Quick Links:

HOME PAGE

CONTACT US

INFOSEC TRAINING

IT AUDIT TRAINING

NEWSLETTERS AND USER GROUPS

ARTICLES

PRIVACY STATEMENT

ABOUT US

• The Henderson Group
• Stu Henderson
• How to Contact Us

Mr. Henderson is an experienced consultant who specializes in effective computer security for IBM mainframes and Windows. He has helped hundreds of organizations make better use of security software such as RACF, ACF2, and TopSecret. He has conducted MVS security reviews for numerous commercial and government organizations. He communicates effectively with all levels of staff, from computer operator to executive management. He has over twenty-five years of hands-on experience as a system programmer, Data Security Officer, and consultant, culmininating in his founding his own consulting organization, the Henderson Group. He can be reached at (301) 229-7187. His website is http://www.stuhenderson.com 

PROFESSIONAL EXPERIENCE

His experience includes nine years with AT&T, where he was responsible for both MVS and VM technical support and maintenance. While there, he initiated the computer measurement function for both MVS and VM, using software monitors and SMF data for chargeback, capacity planning, and system tuning. His extensive hands-on experience there, with both hardware and software for mainframes and networks, provided the technical basis for his subsequent computer security practice.

At a major brokerage firm he created the computer security function, including complete implementation of RACF security software, development of security policy and procedures, and development of techniques for analysis of SMF data to monitor violations and out-of-norm usage. In two years his computer security work earned him promotions to Assistant Vice President and Vice President.

Working as a consultant for firms such as Ernst & Ernst (now Ernst & Young) and Coopers & Lybrand, he developed systematic approaches to evaluating computer security. He taught these approaches to other consultants and auditors, and used them successfully in security reviews at client data centers. At Coopers & Lybrand, where he was director of Computer Security Services for the Mid-Atlantic Region, he created the C&L Computer Security seminar series. This included security seminars addressing: MVS, TopSecret, ACF2, RACF, VTAM, and DB2. Stu developed and taught most of the seminars himself.

Since 1990, he has directed his own firm, the Henderson Group, which provides computer security consulting and training in a variety of technical areas, including: MVS, OS/390, z/OS and Windows/NT/2000 security reviews, implementation assistance to users of RACF, ACF2, and TopSecret, and assistance to audit departments conducting MVS and Windows security audits.

PROFESSIONAL ACTIVITIES

• Wrote monthly column for the Computer Security Institute Alert on IBM mainframe security. Published several articles on MVS security in ISPN News, the ISACA Journal, and other publications.

• Founded the New York RACF Users Group. Edits RACF newsletter with a circulation of over 2500. Supports Computer Security Tech Support Hotline for MVS Data Security Officers and IS Auditors.

• Frequent speaker to local and national professional societies, (including the Information Systems Audit and Control Assocation, SHARE, DPMA, the Computer Security Institute, and the Securities Industry Association). Topic areas include technical issues such as how to audit or implement computer security on a variety of platforms. They also include non-technical issues such as how to audit an organization for computer security and what senior management needs to do to support computer security. Specific topics include "What System Programmers Know That Data Security Officers Should (or How I Would Break Into Your System and What You Should Be Doing To Stop Me)", "A Comparison of Data Access Control Packages", "Windows/NT Security, Audit, and Control", and "How to Audit MVS Security".

• In conjunction with IBM, developed and presented a half-day seminar titled "What Senior Executives Should Know About: Computer Abuse, Computer Security, and Disaster Recovery Planning"

• Teaches Certified Information Systems Auditor (CISA) review courses for the National Capital Area Chapter of the ISACA.

• Edits the free email newsletter "Mainframe Audit News"