Ed Amoroso

Chief Information Security Officer, AT&T

Frontline Security
50 minutes, 23.1mb, recorded 2006-01-20
Ed Amoroso
In this interview with Sondra Schneider, Ed Amoroso shares his views on security in a networked world. Ed describes his early exposure to computer security, growing up near Bell Labs. His parents had Peter Neumann as a dinner guest, and Robert Wilson visited Ed's high school after receiving the Nobel prize for his work on the Big Bang Theory. As a graduate student in the Bell Labs doctoral support program, Ed observed that Ken Thompson, Dennis Ritchie, Brian Kernighan, and others were interested in security.

His first year at Bell Labs, Ed worked on a project led by Robert Morris, Sr., to make Unix more secure, as business and government adoption of Unix began. His long experience working in teams at Bell Labs leads to Ed's advice to young people considering careers in computer and network security: Do not jump into management too quickly. Spend a long time learning the technology.

Amoroso was instrumental in a U.S. government Y2K "data fusion" project to collect and analyze data for vulnerabilities. He was disappointed when the government's data fusion lab was shut down, especially given the recent criticism of the government for not having adequate information integration in fighting terrorism.

Ed says his biggest fear is "all the bad software out there" that is "riddled with vulnerabilities." He blames the software engineering discipline and suggests that it needs to become more like civil engineering or medicine, requiring "years of tortured residency," whereas today many developers get into software development with little formal training.

Amoroso argues that businesses "should be booking code on the other side of the accounting ledger," treating it not as an asset, but as a liability. He argues for simplification and reducing features to achieve better security.

Ed describes his respect for hackers, who he says are "defusing bombs" set by real criminals and terrorists. He'd like to see the U.S. Department of Homeland Security recognize hackers as a valuable potential ally.

Amoroso recently has advocated a new approach to security. Observing that today's firewall approach to protecting the edge isn't working. Instead, we should implement security in the network. He predicts that within two years, managed DMZs and firewalls will disappear, because "the carrier can do that more effectively and efficiently." Carriers can detect perturbations in the cloud and filter them.

That sort of analysis of the cloud allows AT&T to anticipate attacks, but communicating those alerts to customers can be difficult. That led AT&T to create a new video network. The Internet Security News Network now broadcasts 24x7 to many AT&T customers and may become more widely available in the future. The network offers security alerts, magazine shows, morning and afternoon news, interviews with CIOs and CSOs, deep technical lectures, event coverage, and more.

Ed Amoroso is chief information security officer for AT&T, a position he has held since 1999. His 20-year career at AT&T has been focused exclusively on information security, with a particular focus on security programs with AT&T's federal government clients. Ed helped build the first secure UNIX operating system at Bell Labs and was the lead for trusted software security development on the Strategic Defense Initiative. Ed had lead responsibility for real time security protection of the White House Y2K Information Coordination Center.

Ed is currently responsible for real-time protection of AT&T's vast network infrastructure and business enterprise environment. This includes responsibility for security architecture, real time incident response, security patch management, anti-virus processing, Sarbanes-Oxley security compliance, security policy requirements and enforcement, public key infrastructure, intrusion detection, and other related security activities. Ed's team is also responsible for designing, building, and supporting all of AT&T's award-winning managed and professional security services, including Network-Based Security, Internet Protect, and DDOS Defense.

Ed is the author of three textbooks and dozens of articles on information security. He is the 1999 winner of the AT&T Labs Technology Medal and an adjunct professor of Computer Science at the Stevens Institute of Technology. Ed holds the MS and PhD degrees in Computer Science from the Stevens Institute of Technology and a BS degree in Physics from Dickinson College. He is a 2000 graduate of the Columbia Senior Executive Program. His work has been prominently featured in several major media outlets including the Wall Street Journal.


This free podcast is from our Frontline Security series.

For The Conversations Network: