I have been asked several times recently "How did you learn so much about security on the System i?" In this tip,...
I will let you know how I got to this point and, perhaps, it will help you on your journey as well.
All-around computer systems experience
First, you have to remember that I have been working on computer systems since my first job as a data control clerk in 1965. During that time, I've moved through just about every aspect of the computing field from data entry clerk, system operator, programmer, systems analyst, project manager, department manager, independent contractor and software developer.
First and foremost, I have found that reading is crucial to staying current on what's going on in the field. This is truer today than it has ever been since things are changing faster now than at any time that I can recall.
I recommend a holistic approach to text selection that includes general computing topics, System i-specific topics and security topics. In today's world, this means reading magazines, Internet publications and technical manuals.
There are several magazines that are still in print for the System i world, although it is hard to know how much longer that will last. Almost all of their content, however, is available on-line at websites maintained by the publishers. Some of these charge a fee for access, but the charges are not prohibitive and the content is generally well worth the price of admission. These publications tend to focus on "what's new" topics, but their archives are a good source of general information that you will find most helpful.
For security topics on your System i, there is nothing better than going to the source .... the security manuals that come with your system. These are available on a CD that came with your system and on-line from the IBM i5/OS Information Center. The current manuals for all supported versions of the operating system are there along with an extensive library on security topics. You can't find better details than looking at these documents from IBM as they tell you exactly how the designers intend for security to be implemented on your system.
Reading the manuals can be tedious, but they're really not that bad. When I'm writing a tip for publication, I often find myself mired in them to get the exact details of how something works according to IBM.
System i discussion forums
Another good way to stay current on what's going on in the System i security field is to participate in an on-line discussions forum, such as David Gibb's midrange.com. You can sign up for quite a few different forums and then just sit back and monitor the traffic via email. The participating group is great at answering questions and you can read about what others are doing. I'm amazed at how much I pick up just by monitoring the email traffic.
So, the first step in improving your understanding of security is reading content from different sources. But reading takes time. I have the luxury these days of being able to set my own schedule and I make time for reading as a priority. You will need to dedicate time during your busy week for this activity. Failure to do so could leave you out of date.
If you have any questions about this topic you can reach me at firstname.lastname@example.org. All email messages will be answered as quickly as possible.
ABOUT THE AUTHOR: Rich Loeber is president of Kisco Information Systems Inc. in Saranac Lake, N.Y. The company is a provider of various security products for the iSeries market.