A Simple Thought



Do not follow where the path may lead.  Go where there is no path…and leave a trail.

(Attributed to many, but mostly to Ralph Waldo Emerson)

Have a wonderful Labor Day Weekend!

Support Onepath Local and the Starry Night 5K


One of the great things that comes with being part of a larger organization is a wide range of initiatives that benefit our clients, our team and the communities in which we live and work.  Onepath Local is one of those initiatives.

OnepathLocalLogoOnepath Local is a non-profit, formed within Onepath as a result of the creativity and concern for community among our staff.  Onepath Local is an employee-led 501(c)3 charitable organization harnessing Onepath’s spirit of service & giving.  Founded in 2017, Onepath Local’s mission is to support charities and activities that strengthen local communities and enhance lives through volunteerism, leadership, and financial support.  Powerful stuff!

On September 8th, the New England team is participating in the Pediatric Brain Tumor Foundation Starry Night 5K along the Charles River in Boston.  This is a cause Onepath supports in both our northeast and southeast regions and we will even have representation from one of our Atlanta based offices here in Boston, as well as our local team.  If you are able and interested in supporting this great cause, please consider visiting my fundraising page and making a donation.  Any amount helps and together, we can help impacted children and their families in a very meaningful way.

Thank you for your consideration!


New Cybersecurity Law Aims to Help Small Businesses


The following was published in the most recent Sunday editions of Fosters and Seacoast Sunday.


This week, the president signed into law the NIST Small Business Cybersecurity Act, S.770. This legislation was originally introduced as the Main Street Cybersecurity Act.

If you are not familiar with NIST, it is the National Institute of Standards and Technology. You can learn about NIST by visiting www.nist.gov. NIST is part of the U.S. Department of Commerce and is one of the nation’s oldest physical science labs, having been established in 1901. I encourage you to visit it’s About page at www.nist.gov/about-nist to review the quick video on that page, which gives a great history of the organization. For those who prefer to read, here is a concise summary that describes the mission:

“Today, NIST measurements support the smallest of technologies to the largest and most complex of human-made creations – from nanoscale devices so tiny that tens of thousands can fit on the end of a single human hair up to earthquake-resistant skyscrapers and global communication networks.”

With regard to this new law, I had hoped it would have more teeth that would put actual requirements on small businesses with regard to cybersecurity. Unfortunately, there is not. This law is about mandating that a federal agency, in this case NIST, produce and disseminate educational materials to help small businesses improve their cybersecurity posture. While a good thing and a necessary step, the law lacks a mandate that requires these same businesses to actually comply with the recommendations.

In terms of what the law does provide, here are some of the details:

  • To require the director of the National Institute of Standards and Technology to disseminate guidance to help reduce small business cybersecurity risks, and for other purposes.
  • Resources: The term “resources” means guidelines, tools, best practices, standards, methodologies and other ways of providing information.
  • Not later than one year after the date of the enactment of this act, the director, in carrying out section 2(e)(1)(A)(viii) of the NIST, as added by subsection (b) of this act, in consultation with the heads of other appropriate federal agencies, shall disseminate clear and concise resources to help small business concerns identify, assess, manage, and reduce their cybersecurity risks.
  • The director shall ensure the resources disseminated pursuant to paragraph (1) – (A) are generally applicable and usable by a wide range of small business concerns; (B) vary with the nature and size of the implementing small business concern, and the nature and sensitivity of the data collected or stored on the information systems or devices of the implementing small business concern; (C) include elements, that promote awareness of simple, basic controls, a workplace cybersecurity culture, and third-party stakeholder relationships, to assist small business concerns in mitigating common cybersecurity risks; (D) include case studies of practical application; (E) are technology-neutral and can be implemented using technologies that are commercial and off-the-shelf; and (F) are based on international standards to the extent possible, and are consistent with the Stevenson-Wydler Technology Innovation Act of 1980 (15 U.S.C. 3701 et seq.).

These four points summarize this new law. As I said, this is a step in the right direction, unfortunately it just lacks teeth. Many of the principles are ones that most small businesses already understand, and most IT service firms are providing to their clients now. Certainly, a guiding framework on a national level will help increase awareness and understanding. It astounds me how large the knowledge gap is around this topic to this day. Even simple management of passwords remains a challenge for most small businesses.

As these resources become available over the next year, I will make an effort to point them out to all who will listen. I encourage you to make yourself aware of these resources to help educate your staff on cybersecurity issues, to help you maintain a proper posture that will allow you to continue business as usual, while increasing your level of protection. If you have any knowledge of current events, you understand how important this is.

CompTIA Board Sees Mixed Signals Emanating from IT Channel

The following press release was issued by CompTIA yesterday and recaps insights from my fellow Board members during our most recent meeting earlier this month.
Aug 20, 2018

Opportunities to expand customer engagement and boost profitability countered by abundance of product and service options and tight labor marketDowners Grove, Ill. – Technology companies have seized opportunities to expand their engagement with customers outside the IT department and to find new ways to boost profitability, according to the Board of Directors of CompTIA, the leading trade association for the global technology industry.

But challenges – many related to workforce considerations – are keeping tech firms from making even greater progress, the association’s Directors say.

The discussion on the current and future state of the market took place during a meeting at the recent CompTIA ChannelCon 2018 conference.

Board members said one of the most positive signs coming from the market is the progress companies are making to expand their engagement with customers.

Companies in all layers of the channel are gaining footholds and cementing relationships with decision-makers in marketing, HR, accounting, operations, and other departments and team that are engaged in the evaluation and purchase of technology solutions. With greater insight into the operations and objectives of individual business units and departments, technology providers are better able to create specific solutions to meet the unique needs of each customer.

Many companies are embracing specialization in their own portfolios of technology solutions. The movement to the cloud and to extensible platforms has prompted them to engage in the development of proprietary intellectual property, turning some managed service providers into independent software vendors and boosting profitability.

The CompTIA Board of Directors identified the following areas as other current industry trend that are impacting business.

Customer Spending: As the economy has improved, more customers are spending money on technologies that don’t necessarily result in an immediate return on investment but will prepare them for future growth and profitability. Software defined networks and unified communications are two examples.

Voice: The market is experiencing rapid advancement in the buildout of voice-based solutions in many product areas. Having made tremendous inroads in customer service, these new solutions look to simplify products for customers in their day-to-day usage.

More Options: The expanding variety of options for tech products and services is a boom for some companies, but it’s creating challenges for others. Even some of the largest technology vendors are confused about their go-to-market strategies. Wide variances in margins have clouded decisions about which products and services to emphasize.

Speed to Market: In some instances, the  quality of products and services is suffering because the window to bring new solutions to market is as small as it’s ever been.

What’s Old is New: Some companies are reverting back to “break-fix” services as a contributor to the financial bottom line. This is true for progressive companies that have identified new service niches;  and those challenged by shrinking profit margins in cloud services.

Workforce Woes: Workforce challenges related to the tight job market are a concern. According to the latest “CompTIA IT Employment Tracker” the July unemployment rate for IT occupations was 1.9 percent, one of the lowest rates across all occupation categories. For some companies, this has resulted in an uptick in staff turnover among IT support technicians and other job categories. Finding workers will skillsets in consultative selling, cybersecurity and product integration remains problematic. Other employers are balking at investments in training for incumbent employees out of fear that a worker who’s trained in new skills will leave the company for a new opportunity.

State of Security: There is confusion in the market about how companies should incorporate the recommendation of the National Institute of Standards and Technology (NIST) Cybersecurity Framework. Customers don’t understand which elements of the framework are “must haves” and which are “nice to have.” This has placed an additional burden on MSPs and vendors, who must train their sales teams on many possible combinations.

MSP vs. MSSP: Market confusion also persists about the differences between a managed services provider (MSP) and a managed security services provider (MSSP). Without clear definitions, companies don’t know where they fit in the spectrum, which limits opportunities and clouds focus.

