Janco has captured IT compensation statistics since 1996 and publishes its IT Salary Survey semiannually. The IT Salary Survey is based on Janco Associates, Inc. IT Professionals compensation database.  Compensation benchmark hiring and salary ranges are established for each position surveyed. In analyzing the study data, the upper and lower quartiles are eliminated to determine benchmark ranges. The benchmark ranges are then used to assess the alignment of a company's actual compensation to the marketplace for each job function. A summary of the most recent salary survey can be downloaded by visiting Janco IT Salary Survey at http://www.e-janco.com/Salary.htm.

Public companies are required to openly report compensation every year for their five highest-paid officers. Technology executives historically make a meager showing; typically, less than 6% of the Fortune 1,000 include them in proxy filings. Executives in more established roles - finance, operations, human resources - generally slip in ahead of information chiefs on the pay scale.

Technology executives salaries are suffering from a backlash against overspending and a poor economy that has forced budget cuts.

Many CIOs and people who evaluate CIOs equate productivity with cutting the budget.  CIOs thought they would change the world and that the whole business depended on I.T. But now the pendulum has swung in the other direction.

In preliminary results for the Janco 2009 Mid Year Salary Survey, Janco has found that fringe benefits like insurance, 401Ks, flexible hours, bonuses and stock options are being reduced by enterprises as they struggle to contain costs.  Janco has tracked this trend for several quarters.  The CEO of Janco, Victor Janulaitis said, "Over the first two quarters there has been a noticeable reduction in costs associated with employees.  Companies of all sizes freezing salaries, laying-off staff, making employees pay a larger portion of their insurance cost, decreasing bonuses, and cutting other benefits."

The 2009 Mid Year IT Salary Survey will be released at the end of June and more information can be gotten at JancoÂ’s websites.

• poor quality of service
• dissatisfied business customers
• unnecessary rework
• missed deadlines
• higher operating costs
• poor employee morale and infighting
• downtime of business critical services

It is no surprise to anyone associated with IT management that along with the increase in the rate and complexity of change has come a corresponding increase in the interest associated with using a best practice approach to change management. ITIL v3 says that changes should be managed to:

• Optimize risk exposure (supporting the risk profile required by the business)
• Minimize the severity of any impact and disruption
• Be successful at the first attempt
  While many

firms are investing in change management as a best practice, doing it well remains difficult. There are many hurdles that must be overcome to implement a change management process that not only follows a best practice approach but also yields outstanding results. The challenge becomes obvious when you consider that many changes within a large enterprise span multiple geographies, involve multiple teams and organizational units and include infrastructure elements that cross multiple domains—network, servers, storage, and applications.

But where to start? The answer is easy -  Janco Security Policies and Procedures Template and the Janco Audit Security Program.  Risk analysis is often presented in a confusing and over-complicated manner, ISO 17799 or ISO27000 or BS7799 compliance can seem a daunting task, security policies can be totally ignored in practice, and security audit is sometimes less effective than it should be due to over-stretching of busy audit professionals.

http://www.e-janco.com/SecurityAudit.html is intended to provide a launch pad to help alleviate these difficulties. Janco has an approach that works.

Whether you need a security risk analysis method/product, guidance on how to achieve compliance with ISO 17799, ISO27000, BS7799 or your own IT security policies, or whether you simply wish to increase the productivity of your security audit team, the resources at Janco should help.

The IT Security Manual Template provides all the essential sections of a complete security manual and walks you through the creation of each step. Detailed language addressing more than a dozen security topics is included in a 220 plus page Microsoft Word document, which you can modify as much or as little as you need to fit your business requirements.

The Janco Associates, Inc. salary survey draws on data collected throughout the year by extensive interviews, internet-based survey data, and survey forms completed by businesses throughout the United States and Canada.  The database contains over 50,000 data points for each reporting period.

Are you paying too much or too little to your IT staff? Do you have IT job descriptions? Are you earning what you're worth? Whether employer or employee, it is important to know what other companies are paying in total compensation for a similar position in your area. Learn how your company compares in the area of compensation.

