CW: IT recruitment: perks to lure staff

As a journalist at Computerworld Australia:

With skilled IT staff levels at their lowest in 35 years, employers are driving to come up with more flexible employment packages to attract employees, according to specialist recruitment agency, Hays Information Technology.

"Because of a shortage of skills in the market, candidates are now able to pick and choose a little bit more effectively as to where they want to go," said Hays' regional director, Peter Noblet.

"Of course they [employers] are in the driving seat - I mean, they're hiring at the end of the day," he said, "but they're having to work increasingly hard to convince candidates to come and work [for the company]."

Employers are adjusting to candidates' demands of a work-life balance and career opportunities, Noblet said.

According to Hays' October to December quarterly forecast of candidate trends, candidates are also seeking employers with company values that are congruent to their own, and that offer training programs and an ability to update their skills.

Noblet suggests that businesses should effectively communicate the employee benefits on offer, along with their long term aims and requirements when recruiting. Potential candidates should be made aware of superannuation policies, maternity and paternity leave and any additional perks, such as lower mortgage rates, he said.

"I'm not suggesting they have to oversell - I'm just suggesting that they ensure that the message comes across," he said. "Very often I would suggest that some companies' hiring managers are not aware of extra things like business perks and extras that are entered into an employee's package."

Meanwhile, job seekers are encouraged to be honest and upfront about their requirements and career goals. And while they should have a good understanding of what their skills are commanding in the market, candidates must keep realistic expectations of the options available to them.

"The majority of candidates maintain realistic expectations when searching for their next role," Noblet said. "However, there is a small percentage who misinterpret the skills shortage as an opportunity to receive inflated salaries.

"It's a two way street, it should be a mutual discussion between an employer and employee, not who's got the upper hand on this."

more

CW: How to get a job at Microsoft

As a journalist at Computerworld Australia:

Microsoft is currently looking to fill 50 positions in Australia, so if you've ever wanted a piece of one of the IT industry's biggest pies, now would be a good time to strike.

Liz Tay speaks with Fiona Hathaway, Recruitment Manager for Microsoft Australia and New Zealand, about the company's arduous recruitment process, and finds out a surprising statistic: one in five candidates interviewed for a position at Microsoft make it into the company.

Who is Microsoft currently looking to hire?

Each one of those 50 roles is different. We've got everything from product managers, to consultants, to presales people, to programmers.

In Australia, there have been 55 positions filled from July this year. We've got pretty aggressive growth targets this year for the business, and so in order to achieve that, we need to bring in particular skills. In particular, our services business, which is where the professional services are and where we implement Microsoft technology into clients, is really growing. So in the technical side, I would see really steady growth in newly created roles for the rest of the financial year.

I would expect by June 30 next year we would have recruited probably about 200 roles. That's what we did last year, and we'll do the same this year.

How does Microsoft go about searching for potential employees?

We do hire some people through head hunters, the rest we source ourselves. This year, to date, the statistic is about 13 percent through an agency and the rest of the hires we do direct.

We have five internal recruiters who do most of the recruitment. When you talk about sourcing candidates directly, obviously there's a variety of different ways you can come across them. We have an employee referral program, where we use the people that work for us to tip us onto the good candidates who are out there in the market. We do a high proportion of internal moves as well, to fill the roles.

We're quite lucky that we've got a strong brand in the market. We advertise on our own Web site, or we do branded ads on some of the job boards - particularly SEEK. We find SEEK gives us a good result. Other than that, we use the employee referral program, and talk to people like you [Computerworld], and try and publicize the role to people out there in the market.

We have a program for hiring graduates, we call it the Microsoft Academy for College hires, and we would take 12 graduates on every year - we did 12 last year, and our target this year is also 12. They can either be undergraduates or MBAs, so we talk to all the MBA schools as well as the major universities.

One of the things that is interesting often to people out there in the market is that we use Australia as a graduate hiring ground internationally. Three times a year, the American staffing team comes over to Australia, and they hire out of Australia to the U.S. They're technical people that they hire, and they're due here again in early January, in Sydney, Melbourne and Auckland.

Is higher education a requirement of all candidates?

We do value higher education, but it's not exclusively your academic qualifications for us. We have lots of people working for us who don't have a degree. I do a lot of marketing to TAFE, so we're not elitist in looking for particular academic qualifications; the experience is very important to us and so we do recruit through a variety of different channels.

What does Microsoft look for in a candidate, and how much industrial experience would someone with no degree need to be a good candidate?

It would be great if they had three to five years - anything less than that, it's a little bit difficult.

The Professional Competencies Microsoft looks to satisfy in hiring technical professional staff include, analytical problem solving, building customer relationships, project management, strategic insight and technology expertise.

What's the recruitment process like?

We're probably quite renown for quite an exhaustive recruitment process. We would typically interview people four or five times, by different interviewers, before they [candidates] get offered the role with us.

We don't really make an apology for that because it's not so much about the technical skills that you have, because we can gauge them quite easily within the first and second interview. It's more actually about are they a fit for the company, and in particular, are they a values match.

So when we interview, we interview against three criteria. The first thing we interview against is the values, and if we don't feel you're a match to the Microsoft culture, whether you're technically capable of doing the job or not, we would not put you forward into the role.

The second thing is the job competency. We do competency-based interviews; they're behavioral-based interviews and we look at things like in a sales role, drive for results; and in a technical role, it might be the consulting ability that they have.

And the final thing is just their technical knowledge, whether they're a consultant, or a .NET programmer, or a product marketing person. That comes kind of third on our list to the top two.

What do the interviews involve?

