Secure data is loading...
Curso disponible también en Español.
Most of the critical mission businesses based on Mainframe infrastructures believe that in this environment, there are not the applicability of terms like:
- Ransomware
- Hacking
- Denial of Services
- Logic Bombs
- Trojans
- Backdoors
...
We have developed this unique training course to help you to avoid, understand, advise, and Auditing all the Mainframe security aspects.
Course Presentation
Knowledge is Security!
Mainframes support 70% of the critical information in the world.
It does not matter how much money you spend on the rest of the infrastructures that surround it if the heart of the data is at risk.
The most prominent businesses in the world would be affected: banks, retail, security, and army forces, public finance, insurance.
Please attend this short video where we explain what the current security and audit situation in Mainframe infrastructures are.
Knowledge is Security!
Life of millions of people would be affected — and especially to professionals paid to avoid it.
Become a security expert. Remember, this is a Risk-Free chance!
Training disponible también en Español.
During our time together in this Amazing Training, we’ll walk you through eight content-rich sessions designed to help you become a security expert.
We have been training professionals for the past fourteen years. In the beginning, we designed a course to evangelize those responsible for the security of the mainframe (system programmers, auditors, CSOs, CIOs ...). We showed them that the certainty that everyone had about the inviolability of the mainframe was false. The online training was theoretical at that time, and it clearly showed that it was not enough to achieve our goal.
Eight years ago, we developed a practical part for the training with which to demonstrate in workshops what we said theoretically with the application of knowledge extracted from the Internet.
With training minimal in the architecture of the system, we could achieve an escalation of privileges with basic users. This fact allowed us to make a lot of attacks on a mainframe target and its connected environments.
We decided to develop this online training with the aim of reaching as many professionals as possible in the shortest time!
The content of the online Training has been tested by hundreds of professionals dedicated to audit & security within the Mainframe environment with an excellent score. As a sample, we show the comments of our students who attended the Course ONLINE.
After training hundreds of professionals, we are sure that the Course meets the expectations of all the professional profiles that acquired it, as employees of large corporations, or in a personal way.
Today, the Internet has terminated with the dark age of technologies that did not have wide dissemination of knowledge, as was the case with technologies around the mainframe. You can find absolutely everything that is needed to make an atomic bomb on the internet. At the same time, you can find on the Internet everything pieces necessary to steal information, deny service, etc. You only have to focus on the searches and read a few specific manuals.
Two decades ago, the possibility of entering without permission the IT systems of a nuclear power plant, a power plant, a water control center of the largest cities on the planet was incredible. But it has happened.
The thought that a plane would become a deadly weapon or just a van could kill hundreds of people was incredible.
But, today, it is credible because it is happening.
Why do you still think that your mainframe environment is not attackable? Or why do you think that will never happen to you?
We put this example in Youtube for many years.
People told us that it was impossible and that the video had to be fake. Even some came to insult us and threaten us to lie. At that time, we just wanted to evaluate the feeling of the people related to the Mainframe.
We show how a normal userid could take control of the system without the ESM can detect it. It is a real example. A lot of people reviewed the JCL that we executed, and they cannot understand where was the key to do it. And it was in front of their faces.
Watch it to believe it!
Knowledge is Security!
Please read the English subtitles on the right side of the video screen.
The most economical way in times and money to acquire the necessary knowledge by Managers, Auditors, Security Technicians, System Programmers ...
It is the only Online Course in the world dedicated to teaching Auditing, security, and hacking z/OS systems in Spanish and English.
This Course comprises eight ONLINE training sections with a massive amount of additional content.
Acquiring the Course will additionally get these impressive materials:
Establishment of the course objectives and general vision of the z/OS environment. What makes this system so different in many ways: Solid, fast, supposedly safe and expensive.
To adequately follow the lessons that are aimed at hacking, denial of service and Trojans, you must have basic training on the architecture of the z/OS system and how to manage it. They are reviewed and taught:
External Security Manager software controls the z/OS system and its subsystems. In this case, we will study the concepts and essential and the way of acting that provides the manufacturer called RACF. What we do with it in the face of hacking techniques perfectly suits the others that exist in the mainframe environment: TOP Secret and ACF2.
The only thing that interests us about the External Security Manager is how we can crake the user's password and how to pass at his side and not through him.
