Kategorie

Sensata Technologies is warning former and current employees it suffered a data breach after concluding an investigation into an April ransomware attack. [...]

Blue Team playbooks are essential—but tools like Wazuh take them to the next level. From credential dumping to web shells and brute-force attacks, see how Wazuh strengthens real-time detection and automated response. [...]

Blue Team playbooks are essential—but tools like Wazuh take them to the next level. From credential dumping to web shells and brute-force attacks, see how Wazuh strengthens real-time detection and automated response. [...]

United Natural Foods (UNFI), North America's largest publicly traded wholesale distributor, was forced to shut down some systems following a recent cyberattack. [...]

Seemingly harmless Chrome extensions aimed at improving browser privacy and analytics could be inadvertently leaking API keys, secrets, and other sensitive machine information.  

According to a Symantec research, several widely used Chrome extensions, including DualSafe Password Manager and Avast Online Security & Privacy extension, are exposing information either through insecure HTTP transmission or hardcoded leaks.  

Many IT leaders struggle to find the right talent for open positions, especially when new technologies appear. Yet often, tech employees already working in the organization have valuable, transferable skills, such as problem-solving, analytical thinking, project management,, the ability to communicate effectively, and even needed technical skills.  

These overlooked skills — many of them so-called “soft skills” — can help workers adapt to new tools, learn unfamiliar programming languages, or manage complex projects. By recognizing and developing these skills, IT leaders can fill gaps in their teams while helping employees advance their careers.  

IT managers can more easily spot transferable skills if they take a deliberate approach to skills-building. Rather than focusing solely on day-to-day routine work, they should think about broader skills that can help employees succeed in different roles and with new technologies, according to Jill Stefaniak, chief learning officer at Litmos. 

Those key transferable skills include coding logic, problem-solving, data analysis, project management, and communication abilities — skills that are particularly valuable as technology continues to evolve rapidly, Stefaniak said. 

[ Related: Balancing hard and soft skills: the key to high-performing IT teams ] 

To help move a tech employee into a new position, an IT manager should evaluate the employee’s skills, focusing on ones that can easily transfer, such as critical and analytical thinking, data interpretation, or familiarity with automation and control systems, said George Fironov, co-founder and CEO of Talmatic, a concierge hiring service for developers. 

“A developer skilled in one language will be able to pick up another quickly if solid training in logical thinking, algorithms, and design patterns goes into that first language,” he said.  

Computerworld spoke to IT leaders at five companies that have created successful pipelines for tapping into internal tech talent. Here are the different approaches they take to find and develop skilled tech employees who thrive in new roles. 

Redgate Software: Taking a personal, manager-led approach 

For Chris Smith, director of engineering at Redgate Software, the most valuable transferable skills include a strong eagerness to learn, empathy for customers, solid business understanding, effective collaboration and communication, and the flexibility to adapt technically when needed. 

Smith identifies transferable skills within his teams using a personal approach led by managers, instead of using formal tools such as skills charts or tests. Smith, who’s responsible for the delivery side of Redgate’s technology and software division, said his managers stay closely connected to their team members, which helps them understand what each person can do and what they’re capable of learning. 

“Managers have a close understanding of their team members’ skills through regular one-on-one meetings,” Smith said. “And then from there I collate with the insights from all our managers where people with certain technical skills are, where our gaps are in the organization, where our strengths are, and where we might be able to use them in the future.” 

Smith also conducts quarterly mini-reviews to look at each team member’s skills and determine which of those skills they might want to develop.  

“We also run an annual survey around skills that our folks fill in,” he said. “So they share where they’ve got skills and where they’ve got gaps.” 

While he doesn’t analyze this survey at an individual level, Smith said, it helps leadership see the overall skills across the IT organization. 

Smith shared an example of a long-term employee who successfully transitioned through multiple roles by leveraging transferable skills.  

The employee originally started in the product support team, a technical role that required detailed knowledge of Redgate’s products and a deep understanding of customer problems. From the product support role, the employee first moved to a test engineer position. This transition was facilitated by the employee’s technical insight, knowledge about customers, and attention to detail.  

