Skip to main content

Evil Mainframe Brings Ethical Hacking to the Forefront

When it comes to hacking, there are courses that can teach you to break past the security of almost anything. However, learning how to hack a mainframe usually isn’t one of them. That’s why Chad Rikansrud and Phil Young created Evil Mainframe, the first mainframe penetration testing class.

“The IT world at large has benefited from those in this space who take it upon themselves to find the holes in security before somebody else does,” Rikansrud says.

Rikansrud and Young are also working with Tennisha Martin, the founder of Black Girls Hack, in order to bring more diversity into the tech sector. Black Girls Hack is a not-for-profit organization dedicated to helping women of color get started in careers in information security and cybersecurity by providing resources and mentors.

Micro Focus has also been providing workshops and lunch and learns across mainframes, cybersecurity and career paths to Black Girls Hack with an expansion into a mentoring program.

The hands-on lessons taught through Evil Mainframe can help provide a step up when it comes to being chosen for interviews or jobs, and is designed to help those from underrepresented backgrounds pursue a career in technology.

“I want to see more diversity in the field,” Martin says. “We see how much of a detriment it is to the industry where you have everyone who’s homogenous.”

Evil Mainframe has already made an impact around the world. Hundreds of people from over a dozen countries have taken the course, as well as large corporations, global banks and officials from the U.S. government.

Staying the Course

The name of the class came from a joke between Rikansrud and Young. When Young worked at a different company, people would ask him, “Why are you working on that evil mainframe?”

“The mainframe has kind of a bad rap, it’s fairly misunderstood as a platform,” Rikansrud says. “The course name is a little bit tongue in cheek about it being kind of a necessary evil.” Although they don’t believe the mainframe is evil, they hoped that the name would attract attention to the class.

The two-day course is intended for beginners, but participants should have a basic understanding of IT security, penetration testing and Python. Students get hands-on practice using mainframe penetration techniques using a live z/OS mainframe. With over 15 mainframe labs, students have plenty of opportunities to put what they learn to use, and gain an understanding of how a mainframe pentest should be performed.

Students also work in a wide variety of areas including VTAM, CICS, TSO, UNIX and Web. In addition to that, they’ll also learn how to utilize open-source tools and libraries, and learn how to write their own tools on the mainframe.

At the end of the second day, students put what they’ve learned to use in a Capture the Flag competition. Whoever completes the 20 challenges first walks away with a prize, and a knowledge of writing JCL, cracking passwords and more.

“The goal is to just get people really curious and really give them an exposure to it and hope that some of them ask more questions and continue to go down this road,” Rikansrud says, “or bring it back to their enterprise and their organizations and start asking questions about what they can do to help lock down their platform.”

Thinking Like a Hacker

As important as cybersecurity and pentesting are, they aren’t usually as high up on IT worker’s priority lists as they should be. Instead, many IT employees focus their attention on innovation and the building of new applications. “Sometimes protecting the information contained within the applications comes as an afterthought,” Martin notes.

“It doesn’t matter how great your application is if every time you put something in there, it’s getting leaked and distributed all over the world,” she says. “It’s important that people learn how to hack, and learn how to provide security for systems.”

Even though ethical mainframe hacking might not turn into the next hot IT topic, there’s a need for people who can do it, Rikansrud says. A lot of the infrastructure supporting the world—governments, financial services and airlines, for example—depend on the mainframe. When things are implemented according to exact specifications, someone can take advantage of that to use it differently, and potentially break the system.

“People build systems that they think people will use based on a way they were designed to be used, right?” Rikansrud says. “That is the biggest fallacy.”

Increasing Accessibility

At the end of the day, the group hopes that Evil Mainframe will increase students’ curiosity, expose them to more aspects of the mainframe and encourage them to continue learning about mainframe security.

“We tend to get really good feedback from all of our students, because we’re introducing to them something new for them to sink their teeth into that’s interesting and different,” Rikansrud says.

Evil Mainframe will continue to grow in the future. Starting in Q4, the group plans to have the Evil Mainframe course enter a pay-what-you-can model, making it more accessible to those who might not have had the opportunity to take a class like this before. In addition to that, more types of training are in the works, including a more advanced course. As we get closer to a post-pandemic world, Rikansrud hopes to be able to roll those out soon and introduce more people to different areas of mainframe hacking.


Key Enterprises LLC is committed to ensuring digital accessibility for techchannel.com for people with disabilities. We are continually improving the user experience for everyone, and applying the relevant accessibility standards.