& cplSiteName &

Amoroso Shares His Security Obsession

Carol Wilson

When Ed Amoroso retired as AT&T's chief security officer last March, he actually became more obsessed with cybersecurity.

In fact, Amoroso spent much of the past six months personally writing a three-volume set of cybersecurity guides aimed at chief information security officers and their teams, laying out what he believes enterprises must do to avoid the next round of attacks -- attacks he believes will be highly destructive hits against critical infrastructure.

Today, Amoroso's new security advisory firm, TAG Cyber LLC , is making those three volumes available for download here at no cost. The 48 security firms with whom the former AT&T exec worked, and which are sponsoring his work, are also releasing the report this morning.

In an exclusive interview with Light Reading, Amoroso says making this information available for free is "an operating principle" for him, in light of his concern that enterprises aren't getting security right today and are vulnerable to future attacks that will go beyond theft of data and intellectual property to become more destructive in nature.

"Any rational, competent observer of cybersecurity would say we are past the point where we have to do something meaningful and significant immediately," Amoroso tells Light Reading. "And that is why I have been working 18-hour days to get this out. I feel like I have something to say and this is the best framework to say it."

He also is conducting an online course -- starting this week with 200 pilot students -- in which he'll go into greater depth on what enterprises need to be doing. Amoroso is hardly new to the teaching aspect of this, having been an Adjunct Professor of Computer Science at the Stevens Institute of Technology, an affiliated instructor at NYU and a senior advisor at Johns Hopkins University, all during his tenure at AT&T.

Explode, offload, reload
At the heart of Amoroso's approach is a three-step strategy he dubs "explode, offload and reload."

"I have been thinking about a methodology that I think is the right one for teams to follow and it underpins all three of the volumes," he says. "First, it means breaking up your infrastructure and distributing it; second, virtualizing the pieces of the infrastructure; and third, upgrading the security around those pieces."

That last piece can be accomplished working with any number of high-quality security vendors on the 50 separate cybersecurity controls that need to be addressed, Amoroso says. These controls include traditional tools such as firewalls and anti-malware tools but also newer things including security analytics, network monitoring and deception.

Next page: No more perimeters

(5)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
User Rank: Light Beer
9/15/2016 | 10:20:55 AM
Cast of Characters
One of the advantages of having been head of security at AT&T for so long is that Amoroso knows everybody in the industry and the instructors for his series of classes is a who's who of experts from dozens of companiies. Sometimes, who you know is as important as what you know. 
Joe Stanganelli
Joe Stanganelli,
User Rank: Light Sabre
9/14/2016 | 1:21:24 PM
Re: State of Security Affairs
@Carol: Apt observation.  I think being heavily involved (and competent!) in InfoSec for a living naturally makes one either one of two things: Perpetually nervous or perpetually calm.

And both personalities have their place, I think.
Joe Stanganelli
Joe Stanganelli,
User Rank: Light Sabre
9/14/2016 | 1:17:42 PM
"Retired," indeed.

Clearly, his passion is showing through here.  And it's great publicity for his new/modified career path.

The 3-volume guide looks dense and in-depth at first glance.  Looking forward to delving in more carefully.
User Rank: Lightning
9/13/2016 | 5:17:15 PM
It's a healthy obsession
In the midst of the industry chaos driven by network transformation, extended global supply chains, vendor and operator consolidation tinged by the ever opportunistic "bad actors" hovering in the periphery, there needs to be a calm and clinical approach to providing a baseline ("you are here") Cyber Security entry point and risk management pathway which is a benefit to vendors, operators, enterprises and service companies which leads to an ecosystem of better informed stakeholders.  Ed has done a great job of framing it up!

Cyber Security is a race against a risk that never ends.  Run smart.



User Rank: Light Beer
9/8/2016 | 2:24:35 PM
State of Security Affairs
Amoroso is one of the calmest people I know and yet what he lays out about the state of enterprise cyber security is truly scary. For a while there, we were hearing of a major security breach every time you turned around.

I hear of fewer now but I don't know that it's because fewer are actually happening or if they now happen so often they don't make headlines. 
Featured Video
From The Founder
Light Reading founder Steve Saunders grills Cisco's Roland Acra on how he's bringing automation to life inside the data center.
Flash Poll
Upcoming Live Events
March 20-22, 2018, Denver Marriott Tech Center
April 4, 2018, The Westin Dallas Downtown, Dallas
May 14-17, 2018, Austin Convention Center
All Upcoming Live Events
SmartNICs aren't just about achieving scale. They also have a major impact in reducing CAPEX and OPEX requirements.
Hot Topics
Here's Pai in Your Eye
Alan Breznick, Cable/Video Practice Leader, Light Reading, 12/11/2017
The Anatomy of Automation: Q&A With Cisco's Roland Acra
Steve Saunders, Founder, Light Reading, 12/7/2017
Netflix Evaluating AI for Personalized Trailers
Aditya Kishore, Practice Leader, Video Transformation, Telco Transformation, 12/8/2017
Ericsson to Supply Verizon With Fixed 5G Gear
Dan Jones, Mobile Editor, 12/11/2017
Animals with Phones
We're Gonna Need More Treats Click Here
You spent how much on this thing?!
Live Digital Audio

Understanding the full experience of women in technology requires starting at the collegiate level (or sooner) and studying the technologies women are involved with, company cultures they're part of and personal experiences of individuals.

During this WiC radio show, we will talk with Nicole Engelbert, the director of Research & Analysis for Ovum Technology and a 23-year telecom industry veteran, about her experiences and perspectives on women in tech. Engelbert covers infrastructure, applications and industries for Ovum, but she is also involved in the research firm's higher education team and has helped colleges and universities globally leverage technology as a strategy for improving recruitment, retention and graduation performance.

She will share her unique insight into the collegiate level, where women pursuing engineering and STEM-related degrees is dwindling. Engelbert will also reveal new, original Ovum research on the topics of artificial intelligence, the Internet of Things, security and augmented reality, as well as discuss what each of those technologies might mean for women in our field. As always, we'll also leave plenty of time to answer all your questions live on the air and chat board.

Like Us on Facebook
Twitter Feed