• Utilization (Equipment and Personnel) - IT utilization typically measures the capacity of the physical hardware that an organization is using to support its business. Generally, the most common metric is server utilization.  Despite only using a portion of the server resources, organizations are still paying for and supporting the entire device. The same is true of personnel.  Charge back systems should be set to cover 100% of the cost of all resources.  If a CIO sees that only 10% of a resource is utilized then that can be a candidate for consolidation.
• End-user support - Enterprises typically have an internal help desk. Generally, this internal help desk is responsible for supporting end users' client devices. When IT budgets get cut, one area that usually comes under investigation is the internal help desk. However, the internal help desk can be essential to providing support for the end users and marinating employee productivity.
• Maintenance and support budget - By far the largest component of the IT operations budget is for external support services. In many cases, organizations are either under or over supporting their IT environments and adding additional costs.

Napolitano said that the department has added fraud prevention tactics that were not being used previously in the H-1B program. Those measures include visits to work sites. Napolitano was responding to a question from Senators who have introduced legislation called the H-1B Visa Fraud and Abuse Protections Act (S.887). The reform bill includes a number of restrictions and enforcement provisions, including audits of employers.

On the Operating System front, Microsoft's Vista is installed on just under 1 in 5 desktops (17.34%) after over 30 months since Vista's first release (RC1). Janulaitis added, " Vista proves that large companies like Microsoft can and do make huge blunders in technology. Microsoft can no longer count on moving users to new products like Vista as quickly as they want."

A summary of Janco's white paper can be found on the JancoÂ’s web site (http://www.e-janco.com/browser.php) and the IT Productivity CenterÂ’s web site (http://www.itproductivity.org/browser.php).

On the surface, this makes sense. C++ and Java are both highly versatile, complex tools. Just learning the syntax of either one is nothing compared to the amount of study it takes to become familiar with the whole ecosystem of associated libraries and frameworks. Not to mention that both languages are widely used; if the CIO does not staff with programmers who know both they cut their enterprisesÂ’ capabilities dramatically.

• Define job requirements clearly for recruiters and electronic posting - You do not want to waste your time looking at resumes of individuals who are clearly not qualified.  In current job market, some active job applicants apply for anything even when they are not remotely qualified for the position that you are trying to fill.  If a recruiter sends you candidate resumes that fall into this category - warn them and then stop using them if they continue.  A full job description with specific accountabilities, authority, and position requirements should be part of the materials that are used in communicating the needs of your enterprise. "Must have led an ecommerce Internet development team that implement a customer WEB 2.0 application" is much different than "5+ years experience as lead developer."
• Use consistent rules to select and reject resumes - Communicate so that the screeners/recruiters and hiring manager have the same understanding of the job requirements before the screening process starts. For example, screeners/recruiters should review a sample of several real resumes - real time - with the Hiring Manager, who should  defined the "must-haves" and "nice to haves." Why a resume goes in the yes pile, while this similar one goes in the no pile?
• On the first pass spend no more than 20 seconds on any resume - In the current job market, it is typical to get 100 to 200 resumes for a single position.  Given that volume, it will take one to two hours to get through the first pass.  You want to get through all of the resumes that you have and with luck you should be able to find between 10 to 15 individuals that can be phone screened.
• Create a scorecard with the must have requirements - Create simple, 10-question-or-less checklist to help you stack rank your applicants. Define items for the checklist that highlight your requirements for the key experience, skills, and technology. Use this tool in the resume and in the phone screening. For example, "How many years of commercial web ecommerce experience do you have writing HTML and XML?"  or "What specific application development and version control  tools have you used"
• Eliminate resumes that are too long and filled with acronyms and  buzzwords - Many candidates have figured out that if they load up their resumes with more acronyms and buzzwords (i.e. technologies) hoping to win an interview. Rather accept resumes that communicate the hands-on experience using the technologies listed in your job requirements. Focus on resumes that show where and when the technology was used on the job. Keywords that show up in the bullets under job history summaries are better than keywords that show up at the top or bottom of tech resumes in the skills summary section.