In the test engineer role, the employee developed an interest in automated testing, which served as a pathway to coding skills. The employee then transitioned into a software engineer role, moving beyond testing into full software development. 

Through Redgate’s re-teaming process, the worker subsequently moved to a team handling internal systems, where they worked on a Salesforce migration. Leveraging their technical background and understanding of product processes, the employee successfully became a Salesforce engineer, working with technologies such as Apex and Flow. 

Lexmark: Combining formal evaluations with casual observations 

For Sudhir Mehta, global vice president, Optra products and engineering at Lexmark, transferable skills include “a growth mindset, the willingness to learn new tools, frameworks, and methodologies.”  

Mehta said he uses a multi-faceted approach to identify these transferable skills within his team members. “This approach includes a mix of formal and informal methods, starting with regular performance evaluations, one-on-one meetings, and day-to-day job-related observations,” he said. 

Engineering team members can also demonstrate their abilities through Focus to Future events, which give engineers the chance to step outside their usual roles, Mehta said. As they team up, brainstorm, and build quick prototypes, managers can see who shows strengths in areas such as leadership, problem-solving, communication, and creative thinking. These events help managers notice skills their engineers don’t usually get to show, making it easier to see who might be ready to take on new roles or bigger challenges. 

Mehta provided an example of an IT developer who successfully transitioned from working on ERP applications to a data engineering role at Lexmark. The developer possessed a strong technical background and demonstrated excellent problem-solving skills, which made him an ideal candidate for a new position leading data engineering efforts for an IoT platform solution.  

As part of his transition, he participated in Lexmark’s AI Academy to further develop his skills and capabilities. In his new role, the developer implemented innovative solutions that had a significant impact on the company’s operations.  

He created automation for data pipelines and developed a lakehouse framework that dramatically improved efficiency. The results were impressive: the new approach reduced data orchestration costs by over 65% and decreased deployment and operations costs by more than 50%, Mehta said. 

HireVue: Employing structured, standardized assessments for objectivity 

Nathan Mondragon, chief innovation officer at HireVue, highlighted critical thinking, problem-solving, collaboration, communication, and teamwork as the key transferable skills he looks for in his tech employees.  

To identify these transferable skills within his team members, Mondragon emphasized the importance of a structured and standardized approach. 

“We find the more structure and standardization you can put into that identification, the better off it is,” said Mondragon, who manages a startup team at HireVue that consists of workers from science, product, data, and engineering groups. “So [structured] performance reviews are good.” 

Mondragon said that traditional performance reviews can be subjective, with different managers interpreting transferable skills such as teamwork differently. Instead, he recommended implementing quantitative assessment methods that objectively measure soft skills and cognitive abilities. 

One of these methods is AI-based skills validation through interview assessments that test cognitive abilities such as decision-making, problem-solving, and creative thinking. AI-based assessments analyze interview responses to identify skills and behaviors based on best practices in structured interviewing, according to Mondragon.  

“The questions are designed to draw out specific skills and behaviors,” he said. “The AI analyzes what somebody says in their answer to look for those types of answers that show they’re demonstrating that skill.” 

Although this approach is primarily used for pre-hire assessments, Mondragon said it can also be used to identify transferable skills in current tech employees.  

Additionally, Mondragon said he uses a traditional question-and-answer situational simulation-type approach to identify transferable skills in his tech talent. 

“You present a scenario or a situation and ask how somebody would respond,” he said. “And those sorts of types of setups in Q&A format are a really good approach to looking at how somebody would interact with others and the types of decisions they would make. For example, do they analyze the data to make decisions?” 

By using these structured techniques, organizations can more effectively identify an employee’s problem-solving abilities, communication skills, adaptability, and potential for learning new technologies or transitioning into different roles, according to Mondragon. The goal is to move beyond subjective evaluations and create a more objective framework that clearly identifies and leverages the transferable skills that tech employees bring to their teams. 

Criteria: Using real-work observations and AI-powered feedback 

When looking to uncover transferable IT skills, Chris Daden, chief technology officer at Criteria Corp., pays the most attention to problem-solving, communication, and analytical thinking.  

