Rohit Kumar Shaw · Infrastructure Engineer

Mainframe security. Engineered for banks.

I harden the z/OS systems that move money, at Bank of America and in published research. Encrypted transport, modern authentication, and AI-driven automation for platforms where downtime isn't an option.

See the work Read the research
AT-TLS handshake complete · channel secured
AI operations portal $35K/yr Saved annually by one internal platform. Answers that took 15 minutes now take one.
SYS1 — TSO
READY
Kerberos SSO 85% Fewer password logins across z/OS.
SNMPv3 migration 75% Legacy risk retired. Community string, killed.
AT-TLS at scale 50+ Reusable transport security policies deployed via z/OSMF.
Rohit Kumar Shaw
Rohit Kumar Shaw

Profile

The engineer behind the channel.

I'm Rohit, an Infrastructure Engineer at Bank of America with around three years focused on z/OS network security. My day to day lives in AT-TLS policy design, Kerberos SSO, and RACF integration, the plumbing most people never notice until it breaks.

Outside of production, I write. Eleven peer-reviewed papers and six trade articles, turning hands-on engineering into a repeatable, publishable body of work.

Read the research

Selected work

Results you can put a number on.

AI automation

An operations portal that answers in seconds.

Architected and shipped an internal portal with AI-powered search over sysmod schedules, Excel trackers, and region data. Roughly 90% faster resolution, 30% fewer escalations, and about 300 hours a year recovered across the team.

See the related research
$35K/yr recovered by replacing manual lookups with AI search
RAG retrievalPythonSMF logsSharePoint

Authentication

Single sign-on for a platform born before SSO.

Integrated NAS, RACF mappings, and OpenSSH GSS-API to bring Kerberos single sign-on to z/OS. Password logins fell 85%, onboarding time dropped about 60%, and authentication tickets fell 40%.

85% fewer password-based logins across the estate
KerberosGSS-APIRACFOpenSSH

Protocol hardening

SNMPv3 everywhere. No downtime.

Overhauled SNMP across 100% of mainframe environments, enforcing SNMPv3-only with AuthPriv and retiring the community string, cutting legacy risk exposure by 75% without interrupting monitoring.

100% of environments migrated to authenticated, encrypted SNMP
SNMPv3AuthPrivz/OSCompliance

Transport security

AT-TLS policy architecture, standardized.

Used z/OSMF to streamline AT-TLS deployment, cutting change turnaround 60% and shipping 50+ reusable policies. Standardized TCP/IP across 20+ virtual and 30+ z/VM systems, secured 50+ ports, automated monthly IPSec key rotation, and held 100% secure channel uptime.

50+ reusable AT-TLS policies across the fleet
AT-TLSTLS 1.3z/OSMFIPSecPKI

Earlier projects

UNT Rides

Full-stack university carpooling platform with JWT sessions and real-time ride matching, cutting estimated commuting emissions about 30%.

React · Node.js · Firebase

Color Vision Accessibility

Tool letting users with color vision deficiencies simulate and adjust profiles, with 30% faster processing through optimized rendering.

JavaScript · Bootstrap · Firebase

World Airline Route Engine

C++ engine computing optimal international flight routes across thousands of paths using MST, BFS, and DFS.

C++ · Graph algorithms

Experience

A track record across the z/OS stack.

Infrastructure Engineer
Bank of America · Plano, TX
Feb 2024 — Present
Current
  • Architected an AI-powered operations portal delivering ~90% faster answers and ~$35K/yr in savings.
  • Implemented Kerberos SSO across z/OS (NAS, RACF, OpenSSH GSS-API), reducing password logins 85%.
  • Eliminated BasicAuth from all mainframe web servers via z/OS Connect EE with JWT/SAF bearer tokens.
  • Built an SSH authorized-keys compliance framework in USS feeding NetView and Comply Check reporting.
  • Enforced SNMPv3 only across 100% of environments and shipped 50+ reusable AT-TLS policies via z/OSMF.
  • Led z/OS 3.1 upgrade validation for 15+ dependent systems and DR tests across 4+ environments with zero critical failures.
Global Technology Summer Analyst
Bank of America · Plano, TX
Jun 2023 — Aug 2023
  • Built a Bash framework verifying 100+ GIS baseline security rules, removing hours of manual checks per cycle.
  • Designed Splunk dashboards visualizing encrypted QUALYS scans to speed security review.
  • Found a critical IBM NetView defect and worked with IBM support to open an APAR.
Student Technology Specialist
UNT Digital Strategy & Innovation · Denton, TX
Feb 2023 — Dec 2023
  • Delivered equipment training, maintenance, and repair across university classrooms and conference rooms.
IT Student Worker
UNT Administrative IT Services · Denton, TX
Nov 2021 — Feb 2023
  • Exceeded IT service benchmarks by 25% through ServiceNow ticketing, Active Directory updates, and fast resolution.

Research & writing

Production work, turned into published research.