The interview part [of the recruitment process] would take about four weeks. We make sure that we let [candidates] know if they're at the top of the list for us, and hopefully we can get through the process quick enough that they bear with us.

We would typically do four or five [interviews], and sometimes we'd try and couple, say, two interviews on one day, so they don't have to keep coming back in and seeing us.

They would have an interview with the recruiter, who's on the recruitment team and would gauge the fit and also their technical ability to some degree. Then they would have an interview with the line manager who would be employing them - the hiring manager, as we call them. The hiring manager would do a deeper dive on their technical ability.

By interviews one and two, we've kind of said, 'yes, they can do the job', and we move on from there to make sure that they would fit with the other people that they would have to come across. The latter two interviews would be with people outside of the immediate group that they would be joining, but who they would perhaps need to interact with on an ongoing basis to do their job.

We're very big on cross-group collaboration. So if you were joining us as an engineer, that would generally be joining us within our services organization; we might have you also interview with a sales account manager, who is somebody that you would perhaps need to have a good working relationship with.

What's the fraction of people you end up hiring from the interviews?

I don't measure that statistic, but anecdotally, I could probably tell you that's one in five.

Sometimes what you'll find with us, particularly on the technical, engineering side, we have a constant need throughout the year that develops. So we might interview a pool of candidates for a particular role, where say two or three of them were good enough for us to employ. We may just hire one of them at that point in time, but in three months or in six months, come back to the candidates.

And we tell them, we communicate that clearly, that 'We think you're great and we want to hire you, we just don't have an opening at the moment, so stay in touch with us'. And again because of our brand being quite strong, we're really lucky that we often are able to ask people to do that, because they really want to join Microsoft.

Do you face any issues with recruitment?

We have a couple of major issues. There's a skill shortage for us in some pockets [of the technical side]. If I use a couple of examples on that: it's difficult for us on our Microsoft Business Suite, the dynamics suite, to get people with Exacta experience. There's a global shortage of that.

And just getting people who have the interpersonal skill to be able to consult with clients, and combine that with a good technical base [is another issue]. We recruit quite a lot of presales people, who we would say are technical people, and what we need is for them to understand Microsoft applications and perhaps have good infrastructure experience, but they also need to be really strong interpersonally because we need to be able to put them into clients and have them advise clients. Sometimes it's a challenge, to have that balance.

Again, the [Microsoft] brand is so strong that we never really have roles that are open for six months or anything like that; the average time to fill a role for us is about six weeks, and at the outset it would be 12 weeks. We would really very rarely have roles that are open for much longer than three months.

Besides the obvious prestige associated with the Microsoft brand, what do you feel are the benefits of working at Microsoft?

We actually survey people on this, and three things come out on top. One, the people that work here; you get to work with a really high calibre of individuals. Another thing that comes up consistently for us as a benefit is the constant challenges; we're quite a dynamic business that has a very wide footprint in terms of different products that we have, so it allows employees to move around and constantly challenge themselves with new challenges.

I think we're very competitive in the market in terms of the remuneration and the benefits that we offer. In our remuneration suite, we have obviously the salary part of that. We also have a lot of benefits that we offer - we offer full health insurance, gym membership, we pay broadband fees and all those sorts of things. We also have a very strong stock award program. With Microsoft it's not stock options that you get, you actually get full share ownership, so it's a very real benefit.

I guess also if you're a technical person, if you work with us, you are at the absolute bleeding edge of what technology is doing because we are the innovators in the Microsoft space.

more

CW: Developer shortage stalling Web projects, lines coders' pockets

As a journalist at Computerworld Australia:

A severe shortage of local Web application developers is making it increasingly difficult for companies to hire staff for eBusiness and Web-based projects. Meanwhile, the lucky few with relevant skills are netting in correspondingly healthy salary packages, claims one IT recruitment agency.

PHP, HTML, JavaScript, CSS, AJAX, XML and .NET are prominent among the advertisements littering online job boards of late. A number of large organizations, including Yahoo7 and SBS Television have been advertising job vacancies for a good six weeks and much longer in some cases.

That's a long time for a position to be unfilled, according Allen Russell of Asia-Pacific IT recruitment agency Xpand, which is currently recruiting for Yahoo7.

"There is a definite skill shortage in the whole development landscape and that ranges from PHP right up to .NET technologies," he said. "We're looking at different channels to identify people, but they're all very gainfully employed at the moment, so it makes it difficult when there's not enough supply of candidates to meet the demand our clients are asking us to fill for them."

While Xpand typically fulfills its recruitment contracts within three weeks, Russell said, recent Web development positions, of which the company has received almost 60 in the past quarter, have taken up to eight weeks to fill.

"You're looking at potentially double and beyond the timeframe in being able to identify these people," he said, "and we're just one organization, so you can imagine the enormity of the marketplace if there are potentially 200 IT recruitment businesses in the NSW market alone."

Starving recruiters translates to generous returns for those in demand. For PHP developers, Russell reported average wages of up to $60 per hour through a recruitment agency, and up to $80 per hour from employers directly.

.NET has also been a frequent demand of employers of late, especially with financial services and e-businesses turning to the technology for online transaction systems. But most roles require a range of Web development skills that extend beyond any single technology, he said.

Besides character and personality traits that recommend candidates to a cultural fit in the organization, employers often look for knowledge in "everything from graphics applications - like Flash, Photoshop, Fireworks - to other codes beyond PHP like HTML, XHTML and CSS", Russell said.

more

PCW: IIA offers free anti-virus software

As a journalist at PC World Australia:

The Internet Industry Association (IIA) Monday launched its GetNetSafe scheme, which aims to increase the awareness of online security, and spyware in particular, with Australian Internet users.

