IT Skills Crunch On Horizon

An old (sorry Ruth!) and good friend of mine recently posted a blog entry indicating that the Information and Communications Technology Council (ICTC), in partnership with the Information Technology Association of Canada (ITAC), have conducted a recent study and found that Canadian businesses face a looming IT skills shortage in 2011 – 2016.  This is very bad news indeed.  It would appear that the next wave of graduates are losing interest in some of the pivotal technologies that need to be developed to remain competitive in IT and business.

The problem has been examined and broken down to specific skills pertaining to key technology trends within IT that are not generating interest in today’s youth.



Acute and pervasive skills shortages will affect four occupations in particular:

  • Computer and Information Systems Managers,
  • Telecommunications Carriers Managers,
  • Information Systems Analysts and Consultants, and
  • Broadcast Technicians.

These skills include:

  • Virtualization
  • Cloud Computing
  • Service Oriented Architecture (SOA)

Some of the recommendations to combat this risk include:

  • Speak at high schools and youth organizations to generate interest in IT careers.
  • Encourage interest in math and sciences.
  • School boards have adopted the “FIT” (Focus on IT) program.
  • Help immigrants to use or develop their IT skills through internships and other venues.
  • Develop new curriculum with internships, work placements, and focus on IT careers.
  • Encourage diversity and inclusion, especially among women.
  • Employers should invest in ‘almost qualified’ candidates and employees.
  • Employers should return to investing in training for staff.
  • Employers should consider mentoring programs.

Read the report and listen to the webcast.


C|EH Version 7 Launch in March

With recent news events like WikiLeaks, HBGary Federal, malware everywhere, and the growing fear of being hacked, companies are being forced to reevaluate their information security strategies.  In order to beat a hacker, you have to be able to think like one.  You need to understand the ways hackers access networks, the mindset of hackers, and how everyday situations become security breaches.

Certified Ethical Hacker version 7 is the most advanced information security and ethical hacking training program in the world, and is set for launch in March.  CEH version 7 breaks away from its earlier releases with more emphasis on techniques and methodologies hackers use to carry out attacks but more importantly, it provides countermeasures to better protect your corporation’s networks from malicious attacks.  Students walk away with the knowledge and tools to implement effective offensive security measures immediately.

CEH v7 is going to include completely rebuilt courseware.  To start, you will no longer see pages with slides with a box of text and a heading with more text below the slide.  The slides are now very graphical.  The courseware will also only be discussing the top tools in each category, instead of listing and going through a multitude of tools and options.  You won’t have slide after slide of tools you’ll never use.  The exam will be updated and I believe the objectives will be updated as well.  They have spent more money producing this CEH version than any version in the past, and they are taking this update very seriously. 

In addition to the makeover, CEHv7 includes two additional bundles; a Monster Hacking Tool Repository Codenamed Frankenstein, and a subscription based Virtual Lab Environment codenamed iLabs.  iLab is a subscription based service that allows students to logon to a virtualized remote machine running Windows 2003 Server to perform various exercises featured in the CEHv7Lab Guide.  All you need is a web browser to connect and start experimenting.  The virtual machine setup reduces the time and effort spent by instructors and partners prior to the classroom engagement. It is a hassle free service available 24×7 x number of days subscribed.


Global Knowledge:

Think Like A Hacker, Train Like A Hacker

Joe McCray has been hacking into the Department of Defense, Federal Agencies, Financial Institutions, and other big companies for years – all legally of course.  He’s a Penetration Tester, a consultant that hacks into companies in order to test, measure and demonstrate security weaknesses.  He helps identify and fix vulnerabilities that could lead to security breaches.  

He is frequently sought out as a trainer, people want to know how he consistently bypasses common IT Security mechanisms.  Joe has recently developed a course to teach IT and IT Security professionals how hackers break into systems and bypass these common security mechanisms.  Although there are many courses on that claim to do this, Joe says, “I developed the Advanced Penetration Testing course because there were too many security courses out there that are written and taught by people that haven’t actually been pentesters.  These teachers are reading word for word from old computer security books and teaching the students hacks that are ten years old.  That kind of teaching is fine if you just want to introduce someone to our field and raise awareness, but it does nothing to help people working in the DoD, Federal Agencies, Financial Institutions, and other large companies secure critical systems from attack. ”

Advanced Penetration Testing (APT): Pentesting High Security Environments – is a course that focuses on attacking and defending highly secured environments.  This course can be taken as either a five-day course, or a two-day workshop at security conferences.  This is not a “death by powerpoint” course, and you won’t be attacking unpatched Windows 2000 Servers, or learning a bunch of outdated tools.  In APT, you learn how to attack new operating systems such as Windows Vista, Windows 7, Windows Server 2008, and the latest Linux servers.  All of these servers will be patched, and hardened, both Network and Host-based IDS/IPS will be in place as well.

The course starts with attacking heavily protected environments from the outside and dealing with things like Load Balancing, Deep Packet Inspection, and Network-Based IDS/IPS. Next attack web applications and deal with common application security measures in PHP/ASP.NET, then Web Application Firewalls.  The course moves on to attacking from the LAN, dealing with NAC, locked down workstations/GPOs, and Host-Based IDS/IPS.  Finally, the course covers gaining control of Active Directory.

This course can be taken at the following locations/events: