"Practical Ways to Do Things Better, and Comprehensive Reviews to Show You Where You Stand"

About Stu Henderson

Mr. Henderson is an experienced consultant who specializes in effective computer security for IBM mainframes, UNIX, and Windows. He has helped hundreds of organizations make better use of security software such as RACF, ACF2, and TopSecret. He has conducted information security reviews and audits for numerous commercial and government organizations. He knows how to audit mainframe computers and how to teach others to audit them.
Stu Teaches IS Audit
He communicates effectively with all levels of staff, from computer operator to executive management. He has over thirty-five years of hands-on experience as a system programmer, Data Security Officer, auditor, and consultant, culminating in his founding his own consulting organization, the Henderson Group. He can be reached at (301) 229-7187. His website is http://www.stuhenderson.com 


His experience includes nine years with AT&T, where he was responsible for both MVS and VM technical support and maintenance. While there, he initiated the computer measurement function for both MVS and VM, using software monitors and SMF data for chargeback, capacity planning, and system tuning. His extensive hands-on experience there, with both hardware and software for mainframes and networks, provided the technical basis for his subsequent information security practice.

At a major brokerage firm he created the computer security function, including complete implementation of RACF security software, development of security policy and procedures, and development of techniques for analysis of SMF data to monitor violations and out-of-norm usage. In two years his computer security work earned him promotions to Assistant Vice President and Vice President.

Working as a consultant for firms such as Ernst & Ernst (now Ernst & Young) and Coopers & Lybrand (now part of PriceWaterhouseCoopers), he developed systematic approaches to evaluating information security, IT effectiveness, and management controls. He taught these approaches to other consultants and auditors, and used them successfully in security reviews at client data centers. At Coopers & Lybrand, where he was director of Computer Security Services for the Mid-Atlantic Region, he created the C & L Computer Security seminar series. This included security seminars addressing: MVS, TopSecret, ACF2, RACF, VTAM, and DB2. Stu developed and taught most of the seminars himself.

Since 1990, he has directed his own firm, the Henderson Group, which provides computer security consulting and training in a variety of technical areas, including: MVS, z/OS, UNIX, and Windows security reviews, implementation assistance to users of RACF, ACF2, and TopSecret, evaluations of network security and effectiveness,and technical assistance to audit departments. He has provided technical assistance to organizations implementing MLS security on their mainframe computers.