The objective of this section is to understand how to create a test laboratory with zero cost, from where you can try the techniques that you will learn below.
In this section, you will acquire the necessary knowledge to manage and adapt the laboratory to the environments in which we are interested in doing the practices. We will also perform the first footprinting techniques to study the environment and evaluate what would be the most appropriate techniques to achieve our goals.
The time has come! We are going to put ourselves in the shoes of a hacker. And with the information acquired in the previous section, we will take control of the system, infect all its libraries, introduce Trojans and teach a denial of service level.
This section is oriented to the Auditors. With the knowledge acquired during the training, one of the best audit checklists in the mainframe world should be handled. It is exciting both for those who will ask the questions and for those who should give the answers. We will discuss in addition the different controls and normative regulations affecting the mainframe environment.
It is time to summarize what has been learned in the Training. And to propose solutions to prevent these techniques from being successful in our environments.
El curso está disponible también en Español.
AGR is currently the CTO of Bsecure - The Mainframe & Security Company and leader of the security, hacking, and auditing group in z/OS environments. Professional of recognized prestige. In his more than 30 years of experience, he has carried out multiple works related to the audit and security management strategy in the mainframe environment (currently z/OS). In his beginnings, he worked as Technical Director of Spain, Iberia, and EMEA (South of Europe) in companies such as Software AG, Goal Systems, Legent. In 2002 he founded Bsecure to respond to the lack of sensitivity on the need to impose security methodologies, which could stop the progress of the hacking world towards these environments based on the mainframe infrastructure.
In 2008 he created the first audit and hacking course in z/OS systems in the Spanish language. With it, he has trained dozens of security professionals from the largest companies in the Spanish and Latin world. At this moment, he directs a group of specialized security professionals in the mainframe infrastructures providing regulatory compliance, audit, and hacking services, strategies for the implementation of security systems, and intrusion tests in mainframe infrastructures. In 2016, he transformed the face-to-face course of auditing and hacking into an online course in the Spanish language. He is the principal teacher, and the version of the course in English is currently launching.
Linkedin Profile: https://www.linkedin.com/in/angelgomezruiz
Bsecure : https://www.go2bsecure.com
If this Course is new, How do I know if it worth it?
The Course is based on a previous course in Spanish that was entirely face-to-face. It was taught once per year to more than 40 large clients and service companies, which added more than 280 professionals for eight years. It was taught in Spain and several countries in Latin America.
The qualifications of our students, with all types of profiles, was between very good and excellent. Even so, we start from the comments made in the evaluations to add many improvements to this ONLINE Course.
The ONLINE Course was tested during the past years 2017 and 2018, and the grades were tremendously positive, as can be seen in the comments of students.
Are there more Courses like this?
No, as far as we know, some courses teach the management of z/OS systems. Some other that focuses on how to work with the system, but none as ambitious as this one oriented to knowledge the system environment, security, hacking, and systems audit.
There are five companies in the world with total dedication to security in the mainframe environment. Bsecure is one of them and is the mainframe security provider that decided many years ago to evangelize CIOs and other levels of managers, of the large companies that use these environments.
This Course is unique in both Spanish and English.
Could I acquire the knowledge of this Course without buying it?
Everything can be learned. But the big difference is that the knowledge integrated into this Course is equivalent to dozens of years of experience.
Why, if the Course has all these features and is so positive, is the pricing so low?
In Bsecure, we decided to evangelize about the need to eliminate the idea that mainframes are safe for more than ten years. Unfortunately, we continue to see that in other environments, all kinds of actions are taken to avoid intrusions and DOS attacks. And not in Mainframe. So it is still necessary to acquire the basic knowledge by managers, auditors, security technicians, system programmers, and other professionals.
The best way to realize this evangelization is precisely that knowledge is very, very affordable.This Course should have a cost of more than 100,000 dollars, taking into consideration the exceptionality and breadth of expertise inside it..
We have done a Course that should be mandatory for any professional that has a relationship with the security and maintenance of mainframe environments. And for this, the pricing must be even affordable to any professional even in a personal way..
Is it ethical to explain techniques as dangerous as those that appear in the Course?
This topic has been discussed for a long time in forums and social networks. First, for the ethical part and secondly because teaching these techniques to mainframe customers could mean that other service companies with normal knowledge of mainframe security could to lose value. From an ethical point of view, the limit that we set ourselves when we started was to show only those knowledge that you can find on the Internet. And we have been cautious not to teach beyond that limit..
