Business Analyst: The Most Important IT Role

Friday, June 11, 2010 by Aaron Whittenberger
Now didn’t I say that Business Analysis has far reaching impact on the organization?  A new Forrester research report supports my claim as it ranks Business Analyst #1 of the 13 Most Important IT Roles.

The age of IT specialization has been replaced by an emphasis on skills that can translate across the enterprise. According to Forrester, this shift can be traced to a number of emerging trends:

* Maturing technologies such as software-as-a-service and business intelligence are changing IT skills requirements;

* The growing array of outsourcing options have altered in-house staffing priorities, with more specialized skills increasingly likely to be outsourced; and

* The continued search for cost-reduction opportunities has changed how IT decisions are made.

With those trends in mind, here is Forrester’s list of the 13 Most Important IT Roles, based on the percentage of IT executives who believe each role is growing in importance.

#1 – Business Analyst – 70%

Talk about holding all the cards: Not only do these IT pros know the business, they also have their fingers on all the insight.  As the saying goes, knowledge is power.

#2 and #3 – Architecture and IT Strategy/Planning – 66%

As IT has evolved into an increasingly important part of business, both of these roles have become critical in ensuring that every department has the infrastructure and tools that it needs.

#4 – Project Management – 65%

What business doesn’t need people who can mange multiple personalities, master numerous business processes, understand different aspects of the business and make sure things get done?

#5 – Security – 62%

With the onslaught of breaches and identity theft that constantly filters through the headlines, not to mention the growing mandates for better access controls, is there really an explanation needed here?

#6 – Service Management – 60%

The whole thing about the customer applies here to, as managing IT from the customer’s perspective has become de rigueur.

#7 – Client Relationship Management – 56%

We’re in the age of customer service, and anyone who’s mastered the art of managing CRM environments is worth their weight in gold.

#8 and #9 – Business Continuity and IT Financial Management – 55%

With companies paranoid about their systems surviving natural and man-made disasters, and cost-effective IT spending more important that ever, it’s no wonder these roles are on the rise.

#10 – Portfolio Management – 50%

This is a growing area driven by the desire to demystify the measurement of the impact of IT investments.

#11 – Asset Management – 34%

Like other spin-offs from more general business roles, this is another specialized function better outsourced.

#12 – IT Research – 30%

Research? That’s what consultants are for.

#13 – Human Resources (within IT) – 20%

HR for IT is an increasingly unnecessary luxury in an increasingly self-service environment.

Take a closer look at that list and you will notice Business Analysis has been ranked #1, #2, #3 and #10.

The Secret to Good Performance

Tuesday, May 11, 2010 by Matt Warman

I am now in my second stint as a performance architect. There are many tools to measure performance. Usually there is some criteria like time or memory that is failing. I think most application development people know that the secret to good performance is good code. The problem is that good code is impossible to measure. There isn’t any metric you can show your boss that shows refactoring this class will make the code run faster, or at least will not remove that class from the performance list. Besides we have these new features that need to be added. So how do I make code perform at a high level?
Write unit tests. Make sure that the tests cover all of your method calls. Make sure that your test captures error situations, not just the "happy path". Write your test cases BEFORE you write your code so you can "code to the test". Of course, you need good use cases from your architect and business analyst to write the unit tests.
Comment your code. Make sure your method names describe the function it is performing. Most IDEs add the parameters and returns for you; all you have to do is describe the reason for the method. These are easy things to do. They are boring yes, but when it comes to adding that new feature, or changing a method call, it saves a lot of time when you can run a test to prove that your changes work.
Refactoring. All application development people should learn refactoring. The Java language has changed tremendously in the last 15 years, and your code hasn’t. I think that the Date object has been revamped twice since the 1.x days. New features like annotations and generics may not change the performance of the code, but it sure does affect the readability of the code. Readable, easy to understand code is also easy to maintain and update. It makes a six month project become a three month project. The business always has more projects, so they will be happy. Fewer errors happen, so your boss is happy. You get to solve more interesting problems so you are happy. When you are happy, both you and your code performs better.

IT Governance Needs to Change to Gain a Competitive Advantage

Friday, May 7, 2010 by Aaron Whittenberger
Futurists have been fore-telling the look of the business enterprise and the IT Department for years.  The latest version from the Corporate Executive Board state that we are in for rapid, radical change.  It fore-tells that the IT Department in 5 years will bear little resemblance to the IT Department of today.  As business users become more tech savvy, the business units will absorb a lot of today’s IT functions.  Along with continued IT outsourcing, they predict that only 25% of today's IT professionals will still be in IT in 5 years.

The CTO blog does not forecast such a dismal future for the IT professional, but it also acknowledges the need for better alignment with business strategic goals and faster IT solutions delivery.

Whereas, I will not completely buy in to the idea that 75% of today’s IT professionals will not be working in IT in 5 years or that change will be so rapid or radical.  It is increasingly apparent that change in IT solution delivery is necessary, and that is where I suggest that business organizations start; in particular IT Governance. 

I hope to see today’s IT Governance Committee, which approve and prioritize IT business solutions projects, replaced with a Business Improvement Project Review Board who approve and prioritize all business improvement projects.  This new Governance Body will consider all business improvement projects; those with business solutions and those with IT solutions.  As I mentioned a few weeks ago this new board needs to better track all projects and continue to give its support to all projects at every stage of the project.  Once the cost of the project outweigh the benefits, or other external forces make continuance of the project unwise, the project can be stopped and decrease the expense to the organization.

