Beginners will have a strong foundation after reading this book. Experienced professionals will reference it frequently.
There are several factors in the information industry today that make IBM Mainframe Security: Beyond the Basics pertinent. The biggest one may well be summed up by this question: "What will you do when we're gone?"
My own career began with a job to pay for college tuition and grew for 35 years. I believe every one of my associates has come to their level of expertise more or less by a similar process of progressive accumulation of knowledge and skills, including formal education and training, on-the-job training, conferences, seminars, sharing among user groups, and a continually shifting set of challenges that called for new resolutions—not to mention the painful but effective experience of problem solving. The most valuable contributions have undoubtedly been the insights, attitudes, and intellectual approaches that were learned from coworkers and associates.
That is "us." I humbly include myself in a group with Dinesh Dattani of somewhat self-styled mainframe security professionals. As a result of variations in Mr. Dattani's experiences, his book shows emphasis in places I wouldn't have thought; hence from it I learned new things. In this field, we learn from each other. And forgive me for saying so, fellow mainframers who grew up with this technology, but we are growing old and leaving the workplace. Mr. Dattani offers this book so that our hard-earned knowledge isn't lost into the sunset.
In his book, he includes quotations at the beginning of many chapters. These add interest, but don't judge them merely as amusements because they also capture some of the greatest pearls of mindset that a security professional can possess. This is just one of the ways this book proudly continues the tradition of sharing and handing down the collective wisdom of decades of security professionals.
There is a clear progression from a basic justification of information security practices, to the core aspects of the operating system security processes, followed by treatment of system-wide levels of RACF empowerment: System SPECIAL, System OPERATIONS, and System AUDITOR. This progression continues into DSMON and all its functions and reports, the role and valuable "tension" with the auditing functions, etc.
At each step in this journey, the reader is not merely exposed to a concept but is given actionable directions for implementation. For example, while reading the discussion of the overarching importance of continued use of DSMON, we are also provided with the syntactical details of every DSMON function and what each will produce, which allows the reader to code them directly into JCL and execute a job to achieve the results described.
Beginners will certainly have a stronger foundation after reading this book. Experienced professionals will reference it frequently. Whether this is a new arena for you or you need an occasional reminder of what something is or how and when you should be doing it, I recommend that you not let this book get away from you!