“I believe that they’re just as critical as coding or security knowledge,” he said. “And I think, for example, a security analyst’s attention to detail can translate very well to a DevOps skill set, and a help desk technician’s troubleshooting mindset can help that person transition into cybersecurity.” 

Trying to identify transferable skills through traditional methods such as performance reviews doesn’t always reveal the full range of an employee’s skills, especially in IT, Daden said. 

“I find the best way to identify transferable skills is through real work, such as project observations, mentorship, and data-driven assessments,” he said. 

Additionally, Daden said, he uses AI-powered assessments that look at skills in more flexible ways, such as by analyzing interview transcripts or conversation notes, and use smart rating tools to fairly measure an employee’s potential. These methods help to show an employee’s true potential — not just what they already know or have done. 

At Criteria, Daden uses a an AI bot named Coach Bo, which engages employees in weekly conversations. This bot is programmed with each employee’s personality and skills profile and can understand unstructured feedback, helping to spot transferable skills, areas for upskilling, and possible career growth paths. 

By collecting and analyzing these ongoing interactions, the company can gain insights into employees’ critical thinking, problem-solving abilities, and adaptability across different roles, according to Daden. 

Mphasis: Identifying transferable skills through observation, not just metrics 

The qualities Srikumar Ramanathan, chief solutions officer at Mphasis, seeks in his IT team members are a strong curiosity or desire to learn, along with solid problem-solving and analytical thinking abilities. 

Ramanathan pointed out that these skills are essential in today’s fast-changing technological environment, where staying relevant means constantly learning and adapting.  

“[The desire to learn] is important because things are changing so fast that if you stop learning, you become irrelevant,” he said. “The second is, of course, problem-solving and analytical thinking. These are probably the most critical skills that one needs.” 

Ramanathan finds formal skills evaluation methods such as performance appraisals inadequate. “Performance reviews are a lag indicator. They reflect what results have been achieved”rather than current capabilities, he said.  

To truly identify key transferable skills, Ramanathan relies more on direct, day-to-day observation — watching how team members approach challenges, adapt to new developments, and contribute during meetings and projects. He noted that this real-time insight offers a more accurate picture of an individual’s learning mindset and problem-solving approach. 

“[I look at] their approaches to addressing problems or opportunities. How do they go about it? How do they adapt to new things coming on board? These are things that one has to observe on a day-to-day basis,” he said.  

Related reading: 

• How — and why — to upskill your employees 
• Just what is an ‘IT worker’ now? The definition is changing 
• AWS exec highlights key skills for success in the evolving AI-driven job market 
• The ‘Great Retraining’: IT upskills for the future 

Street smarts vs book smarts

Recently, one of our expert contributors opined that the act of writing helps to make an IT leader stronger, arguing that writing is a leadership superpower. According to CIO.com, writing conquers cognitive limits, clarifies complex thoughts, and stress-tests ideas for a decisive strategic advantage.  

This piqued the interest of readers of CIO, who were keen to ask Smart Answers about other ways in which we can learn and do better. One question in particular focused on the value of hands-on learning.  

It’s been a theme in recent years that learning on the job can be more valuable than academic learning; Smart Answers suggests that hands-on learning is crucial for IT skills because it allows individuals to demonstrate capabilities, retain knowledge, learn continuously, and build competency. 

Find out: Why is hands-on learning crucial for IT skills?  

LLMs training LLMs?

A big hit this week was Matthew Tyson’s fascinating deep dive into the rise and fall of Stack Overflow.  At one point, the internet’s senior engineer — the backstop where developers turned with problems that stymied them — Stack Overflow has declined not because AI is able to write code, but because it lost the element of human community that drove its initial growth.  

W’re proud that Smart Answers is useful because it is trained on only the content we create, every piece of which features insights from real humans working in IT. Readers of the Stack Overflow article asked our AI chatbot an important question: where do large language models (LLMs) go to get such insights if everyone acquires information from LLMs? Google Search is built on referrals to original content from publishers. But if no one is being referred, and publishers stop publishing, there will be no content on which to train LLMs.  

