QUICK LINKS:
HOME PAGE
CONTACT US
ABOUT US
PRIVACY STATEMENT
INFOSEC AND RACF TRAINING
IT AUDIT AND z/OS AUDIT TRAINING
TRAINING SIGNUP
(cities, dates, form, hotels)
NEWSLETTERS / USER GROUPS
ARTICLES
OTHER INFO SOURCES
ABOUT Stu Henderson
Mr. Henderson is an experienced consultant who specializes in effective computer security for IBM mainframes and Windows. He has helped hundreds of organizations make better use of security software such as RACF, ACF2, and TopSecret. He has conducted MVS security reviews for numerous commercial and government organizations.
PROFESSIONAL EXPERIENCE
His experience includes nine years with AT&T, where he was responsible for both MVS and VM technical support and maintenance. While there, he initiated the computer measurement function for both MVS and VM, using software monitors and SMF data for chargeback, capacity planning, and system tuning. His extensive hands-on experience there, with both hardware and software for mainframes and networks, provided the technical basis for his subsequent computer security practice.At a major brokerage firm he created the computer security function, including complete implementation of RACF security software, development of security policy and procedures, and development of techniques for analysis of SMF data to monitor violations and out-of-norm usage. In two years his computer security work earned him promotions to Assistant Vice President and Vice President.
Working as a consultant for firms such as Ernst & Ernst (now Ernst & Young) and Coopers & Lybrand, he developed systematic approaches to evaluating computer security. He taught these approaches to other consultants and auditors, and used them successfully in security reviews at client data centers. At Coopers & Lybrand, where he was director of Computer Security Services for the Mid-Atlantic Region, he created the C & L Computer Security seminar series. This included security seminars addressing: MVS, TopSecret, ACF2, RACF, VTAM, and DB2. Stu developed and taught most of the seminars himself.
Since 1990, he has directed his own firm, the Henderson Group, which provides computer security consulting and training in a variety of technical areas, including: MVS, OS/390, z/OS and Windows/NT/2000 security reviews, implementation assistance to users of RACF, ACF2, and TopSecret, and assistance to audit departments conducting MVS and Windows security audits.
PROFESSIONAL ACTIVITIES
- Wrote monthly column for the Computer Security Institute Alert on IBM mainframe
security. Published several articles on MVS security in ISPN News, the ISACA
Journal, and other publications.
- Founded the New York RACF Users Group. Edits RACF newsletter with a
circulation of over 2500. Supports Computer Security Tech Support Hotline for MVS
Data Security Officers and IS Auditors.
- Frequent speaker to local and national professional societies, (including the
Information Systems Audit and Control Assocation, SHARE, DPMA, the Computer
Security Institute, and the Securities Industry Association). Topic areas include
technical issues such as how to audit or implement computer security on a variety of
platforms. They also include non-technical issues such as how to audit an
organization for computer security and what senior management needs to do to
support computer security. Specific topics include "What System Programmers Know
That Data Security Officers Should (or How I Would Break Into Your System and
What You Should Be Doing To Stop Me)", "A Comparison of Data Access Control
Packages", "Windows Security, Audit, and Control", and "How to Audit MVS
Security".
- In conjunction with IBM, developed and presented a half-day seminar titled "What
Senior Executives Should Know About: Computer Abuse, Computer Security, and
Disaster Recovery Planning"
- Taught Certified Information Systems Auditor (CISA) review courses for the
National Capital Area Chapter of the ISACA.
- Edits the free email newsletter "Mainframe Audit News"
Return to Top of Page Return to Home Page