Eliana Willis

StackCommerce
Has the frustration of the last 18 months or so made you want to completely change your life? If you’re ready to get serious about that, you’ll find everything you need to get started in The StackSkills, KeepSolid VPN Unlimited, & Sticky Password Lifetime Subscription Bundle.

StackSkills Unlimited Online CoursesThe StackSkills Unlimited Online Courses will train you in skills ranging from marketing, business, and finance to blockchain technology, and more. They are designed for all levels of experience, from complete novices to advanced professionals. You’ll get over 1,000 existing courses plus more than 50 new ones are added every single month. Best of all, these classes offer certifications that will make your resume shine and you will have access to premium customer support.Use the engaging content delivered by StackSkills Unlimited Online Courses to generate a side income or to completely change careers. The impressive 4.5 out of 5 stars rating on TrustPilot says it all.VPN Unlimited: Lifetime SubscriptionIf you’re hoping to use your new skills to work remotely from exotic locations, then you will need to be super cautious about security. A lifetime subscription to VPN Unlimited can relieve you of a great deal of worry. You can enjoy blazing connection speeds with no bandwidth or speed limits. With access to over 400 servers in 80 locations, you can watch any content you like, without buffering or geo-restrictions.

ZDNet Recommends

The best password manager

Everyone needs a password manager. It’s the only way to maintain unique, hard-to-guess credentials for every secure site you and your team access daily.

Read More

You’ll get military-grade encryption, a kill switch, and a strict zero-logging policy, plus 24/7 customer support. It’s no wonder that VPN Special said:”KeepSolid VPN Unlimited offers amazing services and its advanced features make it a solid VPN service provider.”Sticky Password Premium: Lifetime SubscriptionStill, to guarantee the ultimate protection, you really should have a strong password manager. A lifetime subscription to Sticky Password Premium ensures that you’ll never forget another password again. You’ll get an automatic one-click log-in and mega-secure data protected by AES-256 and true two-factor authentication. Cloud backup is included as well as syncing on both cloud and local WiFi. Priority support means there is really nothing left to ask for.

If you’d prefer to spend your hard-earned funds on gaming accessories instead of commuting expenses, don’t miss this opportunity to change your life and protect your data. Get The StackSkills, KeepSolid VPN Unlimited, and Sticky Password Lifetime Subscription Bundle while it’s on sale for just $49.99.

ZDNet Recommends More

China has pushed through a new personal data protection law that details regulations around collection, use, and storage. It includes data processing by companies based outside of China and encompasses requirements for organisations, including multinational cooperations, operating China to appoint someone responsible for its compliance.The Chinese government on Friday passed the Personal Information Protection Law (PIPL), outlining a set of rules on how personal data should be collected, used, and stored. It had gone through a couple of revisions since it was first pitched last year.To come into effect from November 1, the bill was approved amidst the “chaos” data had created, with online platforms over-collecting personal data, according to a report by Xinhua News Agency. The state-run news outlet noted that some businesses had deployed facial recognition systems without authorisation, “secretly” capturing consumers’ faces and other biometrics data. China is home to 989 million online users as of end-2020.

“China has always attached great importance to personal information security. The law on personal information protection clarifies rules on the processing and cross-border providing of personal information,” Xinhua quoted Zang Tiewei, a spokesperson for the Legislative Affairs Commission of the NPC Standing Committee, which approved the bill Friday. Zang noted that there had been increased scrutiny on technologies that carried out user profiling and ran recommendation algorithms, which had led to issues such as data-powered price discrimination. The new law aimed to address such problems, he added.According to Xinhua, the PIPL stipulated that brands must not deploy marketing tactics that targeted “personal characteristics” and must provide consumers with options to decline targeted marketing. 

