& cplSiteName &

Amoroso Shares His Security Obsession

Carol Wilson

When Ed Amoroso retired as AT&T's chief security officer last March, he actually became more obsessed with cybersecurity.

In fact, Amoroso spent much of the past six months personally writing a three-volume set of cybersecurity guides aimed at chief information security officers and their teams, laying out what he believes enterprises must do to avoid the next round of attacks -- attacks he believes will be highly destructive hits against critical infrastructure.

Today, Amoroso's new security advisory firm, TAG Cyber LLC , is making those three volumes available for download here at no cost. The 48 security firms with whom the former AT&T exec worked, and which are sponsoring his work, are also releasing the report this morning.

In an exclusive interview with Light Reading, Amoroso says making this information available for free is "an operating principle" for him, in light of his concern that enterprises aren't getting security right today and are vulnerable to future attacks that will go beyond theft of data and intellectual property to become more destructive in nature.

"Any rational, competent observer of cybersecurity would say we are past the point where we have to do something meaningful and significant immediately," Amoroso tells Light Reading. "And that is why I have been working 18-hour days to get this out. I feel like I have something to say and this is the best framework to say it."

He also is conducting an online course -- starting this week with 200 pilot students -- in which he'll go into greater depth on what enterprises need to be doing. Amoroso is hardly new to the teaching aspect of this, having been an Adjunct Professor of Computer Science at the Stevens Institute of Technology, an affiliated instructor at NYU and a senior advisor at Johns Hopkins University, all during his tenure at AT&T.

Explode, offload, reload
At the heart of Amoroso's approach is a three-step strategy he dubs "explode, offload and reload."

"I have been thinking about a methodology that I think is the right one for teams to follow and it underpins all three of the volumes," he says. "First, it means breaking up your infrastructure and distributing it; second, virtualizing the pieces of the infrastructure; and third, upgrading the security around those pieces."

That last piece can be accomplished working with any number of high-quality security vendors on the 50 separate cybersecurity controls that need to be addressed, Amoroso says. These controls include traditional tools such as firewalls and anti-malware tools but also newer things including security analytics, network monitoring and deception.

Next page: No more perimeters

(5)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
User Rank: Light Beer
9/15/2016 | 10:20:55 AM
Cast of Characters
One of the advantages of having been head of security at AT&T for so long is that Amoroso knows everybody in the industry and the instructors for his series of classes is a who's who of experts from dozens of companiies. Sometimes, who you know is as important as what you know. 
Joe Stanganelli
Joe Stanganelli,
User Rank: Light Sabre
9/14/2016 | 1:21:24 PM
Re: State of Security Affairs
@Carol: Apt observation.  I think being heavily involved (and competent!) in InfoSec for a living naturally makes one either one of two things: Perpetually nervous or perpetually calm.

And both personalities have their place, I think.
Joe Stanganelli
Joe Stanganelli,
User Rank: Light Sabre
9/14/2016 | 1:17:42 PM
"Retired," indeed.

Clearly, his passion is showing through here.  And it's great publicity for his new/modified career path.

The 3-volume guide looks dense and in-depth at first glance.  Looking forward to delving in more carefully.
User Rank: Lightning
9/13/2016 | 5:17:15 PM
It's a healthy obsession
In the midst of the industry chaos driven by network transformation, extended global supply chains, vendor and operator consolidation tinged by the ever opportunistic "bad actors" hovering in the periphery, there needs to be a calm and clinical approach to providing a baseline ("you are here") Cyber Security entry point and risk management pathway which is a benefit to vendors, operators, enterprises and service companies which leads to an ecosystem of better informed stakeholders.  Ed has done a great job of framing it up!

Cyber Security is a race against a risk that never ends.  Run smart.



User Rank: Light Beer
9/8/2016 | 2:24:35 PM
State of Security Affairs
Amoroso is one of the calmest people I know and yet what he lays out about the state of enterprise cyber security is truly scary. For a while there, we were hearing of a major security breach every time you turned around.

I hear of fewer now but I don't know that it's because fewer are actually happening or if they now happen so often they don't make headlines. 
Featured Video
From The Founder
Light Reading founder Steve Saunders grills Cisco's Roland Acra on how he's bringing automation to life inside the data center.
Flash Poll
Upcoming Live Events
March 20-22, 2018, Denver Marriott Tech Center
March 22, 2018, Denver, Colorado | Denver Marriott Tech Center
March 28, 2018, Kansas City Convention Center
April 4, 2018, The Westin Dallas Downtown, Dallas
April 9, 2018, Las Vegas Convention Center
May 14-16, 2018, Austin Convention Center
May 14, 2018, Brazos Hall, Austin, Texas
September 24-26, 2018, Westin Westminster, Denver
October 9, 2018, The Westin Times Square, New York
October 23, 2018, Georgia World Congress Centre, Atlanta, GA
November 8, 2018, The Montcalm by Marble Arch, London
November 15, 2018, The Westin Times Square, New York
December 4-6, 2018, Lisbon, Portugal
All Upcoming Live Events
Hot Topics
Has Europe Switched to a Fiber Diet? Not Yet...
Ray Le Maistre, Editor-in-Chief, 2/15/2018
Will China React to Latest US Huawei, ZTE Slapdown?
Ray Le Maistre, Editor-in-Chief, 2/16/2018
Net Neutrality: States' Rights vs. the FCC
Mari Silbey, Senior Editor, Cable/Video, 2/13/2018
IBM, Microsoft Duke It Out Over Chief Diversity Hire
Sarah Thomas, Director, Women in Comms, 2/15/2018
5G: The Density Question
Dan Jones, Mobile Editor, 2/15/2018
Animals with Phones
Live Digital Audio

A CSP's digital transformation involves so much more than technology. Crucial – and often most challenging – is the cultural transformation that goes along with it. As Sigma's Chief Technology Officer, Catherine Michel has extensive experience with technology as she leads the company's entire product portfolio and strategy. But she's also no stranger to merging technology and culture, having taken a company — Tribold — from inception to acquisition (by Sigma in 2013), and she continues to advise service providers on how to drive their own transformations. This impressive female leader and vocal advocate for other women in the industry will join Women in Comms for a live radio show to discuss all things digital transformation, including the cultural transformation that goes along with it.

Like Us on Facebook
Twitter Feed