Smart Answers agrees: for LLMs to thrive, they need to capture information from trusted sources. It cites community platforms, open datasets, and published content. To mitigate the risks of AI feeding on AI, Smart Answers says future LLMs might need to focus on high-quality, structured data, such as textbook-quality data. And yes, we appreciate the irony of our readers asking our own LLM about this issue. 

Find out: Where will future LLMs get training data?  

SAP stick or twist

This week, we reported that nearly half of SAP ECC customers may stick with legacy ERP beyond 2027. We said that as the end of support for ECC nears, many customers continue to avoid moving to S/4HANA because of the cost and complexity of migration. And, really, what’s the harm? 

Good point. What is the harm?  

Readers of CIO.com asked Smart Answers that question. Continuing to use SAP ECC after 2027 poses several risks, according to our LLM. Running legacy ERP systems can expose customers to security and operational risks. Lack of support for third-party products can introduce security vulnerabilities. And maintenance fees can mount. 

Find out: What are the risks of staying on SAP ECC after 2027? 

About Smart Answers 

Smart Answers is an AI-based chatbot tool designed to help you discover content, answer questions, and go deep on the topics that matter to you. Each week we send you the three most popular questions asked by our readers, and the answers Smart Answers provides.  

**Platforma X zavádí nový komunikátor XChat. **Podle Muska komunikaci šifruje ve stylu Bitcoinu. **Bitcoin šifrovaný není, zní to jako marketingový slogan.

A new variant of the Mirai malware botnet is exploiting a command injection vulnerability in TBK DVR-4104 and DVR-4216 digital video recording devices to hijack them. [...]

A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT). [...]

Two malicious packages have been discovered in the npm JavaScript package index, which masquerades as useful utilities but, in reality, are destructive data wipers that delete entire application directories. [...]

** Nové pásy od Volva se přizpůsobí tělu i konkrétnímu typu nehody ** Nabízejí jedenáct profilů ochrany místo pouhých tří dosud běžných ** Debutují v SUV EX60, vylepší se díky softwarovým aktualizacím

Although the US unemployment rate held steady at 4.2% in May with 139,000 jobs added to the US workforce, nearly 100,000 layoffs were also announced — up 47% from last year, according to new data from the US Bureau of Labor Statistics and others. Tech and federal cuts led the way in layoffs, driven by economic pressure, programmatic firings and AI-driven shifts in workforce needs, according to outplacement firm Challenger, Gray & Christmas.

Technology remains a top sector for cuts amid ongoing disruptions, according to the firm’s data. In May, tech companies announced 10,598 layoffs, bringing the 2025 total to 74,716; that’s up 35% from 55,207 at the same time last year.

“Tariffs, funding cuts, consumer spending, and overall economic pessimism are putting intense pressure on companies’ workforces. Companies are spending less, slowing hiring, and sending layoff notices,” Andrew Challenger, senior vice president of Challenger, Gray & Christmas, said in a statement.

Uneasiness continues to weigh on tech hiring, according to CompTIA, a provider of IT training and certification products. The unemployment rate for tech jobs in May was 3.4%, roughly in line with April’s 3.5%, CompTIA data showed. The tech unemployment rate continues to sit below the national rate.

CompTIA

Tech sector companies added a modest 1,571 net new employees in May, analysis of the BLS jobs report by CompTIA showed. Job growth in cloud infrastructure and tech services was offset by reductions in the telecommunications sector.

Tech employment across the broader economy declined by an estimated 131,000 positions. “With prior month employment gains, tech occupation employment remains in the positive for the year,” CompTIA said.

“It is undoubtedly a challenging time for employers and job seekers facing uncertainty on multiple fronts,” said Tim Herbert, CompTIA’s chief research officer. “At the same time, it requires taking a measured approach given the data continues to hold up reasonably well.”

One bright spot for tech hires in May was the finance and insurance industry, which collectively saw a 21% increase in new tech job postings; new tech job openings also rose by 16% in the retail sector, according to CompTIA.

