Pass we have
been able to negotiate with learning
organisations and service providers to
bring together an attractive package of
learning services at a drastically reduced
rate.
Although the pass is still in its early
stages we’ve been delighted with the
feedback so far and we’re confident that
this will benefit many trainers.’ To find
out more about the Learning Year Pass
visit the IITT website
www.thetrainingprofessional.com
The Learning Survey 2011 will form part of
a comprehensive report by the IITT on the
state of the learning sector today and the
future of the learning community.
The survey has been issued to
over 10,000 learning & development
professionals and is continuing to gauge
opinion on key issues.
If you’re involved in learning &
development and would like to add your
voice to what promises to be one of the
most significant research projects of the
year, please complete the survey. To take
part simply visit:
www.bit.ly/LearningSurvey2011
As a thank you for taking part all
completed surveys will receive a summary
of the findings.
Spring 2011 IT Training 33
E-learning Comment
Clive Shepherd
Why we need conferences
At the time of
writing it is early
January and the
conference season
is about to get into full swing with
Learning Technologies at London’s
Olympia. For the cynical among
us, it’s easy to think of conferences
as rather old hat – top-down and
‘push’ in an era that is increasingly
bottom-up and ‘pull’; very un-green
when you consider that we face
huge environmental challenges;
very extravagant when everyone
but the Chinese are running out of
money. But having spent a fair bit of
time recently immersed in the book
The Power of Pull by John Hagel
III, John Seely Brown and Lang
Davison (2010), I’m convinced that
conferences will have an important
role to play for many years to come.
The reason? Well, conferences
provide an ideal setting for
serendipitous encounters discovering what you did not
know you did not know/ meeting
people you did not know you
needed to know. The setting is
ideal because everyone there has
some commonality of purpose and
interest and approaching complete
strangers is not only acceptable, it is
actively encouraged.
Conferences are primarily
networking events – they bring
people together and spark off
opportunities. The presentations
themselves can be useful, but with
the exception of a few ‘must-see’
speakers, you’d be better off in
most cases accessing the material
online. It’s hard to pin down exactly
what makes a particular speaker a
‘must-see’, but somehow you know
intuitively. Just like there are certain
actors, musicians, sportspeople and
other performers that you simply
must see live at some point in your
life, there are certain individuals
who are so prominent in your
34 IT Training Spring 2011
profession that you get a buzz out
of being in the same room as them.
No disrespect to the rest, but it’s
probably more convenient to
watch them on video or read them
in print, at a time and pace that
suits you.
Of course, not all conference
sessions are passive and there
is certainly value to be gained
by participating in discussions
and other activities with fellow
participants. This is something we’ve
long acknowledged at the eLearning
Network, for which I have been
Chair for the past three years. We
work hard at making the sessions as
varied and interactive as possible.
We also keep them short, so if a
speaker or topic fails to capture your
imagination, at least there will be
another one along shortly. We took
that to an extreme in 2010 with a
Pecha Kucha competition. In case
you haven’t experienced this format
before, each presenter is allowed
just 20 slides, each lasting for 20
Conferences
seconds, with which to make their
are
point. You would be amazed to see
what can be achieved in six minutes primarily
and forty seconds.
networking
Would people attend conferences
events –
without the keynotes and the
they bring
other formal sessions? Probably
not, but perhaps they should,
people
because by far the most important
together
interactivity at any conference is
Clive Shepherd
informal. Serendipitous meetings
are necessary because they stimulate
thinking outside the box. When
we know what we don’t know it’s
easy – we simply Google it, check
out a forum or consult our online
networks. But however many blogs
we subscribe to or Twitter feeds we
follow, we’re always in danger of
playing safe, sticking with the people
we already know all about.
True, chance encounters can
also come through links in blogs,
forums and tweets that take you to
unexpected places and people, but
still much depends on who’s already
in your network – and remember
that not everyone who might be
important to you is that active or
visible online.
Conferences and social networks
work in harmony, not competition.
Those people you encounter online,
you are then keen to meet up with
when you do find yourself in the
same physical space. And you follow
up with the people you meet at
conferences by getting their details
and befriending them online.
To make effective use of the
time and money you spend at a
conference requires effort. First of
all, make the most of the formal
opportunities: select sessions that
fall outside your usual comfort
area, take notes, ask questions, say
‘hello’ to the speakers, tweet or blog
about what you discover. But most
importantly, put yourself about. Get
out there and meet people, even if
you’d prefer to hide yourself away
on your computer.
