Blog Archives - ALC Training

If you’re thinking about levelling up your cybersecurity skills, odds are you will come across these two qualifications, CISSP and CISM.

Many IT and security professionals hit a ceiling in their careers without industry-recognised certifications, making CISM and CISSP certificates a popular choice. Both of these stand out as leading qualifications in the cybersecurity world and offer many benefits, but which one should you choose?

Before you sign up to complete your next cybersecurity qualification, here is all you need to know.

What is CISSP?

A CISSP or Certified Information Systems Security Professional certificate is a globally recognised certification for information security professionals. It is considered the “gold standard” in cybersecurity qualifications, ensuring that security leaders have in-depth knowledge of evolving threats, technologies, regulations, and industry standards.

The Value of a CISSP Certification is shown as it’s a globally recognised cybersecurity qualification that requires years of proven industry experience.

ALC Training - cyber safety concept with chain padlock keyboard wooden cubes white background flat lay scaled

What is CISM?

CISM or Certified Information Security Manager is another globally recognised certification designed for information security managers and professionals responsible for managing, designing, and overseeing an enterprise’s security program. Just like the CISSP certification, this requires you to have proven industry experience.

What’s the Difference Between CISSP and CISM?

The CISSP (Certified Information Systems Security Professional) and CISM (Certified Information Security Manager) certifications are both well recognised credentials and each offers key benefits. However, they also have some important differences in who they cater to.

CISSP is designed for security professionals who work on the technical and operational aspects of cybersecurity, including security engineering, risk management, and cryptography. CISM on the other hand, is targeted at security managers and executives who develop and oversee security programs, ensuring they align with business objectives.

Why Choose CISSP?

While CISSP requires a strong foundation of industry experience, it is not a beginner-level certification. Instead, it is ideal for professionals responsible for securing complex IT environments. While CISSP is regarded as a broad security technical certification, it is by no means basic. This is a technical course that delves into advanced security concepts.

Pros of CISSP

Globally recognised qualification
Includes both technical and security management skills
Opens the door to high-level security roles
Covers a deep understanding of security domains

If you are looking to build a well-rounded expertise in cybersecurity that spans both technical and managerial aspects, CISSP is the perfect choice.

Why Choose CISM?

CISM is ideal for those looking to lead and oversee enterprise security programs. This certification bridges the gap between technical security and business leadership, making it well-suited for individuals in security management roles.

Globally recognised qualification
Ideal for professionals who want to lead and oversee security strategies at an organisational level
Provides access to valuable industry insights
Ideal for those who want to lead and oversee security strategies at an organisational level

If your goal is to take on leadership roles in cybersecurity and develop security strategies that align with business objectives, CISM is the ideal certification to advance your career.

ALC Training - woman working computer network graphic overlay scaled

Obtaining a Certificate: CISSP vs CISM

Both of these cybersecurity qualifications offer important pros for those wanting to upskill, but they are not without their challenges. Both the CISSP and CISM exams are considered challenging, and as they both require years of proven experience, they are targeted at those with professional industry training.

Taking the Exam CISSP vs. CISM

The average study time for the CISSP exam is between 3 to 6 months while CISM is around 2 to 4 months of study time. To prepare you for the exam for each of these qualifications, you will study the main domains.

To prepare effectively for the CISSP exam, you will focus on eight key domains of information security:

Security and Risk Management
Asset Security
Security Architecture and Engineering
Communication and Network Security
Identity and Access Management (IAM)
Security Assessment and Testing
Security Operations
Software Development Security

CISM is more focused on the management aspects of information security, making it a shorter preparation period compared to the CISSP exam. The main CISM domains covered are:

Information Security Governance
Information Security Risk Management and Compliance
Information Security Program Development and Management
Information Security Incident Management

The exam length for both of these also differs:

The CISSP exam lasts 3 hours and is a computer-based test (CBT), consisting of 100 to 150 multiple-choice questions. You will need to get a 700 out of 1000 to pass the CISSP exam.
The CISM exam is 4 hours long and is also a computer-based test (CBT) with 150 multiple-choice questions. You will need to get 450 out of 800 to pass the CISM exam.

CISSP and CISM serve different purposes within the cybersecurity field. CISSP is designed for professionals who need a broad understanding of security technologies and best practices across multiple domains, making it well-suited for those working hands-on with security systems.

On the other hand, CISM is tailored for professionals who focus on governance, risk management, and aligning security strategies with business objectives. Rather than deep technical implementation, CISM emphasises security leadership, making it ideal for those in managerial or strategic roles.