Along with that we will see the idea of a Project Management Office (PMO) replaced with a Business Improvement Office (BIO).  The BIO will be staffed with people with business backgrounds and those with IT backgrounds; however, cross-training and best practices will require all members of the BIO to look for the best solution, considering both business and IT solutions, to meet the needs of the business.  The BIO will take over the project management, business analysis and quality assurance aspects of a project. 

Continued competitive pressures will force the BIO to change its practices in order to achieve faster solution delivery.  Some will embrace the Agile methodology; others will develop some hybrid methodology taking parts from both the Agile and Waterfall methodologies.  However they achieve it, continued pressures for competitive advantage will require continual improvement in the methodology to push for faster and faster delivery while not sacrificing quality.

Many references now forecast a change to IT Departments and IT staffing as we know it today.  It will be interesting to see the changes as they come about and see which forecast was most correct.

Building the Business Case for New Tools

Friday, March 26, 2010 by Aaron Whittenberger
A couple of weeks ago I wrote about the need to develop a Business Case document.  Soon thereafter I find this one-page Business Case document.  The first question that comes to mind is “how can you put all that needs to be in the Business Case document in one page?”  Believe it or not, they did it.  Of course, a lot of things were abbreviated.  You have to question the usefulness of such a document.

Of course, a one-page document is not what we experience in our IT Business Solutions projects today.  Instead, we have what Chris Gurney wrote for BA Times as the “Big Freakin’ Requirements Document”.  Chris outlines the various reasons that our requirements document has to be so freakin’ long:
  • To Communicate to all audiences
  • To Validate that Needs are Met
  • To Ensure Everything’s within in Scope
  • To Manage Changes to Requirements
  • To Meet Regulatory and Corporate Obligations
  • To Define Requirements Collaboratively

It has become common place in over the years to try to accommodate everyone with one document.  So language is included for executive staff.  Then we translate the requirements to a more detailed level for developers and testers.  We turn on “Track Changes” feature to retain the history of changes to the document; which then leads to descendent versions of the document.

What Chris is trying to point out in the article is that a Word document is no longer sufficient for collaborative development of requirements for our IT business solutions projects.  What you can expect to see is many vendors rush to provide software solutions to these shortcomingtools of the trades.  Currently, there are some solutions out there to address these issues.  I will not promote any current software solutions here, but you can expect to see more solutions from new vendors in this area.  You will also see great improvements in features in the solutions that are already on the market.  When business organizations migrate in groves to these solutions and away from Microsoft Word as the standard for “document” development then you will see this market grow rapidly.  Large organizations with large IT staffs and geographically dispersed enterprise application development teams should be first to make the move.  I think you will see Business Analysts within those organizations leading the charge, but with all “organizational shift” changes, convincing those that hold the purse strings of the value and need for new tools will be their greatest challenge.

Homeshoring, the new trend in IT Outsourcing!

Tuesday, March 16, 2010 by Aaron Whittenberger
According to an InfoWorld article this month, the U.S. IT market has added 25,000 jobs in the first two months of 2010.  This is the largest month-to-month gain in IT staffing jobs in the U.S. since 2008 according to U.S. Labor Department statistics.

A contributing factor to that increase may be a new trend in the IT Outsourcing called “Homeshoring” or “Onshoring”.  This is an alternative to offshoring your IT outsourcing by placing it in low-cost, non-urban U.S. areas.  Monty Hamilton, CEO of Rural Sourcing Inc., recently spoke at the 2010 Outsourcing World Summit, where the idea of homeshoring was well received.

As salaries in India increase because of past American offshoring IT strategies, rural America becomes more competitive.  This along with the other benefits, such as culture and the favorable time zone, may spark an increase in the coming years to homeshoring. 

Mr. Hamilton notes that Small to Mid-sized Businesses (SMB) are first to realize the benefits of homeshoring.  He also makes note that a few jobs may still be lower cost as offshore, such as moving stack A to stack B.  However, when it comes to IT staffing, enterprise application development and IT strategy consulting, homeshoring is the growing trend.

How to Get the Financing You Need

Monday, February 8, 2010 by Aaron Whittenberger
Any good Business Analyst will tell you that IT and business speak in different languages.  Good CIOs and IT Infrastructure Management know that CFOs have a language all their own.  “That being said, it is the money people who generally stand in the way of engineers and technologists and the spending required to accomplish great things with IT.”, according to an CTOEdge article.  CIOs generally don’t speak in the language of the CFO when making spending requests, so we walk away feeling that they “just don’t get it”.  Here are 10 areas where we, as the promoters of IT, can begin to communicate better with the CFO.

1.  Think TCO, not ROI

To the CFO, return on investment is how much money you’re going to give back to the company. Let’s face it. Most IT projects — no matter how compelling — don’t bring “return” to the organization like an additional sales person, a new marketing campaign, or a new product launch.  Preach total cost of ownership (TCO); repeat it until you are blue in the face.  Whether business application development, web application development, IT infrastructure investment; you can demonstrate “fiscal stewardship” through cost reduction or increasing customer satisfaction and loyalty.