Major online platforms that owned personal data of a large customer base also must establish an independent body, comprising mainly of external parties, to oversee how the information was handled. In addition, these companies would have to lay out data protection policies that were based on “openness, fairness, and justice” as well as regularly publish reports on their data protection initiatives. With regards to facial recognition systems, the law required signs” to be prominently displayed at public locations where such equipment and images mages would be implemented and captured. Furthermore, the collection and use of such data must be limited to “safeguarding public security”. Companies dealing with Chinese consumers have to ensure complianceModelled broadly after Europe’s General Data Protection Regulation (GDPR), the PIPL set a range of obligations, administrative guidelines, and enforcement actions regarding the processing of personal data, according to a blog post published Friday by Future of Privacy Forum (FPF). The report was jointly authored by FPF’s Asia-Pacific director Clarisse Girot, global privacy director Gabriela Zanfir-Fortuna, and policy analyst for global privacy, Hunter Dorwart. They noted that the PIPL applied to personal data transferred outside of China by imposing obligations on handlers before such data was moved abroad, such as complying with a security assessment by relevant authorities. It also included mandatory risk assessments for specific processes, such as automated decision-making that could have “a major influence” on consumers. Organisations must establish a dedicated entity or appoint a representative in China responsible for issues related to their data processing. The name and contact details of such representatives would have to be provided to the relevant authorities overseeing the implementation of the law.The PIPL also extended to data processing by companies based outside of China when one of three conditions was met, such as instances where the data processing was carried out for the provision of products or services to consumers in China as well as when the data was used to analyse or assess the activities of consumers in China. The third condition, in particular, referred to “other circumstances provided in laws or administrative regulations”, which the FPF said left a “margin of discretion” to Chinese authorities to “further extend the long-arm jurisdiction of the law in cross-border scenarios”.The FPF further noted a “distinct national security flavour” in the PIPL, which was most apparent in reference to provisions on data localisation and cross-border transfers. “The law incorporates provisions that affirm China’s intention to defend its digital sovereignty,” the authors wrote. “Overseas entities that infringe on the rights of Chinese citizens, or jeopardise the national security or public interests of China, will be placed on a blacklist and any transfers of personal information of Chinese citizens to these entities will be restricted or even barred.””China will also reciprocate against countries or regions that take ‘discriminatory, prohibitive, or restrictive measures against China in respect of the protection of personal information’.”According to the FPF report, the new Chinese law had a complex enforcement framework that included financial penalties of up to 5% of an organisation’s turnover as well as punitive actions, such as orders to stop processing data and confiscation of unlawfully attained profits. If a business refused to correct the violation, it could be fined up to 1 million yuan ($150,000). Employees directly responsible and overseeing the data violation also might be slapped with a fine of 10,000 yuan ($1,500) to 100,000 yuan ($15,000). In more serious violations, financial penalties could go up to 50 million yuan ($7.5 million) or 5% of annual revenue in the company’s previous fiscal year.Omer Tene, vice president and chief knowledge officer at International Association of Privacy Professionals (IAPP), said the new law would require the submission of cross-data data transfers to Cyberspace Administration of China (CAC) for security assessment. In addition, organisations that handled large data volumes, which Tene noted would be defined by CAC, had to be stored locally in China. In a series of Tweets posted a day before the PIPL was passed, he added that the law was “heavily based on consent”, with no provision for data processing based on “legitimate interest”–though, this did not include the need to fulfil contracts or compliance with a legal obligation. “If you’re doing business in China, get legal advice. They’re not playing around,” he cautioned.Didi Global has been removed from appstores in China following an order from the government to do so. The move comes just days after the popular Chinese ride-sharing app made its debut on the New York Stock Exchange. The CAC last month ordered Chinese ride-sharing platform Didi to remove its app from local appstores for breaching regulations governing the collection and use of personal data. Did was further instructed to rectify “existing problems” and “effectively protect” users’ personal data. Earlier in May, the CAC had singled out 33 mobile apps for collecting more user data than it deemed necessary to offer their service. These companies, which included Baidu and Tencent Holdings, also were told to plug the gaps. Citing complaints from the public, the government agency said operators of the apps were found to have infringed the rules after authorities assessed several popular apps, including map navigation apps. RELATED COVERAGE More