However, the cybersecurity qualification you choose will need to be based on where you want your career to go next.

Finding the Right Cybersecurity Qualification for You

Now that we have broken down each qualification, which one should you choose?

Choose CISSP if you are a technical security professional looking to deepen your expertise in security architecture, network security, cryptography, and risk management.
Choose CISM if you are an IT security manager or leader aiming to oversee, govern, and align security strategies with business objectives.

Are you looking to up-skill your cybersecurity knowledge? Get CISSP or CISM certified with ALC. You can contact us today to find out more about your next qualification or to obtain a quote.

Browse all our courses and get accredited training from ALC today!

With the increase in cyber threats, it’s more important than ever to stay informed about evolving risks, and invest in professional certifications like CISSP.

CISSP or Certified Information Systems Security Professional is a globally recognised cybersecurity certification and is regarded as the gold standard for security professionals.

If you are looking to become CISSP certified, here are some important things you need to know before you begin.

CISSP Prerequisites

While anyone can attend a CISSP course, the accreditation will only be available to those who meet ISC2 requirements.

In order to get your CISSP certification, you will need:

A minimum of 5 years direct full-time security professional experience in two or more of CISSP CBK domains.
One year of work experience may be waived if you have a four-year or higher college/university degree or credentials.

Anyone who doesn’t meet these requirements will be given Associate status until these are fulfilled.

Who should be CISSP Certified?

A CISSP certificate can be hugely beneficial to those who are looking for more job opportunities, want to advance their skills, need to meet compliance requirements, or want a globally recognised security certificate.

ALC Training - pexels bertellifotografia 18999469 scaled

A CISSP course is aimed at those who are in the following roles:

Security Consultant
Security Manager
IT Director/Manager
Security Auditor
Security Architect
Security Analyst
Security Systems Engineer
Chief Information Security Officer
Director of Security
Network Architect

What are the Benefits of a CISSP certification?

A CISSP certificate comes with a range of benefits. CISSP validates your expertise in security principles, risk management, and cybersecurity best practices, making you a valuable asset to organisations worldwide.

One of the key benefits of CISSP is its global recognition. Many organisations, especially in sectors like finance, healthcare, and government, require or strongly prefer CISSP-certified professionals for senior security roles.

With so many certifications available, some employers may be unsure of which credentials truly indicate deep expertise. CISSP eliminates this concern by requiring not only a rigorous exam but also a minimum of five years of relevant work experience. The CISSP course is designed to prepare you for the examination at the end and provides comprehensive knowledge from leading security leaders.

CISSP Course Timeframe

There are both virtual and in-person options for your CISSP course that can help you get the most out of your training experience.

There are three options for your CISSP training with ALC:

Full-time 5-day CISSP Certification Prep course
Part-time 1-day per week over 5 weeks
Evening classes 6-9 pm one night a week for 12 weeks

The full-time, 5-day CISSP prep course is an intensive, immersive training program designed for professionals who want to accelerate their learning and prepare for the CISSP exam in a concentrated time frame.

For those who need a more flexible training schedule, the part-time 1-day per week over 5 weeks or evening classes one night a week for 12 weeks are great options. This is perfect for those who have other professional commitments but still want to prepare thoroughly for the CISSP exam.

The CISSP course will help you draw from an understanding of new technologies, regulations and practices that are based on the 8 Common Body of Knowledge (CBK) areas:

Security and Risk Management
Asset Security
Security Architecture and Engineering
Communications and Network Security
Identity and Access Management
Security Assessment and Testing
Security Operations
Software Development Security

After you have completed your CISSP course and your five years of work experience, it can take between three to eight months to get your certificate. This timeframe will vary based on your personal experience and how much study you require.

The CISSP exam lasts approximately three hours and can be scheduled months in advance so you can commit time to study.

Once you are prepared and believe you are ready, you will be able to sit the exam. The CISSP exam can be attempted a maximum of three times a year, and after your first failed attempt, you will need to wait a month before you can resit.

Do You Need to Renew Your CISSP?

Yes, you will need to renew your CISSP every three years to remain valid. You will need to earn 120 Continuing Professional Education (CPE) Credits. These credits can be gained through seminars, webinars, courses, self-study, or by joining organisations that expand your network.

Get CISSP Certified Today

ALC Training - pexels pixabay 60504 scaled

Cybersecurity certifications will help ensure you are up to date with security trends and best practices and can elevate your position in the field. With CISSP being respected as the golden standard in cybersecurity, it’s easy to see the value of a CISSP certification.

