Learning To Be A Security Officer

By Rich Loeber

I have been asked several times recently "How did you learn so much about security on the IBM i?". In this tip, I will try to let you know how I got to this point and, perhaps, it will help you on your journey as well.

First, you have to remember that I have been working on computer systems since my first job as a data control clerk in 1965. During that time, I've moved through just about every aspect of the computing field from data entry clerk, system operator, programmer, systems analyst, project manager, department manager, independent contractor and software developer. All along the way, security issues have come up and had to be researched and dealt with. So, I guess some longevity contributes to where I am today. But, old age is not an option to a lot of aspiring security officers for today's IBM i installations.

As I think back over this history, several concepts come to mind that have helped me strengthen my understanding of computer security.

First and foremost is reading. I am, by nature, an avid reader. Over the course of my career, I have found that reading is crucial to staying current on what's going on in the field. This is more true today than it has ever been since things are changing faster now than at any time that I can recall.

When choosing what to read, I'd recommend a holistic approach that includes general computing topics, IBM i specific topics and security topics. In today's world, this means reading magazines, Internet publications and technical manuals.

There are a few magazines that are still in print for the IBM i world, although it is hard to know how much longer that will last. Almost all of their content, however, is available on-line at websites maintained by the publishers. Some of these charge a fee for access, but the charges are not prohibitive and the content is generally well worth the price of admission. These publications tend to focus on "what's new" topics, but their archives are a good source of general information that you will find most helpful.

For security topics on your IBM i, there is nothing better than going to the source .... the security manuals that come with your system. These are available on a CD that came with your system and also on-line from the "IBM i and System i Information Center" (http://publib.boulder.ibm.com/eserver/ibmi.html). The current manuals for all supported versions of the operating system are there along with an extensive library on security topics. You can't find better details than looking at these documents from IBM as they tell you exactly how the designers intend for security to be implemented on your system. I know, reading the manuals can be tedious, but they're really not that bad. When I'm writing a tip for publication, I often find myself mired in them to get the exact details of how something works, according to IBM.

Another good way to stay current on what's going on in the IBM i security field is to participate in an on-line discussions forum. For me, I like David Gibb's "midrange.com" (http://www.midrange.com/). You can sign up for quite a few different forums and then just sit back and monitor the traffic via email. The group that participates is great at answering your questions and you can read what others are doing. I'm amazed at how much I pick up just by monitoring the email traffic.

So, the first step in improving your understanding of security is reading. One thing to remember is that reading takes time. I have the luxury these days of being able to set my own schedule and I make time for reading a priority. You will need to dedicate time during your busy week for this activity. Failure to do so could leave you out of date.

If you have any questions about this topic you can reach me at rich at kisco.com, All email messages will be answered as quickly as possible.