Vertali Mainframe Podcast

In this episode of the Vertali Podcast, host Ed Nell talks with senior software developer Nathan Carroll about how AI is changing mainframe software development, from day-to-day tooling to security, governance, and the shifting role of developers. Nathan shares how he uses AI as a “rubber duck” for high-level architecture, why agentic AIs increasingly feel like junior team members, and how well-placed guardrails and human review keep velocity gains from becoming security liabilities. He also digs into mainframe-specific realities (limited public training data, on-prem needs) and why modernization efforts like documentation and UI overhauls are where AI shines today.Key TakeawaysAI as a learning accelerator: For self-taught or cross-discipline developers, AI is a powerful training and upskilling companion that exposes better patterns and practices. Pick the right tool for the job: Nathan uses ChatGPT for architectural discussion and ideation (not code), GitHub Copilot for inline acceleration, and Claude for documentation/UI work.Guardrails + review are non-negotiable: Senior review, clear role/instructions, and “ask clarifying questions” policies sharply improve quality and safety. Treat AI like a junior hire.Security first: Biggest risk is unintentional secrets exposure in generated/committed code; enforce credential handling, redaction, and enterprise/onsite deployments.Best Moments“AI is great at boilerplating, explaining code, and small actionable tasks.”“We rewrote the whole thing using React in about three months… AI was pivotal.”“Treat it like a junior developer, don’t let it go crazy, and always review.”“Have a human in the chain… don’t assume the AI knows what it’s doing.”About VertaliVertali is a leading cyber security company specialising in IBM® mainframe infrastructure. With deep expertise, innovative software, and trusted resources, Vertali supports organisations across the UK and globally, particularly in finance, retail, utilities, and government sectors.100% focused on mainframe systems, Vertali helps organizations secure and optimize their operations. By combining advanced technology with expert insights, Vertali delivers powerful cybersecurity solutions and consulting services that protect against evolving threats. Driven by a proactive approach, Vertali enables businesses to build resilient systems, safeguard sensitive data, and maintain smooth, uninterrupted operations in the face of cyber risks. Hosted on Acast. See acast.com/privacy for more information.

In this episode, Ed Nell is joined again by Leanne Wilson, Senior Technical Delivery Manager and Security Consultant at Vertali. They dive into the world of mainframe security assessments and penetration testing, clarifying the differences between the two, when to use them, and why they’re both essential. Leanne shares real-world examples and explains how combining both approaches offers the most complete picture of an organization’s security posture.Key TakeawaysSecurity Assessments = The Full Check-Up: Think of it like an MOT for your mainframe. Security assessments give a structured, holistic review of systems and controls, revealing gaps and offering remediation plans.Pen Testing = Real-World Attack Simulation: Pen tests mimic a cyber attack using limited access, testing how far a bad actor could go by exploiting weaknesses, such as low-privileged user accounts.Know the Difference: Assessments show what’s in place. Pen tests show if it works. Both are essential, but they answer different questions.Used Together, They’re Powerful: An assessment identifies vulnerabilities. A pen test checks if those issues can actually be exploited. One informs the other, ideally, assessments come first.Real-World Risk & Remediation: The findings are prioritized with clear action steps. But the value only comes when organizations act on the results; this isn’t just a compliance tick-box.Best Moments"Security assessments show what controls are in place. Pen tests show if those controls actually work.""Many attacks don’t come from the outside, they come from compromised credentials. You need to know what an insider could do.""Marking your own homework rarely works. A fresh pair of eyes often spots issues you’ve overlooked.""We’ve seen clients do annual pen tests but never fix the vulnerabilities, security should be about improvement, not just compliance.""We cracked an account by chaining three small oversights: an old database copy, visible password rules, and a predictable naming pattern. Individually, harmless. Together? A breach."About VertaliVertali is a leading cyber security company specialising in IBM® mainframe infrastructure. With deep expertise, innovative software, and trusted resources, Vertali supports organisations across the UK and globally, particularly in finance, retail, utilities, and government sectors.100% focused on mainframe systems, Vertali helps organizations secure and optimize their operations. By combining advanced technology with expert insights, Vertali delivers powerful cybersecurity solutions and consulting services that protect against evolving threats. Driven by a proactive approach, Vertali enables businesses to build resilient systems, safeguard sensitive data, and maintain smooth, uninterrupted operations in the face of cyber risks.Find Out More: https://vertali.com/About Leanne WilsonWith more than a decade’s experience in mainframes, systems engineering and cyber security, Leanne leads Vertali’s technical delivery of mainframe security and infrastructure projects. Her focus is on helping organizations to secure, protect and optimize their infrastructure and related applications. An ISACA Certified Information Security Manager (CISM), Leanne has an MSC in cyber security, regularly presents at industry events, and writes articles for channels including SHARE’d Intelligence, Planet Mainframe and TechChannel. Hosted on Acast. See acast.com/privacy for more information.