With our expert instructors and comprehensive course content, you’ll be fully prepared for the CISSP exam. Get started today and take the first step toward becoming a certified security professional.

ALC is a leading, Australia-based provider of quality training, specialising in best-practice methods and frameworks. Choose ALC for your CISSP training and take the next step in advancing your career in cybersecurity.

If you need more guidance, you can get in touch today.

This is an example post

The Australian Signals Directorate (ASD) announced this week that the Cloud Security Certification Programme (CSCP) is being scrapped, and references to both the CSCP and Certified Cloud Provider List (CCPL) are being removed from the Information Security Manual (ISM) and other publications. So, what does this mean for government agencies, businesses and individuals who rely upon these artefacts?

When considering moving to the cloud, the onus has always been on the Cloud Customer (“Customer”) to ask the right questions and have their security and privacy requirements met in the contract with the Cloud Service Provider (“Provider”). The Cloud Security Alliance (CSA) referred to this in their previous artefact, The Treacherous Twelve, as Lack of Due Diligence. The corollary is that, if Customers do not ask, then they are consuming the default security and privacy offerings from the Provider. Unfortunately, many Customers race to consume cloud solutions and forget the contention between cheap, fast, secure – pick any two. Cloud is often chosen as a cheap and fast “quick fix”, with security often neglected.

So what now? Organisations will need to ensure that their information security professionals are trained up in understanding the most important points to consider when engaging a Provider. This will include jurisdictional issues, contracts, roles and responsibilities and ensuring service level agreements meet the needs of the Customer, not the Provider. According to a recent online Forbes article, Certified Cloud Security Professional (CCSP), a body of knowledge and certification offered through (ISC)2, is the fifth most sought-after certification. Cloud is also a topic in the four certifications ahead of it – CISSP, CISA, CISM and CRISC. The CCSP is a well thought-out body of knowledge that is relevant and meets the needs of today’s cloud customers and providers.

ALC has been at the forefront of cloud training across the Asia Pacific region, and our internal statistics show we have trained over 60% of information security professionals who hold the (ISC)2 Certified Cloud Security Professional (CCSP) in Australia and New Zealand. As the focus will increasingly shift to information security professionals within organisations to ask the right questions and demonstrate good governance, it is prudent to consider a solid basis and foundational level within many of ALC’s cloud, security and privacy training portfolio. Our CCSP trainers include the first person to be certified as a CCSP in Australia and the former lead cloud architect for a major service provider.

<a href=”https://www.freepik.com/free-photos-vectors/business”>Business photo created by kues1 – www.freepik.com</a>

An increasing number of businesses are embracing the ‘bring your own device’ policy, allowing employees to use their smartphones and tablets to access the company’s information and work on the go.

This policy can add a new dimension to IT project management training, with products now able to be developed remotely and flexibly using mobile devices. However, it also means that a greater emphasis now needs to be placed on mobile cyber security to ensure that businesses are keeping their information secure.

Threats being detected in the Android app store

Although all kind of devices has risks associated with them, those operating on the Android platform are shown to be particularly vulnerable to malware from apps. It’s therefore essential that companies with employees using Android devices are extra vigilant and aware of the possible threats.

The most prominent threat to Android users is apps, with the Google Play Store being invaded by numerous applications containing malware. Google Play Protect detected and removed 1,700 Android apps infected with the malware Bread (also known as Joker) before ever being downloaded by users.

Likewise, an analysis by G DATA showed that the number of malicious apps reached a record level in 2019. This problem is growing, and businesses have to look out for ransomware and Trojans that might compromise their data for money.

ALC Training - internet 3592056 640

How can businesses protect themselves?

Due to the magnitude of this risk, it’s important for businesses to know the security measures they should take to defend employees mobile devices from malware. Lukas Stefanko, expert at security solutions company ESET, emphasises that the best approach to security is preventative.

“Don’t delay taking security measures until something unusual happens – in most cases it’s too late as the device may already be compromised and the data lost,” he said in an interview with We Live Security.

Businesses should require that all employees using their personal devices to access company information to have the latest operating system and antivirus software installed to defend against cyber threats. They should also encourage people to be careful of the apps they download, and always check the reviews before installing anything.

It is apparent how mobile security has become an integral aspect of information security training, and companies need to ensure they protect all channels of data access. ALC Training can help by educating employees in all aspects of cyber security, resulting in better protection for businesses in the long run.

