When was the last time you had a chance to properly work on your IT recruitment strategy? Summer brings with it a slowdown in activity for most businesses. Employees, clients and external partners out on vacation; ongoing projects are momentarily put on hold. But good news: you will finally have some time to reflect on how things are going and update your route map.
One of the key steps in this process is conducting a thorough review of your department’s talent strategy. Here are some tips on how to best anticipate your personnel needs and build a solid IT talent pipeline for the months ahead.
Take inventory of your team and outline IT recruitment needs
Firstly, where are your projects in relation to the objectives set? What skills are missing from your team? What specialists can you foresee you will need for the coming months? Take the time to chat with your staff and other department managers, then define your ideal team and the profiles to target based on your available budget.
Talking with individual team members will also provide you with more insight into their personal and professional needs and goals. Another friendly reminder: ensuring that your existing employees are comfortable and have enough room for development is as important as incorporating new talent.
Evaluate potential IT recruitment strategy partners
Summer can also be a good time to prospect recruitment partners and review existing ones for your IT recruitment strategy. It is also important that you take the time to do a deep analysis and avoid making choices in a rush. Choosing the right IT recruiting partner is crucial in today’s ultra-competitive talent market.
When meeting with potential recruiters, make
sure you touch on all the technical specifications of your projects and provide
as much information on your business as possible. Although a good recruiter
will have a good base understanding of your industry and needs, the better you
communicate, the more productive your relationship will be.
Think also of the kind of professional that
you need. If you are looking for mainly freelance technical profiles, for
example, you are better off orienting yourself towards a specialized player who
knows well the talent market you are targeting.
Take advantage of a less competitive
talent market
Okay: many candidates are on vacation. But
recruiters too! This means fewer companies competing for top talent.
Moreover, it is a good idea to start your search in the months of July-August, especially if you are looking for rare or “short-term” profiles. These positions tend to be fewer in number and will require more time.
In the case of freelancers, many independent
consultants are looking for assignments to start with the school year (or even
before) and are likely to be in active search during the Summer months.
Plan your onboardings before for the
start of the school year
In addition, keep in mind that things quickly pick up the pace at the end of the Summer. The September rush will probably not give you much time to prepare the reception of future members of your team. Therefore, take advantage of this in-between period to review your onboarding process as a whole and outline a cohesive standard procedure.
Whether they are permanent or temporary employees, new recruits must be properly introduced to the company and integrated into the team. Do not neglect the transmission of information and the provision of all the necessary equipment, tools and resources.
Dr. ir Johannes Drooghaag; CEO of Spearhead Management and founder of Internet Safety for Kids; recently sat down with us to talk about the real human element behind cyber attacks. His work helping educate children and parents about cybersecurity.
How did your career in tech start? What do you do these days?
My career started in applied information technology and I my interest was first in the technical part of that. But I lost interest when I noticed that technology keeps rotating and innovating and reinventing itself so fast that it’s very difficult to keep up. And I started to get very interested in how can we build bridges; with the people using the technology and how they can they keep up with this enormous pace of technology.
That was more than 30 years ago and, since then, the pace has only increased. But we have not really done a lot to improve how we educate people with technology. So that became my mission. I focus mainly on the human element of technology, and I do that in the field of cybersecurity, of agile management, for digital transformation. We say it is all customer-focused, which in most cases is true. But, in many cases, we forget the people within the organisation who have to work with all that technology.
How do you advocate for this human-centred approach to technology?
I founded a company called Spearhead Management, in which we literally take, first of all, the people. We start with education and coaching, and we do that based on an approach that we could call a gap analysis. Where are we today? Where do we want to be tomorrow? And yes, there will be technology involved. But how can we enable and empower the people in the organisation to make that happen and to become part of that innovation and that digital transformation. And we do that through training. We do that through consulting, through coaching.
I also use my voice on social media. I started to actively use social media three years ago. I’ve been growing fortunately very fast in the last three years. I use that a lot to point out what the human element behind cyber attacks is. What has gone very well? What has gone not so well? And what has gone really, really bad?
And one of the things I do with my team is that, once a year, we publish a report called The Human Element in Cyber Security, and I do podcasts and keynotes around it under the title “The Human Elements in Cyber Security: And It’s Not What You Think.”
Why is it not what we think?
Because when we look at the IT community, there’s a lot of focus on the user error. So you might get the impression that the user is responsible for all cyber incidents. And when we look at the media, we get all the information about the bad fenders, about the vulnerabilities, about how somebody was hacked and everything went wrong.
But when we look at the technical information about these cyber breaches, we see that more than the human element caused 80% of them in the configuration and the management of technology, so the technical responsibility behind that technology. Now we should not take that and do the same thing by saying, the IT experts are to blame because that’s not fair nor correct.
A lot of that is leadership decisions. We know in a corporation nothing happens without approval and budget. So, the IT guy can sit there and say “I have to update those machines, I have to replace that software because it’s EOL”. But when that person doesn’t get approval and doesn’t get the budget. I assume they’re not going to pay that out of their own pocket, right?
So the human element is a lot more than just the actual making failures. The majority of that is leadership. The majority of that is completely failed risk management. If we don’t change the way we manage and lead, we will continue to have these issues.
What would be a textbook example of leadership failure impacting cybersecurity?
There is this beautiful case of the colonial pipeline, a very high-profile case that was recently all over the media. It started with all kinds of theories about what would have been the case. And this theory immediately emerged that people were claiming that a user had opened an attachment. Other people claimed that there had been a case of social engineering through which all kinds of other theories popped up. Things popped up and they were all over the media and social media.
But then the actual experts analysed it. They found that a VPN account, which lacked basic security measures and was not in use for a very long time got compromised. Some one shared that compromised account, including the ID and password, on dark web forums. And used that account for the initial breach of the network and through that they were able to escalate.
Now there’s one thing that we have to keep in mind. There’s an FBI director who made a very interesting statement. There are two types of companies. The companies who have had their network breached by malicious actors. And the companies who do not know that their network has been breached by malicious actors. And that’s the reality that we have to assume at the moment. That we are compromised and that we must implement all potential and available countermeasures based on that assumption.
The colonial pipeline case shows us two things we should focus on. Firstly, abandoned technology. That VPN connection that we are not monitoring, not taking care of and that hasn’t been used for a long, long time: it is still open and available. Secondly, the almost mandatory segregation of network access and segmentation of the network itself to make sure that you cannot simply hop from one privilege to the next one. All that was not available. Your active monitoring, through which you keep an eye on what happens in your network. If, after five years, you suddenly see a VPN connection pop up, you should react to that. Never happened.