2.  Cloud Computing

CFOs like what they hear about cloud computing as a cost saver. Don’t fight them on it.

3.  Green IT

Are you surprised when the CFO is not willing to pay a premium to keep the environment cleaner?  The reality is that no green projects exist unless they have a better TCO.  So whether to upgrade your IT infrastructure, better IT infrastructure cooling, or saving space for your IT infrastructure you can build a strong business case of the decreased TCO and community relations intangibles of being an “environmentally conscious” firm.

4, 5 and 6.  Virtualize, Virtualize and VIRTUALIZE

“This subject takes up three spots because there are three key virtualization targets -- servers, desktop and storage. But again, the key here is how to justify and how now NOT to justify.”  Again build your TCO case for virtualization, but be realistic in your cost savings estimates.  Many times virtualization projects are viewed as unsuccessful because they did not meet the upfront cost estimates.  Be sure to include high traffic times such as end-of-month close periods.

7.  Adopt IT-Centric Business Continuity

Over the years responsibility for business continuity have been put on IT management.  This needs to change.  Organizations need to understand that there are three phases to a business continuity plan; event response, disaster recovery and business continuity.  With the financial impact on the organization of disaster recovery and business continuity, business management must be involved and responsible for these areas.  It should not be IT management’s responsibility to determine which business units are most important.

8.  Align with the Big Picture

Along with TCO, build your requests showing how the request aligns with the business objectives and goals of the organization.

9.  Proactive Cost Reduction

Boy does that sound like another way to say TCO to you?  Take a proactive stance on reducing cost.  The article showed how to reduce cost of document retention.

10.  Reduce Data Center Costs

The organization’s data center is usually the center of the IT infrastructure, both in physical space and cost.  Just as in application software development, modular building of a data center can cut cost of the IT infrastructure through avoiding construction cost, reduced cooling cost and reduced capital expenditures.

“While the relationship between CFO and CIO can sometimes have more debits than credits, it is definitely worth the investment in time and effort to highlight IT projects in terms the CFO will understand.”

Stop Whining

Friday, January 29, 2010 by Matt Warman

I don't often get on my soapbox, but I feel it's time for this. Stop whining! This refers specifically to application development, but I guess it can be applied to most everything. The point I am talking about is application frameworks.
I am using JavaFX, which is relatively new. The problem it is trying to solve is to remove the cruft from desktop application development (Swing), add 2d animations, and be able to run on a variety of devices and platforms. For me the holy grail of Java development would be to create an application that runs on mobile, desktop, and browser, all using the same code! JavaFX does this nicely. Some application development people won't even look at it because features like menus are not there yet. Are there some things missing? Yes, but there is a difference between “where's function X?” and “Epic fail! I can't do anything because function X is missing!”.
All languages, especially new ones have holes in them. You must learn to work around things, that's why I call myself a hacker. Would I want to have something work out of the box? Of course I would, but I also understand that knowledge comes with getting your hands dirty. Just because I can't drag and drop a control doesn't mean it doesn't work. I think the rule of thumb for me is, if the work takes more code than the application I am working on, then's it's broken. I think the whining is more apparent in the younger guys, because of the great things we can do in our IDEs. Not to sound like a greybeard (but I will anyway) is that I started coding Java in NOTEPAD! The same is true with HTML and XML. I love that code completion and other useful features have become standard now, but I bring this point up for a reason. I know how to fix it when breaks, because I know how it's put together.
Sure code is tough, but if you think writing an application is tough, you should see what it takes to write an API. The application development “magic” doesn't write itself. If something doesn't work right, investigate it, instead of complaining. You may have the key fix to make it great. I know you will learn something during your research. You can't drag that control, so you will wait until it's so easy, even a caveman can do it. If you do, you may be replaced by a cheaper caveman.

Fun with JavaFX

Friday, December 4, 2009 by Matt Warman

I have recently discussed my application development with JavaFX. After using it for a while, I am generally impressed. I come from a Swing background, so desktop application development is not difficult. The concepts that you will most use are sequences, binding, and triggers. Sequences are arrays of objects, but JavaFX makes it easier to use. You can use an index of course, but the insert and delete keywords give more control. You can simply add to the end of the sequence, or insert or delete before or after any item in the sequence. The hardest thing to deal with is that there are no multi-level arrays in JavaFX.

Bind and triggers are an interesting way to dynamically update values on the screen. They seemed awkward to me first, but once you get the hang of it, they work well. You can use the bind keyword assign a variable or attribute a dynamic value. There are times though that the runtime won't update. Instead of Listeners, JavaFX uses the on replace keyword to change the value in runtime. Anything inside the brackets will fire when the value changes. Just update the bound variable in the on replace, and the runtime will update. It seems like you are creating the same value twice, but it is a better way to control runtime events, without a bunch of unused Listeners taking up space.

For most application development people, it is the ability to customize and extend controls that makes a language useful. One thing that I have been doing is creating custom groups. Each control, (Text, buttons, progress Bar, etc) are actually a node on a scene. You can use the Group container to combine the controls into a single class. The Group control is more than a container because application development people can add special attributes that affect the group. I have created a group of polygons that act as buttons. I can't use the ButtonGroup control, so I change the selected button and hover color inside the class by using attributes. The cool thing though, is that I don't create the mouse events in the class, but when I create the group. The mouse events interact with variable on my main class, so there isn't any coupling of my custom class to my main class. That means I can use my polygon buttons in any project I wish.