Best Practices for Phone Screening

• Before starting see if anyone knows the potential candidate - There are many candidates in the market who have either a great reputation or a poor one. Time is precious and if someone is not "hirable" by your enterprise then do not waste your time.
• Rank the candidates before they are phone screened - Use the scorecard to rank the resumes and any know history about the candidates and then budget your time to spend enough time on a phone screen to find the candidates that are hirable.
• Know what the deal breakers are for the hiring manager - The focus of a phone screen is to weed out the unqualified applicants while selling the enterprise to the top candidates so that you invest time with onsite interviewees who are most likely to get offers. Validate that each candidate you pass on to the interview has the required capabilities, meets the salary and eligibility requirements, and wants to do this type and level of work.
• Experience counts - Focus on the on-the-job skills and job-specific accomplishments. What have they done, in what industry, with which technologies, on what kind of resources and team, over what kind of timeline?
• Motivation and mind set are important - In this economy, there is a greater risk of having candidates who just want or need a job and will say or do anything to get a position. Gain an understanding into what they loved about their current and past jobs and what they hope to find if they join your enterprise.  Ask this before you tell them all about your culture and resources.
• Protect your enterprise reputation - Just because there may be hundreds of applicants for every opening you have, build your reputation as an employer - one candidate at a time. Maybe several years from now you will be interviewing with the canidate or working with them in another compay. Even though you may be in the driver's seat, treat every candidate with respect. Follow the basics: start your phone interviews on time, ask fair, relevant questions, let them ask you a few questions, and always follow up.

• Reduced productivity - If employees spend their time on social networking sites such as Tweeter they are not spending it doing their job.
• Data Leakage – Confidential and sensitive information could be transmitted to unauthorized individuals and competitors.  In addition, data that is covered by mandated privacy and security requirements (HIPAA and PCI-DSS) could be exposed.
• Security problems - Malware hides on websites and can install itself as users browse infected pages. One company reports that the number of new, malicious websites blocked each day by it nearly doubled (91 percent) in just one month.
• Legal risks - When users download inappropriate material to their computers, other employees may take serious offense. This in turn can create legal liabilities for enterprise and its managers.
• Wasted bandwidth - Internet connections cost money. If half of an enterpriseÂ’s bandwidth is taken up with non-work related traffic, the enterprise could be paying than they need to and the enterprise-critical communications could be running at half their speed capacity.
• Unlicensed software - When users download and install software from the internet, they create a legal risk. If an organization uses unlicensed copies of software, it may face a civil suit and company directors risk criminal penalties.
• Reputation risk - Social networking can create opportunities for employees to leak confidential information or spread damaging rumors online. Bad behavior by a single employee can reflect on the reputation of the whole organization.

Most IT metrics efforts lack relevance to the business and are not well linked to business outcomes. They tend to be IT focused, such as WAN availability or server downtime. It is difficult for the business to understand how these measures relate to its objectives, and they provide little insight into the value that IT delivers.

CIOs must create a scorecard that is:

• Relates to the enterprise and its management team. Server availability, network throughput, help desk call volumes, capacity utilization, and other IT operational metrics are not relevant to business executives. These types of metrics need to be translated into something enterprise management understands, such as availability of business applications or the cost to support a business area. The IT-operational metrics should be kept within IT unless they can be put in enterprise terms.
• Relates to the enterprise strategic and tactical objectives. Enterprise executives are concerned with introducing new products and services, improving customer loyalty and satisfaction, increasing gross margins, and growing market share. IT metrics must be linked directly to these enterprise objectives, specifically demonstrating how IT initiatives contributed favorably to improving them.

The m-Spam Act would strengthen the powers of the Federal Communications Commission and Federal Trade Commission to fight mobile spam. The measure also would prohibit commercial organizations from sending text messages to cell phone numbers that are listed in the National Do-Not-Call Registry.