The program targets all home users, including families and small businesses, and is being run as a part of the National E-Security Awareness Week that will run through to October 27.

Undetected spyware could track users' behaviour on the Internet, record passwords and other sensitive information, and cost users speed and bandwidth by using infected computers to send out large volumes of spam, the IIA warns.

"Spyware has been around for a long time," said IIA chief executive, Peter Coroneos. "Now, criminals are increasingly using this to commit acts of fraud and identity theft. It is a huge privacy issue."

"There is no doubt that spyware has overtaken spam as the most serious issue facing internet users today", he said. "We are committed to helping users manage that threat by making available advanced software solutions."

To encourage Internet users to start taking measures against malware, the GetNetSafe scheme is making available free trials of anti-spyware, anti-virus and anti-spam software on its Web site. Free trials are delivered via GetNetSafe's sponsors, who include Cleartext, Ironport, Marshal, McAfee, Sophos, Symantec, Trendmicro, and Websense.

As there currently exists no internationally accepted definition of spyware, the IIA has been unable to determine the extent to which Australian Internet users are affected, Coroneos said. However, he said, law enforcement authorities estimate that computers per botnet (network of computers infected by each source) now number in the hundreds of thousands, and there are thousands of botnets on the Internet.

That works out to hundreds if millions of users, a fraction of which are bound to be Australian, he said.

"People need to be very alert to online security issues," Coroneos said. "You should not be on the Internet today without current, updated software tools - that means a reliable firewall, and anti-virus, anti-spam and anti-spyware solutions, which should be updated regularly."

Australia's first National E-Security Awareness Week was launched by Senator Helen Coonan, Minister for Communications, Information Technology and the Arts. A variety of events will be run over the course of this week, including seminars, public forums for seniors, and training sessions for small businesses.

more

CW: EXCOM's ITIL offering to cope with 'sleeping giant'

As a journalist at Computerworld Australia:

EXCOM Education, in conjunction with ITIL experts Contactability, has launched a suite of Information Technology Infrastructure Library (ITIL) training courses to cope with an increasing demand for ITIL certifications in the Australian market.

The demand for ITIL in Australia is following in the footsteps of more mature markets in the U.S. and Europe, according to EXCOM Education's Strategic Alliance Manager, Edmondo Rosini.

"ITIL has been slowly growing in the Australian marketplace - it's almost like a sleeping giant," he said. "Around the world, it [the ITIL market] is a little more established. I believe that ITIL certification is within the top 15 or 20 certifications globally, and I believe it's getting to that level [in Australia] as well."

ITIL is a set of best practices for delivery and support of IT services that is often adopted with the aim of improving service support, service delivery and security.

Rosini expects the new courses to appeal to government organizations as well as businesses hoping to demonstrate their ability to professionally support their customers.

"The target market for our courses is primarily government and organizations that want to put best practices into their IT departments and into their framework," he said.

"Every organization is basically looking at ITIL in a big way. It's not a mandatory thing for private businesses, but it is something that can provide them with a differentiator in the market."

Three different courses will be offered on a regular basis, beginning early November. A half-day Executive Overview will deliver a best practices summary in seminar style to high level executives, while a full-day Introduction to ITIL course has been designed for organizations looking to give their front-end staff an overview on what ITIL is all about. Also offered is a three-day Foundation Certificate course that will cover the nuts and bolts of ITIL, and conclude with an EXIN-authorized certification exam.

Course schedules and pricing is available from EXCOM's Web site.

more

ARN: Anthology closure nears completion

As a journalist at Australian Reseller News:

Yellow Machine vendor, Anthology Solutions, may have closed its Sydney operation more than a month ago, but final stages of the closure have yet to be completed.

Former country manager, John Robinson, was unable to comment on the proceedings. However, he said that the company's sudden departure from the storage industry had not been problematic so far. The company's website now automatically redirects to its discussion board, where a "reasonable amount of communication on technical matters" is still held, he said.

Existing customers are also being supported by its distributors, Tecksel, BMS Technology and J Mills Distribution, who previously indicated they would honour the 12-month warranty on sold units.

Based on his experience with the hardware, Robinson was confident the demand for product support would be negligible. The only problem consumers have historically encountered is with the machines' Seagate-manufactured hard drives, which are covered by the manufacturer's usual five-year warranty, he said.

Distributors have only a small amount, if any, of Yellow Machine's inventory left, he said.

Robinson, who before joining Anthology Solutions has previously served as country manager of AMD, expressed a desire to remain in the storage industry.

"I'm looking at my options at this stage, with a number of storage vendors," he said. "I'd like to stay in storage."

more

PCW: IceTV: You can't stop technology

As a journalist at PC World Australia:

Despite an ongoing legal battle with Channel 9 and its parent company, Publishing and Broadcasting Limited (PBL), digital media company IceTV continues to expand. The company, this week, announced a partnership with German product manufacturer Elgato Systems that will bring its Electronic Program Guide (EPG) to Macs.

The partnership is only one of many moves IceTV has planned for the future. According to corporate director and controlling shareholder Colin O'Brien, IceTV will be providing downloadable content, negotiating off-peak download deals with ISPs and developing better advertising schemes - all within the next 12 months.

"These [Digital TV] devices are becoming common overseas," O'Brien said, naming TiVO as an example, which he said has 4.5 million subscribers and a 15 percent penetration of the U.S. O'Brien could not reveal IceTV's subscription figures, but said it has a growth rate of 18 percent per month.

