GSUK Security Working Group Meeting - Thursday 25th September 2025
25th September 2025, 9:00 am - 5:00 pm
We are pleased to confirm that the next meeting of the GSUK Security Working Group, is scheduled as follows:
| Date | Thursday 25th September 2025, 09:00 – 17:00 BST (Please note the time zone! The meeting is being run from the UK) |
| Venue | This is a hybrid meeting – you can attend in person or via Microsoft Teams
BMC Winnersh, 1020 Eskdale Road, 2nd Floor, Winnersh, RG41 5TS (click here for location map) |
| CPE/CPD hours | Up to a maximum of 7 hours (full attendance required to claim maximum number of hours) |
This meeting is suitable for anyone with an interest in Mainframe Security, including Mainframe Security Professionals (newbies to experienced), Cyber Security Specialists, System Programmers, Auditors and Managers. Attending this meeting will grow your professional skills and knowledge in the following areas:
- Latest security innovations from vendors and how they help enhance security for your organisation
- Current threats, trends, including regulatory and compliance updates to help you prioritise security and compliance efforts
- Share problems, knowledge, best practices with working group members
- Give feedback to vendors on their offerings, including product direction
- Earn CPE/CPD hours to support maintenance of certifications or an education portfolio
Agenda
| Start | End | Topic | Who |
| 09:00 | 10:00 | Welcome from our host, BMC Software
Kickoff welcome session and presentation from our host:
Easter Sunday 2025 – A memorable day for UK retail A post operational review of the ransomware attacks on Marks / Spencer, Co-Op and Harrods from a business perspective and a reflection on what lessons can be learnt to limit future damage. |
Mark Banwell
(BMC Software) |
| 10:00 | 11:00 | Downtime Meets Surgical Recovery: The Newest Backup & Recovery Strategies for Ransomware and Data Loss
If a single outage could cost your business millions, would your current recovery strategy weather the storm? Today’s mainframe IT leaders are navigating relentless threats—ransomware, regulatory pressure, and an expectation of instant availability. Slow, manual restores aren’t just inconvenient; they’re a critical risk. In this session, you’ll learn best practices for: • Minimizing application downtime from data loss or an outage • Achieving tighter recovery point objectives with smarter, modern techniques • Drastically reducing time and complexity for routine and emergency restores |
Michael McKay (Rocket Software) |
| 11:00 | 11:15 | Coffee Break | All |
| 11:15 | 12:15 | Your 2026 Guide to Mainframe Vulnerability Management
The integrity of mainframe data and software is critical in fundamentally securing your business. Understanding mainframe vulnerability management is core to successfully surviving mainframe risks. At any given point, there are a variety of mainframe vulnerabilities in an organization’s environment that are essentially waiting to be exploited. Mainframe vulnerabilities can come from a variety of sources, including hardware configurations, IPL parameters, External Security Manager (ESM) configurations, and 3rd party operating system programs. Building or integrating into an existing risk management framework takes time and effort. Key takeaways from this session include: Key takeaways include: • Starting a Mainframe Vulnerability Management Program; Challenges and Best Practices • What is a Mainframe Risk-based Vulnerability Management strategy? How to define Vulnerability Metrics. • A review of the lifecycle which comprises of five ongoing and overlapping workflows: Discovery, categorization and prioritization, resolution, reassessment, and reporting. |
Ray Overby (Rocket Software) |
| 12:15 | 13:15 | Lunch Break & Networking | All |
| 13:15 | 14:15 | Lessons Learned from Recent Mainframe Pentests
Over the past year and a bit, I’ve been involved in several mainframe penetration tests — and I’ve discovered some things that might surprise you. But this won’t be a one-way presentation; it’s designed to be interactive. I’ll share real-world lessons learned from these pentests — all within NDA boundaries, of course 😉 — and for each one, we’ll discuss: “You don’t do that… right?” Or maybe… you do. Expect an open, thought-provoking conversation about recurring findings, unexpected vulnerabilities, and the patterns I’ve seen emerge — from misconfigured RACF profiles and datasets exposed too broadly to unsecured APIs and integration points that quietly create backdoors. Some issues will feel obvious, but others might make you stop and rethink your own security posture. By the end of the session, you’ll leave with: · A better understanding of how real-world pentests approach mainframes · Insights into common pitfalls and attack paths · A practical checklist of things worth double-checking in your own environment · Shared perspectives from peers facing similar challenges This isn’t a lecture. It’s a chance to compare notes, challenge assumptions, and learn from each other’s blind spots. |
Henri Kuiper
(Mainframe Society) |
| 14:15 | 15:15 | How a software developer thinks about RACROUTE
This presentation describes the considerations that a system software developer must take into account for the security policy for a product. This includes the choices of class and resource names, whether to RACLIST and the various logging options available. |
Rob Scott (Rocket Software) |
| 15:15 | 15:30 | Afternoon tea | All |
| 15:30 | 16:30 | Network Crypto Discovery using zERT
If a single outage could cost your business millions, would your current recovery strategy weather the storm? Today’s mainframe IT leaders are navigating relentless threats—ransomware, regulatory pressure, and an expectation of instant availability. Slow, manual restores aren’t just inconvenient; they’re a critical risk. In this session, you’ll learn best practices for: • Minimizing application downtime from data loss or an outage • Achieving tighter recovery point objectives with smarter, modern techniques • Drastically reducing time and complexity for routine and emergency restores |
Navya Ramanjulu
(IBM) and Ed Seidl (IBM)
|
| 16:30 | 17:00 | Mainframe Security Current Status and the Future
Open discussion |
All
|
| 17:00 | End of meeting |
Note: Agenda and timings are subject to change.
Future GSUK Security meetings for your calendar
Other events from the GSUK Region can be found here: https://www.gse.org.uk/events/
Log in if you already have an account with us.