COMMON POWERUp 2024

Attending this event?

COMMON POWERUp 2024

THE BEST IBM i & POWER SYSTEMS EDUCATION.When you come to POWERUp, you’ll be able to customize your experience. Choose from 300 sessions, covering over 20 areas of IT, when you plan your schedule. Visit the largest Expo of its kind and meet the experts behind the solutions. Attend social events to meet renowned speakers and peers alike. This conference is structured to give you the pure education and professional connections needed to best enhance your career. Are you ready to POWERUp?

Exhibitor Hall: https://www.expocad.com/host/fx/common/s24/exfx.html

Exhibitor Hall Map Here

10:15am CDT

123: IBM i Security from the Ground Up

Come to this session to learn the basics of IBM i Security. During this session Carol will cover the three building blocks of IBM i Security - Security-relevant System Values, User Profile Configuration and Object Security. Carol will also describe how (the order) the system checks security as well as program adoption. This session builds the foundation for other topics discussed during the rest of the conference. Emphasis will be placed on using modern interfaces (Navigator for i, IBM i Services, etc)

Learning Objectives:

Understand the functions provided by security-relevant system values
Know which attributes of the user profile contribute to the capabilities of the user and understand the best practices settings for these attributes
Understand the options available for setting authority on objects (files, programs, etc)
Know the order in which IBM i checks authority when a user accesses an object
See how you can create and manage user profiles, system values and permissions in New Navigator

Speakers

Carol Woodbury

IBM i Security SME and Senior Advisor, Kisco Systems

With over 30 years' experience in the area of IT security, Carol is known world-wide as an expert in the area of computer security. During her career, Carol has architected security solutions for Fortune 100 companies as well as small and medium-sized organizations. Carol is passionate... Read More →

IBM i Security From the Ground Up PowerUP 2024 pdf

Monday May 20, 2024 10:15am - 12:30pm CDT
Meeting Room 101 1508 Houston St, Fort Worth, TX 76102

Session Level Beginner
Audience Any user that has little or no knowledge of IBM i Security or someone that needs a refresher of the details of IBM i security will benefit from this session.

2:45pm CDT

183: Anatomy of a Password

Have you thought about the passwords you use on your systems? What rules or restrictions do you have in place? But more importantly, why?! Have you ever thought about what those rules actually do to your passwords? Do you think they are making you more secure or less secure? In this presentation, we will cover passwords in depth, in theory, and specific to IBM i. Can your IBM i password be hacked? Come and find out at this inquisitive session!

Learning Objectives:
1. Set modern password policy
2. Understand password protection tools

Speakers

Robert Andrews

Principal Security Consultant, IBM

Robert Andrews is a Principal Security Consultant, Senior Technical Staff Member (STSM), and the Team Lead for the IBM i Security and Authentication Technology Expert Labs team in Rochester, MN. He is an IBM certified Thought Leader and The Open Group certified Distinguished Technical... Read More →

Anatomy of a Password pdf

Monday May 20, 2024 2:45pm - 3:45pm CDT
Meeting Room 101 1508 Houston St, Fort Worth, TX 76102

Session Level Intermediate
Award BRONZE
Audience IBM i Admins or Security team members

2:45pm CDT

379: Foundations of IBM i Security Defense

The most important step in crafting any successful IBM i security strategy is identifying the practices and tools that will serve as the foundation for your security efforts – because until you do – all other security measures can be easily undermined.

Fortunately, this first step is simple. At the core of every successful IBM i security strategy is the exact same set of fundamentals – no matter what size your organization is or what industry you’re a part of.

Learning Objectives:
1. The importance of building your IBM i security foundation
2. What this foundation consists of
3. How to prioritize the layers of defense you implement

Speakers

Sandi Moore

Sr. Solutions Engineer, Fortra LLC

Sandi has been working with Fortra customers for over 20 years supporting systems monitoring and security software. With experience on IBM i, AIX, and Linux, she has been involved in product demonstrations, implementation, support, training, research, and product testing. Sandi is... Read More →

POWERUp 2024 Session 379 Foundations of IBM i Security Defense pdf

Monday May 20, 2024 2:45pm - 3:45pm CDT
Meeting Room 203B 1508 Houston St, Fort Worth, TX 76102

Session Level All
Audience Anyone tasked with addressing security on the IBM i will benefit from this session.

4:00pm CDT

274: Di WHY? Do it yourself IBM i security assessment

For all IBM i do-it-yourselfers and tinkers, we'll temporarily set aside the question of "should I really be spending my time on this?" to show you how to run to your own security assessment. You'll leave with a checklist and some sample queries to get you started on your very own IBM i security audit.