In this episode, Ed Nell is joined by Leanne Wilson, Senior Technical Delivery Manager and Security Consultant at Vertali, to explore the Digital Operational Resilience Act (DORA) and its impact on the financial sector. Leanne unpacks the regulation’s key pillars, risk management, third-party oversight, and operational resilience and discusses how financial institutions can approach compliance without getting overwhelmed. From mapping IT ecosystems to realistic penetration testing, she emphasizes that DORA isn't just about compliance; it's about building a culture of resilience.Key TakeawaysDORA Is a Mindset, Not a Checklist: Leanne emphasizes that real compliance goes beyond ticking boxes. Organizations must embed resilience into their culture, with board-level accountability and continuous review.Visibility Is the Starting Point: Before institutions can manage risk, they need full visibility of their IT estate, including cloud infrastructure, third-party systems, and sprawling enterprise networks.Third-Party Risk Is Business Risk: With complex and interconnected supply chains, third-party vulnerabilities can quickly become internal issues. Early-stage procurement and contract clauses are vital for control.Simulate Chaos, Not Comfort: Effective operational resilience testing should mimic real-world disasters. Tabletop exercises alone aren’t enough, organizations must test systems, people, and processes under pressure.Mainframes Must Be Included: Mainframes often do the financial heavy lifting, yet are overlooked in many cyber strategies. DORA-compliant testing and risk planning must cover these critical systems.Best Moments“Start small, gain visibility, and make resilience a shared responsibility across your organization.”“If your vendor gets hit, and they’re part of your operations, it becomes your problem very quickly.”“You can’t protect what you can’t see. Visibility and ownership are the foundation.”“Resilience isn’t a department, it’s an organizational capability.”“Pen testing should be specific. A mainframe needs a mainframe expert—not someone used to testing laptops.”About VertaliVertali is a leading cyber security company specialising in IBM® mainframe infrastructure. With deep expertise, innovative software, and trusted resources, Vertali supports organisations across the UK and globally, particularly in finance, retail, utilities, and government sectors.100% focused on mainframe systems, Vertali helps organizations secure and optimize their operations. By combining advanced technology with expert insights, Vertali delivers powerful cybersecurity solutions and consulting services that protect against evolving threats. Driven by a proactive approach, Vertali enables businesses to build resilient systems, safeguard sensitive data, and maintain smooth, uninterrupted operations in the face of cyber risks.Find Out More: https://vertali.com/About Leanne WilsonWith more than a decade’s experience in mainframes, systems engineering and cybersecurity, Leanne leads Vertali’s technical delivery of mainframe security and infrastructure projects. Her focus is on helping organizations to secure, protect and optimize their infrastructure and related applications. An ISACA Certified Information Security Manager (CISM), Leanne has an MSC in cybersecurity, regularly presents at industry events, and writes articles for channels including SHARE’d Intelligence, Planet Mainframe and TechChannel. Hosted on Acast. See acast.com/privacy for more information.

In this episode of the Vertali Podcast, Ed Nell is joined by Mark Wilson, Technical Director at Vertali, to explore the intersection of generative AI and cyber security. They discuss the rapid rise of generative AI and its potential benefits, such as improving efficiency in fraud detection and document summarization, while also addressing the risks it poses to cyber security. Mark delves into how AI can be leveraged to enhance security, particularly within mainframe environments, and how businesses can balance the benefits with caution.This episode is packed with insights into how generative AI is reshaping the cyber security landscape, offering businesses opportunities to utilize AI while staying vigilant against emerging threats.Key TakeawaysGenerative AI's Efficiency: AI can dramatically increase efficiency in tasks such as fraud detection and document summarization by automating processes thatpreviously took hours, saving time and resources.AI in Cyber security: AI’s ability to analyse vast amounts of data quickly makes it a powerful tool for detecting anomalies and potential security breaches in networksand mainframes.Rising Threats: The accessibility of AI for creating ransomware and other cyberattacks has lowered the barrier for malicious actors, making cybersecuritymore challenging than ever.Cyber Resilience: AI contributes to cyber resilience by improving response times and automating threat detection, although human oversight remains crucial.Adapting to the Change: As AI transforms industries, organizations must be proactive, balancing innovation with caution. The importance of validation and checking AI outputs is vital to ensure accuracy and reliability.Best Moments"Generative AI can process massive amounts of data in seconds, allowing us to spot anomalies and threats we couldn’t see before.""The barrier to entry for cyberattacks is now incredibly low—AI can be used by anyone to create tools that previously required specialized knowledge.""AI’s role in cyber security is growing rapidly, but we must always validate the results to ensure it’s working for us and not against us.""Cyber resilience is about more than just having the latest tech; it’s about having the right processes and people in place to recover from threats."About VertaliVertali is a leading cyber security company specializing in IBM® mainframe infrastructure. With deep expertise, innovative software, and trusted resources, Vertali supports organizations across the UK and globally - particularly in finance, retail, utilities, and government sectors.100% focused on mainframe systems, Vertali helps organizations secure and optimize their operations. By combining advanced technology with expert insights, Vertali delivers powerful cybersecurity solutions and consulting services that protect against evolving threats. Driven by a proactive approach, Vertali enables businesses to build resilient systems, safeguard sensitive data, and maintain smooth, uninterrupted operations in the face of cyber risks.https://vertali.com/About Mark WilsonA global thought leader in mainframe technology and security, Mark Wilson heads Vertali's technical teams. With over 40 years of experience working in IBM Z across various industries and mainframe environments, Mark has held technical, management, and strategic roles. His deep expertise and delivery-focused approach are highly valued by Vertali clients, IBM, and third-party technology partners. Mark is also the Region Manager for GSUK and an IBM Champion. Hosted on Acast. See acast.com/privacy for more information.