Front Runner is pleased to be the only Canadian venue for the Certified Professional Technical Communicator (CPTC) exam preparation course. Our next offering is April 10-11 in Toronto.

Why Certification?

The Society for Technical Communication (STC) re-launched its certification program in early 2016, with a new focus on helping technical communicators at all levels validate their skills, expertise, and value to employers. Since then, more than 100 individuals have achieved the first tier, the CPTC Foundation Certification. This certification validates the candidates knowledge of nine core competencies of technical communication:

• Project Planning
• Project Analysis
• Content Development
• Organizational Design
• Written Communication
• Visual Communication
• Reviewing and Editing
• Content Management
• Production and Delivery

What You Will Learn

Covered concepts include:

• Six questions that will help you to assess your audience and their context
• The five phases of a technical communication project
• The four phases of team-building
• The most common types of technical documents and components of each
• Techniques for testing your documents
• Key principles of visual design
• Techniques for gathering, organizing, and validating source material

And much more!

The course is highly interactive, with mini-projects and group exercises.

About the Course

This two-day, live classroom training will cover all knowledge and concepts necessary to pass the CPTC Foundation Certification exam. STC developed the CPTC program with the support of APMG, a UK-based firm that helps professional associations develop and deploy certification programs. The instructor, Alan Houser, is certified by APMG as a CPTC instructor. The course fee includes a sitting of the exam.

If a participant in the Front Runner CPTC Foundation course fails the exam, Front Runner will pay half of the STC-member rate for an exam retake. Students may re-take the exam up to a year after the course.

Future Plans

STC plans to launch two additional certification levels: CPTC Practitioner (coming in late 2017) and CPTC Expert. These certifications are expected to require a combination of an exam and project work. Each level is a prerequisite for the next level. Individuals who achieve CPTC Foundation Certification will be eligible to attempt the CPTC Practitioner exam when it is released.

To Learn More

To learn more about the CPTC Certification Program, visit the STC Certification area.

Register Today

Front Runner is offering the Certified Professional Technical Communicator exam preparation course Mon Nov 13 and Tue Nov 14, taking place at 366 Adelaide St E #433, in Toronto. Visit Front Runner to register.

 

Sir Tim Berners-Lee, the inventor of the World Wide Web, says lack of privacy, truth, and transparency are endangering his egalitarian vision for the Web.

Sir Tim Berners-Lee, a British computer scientist and father of the World Wide Web, says three trends are threatening the future of a free and open internet that serves humanity. In an open letter to mark the Web’s 28th birthday, Berners-Lee explains how it can avoid the dangers it is currently courting.

The first trend that threatens the Web, Berners-Lee writes, is the fact that humans have lost control of their personal data online. The underlying business model for many websites and mobile applications is an exchange–users can enjoy free content or services in exchange for their personal data. But this exchange has become problematic because users cannot control where their data goes or how it’s used.

Berners-Lee says Web users should work with tech companies to “strike a balance that puts a fair level of data control back in the hands of people,” he writes. He proposes developing “personal data pods,” so each person’s information is secure until the user decides when to release information. To gain access to a site or service, people can release their data, like showing an ID when entering a bar. Companies and users can form different relationships based on short-term access to user data, or a person can sell their data to companies for micro-payments, he suggests.

The second dangerous online trend, according to Berners-Lee, is the dissemination of misinformation and fake news. Berners-Lee says fake news posing as truth has successfully spread lies and misinformation because the creators of fake news have learned how to game social media sites and search engines. When a fake news story goes viral, amassing a bigger and bigger audience, companies like Facebook and Google make money off those clicks, Berners-Lee says.

To fight misinformation, Berners-Lee says that people need to encourage “gatekeepers such as Google and Facebook” to combat the problem. Facebook hired fact checkers to shift through content and Google is banning publishers that create fake news. But Berners-Lee also warns about the danger of a central body with the power to decide “what is ‘true’ or not,” he writes.

