Best IT Blog

How much crap does an IT specialist have to put up with today

Below are the IT and Business skill and technical certifications necessary for a long a successful IT career.

Items to Consider

Target Behaviors: Analysis and Problem Solving

1)  Follows technical interrelated sets of complex issues without difficulty

2)  Asks clarifying and shaping questions geared towards thoroughly assessing critical issues

3)  Demonstrates creative and occasionally innovative approaches to information gathering within a structured framework

4)  Able to enlist the aid of client staff to provide more information/time than originally requested/agreed

5) Structures complex problems, demonstrating understanding of pros and cons of alternative approaches to structuring

6) Draws sound conclusions, applying previous experience and best practices

7) Comfortably handles shifting problems and issues, quickly integrating new findings

8) Makes distinctive recommendations which clearly demonstrate a comprehensive understanding of the issues, best practices and risk factors, and can be implemented by the client

Client / Business Development

1) Develops strength of relationship that could/does result in follow-on work

2) Understands the implications of the client’s culture and uses this knowledge to increase effectiveness

3) Maintains close contact with client during course of engagement to ensure client goals and concerns are understood and are being addressed by the program of work

4) Identifies areas of client need; works with Organization Leadership to scope them, then provides support in development discussions, preparation and negotiation of arrangement

5) Provides insights and input to new opportunities that result in compelling proposals

IP and Capability Development

1) Actively uses assignments to test new concepts or techniques, enhancing personal and organizational capability

2) Develops and utilizes network of internal and external contacts to enhance thinking

3) Is a “go to” person for advice on complex issues in area of expertise

4) Contributes to the development and delivery of internal training

5) Looks for opportunities to at least co-author/co-present to external audiences in area of specialization

6) Documents insights and re-usable deliverables and encourages their uptake

7) Identifies needs and opportunities for Practice development and proposes plans and solutions to capitalize on those opportunities

Self, Work and Client Management

1)  Prepares project plans that are realistic and achievable

2)  Communicates expectations to project team members regarding deliverable content and quality and establishes and communicates standards for deliverables

3)  Manages scope, changes to assignments and priorities as the project situation changes

4)  Effectively monitors the quality and timeliness of delivery of Organization engagements, taking action where appropriate to mitigate emerging risks

5)  Manages timely resolution of project (technical, schedule, scope and risk) issues

6)  Quickly identifies situations in which client is falling short on commitments and raises issue in a manner that contributes to its resolution

7)  Effectively communicates project status to Organization and client management


1)   Initiative to learn and take initiative

2)   Working knowledge of the IT Infrastructure and IT Security Industry

3)   Good communalization and Presentation Skills

4)   Is a role model for Organizational Values, making decisions that support our Mission and Vision

5)   Demonstrates intellectual rigor

6)   Leads team to reconsider critical issues by presenting ideas in new ways or with new supporting data

7)   Demonstrates significant initiative in area of expertise, enabling movement of the company along a particular strategic or operational dimension

8)   Asks questions that help shape others’ thinking

9)   Holds self and others accountable for actions and outcomes

10) Demonstrates multi-dimensional decision making that accounts for business, people and client outcomes

Technical IT skills needed

Security Industry Certifications, Knowledge, Practical and Professional Experience:

1)    CISSP or equivalence practical and academic experience (over-rated), proven experience it 10 times more worth while

a.    Security+

2)    CCNA

3)  Firewalls;

b.    Netscreen

c.     Checkpoint

d.    Cisco PIX

e.    Sidewinder

4)  Proxies:

f.     Bluecoat

g.    Websense

h.    MS ISA


i.     MS Windows 2008 or 2012

j.     MCDST

k.    MCTS

6)  Certifications:

l.     Linux

m.   Unix

n.    ITIL

o.    PMI

Experience in enterprise technology deployments

1)  Ability to translate the customer business needs into a customized proof of concept to demonstrate business value.

2)  Project experience with IT security technologies.

3)  Knowledge of security policy definition, user provisioning.

4)  Working knowledge of multiple operating systems, including Windows, Unix and Linux

  1. Ability to articulate the architecture of Unix OS and user of NIS / LDAP.
  2. Ability to articulate the architecture of SANS or similar technologies
  3. Ability to articulate the concept of Unix system kernel
  4. Authentication;

i. Ability to articulate a password sync solution for Unix, NT, Linux and Mainframe identity management solutions.

ii. Ability to articulate the concept of super-user containment and delegation.

iii. Experience integrating biometric and other Single Sign-On hardware components.

iv. Smart Cards, Token technologies, fingerprint / inis / etc. Technologies.

v. Ability to articulate the concept of User ID Synchronization and how it effects access controls.

vi. Ability to articulate the concepts related to integration of mainframe and client server access and identity management solutions.

5)  Ability to articulate the architecture of Windows operating systems and Active Directory Architecture.

a.    Describe methods for design / suggestions for directory schema enhancements for performance.

b.    A Should include concepts related to partitioning, replicas, fault tolerance and load balancing methods.

c.     Discuss the business advantages of a directory backbone.

d.    Ability to articulate the concepts of user provisioning workflow (e.g. business approver, technical approver, regular, “HR” manager, etc…)

6)  Ability to articulate the concepts of platform hardening

7)  Ability to locate and modify the configuration files on the Windows platform

8)  Ability to articulate the concept of strong protection around critical applications and data.

9)  Ability to describe and demonstrate chalk / white board identity and access control integration components.