IT training company Global Knowledge has released a ranking of the 15 top-paying certifications in 2021 based on the responses of 3,700 US-based respondents, finding that some Google, AWS and Microsoft certifications often led to six-figure salaries.Number one on the list was the Google Certified Professional Data Engineer, which the survey found can bring in $171,749. Google Certified Professional Cloud Architect was next on the list with a salary of $169,029 followed closely by Associate AWS Certified Solutions Architects, who bring in $159,033.

CRISC, CISSP, CISM, PMP, CISA, MCSE, CompTIA Security+, CCA-V and other certifications all made their way onto the list, with salaries ranging from $151,000 to $110,000. Certifications for Azure, Cisco, Nutanix and VMware were also featured on the list. The company surveyed US IT workers from November to February this year and only included certifications that got at least 68 responses. The researchers behind the study noted that many of the top-paying certifications relate to cloud computing and cybersecurity. ITIL Foundation is the most widely held certification, the survey found. More than 65% of IT leaders said the annual economic value of having an employee with the additional skills and contributions made by being certified over a non-certified employee is over $10,000 while another 22% said the annual value is $25,000 and above.”Technology is only as powerful as the capabilities of the people trained to use it,” said Michael Yoo, general manager of technology & developer skills at Skillsoft, which owns Global Knowledge. “With this in mind, certifications are an excellent way of infusing vital skills into an organization, while boosting employee productivity and investing in ongoing professional development.”

More than 75% of IT leaders said they struggle to find employees who match the skills they’re looking for, particularly now that hacks and technology-related outages have become more commonplace and damaging, Yoo explained. Yoo added the certifications on the list are all accredited by industry-leaders, including AWS, Cisco, Google Cloud, ISACA and Microsoft. 

Yoo told ZDNet that project management and virtualization are perennial entries in this list, which he said is not surprising given how mission critical those skills are. “With Virtualization, it is the technical backbone of any modern technical infrastructure that hopes to run efficiently at scale, and it’s essential whether you are working on-premises, in the cloud, or in a hybrid of both,” Yoo said. “The no. 1 reason mentioned by IT professionals who changed jobs and why organizations who support continuous learning/upskilling will have an easier time attracting and retaining talent while deriving more value from its employees. If IT professionals don’t see a future with your company, they’ll leave.” This was backed up by the findings of the survey, where 52% of respondents had two to four positions they were unable to fill in the last 12 months. Yoo noted that the pandemic has accelerated cloud adoption and made it clear that enhanced digital security measures have become fundamental to business operations. “Cybersecurity risks paired with the high rate of skills gaps and growing talent wars, you can understand why organizations are willing to pay higher salaries to skilled IT professionals who can protect them,” Yoo said. “In regards to cloud computing, worldwide end-user spending on public cloud services is forecast to grow 23.1% in 2021 to total $332.3 billion, up from $270 billion in 2020, according to Gartner, Inc.. The crisis was a catalyst for establishing the value and flexibility of cloud computing. However, with cloud adoption, IT now faces a the challenge of finding skilled talent.”IT departments, Yoo explained, are now investing more in hiring externally or upskilling employees with the necessary certifications.  More

