In the second episode of The Mainframe Book Club, host Andrew (Andy) McCandless talks with Kev Milne, Cyber Threat Intelligence Manager at NatWest Bank, and one of the few professionals focused on mainframe penetration (pen) testing.
A Platform Born from Missing Skills
Andy created The Mainframe Book Club after multiple requests from professionals looking for ways to move into new mainframe roles. Industry surveys, including the 2025 Arcati Mainframe User Survey, show a growing skills crisis, compounded by remote work, managed services across countries, and a retirement wave sweeping through mainframe teams. Mainframers expressed frustration, finding it hard to learn from peers or ask questions informally.
Andy created The Mainframe Book Club podcast to bridge that gap by helping people connect, share experiences, and explore new opportunities in the mainframe world.
Kev Milne’s Unusual Path to Pen Testing
Kev’s 30+ years in cybersecurity eventually led him into the world of mainframes—first out of necessity, when he couldn’t hire pentesters for his team, and later out of genuine passion. That journey evolved into years of collaboration with mainframe security leaders like Philip Young and Mark Wilson.
He’s now writing the first-ever book dedicated to mainframe penetration testing—a far tougher project than expected. “I thought it would take six months,” Kev chuckled, “but it’s taken years.” Kev’s insights extend beyond bragging rights, of course. As he puts it:
“Being a pentester is as much about troubleshooting and explaining risks to executives as it is about finding exploits.”
—Kev Milne
Making Mainframe Pen Testing Accessible
One of the biggest revelations from this episode was the launch of Gibson, a free, open-source simulator named after the cult film Hackers.
Gibson is the first open-source simulator that makes mainframe pentesting accessible to anyone.
Written in Python, Gibson recreates environments like TSO, CICS, and Db2 to give students, researchers, and aspiring pentesters a safe and practical way to learn. Kev hopes the community will adopt and extend it, filling a long-standing gap in hands-on, mainframe security education.
From Curiosity to Community
Pen testing skills are in demand, and the buzz around Kev’s episode proved it. After the recording, he even posted an open pen testing position on his team. Which is precisely the podcast’s mission: to help mainframers develop new skills and find pathways to evolving roles.
The Book Club’s reach continues expanding, with guests from North America, South America, Europe, and Asia. One guest, Stephen Johnston, even designed a new logo for the show after his appearance, while another, journalist Jasper Hamill, left inspired to start his own podcast!
Watch and Join the Conversation
As we continue with October’s theme of security, take a few minutes to watch the full conversation on YouTube.
Check out these additional resources:
- Find all the speakers, topics, and resources shared during Book Club podcasts
- Download Gibson Mainframe Simulator
- Find instructions and release notes on Gibson
- Take the Mainframe Penetration Testing Training
0 Comments