AT&T's Amoroso: Be Proud of Playing Defense

AT&T's chief security officer Ed Amoroso made a surprisingly impassioned plea for his peers to take pride in defending their company networks against hackers and other security threats during the AT&T Cyber Security conference in New York this week.

The AT&T Inc. (NYSE: T) executive's point is that while that hackers are typically seen as the cool side of the security equation -- with their exploits often getting lots of press and social media attention -- defending networks is the far harder proposition.

"Anyone can break into stuff, I get that, but let's see you fix it," Amoroso told the crowd.

"All of us need to take more pride in what we do," he suggested. The CSO went so far as to suggest that security defenders snub hackers when they run into them at conferences like Blackhat. "We should be walking around with our arms folded and our noses up in the air."

Taking pride in playing defense was one of the key messages in the ten points to being a successful chief information and security officer CISO that Amoroso laid out.

These hold that a successful CISO:

  • encourages mischief
  • aligns for financial growth
  • doesn't avoid the technical
  • takes pride in playing defense
  • tailors compliance
  • plans for emerging threats
  • drives awareness of views
  • participates in the community
  • displays company expertise
  • has patience with executives.

For more on security issues, visit the security content channel here on Light Reading.

Some of these are pretty obvious, some less so. Amoroso suggested that everyone that gets into the cyber security game has a "mischievous streak" that should be encouraged. He also said he understood the need for checklists when dealing with compliance but that security solutions should be made to fit the specific problem and not be "rote."

Amoroso touched on "driving awareness" at last year's security conference. It's basically using pictures, video and social media to better educate your staff about security threats. (See AT&T's Amoroso: To Battle New Threats, Mobilize Your People.)

— Dan Jones, Mobile Editor, Light Reading

cnwedit 10/9/2015 | 2:54:43 PM
Re: Hacker happy hour It's my impression that some "reformed" hackers sell their services as well, which is why you see a blending of those playing defense with those looking for vulnerabilities at conferences. 

DanJones 10/8/2015 | 4:35:42 PM
Re: Hacker happy hour WhiteHats, retired hackers, researchers, he specifically referenced BlackHat and DEF CON, which are the much more, er, hip side of security conferences than say AT&T's event. 
Sarah Thomas 10/8/2015 | 12:36:18 PM
Hacker happy hour Wait, hackers go to security conferences and are generally welcome there??

I spoke with a Cloudmark engineer yesterday who said hackers take their jobs very seriously and have vacation days, staff meetings and what not. So crazy.
Sign In