By Reg Harbeck with Phil Young
This is part one of a 10-part series on security for the mainframe. During SHARE San Jose 2017 Reg Harbeck, chief strategist with Mainframe Analytics Ltd. and member of the SHARE Editorial Advisory Committee, sat down with Phil Young, co-founder of zedsec 390 to explore critical security topics, and offer tips and tactics to help create a more secure mainframe environment.
Fill in the blank: The IBM Mainframe is _________________.
If you didn’t know that the world economy is firmly situated on the mainframe, you might be tempted to supply answers like, “dead,” “extinct,” “a dinosaur,” or “irrelevant.”
On the flipside, if you’ve invested your career in the IBM mainframe platform and ecosystem, you may be inclined to suggest “essential,” “powerful,” “reliable,” “available,” “secure,” or, “uniquely functional.”
However, if you’re Phil Young, aka Soldier of Fortran, the first word you might suggest is, “hackable.”
Phil and I have had related journeys—we both started our journeys on the IBM mainframe in Canada, we’ve both taken a serious interest in mainframe security, and we’re both big fans of SHARE.
I had a chance to interview Phil at the San Jose SHARE 2017 event in March. I had the pleasure of seeing him present at several conferences, including previous SHARE events. I jumped at this opportunity—and it became an eye-opener!
Now, here’s the thing: Until now, while I’ve been avidly willing to sound the alarm about other areas of exposure and need on the mainframe, such as the insufficiently large next generation, I’ve been a bit skittish about awakening the world at large to mainframe security exposures.
If you’re part of the mainframe culture, you’ll immediately understand my reticence. And it goes beyond mere security by obscurity. Mainframe is a culture—a very close-knit culture of only a few tens of thousands of professionals world wide. We look out for each other and our organizations, and have proven our value and trustworthiness as part of gaining membership in this exclusive club of invisible, but essential business technologists.
But interviewing Phil made it clear to me that the time has come for me to say something—particularly since I can use Phil’s words and insights in doing so.
And that’s exactly what I’m going to do in this series of articles: Describe and discuss the issues and insights that Phil Young made importunately clear. Over the course of the next few weeks, we will explore critical security topics, and offer tips and tactics to help create a more secure mainframe environment.