3 Ways to Find Success Amidst Skills Gap in Mainframe Security
by Praveen Kumar, Vice President for Asia Pacific at Rocket Software
Cybersecurity professionals are to 21st-century businesses as the immune system is to human bodies. Without enough of them, both enterprises and people fall victim to nefarious beings that are just about everywhere.
This is especially true with the increasing digitalisation of Malaysia. While it brings numerous benefits to individuals, businesses, and the economy, it also poses risks such as the rising threat of cybercrimes. In a statement, the Personal Data Protection Department (PDPD) said they have already recorded 130 data breaches in the first half of this year alone.
As a result, the demand for cybersecurity professionals is on the rise. In fact, the Asia Pacific cybersecurity workforce skills gap reached 2.1 million professionals last year, according to the International Information System Security Certification Consortium (ISC)². While it indicates the high demand for skilled cybersecurity experts, the role of mainframe security professionals often gets overlooked.
Despite the popularity of cloud solutions, the mainframe remains an integral part of organisations. A survey conducted by Rocket Software found that 93% of IT leaders preferred hybrid cloud solutions over completely replacing their existing mainframes.
Unfortunately, security for this type of infrastructure is often neglected in favour of the cloud.
Contrary to assumptions, the mainframe is not inherently secure. Without continuous monitoring and security scanning, it exposes organisations to additional risks and vulnerabilities. Therefore, bolstering mainframe security should be a top priority for all businesses utilising it. However, this is challenging without the right talent and resources.
Many mainframe experts are retiring, and young professionals are not stepping up to fill these roles. This is because mainframe security is a niche skill and finding the appropriate training can be challenging, often requiring on-the-job experience. Consequently, young professionals interested in entering the field often need to seek additional training.
However, it is important to note that organisations utilising the mainframe are continuously investing and modernising it. As a result, there will always be open roles that need to be filled. Young developers and technicians would be wise to consider exploring mainframe security as it is a difficult role to fill, which could make mainframe security experts indispensable. Additionally, working on the mainframe exposes young professionals to other areas of IT, creating opportunities for career growth.
Employers must also take an active role in supporting young professionals as they gain experience in the field, as waiting passively for the perfect candidate is no longer an effective recruitment strategy.
To excel in the field of mainframe security, whether as an individual pursuing a career or an IT leader responsible for recruiting and training a team, understanding the following key factors is imperative for success:
- Continuous Learning on The Job
In the field of IT, continuous learning is essential, and this holds true for mainframe security as well. It is important for aspiring mainframe professionals to actively seek guidance and ask questions when needed. They should embrace the fact that not knowing everything initially is not only okay but can also lead to valuable knowledge sharing with seasoned professionals. Given that many educational institutions do not offer specialised degrees in mainframe security, on-the-job learning and additional training are to be expected.
To become an expert in mainframe security, it is crucial to develop a systematic approach and checklist for addressing new IT issues. This may involve consulting manuals or relying on trusted colleagues for assistance. As new cybersecurity professionals gain experience and encounter diverse situations, they must refine their problem-solving skills and adjust processes accordingly. Maintaining a mindset of continuous curiosity and a tenacious attitude will be the engine that drives their careers forward in this field.
For IT leaders, it is noteworthy to identify young professionals who display an interest and aptitude in mainframe security. Providing opportunities to cultivate their expertise and supporting them with the necessary resources can help bridge the talent gap in this area.
- Skill Set Diversification
Having a comprehensive understanding of how the mainframe aligns with the broader security strategy is pivotal for success in the field, as mainframe security impacts all aspects of an enterprise. To excel in a mainframe security role, one must not only become an expert in mainframe systems but also possess a strong grasp of other essential areas such as pen testing, vulnerability scanning, and natural disaster recovery, among others.
The scope of responsibilities can vary greatly, ranging from routine tasks like password updates and access management to conducting in-depth vulnerability assessments on the z/OS code base. Therefore, being prepared for a wide range of possibilities is crucial.
In addition to technical proficiency, soft skills like effective communication and interpersonal abilities are essential for collaborating with multiple security teams and gaining support from stakeholders within the organisation.
For IT leaders, it is advisable to encourage IT and cybersecurity teams to diversify their skill sets. By exposing employees to various domains within the technology ecosystem, increases the chances of discovering individuals who may develop a keen interest in mainframe security. Setting learning and development goals for the team during slower periods, along with evaluating progress in performance reviews, can be a valuable approach to fostering growth and enhancing overall effectiveness.
- Versatility in Career Trajectory and Career Opportunities
As previously mentioned, pursuing a career in the mainframe industry can provide valuable exposure and open doors to opportunities in various areas such as audit, risk management, and cybersecurity. The mainframe, known for its reliability, offers a promising and fulfilling career path.
As the current mainframe workforce ages, there are ample prospects for younger professionals to advance rapidly, both technically and in managerial roles. Seizing the opportunities available in mainframe security can lay the foundation for a successful and fulfilling career trajectory.
For IT leaders, it is crucial to remain open to hiring mainframe professionals from diverse backgrounds. Given the shortage of security experts, waiting for the perfect candidate is not a practical approach. Instead, consider individuals with transferable skills and interests, and invest in their growth and development over time, rather than expecting an immediate fit.
Investing in Mainframe Security Is Critical for Both Professionals and Organisations
Closing the talent gap in mainframe security is paramount for enterprises to secure themselves against rising cyber threats. The field requires individuals with a relentless curiosity and a willingness to continually learn and expand their skill sets. With the right mindset and outlook, a career in mainframe security can serve as an entryway to diverse professional experiences and opportunities.
Moreover, IT leaders must recognise the value of investing in talented individuals and ensuring the smooth and secure operation of the organisation’s mainframe infrastructure. Adopting this approach will contribute to bridging the talent gap and maintaining a strong mainframe security posture.