Learning Objectives:
1. Provide a checklist of IBM i security audit tasks
2. Run sample queries to generate audit data
3. Evaluate audit data to assess security risk

Speakers

Justin Loeber

IBM i Security, Kisco Systems

Justin Loeber is the owner and CEO of Kisco Systems, a developer of IBM i security and compliance software. Kisco's mission is to secure every IBM i by helping educate the IBM i community about security, continuously improving its products and delivering the best value in the market... Read More →

Monday May 20, 2024 4:00pm - 5:00pm CDT
Meeting Room 101 1508 Houston St, Fort Worth, TX 76102

Session Level Intermediate
Audience Anyone with responsibility or accountability for IT security, data integrity, compliance or business continuity.

5:15pm CDT

335: Shortcuts to Using the IBM i Audit Journal

Learn some new ways to make use of the integrated IBM i audit journal.

In this session you will discover how much information about how your system is being used beyond looking at QHST. Discover what files are being access by which users, how commands are being executed, or just how many invalid signons happened last week.

Learning Objectives:
1. The top 5 must have values for you system security logging.
2. How to discover the most frequent journal entry taking up space in your receivers
3. How you can use Run SQL Scripts in ACS (Access Client Solutions) to quickly access the audit journal information.

Speakers

Amy Williams

Sr Security Services Consultant, Fortra LLC

Amy Williams is a Senior Security Services Consultant who joined Fortra in 2015. She holds CISSP, CISA, and PCI-P certifications.Amy has worked on the IBM i platform for nearly 30 years and her experience includes application testing, system installation, system administration, and... Read More →

Shortcuts to Using the IBM i Audit Journal pdf

Monday May 20, 2024 5:15pm - 5:35pm CDT
Meeting Room 203C 1508 Houston St, Fort Worth, TX 76102

Session Level Intermediate
Audience System administrators familiar with the IBM i Audit journal and need to improve ways of getting to the information

5:15pm CDT

420: IBM i Security: A Dual Responsibility

Everyone wants their IBM i platform to be secure … But is this IBM’s responsibility or the organization’s running IBM i? The answer is ‘Yes’. In other words, there are responsibilities on both sides of this security equation. During this session IBM i CTO and Chief Architect Steve Will discusses IBM’s secure coding philosophy as well as the steps taken during the development process that address security – including how IBM responds to newly identified security vulnerabilities. Then, Carol Woodbury, co-founder and President of DXR Security, discusses an organization’s responsibilities – including addressing emerging security threats.

Speakers

Steve Will

IBM i CTO & Chief Architect, IBM

Steve is the CTO and Chief Architect for the IBM i Operating System. Spending the past fourteen years of his IBM career in this position, he has become an award-winning speaker, author of the influential blog "You and i," (https://bit.ly/You-and-i-blog) and is one of the most sought-after voices at customer briefings and events. Steve has worked on IBM i and its predecessors since before the creation of the AS/400, and is currently responsible for setting the strategy of the IBM i operating system, as well as deciding which enhancements will be implemented. In his role, he talks to clients and pa... Read More →

Carol Woodbury

IBM i Security SME and Senior Advisor, Kisco Systems

With over 30 years' experience in the area of IT security, Carol is known world-wide as an expert in the area of computer security. During her career, Carol has architected security solutions for Fortune 100 companies as well as small and medium-sized organizations. Carol is passionate... Read More →

IBM i Security A Dual Responsiblity pdf

Monday May 20, 2024 5:15pm - 6:15pm CDT
Meeting Room 102 1508 Houston St, Fort Worth, TX 76102

Session Level All

8:00am CDT

150: IBM i Security: What’s New for IBM i 7.4 and 7.5

Security improvements continue to be high priority to help mitigate vulnerabilities. Come see the various security related features included with IBM i that you can use to help improve the health of your environment.

Learning Objectives:
Discuss new enhancements in IBM i 7.4 and 7.5 related to improved security by default, system values, password levels, TLS 1.3, Authority Collection, Digital Certificate Manager, SST Profiles, and more.

Speakers

Robert Andrews

Principal Security Consultant, IBM

Robert Andrews is a Principal Security Consultant, Senior Technical Staff Member (STSM), and the Team Lead for the IBM i Security and Authentication Technology Expert Labs team in Rochester, MN. He is an IBM certified Thought Leader and The Open Group certified Distinguished Technical... Read More →

WhatsNewIBMiSecurity7475 pdf

Tuesday May 21, 2024 8:00am - 9:00am CDT
Room 202 C-D 1508 Houston St, Fort Worth, TX 76102

Session Level Beginner
Award GOLD
Audience System and security administrators

9:15am CDT

337: Breaches, Ransomware and Recovery, Oh My!

Your organization has been breached. Ransomware has run rampant throughout your organization. Have you planned for this eventuality? Does your incident response plan include IBM i? During this session will discuss the steps you’ll want to take now to reduce risk to IBM i and to ensure that you can recover should your system be affected. Real-life incidents and scenarios will be discussed so that you can learn from others’ mistakes.