For me, that is a schoolbook example of knowing what should be done and not doing that. An example of having all kinds of interpretations that are not factual at the beginning of the incident and, as soon as the actual analysis is publicly known, is once again the basic step.
And that is what we see in the majority of our research as the real human element behind cyber attacks. When we follow the three basic elements of cybersecurity (patch management, access management, segmentation and segregation), we can prevent more than 90% of all cyber incidents.
You are the founder of Internet Safety for Kids. Can you tell us a bit about this initiative?
We create videos and content to enable parents and children to use the Internet in a secure and responsible manner. We do that with videos and cartoons. The kids love it. We get wonderful feedback, and the most interesting part is that parents write us to tell us that they’re learning from the videos, which they thought were intended for the kids, but we make them on purpose for the kids and the parents. It’s a beautiful project. I love it. It’s a lot of work, but it’s worth every hour that we invest in it.
What sort of cybersecurity advice do you provide in these videos?
Well, there was one episode for which the kids made the entire script from beginning to end.
They said “We have some wonderful advice: we need to inform our parents about what we do, and we should never hide what we do, and we should always explain why we want to do it. But can you please be so kind as to tell the parents that they should listen when we want to tell them something? And if we want to show them something, that they should actually take a couple of minutes?”
So we did this episode created by the kids alone and we didn’t allow the parents to criticise any of it, just focused on saying “Hey parents: yes, we can tell you what the kids should do, but you should have time for them when they want to do what we tell them to do.”
I love that so much. We had so much fun creating that. We encourage parents and kids to learn this together. It’s not that parents give these videos to the kids and say “well, be busy and learn this.” Sit down together, learn this together and use it as an input for discussions with each other. What we’ve learned with the kids is that they’re really actively involved, so they come back to the parents and they say, “hey, I watched this video and look, I’ve done this and it looks good.” And that’s the coolest thing.
Use our template to create a compelling and comprehensive CRM Consultant job description to attract top talent.
What is the role of the CRM consultant or expert? How to become a CRM consultant? What are the required skilled and the salary expectation? We tell it all in our CRM consultant job description.
Are you looking for IT mission opportunities in the Tech and IT sectors on a freelance or permanent basis? Mindquest can help you find your next IT mission opportunity. Find CRM missions by browsing our freelance and permanent vacancies available on our digital recruitment platform.
CRM consultant: the job description
A CRM (Customer Relationship Management) consultant; otherwise known as a CRM expert; is a specialist in customer relationship management software and customer relationship itself. When creating a call center, this professional assists in optimizing the relationship with customers. But also in making decisions relating to the choice of IT tools. Usually, a CRM expert works for an ESN or a BtoB agency. They can work in a large group or in small structures and is mainly required to work in collaboration with customer service, as well as with the marketing and web-marketing service.
The role of the CRM consultant is to define, configure, implement and manage the CRM software while promoting its positive impact on the company’s strategy. CRM Software is the backbone of any call centre. Indeed, the CRM software makes it possible to keep all the history of exchanges with customers and to manage the call lists on a daily basis. In choosing which CRM to implement, they can choose between independent CRM software or an ERP (including other business management modules). They manage the CRM software on a daily basis. That is to say, they take care of monitoring developments and finding new improvement strategies. Furthermore, they also collect data concerning customers and their life cycle, and carry out reports.
The CRM consultant is also focused on determining the best strategies to increase customer loyalty and engagement. This professional thus sets up loyalty campaigns and works to understand which are the dissatisfied customers (detractors) and satisfied customers (promoters) by calculating the NPS score (Net promoter score).
Required Skills
How to become a CRM consultant? The CRM consultant must have a perfect command of software packages dedicated to CRM. He or she must also possess solid knowledge in the areas of sales and marketing. Specializing in customer data analysis, it is important that he or she has knowledge and skills in data mining and brand optimization on search engines and social networks. The CRM consultant must demonstrate good analytical skills and be responsive to any changes they need to be able to detect. This professional must know how to approach a project as a whole.
A true specialist in customer relations, it is important that they know all the technical and strategic aspects. In addition, the CRM consultant must have a taste for contact, good listening skills and a sense of service. It is essential that the CRM consultant has a great spirit of synthesis and good adaptability.
How much does a CRM consultant make? The salary of a CRM consultant varies depending on the experience of the consultant. But also depending on the scope of their position and the size of the company. Indeed, some CRM consultants only work on the software aspect, while others will be responsible for a large part of the customer relationship.
Within a large group or small business, the salary range for this professional is wide. Generally speaking, a CRM consultant can earn close to €35,000 / year at the start of a career. At the end of his career, he can hope to earn more than €65,000 / year as a senior. The average salary of this professional is around €45,000 per year. The average daily rate for a CRM consultant developer is generally between $400 and $900.
Different training courses allow you to become a CRM consultant, with a Bac + 4 or Bac + 5. Graduates from business or engineering schools are usually highly appreciated by employers. It is thus possible to enter a business school or an engineering school, with a diploma with a specialization in marketing or web marketing. You can take a Master in Marketing or International Marketing or join a communication or marketing school. There are also certifications for using software that are popular with employers, such as Salesforce certifications.
Find CRM assignments on our freelance and permanent IT recruitment platform, or join Mindquest so you don’t miss out on any CRM assignments!
John Lunn, also known as Jonnychipz, is a Welsh Azure MVP and MCT working as a technical architect at BT Enterprise. An organiser of the Welsh Azure User Group and an avid vlogger, John discusses the benefits of being an active member of the Azure community and how he learned Azure IoT.
What made you go into Microsoft Technologies and cloud architecture?
think when you go into business you predominantly work with Microsoft Technologies, more often than not. I kind of cut my teeth in IT on that side of the fence, which was very much Microsoft focused. So, I guess that, when I took that additional career step into the world of consultancy and kind of specialized in a particular area; in my case it was unified comms when I first started in that world; Microsoft was a natural steppingstone.
I’ve dealt with it for a number of years now. I knew my way around it. I was comfortable with it. So developing those softer skills like peaking to customers and other clients and helping other people understand the technology, or yeah, or being parachuted into a completely burning disaster of a problem. You soon learn the technologies at quite a deep level. You learn quite quickly what you can and can’t do.
