Just download free 1Y0-403 test prep with cram

Is it safe to say that you are searching for Citrix 1Y0-403 pdf download with genuine inquiries for the Citrix Virtual Apps and Desktops 7 Assessment- Design and Advanced Configurations Exam?. We give as of late refreshed and legitimate 1Y0-403 test prep. We have gotten a major assortment of legitimate and state-of-the-art 1Y0-403 cram inquiries from genuine 1Y0-403 tests. You should simply retain and step through the exam.

1Y0-403 Citrix Virtual Apps and Desktops 7 Assessment, Design and Advanced Configurations learner | http://babelouedstory.com/

1Y0-403 learner - Citrix Virtual Apps and Desktops 7 Assessment, Design and Advanced Configurations Updated: 2023

Passing the 1Y0-403 exam is simple with killexams.com
Exam Code: 1Y0-403 Citrix Virtual Apps and Desktops 7 Assessment, Design and Advanced Configurations learner November 2023 by Killexams.com team

1Y0-403 Citrix Virtual Apps and Desktops 7 Assessment, Design and Advanced Configurations

Exam Code : 1Y0-403

Exam Name : Citrix Virtual Apps and Desktops 7 Assessment, Design and Advanced Configurations (CCE-V)

Duration : 120 minutes

Questions : 61

Passing Score : 51%

Methodology and Assessment 7.5%

- Determine the design decisions that should be made based on given business drivers.

- Determine how to complete the user segmentation process for a given environment.

- Determine how to categorize applications based on a scenario.

- Assess a given environment to determine the capabilities of that environment.

User Layer 7.5%

- Determine the appropriate endpoint type and peripherals required for a given environment.

- Determine how to appropriately deploy Citrix Workspace app based on a list of requirements.

- Determine the network connectivity and graphics requirements for a design.

Access Layer 11%

- Determine the appropriate settings and configurations to make when designing an access deployment strategy for Citrix Gateway and StoreFront/Workspace.

- Determine the architectural needs of an environment when designing StoreFront stores.

- Determine access layer scalability for Citrix Gateway and StoreFront in a given environment.

Resource Layer – Images 11% - Determine how to appropriately scale the infrastructure for Virtual Delivery Agent Machines in a given environment.

- Determine how to secure the Virtual Delivery Agent Machines based on a scenario.

- Determine how to design the appropriate image provisioning strategy for a given environment.

Resource Layer - Applications and Personalization 9% - Determine the appropriate delivery options for Application deployment based on the analysis of the given environment.

- Determine the appropriate profile strategy to use in a given environment.

- Determine the appropriate policies to implement in a given environment.

Control Layer 9%

- Determine the appropriate delivery method to recommend when designing a Site for a given environment.

- Determine the appropriate management and administration design based on given requirements.

- Determine the appropriate site design and baseline specifications to ensure performance and stability in the given environment.

- Determine the Control Layer security requirements and features necessary to secure a given environment.

Hardware/Compute Layer 19%

- Determine the appropriate hardware or hypervisor to implement based on a given design.

- Determine the appropriate resource pool strategy for a given environment.

- Determine the appropriate hardware sizing based on a scenario.

- Determine the appropriate storage allocations to ensure optimization in a given environment.

- Determine the appropriate Datacenter configurations for network traffic in a given environment.

- Determine how to meet the security objectives and best practices for a given environment.

High Availability and Multiple Location Environments 20%

- Determine Multi-location architecture requirements and business considerations in a given environment.

- Determine the appropriate access configurations to recommend when designing a multi-site environment.

- Determine the appropriate Image Management requirements in a given environment.

- Determine the requirements for profiles and data in a multi-location environment.

- Determine the appropriate strategy to support printing in a multi-location solution.

- Determine how to design a site and FMA zones to ensure users have continuous access to resources in a multi-location solution.

Disaster Recovery 6%

- Determine the appropriate Disaster Recovery Strategy for a given environment.

- Determine how to recover a primary datacenter in the disaster recovery datacenter given a scenario.

- Network systems Including security, implementation and administration

- Citrix methodology and best practices for analysis and design

- Core design principles

- Installing Citrix technologies associated with app and desktop virtualization

- Configuring Citrix technologies associated with app and desktop virtualization

- Administering an app and desktop virtualization environment

- Maintaining an app and desktop virtualization environment

- Backing up components of an app and desktop virtualization environment

- Updating an app and desktop virtualization environment

- Monitoring an app and desktop virtualization environment

- Creating reports for trend analysis in environments that include a Citrix app and desktop virtualization solution

- Troubleshooting environments that include a Citrix app and desktop virtualization solution

- Cloud concepts such as private, public and hybrid clouds

- Storage concepts
Citrix Virtual Apps and Desktops 7 Assessment, Design and Advanced Configurations
Citrix Configurations learner

Other Citrix exams

1Y0-203 Citrix XenApp and XenDesktop 7.15 Administration
1Y0-440 Architecting a Citrix Networking Solution
1Y0-204 Citrix Virtual Apps and Desktops 7 Administration
1Y0-403 Citrix Virtual Apps and Desktops 7 Assessment, Design and Advanced Configurations
1Y0-312 Citrix Virtual Apps and Desktops 7 Advanced Administration
1Y0-341 Citrix ADC Advanced subjects - Security Management and Optimization
1Y0-241 Deploy and Manage Citrix ADC with Traffic Management

Going throgh our 1Y0-403 dumps will Strengthen your knowledge up to the extent that you will get Excellent Marks in the real 1Y0-403 test. Our 1Y0-403 braindumps consists of real exam Questions Answers with vce exam simulator for practicing questions and answers. You need to deliver some hours in memorizing the 1Y0-403 dumps questions and check your practice with vce exam simulator and take the real 1Y0-403 test. You will pass the exam guaranteed.
1Y0-403 Dumps
1Y0-403 Braindumps
1Y0-403 Real Questions
1Y0-403 Practice Test
1Y0-403 dumps free
Citrix Virtual Apps and Desktops 7 Assessment, Design
and Advanced Configurations
Question #51 Section 1
Scenario: A Citrix Architect is designing a new Citrix Virtual Apps and Desktops environment.
The table in the exhibit lists details about the requirements of the current user groups and their Virtual Delivery Agent (VDA) machine workloads.
Click the Exhibit button to view the table.
The architect should scale the hardware used to host the virtual machines (VMs) for User Group 1 to ________ cores. (Choose the correct option to
complete the sentence.)
A. 32
B. 24
C. 96
D. 64
E. 16
Answer: E
Question #52 Section 1
Scenario: A Citrix Architect is configuring a multi-location profile strategy as part of a large Citrix Virtual Apps and Desktops solution. The architect
needs to implement a single policy that sets the profile path for all users and distributes the user profiles between 3 shares and 9 file servers.
New York users: Server: NYC-FS.company.lan "" Share: NYC-Profiles$
Miami users: Server: MIA-FS.company.lan "" Share: MIA-Profiles$
San Francisco users: Server: SFO-FS.company.lan "" Share: SFO-Profiles$
Which value constitutes a valid path for use with a Citrix Profile Management policy?
A. \\%DataCenter%-FS.company.lan\%UserHome%-Profiles$\#sAMAccountName#\%ProfileVer%\
B. \\%DFS-ROOT%.company.lan\%HomeShare%$\#sAMAccountName#\%ProfileVer%\
C. \\#DataCenter#-FS.company.lan\#DataCenter#-Profiles$\#sAMAccountName#\%ProfileVer%\
D. \\#DFS-ROOT#.company.lan\%HomeLocation%$\#sAMAccountName#\%ProfileVer%\
Answer: C
Question #53 Section 1
Scenario: An automobile manufacturer in Germany has deployed a Citrix Virtual Apps and Desktops solution for its employees using Citrix Cloud and
uses a resource location in Germany. Recently, they acquired an automobile manufacturer in Japan. Since then, users from Japan have reported issues
regarding slowness and degraded performance of the application hosted in the German resource location.
How can a Citrix Architect Strengthen the performance of the application for users in Japan?
A. Implement Optimal Gateway Routing within the existing resource location.
B. Create a new Site for Japan within Germany's resource location
C. Provision new resources in Japan's resource location
D. Implement Global Server Load Balancing (GSLB)
Answer: D
Question #54 Section 1
Scenario: A Citrix Architect is designing a new Citrix Virtual Apps and Desktops environment. The environment will run on 2 Citrix Hypervisor
platforms, each consisting of 3 NICs. The company maintains strict security standards for all business data traffic, so the architect is designing and
configuring hypervisor network traffic to limit infrastructure vulnerabilities.
How should the architect configure the hypervisor network traffic to provide the best security for the environment?
A. Use 1 physical NIC on the host for management, and a second NIC shared for storage and virtual machines (VMs). Create 2 subnets "" 1 for
management and the other for storage and VMs. Confirm that the storage and VMs use a NIC on the same network as the host NIC, and sort
traffic between the host and storage/VM with a switch port.
B. Use each physical NIC on the hosts "" 1 for management, 1 for storage, and 1 for the virtual machines (VMs). Create 2 subnets "" 1 for
management and the other for storage. Confirm that the VMs use a NIC for guest traffic on a separate network, and connect all networks to
separate network switches.
C. Use each physical NIC on the hosts "" 1 for management, 1 for storage, and 1 for the virtual machines (VMs). Keep all traffic on a single
subnet. Confirm that the VMs use a NIC for guest traffic on the same network as the host NIC, and sort the traffic between the host and VMs with
switch port.
D. Use 1 physical NIC on the host for management, and a second NIC shared for storage and virtual machines (VMs). Keep all traffic on a single
subnet. Confirm that the storage and VMs use a NIC on the same network as the host NIC, and sort the traffic between the host and storage/VM
with a switch port.
Answer: B
Question #55 Section 1
Scenario: A Citrix Architect is designing a new Citrix Virtual Apps and Desktops environment. The architect's objective is to create a configuration to
automatically reroute network traffic to the second NIC within the bond. The goal is to avoid a loss of productivity should the primary Citrix Hypervisor
host NIC fail. Each hypervisor currently consists of a single, active 10 GB NIC and a second, dormant 1 GB NIC.
Which two network interface configurations should the architect implement? (Choose two.)
A. Active-passive (LACP)
B. Active-active (SLB)
C. NIC teaming-bonding
D. Active-active (LACP)
Answer: AB
Question #56 Section 1
Scenario: A Citrix Architect is designing a Citrix Virtual Desktops environment. The Graphic Designers Group uses graphic-intensive applications.
Graphic designers will be provided with a Windows 10-hosted assigned desktop, with NVIDIA graphics hardware acceleration. HDX 3D Pro mode was
selected during the installation of the Virtual Delivery Agent (VDA).
What is the maximum number of monitors supported for the Graphic Designers Group?
A. 4
B. 1
C. 2
D. 8
Answer: D
Question #57 Section 1
Scenario: A Citrix Architect is designing a new Citrix Virtual Apps and Desktops environment. The architect has identified the Resource Layer
requirements shown in the exhibit.
Click the Exhibit button to view the requirements.
Which feature of Citrix Profile Management could help the architect address the Graphic Designers Group requirements while minimizing login time?
A. Profile streaming
B. Active write back
C. Folder redirection
D. File exclusions
Answer: A
Question #58 Section 1
Scenario: A Citrix Consultant is designing a new Citrix Virtual Desktops environment. During the user segmentation process, a Citrx Architect collected
a small amount of data about user requirements, but was NOT able to create well-defined user groups.
Which user-segmentation actions should the consultant pursue?
A. Collect user data, define user groups, and identify user requirements.
B. Collect user data, confirm user groups, and identify user requirements.
C. Analyze existing data, define user groups, and confirm user requirements.
D. Analyze existing data, confirm user groups, and identify user requirements
Answer: A
Question #59 Section 1
A Citrix Architect is designing a new Citrix Virtual Apps and Desktops environment. The IT team maintains 12 Citrix Hypervisor hosts that are
available to build the new Citrix environment. During the project kickoff meeting, management states: "We need a robust infrastructure that can handle
large user loads, Strengthen IT efficiency, certain minimal downtime, and protect the network and its resources from corruption."
Click the Exhibit button to view the existing infrastructure details.
Which configuration should the architect use to meet the requirements for the new Citrix environment?
A. Create multiple resource pools with at least 3 hosts in each pool for the infrastructure and Citrix workloads, and enable high availability with
clustered pools using local storage repositories.
B. Create a single resource pool containing all hosts for the infrastructure and Citrix workloads, and enable default high availability using GFS2 as
the heartbeat storage repository.
C. Create a single resource pool containing all hosts for the infrastructure and Citrix workloads, and enable default high availability using NFS as
the heartbeat storage repository.
D. Create multiple resource pools with at least 3 hosts in each pool for the infrastructure and Citrix workloads, and enable high availability with
clustered pools using GFS2 as the heartbeat storage repositories.
Answer: D
Question #60 Section 1
Scenario: A Citrix Architect is designing a new Citrix Virtual Apps and Desktops environment for a company with 2 branch offices connected over a
WAN link.
Each location will maintain its own Citrix Site and be configured for disaster recovery (DR) to allow users to failover if 1 Site has an outage.
Management wants to implement a strong profile solution to manage user profiles. Each user maintains a profile that consists of user documents,
application settings, and other personalization settings that must be available to them at all times.
Which step should the architect perform to ensure that profile requirements are met?
A. Implement Citrix Profile Management for all users with Windows Folder Redirection configured, and Microsoft Distributed File System
Replication (DFSR) active-active profile replication configured over the WAN connection.
B. Implement Citrix Profile Management for all users with Microsoft Distributed File System Replication (DFSR) active-passive profile
replication configured over the WAN connection.
C. Implement Ciitrix Profile Management for all users with Microsoft Distnbuted File System Replication (DFSR) active-active profile replication
configured over the WAN connection.
D. Implement Citrix Profile Management for all users with Active write back enabled and Microsoft Distributed File System Replication (DFSR)
active-active profile replication configured over the WAN connection.
Answer: B
For More exams visit https://killexams.com/vendors-exam-list
Kill your exam at First Attempt....Guaranteed!

