About Stu HendersonMr. Henderson is an experienced consultant who specializes in effective computer security for IBM mainframes, UNIX, and Windows. He has helped hundreds of organizations make better use of security software such as RACF, ACF2, and TopSecret. He has conducted information security reviews and audits for numerous commercial and government organizations. He knows how to audit mainframe computers and how to teach others to audit them.
PROFESSIONAL EXPERIENCEHis experience includes nine years with AT&T, where he was responsible for both MVS and VM technical support and maintenance. While there, he initiated the computer measurement function for both MVS and VM, using software monitors and SMF data for chargeback, capacity planning, and system tuning. His extensive hands-on experience there, with both hardware and software for mainframes and networks, provided the technical basis for his subsequent information security practice.
At a major brokerage firm he created the computer security function, including complete implementation of RACF security software, development of security policy and procedures, and development of techniques for analysis of SMF data to monitor violations and out-of-norm usage. In two years his computer security work earned him promotions to Assistant Vice President and Vice President.
Working as a consultant for firms such as Ernst & Ernst (now Ernst & Young) and Coopers & Lybrand (now part of PriceWaterhouseCoopers), he developed systematic approaches to evaluating information security, IT effectiveness, and management controls. He taught these approaches to other consultants and auditors, and used them successfully in security reviews at client data centers. At Coopers & Lybrand, where he was director of Computer Security Services for the Mid-Atlantic Region, he created the C & L Computer Security seminar series. This included security seminars addressing: MVS, TopSecret, ACF2, RACF, VTAM, and DB2. Stu developed and taught most of the seminars himself.
Since 1990, he has directed his own firm, the Henderson Group, which provides computer security consulting and training in a variety of technical areas, including: MVS, z/OS, UNIX, and Windows security reviews, implementation assistance to users of RACF, ACF2, and TopSecret, evaluations of network security and effectiveness,and technical assistance to audit departments. He has provided technical assistance to organizations implementing MLS security on their mainframe computers.
- Wrote semi-monthly column on what information IT executives need to do their job well for "Enterprise Executive" magazine
- Wrote semi-monthly column on security for "Enterprise Tech Journal" magazine
- Edits the email newsletter "Mainframe Audit News"
- Edits the "RACF User News"
- Founded the New York RACF Users Group.
- Provides an Information Security and Audit Tech Support Hotline
- Frequent speaker to local and national professional societies (including ISACA, CA World, SHARE, RACF User Groups, and the Vanguard conference). Topic areas include technical issues such as how to audit or implement information security on a variety of platforms. They also include non-technical issues such as how to audit an organization for computer security and what senior management needs to do to support computer security. Specific topics include "How to Break Into z/OS (MVS) Systems",
"How to Break Into Mainframe Systems from the Internet", "Stu Henderson's Clear Explanation of Digital Certificates", "A Comparison of Data Access Control Packages", "Windows Security, Audit, and Control", and "How to Audit MVS Security".
- In conjunction with IBM, developed and presented a half-day seminar titled "What
Senior Executives Should Know About: Computer Abuse, Computer Security, and
Disaster Recovery Planning"
- Taught Certified Information Systems Auditor (CISA) review courses for the
National Capital Area Chapter of the ISACA.