So, yeah. I suppose I kind of edged myself gently into the world of consultancy and architecture. Now I find myself as a technical architect working on predominantly Azure and Microsoft focused solutions for customers. It’s been quite a long career and I’ve delved into a number of different areas. But I wouldn’t change it for the world. I’ve learned so much throughout that time.
Cloud careers are evolving very rapidly. What’s your approach to keeping up with emerging trends?
As an individual, I’m constantly thinking: where are we going with technology? What’s next? Not just for my own interests and keep the passion and the interest in my career. But also: where can I add the most value? The company that I work for — how can I help them see and visualise those innovative ideas, projects and solutions?
For a number of years, I’ve been speaking internally with my management team, talking about where we’re going as an industry, and, clearly, for some time now, it’s been around IoT, edge data, machine learning, AI… All of those kinds of technologies that are going to drive innovative solution design.
So, I’ve been on a personal quest. I’ve dabbled in areas over the years. I’ve done bits and pieces and I keep telling people I know enough to be dangerous. That’s my stock answer. I know enough to dig in and make a little bit of noise. But I take it at my own personal development journey to try and dig into that in a bit more detail. IoT was one of those areas that I jumped into.
Why Azure IoT in particular? How did you go about diving into the area?
I guess I wanted to understand right the way from that physical thing. That physical device and object, the microcontroller that is inside that device, to the LEDs and resistors and buttons. How do those things get made and then what is the code that sits on that microprocessor? How do I develop that code to then enable me to take that sensor information?
Maybe there’s, you know, some optical, temperature or humidity sensor. The common things that you find in IoT projects. How do I take that, read it with some code and send that up to this thing called the cloud? And then what do I do with that?
So, I took it upon myself to try and look at some pet projects to build this, to start looking at microcontrollers, put them in, etc. I literally got myself a 3D printer and started printing off all these random designs I made myself.
There’s the engineering mentality if you’re really starting off at the maker side of things. So, I went on this journey of learning all of these kinds of disciplines. It’s really about understanding all of these little components that go into what makes an IoT solution. And I’m really trying to understand how you join the dots between these various features and components within Azure to make those solutions.
And it’s been, more of a labour of love than anything for work. I’ve met some fantastic people out in the community that have helped me understand things, that I’ve learned from, that I’ve taken ideas from.
And going down on that journey, you learn so much about those areas of Azure that maybe you’re not using on a frequent basis. You know, you start with this high-level view of the world. I try and dig down deep as much as I can in as many different areas so that hopefully I get a little bit more of a clearer picture as to how and why you can use these things.
Do you think a hands-on approach to learning new technologies is better than a theoretical or certifications-based one?
I mean everybody is different. I think for me hands-on works well. Certification is a great way to go, especially if it’s something relatively new and unknown.
So, for example, the AZ 220 exam is the Azure IoT developer speciality exam from Microsoft. And that’s what I was going for at the time.
There are certain ways people can study for exams as Azure IoT exam AZ 220. It’s very much theory-based where you read the Microsoft docs and understand things. And you know, if you do enough Microsoft exams, you can kind of work out which questions they are going to ask you. You get to learn in an almost parrot-like fashion the areas that particular exam is going to cover. And that’s great, there have been exams where I’ve kind of just done in that way. You go in and you’ve learned something over a crammed week or two.
But the problem is that, later down the road, if you’ve not actually done anything physical or hands-on or done it yourself, I found that I forgot it.
For the Azure IoT exam, I took it relatively slowly because I wanted to absorb it and be part of it for a while. Basically, because it was so much fun. I was just having so much fun doing this tinkering and making and, like I say, it hasn’t stopped.
So yeah, I think certification; as Azure IoT exam; is definitely a great way of identifying the areas that you need to learn. But how you learn those is up to you. Everybody’s got their own style and, for me, slow and steady and hands-on sinks in more and I’m able to retain that information for longer and apply it to other things.
You are an active member of the online Azure community. You go by the nickname of Jonnychipz, and you blog and host a weekly vlog covering Azure-related news and topics. How did you become such an active part of the community? What were the beginnings like?
I had always been on the periphery, the edges of the community. And I guess I never really understood what community meant. Over the years, I’ve been fortunate enough to go to some great Microsoft events globally, and I’ve met some brilliant people. But I had never really been actively involved in the community.
But then COVID hit, and we were all locked up in our houses. I got the time to actually focus and build myself a little bit of an office space. Before, I was always out on the road, driving up and down motorways in the UK or running the kids around.
So, as we all had this additional time, I thought, OK, this is an opportunity for me to try and focus on public learning and the community a bit more. In hindsight, I didn’t really know what I was doing when I first started. I set a blog up and it was jonnychips.com, you know? And I started putting out some blogs. I started doing the 100 days of cloud, just trying to show my public learnings and hopefully give a bit back.
What does your new role in the community bring into your life? What have been the best moments so far?
Well, it sounds a bit cliched, but there have been so many different situations that were super fun and where I thought I would have never been I had not turned to the community. Things like joining and setting up and helping organise a user group – part of what I do is helping organise the Welsh Azure User Group, and we run that as a monthly virtual session.
We’ve had so many fun moments over that, just from the guys and gals that help organise the weekly or biweekly calls that we have, through to the events themselves and just the fun engagement from other people in the community. There’s been so many comedy moments and just good general laughs over things.
IoT has been one of the standout things for me. The people I’ve met in in the world of IoT, from members of the community through to the advocacy team at Microsoft themselves, I’ve managed to speak to one or two of those over the last few months. They’re all super people. Really clever, intelligent, passionate people just putting stuff out.
You forge these new friendships without you realising it. You’re virtually speaking to people across Twitter and you’re having that banter, you jump on a live Twitch stream and have a little bit of fun.
So, it’s probably safe to say that there’s not really been one best moment so far. I think the best is yet to come. I’m really looking forward to getting back to the face-to-face meetups, getting back out there to two events where I get to meet some of these great people and hopefully have a coffee or a beer and a bit of lunch or something with them. I see that being a super fun time.
Chris Crowley is a US-based veteran cyber security expert specialising in security operations centers (SOCs). He works as an independent consultant through his company Montance, has a SOC-Class and is a SANS Institute senior instructor. He discusses how he carved his path in cybersec and shares some insights into what makes a state-of-the-art SOC.