The are many different effects that you can apply to the controls, too many in fact. As most application development folk don't have a solid background in graphics, a solid guide on gradients, reflection, glowing and other effects, and animation would be great. I just don't know how to control some effects, and I am still learning how to blend effects to make things look cool. That tutorial or book would be my new best friend.

Is IT Qualified To Satisfy The Business?

Monday, November 9, 2009 by Aaron Whittenberger

“IT executives increasingly implement marketing initiatives to improve the communications with their business customers. But these efforts often focus solely on the brand aspects of the services under the IT’s control without understanding the business’ perception of IT. To maximize the success, IT must add business satisfaction assessments to its tool kit. Understanding business satisfaction requires qualitative and quantitative data that capture customer expectations and perceptions through different types of interactions such as interviews, panels, focus groups, complaint systems, and surveys. This report provides best-practice recommendations, survey templates, and questions to guide IT executives through the deployment of a business satisfaction assessment. It applies Forrester’s deep expertise in external customer satisfaction to the interface between business customers and their internal IT suppliers.” says a new Forrester report.

I have served on countless business application development teams within several organizations in the Southwest Ohio and Cincinnati Information Technology community, one thing I can say is that most IT organizations do not gauge business satisfaction with IT business solutions.  I have served in only a couple of organizations where the business serves on the IT governance committee.  An organization does not have to be “big” to have an IT governance committee.  No matter what the size of the organization decisions are made as to priorities in IT work.  IT governance does not have to be a long drawn out process or take great time commitment from the business or IT executives, but business involvement in IT governance goes a long way in gaining business buy-in as you roll out the IT business solutions to the business.

Involvement in IT governance is just one way that many organizations in the Greater Cincinnati area can improve the IT-business relationship.  The Forrester report goes into ways to solicit and gauge business satisfaction with IT business solutions.  Doing so should affect decisions concerning not only IT business solution delivery but also IT Infrastructure and IT outsourcing initiatives.

 

IBM, Java, and the Community

Thursday, November 5, 2009 by Matt Warman

I recently read an article about the state of the IBM “i” and the amount of complaining by IBM application development and business partner folk. I know several RPG application development folk, and it sounds familiar. That made me think about my Java Application development and career. Are there things to complain about, and uncertainty about the future? Yes, but there are 2 reasons why the Java community is in a better place; the business model and the community. Before the IBMers call for a holy war, I said COMMUNITY! I am not talking about the strengths or weaknesses of the hardware or software. The business model for IBM is that they make the hardware and software, and partner for the sales and service. I think that is a viable model until IBM competes in the sales and services with their partners. If a lead is brought in by a small partner, they are awarded by giving the business to someone bigger. This sets up a confrontational relationship between IBM, the big partners, and the little partners. IBM can also decide whether or not you are worthy to be a partner. Why does this affect the software application development team? Because most consulting firm are selling SERVICES not HARDWARE. If they are not seeing business because of political fighting, they don't have to sell it. There are viable options on other platforms, where interference does not happen. IBM never fostered a community, they created a hierarchy with themselves as the head.

Certainly Sun has done some things that made myself and others unhappy. Besides, complaining, we actively pushed to remove barriers in our path. We do have an open source Java. Is there a IBM community that can work with RPG to make it work for them? I also think its about scale and timing. It's not like IBM software developers have their own AS/400 at their home. It's easy for me to create and use nearly any kind of application at my home in Cincinnati, and pretty cheaply. It makes it fun to tell non-technical people about my application development. Nobody but accountants want to hear about accounting programs. Java, and newer languages have grown up with the Internet. I have friends from all over the globe that have similar interests. If I have a problem, I can go online to a forum, friend, or web page to find what I need. I can read and write blogs to voice my opinion (like now). These things are not ingrained in the Legacy community, and in fact, have been actively campaigned against. It is my belief that any software, hardware, or service will die when there is no vocal community to support it.

My Learning Recipe

Friday, October 30, 2009 by Matt Warman

As a consultant and application development person, I have to learn new things all the time. Take for example, my work with JavaFX. The language does have some familiar aspects, but there is a lot new there too. How do you go about learning something new? I have come up with some guidelines that I use in learning new things (in this case a language):

  • Read as much about it as you can first. No one wants to wade through tomes of technical information, but that is where you learn. I try to get a feel for what problem the new thing is trying to solve first.
  • Understand the core elements. Whether it's a programming language, a car, or a philosophical construct, knowing how it works is the first step. I know it's time to go to the next step when I have some ideas on how to use the item, and I start formulating a project.
  • Examine and breakdown examples, if you can. You would be surprised at how many application development people think they're “smart enough” to figure out how things work just by following a few examples. I don't know about you, but I don't figure out a complex things just from a few simple “Hello World” examples. That being said, seeing how things works is the quickest to way get a basic understanding. Couple that with knowledge you acquired by reading the manual, and you get the “why” of how it's put together.
  • Create your own knowledge base. I like to Google more than most people, but things do need to get done. I will create a separate folder to contain links to examples, other application development team members' blogs, white papers and other documentation. If you can, create a “how-to” WIKI. Having a centrally located repository makes it simple to answer questions.
  • Create a test project. I do this especially for languages. I create a test project where I can test specific “how do I?” questions. It keeps you from removing code, adding unnecessary functions, and commenting and uncommenting code in your main project. Figure it out in its own project first, then transfer the code and knowledge to your main project. It is always good to revisit it after a period inactivity.
  • Write or teach what you learned. As application development people, we tend to get blinders on when doing something. Having a different set eyes, or different questions being asked makes you examine what you actually know.

