20th June 2019: Many people believe that seven is a magic number, perhaps the world's favorite number. Seven days of the week, the seven seas, seven wonders of the world. Snow White met seven dwarves. Sinbad had seven adventures. James Bond is 007. I do consider myself to be extremely fortunate in my career and the opportunities I've had: I've been a security consultant with RSM Partners for seven years. But luck can only carry you so far. You also need commitment and hard work.
So how did I get into this field? For me, it began in 2011. I was teaching at a technical college after completing a degree in Production Technology. I was helping at a Guide Share Europe GSE conference when I heard something that made me go hmmm: the percentage of the world's businesses that run on a mainframe. This was closely followed by: did somebody say skills shortage?
Of course, this huge opportunity and major problem both still exist. Back in 2014, IBM predicted that more than 37,000 new mainframe administration positions would have emerged globally by 2020. The requirement was clearly there. Yet for 20 years or more, fewer and fewer mainframe technical staff were being trained.
That trend is, thankfully, starting to be reversed. Even so, an aging and retiring workforce mean the mainframe skills shortage and the need to close that skills gap is very real.
All of us in the industry need to continue promoting mainframe opportunities and training the people we need: whether that means reaching out to non-mainframe techies with 20 years' experience in another part of IT, younger professionals, or undergraduates. Start now so they'll be ready, five years down the line.
Seven years ago, RSM Partners wanted an apprentice to start training as the next generation. I was the guinea pig for a wider scheme, as this was the genesis of our highly successful Mainframer in Training MIT program. I joined the company in 2012 in a back-end support role.
In my first six months, I attended 12 theoretical and practical courses in rapid succession. The problem was that I didn't have a formal plan, and I was very keen. It was like trying to order and eat everything from a restaurant menu at the same time. If your diet is nonstop z/OS, z/VM, RACF, CICS, Db2, IMS, MQ, USS, Websphere and Job Entry Subsystem JES, a bit of indigestion is inevitable.
The mainframe platform was far larger than I'd anticipated and it's not something you can master in its entirety and certainly not in six months. That's not how it works. You need to achieve a good breadth of general knowledge and experience first, and then progress down avenues of specialism, ideally of your own choosing. It wasn't until I sat down with a mentor and made a realistic plan that my education and self-development started to have a real impact. A tailored training plan is essential: goal-orientated, structured, differentiated, backed up by support, and constantly reviewed.
You also need access to systems, so you can do as well as learn. Getting involved in project work later on was the best way to consolidate and accelerate my learning. Role-based access control RBAC implementations, security remediation projects, security audits, penetration testing, and security engineering... I lapped it up. You learn to communicate with non-technical teams and to work alongside the business. You become more adept at client-focused process, change and incident management.
Attending industry events and networking are also very useful: user groups, working groups, conferences. As I learned more and my confidence grew, I became more involved in presenting and teaching. Having that confidence in your abilities is critical; but you've also got to know your stuff.
Looking back over my experiences, what went well, and what could have been done better?
Without a requirement to address, any education is pretty much wasted. So a proper training plan is a very good idea, a gradual training program related to the job you're doing. Documenting your learning and the work you undertake is another "must have." Making sure that if you attend training, you put the knowledge to good use on your return to work, so make sure you have a project or a task connected to the training to ensure you consolidate your learning.
My most important takeaway from the last seven years is how to spin numerous plates at the same time: keeping them all moving and making sure each is given its due care and attention. I learned how to survive on six hours sleep a night. I learned you should always create a backup. And that after a long and hectic day, red wine can be a great help.
Everybody has their own journey. The most important thing, for me, is taking control of that journey. Don't just tick boxes when it comes to training, you need to make sure the training is relevant. Seek out support from colleagues; there's no shame in asking for help. Tap into networks and build your own network: you never know, the person sitting next to you might be who you call in, say, seven years' time with a SEV1 incident. Now wouldn't that be lucky?
By Leanne Wilson, Security Consultant, RSM Partners
 https://www.datatrain.com/mainframefacts.aspx https://blog.infotelcorp.com/blog/articles/the-mainframe-skills-gap-is-widening-automation-can-save-us
 IBM Redbook - Mainframe Modernization and Skills: The Myth and the Reality