Learning Objectives:
1 Understand the steps you can take to secure your system to reduce the risk of data loss or being infected with ransomware
2. Learn about the backup technologies that will support both disaster recovery as well as recovery from ransomware

Speakers

Richard Dolewski

VP, Enterprise Solutions, Connectria

Richard is a recognized SME and award-winning industry speaker specializing in, Cloud Computing Architecture, Business Resiliency, Disaster Recovery Planning and Backup & Recovery Program Design. He leads organizations through the new era of technology, achieving the desired, successful... Read More →

Carol Woodbury

IBM i Security SME and Senior Advisor, Kisco Systems

With over 30 years' experience in the area of IT security, Carol is known world-wide as an expert in the area of computer security. During her career, Carol has architected security solutions for Fortune 100 companies as well as small and medium-sized organizations. Carol is passionate... Read More →

337 Breaches Ransomware Recovery Oh My PowerUp Dallas Final pdf

Tuesday May 21, 2024 9:15am - 10:15am CDT
Room 202 A-B 1508 Houston St, Fort Worth, TX 76102

Session Level Intermediate

10:30am CDT

324: Best Practices for the IBM i Security Administrator

As an IBM i System Administrator, you know you need to be checking IBM i Security settings but aren’t sure which ones or how often. This session solves that mystery. During this session Carol will provide you with a checklist of the areas of the operating system that you’ll want to be checking on a regular basis as well as explain why it’s important to do these checks. She will also discuss the risks of not maintaining these settings. Sample SQL will be provided for you to use in your workplace!

Learning Objectives:

Speakers

Carol Woodbury

IBM i Security SME and Senior Advisor, Kisco Systems

With over 30 years' experience in the area of IT security, Carol is known world-wide as an expert in the area of computer security. During her career, Carol has architected security solutions for Fortune 100 companies as well as small and medium-sized organizations. Carol is passionate... Read More →

Best Practices for the IBM i Security Administrator 2024 zip

Tuesday May 21, 2024 10:30am - 11:30am CDT
Room 202 A-B 1508 Houston St, Fort Worth, TX 76102

2:45pm CDT

300: Audit Journaling with Navigator for i

Understand how Navigator for i can make ease the use of audit journaling on the IBM i. Learn how Navigator simplifies configuring auditing to just a few button clicks. See how Navigator can make consuming and analyzing audit entries easier. Learn about what is planned to improve the performance of analyzing audit entries.

Learning Objectives:
1. Understand how to configure an IBM i for auditing
2. Understand how to analyze the generated audit entries
3. Learn how to maximize the performance of analyzing audit entries

Speakers

Ann Wilkerson

Software Developer, IBM

Ann Wilkerson is the technical team lead for Navigator for i and a developer for IBM i Services.

Audit Journaling with Navigator for i pdf

Tuesday May 21, 2024 2:45pm - 3:45pm CDT
Meeting Room 102 1508 Houston St, Fort Worth, TX 76102

Session Level Beginner
Audience System administrators responsible for configuring auditing and for reporting on audit entry data

2:45pm CDT

307: Zero Trust Security for IBM i

While Zero Trust is still one of the strongest trends driving the cyber security industry, there remains much buzzword confusion around the topic. No one product or solution can get an enterprise to Zero Trust. It is a security methodology, not a product.

Learning Objectives:
• A basic introduction to Zero Trust for the larger enterprise
• The unique opportunities within the IBM i for implementing the Zero Trust framework
• How to integrate your IBM i strategy with your organization’s larger Zero Trust initiative.
• Best Practices for implementing Zero Trust on the IBM i

Speakers

Gavriel Meir-Levi

Tuesday May 21, 2024 2:45pm - 3:45pm CDT
Meeting Room 103A 1508 Houston St, Fort Worth, TX 76102

Session Level All
Audience Administrators responsible for IBM i security

4:00pm CDT

201: IBM i Security Cocktail, with an SQL chaser

In round 2 of this award-winning session, be prepared to hear Scott Forstie and Carol Woodbury shake up the world of IBM i Security once again, mixing up new SQL concoctions to bedazzle the otherwise boring world of IBM i Security. This menu includes examples of using SQL to find vulnerabilities in your code (aka penetration testing) as well as new (but practical!) ways to use SQL services. Even the most ardent security skeptic will be surprised at how just a sip of SQL can freshen up old IBM i Security processes. Before you know it, you’ll be sipping on the delightful features of SQL and rushing to pour out your current processes that have reached their ‘consume by’ date. A note of caution, however. You may leave a bit shaken (but not stirred) once again!

Learning Objectives:
1. Foundational knowledge of IBM i security
2. Why and how SQL is useful to the Security Officer and beyond
3. Have an idea of where to start and how

Speakers

Scott Forstie

Db2 for i Architect, IBM

Scott Forstie is a Senior Technical Staff Member within IBM i development and spends most of his time working as the Db2 for i Architect. He has worked on IBM operating system development since joining IBM in 1989.Scott is a frequently published author, speaker at industry events... Read More →

Carol Woodbury

IBM i Security SME and Senior Advisor, Kisco Systems

With over 30 years' experience in the area of IT security, Carol is known world-wide as an expert in the area of computer security. During her career, Carol has architected security solutions for Fortune 100 companies as well as small and medium-sized organizations. Carol is passionate... Read More →

IBM i Security Cocktail with an SQL Chaser Round 2 PowerUp 2024 zip

Tuesday May 21, 2024 4:00pm - 5:00pm CDT
Meeting Room 102 1508 Houston St, Fort Worth, TX 76102

Session Level Intermediate
Award BRONZE
Digital Badge SQL
Audience Anyone tasked with understanding, improving, or auditing security on IBM i.