International Scene: Outside the major economies, MSPs are building business models similar to what emerged in the U.S. market over the past decade, with heavy reliance on usage-based consumption pricing.

M&A Activity: The channel continues to see a huge amount of merger and acquisition activity. The impact or private equity have never been bigger. But as large rollups occur due to consolidation, there is some concern over the lack of transparency over what happens, or could happen, if private equity dollars disappear.

Current members of the CompTIA Board of Directors include Chairwoman Amy Kardel, president and co-founder, Clever Ducks; Vice Chair Quy “Q” Nguyen, founder and CEO, Allyance Communications Inc.; Vice Chair Gordon Pelosse, vice president, technology support delivery Canada, Hewlett Packard Enterprises; MJ Shoer, director of client engagement and virtual CIO, Onepath; James Afdahl, vice president, business services and state relationship manager, GED Testing Service; Scott Barlow, vice president of global MSP, Sophos, Inc.; Toni Clayton-Hine, senior vice president and chief marketing officer, Xerox Corporation; Eric Hughes, chief operating officer, Intigry, Inc.; Jason Magee, chief operating officer, ConnectWise; Tracy Pound. managing director, MaximITy; John Scola, global vice president, cloud channels and strategy lead, SAP; Dan Shapero, president, TeamLogic IT; and Raja K. Singh, principal architect, advanced solutions and emerging technologies, Verizon.


About CompTIA

The Computing Technology Industry Association (CompTIA) is a leading voice and advocate for the $4.8 trillion global information technology ecosystem; and the more than 35 million industry and tech professionals who design, implement, manage, and safeguard the technology that powers the world’s economy. Through education, training, certifications, advocacy, philanthropy, and market research, CompTIA is the hub for advancing the tech industry and its workforce. Visit www.comptia.org to learn more.

Steven Ostrowski
630- 678-8468

PhishPoint and Sextortion


I posted about Sextortion, the Latest Email Scam not too long ago.  This morning, during one of the morning commute drive time radio shows, I heard a public service announcement from the FBI.  It talked about the significant increase in complaints SextortionIIcoming in to the Internet Crime Complaint Center (IC3) related to this.  The public service message further talked about many of the points I made in my original post, that this is just a new type of email phishing that the ciminals are using.  It focuses on praying on the fear that the bad guys have compromizing images of you, which they most likely do not.

Here is a link to an FBI Public Service Announcement related to this.

Not to be outdone, there is yet another new scam going around that has been labeled “PhishPoint.”  This is a fairly classic email scam that tries to trick a recipient into giving the bad guys access to an internal Sharepoint site, thus the name.  This particular phishing scam focuses on Office 365 users.PhishPoint

The folks at KnowBe4, put out the following alert related to this threat:

Be on alert! The bad guys have a new way of stealing your login credentials. They target you by sending you an invite via email to open a SharePoint document. The link takes you to an actual SharePoint page where you will see a OneDrive prompt. The prompt will have an “Access Document” link in it- don’t click this link!

This link is malicious and will take you to a fake Office 365 login screen. Any credentials you enter here will be sent to the bad guys. Don’t be tricked.

Whenever you’re submitting login credentials to any site, make sure to check the URL of the page for accuracy. Also, remember to always hover over links to see where they are taking you. Remember, Think Before You Click.

Here’s a link to details post KnowBe4 has made available, complete with screenshots, to help you be aware of and defend against this threat.

20 Students Attend Summer Tech Camp Thanks to CompTIA Board of Directors


The following is a press release from CompTIA.  I am proud to be a member of the CompTIA Board and to be a part of an organization that looks for opportuntities to make a profoud impact for the better.