It’s kind of interesting. I started working in technology when I was 15 years old, back in 1988. That was my first job where I actually went into an office, as until then I had done a bunch of stuff off of my computer, independently, like doing mail merges for one of my mom’s friends in order to send out letters advertising her business.
They hired me to basically come in and do reel-to-reel backups. Literally, they needed somebody to put the tapes on and spin them up and get going. So that’s the kind of stuff that I started doing in technology.
I actually graduated in molecular biology because I thought I would go into medicine and scientific research. After I did basically a full undergraduate degree, I decided I didn’t really want to do that for work anymore. I had worked in labs, etc., but I didn’t want to do that for the rest of my life.
I had always worked with computers. So it was sort of an easy switch for me to do another undergraduate in computer information systems in order to have the credentials. So I did that, and I started working in IT operations.
In the 2000 time frame, there wasn’t a lot of cybersecurity focus. And then things started going wrong. I was working at Tulane University at the time. And the FBI showed up and they are like “you have to take all these computers offline”. We had problems with spam when literally, prior to that, there wasn’t really a problem with spam on email. I’ve dealt with compromised computer systems. I’ve had to deal with Blaster and Nachi, SQL Slammer, so all these early worms that we weren’t ready for and that destroyed networks.
So, that’s kind of how I got started on cyber. I was the IT operations person, and we had cyber problems. And it was a huge struggle initially because there wasn’t a lot of information. Now you can go Google cyber security but, in 2000-2003, you went like what on Earth is going on? You know you’d just have to try to figure it out.
And how did you eventually become the independent cyber security expert that you are today?
So, a major change happened for me personally in 2005. In 2005, Hurricane Katrina hit New Orleans. I was living in New Orleans at the time. My house flooded. Tulane University was dramatically impacted, so I went through this big disaster recovery experience.
And I had been doing a bunch of cyber stuff at that point, and I knew that that was the direction that I was going. I moved to Washington DC, and that kind of changed things. I started working at U.S. government agencies and working in cyber programs. Also around the same time I started teaching for SANS Institute.
At this point, I was like, “OK, if I want to continue along this path, it would probably be better for me to exit employment.” And this was not really something that I had planned to do. I had not planned to go into business, to go out on my own, but that’s what ended up happening. Mostly because I couldn’t balance the full-time job plus the training stuff and the opportunities that I had for some other things.
I kind of joke about it, but I had three part-time jobs that were about 50% of what a normal workday would be. I didn’t know how to do it and I ended up like this for the first three years. Just feeling completely overwhelmed and hustling and doing all the things that were necessary. And I wasn’t even really chasing customers. It’s just that I had like 3 contracts that I was working on.
Since then, I’ve continued to do that and I think I’ve gotten better. I still work about 60-70 hours a week, but it’s just kind of spread out and it’s a little bit more comfortable for me.
That’s my career in a nutshell. I have my company Montance that I do consulting through, I have my SOC class in which I do training for security operations, and I still teach through SANS Institute. I have the opportunity to do a lot of things.
What are you working on these days?
Right now, I’m working with a managed security services provider out of the Middle East. I’m also working with two large financial services companies doing maturity assessments or tabletops for their capabilities. It’s really interesting for me, and it has become phenomenal. Of course, it continues to be a little bit uncertain, always wondering where the next gig is
You mentioned juggling all these part-time gigs as you exited permanent employment. What key learnings about yourself and the way you work have you gotten out of your transition into independent work?
I want to say yes to everything. I really do. People ask for help or want me to do engagements and so on, and I want to say yes all the time. And the problem is that I can’t do that. I have to pick which things I will actually engage in that will allow me to do a good job.
I’m the sort of person who wants to do all the different things. I’m not a specialist, I’m very much of a generalist. So, in addition to the saying yes to everything, it has been hard for me to allow delegation to other people. It’s strange because, when I work in teams where I’m the team lead, I tend to be really good at delegating. But when it comes to my own work, when it’s more, when it’s more of a reflection on me, it’s harder for me to delegate.
So those have been the specific things that I’ve adjusted in my approach.
Where do you draw the line between a junior cyber security professional and a senior one?
That’s a great question. I like the terminology of junior/senior much better than the tier 1, tier 2, tier three kind of stuff.
A senior-level person is able to make an informed, coherent decision, weighing all of the appropriate information that might be available. A senior-level person should know that they need to get more business context. They need to be aware of other people in the organisation who might be affected by a cyber-based decision and get their buy-in or get them to weigh in.
I don’t think that I can expect a junior level person to have the appropriate level of awareness, skills and social interaction and acumen on all the details to be able to come up with that same complicated synthesis and then provide a defendable opinion. I mean, junior-level staff will try to do something like that, but they simply lack the experience and the capability and the technical acumen to come up with the best opinion.
What makes a state-of-the-art SOC?
Anytime I start talking about security operations centers, I fall back on to five things.
We’ve got inputs, people, procedures to work through, technology to work with, and then there are outputs, the sort of things that come out of the SOC that are work products.
From an input perspective, if you had to focus on one thing to have a state-of-the-art SOC, that would be the ability to absorb a tremendous amount of data at speed and have that be something that is constantly changing the instrumentation across every different type of system. Effective ingestion is a hallmark of the state-of-the-art SOC.
In older SOCs, what you would get was “Well, we need to write the connector for that, and we need to hire professional services to do that, and I can’t take the data in from that system.” State-of-the-art is “Give us the data, we’ll figure it out, and we’ll consistently be able to absorb it.”
Also, you need to have a way to absorb historically, so even after things have happened. If you can go back in time for absorption, and this is relevant both to threat intelligence as well as to logging or other artifacts, then everything gets synthesized into the picture of what you’re doing.
For the people, the human aspect, you need people with skills and capabilities. The modern SOC is a learning SOC. The modern SOC is not a helpdesk. I don’t want to disparage the help desk, but the idea of a help desk is basically: we tend to have a given set of things that are within our scope; here’s what we do, here’s what we work on. If you’re part of this or meet the criteria, we run it through things and we assign it to the right people.
The state-of-the-art SOC handles uncertainty on behalf of the organisation. It handles the unprecedented. I can’t write a routine for something that we haven’t anticipated. We can say we’ll handle it. But then we’re going to figure out on the fly what to do. We’ll deal with it, and we will do it with a degree of grace. It’s not going to be highly polished the first time through. But it’s also not going to come crashing down with people quitting in the midst of it. Because that happens sometimes.