Source:

Google Security Blog – Read the full details here .

G Data IT Security Trends 2020

Digital Transformation is the ability of an organisation to remain competitive. By using new technologies more effectively than their competitors, this leads to greater market share, lower price points, improved product and/or service quality and constant innovation for clients. But where do you start?

This article is designed for medium to large organisations that want to know how to do this. I’ll draw on my 20 years of experience as an enterprise and solution architect with DXC technology. I was fortunate enough to help a range of clients which I can now couple with my knowledge as a trainer, across the 12+ courses that I now run.

Click to open the infographic below to see a snapshot of the steps to take to perform a digital transformation successfully.

Here is my list of key steps in order:

Use an Agile framework to help structure the entire transformation. My recommendation is to use the Scaled Agile Framework or SAFe, coupled with The Open Group Architecture framework or TOGAF. This will involve sending all the senior leaders on a Leading SAFe 2-day course, your architects, engineering and development functions on TOGAF Part 1 and Part 2 4 day course.
Understand what business objectives you’d like to achieve in the next 3-5 years.
Work with all the key stakeholders to develop a common mission and vision.
Send your security experts to become certified on the Certified Cloud Security Professional certification.
Identify key execution leaders, usually the program manager, a senior project manager and the lead architect, to go onto the 4-day Implementing SAFe course to become SAFe program consultants. I wouldn’t recommend relying on outside consultants unless you want to hire someone.
Run a value stream workshop with the key stakeholders to determine the best value stream to take forward that will deliver your first epic and the associated top 5-10 features.
Start running internal Leading SAFe workshops to ensure everyone know how SAFe works and outline the value stream that we’re going to take forward. Use the workshop to seek feedback and help improve the decision-making process.
Think about training for your technical resources. So unless you’ve been living under a rock, you’re probably looking at Office 365 Security & Compliance (2 Days) and either AWS Quickstart (1 Day) or Azure Fundamentals (1 Day). My personal pick is to stay with Azure. It’s the most popular with my students in Australia. You could also consider Google and Oracle. I’ve had a handful of people use Google and only 2 use Oracle. I think they were from Oracle.
Identify the first Agile Release Train, be clear on what success looks like and ask your people to self-organise across the train, using the SAFe principles. Blend in the principles from the enterprise / solution architecture function and seek feedback from the teams.
Perform a training needs analysis workshop, by involving all those people that are required to build and deliver the solution. This is where you’ll need to identify the technical and soft skills that will be missing. This will include specific vendor product training, probably through eLearning methods and vendor training.
For soft skills, start thinking about cultural change programs for everyone on the trains. I’d recommend DevOps Foundation for everyone, DevSecOps Engineering for security and lead developers and DevOps Leader for the key leaders managing the train.
Don’t forget to bring the business on the journey too, so I can recommend the Cloud Computing Foundation (2 Days), designed for non-technical professionals and leads to an accredited APMG certification.
Almost certainly your transformation will contain a significant data component, so I can recommend training for all your technical resources on the newly released Enterprise Big Data Professional certification.
At this stage, you’ll be very close to deploying your first Agile Release Train, so you’ll need to ensure the relevant people have attended the SAFe Product Manager, Scrum Master and SAFe for Teams courses.
Finally, launch your train through a face-to-face Program Increment (PI) Planning workshop and allow your SAFe Program Consultants and Scrum Masters to coach the teams to success. Don’t forget to measure at every step to show progress. This is all explained in the SAFe implementation roadmap. If followed correctly, you’ll be delivering multiple features in the first 50 days.
Over time you’ll launch more trains, that are aligned to value streams to deliver more epics and features. As you grow, the trains will become much faster and with a team of 125 people or more, you’ll delivering features much faster than ever before.
Importantly, constantly track where you are in your business objectives, your mission and vision, to ensure you keep the trains on the tracks. There is where the Lean Portfolio Management components in SAFe that helps with the governance piece of this.

Do you have questions with these steps? Contact our awesome ALC Training team!

I have been in the infosec sector for over three decades and have seen the rise and fall of demand for IT and security professionals on a number of occasions. Y2K, the dot com bust and the GFC did not help our industry. Currently, we are on an upward trend, delivering training across Australia, NZ, Malaysia, Singapore and Dubai. I have seen year-on-year growth as people take up the call to either upskill, try to get a foot in the door or just learn about on-trend topics, such as cyber security, architecture, cloud, big data, artificial intelligence, digital forensics or incident response.

