The Internet and IT at large are perhaps the most significant resources changing our personal and work lives right now. Entire new jobs, for example focused around the use of social media are being created and entirely new working practices being developed for mobile users accessing data from an increasingly wide range of funky new devices. Fundamentally, technology and effectively using data is critical to the growth of UK PLC across both public and private sector. The government clearly supports this position too, as demonstrated by their additional investment of £650M in cyber security in the "age of austerity". Our ability to protect data in our businesses is directly linked to confidence, which in turn is a key driving factor of growth from the small business to the national scale. Over the coming years, security is a critical field in enabling us all to seize the opportunities new technology and working practices may offer. That and of course trying to avoid the "Sony" moment - breaching data to significant loss of reputation and market cap.

The security field is at an interesting point of change. Enhanced threat, technology change and regulation are all driving a significant evolution of the profession. SophosLabs now sees over 150k new samples of malware every day - the majority of which are designed to provide back door access to your computer, steal your data and money. Cyber criminals are now working on organised criminal gangs selling each other products, services and even technical support to simplify high tech, fast evolving cyber attacks. Cyber criminals are building their talent pool and are developing an illicit economy. As any economist will tell you, this results in innovation, research and development. Technically skilled security professionals will be required to combat their innovations. The array of new devices like iPads, Android phones and iPhones also represent a challenge as more expertise is required to manage and protect the diverse technologies used in the business - it is no longer just about Microsoft! Regulations and compliance are also fundamentally challenging businesses, moving the traditional technical IT security role to interface with the business. The CISO today is often more a business leader, than a security practitioner. Security leaders need business, cultural influencing and even senior management skills and are embedding themselves within different functions in the business. The stereotype of the security geek trapped in the dark depths of IT is fading. Over the coming years, more regulation and the changing shape of business will produce a wider range of security roles.

Yet, even right now many are struggling to identify and hire the right talent in to security positions. In many cases conventional hiring strategies are not producing the right results. There has been over a 50% reduction in the number of students studying IT, yet according to numerous surveys there is a huge projection of growth of jobs (across numerous categories of roles) and an existing deficit that needs to be addressed. Initiatives like the UK Cyber Security Challenge are working to plug this gap and represent a new strategy to identifying and nurturing talent.

Without a doubt, cyber security has never been at such a high point of awareness or critical importance to growth. Cyber criminals are developing more malicious code, infecting more web pages and having greater impact on us all in our personal and work lives. Skills in this area are bound to be in demand and valuable, spanning many different types of role in every industry. Keep an eye on the development of this problem domain and explore some of the less conventional talent channels such as Cyber Security Challenge UK . Help us recruit the right talent to fight back at cyber criminals.

Free helpful resources:

• Sophos Threat Report (simple, accessible description of the security industry and present threat trends)
• Sophos Threatausarus (simple A-Z overview of security threats so you can speak the language)
• NakedSecurity blog (follow the latest security incidents and challenges)

I'm at a conference this week with my husband, where I am "just" the spouse. That means I get to go to sessions and attempt to keep my mouth shut. Hah! Lots of luck with that! On the other hand, I also get to learn about what this group thinks is important to sustain itself.

"Mentoring" is a big deal at this conference. What they call mentoring, I would call coaching. Coaching is a big deal in our community, too. I've written about this before, in How 2 Buddy. Arlo Belshee has a great experience report from an early Agile conference, Promiscuous Pairing and Beginner's Mind. Yes, it looks like the paper is about pairing, but it's also about coaching, where each person coaches the other.

What makes a great coaching program? Well, both people, the coach and the coachee have to get something out of it. Here are my steps for creating a coaching program.

1. Make sure you have enough coaches for the people who want coaching. Insufficient coaches means you spread people too thin, which does not work, or you leave people without a coach, which is disappointing. Better to leave people without, than to spread coaches too thin. I've seen a number of organizations attempt to move to agile who don't have enough coaches. The people and teams struggle to implement what they were taught. They do not understand what to do. That's insufficient coaching.
   
2. Set expectations about what a coach does. A coach is not a teacher, although if a coach so chooses, a coach can teach a coachee.
   
3. Coaches help to isolate the problem. Often, when people describe the problem, the problem they see is not the real problem, but a result of the real problem.
4. Coaches help the coachee evaluate potential options and the results of those potential options. A coach offers options with support. Sometimes those options come directly from the coachee. Sometimes those options come from the coach because the coachee cannot think of any options without help.
5. Coaches help the coachee generate action items and SMART (specific, measurable, actionable, realistic, timebound) goals.
   