     

So there's my “Secret Sauce” for learning. You still have to come up with ideas on how to utilize you knowledge though.

Working with Magento

Wednesday, October 21, 2009 by Matt Warman

People outside of Cincinnati may be shocked to know that I work with languages OUTSIDE of Java! I don't know any application development person, especially one who does web application development who doesn't use several languages. I have recently been working on Magento. What is that you say? Magento is an Open Source PHP ECommerce application based on the Zend Framework. You don't need to download Zend, just the Magento PHP files. We actually have Magento internally setup with a LAMP package, but I already have MySQL and Apache on my local machine, so I thought I'd tackle and individual install. The verdict? Well after a couple of small hiccups (don't use the Windows install for PHP, just unzip, and localhost needs to be a virtual host), setup was a breeze!  Fortunately, STAR BASE, Inc. has enough experience to over come these issues.  Magento is easy to customize products and catalogs, and would be a good choice for organizations to create their own ECommerce site. Magento is easy enough to implement without an IT Consultant, but an experienced consultant can save you time and frustration.


Takin’ the Basset Hound to the Farm (Part One)

Tuesday, October 20, 2009 by Jeff Welsh

Seems like it has been a while since I have had a chance to do a post.  For the last 3 weeks things have been absolutely crazy in our IT consulting world, but in a good way.  We had a chance to go to the Techserve Alliance national conference in Las Vegas.  I have heard all the jokes, including the one about it staying in Vegas.   We did learn that just because you are pre-checked with the airline, does not mean that your bags are.   We got our bags checked with literally a minute to spare and fortunately all made it back to Cincinnati.

Upon return, we signed a support contract for a new customer.  They trust us enough to outsource their entire IT applications support to us.  We have a real life example of an IT Strategy that was discussed at the conference (See #3).  Not only was IT strategy discussed but business strategy as well.  Here are some highlights:

1. Market Differentiation - customers have lots of choices, how will you stand out?

2. Improve Systems and methodology for delivering service- excellence, efficiency, depth of service.

3. Outsource what you can-eliminate the busy work that does not add strategic value.

4. Deal with the economy being slow to recover till 2012, spend your money wisely, hire wisely, fire quickly, and refine what is working, stop what is not.           

5. Build Alliances with like minded providers in different industries and sell collaboratively to serve the customers' need.

My favorite of these five is number four.  Said another way, its takin’ the basset hound to the farm.  I’ll expand more on that in my next post.


 

IT Outsourcing in for some big changes

Tuesday, October 6, 2009 by Aaron Whittenberger
A new report from Gartner Research Firm

IT Outsourcing is not going away anytime soon, but a new report from Gartner Research states that the market is in for some big changes.  The report predicts that one in four business-process outsourcing firms will disappear within the next three years.

The article in InformationWeek gives advice to CIOs who wish to initiate a new IT Outsourcing contract on warning signs to look for in your prospective BPO partner that would indicate this firm may not be able to fulfill any new contract:

1.    Are they losing money?
2.    Are they winning new business?
3.    The loss of marquee clients.
4.    Poor capitalization is impeding growth.
5.    Toxic exposure to tainted financial firms.
6.    Lock down your exit strategies.

In another article in EconomicTimes I read that IBM will goble up half of India’s IT outsourcing business in 2010. 

This is not to suggest that the offshore IT outsourcing business is coming home.  IBM’s business is international.  With IBM awarding one-half to 1 billion dollar contracts, many India firms will not be able to compete in delivering hardware, software, IT consulting services and integrated business solutions.  IBM is one reason that 25% of IT BPO firms will meet their demise within the next three years.

Take a Team Approach to IT attacks

Tuesday, September 8, 2009 by Aaron Whittenberger
You more than likely already know you need the best security possible to prevent an attack. You also need IT infrastructure and IT staffing in place to respond to an attack if one happens.

Incidence response should be one of the most important items on your IT security agenda. Your company must be prepared to respond to an incident once it occurs and quite possibly to stop the next one.

As of late, disgruntled employees violate internal policies or misuse system access for their own monetary gain or for revenge on employers due to mergers, outsourcing of business or IT jobs or employee lay offs.  Internal threats are as real as external threats.

IT experts say that security professionals with the right skills can help lower the number of and potential for incidents at any organization with their responses.