Lastly, Berners-Lee says there needs to be transparency in online political advertising, which he says has incredible influence and is not regulated. During the 2016 presidential election, Trump’s team built a powerful digital marketing tool for the campaign. According to a piece by Bloomberg, Trump’s digital campaign was able to run micro-targeted campaigns on social media sites to specific groups of people to encourage voting or discourage voting, depending on the group being targeted. Bloomberg reported that Trump’s digital operation, in an effort to discourage black voter turnout, would serve targeted messages about how Hillary Clinton used the racially charged term “super predators.” Berners-Lee says some online political advertising is “unethical” and he’d like to see the industry adopt rules and regulations.

“Targeted advertising allows a campaign to say completely different, possibly conflicting things to different groups,” writes Berners-Lee. “Is that democratic?”

The Web has helped usher in an era of more democracy and knowledge, but it can also be used to suppress and subjugate, Berners-Lee says. He says it’s up to entrepreneurs and citizens to make sure the internet fosters equality.

“It has taken all of us to build the Web we have, and now it is up to all of us to build the Web we want — for everyone,” writes Berners-Lee.

By Will Yakowicz – Published on: Mar 13, 2017

Kaitlyn Kiernan, The Alert Investor, Mar. 7, 2017.

How strong is your password, really? Do you use the same one on a number of accounts? Or refer to your dog Fluffy in all of them? Chances are you could use a change.

About 73 percent of online accounts are guarded by duplicate passwords, according to a 2015 report by TeleSign, an internet security firm, and 54 percent of those surveyed use five or fewer passwords across their online accounts.

Meanwhile, just over 10 percent of consumers use one of the 25 worst passwords of 2016, according to SplashData, a provider of password management applications, which analyzed more than 5 million leaked passwords used by users in North America and Western Europe.

Topping the list of the worst passwords? 123456, password, 12345, 12345678, football and qwerty.

The problem with this is that our passwords are a key component of our lives, and as more of the services we rely on every day move online, the stakes grow ever higher.

It may seem overwhelming, but you can improve your internet security today with these seven tips.

1. Create strong passwords

What does that mean? Ideally, a password should be at least 10 to 15 characters and include a mix of lower case and capital letters, numbers and special characters such as @, $, or *. It should also be unrelated to any of your prior passwords.

Struggling to think of something? You can use a password generator (there are a number of free options available), or pick a short sentence or phrase to use as inspiration and replace certain letters with numbers or special characters. For example, you could channel Cookie Monster and go with, “W@nT~C0oK13$.”

2. Avoid passwords containing info easily found online

Part of having a strong password is not using information someone could easily (or even not-so-easily) figure out by checking out your social media accounts. That means if you constantly post about your cat, Fluffy, don’t make your password Fluffy_Lv3r.

Consider the whole extent of the information out there. While H@rRy*P0tt3r is generally a strong password, don’t use it if you are a member of a Harry Potter fan club or post quizzes to your page like “What Hogwarts House Would You be Sorted Into?”

The same goes for those account security questions you are sometimes asked to fill out. If your Facebook includes information on where you went to high school avoid the security question like, “What was your high school mascot?”

3. Use a unique password for every website or app

It may be super annoying, but sorry, you’ve got to do it. You need to have a different password for all your different accounts.

You might think a security breach at, say, LinkedIn doesn’t matter—they have your resume, so what? But if you use the same password, or even a similar one, for LinkedIn as you do for your bank account, or Facebook, or any number of other applications a hacker can soon find a way to wreak havoc in your financial and personal life.

Need help remembering all those passwords? There are a number of options for keeping track. You can download a password manager app, or if you don’t feel comfortable keeping that info in the cloud, you can also just create a document on your computer and encrypt that with a password. If you are more the pen-and-paper type, you can keep a list at home.

“In some scenarios, writing down passwords isn’t a terrible thing (it’s offline) provided you protect what you have written and where you store it,” said Whitney Hewatt, a lead security engineer at FINRA. “Certainly don’t store such things right next to any systems you use making it easy to find such lists.”

4. Avoid linked accounts

While we are on the subject, avoid linked accounts. What does that means? That means when you are new to a website and it says you can create a new account, or you can link the account to use your Facebook or Email log in, just create the new account instead.

“Sure, linked accounts are convenient,” Hewatt said. “But convenience comes at a cost.”