5:15pm CDT

283: Leveraging Text to Group Objects for Security (20min)

Three object types provide a critical information needed to manage your security project:

User profiles, Libraries, and IFS root-level directories. These “high-level” objects need to be assigned groups for simplified maintenance and security management.

Learning Objectives:
We will review how to simplify your security project by grouping critical object-sets; leveraging a little bit of code; and trusty PDM.
Bonus: O/S upgrade customization management.

Speakers

Tim Hawkins

System Admin, Tanimura & Antle

I've got one year to go before I retire.... The boss said to "give back", and since that matched my plans anyways; here we go. I present 4 classes on IBM i Security, showing all of the gory details. Some can be leveraged for just system administration, and some elements work... Read More →

Job Schedule Entries sql

Job Schedule Entries xlsx

Sample PDM subsets docx

Leveraging Text to Group Objects for Security pdf

Tuesday May 21, 2024 5:15pm - 5:35pm CDT
Meeting Room 201B 1508 Houston St, Fort Worth, TX 76102

Session Level All
Audience IBM i System Administrators who will be attending the “Using SQL to drive IBM i Security scans” session.

5:50pm CDT

284: Object-level Authorities by Application, with Automation

The ownership and authority privileges for all objects on the system are gathered and summarized for review; SQL code is set to identify when objects in the application don’t follow preset authorities; and code to automate the maintenance of ownership and authorities in a fast-paced development environment. Ownership and public authorities are critical elements of a secure environment.

Learning Objectives:
We will review sample application authorities, and the code that drives the creation of an application_authorities table. We review a few of the methods to categorize libraries for ownership and authority maintenance. Finally, a second SQL set of stored procedures are presented to maintain authorities on a schedule basis.

Speakers

Tim Hawkins

System Admin, Tanimura & Antle

I've got one year to go before I retire.... The boss said to "give back", and since that matched my plans anyways; here we go. I present 4 classes on IBM i Security, showing all of the gory details. Some can be leveraged for just system administration, and some elements work... Read More →

Set application authorities sql

Object level Authorities by Application, with Automation pdf

Tuesday May 21, 2024 5:50pm - 6:10pm CDT
Meeting Room 101 1508 Houston St, Fort Worth, TX 76102

Session Level All
Audience System Administrators who will be attending the “Using SQL to drive IBM i Security scans” session; or who need to know about application authorities in-use on their system.

8:00am CDT

149: Discovering your IBM i Data – For Security Administrators Issues

There’s plenty information on IBM i that is so valuable for the daily tasks. Many commands, APIs, and SQL functions, let you gather information from your IBM i. You can exploit it online, or build your own database tables with it.

I like to dig into this info. There is always something new to discover. Particularly related to security administration activities: analyzing user profiles, object ownership and authorities, authority lists, program adoptions, exit programs implemented, exploiting audit journal entries, analyzing Db2 activities, and the list goes on and on. All this information is as valuable to IT System Managers, as it is enterprise information to Business executives. You need to understand, evaluate, and take advantage of this knowledge.

In this session we will review the different types of system information you can find on IBM i, that are important for Security Administrators. We’ll also analyze different case studies of how to interpret and prepare the info for future exploitation.

Learning Objectives:
Identify different kinds of Information available in your IBM i
Analyze different ways of obtaining and/or finding this information in your systems.
Prepare information for better use with modern tools.

Speakers

Cecilia Howlin

Owner, PYRAMIS S.R.L.

Cecilia Howlin has been working on this platform from the very beginning. On her first job at IBM Argentina, she learned S/38. And never left the platform, since she thinks it never appeared other operating system as good as this one.She usually worked on technical issues, like installing... Read More →

Wednesday May 22, 2024 8:00am - 9:00am CDT
Meeting Room 201A 1508 Houston St, Fort Worth, TX 76102

Session Level Intermediate
Audience Security Administrators and Security Auditors who need to find and exploit System Information related to Security

9:15am CDT

189: How to set up your IBM I system and applications with a layered security defense using MFA

While the IBM i is more securable than distributed systems, it is still vulnerable to potential security risks. This is especially true as you modernize the applications through API creation to engage the data and applications that live on the system. In this session, we’ll discuss how you can build out a layered defense against security threats, including integrating IBM i with your existing enterprise SSO architecture.

