Fill in your System i security knowledge gaps

Rich Loeber

Becoming a better security officer
Computer security as a special field is still fairly new. It's likely that you did not major in System i computer security in college or specialize in it at a technical school. In fact, as I look back on my career I can recall many people working in various segments of IT who came from some disparate backgrounds.

More on System i security training: Know-IT-All Chapter Quiz: Experts' Guide to OS/400 & i5/OS Security Data centers to hike iSeries skill requirements Guide to FREE iSeries educational resources -- part 1

One guy I worked with was a pitcher for the Pittsburgh Pirates, followed by a long career as a chemical plant manager. Another first went to college to be a psychiatrist. Personally, I never went to college, but got started in IT right out of high school working as an input/output control clerk. I suspect that we are all "accidental" System i security officers.

So how do you become an effective security officer when your training and education probably didn't prepare you for it? A few months ago, I published an article about how to learn the security officer position, which would be a good place to start. You may also want to read my article about using System i security consultant services, which teaches administrative skills in computer security. I encourage you to check out these two articles as a starting point.

But before setting out to become a better security officer, consider what you did prepare for in your career. For example, if you studied to become a programmer, you probably don't need to concentrate on the programming aspects of the security officer function. In fact, there is a tendency to stick with tasks that are most familiar. People tend to go where they are appreciated and where they can demonstrate competency. So, if you find yourself staying where you already know how things work, it is time to move out.

To become an effective security officer, you need to catch up on the knowledge you never learned in the first place. For example, I started out as an application programmer. When I got to the area of security, it was a new arena for me, and I found that communications and networking were my weakest spots.

I still don't have a full understanding of TCP/IP and how to implement foolproof security. Even worse, the people who do know how TCP/IP works all appear to speak a foreign language that is liberally peppered with three- and four-character acronyms that I'm supposed to understand.

Expand your System i security knowledge
Once you've identified gaps in your expertise, identify resources that can help you understand concepts and strengthen your security consciousness. Begin by finding a peer or an associate who can offer guidance and recommend reading materials, Web sites and other useful publications.

I also have to confess that I am still a reader of technical manuals and IBM Redbooks. Having them all online is a real benefit. When I have spare time, I often browse the manuals library to find what's new and read things that I haven't seen before. The manuals can be pretty dry reading, but they contain the manufacturer's explanation of how things are supposed to work.

I'd love to hear from you if anything here strikes a chord with you. Do you have an unusual story of how you ended up as an accidental security officer? Send it in. You can reach me at rich@kisco.com, All email messages will be answered as quickly as possible.

ABOUT THE AUTHOR: Rich Loeber is president of Kisco Information Systems Inc. in Saranac Lake, N.Y. The company is a provider of various security products for the iSeries market.

Rate this Tip To rate tips, you must be a member of Search400.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT iSeries security tips Developing a security incident response system for System i Tracking remote access users on System i Setting up security for programmers on IBM i Controlling remote access on your IBM i Checking in on your IBM i authorization lists PCI data security standards and the System i Securing the integrated file system on IBM System i Contextual security on IBM i: Limit user profile access Time for a security checkup for your i Security monitoring on IBM i: Watching your super users iSeries skills The iSeries Blog has a new home on IT Knowledge Exchange Seven IBM i project lessons learned in 2008 Learn the i: iSeries DevCon coming up in Orlando Become a self-taught System i guru System i Resume Building 101 Web skills crucial to iSeries programmer professional development How to stay on the System i career path iSociety to draw iSeries users together on the Web COMMON restructures conferences COMMON evaluates curriculum iSeries skills Research RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.