The CISO's Evolving MissionWhy Former AT&T Chief Security Officer Says Security Pros Need More Business Acumen
A lot has changed since Ed Amoroso began his 31-year career in information security at AT&T, where he eventually became chief security officer.
"The whole thing started with maybe a couple of people tending to the firewall for the company, sitting in a lab somewhere with Grateful Dead T-shirts and no one even knowing they're there," Amoroso, who's now a consultant, recalls.
Security has evolved from a backroom operation to an executive priority as organizations have come to understand the value of a risk management strategy, he says.
"We need to look at the CISO role as an executive position with holistic understanding and a more well-rounded background" to help ensure security goals align with business goals, Amoroso says.
- Why the next generation of CISOs need a more holistic view of business to succeed;
- The need for fewer frameworks for cybersecurity;
- Why security experts need to focus less on motives of attackers and focus instead on prevention and defense.
Amoroso is CEO at TAG Cyber LLC, a cybersecurity advisory, training, consulting and media services company. He previously worked at AT&T for 31 years, most recently serving as senior vice president and chief security officer from 2004 to 2016.