The acronym VPN stands for virtual private network. Those three words tell a lot about how a VPN works.Let’s start with network. VPNs provide network connections, meaning they move data to and from your device. Private means they make that movement private, helping prevent hackers from seeing what you’re sending. And virtual means that you’re doing it all in software. You’re not running a new set of wires. Instead, you’re creating a software-based network connection that then moves data over the physical connection (whether that’s wireless or wired). Also: NordVPN review: A market leader with consistent speed and performance What a VPN actually does is take data that you’re sending out over the Internet and encrypt it before it leaves your machine. That encrypted data is sent to the VPN provider’s servers, where it’s decrypted, and then sent on to, say, Google or Netflix. NordVPN, which is the service we’re talking about today, has more than 5,200 servers across the world. Also: Meet NordSec: The company behind NordVPN wants to be your one-stop privacy suite On the flip side, a VPN takes data from a server on the internet, encrypts it on one of Nord’s servers, sends that encrypted data to your computer, which decrypts it when it arrives. This is what provides protection against, in particular, Wi-Fi snoops at airports, hotels, and schools. By virtue of your data leaving the VPN provider’s server (which, for NordVPN, can be in your choice of 60 countries), your actual location can be hidden, and the final server sees as your location what’s actually the location of your provider’s server.

Also: Inside a VPN service: How NordVPN conducts the business of Internet privacy That’s how VPNs obfuscate your location. Although it’s sometimes illegal, many people use this capability to change their apparent region to watch blacked-out sports or region-locked TV. Far more important is that activists and those concerned about stalkers use it to hide their location for their personal security. OK, so with that introduction into how VPNs — and, specifically, NordVPN — works, let’s look at how to set up and install NordVPN. We’re going to do this on a Windows machine, but the practice is very similar for Macs, Linux, and mobile devices.

Servers: 5242Countries: 60Simultaneous connections: 6Kill switch: yesLogging: Email address and billing information onlyPrice: $11.95 per monthBest Price: $89 for two years ($3.30/mo)Trial: 30-day refund guaranteeSupported platforms: iOS, Android, MacOS, Windows, Linux, game consoles, smart TVs, more

Installing NordVPN To kick things off, point your browser at the NordVPN website. The company does run promotions from time to time, so the promotion shown here may or may not be on the site when you visit. Once you click in, you’ll need to choose your plan, create an account, and purchase the service. At this point, it’s time to dig into the dashboard to get your download. Once you log into your account, you’ll see the dashboard. Unfortunately, unlike most of the other VPN services we looked at, the most appropriate download isn’t immediately presented. You’ll need to click View Details first. There are some helpful resources shown on this next page, but what you want is the Download link. And now, finally, you can download the Windows client. Once downloaded, go ahead and hit the Open File link. And tell Windows that yes, you did want to do what you just did. And then tell Windows where to put the client program. You can choose to add a desktop icon and a start menu entry. This is a test Windows install that was setup just for this demo, so we’ll drop both the icon on the desktop and into the Start menu. Normally, on my production Windows machines, I don’t let installers put icons on the desktop (if given the option). It’s your machine, so choose as you wish. And just to quench your need to click even more, here’s one more screen before the install actually happens. Nope. I was wrong. This is the last screen you have to click before the install is done. Yes, Virginia, there really is an application at the end of all those clicks. Go ahead and log in using the same account and password you established when purchasing the service. Checking Settings OK, now that we’re finally in the client application, hit the almost hidden gear at the top of the window to get into the settings area. This first page allows you to choose whether the client is always running when you start Windows and whether the screen is minimized. If you want things to happen behind the screen, turn on minimized. If you want a reminder that NordVPN is present, let it show up on you’re your screen at normal size. Let’s move down to the Auto-connect tab. This is pretty powerful. You can decide that your computer is always routing traffic through the VPN or not. You can also turn it on if you’re using Wi-Fi instead of a hard-wired connection. You can also tell that certain Wi-Fi networks (like your home or office network) don’t need to be set up with the VPN service. That way, when you leave home and go to, say, a coffee shop, it will automatically connect via the VPN. Powerful option. The last settings pane we’re going to look at today is the Kill-Switch. This shuts down your Internet connection if the VPN link is severed. This is important because you don’t want data to suddenly go across the network unencrypted and unprotected.  Using NordVPN And, with that, let’s get started using the VPN service. The easiest thing to do is hit Quick Connect. You can also choose the country you want to connect via. I’m in the US Pacific Northwest, so it makes sense that NordVPN connected me to a reasonably close server. When done, you can punch the Disconnect button. Finally, there’s a hidden feature under the Disconnect button. You can disconnect from the VPN for a specified period of time. This is good if you have to access something over a local network, but want to make sure the VPN is turned back on after. So, there you go. That’s how to use NordVPN. Let us know what you think in the comments below. You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.