Even so, tech layoffs have continued as AI adoption soars and economic pressures drive a major shift toward new roles and skills in the workforce. “AI isn’t replacing jobs,” said Kye Mitchell, president of tech workforce staffing firm Experis US. “It’s fundamentally redefining how work gets done. We’re seeing AI augment skillsets and make professionals more capable, faster, and able to focus on higher-value work.”

Technology only displaces jobs when about 80% of tasks can be automated — and AI isn’t close to doing that, said Mitchell. Right now, AI is enhancing skills, boosting productivity, and freeing up time for higher-value work.

Hiring for AI positions and those requiring AI skills continues to grow rapidly, according to a CompTIA analysis of data from Lightcast and Stanford University study. CompTIA found that employer job postings related to AI are up 117% year-to-date year-over-year.

Challenger, Gray & Christmas

Skills-based hiring remains core to many employers’ recruiting strategies. About half of all tech job postings did not specify a need for a four-year academic degree, seeking instead a combination of work experience, training and industry-recognized certification, according to CompTIA’s and other data.

Even so, employers are hesitant to hire. “Economic uncertainty is absolutely creating a cautious hiring environment, but it’s more complex than tariffs alone,” Mitchell said. “Our data shows employers adopting a ‘wait and watch’ stance as they monitor economic signals, with job openings down 11% year-over-year.”

Still, the tech job market is adjusting as AI adoption grows. AI skill mentions in job postings fell 10% in May but are still up 10% for the year, showing steady demand, Mitchell said.

The tech industry had been nearly bullet-proof from mass layoffs prior to 2022. After a hiring surge between 2020 and 2022 to meet digitization efforts as more people worked from home, the market shifted and began slashing jobs to readjust to the new reality.

Tech companies such Google, Amazon, Meta (Facebook) and others laid off tens of thousands of workers  as an adjustment to over-hiring during the COVID-19 pandemic. In 2023 alone, 1,186 tech companies laid off about 262,682 staff, compared to 164,969 layoffs in 2022.

In January 2024, job cuts leaped 136% over December and hit a 10-month high, according to Challenger, Gray & Christmas.

While the labor market remained steady, there are signs that hiring across the board is softening. Open job postings fell 7% this year and new postings dropped 16% in the past month — the first full contraction of 2025. Year-to-date, new postings are flat compared to last year, according to Ger Doyle, ManpowerGroup’s regional president for North America. Doyle, however, was optimistic.

“This is a chill, not a freeze,” he said. “Workers and employers are holding steady, awaiting clarity.”

For example, he said, project management roles are up 483% year-over-year, and as the broader outlook improves, a rebound could follow, he added.

 Demand for data roles is surging as companies shift from AI experiments to execution. Database architect postings are up 2,140% year-over-year, with data scientist postings up 280% — clear signs of companies building the backbone for an AI-driven future, Experis’s data showed.

“This shift is also reshaping how talent enters the industry. Entry-level opportunities are becoming more limited, making it harder for recent graduates to gain a foothold,” Mitchell said. “For those looking to break in, deep analytical and technical skills are no longer optional.”

Microsoft has released a PowerShell script to help restore an empty 'inetpub' folder created by the April 2025 Windows security updates if deleted. As Microsoft previously warned, this folder helps mitigate a high-severity Windows Process Activation privilege escalation vulnerability. [...]

U.S. tax resolution firm Optima Tax Relief suffered a Chaos ransomware attack, with the threat actors now leaking data stolen from the company. [...]

V říjnu po 10 letech skončí bezplatná podpora Windows 10. Kdo nezačal plánovat přechod na podporovaný systém, koleduje si o malér. Na děravý systém se bude silně útočit, přičemž hackeři dnes používají automatizované nástroje. Je jedno, jestli jste jednotlivec z malé vesnice, nebo velká firma. ...

To get some sense of the speed with which we’re hurtling into dystopia, it’s always worth taking a look at Apple’s latest Transparency Report; it shows the extent to which governments are requesting information about people, the ways in which they seek it, and the scale at which the requests are made.