There is also increasing concern that mobile spam will become more than just an annoyance - the viruses and malicious spyware that are often attached to traditional spam will most likely be more prevalent on wireless devices through m-spam.  Mobile users in the U.S received about 1.1 million spam text messages in 2007, up 38% from the year before. In some cases, mobile subscribers have to pay up to 20 cents for each text message sent or received, although some mobile service providers allow their customers to block text messages in order to avoid spam.

Every minute your employees spend on an activity that does not directly add value to your enterprise's business strategy is a cost that can be saved.

CIOs must analyze their organizations' needs and find out if their businesses can outsource.  Questions that need to be asked and answered are:

• Is the enterprise finding it difficult to meet its customer needs?
• Does the enterprise want to maximize its impact in the marketplace
• Does the enterprise's IT function have managers who are not sure about what makes and what loses money?
• Is the enterprise experiencing constant challenges based on operational issues?
• Does enterprise lack the expertise to survive and grow?
• Does the enterprise have important nonrecurring project requirements but no resources to handle them?

If the answer is 'yes' to more than one question, then outsourcing may be in order for the enterprise. Outsourcing can help CIOs to efficiently deal with the challenges of todayÂ’s business climate. Outsourcing can help you to meet your customer needs on time, increase market presence, make the right decisions about product lines, overcome operational challenges, get access to expert services and benefit from professional resources who can competently handle your projects.

Some of the benefits of outsourcing are:

• Better performance and management
• Process maturity and scalability
• Efficiency and productivity
• Reduced capital and labor costs
• Operational efficiencies without capital investment
• Professional and skilled services
• Improved processes bring about improved customer satisfaction
• Gain a competitive edge with sophisticated technology and people

• Internal resources - these costs include all business functions - management, HR, IT, facilities & security. These resources will be required during the implementation of the compliance requirements.
• Implementation costs - these costs include both hardware and software required to meet the mandated requirement.
• Consultancy and outsourced resources - these costs include all outside contractors, consultants, and service providers
• Certification costs - these costs include the ongoing costs that the business will incur after the implementation of the compliance requirements.  These costs will include internal resources as well as things like annual or quarterly certification verification services.

• Economic uncertainty and management ambiguity on strategic direction are crimping the ability of CIO to plan effectively.
• Economic stakes are higher in many enterprises and there is significant conflict and competition for the limited resources that CIOs have at their disposal
• R&D, training, and certification programs have been at least cut if not all together eliminated limiting the ability of CIOs to understand the implications of new technologies and train staff in their application.
• Risk aversion has gotten hold and limits have been placed on many CIOs in their ability to implement new and innovative solutions - no longer are CIOs able to say they want to have a competitive advantage.  Rather they need to focus on survival of the enterprise.
• CIOs now are being told by senior management that they have to deal with what is "good-enough" versus what really will solve provide the right long term solution.
• CIOs do not know if the last cost-cutting directive or reduction in force program has been presented.  They are all asking, "Will there be another lay-off next month?" Staff morale is low, as IT professionals understand that their professional destinies are no longer in their own hands. 
• Best practices are now  "dirty words" in the executive suite.  Many senior executives do not want to hear about long term ROI, rather they want to know how short term expenses can be reduced.

With this as an operating environment, CIOs now have the most challenging environment to manage since the early 1980's.  

Infrastructure management seeks to:

• Reduce duplication of effort
• Ensure adherence to standards
• Enhance the flow of information throughout an information system
• Promote adaptability necessary for a changeable environment
• Ensure interoperability among organizational and external entities
• Maintain effective change management policies and practices

All business activities depend upon the infrastructure, planning and projects to ensure its effective management. Investments in infrastructure management have the largest single impact on an organization's revenue.

A recent survey found that 75% of all corporate users were very concerned about the possibility that confidential information would be exposed and potentially misused. A further 60% were very concerned that the theft of a laptop computer would result in identity theft and nearly 25% said they would be willing to pay between $10,000 and $50,000 to have a stolen executiveÂ’s laptop returned to their organization. Despite the widely acknowledged link between laptop theft and nearly 50% of data breaches, the corporate users reported that a surprising number of mobile computers continue to go missing.