ALC recently added privacy to our portfolio by partnering with the International Association of Privacy Professionals (IAPP) and we’re making great inroads due to the pent-up demand in Australia and New Zealand. At the recent IAPP conference, the key message emerging from presenters, is one of accountability – having a key individual within an organisation drive the privacy agenda forward; it is all about privacy by design. And no wonder, every week, there is an article on a new privacy breach, quite often coupled with staff dismissals and a hefty fine.

ALC Training - InfoSec 2019

Our cloud portfolio is also strengthening. ALC made a strategic decision to add Certified Cloud Security Professional (CCSP) to the portfolio in 2017, along with other cloud courses, and Australia now has more certified CCSPs compared to Germany! Running the numbers, we can proudly say we have trained two thirds of those certified in Australia alone. For those who hold a CISSP or have anything to do with cloud, I highly recommend the (ISC)²CCSP® certification.

So is it all hype, or is there a genuine need for training? In reality, it’s a little hype, but also a genuine need to fill a gap. Increasingly, we have delegates cite several reasons for becoming certified: personal challenge, company requirement, or simply to learn. Many delegates are from organisations that are typically under-resourced when it comes to security and privacy, expecting miracles with existing staff numbers.

Remember, security and privacy are solved by people, process and technology. Therefore, it is everyone’s responsibility. We need effective awareness training and to skill those people on technologies, to look after security in their own domains – rather than expecting a security professional to become a master of all trades. There is a plethora of courses out there to do precisely that.

ALC’s focus is to deliver industry recognised training and certifications that are needed now and into the future. ALC has always been at the forefront of Information Security education since our very first course on Information and System Security in 1995. Our flagship set of courses on SABSA® security architecture and industry standard certifications such as CISSP® and CISM® are designed to meet the needs of the security professional. (FACT: Did you know ALC is an ISACA Training Partner!) Also, in the past three years we’ve placed a very strong focus on addressing the needs of newcomers to Cyber Security to help enable the industry to broaden its skills base with our Cyber Security Foundation+Practitioner Certification.

Cyber Security is a prominent, highly-regarded profession offering many varied career paths. The ALC Cyber Security Portfolio offers a formal route to becoming a recognised and respected cyber security professional through a modular program of certificate and non-certificate courses. Whatever stage you are at in your career, or if you are an Executive in need of improving capabilities within your organisation, we are here to help you, your team or your company, locally and worldwide.

Get in touch with our team to see how we can assist to deliver optimal training suited to your needs.

Peter Nikitser, Director of Cyber Security – ALC

Believe it or not, Office 365 now contains 27 separate apps that are provided by Microsoft. Many of these apps are provided with advanced security features. Clearly managing these security features within each admin tool is a complex and onerous task. So Microsoft have moved as much security as possible into the Office 365 Security & Compliance Centre. This is now the central place to manage the majority of security functions in Office 365.

Click on the diagram below to link to the Microsoft TechNet article describing all the key Office 365 services:

You can augment this list by adding third-party apps that are available in the Microsoft AppSource app store. You can also incorporate various Azure services that integrate with Office. One service that is already included, is Azure Active Directory.

Azure Active Directory or AAD, is a mandatory service that manages all the authentication and authorisations in Office 365. It integrates with your existing corporate Active Directory, which probably lives in your data centre (on-premise), using a service called AAD Connect. For companies that have very complex requirements around transferring data between your on-premise Active Directory and AAD, you can use the Microsoft Identity Manager product and the Active Directory Federation Service.

Here is a great link to a video that outlines some of the basics of Active Directory:

It becomes quite technical towards the end of the video, so just close it down, once you have the knowledge you need.

Understanding Active Directory is key to understanding the fundamentals of how the Office 365 Security & Compliance Centre works, so check out my 2 day course where we cover all the basics, in non-technical language, so that anyone can start security their Office 365 tenancy:

Not only do we cover AAD, but we also run through:

Overview of the 27 apps that Microsoft provides.
Various short overview demo’s of the Security & Compliance centre, covering key security concepts such as threat management, data governance, search & investigation, service assurance and reporting.
Azure Information Protection and how it fits with Office 365.
A short introduction to Powershell.
A primer on Cloud Computing and DevSecOps engineering.

Let’s pick out a couple of my favourite Office 365 services…Flow.

Flow is a product that allows you to integrate various cloud services, providing a platform for automating many of your tasks. It’s a competitor to IFTTT.com, which stands for If This Then That, which provides a similar set of services. For example, if an email comes into your inbox from a customer, there may be a series of manual tasks that need to be undertaken to start servicing that customer. This can be automated and free up your time to focus on talking with customers, rather than having to do repetitive manual tasks.