When you log in using another account, you are usually allowing that website to have some of your data, whether you realize it or not. That may be a privacy concern and may make identity theft easier. But beyond that, allowing one account to have access to others means that if the least secure account is hacked, the rest could also be compromised.

5. Use multi-factor authentication

When possible, use multi-factor authentication, or two-factor authentication, particularly for your email accounts. Many e-mail providers now allow for this, including Gmail, Microsoft Mail and others.

“Protect your email accounts as best you can,” Hewatt said. “Enable this setting to provide an added layer of security where you authenticate and then have to use another validation process, such as a code sent by text or authenticating app to secure the logon process.”

You should do this whenever possible, but your email account is particularly important. Your email address is also where password resets are typically sent, so it’s imperative that you protect your email address in order to protect all other accounts. Not to mention how much other information a hacker could get from your email account: your address, possibly medical information or information on your financial accounts and utility accounts.

6. Beware where you enter your password

Be aware of possible risks such as using public kiosks and charging stations when logging on to any site or app you use. There may be malware or virus designed to capture any information you type on the machine.

“You never know who manages these systems or how securely they are configured,” said Hewatt.

The same goes for pubic Wi-Fi. Public Wi-Fi might be convenient and easy on your wallet as you look to avoid data overage charges from your cellular provider, but steer clear of entering your password into any website from a public network, be it at an airport or your favorite coffee shop, or in a college classroom or hotel room.

“Until better security solutions created, traffic on open networks can generally be discovered by anyone else on that network,” Hewatt said. “You are better off using cellular communications when possible,” he said.

And never change your password on a public network or a public machine.

7. Take note when a data breach occurs

If you hear about a possible data breach of a website or app you use, don’t just assume others were affected, but not you. Take steps to determine if your credentials have been stolen.

You can reach out to the company that was hacked, or use test sites to determine if your credentials were stolen. Have I Been Pwned is one option that tracks many of the known data breaches. You can enter a user name or email address to determine if one of your accounts is located on lists which have already been dumped to the internet for public download.

“This may not be your actual password, but a scrambled version of it that is easily deciphered by common tools” Hewatt said. “If you encounter this, change your password right away.”

Original Article

 

A panel of industry insiders and experts share their cybersecurity predictions for 2017.

Joseph Steinberg, CEO SecureMySocial

2017 has arrived, and, with it, many big cybersecurity issues. Hacking has even been a trending news topic every day since Jan 1st.

So, what will 2017 have in store for us vis-a-vis cybersecurity? Here are the predictions of a panel of respected industry insiders and experts. While the forecasts are not identical, several concepts were mentioned by multiple folks – so take notice. Also, while this article is longer than my typical piece, readers who read it in its entirety will get a robust, broad view of what cybersecurity industry experts think that everyone needs to think about in 2017.

(Please note that some of the people who were polled submitted longer responses than I could use, and their answers have been abridged.)

Shira Rubinoff, President of SecureMySocial

2017 will bring more of the same problems that we saw in 2016, because this past year’s attacks delivered great results for hackers. Last year, I predicted that in 2016 “criminals, nations, and anyone else seeking to hack will continue to exploit social engineering as a primary means of digital ‘breaking and entering'” – why would anyone stop doing so when that is exactly how, according to the CIA, FBI, and NSA, Russia breached the DNC? Why would anyone stop using techniques that work so well? As part of the social engineering trend, we will continue to see oversharing on social media leading to spear phishing leading to breaches – hopefully, businesses understand this risk well enough to take proactive action. Likewise, Internet of Things (IoT) security – which clearly became an undeniable problem with Distributed Denial of Service (DDoS) attacks this past year – will continue to be a big issue; with so many people buying cheap, insecure devices, there will ultimately be a price to pay. On another note, women continue to make growing inroads in the cybersecurity profession – hopefully this trend will continue. We still have a long way to go.