Citrix Configurations learner - BingNews https://killexams.com/pass4sure/exam-detail/1Y0-403 Search results Citrix Configurations learner - BingNews https://killexams.com/pass4sure/exam-detail/1Y0-403 https://killexams.com/exam_list/Citrix Citrix Bleed exploit lets hackers hijack NetScaler accounts


A proof-of-concept (PoC) exploit is released for the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, that allows attackers to retrieve authentication session cookies from vulnerable Citrix NetScaler ADC and NetScaler Gateway appliances.

CVE-2023-4966 is a critical-severity remotely exploitable information disclosure flaw Citrix fixed on October 10 without providing many details.

On October 17, Mandiant revealed that the flaw was abused as a zero-day in limited attacks since late August 2023.

This Monday, Citrix issued a subsequent warning to administrators of NetScaler ADC and Gateway appliances, urging them to patch the flaw immediately, as the rate of exploitation has started to pick up.

Today, researchers at Assetnote shared more details about the exploitation method of CVE-2023-4966 and published a PoC exploit on GitHub to demonstrate their findings and help those who want to test for exposure.

The Citrix Bleed flaw

The CVE-2023-4966 Citrix Bleed flaw is an unauthenticated buffer-related vulnerability affecting Citrix NetScaler ADC and NetScaler Gateway, network devices used for load balancing, firewall implementation, traffic management, VPN, and user authentication.

By analyzing the unpatched (13.1-48.47) and patched versions (13.1-49.15) of NetScaler, Assetnote found 50 function changes.

Among these functions, the researchers found two ('ns_aaa_oauth_send_openid_config' and 'ns_aaa_oauthrp_send_openid_config') that featured additional bounds checks preceding the generation of a response.

These functions use 'snprintf' to insert the appropriate data into the generated JSON payload for the OpenID configuration. In the pre-patch version, the response is sent immediately without checks.

The vulnerability emerges from the return value of the snprintf function, which can lead to a buffer over-read if exploited.

The patched version ensures that a response will only be sent if snprintf returns a value lower than 0x20000.

Snatching session tokens

Armed with that knowledge, Assetnote's analysts attempted to exploit vulnerable NetScaler endpoints.

During that process, they found that the hostname value used for generating the payload comes from the HTTP Host header, so one does not need administrator rights to access it.

Furthermore, the hostname is inserted into the payload six times. Hence, its exploitation makes it possible to exceed the buffer limit, forcing the endpoint to respond with the buffer's contents and adjacent memory.

"We could clearly see a lot of leaked memory immediately following the JSON payload," explains Assetnote in the report.

"While a lot of it was null bytes, there was some suspicious-looking information in the response."

By exploiting the vulnerability thousands of times for testing, the analysts consistently located a 32-65 byte long hex string that is a session cookie.

Retrieving that cookie makes it possible for attackers to hijack accounts and gain unrestricted access to vulnerable appliances.

Now that a CVE-2023-4966 exploit is publicly available, it is expected that threat actors will increase their targeting of Citrix Netscaler devices to gain initial access to corporate networks.

Threat monitoring service Shadowserver reports spikes of exploitation attempts following the publication of Assetnote's PoC, so the malicious activity has already started.

As these types of vulnerabilities are commonly used for ransomware and data theft attacks, it is strongly advised that system administrators immediately deploy patches to resolve the flaw.

Tue, 24 Oct 2023 23:26:00 -0500 Bill Toulas en-us text/html https://www.bleepingcomputer.com/news/security/citrix-bleed-exploit-lets-hackers-hijack-netscaler-accounts/
The Learning Network No result found, try new keyword!What can we learn from their remarkable friendship? By The Learning Network We invite students to play critic and submit an original review about a latest creative work. Contest runs from Nov. 1 ... Wed, 15 Nov 2023 18:00:00 -0600 en text/html https://www.nytimes.com/section/learning Recently patched Citrix NetScaler bug exploited as zero-day since August


A critical vulnerability tracked as CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices has been actively exploited as a zero-day since late August, security researchers announced.

The security issue is an information disclosure and received a fix last week. It allows attackers to access secrets in appliances configured as gateways of authentication, authorization, and accounting (AAA) virtual servers.

In a security bulletin on October 10 with few technical details, Citrix strongly urged customers to install the available update without delay.

A report from Mandiant disclosed that it found signs of CVE-2023-4966 being exploited in the wild since August for stealing authentication sessions and hijacking accounts.

"Mandiant has identified zero-day exploitation of this vulnerability in the wild beginning in late August 2023," says the cybersecurity company.

"Successful exploitation could result in the ability to hijack existing authenticated sessions, therefore bypassing multifactor authentication or other strong authentication requirements" - Mandiant

The company also warns that hijacked sessions persist even after installing the security update. Depending on the permissions of the hijacked account, the attackers may leverage the method to move laterally or to breach more accounts.

Security researchers observed CVE-2023-4966 being exploited for access on infrastructure belonging to government organizations and technology companies.

Apart from applying the patch from Citrix, Mandiant published a document with additional remediation recommendations for NetScaler ADC/Gateway administrators with the following suggestions:

  1. Restrict ingress IP addresses if immediate patching isn't feasible.
  2. Terminate all sessions post-upgrade and run the CLI command: clear lb persistentSessions <vServer>.
  3. Rotate credentials for identities accessing vulnerable appliances.
  4. If suspicious activity is detected, especially with single-factor authentication, rotate a broader scope of credentials.
  5. For detected web shells or backdoors, rebuild appliances with the latest clean-source image.
  6. If restoring from backup, ensure no backdoors are in the backup configuration.
  7. Limit external attack exposure by restricting ingress to trusted IPs.

Also, upgrading the appliances to the following firmware versions should be prioritized:

  • NetScaler ADC and NetScaler Gateway 14.1-8.50 and later
  • NetScaler ADC and NetScaler Gateway 13.1-49.15 and later releases of 13.1
  • NetScaler ADC and NetScaler Gateway 13.0-92.19 and later releases of 13.0 
  • NetScaler ADC 13.1-FIPS 13.1-37.164 and later releases of 13.1-FIPS 
  • NetScaler ADC 12.1-FIPS 12.1-55.300 and later releases of 12.1-FIPS 
  • NetScaler ADC 12.1-NDcPP 12.1-55.300 and later releases of 12.1-NdcPP

This is the second zero-day flaw Citrix fixes in its products this year. A previous one, identified as CVE-2023-3519, was exploited in the wild in early July and received a fix a few of weeks later.

Tue, 17 Oct 2023 19:00:00 -0500 Bill Toulas en-us text/html https://www.bleepingcomputer.com/news/security/recently-patched-citrix-netscaler-bug-exploited-as-zero-day-since-august/
New Citrix Bleed vulnerability of NetScaler network devices

Earlier this month another vulnerability was found in Citrix Systems Inc.’s NetScaler and NetGateway product lines. This time around, the Citrix Bleed exploit is a lot more dangerous and harder to snuff out.

In July and August, about 2,000 NetScalers were exploited by a threat actor to get persistent access. NetScaler and NetGateway perform a variety of network security functions, including load balancing, application firewalls and proxy services.

The Citrix Bleed exploit allows attackers to retrieve session cookies to gain unauthorized access. The company announced patches on Oct. 10 for several versions, with the exception of v12.1, which is still vulnerable and considered past its end of life. But then other issues were discovered.

Last week saw further definition of the scope of the problem. Google LLC’s Mandiant research group found another vulnerability that wasn’t fixed with these patches. Other researchers, including Assetnote, found the exploit happening in their telemetry since August and issued a proof-of-concept example. This can be used as a demonstration, as well as a mechanism for network administrators to test their systems. Assetnote had further technical details that show how the exploit works.

Mandiant found instances where the exploit was used to infiltrate the infrastructure of government entities and technology corporations, and the Cybersecurity and Infrastructure Security Agency added the exploit and warnings to federal agencies. Mandiant and Citrix both issued warnings to those that haven’t yet patched their systems to do so as soon as possible. Greynoise, another security researcher, indicated that more than a dozen unique IP addresses were still unpatched as of the weekend, according to data they extracted from their own telemetry.

Session cookie-based attacks have been in the news most recently, because they make it easier for hackers to breech systems without having to find and steal login credentials. They’re also useful because the cookies are designed to persist after any reboots of the equipment, and in some cases the initial patches offered by the vendors don’t take this into account. A similar set of session cookie attacks were behind a series aimed at Cisco Systems Inc. IOS devices earlier in the month.

Photo: Citrix

Your vote of support is important to us and it helps us keep the content FREE.

One-click below supports our mission to provide free, deep and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy


Mon, 30 Oct 2023 02:38:00 -0500 en-US text/html https://siliconangle.com/2023/10/30/new-citrix-bleed-vulnerability-netscaler-network-devices/
Critical Citrix Bug Exploited as a Zero-Day, 'Patching Is Not Enough'

A critical security vulnerability in Citrix NetScaler patched last week is under active attack — and has been since at least August.

Making matters worse, the bug (CVE-2023-4966, CVSS score 9.4), can't be fully remediated by simply applying the patch, Mandiant warns.

To that point, "organizations should ... terminate all active sessions," Mandiant CTO Charles Carmakal explained in a LinkedIn post on the active Citrix exploitation this week. "These authenticated sessions will persist after the update to mitigate CVE-2023-4966 has been deployed. Therefore, even after the patch is applied, a threat actor could use stolen session data to authenticate to resources until the sessions are terminated."

