AT&T's chief security officer Ed Amoroso made a surprisingly impassioned plea for his peers to take pride in defending their company networks against hackers and other security threats during the AT&T Cyber Security conference in New York this week.
The AT&T Inc. (NYSE: T) executive's point is that while that hackers are typically seen as the cool side of the security equation -- with their exploits often getting lots of press and social media attention -- defending networks is the far harder proposition.
"Anyone can break into stuff, I get that, but let's see you fix it," Amoroso told the crowd.
"All of us need to take more pride in what we do," he suggested. The CSO went so far as to suggest that security defenders snub hackers when they run into them at conferences like Blackhat. "We should be walking around with our arms folded and our noses up in the air."
Taking pride in playing defense was one of the key messages in the ten points to being a successful chief information and security officer CISO that Amoroso laid out.
These hold that a successful CISO:
- encourages mischief
- aligns for financial growth
- doesn't avoid the technical
- takes pride in playing defense
- tailors compliance
- plans for emerging threats
- drives awareness of views
- participates in the community
- displays company expertise
- has patience with executives.
Some of these are pretty obvious, some less so. Amoroso suggested that everyone that gets into the cyber security game has a "mischievous streak" that should be encouraged. He also said he understood the need for checklists when dealing with compliance but that security solutions should be made to fit the specific problem and not be "rote."
Amoroso touched on "driving awareness" at last year's security conference. It's basically using pictures, video and social media to better educate your staff about security threats. (See AT&T's Amoroso: To Battle New Threats, Mobilize Your People.)
— Dan Jones, Mobile Editor, Light Reading