Jean-Nicolas Piotrowski, President of ITrust

2017 will bring continued changes in the cybersecurity universe. The current detection and protection models are completely overwhelmed. Your average antivirus or firewall cannot cope anymore with advanced attacks since these offerings rely solely on signature and pattern detection. That is why they remain incapable of detecting APTs, data breaches, ransomware or even unusual user behaviour. The future of cybersecurity resides in the combined approach of machine learning and threat intelligence. An AI resulting from such an effort can detect cyber-attacks, as well as cyber-espionnage, way before any of the existing tools we have today on the market. Detecting weak signals within an entreprise, with the help of behaviour analytics – that’s the cyber-market of the future.

Steve Morgan, CEO of Cybersecurity Ventures

The severe cybersecurity workforce shortage — which has one million job openings now — will escalate in 2017, and add another 100,000 and 200,000 job openings by year end. Cybercrime damages will continue to grow (costing the world $6 trillion annually by 2021), up from $3 trillion last year; ransomware will be the fastest growing threat in terms of new attacks and costs. Global spending on cybersecurity products and services will exceed $1 trillion cumulatively over the next 5 years from 2017 to 2021.

Joyce Brocaglia, CEO, Alta Associates, and Founder, Executive Women’s Form

Once again this year we’ve seen the demand for information security professionals rise dramatically. The complexity and number of the attacks, coupled with the growing Internet of Things, increased regulatory scrutiny, and pressure from Boards, has resulted in corporations reevaluating and upgrading their information security and risk organizations.The demand for cybersecurity professionals, however, outstrips the supply, and that problem will continue in 2017.

Catalin Casoi, Chief Security Strategist, Bitdefender

As penetration of IoT devices in industry will grow, so will the threats posed to security by their uncontrolled deployment and use. Personal IoT devices will also increasingly get carried across physical and logical security boundaries by employees, compounding the issues. Building on the massive financial milestones in 2016, ransomware operations will likely dedicate more resources to improving automated targeting in 2017. This feature will help them discriminate between home users and corporations, and allow them to extort higher fees from the latter. DDoS attacks, possibly amplified by use of IoT botnets, as seen in the recent attacks against Dyn, will continue to make the headlines. While most will be, as before, politically motivated or performed in support of larger hack attacks, an increasing proportion will target companies for the purpose of simple extortion as well.

Dmitri Alperovitch, Co-founder & CTO, Crowdstrike

For a long time, we’ve focused on the kinetic effects of cyber, but we are now seeing nation states engage in propaganda campaigns and strategic information operations that happen to be conducted through cyber intrusions. Looking ahead, we will likely see the U.S. weigh tougher response options to such activities, not limited to cyber tactics, but also including diplomatic, law enforcement, economic and other policy means.

Michael Kaiser, Executive Director, National Cyber Security Alliance

In 2017, with the increased expansion of the Internet of Things, we will continue to see new devices that have built-in vulnerabilities. How and if those vulnerabilities are exploited is yet to be seen. IoT will increase rapidly beyond home devices like video cameras or thermostats to cars and the enterprise. After last year’s Mirai botnet, it is expected that security will be a significant consideration when implementing these new systems. Email security will also continue to be a major area of emphasis after the election year hacks of the DNC. Related will be an increased emphasis on stronger authentication as a primary form of protecting accounts and access to system. On the threat side, ransomware shows no signs of abating and will continue to be a major vehicle for cybercriminals to monetize their activities.

Trevor Hawthorn, CTO, Wombat Security

The endpoint protection space has grown in the last year, and more people will continue to look to these solutions in 2017. While more attention has been given to endpoint security solutions to identify threats and attempted attacks, they can’t catch everything: When users are the ones opening the flood gates to attackers by putting in their own credentials to a malicious or compromised set up, that’s a behavior change issue. Additionally, IoT has already posed a unique threat to the security landscape, one that may not be visible to a consumer’s untrained eye. Easy procurement of cheap IoT devices or Wi-Fi enabled products introduces a serious level of risk — of which many people are unaware. In 2017, we’ll need to answer for a lot of the mistakes that have been made in the name of a fast go-to-market strategy or lower cost of goods.

