My Journey with Advanced
Authentication and Mainframe Security
Hi, my name is MJ. As a Next-Gen Mainframer and computer science graduate from Northern
Illinois University, I had the incredible opportunity this summer to contribute to cutting-edge
mainframe security on the Advanced Authentication Method (AAM) QA Automation Team at
Broadcom. This summer work deepened my technical knowledge and showed me how modern
development practices can transform the way we test legacy systems.
Mainframes are the backbone of enterprise computing, powering critical industries like finance,
healthcare, transportation, and telecommunications. As cyber threats have grown more
sophisticated, mainframe security must keep evolving—without sacrificing usability for
authorized users.
Why Multi-Factor Authentication Matters
Multi-Factor Authentication (MFA) represents a major step forward in protecting sensitive
systems. If you’ve ever received a PIN on your phone, used a fingerprint scan, or logged in with
facial recognition, you’ve used MFA. It strengthens security by requiring multiple forms of
verification to confirm a user’s identity.
In the mainframe world, security is managed through one of three External Security Managers
(ESMs):
● RACF (IBM’s Resource Access Control Facility)
● ACF2 (Access Control Facility)
● TOP SECRET (both from Broadcom)
Each follows different philosophies. ACF2 and Top Secret default to denying access unless
explicitly granted, while RACF traditionally requires explicit denial rules. This is where
R_FACTOR comes in—a key component that acts like a universal translator, standardizing
security requests across all three ESMs. R_FACTOR enables compatibility for advanced features
like MFA across these diverse systems.
My Project: Automating Test with BDD
My summer project focused on automating the testing of R_FACTOR calls using Behavior�Driven Development (BDD) to identify bugs and vulnerabilities in the AAM codebase.
The project scope included:
● 6 standard R_FACTOR calls
● 6 enhanced R_FACTOR calls (with additional parameters)
● Each required a dedicated BDD feature to test all variations.
We used the Cucumber BDD framework, which relies on Gherkin, an English-like language for
writing scenario outlines. This approach is highly collaborative and self-documenting—perfect
for complex QA automation.
How It Works: Behind the Automation
The test process involved multiple stages and technologies:
1. Connect to the Mainframe Environment
2. Dynamically Set Variables using test parameters
3. Generate a High-Level Assembler (HLASM) Source file using REXX utility and
FreeMarker Template Language (FTL)
4. Submit the HLASM Source via JCL (Job Control Language)
5. Run the Job, then
6. Validate Output using a cucumber step
Only if every BDD step passes will the test be marked as successful. We also implemented the
ability to switch ESMs (RACF, ACF2, or TOP SECRET) so test cases could be run across all
platforms—ensuring consistency in behavior.
Overcoming Challenges
The most difficult challenge was understanding the complex codebase we were improving. Like
many large projects, there was a learning curve. Fortunately, the self-documenting nature of
BDD made it easier to understand test steps written in Gherkin.
Another challenge was managing the huge number of test permutations—especially for
enhanced R_FACTOR calls. Thousands of test cases were needed to fully validate the system.
Thanks to Cucumber’s modular design, we could add new test cases easily by simply adding a
line to the “Examples” table in a scenario outline.
Tech Stack: Blending Old and New
This project brought together modern tools and classic mainframe technologies. I worked with:
● IntelliJ, Java, and Cucumber BDD
● ISPF, HLASM, JCL, and REXX
● Mainframe scripting tools and secure login systems
Balancing modern BDD testing with assembler-level programming gave me a unique view into
what today’s mainframe development really looks like—and it was incredibly rewarding.
Real-World Agile Experience
This was my first time practicing Agile methodology in a real-world setting. Although I had
studied Agile in school, experiencing daily stand-ups, iterative cycles, and continuous team
collaboration gave me a much deeper understanding.
The daily stand-ups were particularly valuable—they created a strong sense of team and
provided opportunities to ask questions and get support. I felt truly included as a contributing
member of the team.
In addition to everything I’ve already mentioned, I also learned:
● IntelliJ IDE and how to debug Java
● The Java language itself
● How to use Cucumber and practice Behavior-Driven Development
● How to write and debug assembler and JCL code
● A new scripting language called REXX
● About Jenkins, a powerful automation tool
● And through InterSkill Learning, I earned certifications in RACF, ACF2, and Top Secret
Looking back, I feel a deep sense of pride in helping improve mainframe security through
automated testing. The framework we developed will continue to support the reliability and
safety of systems that run the world's most critical infrastructure.
Final Thoughts
This project highlighted how the mainframe industry is evolving, with a strong focus on
attracting and equipping next-gen talent. It was inspiring to work with a team that combines
modern software development practices with time-tested technology.
I’m especially grateful to: My manager, Chandan Vanketesh, my mentors, James Broadhurst
and John Mathunny, my buddy, Samuel Wells, and the entire AAM QA Automation team. Their
legendary expertise and constant support made this project achievable and incredibly
rewarding.
My journey as a Next-Gen Mainframer reaffirmed that the platform isn’t going anywhere—
Mainframes will remain central to enterprise computing and are constantly adapting to meet
modern challenges. Modern development practices open exciting opportunities for developers
with the skills—and curiosity—to span both worlds.
If I could change one thing about my time at Broadcom this summer, it would be the duration—I
wish I had more time with the team! Every day brought something new, and I genuinely enjoyed
learning and growing through each challenge.
I'm confident this experience has set me on a path to becoming a strong, well-rounded
developer, and I can’t wait to see what’s next. Thank you to everyone who helped make this an
unforgettable summer.