Technically an information-disclosure vulnerability, the flaw allows cyberattackers to hijack existing authenticated sessions and potentially bypass multifactor authentication (MFA). The result is full control over NetScaler environments, which control and manage application delivery within enterprises.

Mandiant has traced attacks exploiting the bug back to late summer, carried out by an unknown threat actor. Carmakal said that the ongoing exploitation appears focused on cyberespionage, with professional services, technology, and government organizations so far in the unknown attackers' sights.

"We anticipate other threat actors with financial motivations will exploit this over time," he added.

That's a likely prediction given that organizations have a poor track record when it comes to mitigating known threats against Citrix gear. For instance, earlier in the month it came to light that legions of attackers are still targeting CVE-2023-3519 (CVSS score of 9.8), a critical pre-authentication remote code-execution (RCE) vulnerability in Citrix NetScaler gateways that was addressed in July (but exploited as a zero-day for a month before that).

Thousands of credential-theft attacks ensued after the disclosure, cresting in August as patching lagged. As of early October, according to the Shadowserver Foundation, more than 1,300 backdoored NetScaler instances were still appearing in scans.

As far as the latest critical security bug goes, customer-managed Citrix NetScaler ADC and NetScaler Gateway installations are affected; cloud instances are not, as outlined in the Citrix bug advisory, which also includes information about patched versions. Mandiant on Wednesday also offered updated, detailed remediation guidance for CVE-2023-4966.

Tue, 17 Oct 2023 12:00:00 -0500 en text/html https://www.darkreading.com/vulnerabilities-threats/critical-citrix-bug-exploited-zero-day-patching-not-enough
Adult Learners

Immerse yourself in a world of critical analysis and intensive scholarship that will help you change your career path or Strengthen your employment opportunities. 

The New School offers unique degree programs specifically designed for students seeking an alternative to the traditional four-year college experience, as well adult career changers. Parsons’ Associate in Applied Science (AAS) degree program provides a challenging academic curriculum, a community of design practitioners, internship opportunities and professional development counseling. The Bachelor’s Program for Adults and Transfer Students benefit from The New School’s student success offerings, flexible study options (including part- and full-time study; and online, on-campus, and hybrid options), a curriculum tailored to individual goals, and credit for your work/life experience. 

Below, find more information about our bachelor’s and associate’s degree programs. Looking for information about transferring as a undergraduate student? Visit Transfer Students page to learn more. 

Bachelor’s Program for Adults and Transfer Students

Bachelor's and associate degrees for adult students seeking an alternative to the traditional four-year experience

  • Option to self-design your degree in the Liberal Arts major
  • Transfer up to 84 credits, including credit for college-level learning received from work and life experience
  • Study online or on campus, part- or full-time (it is possible to complete a degree entirely online)
  • Evening and day classes available
  • Receive support from a faculty advisor
  • Take advantage of our bachelor's/master's pathway

Learn more about continuing your education in the Bachelor's Program for Adults and Transfer Students

Parsons School of Design

Associate in Applied Science professional programs in communication design, fashion design, fashion marketing and communication, and interior design

  • Study part-time or full-time
  • Take classes scheduled in the evening for students’ convenience
  • Change careers in a focused, professionally-oriented program

Learn more about continuing your education at Parsons

Not sure which program is right for you? 

The Office of Admission will help you find the program that suits you by reviewing your education, interests, and academic goals. You can reach our admission counselors by email at [email protected] or by phone at 800.292.3040.

Mon, 02 Aug 2021 06:39:00 -0500 en text/html https://www.newschool.edu/admission/prospective-undergraduate-students/adult-learners/
The Lifetime Learner

WRITTEN BY: John Hagel III, John Seely Brown, Roy Mathew, Maggie Wooll & Wendy Tsu

A new business landscape is emerging wherein a multitude of small entities will bring products and services to market using the infrastructure and platforms of large, concentrated players. The forces driving this are putting new and mounting pressures on organizations and individuals while also opening up new opportunities. But traditional postsecondary educational institutions are not supporting individuals in successfully navigating this not-too-distant future, nor are the educational institutions immune to these forces. Perhaps more than any other sector, postsecondary education is being affected by changing demand as the learning needs and preferences of the individual consumer rapidly evolve. Increasingly, individuals need both lifelong learning and accelerated, on-demand learning, largely as a response to the pressures of the broader evolving economic landscape.

Rarely seen amid gross national statistics on the skills gap, employability, completion rates, and tuition hikes is a serious discussion of the unmet, and increasingly disparate, needs and expectations of individual learners. The costs to the individual are increasing, and the payoff is less certain. Students of all ages are more comfortable with technology and are less tied to traditional notions of the academy as fewer American adults between the ages of 18 and 22 achieve a four-year, full-time, campus-based degree.1 At the same time, technological advances reduce the lifespan of specific skills, and an increasingly globalized and automated workforce needs to continuously learn and retrain.

As a result of a growing set of unmet needs and lower barriers to entry and commercialization, a new ecosystem of educational players is emerging, largely independent of the traditional educational landscape. This rich ecosystem of semi-structured, unorthodox learning providers is emerging at the edges of the current postsecondary world, with innovations that challenge the structure and even existence of traditional education institutions. These challengers are extending the education space beyond grades, degrees, and certificates to provide lifelong learning in a variety of formats and levels of effectiveness.

What does this mean for traditional players and the educational landscape? Similar to what is occurring more broadly, the emerging landscape will consist of a few large, concentrated players that will provide infrastructure, platforms, and services to support a wide array of fragmented niche providers of content, formats, environments, and experiences. Existing institutions—educational institutions, educational publishers, and corporate training departments—would do well to understand the diversity of the emerging landscape and the needs and preferences they reflect in order to help define sustainable roles in this new landscape. Existing institutions will likely have to choose what roles they can play sustainably and where they should be integrating emerging players and tools to support the learning needs of the future.

Profile of a learner

Meet Christine. After earning an undergraduate English literature degree, she taught English to adults in Portugal for two-and-a-half years before returning to school to earn a master’s degree in journalism in an immersive two-year program. She worked as a reporter at the Seattle Times and then became managing editor at a city-based weekly. She spent the next two years working as an editor at an Internet health site, and then freelancing as an editor and writer for online publications. Dissatisfied with the online writing world and with print newspapers struggling, she returned to school for a law degree. After a year in a big firm, she opened her own practice focused on representing youth removed from their parents for neglect or abuse. To balance against the high stress and emotion of the work, Christine took an 18-month-long series of weekend and evening classes to become a certified yoga instructor. Christine’s love of literature never left her, so in her spare time she enrolled in a six-week evening class in novel writing at the Grotto, a community of working writers. From this class, she formed a writing group that continued to meet biweekly for several years—since then, three members have completed their novels. Several years later, with state budget cuts threatening the financial viability of her juvenile practice, she began taking online courses and attending conferences and seminars to earn certification in elder law, and in 2011 opened an elder law practice. She just completed a 20-hour conflict coaching course and hopes to use those skills both in an informal way in her law practice and as a separate discipline. She also is enrolled in a 40-hour mediation training and intends to add mediation services to her repertoire. Christine is 47.

Meet Al. He earned a degree in chemical engineering from a large state school and went to work for a leading metals manufacturer in quality control. Over the years, he became more involved in the development of first aluminum and then beryllium alloys and worked at a series of companies in the Midwest experimenting with a growing assortment of metal alloys. Throughout this time, he took occasional night school courses on subjects relating to his work at the Carnegie Institute in Pittsburgh and at Case in Cleveland, sometimes reimbursed by his employers. In the 1960s, he began using “timesharing” computing practices for statistical analysis of masses of data. Al has retired from a major industrial manufacturing conglomerate and lives in a university town where he occasionally attends special lectures. He says that he would have “trouble trying to live without the availability of all the information, the ease of communications, and the speed with which it can be accomplished.” He uses YouTube to learn new knitting techniques and once a week attends a “sit and knit” at a community center where he and the other knitters trade tips and help each other figure out complex patterns. He provides instruction to the “newbies” who drop in and makes cancer caps for a local charity. A technophile, Al visits the Apple Genius Bar® service and support program or the Best Buy Geek Squad when he occasionally gets stuck on one of his many devices, and also relies on reviews and Internet forums, such as the best voice-to-text dictation and translation software to help him communicate with the non-English-speaking patients at the hospice center where he volunteers five days a week. Al is 97.

Meet Britney. She discovered a thirst for entrepreneurship while earning an undergraduate business degree from a top university. A finance major with some knowledge of business analytics, she realized that she needed a technological skill set to start her own ventures. As a result, while still in school, Britney sought out massive online open courses (MOOCs) as the stepping stone to learning how to code. She started taking online courses through several sources. Through these free online courses, she learned coding outside of the traditional classroom setting at her own pace, cost- and grade-free. The MOOCs gave her a technical foundation and new clarity about wanting to pursue a career in programming, but she struggled to assemble a coherent curriculum from the offerings. To move from being an enthusiast to employable, Britney enrolled in a nine-week intensive Dev Bootcamp course in San Francisco to develop her skills enough to begin freelancing. Now Britney goes to Meetups to make connections and learn about new opportunities, and she uses the Dev Bootcamp alumni network to seek contract work. She wants to travel and create technological analytic solutions for social impact issues and is building a portfolio of projects. Britney is 24.

Meet Sarah. After graduating from high school, Sarah enrolled in a vocational-technical program to earn certification as a beautician. Working at a series of salons, Sarah saved money and enrolled in a state school while continuing to work part-time. Two years into her studies, she married a soldier and spent the next several years moving from place to place and starting a family. Sarah returned to salon work to supplement the family income, learning the latest techniques from her coworkers and industry publications. As her children got older, she resumed college courses through a distance-learning program with her original school, earned her teaching certification, and began teaching kindergarten in a large, challenging public school. Now, with her children a few years from leaving home, Sarah can start to think about what comes next. Sarah is 43.


In the book A More Beautiful Question, Warren Berger suggests that the true focus of education should be on encouraging students to question and explore rather than on delivering a canon of knowledge to students.2 This stands in stark contrast to the current pressure on traditional educational institutions to provide job-driven curricula to better meet the needs of the economy. With skyrocketing costs, a growing student-debt crisis, and the perception of a widening gap between institutional curricula and employer needs, more attention is being focused on the value provided by different types of traditional educational institutions, specifically four-year universities, two-year community colleges, and trade or vocational schools. Yet, as undersecretary of education Ted Mitchell explains, the value of education can be thought of in several ways: “There is economic value for the individual, economic value for society, but there is also civic value for society and having good, engaged citizens.”3

Unfortunately, the conversations revolving around skill-based training, financing reform, and improved access in many ways ignore the broader shift occurring in the global business environment. As detailed in The hero’s journey to the business landscape of the future,4 rapid advances in technology and a trend toward public policies that allow labor, resources, and capital to flow more easily across borders are shaping a future economic landscape in which a relatively few large, concentrated players will provide infrastructure, platforms, and services that support many fragmented, niche players. Individuals and institutions alike will have to chart a path through this future (figure 1).