Dwayne Melançon, VP of Products, Tripwire

We will see an increase in business email compromise attacks, aka “spearphishing” of companies by masquerading as senior executives. The nature of social media and other reconnaissance has brought a rise in sophistication of bogus emails luring companies to wire money at the direction of (bogus) requests from senior company officials. Email credential theft will continue to be in the spotlight. We will see increases in attacks on energy, transportation, and other aspects of our critical infrastructure, and attacks leveraging “IoT” zombie armies will be a new fad. In some cases, the overwhelming traffic from IoT devices will be a smokescreen to hide other attacks designed to steal and exfiltrate data. In other cases, the IoT attacks will be used to disrupt business, communications, and potentially government activities. Key events like tax deadlines, healthcare registration deadlines, and other time-sensitive events will be particularly vulnerable to these disruptive attacks.

Richard Stiennon, Chief Strategy Officer, Blancco Technology Group

In 2017, all records for large distributed Denial of Service attacks will be broken. There will be a major clash between privacy and security, as advances are made on both fronts from various legislative actions. The rise in second-hand electronics will become a data recovery nightmare for both businesses and end users. The Internet of Things will create a morass of personal and corporate data on millions of connected devices. Hackers will turn recent proof of concept exploits into attacks that allow them to mine poorly wiped virtual machines. The triple scourge of ransomware, spear phishing against corporate treasury functions, and direct attacks on central banks will continue to drive investments in new security technology. Nations will continue to make large investments in quantum computing research, with the goal of being the first to engineer a major breakthrough. The winner in this new arms race will have a short-term edge (and leverage) in the world of technology. Now that the gloves are off in state-sponsored information operations against political elections, it will be necessary to watch for more egregious and blatant nation state attacks.

Eddy Bobritsky, CEO, Minerva Labs

2017 will bring us more network connected devices that will generate more alerts to be handled with the same or slightly increased human resources (security professionals and SOC operators) rendering us more vulnerable to malware attacks. Adding to the problem will be attacks that are more directly targeted and far more sophisticated than we have seen before. Organizations will be less interested in replacing existing solutions but rather in creating new automated layers of defense. We will see an increase in Automated Prevention and Automation Response technologies focused on giving organizations the tools they need to deal with emerging threats and to get more out of the human and the technological resources they already have.

Bill Blake, President & Chief Customer Officer, Fasoo

In the past, in the aftermath of major data breaches, organizations looked to manage bad press. Crisis management in 2017 will include a reckoning with the law. Some state officials have already made inroads to enact cyber regulations – in New York for example – looking to hold senior management and board of directors accountable.

Rohyt Belani, CEO, PhishMe

The security industry will realize that we need to think about the present and not just the future. Ransomware and business email compromise (BEC) exploded in 2016, and almost 100 percent of the instances were a result of successful phishing attacks. These will continue to be preferred attack methods for malicious actors because they work, and can cause immediate and lasting damage to organizations. As everything becomes more connected and hackers get smarter, the potential for tried and true methods like phishing to cause damage on a massive scale through IoT devices increases. The security industry will start to realize in 2017 that we need to think about the biggest problems we face now so that they don’t affect the future, especially as more industries like healthcare start to be targeted by ransomware and phishing attacks – and then it’s not a matter of getting data back, but of life or death.

Mike Raggo, Chief Research Scientist, ZeroFOX

Organized crime groups and foreign attackers will increase their use of social media to target individuals, businesses and government officials. With social acting as a public forum, any information that an organization (company, executives, employees, or customers) shares on social media can lead to a variety of unexpected threats. For example, someone posting that “the men’s bathroom is out of order and a repairman will be by this afternoon” can lead to case of social engineering where an imposter arrives for the repair, but has intentions of using the access to pilfer information and infiltrate the organization. With the plethora of information posted constantly to social media – an adversary can target an organization and understand the who, what, where, when, and how; and use this against the company.

Igal Zeifman, Marketing Director, Imperva Incapsula

Mirai was responsible for many high-profile attacks in the second half of 2016. It safe to say that, in 2017, we will continue to see more evolutions of that specific malware type, which will exploit vulnerabilities in IoT devices. We will also witness the expansion of botnet-for-hire industry, facilitated by the existence of the aforementioned effective, easy to use, and widely available malware.