Click on the graphic to be taken to a video outlining potential uses of the tool:

Now, let’s look at some of the key features of Data Loss Prevention

If want to know more about Office 365 services, please reach out to me on Linkedin. Click on the image below to see my profile and start reaching out….

It may not be obvious, by the concept of a value stream is one of the most important concepts in a digital transformation. Why? Because once you understand a value stream, you start to truly understand your business and you’re on a clear path to improving customer experience. Exceptional customer experience is your key business differentiator in the world of digital disruption and needs to be the core focus of any digital transformation.

Let’s define a value stream. I’ll use what I consider, to be the best sources of knowledge reference.

First from Scaled Agile.

If you click on the image it will take you to the Leading SAFe 2 Day course I run at ALC Training.

Second from the TOGAF certification, written by the Open Group:

Value Stream Mapping: the breakdown of activities that an organization performs to create the value being exchanged with stakeholders. It illustrates how an organization delivers value and are in the context of a specific set of stakeholders, and leverage business capabilities in order to create stakeholder value and align to other aspects of the Target Business Architecture.

And here is a picture of a sample value stream map for an online purchase:

ALC Training - Online Purchase Value Stream

And here is another, outlining an emergency hospital admission:

ALC Training - Hospital Emergency Admission Value Stream

As you can see it’s a simple overview, usually shown in 5-9 stages, of how a product or service starts life and is delivered to the consumer.

As you can see, the business processes beneath can vary in complexity. With an online purchase, the process is relatively simple. With say intensive care, the process can be extremely complex and there are probably 1000’s or paths, depending on the type of care required.

It can also be known as:

Value Chain Diagram
Functional Reference Model

Clearly, there are many values streams and they are quite different between industries.

Once we understand our value stream, we can then consider decomposing each component into systems and people. An example of this is from Scaled Agile, where they define two types of value streams:

ALC Training - SAFe Value Stream Decompose

You’ll notice that the operational value stream is the one that is focused on the customer. Whereas the development value stream is aligned to delivering systems in an agile manner. In fact, these are development value streams are also known as a CI/CD pipeline:

CI = Continuous Integration – committing code at least once a day.
CD = Continuous Delivery – making sure code is always in a releasable state.

So what we’ve now done, is to understand our business in the context of delivering value through software. We cover this in our DevOps Foundation course:

Any questions on Scaled Agile or DevOps concepts, as always please reach out via twitter – @MusicComposer1 or find me on LinkedIn:

There are a number of examples in history, of how governments have fallen. Either through the ballot box, through a coup d’etat or via a civil or military war. But have you ever stopped to think that a lack of progress in a digital transformation, could be a fourth reason?

Let me back up a bit…and outline what I believe are the reasons we have a government. Why does it exist and why we need one. There are five:

Keep citizens safe.
Maintain law and order.
Grow the economy.
Provide services that require high capital expenditure to deliver.
Collect tax revenue.

Here is a great video that provides some more information on what government is?

Failure by governments to maintain those outcomes and deliver great customer experiences will result in disruption. We’ve already seen this movie before right:

Uber disrupting the transportation industry.
Netflix disrupting the entertainment industry.
Google disrupting traditional advertising revenues.

But hey, they’re all commercial examples. Have you got anything that is relevant to government? Sure:

Russian interference in the US democratic system.
UK leaving the EU. Affectionately known as Brexit.
Chinese attacks on Australian government services.

Here is a great video explaining Brexit:

You can also extend that to local government, such as Queensland in Australia:

Parents opting to homeschool their children and not use the Government funded system.
Students choosing to study at universities that offer the best blended, digital vs classroom-based experience.
Tesla disrupting cars, trucks and eventually planes and trains, which forces say the Dept of Transport and Main Roads to rethink transportation strategies and plans.

I talk about digital disruption and governments in the latest #AskTheCEO discussion here:

The same forces that have helped Uber, Netflix, Google and especially Apple become commercial disrupting forces, are the same for the government:

High customer expectations, driven by an app store always-on mindset.
Generational shifts, as we move into an ageing population, whilst we have adults that have been brought up with social media.
Customers expecting costs to drop and value to increase, driven by innovations started by Google, Amazon, e-Bay, Microsoft, Apple and others.
The increased use of technology to scale crime and scale warfare, driven by the low-cost barrier to entry, the relative ease to learn and use new tools due to the proliferation of the internet, and the prevalence of unprotected and unpatched systems.