ZDNet Recommends More

Cybersecurity expertise is in high demand. Faced with threats like phishing, ransomware and data breaches, businesses need information security staff on their teams to help protect their networks from attacks. While the intention to build and improve cybersecurity teams is there, recent research demonstrates how businesses often make mistakes when hiring, leading to difficulties recruiting and retaining IT security staff.  

The number of unfilled vacancies doesn’t just make it harder for businesses to keep networks secure – it also has an impact on the people already working on cybersecurity teams, who are expected to do everything necessary to maintain network security, but with just a fraction of the required personnel. SEE: A winning strategy for cybersecurity (ZDNet special report) That’s leading to burnout, making it much harder for people to do their jobs at a time when a growing need to secure remote workers is adding to their workload. In some cases, burnout means people could walk away from the industry altogether when their skills are needed most. So why are organisations struggling to fill vacancies when there’s a workforce available, at a time when hiring cybersecurity staff is arguably more important than ever before? Because businesses often don’t understand what they’re looking for, leading to mistakes when trying to hire. Job adverts outside of cybersecurity come with requirements for the role, including experience and qualifications. Human resources departments are taking those templates and applying them to information security, which often doesn’t follow the same stringent requirements for qualifications.  

It’s possible to be highly qualified and highly experienced in cybersecurity without formal qualifications, yet many businesses attempting to hire security staff see qualifications and certifications as a requirement. Alyssa Miller, a business information security officer and public speaker on cybersecurity, has done extensive research into hiring practices in the industry, as well as presenting a TED talk on the issue. She says almost three-quarters of entry-level job vacancies she looked at ask for a Certified Information Systems Security Professional (CISSP) certification, something which takes years of training, costs money to take an exam – and isn’t realistic for someone looking for their first job in the industry. “Of the supposed entry-level job descriptions that I looked at, 71% of them call for a CISSP. That’s not entry-level, because you have to have five years of experience to get a CISSP,” says Miller. 