Expanding business demand meets a constrained workforce. According to published research, IT is seeing increasing demand from the businesses it supports. Overall budgets are expected to increase by 8% in 2008, and this translates into a much greater increase into project investments.  At the same time, demographics are resulting in a shrinking labor pool. This is creating a supply/demand imbalance that is making it harder to hire and meet this expanding business demand, especially in the more sought-after skill areas.  Driving this is:

• The rate of change is increasing and accelerating. Both business and technology change continues to increase at accelerating rates. This requires an adaptable workforce and expectations that IT staff has business, technology, and communications skills to meet its strategic priorities.
• IT too frequently is not perceived as a viable career. The dot-com bust coupled with a shift toward more outsourcing and off shoring has led to a lower perception of IT as a viable career. The number of university students pursuing a computer science or related degree has dropped by a third since the beginning of the decade.  The reality is that for many skills there is significant demand. There is a need to change this image and reverse the trend.  Key to these efforts is creating a positive culture to get the most out of people, encouraging them to recruit others, retaining the best, and developing positive relationships.

1. Have an IT Infrastructure that supports IT Service Management. Customers (users) evaluate Information Technology based on their perception of the service provided and its associated costs. This perception of service quality depends upon a number of soft factors such as timeliness of responses, impact of service outages, and quality of communications and between IT and users. Best practices include:

• Metrics for aimed to show productivity of IT Service Management function
• Service Level agreements that are tied to enterpriser operational performance
• Documented policies and procedures which are followed
• Diagnostic processes and tools to provide early warnings when things start to go wrong

2. Have a cost tracking (chargeback) system that is understood. While reliability is a key measure of IT Service Management, cost is a close second.  In addition to understanding the cost structure of IT, CIO must be able to explain the cost drivers and what you are doing to improve productivity and reduce costs while maintaining quality and reliability.  Best practices include:

• Defined system development and operation methodology which includes change control and version control
• Quality assurance function and responsibilities defined
• Change and version control management tools

3. Have the ability to change the organizational and application infrastructure while continuing to provide quality service.  IT operations must provide consistent stable operations – networks, servers, applications, workstations, email, and telephony systems must be up, functional, and be invisible to the operation of the enterprise.  Best practices include:

• Clear organizational responsibilities and accountabilities
• Review processes (meeting and reports) with IT and users to discuss performance
• Published service level definitions with expectations

4. Have defined policies and procedures in place for change management and service management.  Users need a clear and understandable set of rules of how to work with IT: how to request services, who is responsible for the quality of the services, and what information and status they should expect from you? Best practices include:

• Documented policies and procedures which are followed
• Feedback loops which highlight strengths and weaknesses
• Open approach that allows for changes to policies and procedures and unlocking new ways to get thing accomplished

5. Have a courteous and well trained IT staff.  In these troubled times it is easy to overlook the quality of your staff as a factor in your continuing success.  Best Practices Include:

• They have credibility with their organizations. These CIOs are good stewards of their resources, work well with other executives, and demonstrate a willingness to make sacrifices for the common good.
• They are smart about the design and structure of the project. In addition, they are willing to adjust timing, scope or costs to fit the economic environment.
• They are assertive. They can make a case to convince others of the merits of keeping a project.

Even having these characteristics, they often have a fight on their hands.  However, they can build a strong business case.

• Limit the amount of data they collect
• Have written security policies
• Maintain a detailed inventory of all personal data, whether it is stored in computers, archived on tapes or kept in paper files.
• Have in place adequate physical and technical security controls for safeguarding protected data and properly authenticating users who are given access to the information.

Included with the latest deferral, Massachusetts regulators also removed a requirement mandating that companies get third parties with access to customer data to attest that they were compliant with the regulations as well. The old provision also required third-party services providers to include language in their contracts specifying that they were willing and able to comply with Massachusetts security rules.  With this latest revision, companies only have to take "reasonable steps" to verify that any third-party providers with access to personal data have the ability to protect the information through measures that are comparable to the ones spelled out the Massachusetts regulations.