O'Brien blamed Australia's slow adoption of digital TV technology on commercial TV channels, which are likely to face difficulties as technology renders current business models obsolete.

IceTV's EPG service, when used in conjunction with the appropriate digital recorder, allows users to record TV programs up to seven days in advance, and watch them at any time. This undermines primetime TV's competitive strategy of programming leading TV shows at the same time as other popular programs on different channels.

It is this feature of IceTV which has brought it under fire from Channel 9, which is currently suing the company for breach of copyright in the Federal Court.

To add further salt to the wounds of commercial TV operators, digital recording devices also allow users to fast-forward through advertisements in 30-second increments, undermining the advertising revenue-based models of commercial TV channels.

However, while O'Brien is not opposed to the concept of letting consumers decide on whether or not they want to watch an advertisement, he said that removing advertisements was never IceTV's intention, but is an inbuilt function of digital recording hardware.

But, he said, going into the future, it's just something that commercial TV channels will have to deal with.

"At the end of the day, commercial TV channels will just have to change the way they handle their business models, to cope with the advent of new technology," he said.

"Even in the worst case, if they [PBL] beat us, what are they going to do? Deny every Australian of digital TV?"

"It'd be like Australia Post suing Microsoft for inventing the email," he said.

more

CW: The dirt on Web bugs

As a journalist at Computerworld Australia:

It's common practice. A message arrives in your inbox. You read it, realize that it may interest a friend, and pass it on accordingly. But be warned -- that simple, seemingly innocuous push of the forward button could be sending out more information than you think.

Email tracking services have recently surfaced as one of the dubious methods employed by Hewlett-Packard in its boardroom leak investigations. At a congressional hearing on September 28, HP Security Investigator Fred Adler revealed that the company had enlisted the services of Central Coast (NSW) start-up ReadNotify in the hopes of discovering electronic tracks leading from CNet journalist Dawn Kawamoto to her confidential source.

ReadNotify's tracking service is designed to allow email senders to track the path a message takes. The service is based on a similar technology to Web bugs, which are commonly used by marketers and advertisers to track hits on a Web site.

However, while Web bugs are now blocked by most email clients and anti-spam programs, ReadNotify's email tracking service boasts up to 36 different simultaneous tracking techniques, and often goes undetected.

The simplest of these tracking methods involves the inclusion of an image that is also linked to a Web server. When the email is opened, the recipient's computer looks up the image, and in so doing, sends information to the Web server. Senders may choose to use a transparent image so as to not alert the recipient of the tracking device; in such cases, it is very difficult to tell if an email has been sent through ReadNotify, unless the recipient's email client notices a ReadNotify header tag that reads "X-RN".

As the company does not, as a rule, monitor who its users are and what they do, ReadNotify Chief Technical Officer Chris Drake could not confirm details of its role in the HP scandal. However, he speculates that HP is likely to have used ReadNotify's document tracking service, which tracks a Microsoft Word or Adobe Acrobat document regardless of the medium through which it is sent.

It is much harder to tell if a document is being tracked by ReadNotify, Drake said, as it is sent directly from the user's computer and hence will not necessarily display the "X-RN" header. Furthermore, while ReadNotify provides an opt-out service for people who do not want to receive its tracked emails, it does not have any such provision for tracked documents.

However, the company maintains that it operates well within the bounds of the law. While it has received a number of opt-out requests, Drake said that ReadNotify has not yet received a single complaint concerning privacy violation.

"I don't like the word 'bug' because it's a little bit iffy -- bugging is something that you normally do in illegal situations," he said. "We're not doing anything naughty or illegal."

Drake argues that email tracking is a legitimate method of monitoring a copyrighted document, since the Australian Copyright Act, as well as copyright laws in many other countries, grants legal ownership to the author of a document, including emails. Owners of intellectual property should have the right to know what people do with it, he said.

"The law's exactly the same for copyrighted email as music and movies," he said. "Technically, if you forward an email, you've violated the author's copyright."

Still, the clandestine nature of Web bugs raises issues about whether email, document or Web site authors should have the right to secretly track the activities of individuals.

And it doesn't help that privacy laws are often vague on the subject.

"It's [Privacy is] just such a gray area of the law," said Irene Graham, Executive Director, online civil liberties organization Electronic Frontiers Australia (EFA). "EFA's been complaining about this sort of thing in every submission we've put in on privacy amendments and stuff for years, because we think things like web bugs are a serious concern, and there should be laws surrounding their use, or just make them illegal."

The Australian Privacy Act stipulates that it is illegal for an organization to be collecting personal information that is not necessary for one of its functions or activities. Determining the legitimacy of information collection is a task that lies solely with the Privacy Commissioner, who typically assesses complaints on a case by case basis.

According to the Office of the Privacy Commissioner, organizations that collect personal information must comply with the National Privacy Principles contained in the Privacy Act, which include the responsible use of information, keeping the information secure, and providing individuals access to their personal information.

"The Privacy Act makes provision for the operation of other laws and interests, for example by exceptions that permit the collection, use or disclosure of personal information where this is required or authorized by another law," said a spokesperson for the Office of the Privacy Commissioner.

"However," she added, "in most cases, Privacy Act obligations, for example requiring organizations to make sure people are aware personal information is being collected and for what purpose, still apply."

But the EFA is dissatisfied.

"The problem is that, for example, that a company that uses this information for their marketing or profiling purposes could claim that this is a necessary function," Graham said. "But is it necessary? I would argue no!"