Learning Objectives:
*Why IBM i specific security is critical and how to convince the business it should be part of the security policy
*How to set up MFA for IBM i using MFA
*How to integrate MFA into your applications like terminal emulation, and your SSO infrastructure

Speakers

Tim Hill

Distinguished Engineer, Rocket Software

Tim Hill is a Distinguished Engineer and VP of Engineering at Rocket Software. He’s responsible for security, cloud, and AI/ML products on Power and Z. Technology areas of personal focus include model-based reasoning, deep learning, complex event correlation, network management... Read More →

Hrithik Govardhan

Software Lead, Rocket Software

Long time Rocketeer working in the Security/MFA/Cloud spaces on Power and Z.

PMFA Powerup2024 pdf

Wednesday May 22, 2024 9:15am - 10:15am CDT
Meeting Room 203B 1508 Houston St, Fort Worth, TX 76102

Session Level All
Audience Those who want to ensure data and applications on the IBM i are secure by layering on MFA.

9:15am CDT

375: 30 Information and Cyber Security Tips in 60 Minutes

Security is a big topic but it doesn’t have to be overwhelming. Just like weight lifting, where you can start with smaller weights and work your way up, so to in cyber security you can reduce your risk by doing some basic things as you work toward bigger goals. Examining the most common causes of security failures and a few simple countermeasures can help you take some action now.

Learning Objectives:
You know security is important, you do what you can to keep your IBM I and ERP secure, but is there anything more you could and should be doing? Get your checklist out and start checking the boxes of Robert’s 30 Security Tips in 60 Minutes. From no-brainers like MFA and limited ALLOBJ Authority to more detailed considerations like antivirus software and various security tools, this presentation will tell you what you should be doing, a little about how to do it, and a lot about what you may not be thinking of.

Speakers

Robert Nettgen

Senior Consultant, Briteskies

Robert Nettgen wanted a career in radio broadcasting, but saw that profession declining and found better pay working in IT. A PC developer in the ‘80’s, Rob started administering AS/400s in the early ‘90s for a Radio/TV group owner. In 1999 Rob accepted a job as IT director... Read More →

30 Security Tips in 60 minutes pdf

Wednesday May 22, 2024 9:15am - 10:15am CDT
Meeting Room 101 1508 Houston St, Fort Worth, TX 76102

Session Level All
Audience CISOs, System admins, Managers and Directors of IT departments, and anyone else responsible for information security.

10:30am CDT

216: Test Data Management : Are You Compliant?

When it comes to testing, training, or even disaster testing, often real data is used. This may be the entire set of tables of production or a subset, but it's real data. Real private personal information. With the European GDPR or the CCPA out of California, protecting this data is now more than keeping a hacker away. It's about protecting the bottom line and away from fines. This is where you need to use anonymization to mask your data so that it's usable and masked.

Learning Objectives:
1) Are you compliant with PII policies?
2) Is your data exposed in non-production environments.
3) Do you know the difference in anonymization and pseudoanonymization.
4) Data Extraction
5) Using temporary environments

Speakers

Alan Ashley

Presales Consultant for DevOps for IBMi, Arcad Software

When it comes to describing someone, even yourself, it can be difficult. This time it's easy. I grew up on the AS400, through iSeries, and into the IBM i world. Started on a model B50 (I know it was a B model) where the disk drive needed two persons to replace and now in the DevSecOps... Read More →

Wednesday May 22, 2024 10:30am - 11:30am CDT
Meeting Room 103A 1508 Houston St, Fort Worth, TX 76102

Session Level Intermediate
Audience If you are an application owner, security admin, or an auditor, then understanding the possible expose in non-production environments is key. This session will cover those questions and answers to protect those environments.

10:30am CDT

389: Fortify and Conquer: Secure Coding Strategies for IBM i Developers

Embark on an exploration of IBM i security challenges as we navigate the dangerous landscape of common vulnerabilities on IBM i. Don't miss the chance to fortify your coding skills and conquer the challenges of secure IBM i development!

In this session tailored for ILE developers (including RPG and CL developers), we'll dissect real-world examples of security pitfalls in our sample software, exploring issues like object authority, adopted authority, and library list vulnerabilities. Discover actionable solutions that empower you to reinforce your IBM i code so it is ready to face threats lurking in the wild.

Learning Objectives:
1. Learn from correcting real-world examples of vulnerabilities in a set of sample applications.
2. Understand the basics of creating more secure software on IBM i.

Speakers

Brian Nordland

Director of Development, Fortra

In addition to his role as Director of Development for Power Development at Fortra, Brian Nordland serves as the technical product manager for PowerHA and Robot HA. Brian has spoken at events, webinars, and user groups—including COMMON—since 2014. He is a co-inventor on multiple... Read More →

Wednesday May 22, 2024 10:30am - 11:30am CDT
Meeting Room 203B 1508 Houston St, Fort Worth, TX 76102

Session Level Intermediate
Audience IBM i software developers

1:30pm CDT

308: Best Practices for Preventing and Recovering from Ransomware

You need to implement a ransomware preventions strategy to protect your IBM i. However, what happens if you do get compromised? What if you could restore back to a point before the ransomware attack occurred?

Come learn about how by the combination of external storage, Flash Copy and logical replication can be used to rewind a large database to a point back in time.