This emerging landscape, and the underlying forces driving it, can have direct implications for education, learning, and other aspects of society. First, exponential advances in the core digital technologies that permeate all industries are leading to exponential, cumulative innovations that are blurring boundaries between once-separate domains and industries, disrupting business and the workforce in ways that are difficult to imagine or predict.5 In such an environment, greater collaboration between industry and academia alone cannot ensure a well-trained, well-targeted workforce. Second, in this global and networked environment, fixed knowledge stocks have decreasing value, while more fluid knowledge, specifically participation in diverse information flows that lead to the creation of new knowledge, becomes more important. As such, education as a one-way transfer of a canon of knowledge is inadequate, and the characteristics that defined education in the 20th century—bound by time and place, with a fixed curriculum—cannot keep up with the rapid rate of change or the new demands on knowledge and learning.6

Most traditional institutions—educational institutions, educational publishers, and corporate training departments—have not yet made the shift from knowledge stocks to knowledge flows. As a result, the traditional learning pathways for acquiring skills and credentials and securing employment are in flux. The institutions that have defined those pathways (see figure 2) are being challenged by a growing array of unorthodox learning providers who are experimenting not only with delivering educational content faster, cheaper, and on demand but also with entirely new learning experiences.

The underlying forces putting pressure on institutions and opening the door for new opportunities and entrants are unlikely to subside. This will drive changes in the postsecondary educational landscape as in most other industries, and it will also continue to increase demand for a richer, more diverse learning ecosystem to help individuals navigate the future landscape.


Individuals increasingly face the prospect of not just multiple jobs but multiple careers over a lifetime, and of constantly changing technology and environments within a job. As Robin Chase, former CEO and founder of ZipCar, puts it, “Our parents had one job, I will have seven jobs, and our children will do seven jobs at one time.”7 As the expectations for employment and fulfillment change, continuous and lifelong learning becomes increasingly important. Individuals are looking for not just learning but guidance in navigating the changing world to find the best learning and career opportunities. The growth in life coaching and self-help books, now $2 billion and $11 billion industries respectively, is an early signal of this need.8

Individuals are also challenged by an accelerating cycle of skill obsolescence in a period of unprecedented transition from skill set to skill set. The rapidly changing business landscape demands constant learning of new skills and domains, retraining, and applying existing capabilities in new contexts. It also demands a greater fluency in digital tools and comfort in virtual environments. It rewards those with greater capacity to seek and access resources and to build social capital through personal networks and participation in communities. While globalization has opened opportunities for new jobs and careers internationally, it has also in some cases narrowed opportunities as certain types of employment migrate to nations with lower labor costs. In manufacturing and IT, for example, 53 percent and 43 percent of US companies, respectively, engage in offshore outsourcing, displacing as many as 2.6 million jobs.9 What happens, then, to the individuals who must recalibrate their careers for options that their education may not have equipped them for?

Predicting which skills and jobs are vulnerable to obsolescence is no longer straightforward, either. Beyond globalization, the 21st-century work environment is what Michael Gove, former UK secretary of state for education, termed a “new machine age,” where breakthroughs in automation, robotics, and even artificial intelligence have begun replacing jobs once thought to be the domain of human workers.10 Fujitsu, Canon, and Amazon are but a few examples of organizations that have automated significant portions of the assembly and fulfillment processes.11

Changing preferences for autonomy, and the ability to find meaningful work that satisfies those preferences, are also starting to redefine traditional career paths. Many individuals have left large companies for smaller firms or become self-employed as the traditional promises of stability, income and career progression, health care, and training and development opportunities once tied to large companies have been broken. In addition, retirement-age workers who do not retire, either because of financial needs or a desire to continue to make an impact, are also moving from large companies with retirement programs to smaller businesses or self-employment. While the average worker today switches jobs every 4.4 years, the independent workforce has grown from 16.1 million in 2011 to 17.7 million in 2013.12 The switch from large to small or independent often requires a new skill set even when the occupation builds off of experiences in a former job or role. Independent workers, as much as their employed peers, continue to need professional development and learning opportunities to maintain and refresh skills, but they have to seek it from external sources. Most small companies, if they offer training at all, also turn to outside sources for professional development, and even larger companies have reduced investment in internal training and development opportunities for employees.

The shelf life and relevance of skills are decreasing, while new occupations, roles, titles, and functions are being created at a rapidly accelerating pace. In an oDesk survey asking hiring employers to rank the criteria for their hiring decisions, a college degree ranked last. The No. 1 criterion was a person’s previous performance on a similar or related task.13 Moreover, by 2020, it is estimated that the work-related knowledge a college student acquires will have an expected shelf life of less than five years.14 Fabio Rosati, the CEO of Elance (which recently merged with oDesk), states, “The technologies that were relevant even two to three years ago are different than the technologies that are going to be relevant in the next two to three years, [and that’s moving] at increased speed.”15 From an occupational perspective, according to career networking platform LinkedIn, the top 10 job titles used by employees today (including iOS developer, social media analyst, big data architect, cloud services specialist, and digital marketing specialist) did not even exist five years ago.16 What are the options for the approximately 16.4 million students who graduated from higher education institutions just 10 years ago and now want to pursue a career in one of these jobs that didn’t exist then?17

Profile of a learner

1) Navigational guidance to select the best options

2) Continual challenges and learning

3) Affordability

4) Job placement

5) Relevant skills and contextual application

6) Flexible and compressed timeframes

7) Intangible skills and tacit/experiential learning

8) Professional development (for independent workers, workers at small companies, and workers at companies where training budgets have been cut)

9) Network and community of practitioners

In addition to the pressure to continuously adapt to the forces that are reshaping the business landscape, the cost-benefit equation for individuals considering any form of traditional education has changed. Tuition costs have grown in absolute terms and are part of a long-term trend of state and federal governments shifting the cost burden to students and their families. In fact, 71 percent of students graduating from four-year universities have debt averaging $30,000, a 20 percent increase since the recession. Even 88 percent of Pell Grant recipients had student loan debt greater than the national average of $25,550 for public universities.18 While tuition costs have gone up, job placement rates from four-year institutions have decreased, with 40 percent of latest college graduates unemployed in the first year, and others underemployed.19 This changes the equation for individuals as they consider their options, and alternative learning pathways become more appealing.

Add to this equation a potential student, very much a consumer, who is comfortable with technology and accustomed to getting information from a variety of online sources. This description isn’t limited to Millennials, who have undeniably grown up with a different expectation for the pace and engagement of their learning environments, are fluent in social media, and easily transition to new platforms. Across virtually all generations, people turn more readily to the Internet as a resource for entertainment and information; education and learning aren’t such a leap. Some of these learners are the same latest students who didn’t complete degree programs, who graduated but failed to find employment, or who saw friends or family members sink under runaway student debt. In addition, with more visibility into options, as with other aspects of their lives, consumers are seeking out those that match their preferences for faster, more flexible, or more experiential formats.

Finding new ways to empower learners and support their unmet lifelong learning needs is an attractive opportunity for new entrants. But with a shifting student profile—currently the “modal student is 36 years old and doing school on the side”—traditional educational institutions, if they want to stay relevant and viable, must also find new ways to better address the unmet needs of a variety of learners.20 It is no surprise that new forms and institutions are emerging and gaining credibility, in part as a consequence of the slow response and inability of traditional institutions—not just educational but government and corporate as well—to keep up with these evolving needs.


Much has been written about “the higher education crisis” and the multilayered organizational inertia, policies, and practices that hinder innovation and change within traditional educational institutions. Those arguments are valid, but we would suggest that by focusing internally they miss the competition coming from the “edges,” from unexpected places and sectors. These new entrants in education are unlikely to look like the incumbents; lowered barriers allow competitors to offer individual components of what traditional institutions (four- and two-year colleges, vocational schools, and corporate training) provide.

New entrants are innovating all along the learning spectrum. A rich ecosystem of unorthodox learning providers is emerging at the edges to experiment with technologies and approaches—in some cases to try to deliver a component of traditional education in new ways that reduce costs, Strengthen effectiveness, or increase accessibility (faster, on demand); and in some cases to offer something entirely new with different goals that cannot necessarily be judged by traditional metrics of time-in-seat, completion, or assessment scores.

The eroding barriers to innovation in learning

In The hero’s journey through the landscape of the future, we examine, across industries, how the barriers to entry, commercialization, and learning are being dramatically impacted by technological advances, ubiquitous connectivity, and more empowered and digitally savvy consumers. In particular, we study the way these forces have shifted consumer power and preferences, how they have lowered barriers to new entrants in education and opened the doors to innovation in learning, and the platforms that have come out of these forces.

One potent example is the availability of financing for education technology.21 What began as a trickle—$64 million of investment in 2009—has swollen into a flood, with $1.25 billion, an increase of 35 percent, invested in the education technology market in 2013.22 Much of the growth has been in informal, lifelong learning: MOOCs, professional development, and professional skills were the education categories most funded by venture capitalists in Q2 2014. San Francisco-based Udemy, a MOOC platform specializing in helping individuals Strengthen skills related to career and life, raised $32 million in series C funding of new ventures.23

The growth of venture funding in this space is allowing more entrants with potentially disruptive technologies in content creation, access, tools, and formats to directly impact lifelong learning. Platforms such as Udemy and Udacity have opened a content creation ecosystem that was originally restricted to academics, administrators, and publishers to include new entrants such as engineers, designers, data scientists, coaches, and others with a desire to share their expertise. While the offerings in education technology are still nascent, and many will fail to either become viable business models or provide long-term value to learning, the increased investment in the informal learning space signals consumer and market appetite for learning experiences that extend beyond an education bound by time or location.

While access to financing has become relatively less of a hurdle, other barriers remain, not impassable but not yet negligible. The desirability and superiority of a four-year college education is deeply embedded in American culture and policy, with the consequence that even the best alternative forms of education are viewed as inferior compromises. As a result, and with the notion of meritocracy, the higher education conversation tends to revolve around access and outcomes. Ted Mitchell, US undersecretary of education, summarizes the administration’s agenda as “access, affordability, quality, and completion,” with the goal of providing the highest level of education for which people qualify.24 The assumption is that the ranking of options remains unchanged. For new entrants to gain traction, they will have to overcome the barriers around brand, acceptance by employers, and comfort with non-authoritative sources of learning and warranting. While these barriers may be slower to fall, emerging players will likely gain momentum from the increasing desire for participation in learning, relative affordability (particularly if new entrants gain acceptance by federal/state funding sources), and flexibility (which reflects the increasing diversity of learners, for example, transitioning/reentering workers such as veterans and senior citizens).

Where are the edges?

Currently, new entrants primarily exist in parallel to traditional postsecondary education institutions, but they are beginning to compete with traditional paths. New entrants are emerging in five arenas, mostly centered around the individual:

  1. The workforce: As workers recognize the importance of continuous learning, they are more actively seeking learning opportunities. In 2013, 23 percent of employees left their jobs citing the lack of opportunities for professional development and training.25 Companies are starting to realize the need to provide more and different training opportunities that better suit each unique worker, allowing workers to develop relevant and marketable skills. Companies such as SAP have started to create their own MOOC-based platforms, like openSAP, to allow subject matter experts within the workforce to create relevant and timely content for others. Rather than fund expensive training departments, others are turning to outside providers such as Udemy for flexible, relevant content.
  2. Independent agents: The growth in the independent workforce, together with the lack of formal training and development programs in small companies, leaves a large population of individuals who are accustomed to managing their own careers looking for external solutions so that they can continue to learn and retrain. This is where specialized programs such as coding-intensive boot camps (for example, Dev Bootcamp, Hack Reactor, and Codeacademy), Meetups, and MOOCs are emerging.26
  3. Passion arenas: Passionate workers, specifically those who embrace challenges as opportunities to learn and who connect with others to find solutions and make a meaningful impact on an area of interest, want to share that passion with others. As a result, the need to share and connect with other passionate individuals manifests itself as social communities and creation spaces where learning and connection can blossom around significant challenges.27
  4. Emerging countries: Access to education is a necessary element for economic prosperity, particularly in developing countries. The global demand for learning through more inexpensive, pull-based, flexible models is leading to experiments with new platforms and environments to make learning accessible to a rapidly changing world. Free MOOCs are one example, but so is the global network of institutions owned by Laureate Education, or New York University’s global academic centers that have a mission to provide access within a country.
  5. K-12: The learning habits and preferences of students move with them, and experiments that began in the K-12 space might translate into the postsecondary world. For example, AltSchool, a new network of K-8 schools in the Bay area, is experimenting with ways to make the experience of learning more flow-based and immersive. AltSchool focuses learning around microschools where the neighborhood playground serves as the gym and the science class on liquid nitrogen takes place at the local ice cream shop.28 Consider, also, the example of Khan Academy. In providing short, modular, on-demand, self-paced math instruction to the K-12 audience for the past seven years, Khan Academy has been refining the platform and techniques for engaging learners in personalized curricula focused on skills mastery.29 As its target audience moves beyond secondary school, the lessons learned by Khan Academy may prove extensible into higher-level material or into other subjects or curricula, whether that will be carried forward by Khan Academy or others. This format is already migrating into other K-12 flipped classroom30 ventures and will likely prove applicable to a variety of other learning needs.