"I fear that depending on the circumstances, under the current law, the privacy commissioner may well find that businesses may have the right to do that [obtain personal information no good reason]."

more

CW: Schoolgirls challenge IT stereotype

As a journalist at Computerworld Australia:

The thought of robot programming typically conjures images of socially inept mathematical geniuses wearing coke-bottle glasses and pasty, CRT-tanned complexions. But one time, at IT camp, a 28-girl army shattered the traditional geek stereotype for good.

IBM's heritage-listed Innovation Centre was last week invaded by the brightly coloured ribbons, feathers and balloons of secondary schoolgirls from Sydney's western suburbs. Shrieks of excitement filled the otherwise serene building as the girls' dancing robot battalion took on Michael Jackson's "Billy Jean".

It was one of many scenes from the company-organised Exploring Interests in IT and Engineering (EXITE) camp, which was run in 50 locations worldwide this year. Three week-long camps were held in Australia from August to September; on the Gold Coast, in Ballarat, and in Sydney.

Through activities such as robot programming, digital music-making, and hands-on mechanical engineering, the camps aimed to inspire girls in considering IT-related careers. Camps were lead by young female IBM employees like 26-year-old IT consultant Saloni Jirathaneswongse, who was enthusiastic about sharing her passion and world of opportunities with the girls.

"A lot of these girls are from schools with career counsellors who are from an older generation to us, and most often have got stereotypes that women should go into careers like teaching and nursing," she said.

"I think it's really important that this mentoring program [which is a part of EXITE] opens their eyes to other careers and opportunities, because they don't get that awareness from their backgrounds."

Jirathaneswongse was a camp facilitator at the Sydney camp, and mentors two girls as part of the follow-up mentoring program that EXITE will continue to facilitate over the rest of this year. The mentoring program will be conducted predominantly via one-on-one message boards on which mentors discuss technology-related topics, and girls have the opportunity to ask questions to do with their careers and further education.

"One of the questions they would ask me is 'How did you get where you are?'," Jirathaneswongse said, "and I'd respond by saying, 'By setting goals for myself; setting small goals for the near future and setting some longer-term goals and reassessing the goals every six months.'"

Jirathaneswongse attributes her initial interest in engineering to her Thai background.

"Coming from a developing nation, you see lots of need for things," she said. "In being an engineer, you've got lots of skills to help developing nations and I guess that was my initial desire to become an engineer."

EXITE Sydney camp leader Alison de Kleuver, who manages IBM's Australia and New Zealand Sales Operations, found that a similar ideal captivated the interest of Sydney EXITE participants.

"Girls at this age are quite idealistic," she said. "They come out of this [the mechanical engineering activity] saying, 'Wow, if I'm an engineer I could change the world!'"

But inspiration is only one of many ingredients for successfully pursuing a career in IT, de Kleuver noted. EXITE aims also to nurture the girls' interest in IT by building confidence in their own abilities and providing a peer support network.

In the end, it all boils down to flushing out outdated stereotypes, because despite common beliefs, IT can offer an exciting and promising future to both men and women.

"There is no in-a-box description of a woman in IT," de Kleuver said. "We all feel that we're in an industry that's treated us very well, and we don't want girls to be making uninformed decisions."

more

CW: COBIT course addresses regulatory compliance

As a journalist at Computerworld Australia:

IT Management trainer Pink Elephant has announced the Australian launch of a new course designed to help organizations meet their regulatory compliance obligations.

The three-day, instructor-led COBIT Foundations course will be run from November 20-22 in Melbourne and November 28-30 in Sydney, this year.

COBIT (Control Objectives for Information and related Technology) is a set of best practices to do with managing the control requirements, technical issues and business risks of IT.

While the course will be particularly relevant to organizations that need to comply with the U.S. Sarbanes-Oxley (SOX) legislations, COBIT is a framework that "is relevant to any organization with a large IT investment", according to Pink Elephant President David Ratcliffe.

"Because IT governance has become a hot topic around the world in the last one to two years, we believe that COBIT will be of interest to organisations based in any country," Ratcliffe said.

Pink Elephant's COBIT Foundations course covers information on COBIT and how it can improve IT operations and support IT governance issues, levels of security and control necessary to protect a company's assets, and information on how COBIT is used as an umbrella framework and integrator for other standards and best practices.

At the end of the class, attendees will sit a COBIT Foundations examination administered by the Information Systems Audit and Control Association, which in 1992 created the framework, along with the IT Governance Institute.

Interested parties can to view the course syllabus and register at Pink Elephant's Web site.

more

CW: PayPal heads across the ditch

As a journalist at Computerworld Australia:

PayPal has finally reached across the Tasman to bridge the online trading space between Australia and our Kiwi neighbours. The New Zealand Dollar (NZD) was among ten new currencies added to the PayPal currency mix today.

New Zealanders who have previously had to incur foreign exchange costs when conducting e-business through PayPal can now transact with greater efficiency on the domestic front as well as internationally. The added convenience is expected to encourage and develop e-commerce in New Zealand.

"I think it's a very positive thing from a cross-border point of view between Australia and New Zealand," said Andrew Pipolo, Managing Director of PayPal Australia.

"New Zealand is a very sophisticated market and e-commerce is quite vibrant there," he said. "For Australian e-businesses, [the NZD addition] is a really good thing, because buyers and sellers will be able determine which currency they prefer to trade in, and I think that's just going to make it a lot easier, and a lot more efficient, for both markets to be able to trade."

PayPal has been expanding its currency mix in accordance with eBay's footprints, Pipolo explained. The ten new currencies that were added today were chosen on the basis of the volume of online business transactions and feedback from buyers and sellers.

The service will now allow its 114 million worldwide accounts to access funds in the New Zealand Dollar, Czech Koruna, Danish Krone, Hong Kong Dollar, Hungarian Forint, Norwegian Krone, Polish Zlotys, Singapore Dollar, Swedish Krona and Swiss Franc.

