A Their Story conversation with Sean Martin, Marco Ciappelli, and Key Resources CTO and co-founder, Ray Overby
The lack of InfoSec talent is something the cybersecurity industry complains about all the time. How does this challenge differ when we look at mainframe security? Once again, perception and reality are not a match.
In Chapter 1 of the Key Resources story, we spoke with Cynthia Overby, President & Co-Founder at Key Resources, to look at the mainframe's role across numerous industry verticals. Mainframes are still necessary and popular — even more than ever — especially in critical infrastructure and surrounding environments.
Because of how these systems have developed over time, they often fall outside of typical IT networks and don't typically land in an OT environment. This can leave them sitting in the middle, managed independently, sometimes out of sight and out of mind. And, when they do come into mind, it's not always easy to determine the risk they introduce to the business compared to the rest of the IT/OT infrastructure CISOs are often asked to assess and mitigate.
Of course, the staffing challenges don't just magically go away because these systems are "lightly managed" — in fact, mainframes can leave the organization sitting with an exposure that they aren't aware of and aren't staffed to handle.
In this episode, we dig into this human element of the mainframe and the human-oriented activities needed to support it. We're joined by Ray Overby, CTO & Co-Founder at Key Resources, Inc.
Together, we take a journey into the past era of the early mainframes — a time when "integrity" was being defined and probably doesn't equate to what you think it is today. The current state of the mainframe still leans heavily on this concept of "integrity" — perhaps a little too much in that humans put a little too much blind trust in the system.
Intrigued? So were we.
Ray walks us through the realities of the lack of qualified security professionals managing mainframe security at critical organizations and the common misunderstanding by many security professionals that, even though the mainframe is the most securable, it still requires individuals to actually secure it.
We've come full circle with mainframes. They still do what they were designed to do — really well, in fact. Still, we need to understand the role of the human in the equation as we try to do two things at once: 1) run the critical business processes on the mainframe, and 2) remember that security doesn't happen magically; it requires human intervention.
It's time to put the humans back in the mainframe. History, as usual, can help us clarify the present and plan for a better future.
Have a listen to learn more.
Note: This story contains promotional content. Learn more.