www.bcs.org/ittraining
M;B9EC;
M;B9EC;
J
JEJ>;JEF
EJ>;JEF
;WY^_iik[e\dk]_l[iXki_d[iib[WZ[hij^[_dif_hWj_edj^[od[[Zje
;WY^_iik[e\dk]_l[iXki_d[iib[WZ[hij^[_dif_hW
Wj_edj^[od[[Zje
][jjej^[jefWdZijWoj^[h[$
]
[jjej^[jefWdZijWoj^[h[$
I
IkXiYh_X[jeZWoWdZ][jWYY[iije0
kXiYh_X[jeZWoWdZ][jWYY[iije0
J^[dk_dj[hl_[mm_bbXh_d]oekYbei[hjeb[WZ_d]cWdW][c[djfhe\[ii_edWbi
J^[dk_dj[hl_[mm_bbXh_d]oekYbei[hjeb[WZ_d]cWdW][c[djfhe\[ii_edWbi
J^[bWj[ijikYY[iiijeh_[iWdZjefcWdW][c[djj_fi
J^[bWj[ijikYY[iiijeh_[iWdZjefcWdW][c[djj_fi
?dj[h[ij_d]WdZjef_YWb\[Wjkh[i\eYki[Zedb[WZ[hie\j^[Xki_d[iimehbZ
?dj[h[ij_d]WdZjef_YWb\[Wjkh[i\eYki[Zedb[WZ[hie\j^[Xki_d[iimehbZ
FhWYj_YWbWZl_Y[\hec[nf[hjYedjh_Xkjehied^emjecWdW][WdZfhe]h[iioekhYWh[[h
FhWYj_YWbWZl_Y[\hec[nf[hjYedjh_Xkjehied^emjecWdW][WdZfhe]h[iioekhYWh[[h
H[]kbWhi_dYbkZ[8hW_d\eeZ"?dcoef_d_ed"J^[dk:_Who
H[]kbWhi_dYbkZ[8hW_d\eeZ"?dcoef_d_ed"J^[dk:_Who
I
IkXiYh_X_d]_i[Wio0
kXiYh_X_d]_i[Wio0
'' 9
9Wbb0&.*+'++-)++WdZgkej[cjWZ'&
Wbb0&.*+'++-)++WdZgkej[cjWZ'&
(
(;cW_b0ikXiYh_fj_edi6^WocWha[j$Yec
;cW_b0ikXiYh_fj_edi6^WocWha[j$Yec
)
)Edb_d[0mmm$^WoikXi$Yec%cjWZ'&
Edb_d[0mmm$^WoikXi$Yec%cjWZ'&
dej`kijXki_d[iiWikikWb
d
ej`kijXki_d[iiWikikWb
:edÊjc_iij^_iY^WdY[$Fb[Wi[Yecfb[j[WdZh[jkhd_cc[Z_Wj[bo
:edÊjc_iij^_iY^WdY[$Fb[Wi[Yecfb[j[WdZh[jkhd_cc[Z_Wj[bo
EhZ[hZ[jW_bi
E
hZ[hZ[jW_bi
M TA D 1 0
O[i"?mekbZb_a[WikXiYh_fj_ed\eh0
<˜,-$'+:_h[Yj:[X_jiWl_d]'+ed'o[WhhWj[
<˜-/$&&IjWdZWhZ'o[WhhWj[
<˜'*($(&IjWdZWhZ(o[WhhWj[
OekhZ[jW_bi
O
ekhZ[jW_bi
Ch%Chi%C_ii%Ci
?d_j_Wbi0
Fb[Wi[Y^eei[ed[e\j^[i[j^h[[efj_edi
F
b[Wi[Y^eei[ed[e\j^[i[j^h[[efj_edi
:_h[Yj:[X_j
N?mekbZb_a[jefWoXo:_h[Yj:[X_j\eh˜
N
8Wda%8k_bZ_d]IeY_[joWYYekdjdkcX[h
8hWdY^Iehj9eZ[
NNNNNNNN
N
NNNNNNN
NNNNNN
N
NNNNN
DWc[WdZ\kbbfeijWbWZZh[iie\oekh8Wdaeh8k_bZ_d]IeY_[jo
IkhdWc[0
Je0J^[CWdW][h
8Wda%8k_bZ_d]IeY_[jo
7ZZh[ii
@eXJ_jb[0
9ecfWdo0
7ZZh[ii0
H[\[h[dY[DkcX[hÅ<ehe\\_Y[ki[edboN
NNNNNNNNNNNN
NNNNNNNNN
NNNNNNNN
NNNN
NNN
FeijYeZ[0
J[b0
<Wn0
;cW_b0
By signing up for a subscription, Haymarket Media Group will automatically provide you with information
relating to your subscription and other Haymarket-related products or services via email, direct mail or
telephone. Please help us to communicate with you by providing your current business email address in the
space provided. Open to UK subscribers only.
From time to time, Haymarket Media Group, will allow carefully selected third parties to contact you about
their products and services. Please indicate your preferences below.
< Yes I would like to recceeive carefully screened and work-related emails from third parrtties
< Please tick here if you do not want to receive work-related direct mail from carefully selected third parties
< Please tick here if you do not want to receive relevant work-related information by telephone from
carefully selected third parties
9^[gk[
N?[dYbei[WY^[gk[\eh˜cWZ[fWoWXb[je>WocWha[jFkXb_i^_d]I[hl_Y[iBjZ
N
9h[Z_j%:[X_jYWhZ
NFb[Wi[Y^Wh][coYh[Z_j%Z[X_jYWhZ\eh˜
N
L?I7%CWij[hYWhZ%CW[ijhe%Ej^[hZ[b[j[WiWffb_YWXb[
9WhZdkcX[h
;nf_ho:Wj[
NNNNN
NNNN
NNNN
NNNN
NNNN
NNNN
NNNN
NN
NNN
N
NN
NN
N
N%N
NN
N ?iik[DeN
NN
NCW[ijheedbo
Instructions to your Bank or Building Society to pay by Direct Debit
Originator’s Identification Number 756025. Please pay Haymarket Media Group Direct Debits from the account detailed in this Instruction
subject to the safeguards assured by the Direct Debit Guarantee. I understand that this Instruction may remain with Haymarket Media Group and, if so,
details will be passed electronically to my Bank/Building Society.
Fb[Wi[h[jkhdYekfedje0>WocWha[jIkXiYh_fj_edi"<H;;FEIJI;7'&''+"Iekj^Wbb"K8'(M>
Have I got
the right number
of IT people with
the right skills
doing the right
things in the
right way?
Let us help you get them there.
We’ll partner with you to support
IT business change and staff
development programmes that drive
greater business value from IT.
For more information call us
on 01793 417 747 or visit
www.bcs.org/change
to leave your details.