10) Describe the concepts and design methods to improve the identity and reliability of directory services.

11)  Ability to tailor an identity and Access Management demonstration to a client’s
specific business issues.

12)  Ability to articulate the value of a combined access and Identity Management solution.

13)  Ability to demonstrate via chalk-talk / whiteboard identity management architecture.

e.  Ability to demonstrate access management product integration into enterprise and security management solutions.

f.   Ability to translate a proposed identity / access management solution into a valid technical architecture.

14)  Experience with directory technologies including MSAD, LDAP, x.500, Novell, Sun etc…

 15)  Ability to articulate LDAP, CIM, x.500 from IETF, DTMF and ITU.

 16)  Ability to articulate the concepts of Web services.

17)  Ability to articulate the integration between access control and high availability software.

18)  Convey the differences between standalone, enterprise, backbone and empire directories.

19)  Articulate the security of SSL / TLS.

g.  Describe the technical drivers for x.509 / SSL.

h.  Convey the performance advantages of SQL, Oracle, DBMS and RDBMS.


Comments Off on How much crap does an IT specialist have to put up with today

What is key about ITIL and a Life Cycle approach

  1. Improved quality, cost, value and effectiveness of IT
  2. Improved IT Productivity
  3. Improved IT Services
  4. Managed expectations
  5. Improved Customer Satisfaction
  6. Reduce Operating costs


Organizations can clearly align themselves with the business by agreeing on a service portfolio that describes what customers use, in business language.

A strategic lifecycle framework for quality service

Globally used and non-proprietary

Convergence of Strategy, Governance & Management practices for IT service

Measurable IT in business value outcomes

Functional elements help deliver real value


Comments Off on What is key about ITIL and a Life Cycle approach

Sample Excel – Weekly Change Management Rule Summary

Comments Off on Sample Excel – Weekly Change Management Rule Summary

Simple Change Management Objectives

Purpose and Scope

To establish the activities needed to create and authorize a Standard Change for Change Management.

A Standard Change generally is a low risk, repeatable procedure that has demonstrated implementation success and been pre-approved for future implementations.


A Standard Change requires the following:

  • Is a low risk change
  • Occurs frequently
  • Has an Installation Instruction
  • Has a predefined Backout Plan
  • Have previous successful changes previously implemented in IT Service Request
  • Can be identified as a unique item on the approved Global Standard Change List
  • Has a scope that exactly matches the identified unique item on the approved Global Standard Change List

Standard Change Policy

Standard changes are pre-approved for creation of the RFC and deployment.

Key business rules include:

  • Standard changes will be restricted to those supported by a single implementation group (Change Owner group is Implementer group)
  • A particular type of RFC must be successfully deployed at least three consecutive times in order to be considered a candidate for a “Standard” pre-approved change type
  • The approval required in order to certify a normal change as a Standard Pre-Approved change requires approval by those owning the CIs the change may impact (based upon the business criticality). Annual re-authorization is required by all parties authorizing the original change
  • Changes owned by third party groups require approval from Corporate IT. and the appropriate account manager from the third party.
  • The Change Manager for the “domain” of the change must formally approve of the change becoming a Standard Pre-Approved change
  • Each Standard Change will be defined with the majority of the fields pre-defined
  • Those submitting an authorized Standard Change for deployment will use only the appropriate form / template that can be accessed
  • If a Standard Change’s deployment fails it will become a “Normal Change” and the Change Owner must re-apply to be considered a candidate for a Standard change once the issue causing the failure has been resolved and the change has been successfully deployed three consecutive times.
  • Must follow the Standard Change Procedures


Comments Off on Simple Change Management Objectives

Sample Visio – ITIL Service Design Management Processes

Comments Off on Sample Visio – ITIL Service Design Management Processes

Sample ITIL – Security’s Methodology Framework

1)    Project Initiation – The project is setup in this phases.  A project manager (PM) is assigned, the project scope is clearly identified, the project organization is established, and an initial project plan is drafted. 

2)    Discover – This is the most critical of all phases.  During this phase, the business and technical requirements are identified. Because these requirements guide the other phases, care must be taken to identify and understand the impact of each. Additionally points of pain or concern are documented for increased scrutiny in the following phases. 

3)    Strategy – Based on the requirements gathered in the discovery phase, ‘Consultant’ begins the process of establishing the desired security state. 

4)    Penetration and Vulnerability Assessment – In this phase, a external security assessment and review of the technology and architecture with business and technical requirements is performed.  Host and network configuration detail is captured; risks and system dependencies are also documented.  All possible impacts to the customer’s environment are reviewed and documented for analysis. 

5)    Data Assimilation and Analysis – Technical brain storming session occurs with various subject matter experts. Security experts, using ‘Consultant’s methodology and a combination of in-house and industry tools, create a set of best business practice recommendation’s based on gathered data and facilitated discussions. 

6)    Document and Recommend – A formal document outlining the current state of the client’s environment is created. All detailed configuration information, which was gathered during this process, is included in this document with identified areas of concern and appropriate recommendations for remediation. 

7)    Baseline Presentation – This phase is a formal presentation of the current state of security. The delta to the desired state is defined and the remediation plan is presented.  

8)    Remediation – The corrective measures are implemented in this phase. 

9)    Management – This phase is the ongoing maintenance of the corporate assessments. It includes periodic assessments, server management, network device management as well as security monitoring of mission critical devices and networks.


Comments Off on Sample ITIL – Security’s Methodology Framework
Next Page »