What types of innovations are emerging?

As the barriers to innovation have been lowered, new entrants and incumbents have innovated in four different areas, each of which transforms learning into more of a flow-oriented activity (figure 3). None of these emerging innovations is likely to supplant traditional education on its own. Collectively, however, they represent a rich and growing ecosystem of providers and learning opportunities that have the potential to disrupt education.

Innovation 1: Accessibility

The Internet has democratized learning by increasing access to content for a growing population of learners. This accessible content, structured both as formal educational content and informal informational content (which is ever growing and includes platforms such as YouTube and discussion boards), is the basis of virtual knowledge flows. In a networked era, learning can be more flow-oriented, opening both content and content creation to a larger pool of people. For example, the Open Educational Resources (OER) movement, spearheaded by MIT’s OpenCourseWare initiative in 2001, encourages providing access to teaching, learning, research, and assessment materials under open licenses that permit free use and modification for a variety of educational purposes. OER is part of a global movement toward increasing access to content, enabling knowledge to flow and be built upon rather than commoditized.31 The movement has spawned other OER platforms, from iTunes U®, a feature of the online store that allows users to organize course lectures, notes, and books for an entire course, to Connexions, a platform that provides authors and learners with an open space to share and freely adapt education materials.32 The OER movement changes not only the way professors engage with content, but also how the learner engages with content so that the learning experience is more personalized, adaptable, and affordable. In 2012, in an effort to reduce costs to students, the University of Minnesota created a tool to help faculty find more affordable textbook options. The resulting Open Academics textbook catalog lists “open textbooks,” which are under a license that enables students to get free or low-cost versions of textbooks while being able to adapt and distribute the material as well. The Open Academics catalog, with over 84 open textbooks, is the first of its kind and is available to faculty worldwide.33

While OER is primarily focused on materials, which can be mixed and modified but are not, in and of themselves, developed as full courses, MOOCs are full courses or mini-courses developed and guided by an instructor and designed for large-scale participation. The OER movement has largely focused on improving access to content for instructors, while MOOCs expand access to an educational experience through digital learning platforms. For example, a course on machine learning, taught by Professor Andrew Ng of the Stanford Artificial Intelligence Lab, is now available for free to 4.5 million users rather than only to Stanford students.34 MOOC platforms such as Udacity, EdX, and Udemy democratize access to educational content, allowing individuals to participate in knowledge flows regardless of geographic borders and organizational boundaries.

OER still needs to find answers to the problems of credibility and validation (such as peer review) while maintaining timeliness, diversity, and quality of content. MOOCs also, rather than replacing instruction, are coming to be understood as a tool for delivering certain types and levels of content in the most cost-effective way and as a supplement to in-person, expert-guided learning and practice.

OER and MOOCs serve as stepping stones for rethinking how content can be developed, structured, and delivered to the global masses. In some parts of the world, they represent convenience—learning on demand—while in others, they are revolutionary. By democratizing accessibility to content, in terms of both the number of learners and number of courses available, learning shifts from being a protected stock-based resource to a flow where learners from the broader ecosystem can engage with previously unavailable information.

Innovation 2: Social learning

One of the most profound effects of learning in a networked age is the importance of social learning.35 Social learning, according to the Educause Review, is based on the premise that our understanding of content is socially constructed through conversations about the content rather than on the content itself. As such, learning institutions should focus less on what the individual is learning than on how the individual is learning.

From physical collaboration settings (such as libraries and coworking spaces) to virtual collaboration settings (forums, blogs, online communities), the ability for the individual to interact with others through multiple channels is expanding. Increasingly, we see a movement toward communities of social learning that focus on interaction and engagement beyond the four walls of a traditional learning institution. For example, at events such as Meetups, learners can interact with others from different backgrounds, getting exposed to serendipitous learning opportunities and, potentially, new collaborators with whom they can take on challenges.

Case study: MOOC Meetups everywhere

In the ongoing evolution of MOOCs and other digital learning, organizations are experimenting with Meetups to fill the role of the social learning environment that is characteristic of the traditional college experience. Meetup, founded in 2002, is an online social networking portal that facilitates offline group meetings in various locations around the world. Online education provider edX has over 40 Meetup communities around the world, while Udacity has 18. Nearly 220 other Meetups exist for categories like “MOOCs” and “online learning.” MOOC Meetups span the globe with concentrations in places like New York, London, Bangalore, and San Francisco and newer groups in Beijing and Hyderabad. These Meetups create a physical environment for learners to gather and engage with the content together; they are directed by the learners according to their needs. For example, a learner might create a study group Meetup for an Introductory Software as a Service course and schedule the meetings for every Sunday in Palo Alto; nine or so other learners from different backgrounds might attend regularly to ask questions, share ideas, and meet others who want to explore challenges related to the topic. It remains to be seen whether, lacking the formal structure or grade incentives of traditional education, these self-directed gatherings can fill the need for social learning among the broad learner population because they rely on the personal motivation and initiative of the individual, which may be less well-developed in some learner populations. As proponents of online learning have largely embraced the need for blended physical/virtual models, some providers may take a more active role in launching learning hubs that build community and provide physical space and opportunity for students and facilitators to interact.36

Social communities, combined with online content and resources such as the Meetups, are a step forward in providing social context for lifelong learning in non-traditional settings. The drawback with social communities is that some lack content or structures to use the community effectively as a mechanism for collaboration. The next step lies in creating communities of discovery where new content is created through collaboration. To some extent, this is emerging in shared workspaces, incubators, and accelerators that target specific technologies or skillsets, such as the various “hacker” spaces for making (tinkering), biohacking, and social/civic entrepreneurs.37

Innovation 3: Creation spaces

A real opportunity for learning institutions to amplify learning is to build deliberately constructed environments, “creation spaces,” that combine the advantages of tightly knit teams with the ability to involve an ever-increasing number of participants. This is where the “power of pull”—the ability to attract people and resources around a challenge or interest—comes in. Creation spaces are intended to bring learners together in the creation of new knowledge. Rather than focusing a discussion on content, learners within the creation space work together to create their own content and gain new insights, while the creation space connects individuals to a richer learning environment that encourages interactions. Creation spaces require three key ingredients: a critical mass of participants, the co-evolution of interactions within the team and with a broader set of participants, and an environment that supports various layers of activities.38

Looking back to the game World of Warcraft (WoW) and how it revolutionized gaming, one of the game’s enduring innovations was its ability to foster creation spaces. In WoW, performance is measured in terms of experience, while the degree of complexity and challenge increases with advancement through the game. WoW created a platform for learning where players innovated together and developed new knowledge. While the new knowledge pertained to advancing to new levels in the game, players across different backgrounds worked together to overcome new experiences and learn. Beyond these tightly knit teams or “guilds,” a rich learning platform evolved that helped participants in individual guilds to reach beyond their own teammates and learn from others through discussion forums, video archives, and communities of interest. What traditional learning institutions can learn from WoW is how to construct an environment that continually challenges its participants.

Innovation 4: Warranting

As education technology investments have increased, so have new ways to warrant the quality of learning beyond grades, certificates, and degrees. Traditionally, the validity of a learning experience was based on the credibility of the institution, as determined by nationally recognized accreditation agencies.39

In the emerging learner-centric landscape, learning is more utility-oriented than authority-based. With the recognition that even latest college graduates are often not employed in their fields of study (if employed at all), and the widespread sentiment of employers that students are ill prepared for the demands of the workforce, the grade or degree as a symbol or accurate assessment of achievement is losing ground. Instead, innovators are experimenting with portfolio-based models that allow learners to incorporate learning and mastery from informal and non-textbook, non-classroom experiences. For example, learners using the Mozilla Development Network can be recognized for skills they learn both offline and online, and beyond their time at a formal learning institution. From Purdue University with its Passport badging platform to Mozilla with its Open Badge platform, the spectrum of what warranted learning looks like is expanding; so, too, are the people and organizations that can warrant learning. For example, corporations, new online accreditation organizations (such as Degreed and Accredible)40 and individuals themselves can now carry weight in validating learning experiences.

While badging has served as an innovative solution for capturing more skill-based learning, the impact that it will have on traditional learning institutions is unclear. According to Peter Stokes, executive director of postsecondary innovation in the College of Professional Studies at Northeastern University, one of the biggest challenges will be the normalization of badging, or the ability to create a learning currency.41While the adoption and recognition of badging by higher education is important, the greater impact will be felt as companies start recognizing and even issuing or accrediting badges. In addition, if companies start investing in building their own badges, it begins to change the relationship between corporate HR and the academy, shifting power away from the academy.

Case Study: UC Davis badging and skills qualification 42

In 2013, the University of California, Davis (UC Davis) launched digital badging within the sustainable agriculture program. The introduction of the badging system, called “Skills Qualifications,” was spearheaded by the department chair Gregory Pasternack and learning coordinator Joanna Normoyle in an attempt to bridge the gap between the theoretical knowledge taught by professors and the practical knowledge learned through the real application of theory. The badging system helped deliver the informal learning that students felt the current curriculum was not capturing. The badging system at UC Davis became the first step to creating an education portfolio for its students illustrative of projects and experiences tied to core competencies needed to excel in a particular profession. While the badges are not intended to replace grades, they are intended to make education more transparent and allow students to take more control of their learning careers.


With barriers to entry and commercialization diminishing and an array of new entrants challenging traditional forms and institutions with innovations to make learning more accessible, flexible, and personalized, what are the implications for existing institutions, from higher education to educational publishing to corporate training?

The education/learning landscape is simultaneously becoming both fragmented and concentrated. Figure 4 shows the emerging landscape of unorthodox providers at the edges. Concentration will exist in the functions that operate on scale and scope, particularly with aggregation platforms, whereas fragmentation will exist within the content creation space as warranting and accrediting content becomes easier.

Fragmentation in content creation

The establishment of informal and more formal learning aggregation platforms (Udacity, EdX, Khan Academy, Udemy, and even YouTube) has led to an explosion of content creators. Online service tools (such as SchoolKeep, Fedora, and Skilljar) provide guidance to instructors on how to create their own online learning videos, lowering the costs of producing and distributing content to serve diverse and highly specific learning needs. Combined with more liberalized warranting, the pool of content creators will likely continue to increase beyond those with a professional degree and institutional affiliation.