An article in this week's GovInfoSecurity.com outlines the experts you will need:
  • Network security specialist: A person familiar with intrusion detection systems.
  • Penetration testers: Someone who can assess a system's potential vulnerabilities.
  • Incident handlers: People who understand attack methodology and can apply critical thinking skills to respond to incidents.
  • Forensics Analyst: The person who looks for evidence after an attack.
  • Research Analyst: The person to keep abreast technological advances in incident response activities.
  • Team Leader: Leads the team through crises and communicates to the business incident activities and cost to the business.
The article also outlines a typical methodology the team should follow to respond to all types of attacks:
  • Preparation and Training: for both prevention and incident response.
  • Identification: fast identification of an occurring attack and its impact on the IT infrastructure can help in minimizing the duration and cost of clean-up.
  • Containment: Once an attack has been identified, steps must be taken to minimize the effects of the attack.
  • Recovery and Analysis: The recovery period allows analysis and lessons learned of What happened? Why did it happened? Was the response effective?
Is your IT infrastructure safe from internal and external attacks?  The proper IT infrastructure safeguards and IT staffing with proper security skills can help ensure your organization's security.

Teaching Old Dogs New Tricks

Wednesday, September 2, 2009 by Mark Murphy
Sometimes the solution to a problem is staring you right in the face.  Sometimes you already know the answer but can't see it because the pieces are labeled in a way that is outside the scope of the solution.  Sometimes you can just use an old tool to provide a piece of functionality you thought you needed to code a home grown solution for.  Recently, such a time occurred for me.

I was in a meeting discussing the logistics of transferring multiple gigs of text data across the internet.  The source computer was an iSeries, the target was something else.  Much of the discussion centered on network latency and the time it was going to take to transfer that much data, and how processes were going to have to be pushed back a day because the window was too short.  Well I said why don't we just zip up the file and send it that way.  Data files tend to be highly compressible, up to 90%.  "Can you do that on an iSeries."  That was the infrastructure guy.  Why not, I can run Java on it.  I shouldn't be too hard to find something, even if I have to write a simple Java program.  "Don't do anything we won't be able to understand."  That was one of the RPG programmers.  IMHO, the legacy tag belongs with those who use the technology, and the technologies  they choose to use rather than with the hardware and operating system.  For me it was a challenge.

A day later I had a working command using a tool that is bundled with every Java Development Kit.  I knew this, but it took a slight memory jog from a college to remind me.  A JAR file is a ZIP file with a different extension.  IBM explicitly provides a tool to convert a database file to a CSV file, or a flat text file, but to compress that file into a ZIP file you need to use the JAR utility and give the file a .ZIP extension.  Works like a champ.  IBM even provides an alternate JAR utility that acts more like a command line compression utility to create zip files, but instead of calling it zip, or izip or something like that they call it ajar.

Well, a short CL later and I have a full featured program that takes a database file name, a zip file name and path (in the integrated file system or IFS), and a format selector (*DLM or *FIXED).  It probably would have made more sense to name that format *CSV instead of *DLM, but IBM's conversion utility calls it *DLM.  The output is a zip file with the name and path as specified in the input parameters.

And Here it is:

             PGM        PARM(&DBF &ZIPFILE &FORMAT)


             DCL        VAR(&DBF) TYPE(*CHAR) LEN(32)
             DCL        VAR(&ZIPFILE) TYPE(*CHAR) LEN(255)
             DCL        VAR(&FORMAT) TYPE(*CHAR) LEN(6)
             DCL        VAR(&FILE) TYPE(*CHAR) LEN(10)
             DCL        VAR(&LIB) TYPE(*CHAR) LEN(10)
             DCL        VAR(&MBR) TYPE(*CHAR) LEN(10)
             DCL        VAR(&CMD) TYPE(*CHAR) LEN(255)
             DCL        VAR(&TEXTFILE) TYPE(*CHAR) LEN(15)
             DCL        VAR(&TEMPFILE) TYPE(*CHAR) LEN(40)
             DCL        VAR(&ERRLOOP) TYPE(*CHAR) LEN(1) VALUE(N)
             DCL        VAR(&INTER) TYPE(*CHAR) LEN(1)

             MONMSG     MSGID(CPF0000 QSH0000) EXEC(GOTO CMDLBL(ERROR))

             RTVJOBA    TYPE(&INTER)

             CHGVAR     VAR(&FILE) VALUE(%SST(&DBF 3 10))
             CHGVAR     VAR(&LIB) VALUE(%SST(&DBF 13 10))
             CHGVAR     VAR(&MBR) VALUE(%SST(&DBF 23 10))

             /* Ensure ZIP directory exists for error logging */
             MKDIR      DIR('/zip')
             MONMSG     MSGID(CPFA0A0)

             /* Delete &zipfile if it exists */
             RMVLNK     OBJLNK(&ZIPFILE)
             MONMSG     MSGID(CPFA0A9)

             /* build text file name */
             IF         COND(&FORMAT *EQ *DLM) THEN(DO)
                CHGVAR     VAR(&TEXTFILE) VALUE(&FILE *TCAT '.csv')
             ENDDO
             ELSE       CMD(DO)
                CHGVAR     VAR(&TEXTFILE) VALUE(&FILE *TCAT '.txt')
             ENDDO

             /* generate temporary file name */
             RTVTMPIFSN NAME(&TEMPFILE)
             IF         COND(&TEMPFILE *EQ ' ') THEN(CHGVAR VAR(&TEMPFILE) +
                          VALUE('/tmp/$$__tempfile'))