From a procedural aspect, a state-of-the-art SOC has a flexible deployment of its staff.
We have the ability to do a lot of things quickly and efficiently, but we also have adaptability, thinking and business relevance.
In terms of technology, I’ll name a couple of technologies, but I don’t want to limit it to these. As an example, if you don’t have a SOAR and you aren’t implementing SOAR, you are behind the curve. Right now, that is a technology that a lot of people are embracing. And, if you don’t have a SOAR technology, but you’ve written all of your own custom PowerShell or Python or whatever in order to do stuff, I still think that counts for SOAR. But that notion of effective automation is really important for current state-of-the-art capability.
I gave a talk at RSA earlier this year where I went through and listed out my technology taxonomy. It is basically is every single thing that I could think of that a state-of-the-art SOC needs. You can find it in PDF here.
Finally, the fifth thing that makes a state-of-the-art SOC is the artifacts that come out of it. The modern SOC is more about portals, automatic notifications directly notifying the constituents as well as the affected system owners and responsible parties with minimal human interaction.
The SOC analyst is interacting with some form of a system that’s collecting that information, and the system is notifying people rather than the analyst copy-pasting everything into a Word document, printing it to a PDF, and sending that out. I have no problem with collecting reporting into a document, but we already have that data in our various systems. Why aren’t we just programming them to do what computers do well? You know, hit the bits that need to be hit and distribute that information appropriately so that it’s much more portal-driven and constituent-focused than “Here. Encrypt this report.” It’s hard to get there, but I think that that’s a hallmark of the current state of the art.
German ABAP expert Martin Fischer is a Business and SAP Portfolio Manager at BridgingIT, SAP Mentor and a host of the SAP Coffee Corner Radio podcast. He recently sat down with us to talk about how he got started with SAP and discuss the career path of an SAP consultant.
What is the SAP consultant career path: How did you get started in the SAP ecosystem?
I started to become interested in computers and technology when I was 16 or 17. At that time, I was about to start an apprenticeship in business administration at a wholesaler for tires and other technical products. I had had some Visual Basic for applications lessons in school before, so I started supporting the financial department by writing a macro in Excel or Access, I don’t remember for sure.
The head of the department got interested in my skills at that time, and they were about to start an SAP project to implement SAP FI in SAP 4.6c. That was the coincidence that got me started in the whole SAP ecosystem, and it’s been 20 years since.
Of all the career paths available within SAP, why did you choose ABAP?
I worked on that project for one and a half years and took over the responsibility for running that system. A year after, I decided to study computer sciences and business and, during my studies, I became more interested in software development. So, I thought, OK, I have a background in SAP, and there is a need for ABAP developers: why not look for a job in that area? And so, I did.
And what has been your career path as an SAP consultant since then?
I joined a consultancy in Zurich after my studies and was there for about a year. Then I moved over to Capgemini and was there for three years. Now I have been with BridgingIT for almost 10 years. I left the development space and moved over to more architectural stuff, as well as team leading responsibilities. I am not programming for the whole day anymore. Actually, I seldom program now. But it’s still in my roots, and I like to dig into the technological details.
What were the biggest challenges you faced when transitioning into a more managerial role?
Becoming the team lead of my former colleagues. There are a few of them who have much more experience than I do, so it was a bit of a challenge for me. I guess it wasn’t that much of an issue with them, pr at least I had that feeling. But for me, it was different.
The second one was having to care about more people and things in many aspects. So, consulting, finding the right project assignments for my team, etc. It was a bit hard because the role involves some pre-sales and that part was hard in the beginning to learn. Also having to accept that I don’t have that much time anymore to focus on my technology topics. Now I have multiple other topics to devote time to during the day, and I had to accept that I will, over time, lose the deep knowledge of the latest technologies.
But now, after more than four years, I have accepted it and I’m fine with it.
What do you enjoy the most about your new role?
The possibility to drive things in the direction I want to, or which I think is the correct one. Of course, I don’t decide that all by myself, but I have a bit more influence than I did before.
I also enjoy very much the interaction with customers, so the pre-sales part that was so challenging in the beginning turned out to be something I really like. I’m much more confident in these discussions now. The first times, you are very nervous. At least I was. Nowadays it has become more of a routine, and I really like it.
What do you value more, certifications or experience?
There are many things you have to learn for the certification exam that you don’t ever use again. That’s actually one reason why I’m not really convinced that getting many certifications is real proof of qualification or knowledge. I’m quite sure you can get the certifications if you do a proper preparation for them and learn the stuff they will ask you for. But you will not really be able to work with the technology you are certified for. I rate experience higher than certifications.
When does pursuing certifications make sense?
I would say at the point in time I did my certification, as a junior, it was a good thing to have it because, especially if you work for a consultancy, it helps you to get better project assignments. Some customers are still looking for it. But, in the development area, I don’t see the need to do all the certifications that come with the technology. I don’t see the value in that.
Sometimes you have to do it as a partner to maintain your partner status. That’s another reason why sometimes you have to get certified.
But, from a career perspective, I’m not a big fan of certifications. I think there are better ways of getting a deeper understanding of what you are doing. Get involved in small projects, do a POC, get your hands on the latest technology somehow.
You are an SAP Mentor. What is the Mentors program like?
The program has changed a lot over the last 3-4 years. I’m now almost at the end of my 4th year in the program.
There’s a new program called SAP Champions which took over the community focus and the focus on the outside community, which was also part of the Mentors program. The program now focuses more on providing feedback to SAP on certain topics.
It’s an honour to work with all other mentors in the team because they are all very experienced. The international aspect is also very valuable for me because you get to hear things going on in the United States, Australia, or Asia, and things are different in different countries, so it’s also something you have to learn.
What career advice would you give to other SAP and IT experts in general?
Stay curious and never stop learning. That is very important. And work in something that you like to do. I am lucky to have a job I really like. I cannot imagine investing so much time in something I don’t really want to do.
I think that’s very important. More important than more money, etc. If you have passion for your job, money, at least in technology, comes along.
For more tips on how to navigate the career path of an SAP consultant, make sure to follow Martin on Twitter and LinkedIn and through SAP Coffee Corner Radio.
Want to make the most of your career in SAP with S/4HANA? Check out our definitive S/4HANA Careers Guide.