These ten new additions join an existing seven: US Dollars, Australian Dollars, Euros, Pounds Sterling, Canadian Dollars, Japanese Yen and Chinese RMB.

The Australian Dollar was introduced into PayPal's currency mix in January 2005, due to the popularity of eBay trade in Australia.

"eBay was very strong in Australia, so our priority was to launch in Australia with the Australian dollar and localized site," Pipolo said.

"Obviously there is strong cross-Tasman trade, so our next opportunity was to launch the New Zealand dollar. It was really just a matter of time; it's not a trivial exercise to launch a new currency in the market."

more

ARN: Alloy and engin roadshow tackles VoIP

As a journalist at Australian Reseller News:

A new road show is offering resellers an opportunity to learn about the hardware and services aspects of VoIP.

VoIP Solutions Systems for SMBs will travel the East Coast from October 31 to November 14. The events will be co-hosted by networking and communications equipment distributor and manufacturer, Alloy Computer Products, and broadband phone service provider, engin.

Presentations will cover system trends, implementing infrastructure, underlying technology and opportunities for reseller revenue streams.

The two companies have been collaborating on road show presentations at 3-4 month intervals since March, according to Alloy marketing director, Karl Baker.

"Our objective is to educate our existing resellers with a more hands-on approach and attract additional interested resellers," engin marketing operations manager, Naomi England, said.

Baker said IP phones and PBX devices offered higher margins than traditional hardware like PCs and printers. Furthermore, these devices typically required specific technical expertise to implement and maintain.

"VoIP is a rapidly expanding market and, when it achieves mass penetration, it will be an area no reseller in the IT or telecommunications industry will be able to ignore," he said.

Despite the size of the market opportunity, he claimed a lot of integrators with basic data networking skills still lacked a strong background in VoIP technology.

more

PCW: iiNet sells subsidiary for $36m

As a journalist at PC World Australia:

Australian internet service provider iiNet yesterday announced the sale of its New Zealand subsidiary, ihug, to telecommunications giant Vodafone New Zealand for NZ$41 million (AU$36 million).

The sale comes after iiNet's July announcement of its intention to sell the New Zealand business due to changes in the New Zealand regulatory environment in May, and then unsolicited offers to purchase the business.

Sale proceeds would allow the company to focus on Australian operations and reduce its debt, said iiNet MD Michael Malone.

New Zealand startup ihug was purchased by iiNet in September 2003 for a total consideration of $30.1 million in cash and $41.5 million in shares. The acquisition would to improve iiNet's earnings per share and enhance ihug's Australian operations, said iiNet Chairman, Peter Harley, in an ihug press release at the time of purchase.

iiNet, which reported a net profit after tax of $5.2 million in September 2003, has now reported debts of $62.6 million in its latest ASX report.

more

PCW: Norton 2007 products launched in Australia

As a journalist at PC World Australia:

Symantec this week launched the 2007 versions of its security products, Norton AntiVirus and Norton Internet Security in Australia. The updated editions are expected to provide consumers with improved security technology and product performance.

Highlights of Norton AntiVirus 2007 include enhanced kernel level rootkit protection and the background scanning feature, which minimises the hard drive's load while virus scanning and allows the user to perform other tasks.

In addition, Norton AntiVirus 2007 will have a so-called "zero-hour protection" capability that will be updated whenever a vulnerability is identified for the Windows desktop, and provide temporary exploit protection until a patch is released.

Norton Internet Security 2007 includes everything in Norton AntiVirus, plus a firewall and a new product, Norton Confidential, which provides anti-phishing protection by verifying the legitimacy of Web sites and blocking consumers from visiting known or suspected phishing sites.

A Symantec product performance review found that Norton Internet Security 2007 scans up to 35 per cent faster and boots up to 10 per cent faster than its predecessor, Norton Internet Security 2006.

Both 2007 versions are compatible with Internet Explorer 6 or later. No details on browser support for Mozilla Firefox or Apple Computer's Safari have yet been released.

The programs have been designed to run on Windows XP Home or Professional, with a free upgrade for added Windows Vista support when it ships.

Norton AntiVirus 2007 retails at $59.95. Norton Internet Security 2007 costs $99.95.

(Ellen Messemer contributed to this story.)

more

ARN: CDCS seeks resellers for HSDPA routers

As a journalist at Australian Reseller News:

Sydney-based mobile vendor, Call Direct Cellular Solutions (CDCS), has launched a series of HSDPA routers based on its successful CDM823seu EvDO platform. The company is now on the lookout for additional resellers to tackle its expanding line of products.

Managing director, Barry Mitchell, said it had previously distributed its products through a nationwide internal reseller channel of about 30 resellers and integrators with associations in the mobile phone industry. Existing key partners include Telstra, United KG, Superior Scarda, and Control Wave.

Mitchell said CDCS products were most in demand as temporary or backup communication paths, and in remote areas where there is no broadband coverage.

"The integrators who work in remote applications will benefit the most, as well as people working with backup systems," he said.

The new HSDPA router series will cover all of Australia's HSDPA frequencies of 850/2100MHz. The series includes the 1.8M 2100MHz CDM821seu, the 1.8M 850MHz CDM885 and the 3.6Mbps Tri Band HSDPA CDM882, which will operate on EDGE, GPRS and standard GSM on 800/1800/1900MHz.

Telephone-based product support is provided by the vendor directly.