I have been engaged with CompTIA for nearly 20 years.  I had the privilage to be part of the committee that interviewed CEO candidates and determined that Todd would be the right person to carry CompTIA forward.  His accomplishments over the last 10 years have been impressive.  CompTIA continues to grow and reach new heights.  Most importantly, the education, training, membership opportunities, workforce initiatives, communities, councils, public policy work and more are providing significant value to CompTIA certification holders, members and staff.  Congrats Todd!  Looking forward to seeing what we are able to accomplish over the next 10 years and beyond.

I consider it a gift to be part of this progressive, inclusive and innovative trade association.

Here’s the press release:



DOWNERS GROVE, Ill., Aug. 16, 2018 /PRNewswire/ — Twenty students recently concluded a weeklong adventure at a technology-themed summer camp thanks to scholarships from the Board of Directors of CompTIA, the world’s leading technology association.

The 20 students – 10 each from Chicago and Washington, D.C. – attended iD Tech Camp, the leading summer tech camp for students between the ages of 7 and 18.

The board made the scholarship awards in recognition of Todd Thibodeaux‘s 10th anniversary as president and CEO of CompTIA.

“Todd coined the phrase ‘confidence gap’ and has stressed the importance of the technology industry connecting with students, especially those from diverse backgrounds, to let them know that a career in tech is absolutely within their reach,” said Amy Kardel, chairwoman of the CompTIA Board of Directors and co-founder and president of Clever Ducks, a technology services company in San Luis Obispo, Calif.

“In keeping with that mission of closing the confidence gap, our Board of Directors was extremely pleased to provide 20 children with an opportunity to learn about technology and teamwork and to give their personal confidence a boost,” Kardel added.

The students were selected based on their involvement with local non-profit organizations that offer community support and skills building programs in Chicago, where CompTIA is based, and Washington, where the organization has a significant presence with its public advocacy and public sector practices.

“The students had wonderful experiences being introduced to robotics, artificial intelligence, 3D printing, game design, and more, while also learning life and leadership skills, all in a supportive and inspiring environment,” said Nancy Hammervik, executive vice president, industry relations, CompTIA.

The summer tech camp opportunity is the latest CompTIA initiative aimed at providing students with information about career opportunities in the tech industry.

The CompTIA Association of IT Professionals (AITP) Student Program matches students in tech programs with mentors to help them learn about and prepare for technology careers.

There are more than 100 CompTIA AITP student chapters at universities, colleges, community colleges, and other learning institutions across the country.

CompTIA has also partnered with the Technology Student Association, a national, non-profit organization of 250,000 middle and high school students who are engaged in science, technology, engineering, and mathematics (STEM). CompTIA will supply volunteers, programming content and career mentoring to students participating in TSA’s STEM competitions.

About CompTIA

The Computing Technology Industry Association (CompTIA) is a leading voice and advocate for the $4.8 trillion global information technology ecosystem; and the more than 35 million industry and tech professionals who design, implement, manage, and safeguard the technology that powers the world’s economy. Through education, training, certifications, advocacy, philanthropy, and market research, CompTIA is the hub for advancing the tech industry and its workforce. Visit www.comptia.org to learn more.


Steven Ostrowski





Related Links


IT Industry Comes Together in Washington


The following was published in the Sunday, August 12, 2018 edition of Fosters and Seacoast Sunday.


As it does each year, the IT industry gathered for the annual CompTIA ChannelCon conference from July 31 through Aug. 2. This year’s event was held in Washington, D.C. and focused on “The Business of Technology.”

Unless you have been living under a rock or entirely “off the grid,” you know technology is more pervasive than ever. Every business relies on technology today and for many, it is the most important competitive differentiator that they have. The “Business of Technology” encompasses every aspect of the information technology industry and quite literally, every business that leverages technology to deliver their good and/or services to their customers.

More than 1,000 technology professionals attended the event in person and several thousand more participated via ChannelCon Online, a live stream of the event for those who were not able to get to DC. ChannelCon is a unique event in the technology industry as it is not sponsored by any vendor. As the industry’s nonprofit trade association, CompTIA is in a unique position to give all organization an even playing field on which to participate. Tracks included things like BizTech, field trips, future trends, IT Pro, networking events, a technology vendor fair, vendor education, community meetings and general sessions. As I’m sure you would expect, the sessions were packed with insight into the future of the industry as well as reflections on where we have been and where we are at present.