Unfortunately, this limit is sufficient to perform the actions described in the Course.
Is it a theoretical or practical Course?
This one is a difference with other Courses. We have tried to teach minimal theory to understand why and how of the techniques that we show. And no more!
It provides references and sufficient additional material to complement the depth of knowledge that the student wishes. We teach in the videos, the necessary knowledge required to understand and repeat the techniques showed
What are the differences between the face-to-face course in person and this Course ONLINE?
We hold The face-to-face course for five hours for five days in the morning. We saw that the accumulation of knowledge was vast in a short time. It was complicated to retain all the teacher's explanations at that time.
The ONLINE course has two main positive differences:
You will always have the option of raising doubts and questions to Bsecure technicians related to company training via chat or email.
How is the course structured?
It composed of sections:
I am a professional with knowledge of LINUX and Windows, could I take the Course and take advantage of it?
Indeed, any professional with experience in other operating systems can make analogies that help him to understand the operation of the z/OS system and the security issues around it.It is impossible to acquire all the necessary knowledge in less time and economic effort than in our offering..
I am an auditor without in-depth knowledge in operating systems, could I do the course and take advantage of it?
One of the main rules of the audit of IT environments is the need to understand the environment. You can not do technology auditing without understanding the technology. The problem with z / OS systems is that each aspect of the system and its subsystems are associated with dozens of manuals. Therefore, the question arises: What is the minimum that I have to know to get to audit such a complex system properly? The answer is in this Course.The course design provides the facility us that professionals with experience in other environments could acquire enough understanding of the environment z/OS. And allow to them to perform audits with a good knowing what they need request and what they must evaluate in the data that they give them..
I am a CIO of a large company in which the Mainframe is critical in our IT Infrastructure. Why should I take the Course?
In the case of Managers who have mainframe infrastructures among their levels of responsibility, they should understand at least the strengths and weaknesses of the systems. We find too often Managers convinced that, from a security point of view, a mainframe is impregnable, and only carrying out a security administration is sufficient.
The design of this course will show them what the reality in the security of mainframe environments is. z/OS is an environment with strengths and weaknesses like any other IT infrastructure. You need to know, especially the weaknesses, to understand how to force everybody not to trespass your security lines.
It is not the first time that a CIO whose experience has been exclusively in open systems takes the course. But above all, it should serve to convince you that this course should be mandatory for all professionals teams who have some relationship with security in the environment of the mainframe infrastructure (Read and Blue Team, IT Auditors, CSO, System Programmers).this Course should be mandatory for all professionals who have some kind of relationship with security in the mainframe infrastructure.
I am an expert in security, specialized in penetration techniques in Open Systems (pentester). Why should I take the Course?
Pentesters are more appreciated and valued the more environments they can manage. Nowadays, the internal networks of companies have mainframes connected, and sometimes they are even exposed to external networks too. Some times, for example, our customers send us a data dump to inform a problem with one of our software products. And we discovered that it comes to us by FTP directly from the mainframe. This fact shows a connection between the mainframe and our FTP server on the Internet.
With the right completion of this course, you will get the certificate of achievement. This certificate will increase the value of any professional in the industry of IT security.
I am an experienced Systems Programmer responsible for Mainframe infrastructures in a large company. In what aspects can I expect that the course helps me?
It will be beneficial to you. When we created the face-to-face course a few years ago, we were curious about the usefulness it could have for this type of profile.
This kind of profile has repeated this comment several times after complete the course:"With the day to day work, I have not ever a time to put me in the place of bad guys and focus on these critical security issues. This course has allowed me focusing on this type of problem and think about how to develop different actions to avoid this type of attack"..
The DIRECTIVE 2011/83 / EU OF THE EUROPEAN PARLIAMENT allows you to return the purchase made by online methods within 14 days of receipt.
Penetration Toolkit Library
Password Discovering Toolkit
Regular price: 3000$/3000€
Taxes not included (where applicable)
También disponible en Español.
If you are a TI university student or you have some official security certification (CISSP, CISA, ISO 27001, OSCP...), you can acquire the course with your personal data (not your company data) with an additional 50% discount, contact us at hablamos@go2bsecure.com