Learning Objectives:
* Understanding Ransomware prevention strategies
* Preventing most common ransomware vulnerabilities
* How to get back to a point before the ransomware attack

Speakers

Barry Kirksey

Principal Sales Engineer, Precisely

Bill Peedle

Principal Sales Engineer, Precisely

Gavriel Meir-Levi

Wednesday May 22, 2024 1:30pm - 2:30pm CDT
Meeting Room 203B 1508 Houston St, Fort Worth, TX 76102

Session Level All
Audience IBM i administrators and security professionals

2:45pm CDT

423: A Practical Guide to IBM i Authority Collection

This session explores practical applications for Authority Collection, including standard and creative use cases. Authority Collection can be used to reduce the security exposure of privileged user profiles and to lock down objects/libraries/IFS. We will cover these in detail, along with some “outside the box” ways of using this technology to answer questions and solve problems.

Learning Objectives: Learn how to:
1. Enable the different types of Authority Collection
2. Analyze data from the Authority Collection repository
3. Turn the data into actionable information
4. Discover creative ways to harness the power of Authority Collection

Speakers

Steve Riedmueller

Certified IBM i Admin - Speaker, Mentor, and Advocate, John Wiley & Sons, Inc.

I am a COMMON Certified IBM i Administrator with over 20 years experience on IBM i, as well as a COMMON speaker, N2i mentor, and IBM i advocate.I've been working on the platform since 2001 as a system admin/engineer. I have experience with OS upgrades and patching, system security... Read More →

PU24 Authority Collection Scripts sql

PU24 Authority Collection pdf

Wednesday May 22, 2024 2:45pm - 3:45pm CDT
Meeting Room 201A 1508 Houston St, Fort Worth, TX 76102

Session Level All

4:00pm CDT

332: The Expert’s Guide to Power Systems Cloud Security

Many IBM i organizations are considering a move to the cloud or have already done so, but what does this mean for cybersecurity? Unfortunately, migrating your IBM i workload to the cloud will not eliminate cybersecurity concerns. No matter where your data resides, staying ahead of emerging threats requires a well-planned strategy and the cloud presents unique challenges.

This session will give you valuable insight from IT experts who’ve seen it all—Tom Horan, Vice President of mPower at Meridian IT, and Tom Huntington, Executive Vice President of Technical Solutions at Fortra.

Learning Objectives:
1) The division of security responsibility between customer and cloud provider
2) Cybersecurity best practices specifically for Power systems in the cloud
3) How to best configure your system to optimize performance and security

Speakers

Tom Huntington

EVP of Technical Solutions, Fortra

Tom Huntington is Executive Vice President of Technical Solutions at Fortra, and has been with the company for over 35 years. He helps manage the worldwide Fortra software engineer team that works to integrate and promote our automation and security solutions to partners and customers... Read More →

Tom Horan

Vice President, Cloud & Managed Services, Meridian IT

I consult with clients regarding Cloud and Managed Services.

Wednesday May 22, 2024 4:00pm - 5:00pm CDT
Meeting Room 203B 1508 Houston St, Fort Worth, TX 76102

Session Level All
Audience System Administrators, IT Managers, CIOs, IT Directors

5:15pm CDT

305: The Cyber Security News Report - A Fun Look At Current Information Security News Stories

You know that cyber security is a real issue - even if your boss doesn’t get it. Time to stress less about it and enjoy a fun look at real, Information and Cyber Security stories in the news. These are a sampling of current security news stories from the last 3 months.

Robert Nettgen will read a sampling of these stories in a dramatic, over the top, radio announcer style. While usually not mentioned by name, it’s a safe bet that some of these companies in the news have an IBM i server hiding in the data center. ?A list of the stories will be shared, so if your boss thinks this stuff is overblown and not a real risk, feel free to share some of these stories - or even the whole list.

Learning Objectives:
1. Gain a deeper understanding about the seriousness of cybersecurity
2. Learn from others' cybersecurity mistakes and how to avoid them in your own systems

Speakers

Robert Nettgen

Senior Consultant, Briteskies

Robert Nettgen wanted a career in radio broadcasting, but saw that profession declining and found better pay working in IT. A PC developer in the ‘80’s, Rob started administering AS/400s in the early ‘90s for a Radio/TV group owner. In 1999 Rob accepted a job as IT director... Read More →

Wednesday May 22, 2024 5:15pm - 6:15pm CDT
Meeting Room 103A 1508 Houston St, Fort Worth, TX 76102

Session Level All
Audience CISOs, System admins, Managers and Directors of IT departments, and anyone else responsible for information security.

8:00am CDT

252: What Does a Full-Featured Security Strategy Look Like?

In this session, you will learn about the many aspects that an IBM i Security suite product will cover. This includes multi factor authentication (MFA), auditing and SEIM features, access control, authority elevation, and more.

