& cplSiteName &

Amoroso Shares His Security Obsession

Carol Wilson

When Ed Amoroso retired as AT&T's chief security officer last March, he actually became more obsessed with cybersecurity.

In fact, Amoroso spent much of the past six months personally writing a three-volume set of cybersecurity guides aimed at chief information security officers and their teams, laying out what he believes enterprises must do to avoid the next round of attacks -- attacks he believes will be highly destructive hits against critical infrastructure.

Today, Amoroso's new security advisory firm, TAG Cyber LLC , is making those three volumes available for download here at no cost. The 48 security firms with whom the former AT&T exec worked, and which are sponsoring his work, are also releasing the report this morning.

In an exclusive interview with Light Reading, Amoroso says making this information available for free is "an operating principle" for him, in light of his concern that enterprises aren't getting security right today and are vulnerable to future attacks that will go beyond theft of data and intellectual property to become more destructive in nature.

"Any rational, competent observer of cybersecurity would say we are past the point where we have to do something meaningful and significant immediately," Amoroso tells Light Reading. "And that is why I have been working 18-hour days to get this out. I feel like I have something to say and this is the best framework to say it."

He also is conducting an online course -- starting this week with 200 pilot students -- in which he'll go into greater depth on what enterprises need to be doing. Amoroso is hardly new to the teaching aspect of this, having been an Adjunct Professor of Computer Science at the Stevens Institute of Technology, an affiliated instructor at NYU and a senior advisor at Johns Hopkins University, all during his tenure at AT&T.

Explode, offload, reload
At the heart of Amoroso's approach is a three-step strategy he dubs "explode, offload and reload."

"I have been thinking about a methodology that I think is the right one for teams to follow and it underpins all three of the volumes," he says. "First, it means breaking up your infrastructure and distributing it; second, virtualizing the pieces of the infrastructure; and third, upgrading the security around those pieces."

That last piece can be accomplished working with any number of high-quality security vendors on the 50 separate cybersecurity controls that need to be addressed, Amoroso says. These controls include traditional tools such as firewalls and anti-malware tools but also newer things including security analytics, network monitoring and deception.

Next page: No more perimeters

(5)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
User Rank: Light Beer
9/15/2016 | 10:20:55 AM
Cast of Characters
One of the advantages of having been head of security at AT&T for so long is that Amoroso knows everybody in the industry and the instructors for his series of classes is a who's who of experts from dozens of companiies. Sometimes, who you know is as important as what you know. 
Joe Stanganelli
Joe Stanganelli,
User Rank: Light Sabre
9/14/2016 | 1:21:24 PM
Re: State of Security Affairs
@Carol: Apt observation.  I think being heavily involved (and competent!) in InfoSec for a living naturally makes one either one of two things: Perpetually nervous or perpetually calm.

And both personalities have their place, I think.
Joe Stanganelli
Joe Stanganelli,
User Rank: Light Sabre
9/14/2016 | 1:17:42 PM
"Retired," indeed.

Clearly, his passion is showing through here.  And it's great publicity for his new/modified career path.

The 3-volume guide looks dense and in-depth at first glance.  Looking forward to delving in more carefully.
User Rank: Lightning
9/13/2016 | 5:17:15 PM
It's a healthy obsession
In the midst of the industry chaos driven by network transformation, extended global supply chains, vendor and operator consolidation tinged by the ever opportunistic "bad actors" hovering in the periphery, there needs to be a calm and clinical approach to providing a baseline ("you are here") Cyber Security entry point and risk management pathway which is a benefit to vendors, operators, enterprises and service companies which leads to an ecosystem of better informed stakeholders.  Ed has done a great job of framing it up!

Cyber Security is a race against a risk that never ends.  Run smart.



User Rank: Light Beer
9/8/2016 | 2:24:35 PM
State of Security Affairs
Amoroso is one of the calmest people I know and yet what he lays out about the state of enterprise cyber security is truly scary. For a while there, we were hearing of a major security breach every time you turned around.

I hear of fewer now but I don't know that it's because fewer are actually happening or if they now happen so often they don't make headlines. 
Featured Video
From The Founder
John Chambers is still as passionate about business and innovation as he ever was at Cisco, finds Steve Saunders.
Flash Poll
Upcoming Live Events
September 12, 2018, Los Angeles, CA
September 24-26, 2018, Westin Westminster, Denver
October 9, 2018, The Westin Times Square, New York
October 23, 2018, Georgia World Congress Centre, Atlanta, GA
November 6, 2018, London, United Kingdom
November 7-8, 2018, London, United Kingdom
November 8, 2018, The Montcalm by Marble Arch, London
November 15, 2018, The Westin Times Square, New York
December 4-6, 2018, Lisbon, Portugal
All Upcoming Live Events
Hot Topics
T-Mobile to Play the Customer Care Card With Layer3 TV
Jeff Baumgartner, Senior Editor, Light Reading, 8/15/2018
Australia Could Open 5G Door to Huawei
Robert Clark, 8/16/2018
Video Navigation Gets an AI Assist
Jeff Baumgartner, Senior Editor, Light Reading, 8/16/2018
Eurobites: Deutsche Telekom Pulls Out of Iran
Iain Morris, International Editor, 8/17/2018
Animals with Phones
When Your Cat Hijacks Your Tech Click Here
Live Digital Audio

A CSP's digital transformation involves so much more than technology. Crucial – and often most challenging – is the cultural transformation that goes along with it. As Sigma's Chief Technology Officer, Catherine Michel has extensive experience with technology as she leads the company's entire product portfolio and strategy. But she's also no stranger to merging technology and culture, having taken a company — Tribold — from inception to acquisition (by Sigma in 2013), and she continues to advise service providers on how to drive their own transformations. This impressive female leader and vocal advocate for other women in the industry will join Women in Comms for a live radio show to discuss all things digital transformation, including the cultural transformation that goes along with it.

Like Us on Facebook
Twitter Feed