The product launch coincides with news that telecommunication giants such as Telstra, Vodafone, Optus and 3 intend to switch to HSDPA over the next few months.

more

PCW: The CAT-5 empire as Ethernet makes it in the live music scene

As a journalist at PC World Australia:

The humble blue Ethernet wiring could be the solution to the cost and complexity of cables in the live music scene, thanks to researchers from the Digital Audio Networking project at National ICT Australia (NICTA).

In the traditional live sound system, point-to-point copper cables run between a mixing desk and individual sound sources. Typical set ups involve multiple sources, such as guitars, percussion and vocals, and hence require what could very easily become a mess of copper cables.

And there is also the issue of "noise" caused by the degradation of an analog audio signal in copper. As such, cables are usually grouped in heavily shielded audio snakes, which can cost around $100 per metre.

"Copper is bulky, cumbersome and fragile," said John Judge, NICTA's senior research engineer on the project. "It's all very last century."

NICTA's design sidesteps the need for multiple cables and shielding by transporting audio signals between sound sources and the mixing desk in digital form. Audio signals are passed through analog to digital converters at the source, which convert audio samples into byte form that may be sent as network packets through a standard CAT-5 cable.

At the mixing desk, digital signals are converted back to analog form via digital to analog converters. In the future, however, researchers expect the technology to allow sounds to be mixed on a computer, thus eliminating the need for a second conversion, and further reducing costs.

Audio to digital converters have been around for some time, Judge explained, citing the microphone input of a computer's sound card as an example. So, for NICTA engineers, it was all simply a matter of utilizing existing convertors and creating the technology to interface with standard computer networks.

Besides the interface boxes that were designed as converters, all other components of the system are off-the-shelf networking hardware. As each source may be treated as a node on the network, a single Ethernet cable is able to deliver multitracked, uncompressed data to the mixing desk.

The most challenging problem the engineers had to face was network latency: slight delays in converting audio streams from analog to digital and back could put the sounds out of synchronisation with the live performance. It took two years of research for a method of getting the delay below a two-millisecond threshold to be invented.

So how did researchers overcome the delay? "We were creative," Judge said, cryptically.

The technology will soon be commercialised by a spin-off company named Audinate. So far, Judge said, "a range of companies across the professional audio spectrum" have expressed interest in the technology.

more

CW: Web site optimization study to boost Australian eBusiness

As a journalist at Computerworld Australia:

A study into how Australian organizations measure, report and optimize their Web sites aims to investigate methods by which e-businesses can be improved. The Australian Web Analytics Survey 2006 is currently being conducted by Sydney-based online analytics consulting firm, Hurol Inan & Associates.

Australia is rapidly falling behind in the online channel, according to director and consultant Hurol Inan, and its nonperformance is due to a lack in understanding and adoption of tools and techniques to measure and maximize online performance.

Business Web sites are often regarded as software; once built, left largely unchanged until the subsequent overhaul, Inan said. But, he said, this approach is wrong.

"Web sites should always be in beta release and need continual improvement and optimization to get maximum benefits," he explained.

Web site optimization may be facilitated by Web analytics, which measure online performance by recording usage activities and studying user behaviour on a Web site. By measuring online performance, Inan believes that Web analytics allow businesses to gain insights into customer needs and highlight avenues by which a website may be improved.

"Web analytics is, in a way, 'the collective wisdom or verdict of the crowds' for the online performance of a website," he said, adding, "You can't manage what you can't measure!"

The study will be initially conducted through an online questionnaire, from which a group of respondents will be selected and interviewed one-on-one. Following the interviews, Hurol Inan will seek commentary on the results from industry leaders. Findings will be presented in a report to be published later this year.

more

CW: Talking information security with business managers

As a journalist at Computerworld Australia:

Convincing business executives to address information security issues can be a nightmare for some IT managers. Liz Tay speaks with management consultant Jed Simms, executive chairman of Capability Management, about communicating security risks in a business-savvy manner.

What are the security issues companies face?

We've got a barrage of issues. They [CEOs] have a mindset that just doesn't think about some types of risks. They can't conceive of people whose life is malicious hacking of networks, because it's not something they would ever do.

I used to be head of strategy for a bank, and was amazed when I learned that occasionally, a controller of ATMs (automatic teller machines) would go down so a group of ATMs would be disconnected from the mainframe and allow people to take some money out. People would find that out within half an hour and whole gangs of people would go with stolen cards and take money out. It's something that I'd never conceive of, that that sort of thing can happen.

I use that as an illustration that we need to educate senior management that there is this new world out there, and you can't just frighten [hackers] off using bits of hardware and equipment. And that's why this is a business issue.

Then you're talking about what degrees of freedom we're going to allow our people to have, and where we have to draw the boundaries, and we may have to redraw those, because sometimes we can draw them better.

In the case of one large organization, it had a lot of security to stop people from getting in with either illegal or unequipped devices, but once you're in, you could go virtually anywhere within the network. The company had a lot of outsource suppliers connected to the network, and because of security, it had to provide all the gear for them. But when we [implemented a system] where some areas are public, and some restricted, we had this far more gated network which actually led to the outsourced people coming with their own equipment, because they only had access to this little bit here.

So we reduced the cost for the company that was providing the network and actually increased its security by having a different way for it of doing business and how security and risk management were actually impeding how they make money.

What are the risks businesses face?

Through the whole transmission and management of information and the security of data access and transfer. You have people who may maliciously or inadvertently [infect the network]. One example is of a client's problems with people who were patching its PC or laptops. One woman connected to the network four PCs with essential patches the IT people didn't know about, and that's where a virus got into the whole company.