Eleven peer-reviewed papers and six trade articles documenting mainframe security modernization, written from hands-on engineering. View on Google Scholar

Peer-reviewed papers

11
International Journal of Computer Information Systems and Industrial Management Applications · Vol. 18 No. 1s (2026)
Zero-Touch Self-Healing Architecture (SHArch): Extending Autonomous Data Center Management to IBM z/OS
Read ›
American Journal of Technology
The Role of AT-TLS in Modernizing Mainframe Network Security: A Comparative Analysis of Pre and Post AT-TLS Security Models
Read ›
JENRS
SNMPv2 to SNMPv3 Migration in Financial Mainframes: Risk Reduction and a Repeatable Playbook
Read ›
Springer LNNS · Scopus, EI & WoS indexed
RAG-Based Retrieval Systems for Enterprise Mainframe Operations: Accelerating Incident Response Through AI-Driven Knowledge Access
Read ›
IEEE ICCMC 2026
Kerberos vs. Public Key Authentication in z/OS Environments: Performance, Scalability, and Security Trade-offs
Published
ICAIMIS 2026 · Bentham Science
TLS 1.3 Adoption on z/OS: Modernizing Transport Security for Legacy Financial Systems
Published
Q1 Journal · Intelligent Decision Making & Information Science
Privileged Access Management for z/OS System Programmers: A Zero-Trust Control Framework for RACF, TSO, and SDSF Administrative Sessions
Submitted
Q1 Journal · Intelligent Decision Making & Information Science
Security Isolation and Policy Enforcement for Docker Workloads on IBM zCX: A Threat Model and Control Framework
In preparation
International Journal of Computer Information Systems and Industrial Management Applications · Scopus-indexed
Zero-Trust Network Access on IBM z/OS: Applying BeyondCorp Principles to Mainframe Perimeter Architecture
Accepted
Cureus · Springer
LLM-Assisted JCL Generation for Mainframe Automation
Under review
2026 International Conference on Artificial Intelligence and Project Engineering Governance · IEEE
Post-Quantum Cryptography Readiness on z/OS: Assessing CPACF and AT-TLS Migration Paths for NIST FIPS 203/204/205 Compliance in Financial Mainframe Environments
Under review

Trade & industry writing

6
Security Boulevard
How We Standardized Transport Security for Legacy z/OS Workloads with AT-TLS
Read ›
Techstrong IT
How to Build Real-Time Mainframe Dashboards Without Paying for a Splunk License
Read ›
Share'd Intelligence · Planet Mainframe
Kill the Community String: Migrating z/OS SNMP to AuthPriv Without Downtime
Submitted
Share'd Intelligence
SSH Authorized-Keys Governance: A Compliance Framework for z/OS
Submitted
ACM Dallas
AI-Driven RAG Retrieval for Mainframe Incident Response
Submitted
Open Mainframe Project
Post-Quantum on z/OS: Start at the Handshake, Not the Hardware
Submitted

Speaking, judging & peer review

Trusted to evaluate and present alongside the field.

Speaking

Keynote Speaker — International Conference on AI-Driven Multidisciplinary Innovations and Sustainability (ICAIMIS 2026) Invited Presenter — 7th International Conference on Data Analytics & Management (ICDAM-2026) Presenter — IEEE · 9th International Conference on Computing Methodologies and Communication (ICCMC 2026) Presenter — IEEE · INTERNATIONAL CONFERENCE ON ARTIFICIAL INTELLIGENCE AND PROJECT ENGINEERING GOVERNANCE (AIPEG 2026)

Judging

Judge — 2nd SmallAI Hackathon Session Chair — Sejong University, South Korea, 6th Intl. Conference on Paradigms of Communication, Computing and Data Analytics (PCCDA 2026)

Peer review

10 completed reviews — 2026 IEEE International Conference on Contemporary Computing and Communications (InC4) IEEE

Certificates

Formal recognition along the way.

Judge — 2nd SmallAI Hackathon

Judge for an AI-focused hackathon competition.

April 2026

Session Chair — Sejong University

6th International Conference on Paradigms of Communication, South Korea.

June 2026

Peer Review Recognition

10 completed peer reviews across IEEE and Springer venues.

2026

IBM z/OS Mainframe Practitioner

Issued by IBM. Foundational skills in z/OS and system administration via hands-on labs on a live IBM Z server.

Credly · View credential

Skills

The tools behind the work.

Mainframe & z/OS

IBM z/OSz/VMISPFOMVSz/OSMFz/OS Connect EENetViewOMEGAMONRACFACF2CICSAT-TLSPAGENTIKEDVTAMTCP/IPMQDB2

Security & Auth

Kerberos / GSS-APISNMPv3TLS 1.3IPSecPKI / CertificatesFirewall PolicySplunkBurp SuiteWireshark

Languages

PythonCOBOLREXXJCLBashC / C++JavaJavaScriptSQLNode.js

AI & Automation

RAG pipelinesSMF log AI searchPython automationQUALYSAnsibleTerraform

Cloud & DevOps

AWSGCPGitDockerServiceNowMySQLPostgreSQL

Education

Foundations.

B.S. in Computer Science

University of North Texas · Denton, TX · ABET Accredited · Graduated Dec 2023 · Cybersecurity Certificate
Data Structures & Algorithms, Systems Programming, Computer Networks, Database Management, Software Engineering, Certified Ethical Hacking, Internet Programming, Linear Algebra, Statistics, Combinatorics & Graph Theory.
3.51
GPA

Contact

Let's secure something together.

Open to infrastructure, systems programming, and security engineering roles. If you're building on the mainframe, let's talk.

Email me LinkedIn