For example, over half of Udacity’s courses are created by people who aren’t traditional professors but are experienced industry leaders.44 With 4,000-plus independent content creators, Udemy maintains an open platform, meaning that anyone regardless of credentials can log on and create a course available to all its users, including such courses as Java for Complete Beginners, created by software development trainer John Purcell with 209,000 enrolled students, or Become a Startup Founder, created by the Founder Institute with more than 600 enrolled students. According to Dan Chou, director of business development at Udemy, the courses offered on the platform are filtered for quality as determined by the learners themselves. The best-rated courses appear at the front of search queries, and others drop to the bottom.45

Meanwhile, other emerging providers offer “white label” and hosted solutions rather than a marketplace model. Companies such as SchoolKeep, Fedora, and Skilljar make it easy for individuals to build and operate courses at their own Web domain,46 resulting in a blurring of the line between education and e-commerce. Online service tools enable individual instructors of all backgrounds to not just build great lectures but also develop a sales funnel for the product that is independently owned by the content creator.

As fragmentation continues in the content creation space, the individual has more opportunities to continue learning beyond a traditional school setting across an increased array of subjects with timely and updated content. Technology and the liberalization of warranting content allows business to move from traditional teacher-centered models to new models that shift the current focus on the transfer of expert-generated knowledge toward scalable learning.

Concentration in learning content aggregation

Investments in education technology have financed the creation of online learning platforms, which in turn have opened the doors for all types of individuals to create, distribute, and share learning content. YouTube can be thought of as an early-stage learning aggregation platform. Anyone can learn almost anything on YouTube because it has lowered the barriers of entry for anyone to easily upload, organize, and distribute content on the Internet for free. While YouTube may not have the same sophistication in warranting its content as MOOCs, its equivalent measure of relevancy can be seen through the number of likes, views, and real-time comments a video receives.

Rather than trying to provide all content to all people, learning aggregation platforms are beginning to carve out niches in the market, shedding unnecessary costs and better differentiating themselves from their peers. The learning content aggregation platforms that support fragmented content creators will become concentrated, as any given end user’s participation on many platforms delivers little value and carries high convenience and attention costs, if not financial.

Already, the prominent names related to MOOCs each serve a particular genre and learning type (figure 5). Udacity provides STEM content and mostly targets computer programmers and engineers; NovoEd provides entrepreneurial content, mostly to individuals starting businesses; and Khan Academy mostly targets those who seek competency mastery through practicing problems.

The way some learning content aggregation platforms have gone about partnering with corporations is targeted and reflective of the genre in which they serve. In 2013, Udacity formed the Open Education Alliance by partnering with Google, AT&T, Nvidia, and Intuit to create courses that would help bridge the technology skills gap in today’s workforce, moving away from direct partnerships with universities.47 While the real effectiveness of these courses is still to be measured, by partnering with leading tech companies, Udacity is able to brand itself as the learning content aggregation platform for STEM topics.

Much as Napster was not the final word in the music industry, these learning aggregation platforms are not the end-all solution to innovation in learning. However, they can be the catalyst for change aligned with supporting lifelong learning. While MOOCs have reported low average completion rates of around 7 percent, completion may not be the definitive success metric of this new format, as learners may dip into courses for a specific purpose or content that may not require completion. Success for an aggregation platform might be better measured by a net promoter score (the likelihood of a learner recommending the course to someone else) or even a retention score (the likelihood of a learner returning for another course). While only 23 percent of academic leaders believe MOOCs to be a sustainable method of education, their value comes from opening the learning ecosystem to a broader set of creators, distributors, and learners in support of continuous learning.48

Mobilizers and learning agents

Aggregation, of course, doesn’t provide the support or social and experiential environment that accelerates learning. Aggregation is also not the same as skillfully sequencing courses within a collection, or across collections, to resemble a coherent curriculum. This is where mobilizers and agents come in.

Lifelong learners seek coursework not just to learn but to Strengthen their performance, and that type of learning comes from moving beyond hearing and practicing to doing—alone and as a member of a group. To get better and faster requires the support of a broad set of resources and platforms that enable people to come together to create and absorb knowledge. MOOCs and other early technology offerings generally aren’t designed to facilitate individuals coming together with a goal of dramatically improving performance, something that traditional learning institutions are better able to provide within the existing physical infrastructure for collaboration.

But with the help of emerging mobilizers (players focused on orchestrating collaboration and learning within the ecosystem), first steps have been taken to foster the coming together. By partnering with Meetup, for example, online content aggregators can create an initial environment for the individual learner to connect with other students and engage with the content, share feedback, ask questions, and, hopefully, create sustained relationships.

Some traditional institutions for learning, such as Arizona State University (ASU), have realized the power of mobilizers such as TechShop as a means of facilitating collaboration among not just students, but a diverse array of community members and corporate partners. In 2013, ASU, the US public university with the highest enrollment, partnered with TechShop, a membership-based, do-it-yourself workshop and fabrication studio and coworking space, to provide all the 60,000-plus ASU students with free access to a wide range of machinery and tools. According to Mitzi Montaya, dean of ASU’s College of Technology and Innovation, TechShop has enriched students’ learning experience.49 TechShop allows students to apply knowledge they have learned in projects that are meaningful to them, regardless of major or coursework.

As fragmentation leads to a proliferation of information and content options through learning aggregation platforms, and lower barriers and unmet needs attract an ever-richer array of learning options, individuals will likely need help navigating not just MOOCs and digital resources, but the whole ecosystem of learning. The role of the agent, an entity that thoroughly understands the individual’s learning and career goals, becomes increasingly important. Britney Van Valkenburg, passionate about programming, sought online courses to learn how to code, but she found it difficult to navigate a career path in programming because of all the content that existed. What courses should she take, and in what order? What communities should she engage with, and where could she learn fastest? Should she enroll in a degree program or join a hackerspace? The role of the agent is to provide holistic career coaching that is personalized to the individual based on a deep understanding of his or her needs, skills, and goals. More and more, individuals are seeking out such agents; in fact, the life coaching industry grew to a $2 billion industry in 2013.50 A pure-play agent is brand-agnostic, anticipates individual needs with proactive recommendations, and is widely accessible, whether in person or virtually. A scalable, widely accessible, and affordable type of agent is still very much nascent, although companies such as Eddefy are trying to create a scalable solution for navigating a learning path, and LinkedIn also fulfills some of the goals of an agent.


As the business environment becomes more globalized and automated, and individuals begin to recognize that a four-year degree is neither an automatic ticket to employment nor the last milestone in their learning careers, more individuals are traveling alternative learning pathways (figure 6).

This expanding ecosystem of semi-structured learning fits the model of how learners—or at least a certain type of learner—want to proceed through their learning. The mobilizer serves as a spark or catalyst. This has so far been observed in the programming space but may prove relevant across other domains. Between Meetups, social learning spaces such as Hacker Dojo and TechShop, and on-demand resources such as Codeacademy and GitHub, individuals are exposed to some skills, ideas, and foundational concepts. This initial exposure sparks an interest, which leads the individual to look for opportunities to apply or experience skills in context, and to engage with a community of others pursuing similar interests. At this point, the desire to go deeper and achieve mastery often leads to a need for a more structured setting, a physical presence, guidance, and a coherent curriculum. This is where the emerging, short-term, immersive institutions come in, whether it is the nine-week Dev Bootcamp for coders or entrepreneurial schools such as the new Draper University.

Specialized, short-term, intensive programs such as Draper University, Hack Reactor, Codeacademy, and Dev Bootcamp, while still at the edges and currently confined to entrepreneurship and programming, have gained significant traction with individuals and companies. Coding boot camps alone are poised to reap $59 million in tuition in 2014. The number of graduates from these specialized intensive programs, or vocational schools, has also grown by 175 percent in the past year.51 In fact, across the existing coding boot camps, 75 percent of graduates report working full time in a job that requires the skills taught in the curriculum, compared with the 5 percent who were working as full-time programmers beforehand.52

While these programs are not intended to replace the four-year institution or the community college for now, they are intended to close the gap between what academia teaches and what modern jobs require. The average computer science major may not graduate with enough coding- or workplace-specific skills to be a professional coder, resulting in an unemployment rate of around 9 percent in 2013 for latest college graduates with computer science degrees.53 These boot camps aim to bridge that deficiency by providing an intensive project-based curriculum relevant to the work environment. Dev Bootcamp touts a 90 percent placement rate for its students at top-tier companies such as Facebook, Pinterest, and Google; Hack Reactor reports 100 percent job placement, saying all of its alumni are software engineers with salaries of over $100,000.54 Dave Hoover, cofounder of Dev Bootcamp, agrees that a nine-week intensive program cannot compete with a four-year immersive higher education institution, but it can serve as an alternative pathway in an à la carte model of learning. A student, no matter what age, could attend these intensive boot camps within different disciplines and find work opportunities to apply that knowledge.55

Experience Institute (Ei) and Draper University are two other emerging institutions that are repositioning what a traditional learning institution’s structure could look like. Instead of restricting students to the classroom, Ei immerses them in at least three three-month internships at different companies over the course of a year. In between apprenticeships, the students come together as a community to participate in live classes and share and reflect on their experiences. And at Draper University, an intensive entrepreneurship boot camp, students are able to more quickly gain exposure to relevant and new experiences within venture capital than through a four-year institution. This is why aspiring entrepreneur JC Xu decided to apply to Draper University rather than attending another graduate program.56 Consider also the success of alternative institutions such as Singularity University and the Minerva Schools at KGI,57 both of which adopt a global perspective and focus on creating intense, immersive environments for collaboration and learning. Each is able to be highly selective and charge premium rates for its unique learning offerings, competing with traditional programs in ways that MOOCs cannot. In the case of Singularity and other short-term intensive programs, the network is a critical selling point. These influential networks of financiers, employers, and collaborators, as well as the program’s own active alumni, compete directly with the alumni networks of traditional institutions, one of their historical advantages.


The emerging ecosystem of learning tools and providers is ripe with opportunities for both individuals and institutions. But as new entrants gain traction at the edges, they will increasingly threaten components of the traditional learning structure. Traditional institutions must be open to opportunities to leverage and integrate this new learning ecosystem and identify the most appropriate and sustainable roles to play in the new landscape. Individuals have both the need and the capabilities to navigate and benefit from new offerings. Meanwhile, higher education institutions have been hearing about MOOCs and other models for the past several years, yet the threats have not materialized as quickly as some predicted. This makes it that much harder for institutions to understand the future landscape and take action in the face of deep structural obstacles.

Despite having vast physical and human resources that dwarf those of any new entrant, traditional institutions should think of themselves as operating within the broader context of the learning ecosystem. They operate in a world that is more globalized, automated, and networked, where both consumers and providers have greater reach and more options, and where continuous learning will be a fixture of our professional and personal lives. Individuals’ success in learning will depend increasingly on their ability and motivation to navigate a myriad of options to create a personalized, relevant learning pathway. Relevant players in the future learning landscape will need to address not only how they can better help individuals learn faster, but also how they can help them unlearn and be open to truly new ideas. As psychologist Herbert Gerjuoy’s quote in Future Shock is commonly paraphrased, “The illterate of the 21st century will not be those who cannot read and write, but those who cannot learn, unlearn, and relearn.”58

We tend to underplay the difficulty of unlearning to make way for new learning, but unlearning is unlikely to happen in a classroom where the same push-based methods of delivering content have been in use for the past century. What types of immersive experiences can help an individual adopt a new lens or change his or her frame of reference? What social support is needed to look at things differently, even at the risk of looking uneducated, along the way to learning? What does it take to get an individual, or an entire organization, out of the comfort zone?

The educational institutions that succeed and remain relevant in the future business landscape will likely be those that foster a learning environment that reflects the networked ecosystem and is meaningful and relevant to the lifelong learner. This means providing learning opportunities that match the learner’s current development and stage of life. In community colleges, we see more experiments in “stackable” credentials that provide short-term skills and employment value while enabling students to return over time and assemble a coherent curriculum that helps them progress toward career and personal goals. Similarly, corporations such as Siemens have worked with high schools and community colleges to create apprenticeship programs that yield immediate skills and employment for young or reentering learners who might lack the resources to effectively benefit from the learning ecosystem. For both vocational and academic education, there is greater recognition of the need for personalized pacing, modularity, and structures to provide continuity across time.