In some cases, companies are advertising to fill internship positions – something that in usual circumstances allows people to learn on-the-job while also helping the company. However, even when it comes to advertising for internships in cybersecurity, there are adverts that require an applicant has five years of working in the field. People with years of professional experience are being asked to take jobs for little or even no pay. “If you have five years of experience in cybersecurity, you’re not an intern anymore, you’re an advanced professional at that point – do you think you’re going to get a five-year veteran in cybersecurity for intern pay? No, of course not,” says Miller. SEE: The cybersecurity jobs crisis is getting worse, and companies are making basic mistakes with hiringCybersecurity involves a particular set of skills, which people have put in time and effort to learn. The nature of the industry means that, when it comes to skilling up, many information security professionals have ended up in the career path because of a keen interest in cybersecurity – and some are self-taught, showcasing the aptitude required to succeed, even if they don’t have any specific certifications. That can be confusing for human resources departments, which are used to viewing and hiring applicants based on the candidate having certain qualifications that information security people might not have. Someone could have years of experience in the industry, but if HR doesn’t see what they perceive as the correct qualifications, their application could be discarded, despite the hands-on experience. Cybersecurity, in short, is following the same pattern as other careers in computing and technology before it. “We went through all of that with software engineering 10 years ago and now cybersecurity is right at that point,” says Adam Enbar, CEO and co-founder of Flatiron School, which teaches on-campus and online bootcamps in software engineering, data science and cybersecurity. “You have employers who are hiring but they don’t really know what they’re hiring for, and they don’t even know what to look for.” This doesn’t just come down to expecting experienced professionals to work for little or nothing – some businesses simply have unrealistic expectations around what’s required for the job. In addition to requiring certifications, it isn’t uncommon to see job adverts asking for lengthy experience in disciplines that have only existed for a few years. “Job descriptions have got to get better. They need to be focused on the right things – they can’t be asking for 10 years of Kubernetes experience when Kubernetes has only existed for six years. There are plenty of examples of those job descriptions out there that do silly things like that,” says Miller. Then there’s the issue of timing. Some companies will go on major hiring sprees in the aftermath of a major cybersecurity incident, or because they fear becoming the next victim of a massive data breach, ransomware campaign or other cyberattack. In this scenario, the hiring companies want instant results from cybersecurity professionals with years of experience in a security operations centre (SOC). “Most postings are written for people with five to 10 years of experience. This happens because employers often begin to invest and dedicate time to hiring cybersecurity professionals when they’re facing a crisis – at which point, you don’t want someone with minimal experience, you need someone with experience to come and clean up very fast,” says Christine Izuakor, founder and CEO of Cyber Pop-up, a company that provides on-demand cybersecurity services, and a cybersecurity instructor for Udacity.  A strategy that would be better than attempting to panic-hire cybersecurity personnel following an incident would be to have them on staff to begin with – people who know the company well and can help protect incidents from occuring in the first place, or can react in the right way if something goes wrong. “The solution is for organisations to be more proactive in finding these individuals to build a cybersecurity team, instead of just waiting for a cyberattack or other security crisis to happen. In doing so, employees have time to learn and grow into roles,” says Izuakor. 

ZDNet Recommends

That’s going to require a change in attitude around hiring. Companies can’t just expect experienced cybersecurity professionals to materialise out of nowhere and accept working on an entry-level salary. Businesses need to accept they must begin hiring people at the very start of their careers. While they may have less experience, they can learn on the job and, if taken care of, can be a positive investment for an organisation – even if they don’t have any technical qualifications to begin with. SEE: Cybersecurity: Let’s get tactical (ZDNet special feature) In her TED talk, Miller explains how someone like a barista could have the necessary skills to thrive in a cybersecurity career. They can do many different things at once making and serving coffee, so what’s to say they can’t take that experience and use it in a security analyst role? “I’m looking for somebody who’s really good at taking those multiple inputs, like a barista – they can take that myriad of things that comes at them, and synthesise that into tasks and then prioritise and execute on those tasks. That’s what I ask a SOC analyst to do,” she says. By expanding the search for cybersecurity staff in this way, organisations have a better chance of diversifying the workforce, which can help improve cybersecurity for everyone by bringing different viewpoints and considerations into the room, as well as being able to respond better to new threats and issues. “Organisations need to look at recruiting individuals who come from a variety of backgrounds, and can adapt to the growing threat landscape and new challenges. A versatile workforce will assist in battling any cyber threats and maturing current cyber capabilities,” says Izuakor, who adds that investing in training these employees is also key.  “Due to the pace at which technology is evolving, constant development of talent is critical. By implementing a robust training and upskilling program, individuals are given the opportunity to learn and progress in their own careers while organisations can get ahead of the growing competition in the industry by building up internal talent.” Cybersecurity is a vital part of modern business, so businesses should invest in hiring the right people. Demanding five years of experience for an entry-level role isn’t going to work, neither is a tick-box exercise of demanding particular qualifications in an industry famous for people joining in unconventional ways, and where new threats mean new skill sets are always required. In which case, businesses need to think ahead when it comes to cybersecurity hiring. Recruitment isn’t something to be done just to patch things up after an incident – it’s a major part of running a business and should be treated as such. That’s why hiring the right people and treating them with respect and care is necessary. Get it wrong, and your existing cybersecurity team could become burned out and walk away – and the only people who will benefit are cyber criminals. MORE ON CYBERSECURITY More