6. Coaching is a time-bound experience. When I coach my clients, I limit our time for a specific kind of coaching. After that coaching is over, it's okay to change the relationship to a new coaching relationship about some new issue.
   
7. Coaches encourage. They do not evaluate anyone's efforts.
   
8. Coaches provide feedback. They may help a coachee by catching that person doing something right. Or, by catching them before they go too far down the wrong path. Maybe they experiment together.
   

There are a number of coaching tools that a coach can use for feedback. The key is that the coach use them.

I often find that when I coach teams I also need to coach the individuals on the team.

Coaching does not have to be an external activity; it can be internal. And, a coach is a full-time job. You cannot coach in you free time.

So, think about the coaching you need at work. And think about the people who can provide it. Decide if you can staff coaching internally at a sufficient level. If you can, wonderful. And if not, know that now. Do not shortchange such a critical function. If it's worth doing, it's worth doing right.

There is intense interest in cloud computing today. But what about take up? I am interested here in the cloud as an application platform, not how many people are using Google Mail.

There is so much noise from vendors about cloud - noting that this is a nebulous and abused term - that it is easy to get the impression that most of us are busy migrating applications to shiny new cloud platforms, and that new projects will almost inevitably be cloud-based.

I spoke recently to Nick Hines, CTO of innovation at global software developer and consultancy ThoughtWorks. This is a company that has embraced Agile methodology and has always struck me as thoughtful and watchful in its approach to software development. It publishes a regular Technology Radar examining technical trends and assessing which are ready for mainstream adoption and which are in decline.

When I spoke to Hines I was researching application development on cloud platforms, and trying to discover how Microsoft's Azure effort was perceived in the real world. I suppose I expected that the company would have many cloud projects on the go and be well placed to assess the strengths and weaknesses of rival platforms.

The most revealing comment came at the end. After chatting about cloud and Azure for half an hour, I asked: could he put a figure on the proportion of ThoughtWorks projects that involve cloud hosting, not just for development, but for production deployment?

That would be relatively small. One to two percent at this point.

he told me. No more than two out of a hundred projects deployed to the cloud. Considering the level of vendor hype around not only Azure but also Amazon web services, Force.com from Salesforce.com, Google App Engine and so on, that is remarkably small.

I must be careful not to mis-represent Hines. He is of the view that not only is cloud significant as a platform, but that it will take over:

This is the way the world is going. We all know it. You can imagine that in 20 years time the idea that companies have their own datacentres is going to be quite anachronistic. How quickly we get there is yet to be seen.

We are then at an interesting point in terms of technology, where we think we can see the future in some respects, but there is a near-consensus in the enterprise development world that it is not yet ready.

Why is it not ready? This of course is a point of debate; but enterprises dislike uncertainty, and there is still uncertainty around cloud platforms. When you ask vendors about the big issues, security and resilience, the best they can do is to point to past performance or give you a speech about the efforts they have made in those areas. CIOs may worry about a nightmare scenario where the system is down and they have no direct control over how it will be fixed. This is responsibility without power; and no, being able to say "we have a service level agreement" is not a solution.

This is also why approaches to the cloud that allow flexibility are popular. Not all risks are equal. For example, you can use a cloud platform as a means of scaling an application at times of peak demand, while keeping the data and code on your own servers. This kind of approach does not yield all the benefits of multi-tenancy or platform as a service, but it means that in case of calamity you can easily deploy to a different platform. The idea of deploying virtual machines to the cloud, while keeping hold of the master image, is popular for the same reason. Hines told me:

People have a greater level of comfort with infrastructure as a service. Whilst it may not have all the advantages that platform as a service offers in terms of reduced administration and so forth, people are more comfortable feeling that they are closer to the tin.

This is the enterprise perspective of course. If you are a start-up or independent developer already accustomed to depending on third-party internet services, then cloud deployment feels less risky.

The consumer perspective is also relevant, despite what I said above concerning Google Mail. If as individuals we learn to trust cloud providers because of our experience with email or personal documents and pictures, then when we step into the business world we will be more inclined to approve a cloud deployment.

Concerning Microsoft Azure, Hines believes that Microsoft needs to prove its ability as a cloud provider, and that a success with the recently launched Office 365 could give Azure a boost, even though it is a different kind of service. It is the same kind of logic: if Microsoft can run Office 365 successfully, the comfort factor over Azure will increase. The reverse is also true.

There is always reason for caution; but it also seems to me that this is a moment of opportunity for those who take well-judged risks with cloud platforms. I would be interested to hear from both developers and CIOs about your perspective on this. Do you trust the cloud yet, and if not now, then when?