So what is the solution. Well it’s important to understand what needs to transform in government and then do so, quickly. Using the latest Lean-Agile and DevOps principles, along with great talent, is how Spotify undermined their competition, so government needs to do the same. Here are three examples:

Attract and maintain talent by allowing them to be autonomous, attain mastery in their craft and provide them with clear purpose that inspired them. Think Elon Musk, heading to Mars and SpaceX.
Create fast and effective feedback loops, to allow everyone to learn quickly. A great example is the Uber App, which asks you to rate the driver at the end of the journey. Taxi companies don’t do this, so they can never learn as fast.
Decentralise decision-making, not all decisions, but ones that empower your workforce. Short-term, localised decisions, where people doing the work are the best informed to make the right decision. So let the sales-man close the $1m deal. Move the people to the work.

Interesting in learning more about digital transformation. Check out a range of courses that I run at ALC Training:

DevOps Foundation

Cloud Security

Cloud Computing

Scaled Agile

Enterprise Big Data

ALC Training - Azure and I

Microsoft is one of the world leaders when it comes to cloud computing services. In the last comparison of revenue streams from the cloud giants, back in Feb 2018, it seems that Microsoft was just ahead in front of AWS.

ALC Training - Top 7 CSPs by Revenue

Want to learn more about Azure? Well, there are options. There is a great free resource from Microsoft that covers Azure fundamentals here:

https://docs.microsoft.com/en-us/learn/paths/azure-fundamentals/

ALC Training - Azure Fundamentals

Or, if you’re looking for more a hands-on 1 Day Azure Technical Quickstart to understand how to provision resources, you can check out our 1 Day course here:

https://alctraining.com.au/course/microsoft-azure-technical-quickstart/

ALC Training - ALC Azure Quickstart

You can also reach out to us, for customised Azure and Office 365 courses.

Azure is classed as an Infrastructure-As-A-Service (Iaas) and Platform-As-A-Service (PaaS) in the cloud computing world. IaaS services are designed for system engineers, where you can set up and build servers, networks, and storage, and then install your apps on top. If you’re in the software development business, then the PaaS services are designed for writing, testing and managing code, and target developers.

Some important PaaS services that developers will need include:

Source Code Repositories – Such as GitHub or Azure Repos – these allow you to store and version control your source code.
Serverless – Azure Functions – automatically builds and manages the compute, storage and networking components, so a developer can focus on writing code.
Containerisation – Azure Kubernetes Services – allows developers to build, manage and monitor containers, which are used to store separate app stacks, relating to separate apps.
Datastores – Azure SQL or Azure Cosmos DB – allows developers to store and read structured (SQL) and unstructured data.

Below is a brief snapshot of just the Compute services:

ALC Training - Compute Snapshot

By combining together these services, you can create a rich tapestry of solutions. It’s very similar to the age of analog electronics, where you could select oscillators, diodes and specific electronics components, to create solutions like creating a home radio.

In Azure you can create very complex business solutions. Below is an example of how you might integrate a complex corporate environment with Azure services, in a model known as hybrid cloud:

ALC Training - enterprise integration queues events

There are some very important services that are available in Azure, that align nicely to medium to large clients that have to comply with complex regulation. Clients involving in banking, government, healthcare, and defence, need to maintain a level of corporate and regulatory governance, as well as a high level of cyber security protection in their cloud services. Tools such as:

Azure Security Centre – understand, see and manage your security across all your Azure resources. Very useful when dealing with a critical security incident in your organisation.
Azure Advanced Threat Protection – Protect your assets from all kinds of threats, both inside and outside your organisation, using AI and smart analytics.
Azure Policy – Enforce rules across how and where your Azure resources are deployed. Need to only deploy in Australia, no problem, set up a policy that only allows services to be run from Australia.
Azure Blueprints – Setup standard collections of resources, pre-approved by your security and governance functions that allow fast deployment of business solutions.
Azure Monitor – Monitor the health of all the resources you have created and have control over.
Azure Service Health – Monitor the health of all the resources that Microsoft controls.
Azure Advisor – Makes intelligent recommendations covering Availability, Security, Performance, and Cost.

The diagram below shows an example of the types of recommendations that the Azure Advisor can provide:

ALC Training - 3 advisor recommendations

Feel free to reach out anytime with your Azure of Office 365 questions or queries?