Juan Andrés Guerrero-Saade, Senior Security Expert, Global Research and Analysis Team, Kaspersky Lab

Ephemeral memory-resistant malware, intended for general reconnaissance and the collection of credentials, are likely to be deployed in highly sensitive environments by stealthy attackers keen to avoid arousing suspicion or discovery. As cyberattacks come to play a greater role in international relations, attribution will become a central issue in determining a political course of action – such as retaliation. The pursuit of attribution could result in the risk of more criminals dumping infrastructure or proprietary tools on the open market, or opting for open-source and commercial malware, not to mention the widespread use of misdirection (i.e., false flags) to muddy the waters of attribution.

Michael Patterson, CEO, Plixer International

DDoS mitigation will become a much larger issue in 2017. The combination of the release of Mirai and the IoT space booming with devices spells trouble for the Internet community. Currently the only recourse against DDoS is to engage a traffic scrubbing company. The cost of this service can make it unaffordable for smaller companies, and it may not matter as the size of DDoS attacks could surpass what the vendors can scrub out. Because of this, there will be significant rise in support behind the enforcement of source address validation on major service providers.

Wade Baker, Vice President, Co-Founder, Cyentia Institute

We have started to see increasing momentum up the chain for cybersecurity visibility from the boardroom at large enterprises and within the consumer base. We’ll continue to see this shift continue in 2017, especially if it is coupled with high-profile or large-scale attacks. It may take crossing the $1 billion loss marker to cross the line for Boards to actually consider material. Even the largest breaches are minor for many of the victim organizations in terms of percentage of revenue lost. Will 2017 be the year to bump us over the multi-hundreds million-dollar line? An escalating series of one-upmanships – especially for large DDoS attacks – could start to see these larger revenue loss attacks.

Jason Braverman, Chief Innovation Officer, Veridium

There has been an influx in recent testing of mobile payment authentication using facial recognition within the United States, and I expect that this trend will take off as more companies go through successful trials and see high levels of user acceptance. We will also be seeing a significant uptick in biometric integration with wearables, including smartwatches and fitness bands, as well as the Internet of Things. Many new devices are already starting to integrate face and voice recognition, including Amazon’s Alexa, and I wouldn’t be surprised if we begin to see similar implementations throughout the automotive sector in 2017.

Netta Schmeidler, VP of Product at Morphisec

Ransomware will continue to increase in amount and variety, and employ more sophisticated delivery vectors. Moreover, it could move from a strictly financially-driven crime into attempts to affect strategic outcomes. Just as data was used in an attempt to influence the 2016 US election, ransomware attacks against critical infrastructure or enterprises could be used to influence policy or business decisions. 2016 saw several hospitals attacked – resulting in appointments being cancelled, surgeries postponed and patient information stolen. If IoT attacks reach the health industries we could see even more disruptions, at a more horrific scale: incorrect dosage of medicines, erroneous test results, disruptions to life-saving machinery. Financial sector attacks could move from relatively isolated incidents that resulted in individual banks shutting down online access to a complete halt in national trading. Transportation systems may be immobilized.

Ed Skoudis, Founder, Counter Hack

Hacking and politics will continue to collide. This means some of the unsavory parts of our political parties – both nationally and internationally – will see hacking as a viable method for opposition research. 2017 may also become the year of the IoT recall. We’ve seen that IoT is a good platform to leverage for DDoS attacks– weak, poorly managed systems connected to the Internet in vast numbers — ensuring the attacks will continue for a long period of time. Whether it’s to knock off political opposition or cause a competitor to have a bad day, DDoS will reach an unimagined level that nearly noone can handle. Based on the vulnerabilities of IoT devices, we will continue to see products recalled after attacks. 2017 may very well be the year of the IoT recall.

Art Swift, President, prpl Foundation

The Internet of Things will continue to expand in popularity. Business owners will need to understand that security problems don’t end with their laptops and phones; the same concerns are valid for any IoT device and the same security rationale must be applied. This is especially true for Internet routers, which are a fixture in just about every office and are usually the first line of defense. Securing your network is possibly the most important security measure a small business owner can take to protect his or her data.

