New to Mainframe Community

 View Only

My Journey with Advanced Authentication and Mainframe Security

By Milad Jizan posted 21 days ago

  

My Journey with Advanced Authentication and Mainframe Security

 

Hi, my name is MJ. As a Next-Gen Mainframer and computer science graduate from Northern Illinois University, I had the incredible opportunity this summer to contribute to cutting-edge mainframe security on the Advanced Authentication Method (AAM) QA Automation Team at Broadcom. This summer work deepened my technical knowledge and showed me how modern development practices can transform the way we test legacy systems.

 

Mainframes are the backbone of enterprise computing, powering critical industries like finance, healthcare, transportation, and telecommunications. As cyber threats have grown more sophisticated, mainframe security must keep evolving—without sacrificing usability for authorized users.

Why Multi-Factor Authentication Matters

 

Multi-Factor Authentication (MFA) represents a major step forward in protecting sensitive systems. If you’ve ever received a PIN on your phone, used a fingerprint scan, or logged in with facial recognition, you’ve used MFA. It strengthens security by requiring multiple forms of verification to confirm a user’s identity.

 

In the mainframe world, security is managed through one of three External Security Managers (ESMs):

 

  • RACF (IBM’s Resource Access Control Facility)

  • ACF2 (Access Control Facility)

  • TOP SECRET (both from Broadcom)

 

Each follows different philosophies. ACF2 and Top Secret default to denying access unless explicitly granted, while RACF traditionally requires explicit denial rules. This is where R_FACTOR comes in—a key component that acts like a universal translator, standardizing security requests across all three ESMs. R_FACTOR enables compatibility for advanced features like MFA across these diverse systems.

My Project: Automating Test with BDD

 

My summer project focused on automating the testing of R_FACTOR calls using Behavior-Driven Development (BDD) to identify bugs and vulnerabilities in the AAM codebase.

 

The project scope included:

 

  • 6 standard R_FACTOR calls

  • 6 enhanced R_FACTOR calls (with additional parameters)

  • Each required a dedicated BDD feature to test all variations.

 

We used the Cucumber BDD framework, which relies on Gherkin, an English-like language for writing scenario outlines. This approach is highly collaborative and self-documenting—perfect for complex QA automation.

How It Works: Behind the Automation

 

The test process involved multiple stages and technologies:

 

  1. Connect to the Mainframe Environment

  2. Dynamically Set Variables using test parameters

  3. Generate a High-Level Assembler (HLASM) Source file using REXX utility and FreeMarker Template Language (FTL)

  4. Submit the HLASM Source via JCL (Job Control Language)

  5. Run the Job, then

  6. Validate Output using a cucumber step 

 

Only if every BDD step passes will the test be marked as successful. We also implemented the ability to switch ESMs (RACF, ACF2, or TOP SECRET) so test cases could be run across all platforms—ensuring consistency in behavior.



Overcoming Challenges

 

The most difficult challenge was understanding the complex codebase we were improving. Like many large projects, there was a learning curve. Fortunately, the self-documenting nature of BDD made it easier to understand test steps written in Gherkin.

 

Another challenge was managing the huge number of test permutations—especially for enhanced R_FACTOR calls. Thousands of test cases were needed to fully validate the system. Thanks to Cucumber’s modular design, we could add new test cases easily by simply adding a line to the “Examples” table in a scenario outline.



Tech Stack: Blending Old and New

 

This project brought together modern tools and classic mainframe technologies. I worked with:

 

  • IntelliJ, Java, and Cucumber BDD

  • ISPF, HLASM, JCL, and REXX

  • Mainframe scripting tools and secure login systems

 

Balancing modern BDD testing with assembler-level programming gave me a unique view into what today’s mainframe development really looks like—and it was incredibly rewarding.



Real-World Agile Experience

 

This was my first time practicing Agile methodology in a real-world setting. Although I had studied Agile in school, experiencing daily stand-ups, iterative cycles, and continuous team collaboration gave me a much deeper understanding.

 

The daily stand-ups were particularly valuable—they created a strong sense of team and provided opportunities to ask questions and get support. I felt truly included as a contributing member of the team.

 

In addition to everything I’ve already mentioned, I also learned:

 

  • IntelliJ IDE and how to debug Java

  • The Java language itself

  • How to use Cucumber and practice Behavior-Driven Development

  • How to write and debug assembler and JCL code

  • A new scripting language called REXX

  • About Jenkins, a powerful automation tool

  • And through InterSkill Learning, I earned certifications in RACF, ACF2, and Top Secret

 

Looking back, I feel a deep sense of pride in helping improve mainframe security through automated testing. The framework we developed will continue to support the reliability and safety of systems that run the world's most critical infrastructure.

Final Thoughts

 

This project highlighted how the mainframe industry is evolving, with a strong focus on attracting and equipping next-gen talent. It was inspiring to work with a team that combines modern software development practices with time-tested technology.

 

I’m especially grateful to: My manager, Chandan Vanketesh, my mentors, James Broadhurst and John Mathunny, my buddy, Samuel Wells, and the entire AAM QA Automation team. Their legendary expertise and constant support made this project achievable and incredibly rewarding.

 

My journey as a Next-Gen Mainframer reaffirmed that the platform isn’t going anywhere—Mainframes will remain central to enterprise computing and are constantly adapting to meet modern challenges. Modern development practices open exciting opportunities for developers with the skills—and curiosity—to span both worlds.

 

If I could change one thing about my time at Broadcom this summer, it would be the duration—I wish I had more time with the team! Every day brought something new, and I genuinely enjoyed learning and growing through each challenge.

 

I'm confident this experience has set me on a path to becoming a strong, well-rounded developer, and I can’t wait to see what’s next. Thank you to everyone who helped make this an unforgettable summer.

0 comments
11 views

Permalink