These people think they're saving a few thousand dollars by not using the official PCs, but cost the organization hundreds of thousands of dollars as a result. It's that risk awareness that is one of the hardest things to get organizations to understand.

Everyone talks risks, but they often talk about it in different ways - in terms of access and desktop management and all these other things - without really spelling out what the risk level is, and therefore what they need to do, or not do, to preserve the integrity of the network.

Do employees pose a great risk to an organization's data security?

We've done several surveys [on how disgruntled employees can compromise a company's security]. They come up with a whole range of avenues that they know are backdoor keys to certain databases.

There are mechanisms whereby you can sidestep the firewall, which may be put in for quite valid business reasons at the time, but of course companies don't look at what happens if someone leaves with that knowledge, and especially if they leave with bad feelings. That can create a real risk in the market.

There is a story about the Walker brothers who sold secrets to the Russians. They were in court because one of their ex-wives dobbed them in. [Laughs] so there's someone who had left and decided to get her revenge.

It's understanding that the risk may not be there today, but are you building it in for tomorrow.

How do you mitigate risks associated with people?

By making people aware of risks as a culture. One of the things we teach organizations is boundary control. You have to say, "These are the boundaries within which we can operate. This is where we draw the line, and if you do something that's dishonest, I don't care who you are, where you are, or whatever reason - you're out."

The management has to live it and breathe it.

What are, and how do you mitigate risks associated with hardware?

One of our clients was putting in place a highly duplicated network because it couldn't afford to let the systems to go down. I was a consultant in another organization that was reviewing this, and found an unsecured box outside the building [through which all networking cables ran]. I said, "There they are. Trap that box and you've just put the whole centre off air completely."

This is actually quite common, because people get a map in their minds of what they're trying to achieve and they miss the obvious.

Within the data centre, I remember a computer room which had one of these keypads to get in with a security key. And they'd written the code on the top, because they couldn't be bothered to remember it! [Laughs]

What are the top five security mistakes organizations make?

Firstly, underestimating the change in risks over the last five to 10 years. With the Internet came a whole new world, and while people say, at the back of their minds, "Yes, we know that", they're not actually doing a great deal about it.

The second aspect is that risk isn't high enough in the mental model of organizations. They're not thinking, and they're not building it into their culture. In a bank, you're more likely to find that credit risk is a much higher priority than information risk.

Third is probably that they haven't defined the law, they haven't defined boundaries. Organizations need to make sure they are looking at the whole picture, and address it as a business project, and say "How does this change how we do our business", and stop thinking about risks as this thing on the side.

Fourth are things like identity management. They're the classic, where in most organizations, most people have five, six, seven identities to log in to different systems. And it's been shown that where that happens, there's far more penetration into the business because when someone leaves, you might get [remove] six out of those seven, but you may not know they had access to that seventh system.

Technology has recently caught up where you can have a single login for multiple systems, but management doesn't see the value in that. That's because the IT people are looking at it as an IT identity management issue, rather than an operational issue, like "How do we secure and also make it easier for our staff to use what they have to, and also better control what they have access to."

IT people are also part of the problem in that they often think too narrowly about the technology they try to put in rather than the implication and benefits they're actually bringing to the organization.
---PB---
Is there a big difference in the perspectives of IT people and management?

Oh god yeah. [Laughs] One of the questions we often ask CIOs is, "How many people in the IT department could give a presentation on what the company is about, how it makes its money, who its customers are, who its competitors are, what are the greatest challenges, where it's going" - and the answer is never more than 5 percent.

How can you design systems for a company you don't understand? So a large part of what our [consultancy] business does is take what the IT people try to do, and then convert it into business terms: "What we're really doing is changing the way we can interact with our vendor," or "changing the way our customers can get to their information".

And that is something business management can understand, can prioritize - and then you start seeing some action. But if you just come in and say "I want to put in a single identity management system, and it's going to cost $4 million," they won't see the value.

To some extent, if they [IT people] are technology-based, they can often get caught in old thinking, for instance when a technology question, like single identity management, comes up they say, "Yeah, that's a good thing", instead of developing a business outcome so they can explain it to business executives. Because that's what IT is there for; it's there for the business.

more

CW: Brisbane start-up to unleash the potential of service-centric eCommerce

As a journalist at Computerworld Australia:

The e-commerce industry is changing to increasingly incorporate the online sale of services and one Brisbane start-up is not about to let this business opportunity pass it by.

"E-commerce is moving from being product-centric to service-centric," said osCommRes CEO Damian Hickey. "With things like travel, hotels and car hire, people are now trusting the Internet as a place to order services."

Since its inception in 2003, osCommRes has been developing its self-titled, open source eCommerce software package that manages bookings, ticketing, subscriptions and marketing for businesses selling services. The software is available under a GPL licence and can be freely downloaded from the company's Web site.

The product is aimed at small and medium businesses that may not have the resources to have their e-commerce systems custom-made. Hickey said tennis courts, yoga classes, music schools, and food and beverage venues are potential users of the software.

"The service industries make up 70 percent of western economies, and only a small proportion of these are on the Internet at the moment," Hickey said. "Service-based e-commerce is an area that's going to explode. Over the next two years, there is a market potential of literally billions of dollars."

In addition to its open source software, osCommRes will launch an on-demand service that includes Web hosting and an integrated payment service. The additional service aims to further simplify e-commerce for small and medium businesses.

"Although it's possible for businesses to set up and host their own sites, there are a lot of ancillary functions - merchant facilities, security, software updates, integration - it's a complicated process," Hickey said. "It's time consuming and a bit annoying, and we [osCommRes] just take the pain out of all that."

osCommRes's on-demand services will operate on commission basis.

more