New York's 23 NYCRR 500 regulation has entered aggressive enforcement phase, with recent multimillion-dollar fines demonstrating that regulators will no longer accept perfunctory compliance claims or incomplete multifactor authentication rollouts. Financial institutions face a particularly acute challenge: legacy systems like mainframes, IBM i and COBOL applications - which process $3 trillion in daily commerce and power 92 of the top 100 banks - consistently receive compliance passes despite being deeply interconnected with modern infrastructure. This creates dangerous security gaps rooted in three pervasive myths: that mainframes are inherently secure, that firewall protection suffices and that platform obscurity provides meaningful defense.

In this session, led by Tim Hill, vice president of software engineering at Rocket Software, you will learn:

• How to align critical system security with 23 NYCRR 500 requirements;
• Phased approaches to minimize disruption and meet regulatory needs;
• Integrating vulnerability scanning into DevOps staging before production deployment for mainframes.