The report itself is a little inexact — this particular edition has been updated with information covering January-June 2024, meaning we have no insight into data requests across the last 12 months.  There are also limits to what Apple can say. The company isn’t always permitted to be completely transparent in the information it shares about these requests, and in some territories it might no longer be permitted to decline some data requests.

The report has some concerning insights about the UK, where the government has decided people shouldn’t even be made aware of the extent to which it uses digital devices for state surveillance. 

Which nation makes the most requests per head?

Ignorance is bliss, I suppose — but US politicians are not at all happy with the UK approach. That’s not surprising when you consider that on first glance, at least, the UK as a nation makes far more requests per head of population than most other countries.

This indicates the extent to which the nation, already insisting on deeply unsafe backdoors into personal data, is using technology to monitor people.

Returning to the Transparency Report, Apple shares information concerning several categories of data request:

• Device Requests
• Financial Identifiers
• Account
• Account Preservation
• Account Restriction/Deletion
• Push Token
• Emergency
• US National Security
• US Private Party
• Digital Content Provider Requests
• App Removal

The US continues to lead the world in the sheer number of such requests made. 

No other nation, not even China, makes anything like as many. You can see for yourself, but China (population 1.4 billion) made 1,212 device requests, 465 financial identifier requests and 398 account requests (and one emergency request) in the reporting period, while the US (with 340 million residents) made 12,043 device requests, 1,341 financial identifier requests, 12,812 account, and 793 emergency requests.

The UK (population 68 million) made 2,925 device requests, 138 financial identifier requests, 2,550 account, and 726 emergency requests. By those numbers, the UK makes more requests per head. 

Fun with numbers

Except, that isn’t quite true; while China made just 1,212 device requests, it specified 365,980 devices within those requests — and Apple complied with 96% of the requests.

In the UK, those 2,925 device requests specified 8,211 devices, and Apple complied 78% of the time. In the US, 42,747 devices were specified and 86% of those requests were met. 

Fun with numbers aside, it’s pretty clear that all three nations are united by their zeal to access this kind of information, more so than anyone else, except possibly Brazil. (Brazil, with a population of 211 million, made 8,776 device requests and specified 42,276 devices in those requests, to which Apple complied 78% of the time.)

Looking through the data, on the basis of the number of requests made per unit of population, the UK has the dubious distinction of being the most invasive government in the world.

Though it is important to note that Apple exists under different legislation in each nation, which means it may not be able to report some of the information it has — we just don’t know whether that is the case.

Top of the spooks

There are other highlights. The data shows a surge in US (and global) requests for Push Token data. This is data that can identify which device receives a specific notification from an app and can sometimes help access message content. The report reveals that requests for this kind of data have surged, but indicates Apple is approving fewer of them. Another trend seems to be an increase in requests for financial identifiers, which generally seek information concerning fraudulent transactions. Taiwan is the world champion in making such requests and Apple complies with 97% of those. The US, Japan, and Germany are also high in the list. 

Account requests are also increasing fast and in this category the UK is up there with Germany, Japan, China, and Brazil, with the US accounting for over half of all such requests worldwide. Data requests made in the cause of US national security have also increased. 

Transparency, where possible

Finally, while all this information is interesting, it really has to be read with a pinch of salt, since in at least some of these cases the information Apple is permitted to report may, or may not, enable it to be completely transparent with the information it shares. 

All the same, the implication is that data privacy continues to be something that must be fought for. “This is surveillance,” as Apple CEO Tim Cook told European privacy commissioners in 2018. Seven years later, of course, Europe is insisting Apple make your data more easily available to third-party firms. George Orwell’s book 1984 was, it seems, an instruction manual after all.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

Healthcare giant Kettering Health, which manages 14 medical centers in Ohio, confirmed that the Interlock ransomware group breached its network and stole data in a May cyberattack. [...]

A new data wiper malware named 'PathWiper' is being used in targeted attacks against critical infrastructure in Ukraine, aimed at disrupting operations in the country. [...]

The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely. [...]