Search Rocket site

Mainframe security lacks qualified professionals. Here’s how job seekers and employers can fill the gap

Ray Overby

May 23, 2023

The number of unfilled cybersecurity jobs worldwide grew 350% between 2013 and 2021 — and this gap is only expected to widen. It’s clear skilled cybersecurity professionals are in high demand. But what about mainframe security professionals?

Unfortunately, mainframe security is often a forgotten role, overshadowed by the cloud. But it’s a mistake for jobseekers to overlook mainframe security because it offers an abundance of opportunities. And for organizations, it’s a mistake to let mainframe teams — and by extension, their security posture — fall to the wayside.

Despite the cloud’s popularity, the mainframe isn’t going away. In fact, mainframes handle 68% of IT workloads worldwide and usage is still growing. With many mainframe developers retiring, now is the perfect time for young professionals to fill this critical gap.

The mainframe isn’t going away but security professionals are phasing out

While some in the IT industry may view the mainframe as legacy technology, the mainframe remains modern and reliable. In fact, nearly three-quarters of IT professionals (74%) see the mainframe as a long-term strategic platform. Yet despite signs that the mainframe is still growing, 71% of organizations say their mainframe teams are understaffed — a curse for businesses, but a blessing for eager IT professionals and job seekers.

The talent gap makes it challenging for organizations to properly secure and protect the vast amount of sensitive data they store on the mainframe. Despite assumptions that the mainframe is inherently secure, without consistent monitoring and security scanning, the mainframe exposes the organization to additional risks and vulnerabilities. So, bolstering security on the mainframe should be a top priority for all organizations that deploy it. But that’s a challenge without the right talent or resources.

Although many mainframe experts are aging out and retiring, young professionals aren’t stepping up to fill these open roles. Why? Mainframe security is a niche skill and it can be difficult to find the right training, often requiring on-the-job experience. This means to enter the field, young professionals often need to seek out additional training.

But it’s important to remember organizations on the mainframe are continually investing and modernizing it, so they will always have open roles to fill. Young developers and technicians would be smart to consider testing the mainframe security waters — because the job is difficult to fill, it makes these roles indispensable. And working on the mainframe exposes young professionals to other areas of IT, opening the door to opportunities down the line.

Advice for aspiring mainframe security professionals (and organizations trying to recruit them)

The mainframe isn’t going anywhere and paired with the ongoing talent gap, there’s never been a better time to join the field. A career in mainframe security exposes young technicians and developers to a variety of skills and areas across the industry. And employers — you can no longer passively wait for the perfect candidate to apply. You also have a role to play in supporting young professionals as they get their feet wet.

So, whether you’re considering a career in mainframe security, or trying to recruit and train a team of mainframe professionals, here’s what you need to know to succeed:

  1. Stay curious and seek out help 

    A career in IT requires constant learning — and mainframe security is no different. You need to ask questions and proactively seek out help. It’s OK to say you don’t know how to do something at first. In fact, seasoned professionals are often happy to share their knowledge. Since many higher education institutions don’t offer specific degrees in mainframe security anymore, expect to learn on the job or seek out additional training.Developing a process and checklist for solving new IT problems is also an important part of becoming a mainframe security expert. For example, your checklist might involve checking manuals or calling a trusted coworker for help. Whatever your process may be, over time you need to refine it as you gain more experience and tackle more situations. Strong problem-solving skills and a constant state of curiosity will propel your career forward in the field.

    For IT leaders: If you notice young professionals expressing an interest or aptitude in mainframe security, take the time to cultivate their expertise. Fostering up-and-coming talent and equipping them with the right resources can help close the talent gap.

  2. Diversify your skill set 

    Knowledge of how the mainframe fits into broader security strategy is critical to succeeding in the field because mainframe security touches everything in the enterprise. To step into a mainframe security role, you need to become an expert in the mainframe and have a strong understanding of other areas as well (e.g., pen testing, vulnerability scanning, natural disaster recovery, etc.).One day you could be dealing with everyday tasks like updating passwords and access management and the next you could be scanning the z/OS code base for vulnerabilities — so you need to be prepared for all possibilities. Soft skills like communication and interpersonal skills are also critical for working with multiple security teams and gaining buy-in from stakeholders in your organization.

    For IT leaders: Encourage your IT and cybersecurity teams to diversify their skill sets. You never know who will develop an interest in mainframe, so it’s important (when possible) to expose employees to as many areas in your technology ecosystem as possible. Set L&D goals for your team to work on during slow periods and consider evaluating them in performance reviews.

  3. Stay open to opportunities 

    As previously mentioned, a career in the mainframe can help you gain additional exposure. Since the mainframe touches many aspects of the organization, it’s a good jumping board to opportunities in areas like audit, risk management or cybersecurity.Those who choose to specialize in mainframe security can expect to enjoy a long and satisfying career since the mainframe has proven itself as a reliable platform. With the current mainframe workforce aging out, rapid advancement is possible for younger professionals — whether it’s on the technical or managerial side. So, take advantage of the opportunities that exist in mainframe security and start to create a vision for your career path.

    For IT leaders: Remain open to hiring mainframe professionals from atypical backgrounds. Considering the shortage of security professionals, it’s unlikely the perfect candidate will fall into your lap. Instead, look for candidates with transferable skills and interests, and invest in growing their expertise over time rather than expecting the perfect fit on Day One.

Organizations need to fill the talent gap to securely remain on the mainframe, and opportunities in mainframe security are abundant. To succeed in the field, you have to stay curious and open to learning and expanding your skill set. But with the right outlook, it’s possible to gain access to a career in mainframe security that opens the door to many other career experiences.

And IT leaders, when you find the right talent, invest in them and ensure your ability to keep your organization’s mainframe running smoothly and securely.