CISO Trainings , Governance & Risk Management , Training & Security Leadership
The CISO's Evolving Mission
Why Former AT&T Chief Security Officer Says Security Pros Need More Business AcumenA lot has changed since Ed Amoroso began his 31-year career in information security at AT&T, where he eventually became chief security officer.
See Also: New OnDemand: How CISOs Can Ace Cyber Risk Reporting to the Board and the SEC
"The whole thing started with maybe a couple of people tending to the firewall for the company, sitting in a lab somewhere with Grateful Dead T-shirts and no one even knowing they're there," Amoroso, who's now a consultant, recalls.
Security has evolved from a backroom operation to an executive priority as organizations have come to understand the value of a risk management strategy, he says.
"We need to look at the CISO role as an executive position with holistic understanding and a more well-rounded background" to help ensure security goals align with business goals, Amoroso says.
In an interview at Information Security Media Group's recent New York City Fraud and Breach Prevention Summit, where Amoroso was a featured speaker, he discusses:
- Why the next generation of CISOs need a more holistic view of business to succeed;
- The need for fewer frameworks for cybersecurity;
- Why security experts need to focus less on motives of attackers and focus instead on prevention and defense.
Amoroso is CEO at TAG Cyber LLC, a cybersecurity advisory, training, consulting and media services company. He previously worked at AT&T for 31 years, most recently serving as senior vice president and chief security officer from 2004 to 2016.