Benjamin Jun, CEO, HVF

Someday we’ll look back on the DDoS attacks of 2016 in the same way we look at ‘quaint’ website defacement attacks of the late 90’s. IoT security will become much worse with (1) a lot more devices, (2) connectivity without manual WiFi pairing (think AirDrop for everything), and (3) serious physical consequences when certain devices fail. At such a scale, problems can’t be fixed with recalls or device patching. Look for smarter firewalls and home routers that can isolate individual devices and “patch-in-place” at the network layer. Network Access Control will come back into fashion, and even home networks will have local sandboxing capabilities.

Wendy Nather, ‎Principal Security Strategist, Duo Security

We’re headed for an IoT botnet fallout. The impressment of Internet-connected devices into botnets amplifies two problems: the inability of consumers to add security that their devices should have had to begin with, and the externality of risk – neither manufacturer nor consumer are currently penalized except in the collective sense (when infrastructure is taken down for many parties). We’ll see more pressure to identify and recruit centralized Internet controls to deal with the IoT botnet fallout, such as ISPs filtering traffic, and only then, when their devices stop working, will consumers put enough pressure on manufacturers.

Paul Calatayud, CTO at FireMon

2015 was the year of the breach with some of the biggest breaches to date. 2016 was the year of the CISO, as the focus on addressing these issues became a board level conversation. 2017 will be the year of the employee. When I say an employee, I mean that in multiple ways. Cyber attacks are shifting towards targeting internal employees as cyber defenses are built up and it becomes more difficult for attackers to attack machines. CISOs will need to ensure they renew focus on basic security strategies such as employee awareness. They will also need to go beyond by developing defense and detection strategies in support of insider threats. My second prediction for 2017 is that cyber personnel will become a rare commodity like we have never seen before. Organizations have received the message, and are staffing and investing, but that demand generates a supply that is not available.

The opinions expressed here by the columnists are their own, not those of Front Runner.

Article originally published on www.inc.com

Just under a year ago, STC re-launched its Certified Professional Technical Communicator (CPTC) certification program. This three-tiered program begins with the currently-offered CPTC Foundation certification. CPTC Practitioner and CPTC Expert certifications are planned for launch in 2017 and 2018.

These certifications are cumulative; each is a prerequisite for the next.

Why Certification?

Many different fields have a path to certification, either optional or required, and many professionals have benefited from certification. Certification benefits individuals, employers, and the profession at large. Certification can help you to validate your skills and distinguish yourself from other job applicants who are not certified. Employers can use certification as one way to identify qualified applicants. In fact, a recent US Federal Government for-bid contract required a CPTC-certified technical communicator.

How Can I Earn the CPTC Certification?

The CPTC Foundation certification is exam-based. The exam is 50 questions over 40 minutes, and an 85% score is required to pass. The exam tests knowledge and understanding of technical communication concepts in eight core skill areas:
Project Planning
Project Analysis
Content Development
Organizational Design
Written Communication
Review and Editing
Visual Communication
Content Management
Production and Delivery

How Do I Prepare for the Exam?

You may study for the exam yourself, using the STC Certification Study Guide and a copy of the Certification textbook, Technical Communication Today, 5th Edition, by Richard Johnson-Sheehan.
Alternatively, you can take a class from a CPTC authorized trainer. The CPTC preparation course is held over two days, and covers the eight skill areas and all knowledge necessary to successfully take the exam.

How Do I Take the Exam?

You can register to take the exam online, at the Certification hosting company, APMG. APMG has helped organizations around the world develop and administer professional certification programs.

How Much Does It Cost?

The exam fee is $250 USD, payable to APMG when you register for the exam. If you take a CPTC preparation class, the exam fee is included in the cost of the course.

Where Can I take a CPTC Preparation Course?

Front Runner is pleased to be hosting a CPTC Preparation Course on November 13-14, taking place, at 366 Adelaide St E #433. The instructor, Alan Houser, is an STC Fellow, STC Past President, and a CPTC authorized trainer. Students will have the opportunity to take the exam the second day of the training.

See the Front Runner CPTC course for details and to register.

You can also learn more at the STC CPTC certification information area.