Digital transformation is the process of cultural, technological and thought leadership innovation, that is required to ensure businesses remain competitive, relevant and able to survive. Let’s break that down and explain what I mean.

Click on the image below to see ALC’s range of courses that can help with your digital transformation journey:

Cultural Innovation

This means allowing people within a business to develop and grow, by learning in a safe environment. We often call this Failing Fast. This helps to foster a culture within an organisation, that moves away from:

Blame
Mistrust
Finger-pointing

And move towards:

High-Trust
Collaborative
Engaged

You can only innovate when you allow people to take risks. But in concert, you need to provide tools and an environment for continual fast feedback. This includes:

Allowing people to select the tools they want, in order to automate or streamline a job. This requires management buy-in and funding.
Realising, that the customer is the person that consumes your work.
Fostering a culture of open feedback, without retribution, with customers. How am I doing? What could I do better? What keeps you awake at night?

All these concepts and learnings appear again and again in many of the cultural change courses I run:

Click on the picture below to watch an awesome video from our DevOps Foundation course, covering Spotify Engineering Culture:

Technological Innovation

This means adopting the latest technological innovations, to help business leaders learn and act quickly. There are many examples:

Using “Big Data” to provide new insights and gain a competitive advantage.
Using “Cloud Computing” to provide a business model that is more agile, whilst removing the reliance on investing $1000’s in IT infrastructure, licencing and bespoke software development.
Using “Artificial Intelligence” to detect and protect the business from hacking, data loss and service loss.

It’s no surprise that at ALC, we’re focusing on these key technological innovations:

Click on the diagram, below to see an awesome video from the Enterprise Big Data Professional course on why we use Hadoop over SQL when dealing with Big Data:

Thought Leadership

This is the most critical. Leaders are the people in a company that pave the way for new things. Just like in music, they are the avant-garde, breaking new ground, failing fast and leading by example. They are skillful coaches that bring all their people with them on the journey. They lead through:

Trust
Respect
Rewarding everyone.
Being fair, honest and open.

You’ll find these leadership traits are exemplified in the following courses for leaders:

The diagram below shows you the Scaled Agile Framework, of SAFe for short. Click on it and you’ll be taken to the FREE clickable version on their website:

Government

If you have ever worked in a government department or a local council, there are very few examples of these digital successes. Why? I believe many leaders of governments, whether they be the lord mayor of a council or the elected minister, fundamentally do not understand digital disruption. They believe it is a phenomenon that only affects commercial entities and is not relevant to them. And the ones that do try and embrace digital disruption, don’t focus on cultural change, with leaders not leading by example.

Unfortunately, it is extremely relevant. I believe governments will be disrupted, just like every organisation in the world will be disrupted. Charities, councils, regulatory bodies, none of them are immune. In fact, they are the entities that are most at risk of being irrelevant. Why?

Because for every government service, there is are much better ways of delivering, by adopting the key tenants above and embracing digital transformation. This means, if enough people do not see the value in government services, they will protest, they will resist taxes and want to live in a place where the services are incredible.

We’ve seen trailers of this movie before:

Tiamen Square Uprising in China.
The Election of Donald Trump.
Brexit – Where the UK government is effectively the customer and the EU is the supplier.

Click on the diagram to show you how you digitally transform your government organisation using SAFe:

Check out my latest conversation on “Navingating Digital Disruption” on the New York hit show, #AskTheCEO with Avrohom Gottheil:

CISSP vs CISM: Which One Should You Choose?

What is CISSP?

What is CISM?

What’s the Difference Between CISSP and CISM?

Why Choose CISSP?

Pros of CISSP

Why Choose CISM?

Obtaining a Certificate: CISSP vs CISM

Taking the Exam CISSP vs. CISM

Finding the Right Cybersecurity Qualification for You

How Long Does it Take to be CISSP Certified?

CISSP Prerequisites

Who should be CISSP Certified?

What are the Benefits of a CISSP certification?

CISSP Course Timeframe

Do You Need to Renew Your CISSP?

Get CISSP Certified Today

Looking To Up Skill Your Team

ASD scraps Cloud Security Certification Program – Now What?

Cybersecurity in your pocket: The essentials of mobile malware

Where to Start with Digital Transformation?

InfoSec Skilled Workforce Shortfall – Reality?

What is the Office 365 Security & Compliance Centre?

What is a Value Stream?

Governments Could Fall If Digital Transformation is not Successful

What is Microsoft Azure and why should I use it?

Why Governments will be Disrupted?

Cultural Innovation

Technological Innovation

Thought Leadership

Government