2024-08-06 –, Firenze
When you used your debit card today, do you know where that transaction was sent? Though it may conjure archival images of a 1950’s IT room stocked with enormous, low-tech machines, Mainframe technology is both modernized and heavily relied upon today. Mainframes are tasked with supporting not only the billions of banking and retail transactions that occur daily, but also managing the production workloads of government entities, healthcare conglomerates, transportation industries, and more.
Mainframe architecture is some of the most reliable tech heavily in operation today, able to manage incredibly large input/output volumes with low risk of downtime and there are few signs of it being sunset in the decades to come. As protectors of the cyber landscape, understanding how to secure mainframe architecture will remain important for any business entity that touches upon this behemoth technology.
In this talk we'll explore the pervasiveness of mainframe technology, why it will remain relevant to the future landscape of mission critical-applications, and 5 trusted solutions for helping to secure these incredible computers.
Over the last year I have become increasingly fascinated with cybersecurity for important technologies that receive a lot less press; cue Mainframes! There is a lot of focus on AI, cloud, and other specific arenas within cybersecurity but there is only a very small mainframe community, albeit both active and well-informed. As an offensive security practitioner I see on a regular basis the vulnerabilities that so easily plague supposedly secure applications, thick clients, and APIs that manage and transmit highly sensitive data. With this exposure to how treacherous a tech stack can become without necessary attention, it has become an important goal of mine to remind the cyber community of our less glamorous technologies that not only exist but that serve as the very foundation for massive institutions like finance across the globe. My talk will cover a brief history of what a Mainframe computer even is (how is it different from a regular server?), what they are commonly used for, a couple of notable breaches, all wrapped up with a walk through 5 practical examples of securing your mainframes: techniques for locking them down, logging, monitoring, conducting competent security reviews, and a handy list of current and common open-source tools for penetration testing.
Background Info:
https://github.com/mainframed
https://www.darkreading.com/vulnerabilities-threats/the-mainframe-is-seeing-a-resurgence-is-security-keeping-pace-
https://www.mainframesecurity.com/mainframe-security-breaches-threats/
https://www.bmc.com/blogs/top-mainframe-security-threats/
https://developer.ibm.com/technologies/mainframe/blogs/
Security Consultant, NetSPI
As a Security Consultant, Michelle Eggers executes penetration testing for a variety of client environments. After making a strong pivot from operations into proactive security, Michelle focuses on web application, mainframe, and network pentesting.
Michelle has contributed to the security community by speaking about mainframe and web application security at various cybersecurity conferences, volunteering with Black Girls Hack during Hacker Summer Camp, and driving forward interest in securing mission critical systems and critical infrastructure through authoring blog posts and social media content on the subjects.
Credentials and certifications earned include CompTIA Security+ and ISC2 Certified in Cybersecurity. She also holds a Bachelor of Science degree in Accounting, a Project Management Certificate from Cornell University, and an Evolve Security Certified Professional credential.