Some universities have started to look at the examples coming from both the edges of education and areas such as gaming and media to imagine and conduct experiments in what that future learning environment could look like:

  • ASU has ventured into more experiential, community-oriented, self-directed learning and has leveraged the energy and learning potential of the maker movement59 in its partnership with TechShop Chandler.
  • Georgetown University, through a series of workshops led by Ann Pendleton-Jullian, director of the Knowlton School of Architecture at Ohio State University, has challenged the organizational and physical boundaries of a campus to reimagine the higher education model of 2033 as a locus for communities of practice.60
  • Stanford Design School’s 2025 project reimagines the university experience, focusing on experiential learning and examining the value derived from residential learning and colocation with peers.61

In traditional educational institutions, structural and organizational inertia can hinder thinking about how to offer and support learning in new ways. The requirements of state and federal funding programs, typical fund-accounting models, incentives, hierarchies, and even reputation mechanisms derived from publishing and classroom authority can all stand in the way of traditional educational institutions making the changes needed to remain relevant and sustainable in the context of the future business landscape.

Looking ahead: What can institutions do?

As we have shown above, learning and higher education, while related, are not necessarily following the same trajectory. Learning is evolving rapidly, while the typical institution for postsecondary education is changing more slowly. Traditional institutions and providers that are considering their position in the emerging landscape should adopt a mindset that allows them to see past the obstacles and the “way it’s always been done” to adopt a realistic and optimistic perspective.

Adopt a new mindset

  • Change your lens: The pressures institutions are facing also hold the opportunity for making significant changes according to their individual contexts. Rather than focusing on the problem—budget constraints, unsupportive faculty, poor technological infrastructure—or replicating the shiny emerging tool that others are using (such as MOOCs), focus on identifying the learning mechanisms that work within the context of your institution and are meaningful to tomorrow’s learner.
  • Move from static to fluid: In a networked world that is rapidly changing, static knowledge stocks delivered at a fixed point in time will be less valuable than knowledge flows created as individuals continually refresh what they learn through experience beyond the four walls of a classroom. Learning institutions have the unique opportunity to enable a physical space and opportunity for tacit knowledge sharing—the knowledge that resides in our heads and cannot easily be codified—which taps into the rich and changing ecosystem around them.
  • Identify your competitive strengths: The value of the university, community college, or vocational college is in its ability to function as a community of practice around knowledge. The higher education experience is unique in its ability to surround the learner with a network of individuals from different backgrounds—leverage that. As Pendleton-Jullian suggests, probe deeper into what value the university experience brings that cannot be replicated or virtualized, and identify the specific factors (people, programs, disciplines, and context) compared with other forms of learning that make your institution unique and relevant to the lifelong learner.
  • Scale the edges: Antibodies to change and innovation will exist and may stem from misaligned faculty support, lack of a strong technological infrastructure, or lack of funding transparency. Innovation can exist at the edges of every organization, whether in a particular department, set of students, or physical location. Focus on these areas where change is blossoming rather than despair about the immovable core, and leverage external resources from the surrounding ecosystem of tools and organizations for support rather than seeking internal funding and approval. Identify initiatives that are both aligned with your strengths and with agents of change within the organization. Edges can become conduits of transformation, helping the institutions of today tap into the opportunities of tomorrow.

Identify a sustainable role

Today, learning institutions have the unique opportunity to transform the learning environment (physically, virtually, and socially) into a new ecosystem that supports the currently unmet need of lifelong learning. Traditional learning institutions—universities, community colleges, and vocational schools—will need to understand what roles they currently play, where they want to be, and what assets they can leverage to stay relevant in the context of moving from knowledge stocks to flows, identifying dynamic factors, and scaling the edges. With concentration around the scale and scope roles mapped in figure 4 (infrastructure provider, aggregation platform, and agent business), fragmentation with content creation, and mobilizers as the connective tissues between the fragmented and consolidated players, traditional postsecondary institutions have a choice:

  • Transform into an infrastructure business. Focus on providing the facilities and locations for a variety of learning experiences. As an infrastructure provider, traditional institutions shed the roles that are not core to providing facilities and learning infrastructure. This helps transform the institution into a recognized space for learning where content can be brought in or accessed from external sources, but students look to the institution to connect with a broader pool of individuals for the purpose of collaborative and social learning. While in this context, the institution amplifies the value of its physical infrastructure. Back-end systems and delivery and warranting systems are also forms of infrastructure that will be valuable in the future. It is more likely that these types of infrastructure will be provided by new entrants, so existing institutions should be realistic about where they can compete sustainably and leverage other providers for the roles they don’t play best.
  • Become a platform business and curator. Aggregate resources for knowledge and connect them with appropriate learners rather than act as the vendor of knowledge. As a platform business, institutions become the entities that now pull knowledge from the broader ecosystem to share with learners, rather than holding tightly to the content that is their own. This helps enable the institution to access the most relevant and current knowledge content from an ecosystem of content creation that extends beyond the institution. In the process of becoming a platform business, institutions have the ability to also curate content. Top universities such as Harvard University, University of California, Berkeley, or Massachusetts Institute of Technology can use their current brands to curate quality content. In this case, the institution acts as a platform to identify relevant content in the networked ecosystem.
  • Become an agent business. Channel your sector experience to provide lifetime guidance for the learner on his or her learning and career. As an agent business, an institution would help learners navigate a world of exponential change and abundance of information. As a talent agent for the student, the institution would commit to this role for the student throughout his or her career in the pursuit of lifelong learning.

Some traditional learning institutions are already thinking about the new roles they can play. In the Stanford 2025 project, one of the four proposed models of innovation was the Open Loop University. Through Open Loop, students can attend university through a six-year nonlinear timeline, allowing them to learn, work, and return to learn again. Axis Flip is another model that will rework the infrastructure of the university to center around learning hubs, a model most closely tied to the role of the institution as an infrastructure provider for collaborative learning.62

Whatever role they play, institutions will also have to connect and collaborate with mobilizers in order to unlock the collective knowledge of the ecosystem and become part of the transformation. The learning landscape is changing, and traditional institutions and new entrants have the opportunity to participate in and define a rich learning ecosystem that is more personalized and fluid than education has been for at least a century. Institutions will need to decide where to compete and where to cede the floor, but those that succeed will find ways to remain relevant, embrace the forces shifting the broader global environment, and begin building their own futures now, before it gets harder to claim a meaningful space in this emerging landscape.

Institutions of higher education face ongoing challenges, including skyrocketing costs, intense competition, increased government regulation coupled with less public funding, and an unpredictable economy. Reengineered business processes that align personnel activities with institutional goals and strategies—supported by selected IT—can help organizations reduce costs while creating innovative services that help attract and retain quality students, faculty, and staff. Deloitte serves over 200 higher education clients, drawing upon a pool of multidisciplinary sources across consulting, financial advisory, tax, and audit. Learn more at www.deloitte.com/highereducation.

As used in this document, “Deloitte” means Deloitte & Touche LLP, Deloitte Tax LLP, Deloitte Financial Advisory Services LLP, and Deloitte Consulting LLP, subsidiaries of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries.


John Hagel

John Hagel (co-chairman, Deloitte Center for the Edge), of Deloitte Consulting LLP, has nearly 30 years of experience as a management consultant, author, speaker, and entrepreneur, and has helped companies Strengthen performance by applying technology to reshape business strategies. In addition to holding significant positions at leading consulting firms and companies throughout his career, Hagel is the author of bestselling business books such as Net Gain, Net Worth, Out of the Box, The Only Sustainable Edge, and The Power of Pull.

John Seely Brown

John Seely Brown (JSB) (independent co-chairman, Deloitte Center for the Edge) is a prolific writer, speaker, and educator. In addition to his work with the Center for the Edge, JSB is adviser to the provost and a visiting scholar at the University of Southern California. This position followed a lengthy tenure at Xerox Corporation, where JSB was chief scientist and director of the Xerox Palo Alto Research Center. JSB has published more than 100 papers in scientific journals and authored or co-authored seven books, including The Social Life of Information, The Only Sustainable Edge, The Power of Pull, and A New Culture of Learning.

Roy Mathew

Roy Mathew (principal, Deloitte Consulting LLP) specializes in IT strategy, transformation, and restructuring to help higher education clients develop innovative services and reduce costs. Roy focuses on helping universities with major transformation and efficiency efforts that include significant process, organization, and governance change. Most recently, he led the shared services operational excellence program at one of the largest and most eminent public universities in California. He is actively involved in developing Deloitte’s capabilities and eminence in innovation, business process reengineering, and operational performance improvement.

Maggie Wooll

Maggie Wooll (senior editor and engagement strategist, Deloitte Center for the Edge), of Deloitte Services LP, combines her experience advising large organizations on strategy and operations with her love of storytelling to share the Center’s research. At the Center, she explores the implications of rapidly changing technologies for individuals and their institutions. In particular, she is interested in learning and personal fulfillment within the shifting business environment.

Wendy Tsu

Wendy Tsu (former research fellow, Deloitte Center for the Edge) is passionate about exploring the edges between learning, social impact, and innovation. As part of Deloitte Consulting LLP’s Strategy & Operations practice, her focus has been in technology and education. Most recently, she has been helping higher education institutions reimagine their operating models. As part of the Center, she conducted research and analysis related to new forms and institutions of education and how they impact the educational journey for the lifelong learner.

Originally published by Deloitte University Press on dupress.com. Copyright 2015 Deloitte Development LLC.

Sun, 14 Aug 2022 07:40:00 -0500 text/html https://www.theatlantic.com/sponsored/deloitte-shifts/the-lifetime-learner/256/
The latest high-severity Citrix vulnerability under attack isn’t easy to fix
Enraged computer technician man screaming and breaking a PC with a hammer.
Getty Images

A critical vulnerability that hackers have exploited since August, which allows them to bypass multifactor authentication in Citrix networking hardware, has received a patch from the manufacturer. Unfortunately, applying it isn’t enough to protect affected systems.

The vulnerability, tracked as CVE-2023-4966 and carrying a severity rating of 9.8 out of a possible 10, resides in the NetScaler Application Delivery Controller and NetScaler Gateway, which provide load balancing and single sign-on in enterprise networks, respectively. Stemming from a flaw in a currently unknown function, the information-disclosure vulnerability can be exploited so hackers can intercept encrypted communications passing between devices. The vulnerability can be exploited remotely and with no human action required, even when attackers have no system privileges on a vulnerable system.

Citrix released a patch for the vulnerability last week, along with an advisory that provided few details. On Wednesday, researchers from security firm Mandiant said that the vulnerability has been under active exploitation since August, possibly for espionage against professional services, technology, and government organizations. Mandiant warned that patching the vulnerability wasn’t sufficient to lock down affected networks because any sessions hijacked before the security update would persist afterward.

The company wrote:

Successful exploitation could result in the ability to hijack existing authenticated sessions, therefore bypassing multi factor authentication or other strong authentication requirements. These sessions may persist after the update to mitigate CVE-2023-4966 has been deployed. Additionally, we have observed session hijacking where session data was stolen prior to the patch deployment, and subsequently used by a threat actor.

The authenticated session hijacking could then result in further downstream access based upon the permissions and scope of access that the identity or session was permitted. A threat actor could utilize this method to harvest additional credentials, laterally pivot, and gain access to additional resources within an environment.

Mandiant provided security guidance that goes well beyond the advice Citrix provided. Specifically:

• Isolate NetScaler ADC and Gateway appliances for testing and preparation of patch deployment.