Interested in DevOps too? Find out more about career opportunities in this promising field through this expert’s DevOps career story.
Need advice on how to start or develop your freelance consulting business in tech or IT? Need to start a new permanent or freelance assignment? Join Mindquest and get support from our team of experts.
Gregor Suttie is a Glasgow-based Microsoft Azure MVP and Microsoft Certified Trainer working as an Azure Architect at Dutch firm Intercept. He helps run the Glasgow Azure User Group and is a prominent Azure family and community member. He recently stopped by Mission Control Center to discuss cloud careers and how to become an Azure MVP.
How did you get started in IT and with Microsoft technologies?
I have been in IT for more than years, so it was quite a while ago. I was one of those people who don’t know what they’d like to do in life when they are at school. But a high school friend encouraged me to try doing some computer programming, and I really enjoyed it. After school, we went on to do some college-level computing and programming courses, and I got a part-time doing AS/400 at a bus company.
After that, I went to Paisley University just to the West of Glasgow to do a one year-degree in media technology, which is slightly computer and programming-related even though it sounds like media. When I finished there, I applied for a developer role and gained some Microsoft experience but nothing too deep. I started learning HTML from Notepad, believe it or not. That was back in the day when HTML was the first thing. Using notepad to code was interesting. I was even learning Java in Notepad as well. It wasn’t even an IDE. So that’s kind of how we got into baseline Microsoft technologies, just using basic programming.
I then got my very first junior role at a software company: Interactive Developments in Sterling. And I went in there as a junior with absolutely zero experience, so it was quite frightening but really exciting at the same time. I was really lucky there was a very senior lady who was the senior dev, and she took me under her wing and basically showed me how to write code properly and test it, how to deploy it and, more importantly, write good tests to the code that I was trying to write, which wasn’t very good at that point, but she kept me right. And that’s kind of how I started. I was basically doing VB 6 in that job for three years, learning VB 6 under the wing of a good teacher. Very lucky to have someone mentor me like that.
And then you became one of the first 50 Microsoft Certified Solutions Developers (MCSD) in the world. How did that happen, how did it feel?
Yeah. After about three years, we were moving away from VB 6 and towards Microsoft .NET, so I was learning that during the day at my job, and at night as well.
It was the first time that they had ever offered the MCSD exams. I think it was two exams, and I went for them and passed them on the first attempt, which was really cool. But mainly because I was doing a lot of studying and hands-on.
I got a letter signed by Bill Gates together with a copy of the software saying that was one of the first 50 people in the world to have passed that exam. I don’t actually still have it, as it got lost when I moved house, but I got the Visual Studio box with all the posters and all the CDs in there signed by Bill Gates, which was exciting.
You are also an Azure MVP. How can one become an Azure MVP?
Three or four years ago, you used to be able to nominate yourself for the distinction. But they got rid of self-nomination because so many people were nominating themselves, so they just couldn’t cope with the number of nominees. They changed it to make it that you had to be nominated by someone from Microsoft or an existing MVP. So, I asked someone to nominate me and eventually happened.
It’s all basically based on community contributions. How to become an Azure MVP? The main thing is that you shouldn’t try to become an MVP. You should just do what you do, and it will eventually come along. You have to do blog posts, talks, help out through user groups, all that kind of good stuff. If you’re doing that on a regular basis, then someone might nominate you.
Once you are nominated, you have a form to fill in with all the contributions that you’ve made over the last 12 months. You fill that out and send it off, and the person who deals with the form contacts you within three months just to let you know if everything is okay with your form.
And then it basically goes into the ether. You don’t hear anything until you get awarded. On the 1st of every month, they come out and communicate the seven or eight people in the UK who have now been awarded the MVP. That’s kind of the short version of how it works.
I couldn’t believe it when I got it. It’s probably my biggest achievement so far.
As someone who knows well how to become an Azure MVP, what’s your advice for those who are just starting out in their cloud careers? What certifications should they pursue?
I always ask people: what are you interested in? Sometimes it’s worth trying to write the Venn diagram and put in circles what you like. So, are you a developer or are you more of an ops person? Can you code? Would you like to code, or not? That’s kind of how you start.
What’s your background? Some people don’t have any background and they’re just learning from the very start. If you want to learn from the very start, it’s probably best to start off with the Azure Fundamentals exam. In fact, I always recommend that you start off with the Azure Fundamentals exam because it will give you a nice introduction to the Azure exams. It will also give you the confidence that you have managed to pass a fairly tricky exam.
If you’re new to the cloud, the Azure Fundamentals exam is actually a little tricky because it covers quite a lot of things. If you’ve got experience in Azure, fair enough, but, if you’re new to it, I would start with the fundamentals. And that goes for all of the courses.
These days, there’s quite a lot of demand for Azure administrators, people who can set up all the Azure resources. So, the Azure Administrator certification is quite a good one to go after. But other areas like Azure Power Apps are becoming very popular as well. Power Apps is a low-code platform, so it’s nice for people who aren’t massive programmers but are into coding.
Go to Microsoft Learn and click on the certifications link on there. Have a look around and try and figure out what you are best at.
Also, the online Azure community online is amazing. If you go on Twitter for example, under the hashtag #AzureFamily, you will find lots of amazing Azure people. If you want to get started with Azure and got questions on how to get started or even about how to become an Azure MVP, then definitely please do reach out to me or reach out to anyone in the #AzureFamily and they will definitely help you. Don’t be shy if you’re stuck with anything. Reach out and someone will help.
Your background is in development, and then you moved into DevOps. What was it like to be, all of a sudden, in the middle of development and operations teams?
It was interesting. I worked at a large bank two jobs ago, and the developers were on one side of the fence and the operation teams were on the other and they had nothing in between. And I couldn’t really understand this. So, what we would do is work on a two-week Sprint, and then we would build a code tester code and I would pass it over to the OPS team who would then deploy it, but we would never really speak to each other, and I thought this is really bizarre. “How does this work? This can’t be a good relationship.”
So, I got to know the operations team. They were in New York and we were in Glasgow. I got really friendly with them and kind of started to bridge the gap; and I created a role for myself where I sat in between the two teams. I made sure that the code was all built and tested. Then I could help pass it over to ops team and show them how to deploy it correctly because before that they would just deploy it. It would break because there was no real handover.
Anyone in the operations team could pick up and deploy the code, and the devs had an idea of what documentation to make. It was quite an interesting role. Before I did that, there were two separate teams who didn’t talk to each other. It was a good way to kind of bring the operations and dev people together.