Learning Objectives:
1. You will know what to look for when you consider adding a security product to your IBM I IT infrastructure.
2. You will learn how to take a holistic approach to IBM i Security
3. You will understand all the components to be considered for a comprehensive, effective security strategy for IBM i

Speakers

Boris Breslav

Principle Technology Architect, Precisely

Boris is a Principle Technology Architect for the Assure Security product at Precisely where he's helping to architect security solutions for IBM i. Boris started his career in IT security in the year 2000 as a Windows and IBM i developer in a start-up named Bsafe (later known as... Read More →

What Does a Full Featured Security Strategy Look Like COMMON 2024 pdf

Thursday May 23, 2024 8:00am - 9:00am CDT
Meeting Room 203B 1508 Houston St, Fort Worth, TX 76102

Session Level Intermediate
Audience IBM i professionals who must address Security requirements for their IBM i systems will benefit from this session.

9:15am CDT

141: Configuring Single Sign-on for IBM i

IBM i has the capability to participate in a single sign on environment. What is single sign on? Single sign on is an authentication process where a user can access various applications in the network using one set of login credentials. This presentation will describe the Kerberos protocol and how to map a domain user ID to an IBM i user profile to safely authenticate the user to an enabled network application without passwords being sent across the network.

Learning Objectives:
Learn about the Kerberos protocol and how to configure IBM i to take advantage of the protocol and enable single sign-on.

Speakers

Robert Andrews

Principal Security Consultant, IBM

Robert Andrews is a Principal Security Consultant, Senior Technical Staff Member (STSM), and the Team Lead for the IBM i Security and Authentication Technology Expert Labs team in Rochester, MN. He is an IBM certified Thought Leader and The Open Group certified Distinguished Technical... Read More →

Single Sign On Overview for IBM i pdf

Thursday May 23, 2024 9:15am - 10:15am CDT
Meeting Room 101 1508 Houston St, Fort Worth, TX 76102

Session Level Intermediate
Audience IBM i System Administrators, Windows Administrators, and Network Administrators

9:15am CDT

362: Still Making These IBM i Security Faux Pas? STOP.

Are you still relying on outdated security practices without understanding the risks they pose? Join this session where we unravel the mysteries behind persisting security practices and shed light on the imperative need for evolution. Dive into data-backed insights, discover the motivations behind clinging to the past, and explore strategies to usher in a new era of security resilience.?_

Key Highlights:_
- Legacy Security Pitfalls
- Motivations for Continuity
- Strategies for Modernization

Risk Assessment of Legacy Practices: Understand the risks posed by continuing with outdated security practices and their implications on overall security posture.

Motivational Factors Analysis: Gain insights into the motivations behind the persistence of outdated security practices and how these factors can be addressed.

Modernization Roadmap: Explore practical strategies and real-world examples for transitioning from legacy security practices to modern, resilient solutions.

Join us in this session as we challenge the status quo and pave the way for a more secure and resilient future of IBM i cybersecurity.

Speakers

Alan Hamm

Senior Security Services Engineer, Fresche Solutions

With over 25 years of experience in the IT industry, Alan is a seasoned professional specializing in IBM i services, particularly in IBM i security. His expertise extends to leveraging his development background for automation and configuration purposes. Previously, he served as a... Read More →

Thursday May 23, 2024 9:15am - 10:15am CDT
Meeting Room 203C 1508 Houston St, Fort Worth, TX 76102

Session Level All

10:30am CDT

306: Disk-level encryption isn’t enough

As companies look to leverage encryption as part of their security landscape, it can be tempting to just implement disk-level encryption. As security requirements continue to grow and compliance regulations are taken into account for the IBM i environment, administrators are finding they need to implement encryption at the field level versus disk level encryption.

Learning Objectives:
• What are the use cases for disk level and field level encryption?
• How do I satisfy PCI compliance auditors requirements for encryption?
• What types of fields should be encrypted?
• What is an IBM I Field Procedures?

Speakers

Barry Kirksey

Principal Sales Engineer, Precisely

Bill Peedle

Principal Sales Engineer, Precisely

Common Disk Level Encryption is not enough pdf

Thursday May 23, 2024 10:30am - 11:30am CDT
Meeting Room 102 1508 Houston St, Fort Worth, TX 76102

Session Level All
Audience Administrators and security professional responsible for IBM i security

10:30am CDT

406: Cross-Platform Compliance, Security and EDR

This session will cover current and planned compliance, security and EDR capabilities across IBM i, AIX and Linux on Power. It will also include a PowerSC product update.