The conference was keynoted by Four-Star General Stanley McChrystal, former commander of U.S. and International Forces in Afghanistan. At first glance, you might not think there is a lot of commonality between fighting terrorists and business, but Gen. McChrystal drew some impressive parallels of how adaptability and technology allowed JSOC, the Joint Special Operations Command to be become a modern hybrid model that leveraged technology, trust and a common purpose to confront one of the most difficult adversaries they had ever encountered.

They leveraged technology to connect ever member of the command, no matter what their role or physical location and it transformed their ability to deliver on their mission. The parallels to business communications, processes and technology were quite clear.

Another key theme that was present throughout the conference was the changing ways that technology is procured and implemented. Technology decisions are no longer the sole domain of the senior executive in charge of information technology. Many decisions are now made at the business unit or functional level within a company. Consultants, managed service providers and the technology vendor themselves, all need to be engaged with the right people within their customers organization. Only with this deep level of engagement, can the end customer ensure that they are getting the best advice, products and services to help them accomplish the business outcome they are seeking. This is a shift in how business technology has historically been consumed and managed. This is what the “Business of Technology” is all about.

I sat in on several sessions throughout the event and one that really stood out was a meeting of the Joint Advisory Councils. This group comprises senior executives in the technology industry representing companies from established and emerging technologies. They presented several infographics covering topics as diverse as how drones are being used in businesses, to how technology is allowing the development of “smart cities,” the evolution of software consumption and licensing models and more.

And of course, there was plenty of talk about cyber security. You can’t talk about technology without getting in to a discussion about security, for good reason. As a trade association, CompTIA has some very insightful research and other resources to help its members address the cyber security concerns of their customers.

Attendees also had the opportunity to learn about the products and services offered by more than 150 vendors who had a booth at the Technology Vendor Fair. Unlike other industry events, CompTIA levels the playing field, providing each exhibiting vendor with the same size booth from which to make their pitch. It allows attendees to very objectively survey the technology landscape, learn about new and established vendors alike and ensure that the services that are brought to market are best-in-class.

The IT industry shined bright in DC. These are exciting times and new technologies continue to come to market that will truly revolutionize our lives. It’s a privilege to work in such an exciting business and be part of a great company, Onepath and a member of a fantastic organization, CompTIA.

Great Fun with a Great Business Partner


Thank you to our partner, Intermedia and our partner manager, Nancy McDevitt for a great time last evening.  We took several of the Onepath northeast team out on Portsmouth Harbor Cruises the Heritage for a sunset harbor cruise.

The weather could not have been more perfect.  We sailed the back channels of Portsmouth Harbor to New Castle Harbor and out into the Atlantic.  We circled back and came back to port through the mouth of Portsmouth Harbor and back to the dock.

It was a nice celebration of a great business partnership.  It’s really nice when relationships work like this.  We’ve got each others backs and have a genuine interest in working together, as one team, delivering best of class solutions to our mutual clients.

Here are some pictures from the cruise to enjoy (hover on each picture for a description or click on the first one and scroll though the images to read the complete description)…


CompTIA World Fall 2018


At CompTIA‘s annual ChannelCon 2018 last week, the latest edition of the CompTIA World magazine was released.  The Fall 2018 edition is the fourth edition of CompTIA World.

It features a profile of Victor Johnson, CompTIA Member of the Year.  Victor shares his inspiring story in print.  He also gave one of the best and most sincere speeaches I have ever heard from the main stage at ChannelCon 2018 last week in Washington, DC.

I am honored to have been interviewed for a piece in this latest edition of CompTIA World.  You can access the article here.  While you are there, check out the entire edition.  It’s a great read and an excellent publication for the IT industry.

CompTIAWorld Fall 2018.jpg