Now you are an Azure Architect at Intercept. What are you working on as part of your role?
We are helping independent software vendors (ISVs) from all around Europe move from on-premise to Azure. The projects that we’re working on these days are basic setup designs for companies who want to move to the cloud or that are already in the cloud and want some extra governance.
We design it, we implement it, and we also look after it. So, we’re doing managed services. I’m really loving working here. Plus, it’s really interesting to work for a foreign company. I’m based in the United Kingdom, in Scotland, and I work for a company in the Netherlands. So, it has been really good fun.
Since the Covid-19 pandemic began, a lot of companies have been rushing to migrate to the cloud. What are the biggest mistakes you are seeing being made as a result of this hastiness?
I do some workshops on governance and Azure, so basically setting up things correctly from the get-go. And sometimes we see customers who have started in Azure and have created resource groups and have started deploying stuff but there’s no governance in place. There are no rules, no naming conventions. There are no limits to what you can deploy and who can deploy what.
When I deliver my governance workshops, it’s quite interesting to see people who are like “Oh, I didn’t know you could do that.” It’s just things like stopping people from being able to deploy huge virtual machines. stopping people from leaving things running. In the cloud, you can spin up things quickly, but some of them can cost quite a lot of money. You can burn through your credits and your money quite quickly in the cloud if you’re not careful.
I have also seen some poor naming conventions where everything is just random names and it’s really hard to work out who deployed what and when and what. It’s quite funny when you see a mess and you’ve got to go and tidy it up. I don’t often see that, but one or two customers have kind of run before they can walk.
So, governance is mainly the thing that people need to keep an eye on. It’s easier to do it from the start. You can certainly put governance in once you’ve got your Azure environment running, but it’s just nicer and easier to do it at the start.
For more tips on cloud careers and how to become an Azure MVP, make sure to follow Gregor on Twitter and LinkedIn and don’t forget to check out his blog.
Need advice on how to start or develop your freelance consulting business in tech or IT? Need to start a new permanent or freelance assignment? Join Mindquest and get support from our team of experts.
Born in Brazil, Rodrigo Mufalani is an expert Oracle DBA working at IBM as an Infrastructure Specialist for hybrid cloud projects. He recently sat down with us to discuss how he got started in his DBA career and how becoming an Oracle Certified Master and Oracle ACE catapulted his career and allowed him and his family to start a new life in Luxembourg.
My journey in the database world started a long time ago, back in 2004, and it happened by chance.
I was at college at that time and applied to a developer position at a company, but my programming logic was not as good as that expected from a developer at the company. But the HR department saw that I did pretty well on the SQL part of the test and invited me to apply to an internship position as a DBA.
Why did you decide to pursue that opportunity and go down the Oracle DBA career path?
When they offered me the position of DBA, I started looking on the Internet for what exactly a DBA was. I had no idea at that time.
I had started my career doing first line IT support, helping out with Windows installations and network stuff. But I was searching for something closer to the development side of things, as that’s what I was studying in college. So, that offer was perfect.
And that’s how I became an Oracle DBA. I think it was destiny.
And now you are an Oracle Certified Master (OCM) and Oracle ACE. How has that helped you in your DBA career?
It has helped a lot in my career. It’s why I am speaking to you from Luxembourg. Until 2018, I used to live in Brazil with my family (my wife and kid). Because after the certification, I got an invitation from a company based here in Europe to move here and help them with their customers.
How is the exam to become an OCM?
I cannot talk a lot about it because I have an NDA, but I can tell you it’s pretty hard.
You have to prove you have hands-on expertise in a list of skill sets in different areas, some of which you rarely use on a daily basis. And it’s pretty hard because you have time, your mind and the exam itself against you. It’s a two-day exam at Oracle’s headquarters, and I took my exam in the UK.
At the moment, and due to Covid-19, the exam is suspended, so there have not been new Oracle OCMs since 2020. But the future OCM exam, if there is one, will probably be related to the cloud and offered online.
What about the Oracle ACE award? When did you receive that one? How has it helped you in your DBA career?
I can’t believe it happened more than ten years ago, in 2009. Especially because it’s not an easy distinction to maintain over the years. If you receive the award but you don’t keep participating in the community, sharing your knowledge with the community, you lose the award.
It’s funny because I remember I was reading the email in which they notified me that I had been awarded the distinction when my boss at that time called me into his office to go over some stuff. And I told him I just got awarded the Oracle ACE award, and he goes “Oh, congratulations! But what exactly is that?” He just had no idea. It was so long ago. I was the third person in all of Brazil to be given the award.
The program has grown a lot since then, and it’s a pleasure to continue being part of it. I like talking to a lot with people and love to do presentations and talks at conferences. I founded the Luxembourg Oracle User Group with some colleagues, and I’ve had the opportunity to speak at several conferences. Also, I even had the opportunity to go to Azerbaijan before the Covid pandemic, and it was amazing. I have met so many great people through these conferences.
I must really thank the Oracle ACE program for giving me the opportunity to meet all these amazing people.
What is your main role at IBM?
Right now, I am helping with a large migration project for a big customer. I am doing some automation and am involved in all the migration activities as part of the cloud migration team. So, ensuring performance, that all is done according to the plan and on time, etc.
For the moment, I am mainly helping with Oracle-related subjects. My role is a little bit wider, spanning to all things database-related, but for the moment I am mainly playing with Oracle.
As a DBA, what are the most challenging aspects of working in a hybrid cloud environment?
Nothing in particular. The same challenges that we have all the time. So, tight deadlines for delivering projects, ensuring as little downtime as possible, etc. The customer always wants to have the, and we try to deliver the best to them.
What advice would you give to those starting in IT?
My advice for the starters in the field of technology would be to read and research as much as possible. Try to pay attention to the senior people around you and don’t be embarrassed to ask questions. But ask questions after you try. Of course, in a safe environment, not in the production environment.
I prefer that someone asked me after trying these or that step and failing to find a solution. Sometimes, people get so accustomed to getting every answer at once that they don’t even try.
Use our template to create a compelling and comprehensive QlikView Developer job description to attract top talent.
What is the role of the QlikView developer? Discover in this job description their missions, required skills, training and salary.