Note: If the vulnerable appliances cannot be prioritized for patching, Mandiant recommends that the appliances have ingress IP address restrictions enforced to limit the exposure and attack surface until the necessary patches have been applied.

• Upgrade vulnerable NetScaler ADC and Gateway appliances to the latest firmware versions, which mitigate the vulnerability.

• Post upgrading, terminate all active and persistent sessions (per appliance).

– Connect to the NetScaler appliance using the CLI.

• To terminate all active sessions, run the following command: kill aaa session -all

• To clear persistent sessions across NetScaler load balancers, run the following command (where is the name of the virtual server / appliance): clear lb persistentSessions

• To clear existing ICA sessions, run the following command: kill icaconnection -all

• Credential Rotation

– Due to the lack of available log records or other artifacts of exploitation activity, as a precaution, organizations should consider rotating credentials for identities that were provisioned for accessing resources via a vulnerable NetScaler ADC or Gateway appliance.

– If there is evidence of suspicious activity or lateral movement within an environment, organizations should prioritize credential rotation for a larger scope of identities if single factor authentication (SFA) remote access is allowed for any resources from the Internet.

• If web shells or backdoors are identified on NetScaler appliances, Mandiant recommends rebuilding the appliances using a clean-source image, including the latest firmware.

Note: If a restoration of an appliance is required using a backup image, the backup configuration should be reviewed to ensure that there is no evidence of backdoors.

• If possible, reduce the external attack exposure and attack surface of NetScaler appliances by restricting ingress access to only trusted or predefined source IP address ranges.

The advice is warranted given the track record from previous exploitation of critical Citrix vulnerabilities. For example, Citrix disclosed and released a patch for a separate 9.8 vulnerability on July 18. Three days later, according to Internet scans by security organization Shadowserver, more than 18,000 instances had yet to apply the critical update.

By then, according to the US Cybersecurity and Infrastructure Security Administration, the vulnerability was already under active exploit. In the subsequent weeks,  Shadowserver and security firms F-Secure and IBM Security Intelligence tracked thousands of exploitations used for credential theft.

What Mandiant’s guidance amounts to is this: If your organization uses either NetScaler ADC or NetScaler Gateway that's on-premises, you should assume it has been hacked and follow the guidance provided. And yes, that includes patching first.

Thu, 19 Oct 2023 02:56:00 -0500 Dan Goodin en-us text/html https://arstechnica.com/security/2023/10/the-latest-high-severity-citrix-vulnerability-under-attack-isnt-easy-to-fix/
“This vulnerability is now under mass exploitation.” Citrix Bleed bug bites hard
“This vulnerability is now under mass exploitation.” Citrix Bleed bug bites hard
Getty Images

A vulnerability that allows attackers to bypass multifactor authentication and access enterprise networks using hardware sold by Citrix is under mass exploitation by ransomware hackers despite a patch being available for three weeks.

Citrix Bleed, the common name for the vulnerability, carries a severity rating of 9.4 out of a possible 10, a relatively high designation for a mere information-disclosure bug. The reason: the information disclosed can include session tokens, which the hardware assigns to devices that have already successfully provided credentials, including those providing MFA. The vulnerability, tracked as CVE-2023-4966 and residing in Citrix’s NetScaler Application Delivery Controller and NetScaler Gateway, has been under active exploitation since August. Citrix issued a patch on October 10.

Repeat: This is not a drill

Attacks have only ramped up recently, prompting security researcher Kevin Beaumont on Saturday to declare: “This vulnerability is now under mass exploitation.” He went on to say, “From talking to multiple organizations, they are seeing widespread exploitation.”

He said that as of Saturday, he had found an estimated 20,000 instances of exploited Citrix devices where session tokens had been stolen. He said his estimate was based on running a honeypot of servers that masquerade as vulnerable Netscaler devices to track opportunistic attacks on the Internet. Beaumont then compared those results with other data, including some provided by Netflow and the Shodan search engine.

Meanwhile, GreyNoise, a security company that also deploys honeypots, was showing exploits for CVE-2023-4966 coming from 135 IP addresses when this post went live on Ars. That’s a 27-fold increase from the five IPs spotted GreyNoise saw five days ago.

The most latest numbers available from security organization Shadowserver showed that there were roughly 5,500 unpatched devices. Beaumont has acknowledged that the estimate is at odds with his estimate of 20,000 compromised devices. It’s not immediately clear what was causing the discrepancy.

The vulnerability is relatively easy for experienced people to exploit. A simple reverse-engineering of the patch Citrix released shows the functions that are vulnerable, and from there, it’s not hard to write code that exploits them. Making attacks even easier, a handful of proof-of-concept exploits are available online.

In a detailed technical analysis, researchers from Assetnote wrote:

We found two functions that stood out ns_aaa_oauth_send_openid_config and ns_aaa_oauthrp_send_openid_config. Both functions perform a similar operation, they implement the OpenID Connect Discovery endpoint. The functions are both accessible unauthenticated via the /oauth/idp/.well-known/openid-configuration and /oauth/rp/.well-known/openid-configuration endpoints respectively.

Both functions also included the same patch, an additional bounds check before sending the response. This can be seen in the snippets below showing the before and after for ns_aaa_oauth_send_openid_config.


iVar3 = snprintf(print_temp_rule,0x20000,
                "{\"issuer\": \"https://%.*s\", \"authorization_endpoint\": \"https://%.*s/oauth/ idp/login\", \"token_endpoint\": \"https://%.*s/oauth/idp/token\", \"jwks_uri\":  \"https://%.*s/oauth/idp/certs\", \"response_types_supported\": [\"code\", \"toke n\", \"id_token\"], \"id_token_signing_alg_values_supported\": [\"RS256\"], \"end _session_endpoint\": \"https://%.*s/oauth/idp/logout\", \"frontchannel_logout_sup ported\": true, \"scopes_supported\": [\"openid\", \"ctxs_cc\"], \"claims_support ed\": [\"sub\", \"iss\", \"aud\", \"exp\", \"iat\", \"auth_time\", \"acr\", \"amr \", \"email\", \"given_name\", \"family_name\", \"nickname\"], \"userinfo_endpoin t\": \"https://%.*s/oauth/idp/userinfo\", \"subject_types_supported\": [\"public\"]}"
authv2_json_resp = 1;
iVar3 = ns_vpn_send_response(param_1,0x100040,print_temp_rule,iVar3);


uVar7 = snprintf(print_temp_rule,0x20000,
                "{\"issuer\": \"https://%.*s\", \"authorization_endpoint\": \"https://%.*s/oauth/ idp/login\", \"token_endpoint\": \"https://%.*s/oauth/idp/token\", \"jwks_uri\":  \"https://%.*s/oauth/idp/certs\", \"response_types_supported\": [\"code\", \"toke n\", \"id_token\"], \"id_token_signing_alg_values_supported\": [\"RS256\"], \"end _session_endpoint\": \"https://%.*s/oauth/idp/logout\", \"frontchannel_logout_sup ported\": true, \"scopes_supported\": [\"openid\", \"ctxs_cc\"], \"claims_support ed\": [\"sub\", \"iss\", \"aud\", \"exp\", \"iat\", \"auth_time\", \"acr\", \"amr \", \"email\", \"given_name\", \"family_name\", \"nickname\"], \"userinfo_endpoin t\": \"https://%.*s/oauth/idp/userinfo\", \"subject_types_supported\": [\"public\"]}"
uVar4 = 0x20;
if (uVar7 < 0x20000) {
        authv2_json_resp = 1;
        iVar3 = ns_vpn_send_response(param_1,0x100040,print_temp_rule,uVar7);

The function is pretty simple, it generates a JSON payload for the OpenID configuration and uses snprintf to insert the device's hostname at the appropriate locations in the payload. In the original version, the response is sent immediately. In the patched version, the response is only sent if snprintf returns a value less than 0x20000.

The vulnerability occurs because the return value of snprintf is used to determine how many bytes are sent to the client by ns_vpn_send_response. This is a problem because snprintf does not return how many bytes it did write to the buffer, snprintf returns how many bytes it would have written to the buffer if the buffer was big enough.

To exploit this, all we needed to do was figure out how to get the response to exceed the buffer size of 0x20000 bytes. The application would then respond with the completely filled buffer, plus whatever memory immediately followed the print_temp_rule buffer.

‍Exploiting the Endpoint

Initially we thought the endpoint would probably not be exploitable. The only data that was inserted was the hostname, which is something that needed administrator access to configure. Luckily for us, we were wrong and the value inserted into the payload did not come from the configured hostname. It actually came from the HTTP Host header.

We were also fortunate that NetScaler inserts the hostname into the payload six times, as this meant we could hit the buffer limit of 0x20000 bytes without running into issues because either the Host header or the whole request was too long.

We put together the following request and sent it to our NetScaler instance.

GET /oauth/idp/.well-known/openid-configuration HTTP/1.1
Host: a <repeated 24812 times>
Connection: close

We received the response shown below with the non-printable characters removed.

HTTP/1.1 200 OK
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 147441
Cache-control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: application/json; charset=utf-8
X-Citrix-Application: Receiver for Web

{"issuer": "https://aaaaa ...<omitted>... aaaaaaaaaaaaaaaaí§¡
d98cd79972b2637450836d4009793b100c3a01f2245525d5f4f58455e445a4a42HTTP/1.1 200 OK
Content-Length: @@@@@
Cache-control: no-cache
Pragma: no-cache
Content-Type: text/html
Set-Cookie: NSC_AAAC=@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@;Secure;HttpOnly;Path=/

ò #pack200-gzip

We could clearly see a lot of leaked memory immediately following the JSON payload. While a lot of it was null bytes, there was some suspicious looking information in the response.

The name Citrix Bleed is an allusion to Heartbleed, a different critical information disclosure vulnerability that turned the Internet on its head in 2014. That vulnerability, which resided in the OpenSSL code library, came under mass exploitation and allowed the pilfering of passwords, encryption keys, banking credentials, and all kinds of other sensitive information. Citrix Bleed isn’t as dire because there are fewer vulnerable devices in use.

But Citrix Bleed is still plenty bad. Organizations should consider all Netscaler devices to have been compromised. This means patching any remaining unpatched devices. Then, all credentials should be rotated to ensure any session tokens that might have been leaked are invalidated. Last, organizations should inspect their devices and infrastructure for signs of compromise. Security firm Mandiant has in-depth security guidance here.

Mon, 30 Oct 2023 02:38:00 -0500 Dan Goodin en-us text/html https://arstechnica.com/security/2023/10/critical-citrix-bleed-vulnerability-allowing-mfa-bypass-comes-under-mass-exploitation/
China’s Appeal Is Waning for U.S. Companies. Citrix Has Joined the Exodus.

HONG KONG—Cloud Software Group, which owns enterprise-software brand Citrix, is ceasing business transactions in China, becoming the latest U.S. company

to pull back from China.

In an email to clients and partners on Monday seen by The Wall Street Journal, Cloud Software Group said it has made the decision to cease all new commercial transactions in China, including Hong Kong, on Dec. 3. It cited rising costs in the market. 

Copyright ©2023 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Wed, 08 Nov 2023 01:19:00 -0600 en-US text/html https://www.wsj.com/tech/citrix-owner-becomes-latest-u-s-company-to-retreat-from-china-380413cf

1Y0-403 Practice Test | 1Y0-403 information source | 1Y0-403 reality | 1Y0-403 test | 1Y0-403 information | 1Y0-403 tricks | 1Y0-403 test | 1Y0-403 history | 1Y0-403 exam plan | 1Y0-403 learn |

Killexams exam Simulator
Killexams Questions and Answers
Killexams Exams List
Search Exams
1Y0-403 exam dump and training guide direct download
Training Exams List