Select sessions from SHARE Columbus 2022 Conference

No this is not a political talk. There has been a tremendous focus on "shifting left" and how that will improve efficiency, reduce skill required, etc. However, DevSecOps is not a magic cure all to modernize and secure applications and their development processes. Every role, team, and environment has their own contributions to make to a secure supply chain and secure end deliverables. What types of scanners can be ran in an automated DevSecOps pipeline? What would be better off left to experts? Join us as we discuss how DevSecOps augments but does not replace development/test expertise and proper processes in enterprise systems.

IBM z16 delivered key innovations to help solve today's business challenges and accelerate digital transformation. The suite of compiler products has also been refreshed to support IBM z16 and provide new features for application modernization. This session covers new features and product directions of COBOL, PL/I, C/C++ and Java on IBM z16 and how they can help you take full advantage of IBM z16 architecture and accelerate digital transformation.

Often, auditors do not have a mainframe background and may not have an understanding of mainframe terminology, such as APF, SYS1.PARMLIB, ESM, LINKLIST, USS, etc. Where should auditors, compliance teams, and Mainframe cybersecurity teams start when auditing the mainframe? Where do STIGs (Security Technical Implementation Guides) fit into the picture? What does compliance within the mainframe environment mean? Do standards exist for auditors and compliance teams to validate for the z/OS Mainframe? What is the value for the organization to adopt mainframe cybersecurity standards? In this session, we will discuss these important questions.

In this session, the presenter will review the need for Information Security Continuous Monitoring and why you should document your processes using the Broadcom Security Continuous Monitoring Playbook. Similar to a sports team, everyone can use a playbook that details what to monitor, who to notify, and what actions to take when critical events are detected. The presenter will review a detailed example of a playbook entry. The session will close the session with a discussion of the top security and system settings to monitor for changes.

Join John Pinkowski in discovering the new and not so new features available to ACF2 and Top Secret users. We will also tie a number of features to current industry requirements.

z/OS Communications Server offers full support for TLS/SSL (through its AT-TLS feature) and for IPSec to protect IP-based traffic as it traverses the network. In addition, z/OS supports SSH and related protocols through its OpenSSH server. All these protocols make heavy use of cryptography and leverage various cryptographic functions on the platform. This session will explore the key cryptographic software and hardware components that come into play for AT-TLS, IPsec and OpenSSH and will address common questions regarding when, where and how those cryptographic components are used.

As quantum computers advance, the potential to break today's strong algorithms increases dramatically. IBM-invented algorithms such as Crystals-Dilithium and Crystals-Kyber provide data protection that is resistant to quantum attacks using lattice based cryptography. Which algorithms could be broken? Which applications need to be updated? What does migration look like? Join this session to learn how to get started with migration to quantum safe cryptography.

Come to this session to learn all about the latest RACF features to better protect your z/OS systems.

80% of hackers say humans are most responsible for security breaches, and 68% of hackers say MFA is one of their biggest obstacles. How can organizations ensure that the MFA solution they deploy is most compatible with their infrastructure and enterprise security management goals? The considerations go beyond support for security managers, such as RACF, Top Secret, or XYZ, and leading authentication methods such as RSA SecurID and Certificate Authentication? In this session, the speaker discusses a "pre-flight checklist" of sorts that ever security architect and administrator should have on-hand to ensure they make the most pragmatic choice tailored to their organization.