             /* export DBF to temporary file */
             CPYTOIMPF  FROMFILE(&LIB/&FILE &MBR) TOSTMF(&TEMPFILE) +
                          MBROPT(*REPLACE) STMFCODPAG(*STDASCII) +
                          RCDDLM(*CRLF) DTAFMT(&FORMAT) RMVBLANK(*TRAILING)
             MONMSG     MSGID(CPF2817) EXEC(DO)
                SNDPGMMSG  MSGID(CPF9898) MSGF(QCPFMSG) MSGDTA('Error +
                             converting Database File to Interface File') +
                             MSGTYPE(*DIAG)
                GOTO       CMDLBL(ERROR)
             ENDDO

             /* Send 'compressing' status message */
             IF         COND(&INTER *EQ '1') THEN(SNDPGMMSG MSGID(CPF9897) +
                          MSGF(QCPFMSG) MSGDTA('Compressing file ' *CAT +
                          &FILE) TOPGMQ(*EXT) MSGTYPE(*STATUS))

             /*---------------------------------------------------------------*/
             /* This command is using the unix environment to zip up the file */
             /* extracted above.  All errors are logged to a text file        */
             /* named error.txt.  The 2>> operator redirects stderr to the    */
             /* file following it, and adds any messages to the end of the    */
             /* file.                                                         */
             /*                                                               */
             /* The following unix utilities are used here:                   */
             /*  ajar - create an archive                                     */
             /*                                                               */
             /* The following environment variables are used here:            */
             /*  QIBM_QSH_CMD_ESCAPE_MSG - Sends QSH0005 as an escape message */
             /*        if the exit status is not 0 (Qshell error condition)   */
             /*---------------------------------------------------------------*/
             /* Send an escape message if the command fails */
             ADDENVVAR  ENVVAR(QIBM_QSH_CMD_ESCAPE_MSG) VALUE(Y) +
                          REPLACE(*YES)

             /* Create &zipfile from temporary file */
             CHGVAR     VAR(&CMD) VALUE('ajar -c -M' *BCAT &ZIPFILE *BCAT +
                          '''' *CAT &TEMPFILE *TCAT ''' :' *BCAT &TEXTFILE +
                          *BCAT '2>>' *BCAT '/zip/error.txt')
             QSH        CMD(&CMD)
             MONMSG     MSGID(QSH0005) EXEC(DO)
                SNDPGMMSG  MSGID(CPF9898) MSGF(QCPFMSG) MSGDTA('Error +
                             creating ZIP file') MSGTYPE(*DIAG)
                GOTO       CMDLBL(ERROR)
             ENDDO

             /* Delete temporaty file */
             RMVLNK     OBJLNK(&TEMPFILE)
             MONMSG     MSGID(CPFA0A9)

             /* Exit Normally */
             GOTO       CMDLBL(OUT)


             /* Process Errors */
 ERROR:      IF         COND(&ERRLOOP *EQ Y) THEN(GOTO CMDLBL(OUT))
             CHGVAR     VAR(&ERRLOOP) VALUE(Y)

             /* Delete temporaty file */
             RMVLNK     OBJLNK(&TEMPFILE)
             MONMSG     MSGID(CPFA0A9)

             /* Send Escape message */
             SNDPGMMSG  MSGID(CPF9898) MSGF(QCPFMSG) MSGDTA('Error +
                          Processing File') MSGTYPE(*ESCAPE)

 OUT:        ENDPGM

Check it out.  Create a ZIP file using the Java Archive utility.  A Rose by any other name would smell as sweet!

Are IT Jobs on the Rebound?

Sunday, August 30, 2009 by Aaron Whittenberger
A Network World article reports that the U.S. gained 7,400 IT jobs in August.  Gaining back what was lost the month before and following five months of losses of IT jobs in the U.S.  Hopefully this is the first signs of the U.S. coming out of the recession that has gripped the country.

Adding to the good news for IT Services Companies in Cincinnati, across Ohio and the country; as well as application development personnel is news from the U.S. Citizenship and Immigration Services that demand for H-1B Visas are on the decline.  They expect the entire 85,000 visas to be given out this year, just not as quickly and with the same frenzy as in the past few years.  FierceCIO continues to state that ‘employers are putting a greater emphasis on hiring American workers, buying American goods and abandoning offshore outsourcing’.  Where I do not believe this to be the general direction of employers in America, some smaller employers may have taken this direction but large firms continue their offshore IT outsourcing plans.

So does all this mean that better times are in store for IT business solutions professionals in America?  I remain pessimistically optimistic.

Is the IIBA Buckling Down Too Hard?

Tuesday, August 4, 2009 by Aaron Whittenberger
I have return.....from my eight month siesta.  No, I have not been in Mexico; so I can guarantee that I do not have the swine flu.  Although Mexico is on my bucket list, I don't believe now is a great time to visit.  I am back and still on my soap box.  What has gotten me back on my soap box are some recent articles and blogs I have read complaining that the International Institute for Business Analysis ® has made the application and recertification process for their Certified Business Analyst Professional (CBAP)® certification too stringent.

I have been and continue to be a strong proponent for IT certifications.  Even since I obtained my CBAP® certification last year the application process has changed.  The exam itself is now based on version 2.0 of the Business Analysis Body of Knowledge (BABOK)®.