Learning Objectives:

Learn about automated compliance advancements on IBM i
Learn how Endpoint Detection and Response (EDR) capabilities can enhance real-time security across the Power platform
Get an update on recent enhancement with the PowerSC product

Speakers

Tim Hill

Distinguished Engineer, Rocket Software

Tim Hill is a Distinguished Engineer and VP of Engineering at Rocket Software. He’s responsible for security, cloud, and AI/ML products on Power and Z. Technology areas of personal focus include model-based reasoning, deep learning, complex event correlation, network management... Read More →

Debbie Quick

Power Security Product Manager, IBM

Debbie Quick is a Power Security Product Manager at IBM. She began her career 21 years ago as an Administrative Assistant, moved into z/OS Content Development three years later, and has been in Product Management for two years. She is the Product Manager for IBM PowerSC and leads... Read More →

Thursday May 23, 2024 10:30am - 11:30am CDT
Meeting Room 201B 1508 Houston St, Fort Worth, TX 76102

Session Level All

1:30pm CDT

238: Ransomware and IBM i

Today, there are no known ransomware viruses that run directly on IBM i. However, that does not mean that the IBM i is not at risk. In this practical session, you will learn how to keep your IBM i system safe from Ransomware attacks. Don't miss this critical session!

Learning Objectives:
1. Understanding ransomware and how it can effect the IBM i
2. Know how to secure the IBM i from ransomware attacks
3. Link to resources for further details

Speakers

Robert Andrews

Principal Security Consultant, IBM

Robert Andrews is a Principal Security Consultant, Senior Technical Staff Member (STSM), and the Team Lead for the IBM i Security and Authentication Technology Expert Labs team in Rochester, MN. He is an IBM certified Thought Leader and The Open Group certified Distinguished Technical... Read More →

Ransomware and IBM i pdf

Thursday May 23, 2024 1:30pm - 2:30pm CDT
Meeting Room 201A 1508 Houston St, Fort Worth, TX 76102

Session Level Intermediate
Award BRONZE
Audience IBM i Admins or Security team members

1:30pm CDT

286: Using SQL to Drive Security scans

There are at least 78 security-related resources accessible by SQL; covering 156 security-checks; with another 20 not accessible; for a total of 176. Deliverables are: 10,200+ lines of SQL, with a partition-based implementation worksheet, and a Security Audit spreadsheet; showing each of the individual items, with a “Pass” flag and counters -- pretty enough for your future security audit.

Learning Objectives:
We will start by looking at the results (a single TXT file), and then we will dive into the SQL, and each of the spreadsheets to see how we got here. We won’t review every SP…

Speakers

Tim Hawkins

System Admin, Tanimura & Antle

I've got one year to go before I retire.... The boss said to "give back", and since that matched my plans anyways; here we go. I present 4 classes on IBM i Security, showing all of the gory details. Some can be leveraged for just system administration, and some elements work... Read More →

Utilities commands sql

Utilities condition handling copybook sql

Utilities email sql

Utilities NETSERVER ATTRIBUTE INFO rpgle

Utilities NETSERVER ATTRIBUTE INFO sql

SampleOutput Monthly (full) txt

SampleOutput Monthly (known) txt

SampleOutput Weekly (full) txt

Using SQL to drive Security scans pdf

Check System Security sql

Thursday May 23, 2024 1:30pm - 2:30pm CDT
Meeting Room 101 1508 Houston St, Fort Worth, TX 76102

Session Level Advanced
Digital Badge SQL
Audience System Administrators who are into protecting their systems; needing to understand the w-h-o-l-e scope, based on the specifics. Lots of them….

2:45pm CDT

378: Building a Successful IFS Security Strategy

Ask any security professional which area of IBM i security is most often ignored and chances are the unanimous response is a chorus of “the Integrated File System.

Many organizations are either unaware of the risks that an unsecured IFS poses or are simply unsure of how to secure it. Regardless of the reason, this is a problem. The system interface doesn’t differentiate how a user profile accesses data – which leaves sensitive data exposed and vulnerable to manipulation, malware, and even theft.

Learning Objectives:
1 What the IFS is and where it is vulnerable
2 The risks of ignoring IFS security
3 How to secure the IFS and what you need in order to do so

Speakers

Sandi Moore

Sr. Solutions Engineer, Fortra LLC

Sandi has been working with Fortra customers for over 20 years supporting systems monitoring and security software. With experience on IBM i, AIX, and Linux, she has been involved in product demonstrations, implementation, support, training, research, and product testing. Sandi is... Read More →

POWERUp 2024 Session 378 Building a Successful IFS Security Strategy pdf

Thursday May 23, 2024 2:45pm - 3:45pm CDT
Meeting Room 201A 1508 Houston St, Fort Worth, TX 76102

Session Level All
Audience Anyone tasked with addressing security on the IBM i will benefit from this session.

4:00pm CDT

281: Surviving a Ransomware Attack

A few years ago the company was hit with a ransomware attack. This is the tale of how it happened and how we continue to recover.

Learning Objectives:
1. How 1 particular attack happened to a company with an IBM i.
2. What happened in the immediate aftermath?
3. How we continue to improve our systems to prevent future attacks?
4. How we continue to educate our users about threats?

Speakers

Michael McClure

ICT ERP Team Lead, Mueller, Inc.

Surviving a Ransomware Attack PU2024 pdf

Thursday May 23, 2024 4:00pm - 5:00pm CDT
Meeting Room 203B 1508 Houston St, Fort Worth, TX 76102

Session Level All
Audience Anyone interested in a real life story of surviving a ransomware attack.