By Reg Harbeck with Phil Young
This is part two of a 10-part series on security for the mainframe. During SHARE San Jose 2017 Reg Harbeck sat down with Phil Young, co-founder of zedsec 390 to explore critical security topics, and offer tips and tactics to help create a more secure mainframe environment.
“Soldier of Fortran.” Really? What the hack is that supposed to imply?
Well, first of all, it is meant to imply that Phil Young clearly has a Canadian sense of humour. Wordplay tends to go over more naturally than gunplay with Canadians, so a play on established concepts like “soldier of fortune” and “Fortran” brings to mind a light-hearted opportunistic approach to benefiting from our shared legacies more than a die-hard gun-slinging mercenary hacker.
And yet, there is something to that latter connotation. Especially if you were to add in a hint of “rock star.” Though some may be tempted to wonder if that rock is ferrite or pyrite—or some other form of big iron.
Regardless, Phil has discovered a niche of unlimited potential, and he’s plumbing it—and is consequently flush with success. And that niche is hacking the mainframe for the greater good of our ecosystem and the world economy at large.
But what led to this largesse? And what’s in it for Phil?
It is apparent that he has a feline level of curiosity, which seems to be balanced with a commensurate number of lives. Unlike your typical “hacker,” however, Phil has always done it as part of his professional duties, from his early days as an auditor asking uncomfortable questions about the mainframe to his current practice of bringing vulnerabilities to light in order to wake up the mainframe community to our responsibility for the platform that makes the economy run.
Perhaps one of the clearest illustrations of the destiny Phil discovered for himself was when, as a neophyte auditor, he asked to do a penetration (“pen”) test of a mainframe environment and was denied the opportunity because a similar effort many years earlier had crashed the system. He may have been forging his road ahead with his response, but he certainly didn’t make any friends among his first mainframe colleagues when he wrote them up, saying, “System is not stable enough to handle a pen test … ”
Read Part 1 - Young, the Mainframe Hacker: The Saga Begins.