I have heard that CBAP® applicants are rejected due to the IIBA® reducing their documented hours for tasks or deliverables that do not qualify as business analysis work.  Such reduction of hours left them short of the 7,500 hour requirement.  Some applicants are unaware of the new 900 hour requirement in four of the six knowledge hours, again leaving them short of the requirement. 

First of all I believe that the application process itself is more rigorous than the exam.  It is part of the whole process of obtaining the certification.  The IIBA® , by putting all applicants through a rigorous review process, protects the value of the certification.  A couple of tips I can give you in applying for the CBAP® certification:
  1. Document more than the minimum 7,500 hours of business analysis work.  This ensures that if your hours are reduced in the review process that you will still have enough hours to qualify to sit for the exam.  This goes for total hours as well as hours in each of the knowledge areas.  I personally documented 9,000 hours on my application.
  2. Put the language on your application in the wording of the BABOK®.  By putting your work tasks and deliverables in the language of the profession it is less likely that the hours will be discounted in review.
     
Remember that any certification worth getting will not be a give-me.  You will have to work for it.  Any certification worth getting will have a re-certification process, usually just as rigorous as the original application process itself.  In my opinion, the CBAP ® certification and the business analysis profession is what turns IT solutions into IT business solutions.  When it comes to web application development or any business application development projects, the business analyst is as much a valued resource as the project manager.  Business analysis done right can help ensure the success of your IT business solutions projects.

What’s new at JavaOne 2009 – Part 2 JavaFX, JavaFX Designer, and The Java Store

Thursday, July 9, 2009 by Matt Warman

Part one discussed Open Solaris. Part Two is all about what is new with JavaFx and the Java Store.

I have talked about, and been impressed with JavaFX since its debut at JavaOne 2007. It was a key part of my presentation to Cincinnati area application development members that year. For those application development people who don’t know what JavaFx is, I blogged about it here. So what’s new really with it? The JavaFx in 2007 was JavaFX script. JavaFX was limited in where you could run the script. In January, JavaFX released its first runtime, and now JavaFX 1.2 is out. You can have graphic designers create media for your application using JavaFX production and easily import them into JavaFx. The JavaFx language can now be run on the desktop, web page or mobile device. JavaFx has been integrated with the new version of web start, but more on that later. New widgets have been created, and third-party widgets are being created at JavaFx widgets. There still are issues, though. Some swing like widgets like menus and tables have not been completely done. You can create a wrapper around Swing components, but it’s not the same as a native widget. Integration with NetBeans 6.7 isn’t there because of the new designer isn’t ready, but an update is scheduled at the end of July The reason I think application development teams should use JavaFX, is that the same code can run in multiple areas. I can now create a desktop application and have it run on the web and mobile devices without having to rewrite my code.

The JavaFX designer will help in a wider adoption rate of JavaFX for the things it can do. A big part of JavaFx is making animation simple to create. With the timer piece of designer, it’s a breeze. In the demo here, (starts 10:25 in) you can take an image, give it a starting point, and pick intermediate points and the times and the designer creates all of timings for you. You can bind media and widgets to data or events. For example you can drop a video and some buttons on the scene. You then drag a link from a button to the media, and all available actions popup (play, pause, etc.). Select the action in the popup and it’s done. Application development guys can create a media player in minutes. You can open different windows with different screen sizes, and all of the children inherit their changes from the parent. You can edit each screen though, and those changes are kept for that window.

What is the Java Store, and why do I need it? The Java store is a warehouse for free, and for fee Java applications. Right now, everything is for free while the community decides the best way to charge (or not) for applications. If you need an application quickly, you can check the store without having to do extensive searching, or worse, recreating the wheel. The cool thing about the store is its use of the new Web Start technology. Users can preview the application before keeping the application. If you decide to keep the application, just drag it to your desktop. It’s just that easy.

Quantum Leap, Part 1

Tuesday, July 7, 2009 by Jeff Welsh

By the title of this post you might think that it is about an 80’s television show by the same name.   I really enjoyed Quantum Leap when it first aired and you can still catch re-runs if you have cable or satellite TV, but I digress.

In the past, I have talked about rate of change and its impact on IT infrastructure and application development. Today, I’m continuing along that line.

IT infrastructure is going to go through a massive transformation in the years ahead. Quantum technologies that were only theories in scientific journals just a few years ago are being prototyped in labs now. These new components will change the way we live forever.

Currently, data is processed by moving bunches of electrons about in huge batches. Think of the components in your PC as electrical plumbing. Data is usually stored as batches of electrons or in computer terms, bits. Imagine your computer’s hard drive as a bunch of very small buckets, some full of water, some not. This would represent the on and off that current computers understand or binary language.  This will change:

Improved technologies from emerging nanosciences are allowing us to replace batches of electrons with the smallest individual unit: the electron. As a result, computers will work at far higher speeds. Additionally, far less electricity will be required to do the same amount of work.  So what’s the big deal you may be thinking, that’s been happening for years.

The big difference now is “quantum superposition”.  In a nutshell, this means that a quantum particle can exist in multiple states and everything in between at the same time. This is because a quantum particle, such as an electron, behaves as both a particle and a wave.  Quantum physics is going to have a huge role in how we store and represent data in the future.

Next time, I will take a quantum dive deeper into this.