GSUK Security Working Group – Next Meeting - Thursday 26th February 2026
26th February 2026, 10:00 am - 4:30 pm
We are pleased to confirm that the next meeting of the GSE UK Security Working Group, is scheduled as follows:
| Date | Thursday 26th February 2026, 10:00 – 16:30 GMT (Please note the time zone! The meeting is being run from the UK) |
| Venue | This is an online only meeting via Microsoft Teams |
| CPE/CPD hours | Up to a maximum of 7 hours (full attendance required to claim maximum number of hours) |
This meeting is suitable for anyone with an interest in Mainframe Security, including Mainframe Security Professionals (newbies to experienced), Cyber Security Specialists, System Programmers, Auditors and Managers. Attending this meeting will grow your professional skills and knowledge in the following areas:
- Latest security innovations from vendors and how they help enhance security for your organisation
- Current threats, trends, including regulatory and compliance updates to help you prioritise security and compliance efforts
- Share problems, knowledge, best practices with working group members
- Give feedback to vendors on their offerings, including product direction
- Earn CPE/CPD hours to support maintenance of certifications or an education portfolio
Agenda
| Start | End | Topic | Who |
| 10:00 | 10:10 | Welcome
Kick-off welcome session. |
Sue Parsons
(GS UK) |
| 10:10 | 11:10 | How to configure security for TLS REST-APIs for z/OS. Basic, token Based (alongside MFA), certificate based.
Client technology stacks that drive z/OS services through REST APIs across TLS, require authentication so the sender is associated with an MVS user ID. There are a number of ways to do this, from passing a userID and password on the request, to exchanging a user and credentials for a token (ltpa or JSON Web Token or other …) that is the user association, or client certificates that can either be generated from the ESM bottom up paired with a userID, or else created by an external service and imported to the z/OS ESM to be associated with the user ID. This session will cover all of these with examples, screen shots, and live (or recorded as dictated by the demo gods). |
Joe Winchester
(IBM) |
| 11:10 | 11:20 | Setup next speaker | |
| 11:20 | 12:20 | Cyber Risk Is No Longer a Technology Problem — It’s a Leadership and Regulatory One
The regulators are increasingly clear: cyber resilience is no longer about controls on paper — it’s about decision-making under stress. From DORA’s operational resilience requirements, to NIS2, to FCA and PRA expectations, organizations are being held accountable not just for preventing incidents, but for their ability to recover, continue operations, and demonstrate confidence in their decisions during disruption. This session explores why many cyber strategies still fail at the moment they matter most: when leadership teams must decide whether data can be trusted, systems can be restored, and services can safely resume. Using real-world scenarios — including ransomware, silent data corruption, and backup integrity failures — I’ll examine: – Why untested recovery assumptions create regulatory and business risk – How loss of confidence in backups undermines crisis response and executive decision-making – What regulators are implicitly asking when they demand resilience, not just security |
Mira Miga
(BMC) |
| 12:20 | 12:30 | Setup next speaker | |
| 12:30 | 13:15 | Is Change Management Necessary for Regulatory Compliance?
As the mainframe is often the central hub to many organisations, particularly in the financial market, supporting a wide range of integrated peripheral platforms – onsite, hybrid cloud and mobile – maintaining the mainframe to operate optimally, whilst ensuring integrity and security and above all, regulatory compliance, is no insignificant task. Periodic updates and new version releases to z/OS, associated hardware and firmware, industry specific applications and third-party add-on applications all need to be carefully orchestrated in order to keep the mainframe running smoothly and uninterrupted. This means any changes need to be demonstrably authorised, scheduled, tracked and backed up. CORA (Corporate accountability), DORA (Digital Operational Resilience Act), GDPR, and SOX regulations (to name but a few) all require that this activity must be carried out under the umbrella of stringent ICT (Information and Communications Technology) controls to be able to prove to external and internal auditors that processes and mechanisms are in place to ensure corporate compliance and accountability So, is a specific Change Management solution required to achieve Regulatory Compliance? |
Diccon Grayling
(Action Software) |
| 13:15 | 14:00 | Lunch Break | |
| 14:00 | 15:00 | Mainframe Under Siege: Real-Time Threat Interception
Mainframes are not impenetrable. Recent healthcare, financial and government breaches prove that traditional security assumptions leave critical vulnerabilities exposed. This session reveals why conventional mainframe security fails and demonstrates modern defensive capabilities that address these gaps: Issues discussed: – ESM bypass techniques used in recent attacks – Insider threats with legitimate credentials – Ransomware targeting mainframe data – Reconnaissance activities going undetected This session will review modern defense techniques such as behavioral anomalies that precede insider attacks, integrity monitoring to reveal ransomware insertion, mainframe network awareness to prevent data exfiltration, need for immediate damage control. An optional attack simulation, showing immediate interception and damage control will illustrate how modern tools can freeze perpetrators in their tracks, providing valuable time for support staff to respond correctly. The practical insights, utilizing existing and new tools, will strengthen your mainframe security posture in ways that were never possible before. |
Al Saurette
(Maintegrity) |
| 15:00 | 15:10 | Setup next speaker | |
| 15:10 | 16:10 | LLM-Assisted Software Development to Manage Risk
Join Jared (IBM Z MFA development) for a fun discussion of AI and related tool development, from a defensive risk management posture. Examples will be drawn from Z MFA development, aviation, and elsewhere. |
Jared Hunter
(Rocket Software) |
| 16:10 | 1630 | End of meeting
End of meeting session. |
Sue Parsons
(GS UK) |
Note: Agenda and timings are subject to change.
Future GSUK Security meetings for your calendar
More details of our schedule, including other events from the GSUK Region can be found here: https://www.gse.org.uk/events/
Log in if you already have an account with us.