QlikView is one of the products of the Qlik company, a leading market leader in DataViz and BI tools alongside Tableau and Microsoft products like Power BI. Qlik is a company specialising in the development of data software, dashboards and self-service business intelligence products.
To go into a little more detail, QlikView is a Business Intelligence platform facilitating self-service data interpretation. Thus, the QlikView solution enables big data analysis to be transformed into actionable insights. Globally, more than 24,000 companies use the QlikView platform. Thanks to its “Associative Difference” technology, the QlikView platform saves businesses time and allows users to easily consolidate, search, analyze and visualize their data.
QlikView Developer: the job
Today, the use of big data has become commonplace and IT departments of enterprises are increasingly advanced in the use of BI solutions. This is where the QlikView Developer comes in. The role of this professional is to prepare prior data processing to adapt the tool to the business needs and the activities of the company.
Their main missions are to collect and analyse business needs, write functional and technical specifications and implement the QlikView solution within the company. The QlikView Developer makes all the preparations for interpretation tools and data analysis tailored to each business. They are also responsible for modelling, designing and developing QlikView applications in line with the demands of the business. In addition, they ensure the correct and ongoing maintenance of the application.
Required Skills
Technical skills
The QlikView developer should have a lot of technical skills related to the QlikView solution. They must know how to create a data model and a QlikView application. Moreover, they must be able to solve problems related to data structures. In addition, they must know how to define advanced uses of the script editor and master the concepts of synthetic tables and loops.
In addition to technical skills, they must be a good listener. They must take into account the business environment, deal with the different actors with whom they work and take into account the needs and demands of different users. Also, they must have a good team spirit, a methodical spirit, and a sense of thoroughness and analysis.
Passion and curiosity
The QlikView Developer should be curious about the advancements in the web environment and popular technologies, staying up to date with new evelopments in this area. It is important that they are passionate about computers and new technologies, and also curious, dynamic and motivated.
The average daily rate for a QlikView Developer is typically between 250 and 500 euros.
Training and education of the QlikView Developer
To become a QlikView Developer, a bachelor’s degree in engineering is usually required. It is then possible to specialize in QlikView through specific training. There are also many online resources for professionals to learn QlikView.
Congrats on first software developer job? What projects have you been working on so far?
I’m actually not working on any client-facing projects right now because I’m still in the learning phase. Novatec has a Talent Hub, and every new employee in the software engineering department starts there. We spend a lot of time learning, as the project we will be involved in later require a lot of additional skills and knowledge of languages and frameworks. So, they want to be sure that we know all these things in advance.
What’s the talent hub like?
There are a lot of new developers in the
hub: juniors, trainees, students… And we work together on pretty much the
same program. We learn back-end, Java, Kotlin and some frameworks, but we also learn
front-end tools and frameworks. Then, in the end, we are given a project to do
by ourselves, and we present it and show everything that we have learned so
far.
Some need two months to complete the
program, others need more time. It really depends on the person, but it usually
takes no more than six months. We need to deeply understand the concepts and
processes, so we can use as much time as we need to learn. They don’t rush us. I
really love Novatec’s idea of the talent hub.
Pretty cool, isn’t it? Sounds like a great way to get started.
Yes. I was so happy when they took me in. This was something I was looking for because I don’t have that much experience and they give us the possibility to learn and cooperate with other developers and see what the process of development is really like.
We participate in all the company meetings, as well as in sprints and refinements. So, from the first day, we can see what the other developers are doing and how they manage the development process. We are not taking part in it yet, but we are already aware of what the project looks like from the inside and how people are working on it, and this is a very valuable experience.
What are you finding to be the most challenging part of this learning process?
The most challenging for me probably has been
working on a project inside a team. Before this, I was doing everything by
myself. So, if I had a project to get done, it was just me doing all the
thinking, projecting via framing and coding. Now it’s just a bit different
situation.
You have other developers in your team, and the planning of the project takes more time than the coding part itself. That’s because it needs to be divided into small parts, and everyone in your team needs to understand what their task is and what they’re going to do.
And I bet you learned many things as a result.
Yes. I learned how to develop the user story, how to create a ticket, how to cooperate with other developers using GitLab and all these things which I would have never learned by, for example, being a freelancer.
You mentioned you’re learning back-end, and your previous training was in front-end tech. How is going full-stack like?
I was lucky because was able to handle the back-end pretty well because I had some experience with C#. So, Java was not that difficult for me, but still, it took me probably a month to dive deeper into it, to go beyond the basics and learn new stuff. Then it became easier when I started with Kotlin and the various back-end frameworks. The most challenging part was Java itself.
How was the experience of going through the onboarding process? Was there something in particular that positively surprised you?
I was really surprised with it all, as that the onboarding process was really well organised. Everything was on time and there were so many people presented their teams and projects. They were telling us with enthusiasm and happiness, explaining how they were handling things and that they were happy to see us at the company. That was very inspiring and surprising in a positive way.
What advice would you give to others just starting with their web developer career?
For the junior developers who are just starting their web developer career, I think the most valuable advice I could give is: don’t be afraid to ask questions. Everything you want to know, everything you are not sure about, just ask. There are a lot of people who will help you, who will guide you and mentor you.
In a good software engineering team, they all want you to succeed. That’s the beauty of cooperation. Everyone helps each other out when they are working on a joint project.
What about work-life balance? Starting a new job can be stressful. How are you doing with it all? Are you working from home, or at the office?
Work-life balance is pretty much on schedule and going well. We’re still working from home remotely, but we can go into the office if we feel like we want to socialize with other colleagues. So, from time to time, we meet at the office. I do like work from home, as that way I don’t have to spend that much time in traffic to go to the office and back.
You were blogging quite a lot before starting your first job as a software developer. How is blogging given how busy you must be? Are your new experiences prompting you to write about new topics?
Yes, it’s difficult now with the content. I know there are a lot of people on Twitter who juggle their work with content creating, family and everything, but it was difficult for me these first two months. It being a new job, and my first software developer job, I wanted to get to know everything, to learn as much as possible. And that didn’t leave too much time for content creation.
So, my blog is still where it was before, but still coming up with ideas. At Novatec we also have the possibility to write blogs, so I will probably think about that as well. I would like to pick up blogging again soon and write about all the new back-end tech I am learning to use, about Java and Kotlin – there are so many topics waiting to be written about.
For more guidance in your web developer career, make sure to follow Olena on Twitter and LinkedIn and don’t forget to check out her blog and Hashnode activity.