Edward G. Amoroso Explained

Edward G. Amoroso
Birth Date:3 December 1961
Birth Place:Neptune Township, New Jersey, United States
Nationality:American
Fields:Cybersecurity, Computer Science
Alma Mater:Columbia University, Stevens Institute of Technology, Dickinson College
Known For:TAG Cyber LLC, AT&T, Bell Laboratories, New York University, Stevens Institute of Technology

Edward G. Amoroso is an American computer security professional, entrepreneur, author, and educator based in the New York City area. His research interests have centered on techniques and criteria for measuring trustworthy software development.[1] the application of these methods to secure software development for critical projects in the defense and aerospace industries,[2] and redefining trust parameters for improved security in the cloud.[3]

Early on in his career, he was involved with the design of security protections for the Unix operating system in support of the US Government Orange Book security evaluation criteria. This research lead to real-time security design and trusted software protections for the United States Ballistic Missile Defense Program, also known as Star Wars.[4] He has also pioneered concepts related to microsegmentation,[5] a design strategy that allows for the creation of secure zones in data centers and cloud deployments.[6] [7]

During his thirty-one years at AT&T, Amoroso held a variety of research, development, engineering, management, and leadership roles within the company, culminating in 2005 when he became the company's first Chief Information Security Officer (CISO).[8] Outside of the job, his contributions to the emerging cybersecurity industry include numerous articles, interviews, talks, and videos,[9] as well as six books addressing such topics as internet and intranet firewall strategies, intrusion detection, and the protection of large-scale national, critical infrastructure.[10]

After retirement from A&T in 2016, Amoroso founded TAG Cyber LLC with a goal to “democratize cyber security analysis” by providing greater access to “high-quality, military grade analysis that larger firms pay millions for."[11] The primary vehicle used to meet this goal is the Security Annual, a document available for free by download to enterprise security experts.[12] The document includes research on fifty cybersecurity controls, as well as listings for thousands of commercial cybersecurity vendors.

As a member of the National Security Agency (NSA) Advisory Board (NSAAB), Amoroso worked directly with four Presidential administrations on issues related to national security, critical infrastructure protection, and cyber policy.[13] In 2020, Business Insider tapped him as one of the country’s fifty leaders “who helped lead the cyber security industry through an unprecedented and tumultuous year.”[14]

Education and early career accomplishments

Amoroso was born in Neptune Township, New Jersey and attended the Christian Brothers Academy before completing an undergraduate degree in physics in 1983 at Dickinson College. Upon graduation, he shifted his academic interests to computer science, and went on to receive M.S. and Ph.D. degrees in 1986 and 1991, respectively, from Stevens Institute of Technology.[15] Several years later, Amoroso completed the Columbia Senior Executive Program (CSEP) at the Columbia Business School.

One of his early technical achievements was writing inertial measurement software for the Space Shuttle while employed by Singer-Kearfott (now Kearfott Guidance & Navigation) in 1984. His involvement in computer security began at Bell Labs, now part of AT&T, which he joined a year later.

Models and criteria for safer systems

One of the first significant projects Amoroso was involved with at Bell Labs was developing a secure version of the Unix System V to meet the B1 Criteria in the Trusted Computer System Evaluation Criteria (TCSEC).[16] Also known as the Orange Book, TCSEC is a U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of security controls built into a computer system. Amoroso also used Unit System V as a basis for a denial of service model that, in 1992, was included and referenced as the Amoroso Model in the Canadian Trusted Computer Product Evaluation Criteria.

Another important security technique Amoroso pioneered was the concept of threat trees, or conceptual diagrams showing how an asset, or target, might be attacked. Basically identical to the attack tree strategy, Amoroso introduced threat trees in his 1994 text book Fundamentals of Computer Security Technology[17] and it is now an important tool in the quantification of risk.

Academic and professional career

For much of his career, Amoroso has kept a toehold in academia. He has served as an adjunct professor in computer science at Stevens Institute of Technology[18] for almost three decades, and through that post has introduced more than 3,000 graduate students to the topic of information security.[19] A computing security course he taught at Monmouth University in the 1990’s was documented in a paper presented at an ACM conference in 1993.[20]

In 2017, Amoroso accepted the position of Distinguished Research Professor in the Center for Cybersecurity (CCS) at the NYU Tandon School of Engineering in Brooklyn, New York.[21] One of his responsibilities at CCS is serving as the leader of the research team for the Index of Cybersecurity, a monthly reading of sentiment estimates regarding cyber threats. Hosted on the NYU CCS website, it surveys and presents the concerns of practicing security experts around the world on cybersecurity threat-related issues[22]

Amoroso also serves as a senior advisor to the Asymmetric Operations Group at the Johns Hopkins University Applied Physics Laboratory in Laurel, MD. His board-related appointments include one year as an independent director for M&T Bank in Buffalo, New York from 2016 to 2017, and several years as a Board Trustee at the Stevens Institute of Technology. He holds 10 patents for inventions related to cyber security.

Notes and References

  1. Amoroso. Edward. Taylor. Carol. Watson. John. Weiss. Jonathan. A process-oriented methodology for assessing and improving software trustworthiness. Proceedings of the 2nd ACM Conference on Computer and Communications Security. 39–50. November 1994. 10.1145/191177.191188 . free.
  2. Amoroso. Edward. Nguyen. Thu. Weiss. Jon. Watson. John. Lapiska. Peter. Starr. Terry. Towards an approach to measuring software trust. Proceedings of IEEE Conference on Computer and Communications Security. 198–218. 1991.
  3. Amoroso. Edward. From the enterprise perimeter to a mobility-enabled secure cloud. IEEE Security & Privacy. 23–31. IEEE Computer Society. January–February 2013. 11 . 10.1109/MSP.2013.8 . 12211575 .
  4. Amoroso. Edward. Taylor. Carol. Watson. John. Weiss. Jonathan. A process-oriented methodology for assessing and improving software trustworthiness. Proceedings of the 2nd ACM Conference on Computer and Communications Security. 39–50. November 1994. 10.1145/191177.191188 . free.
  5. Bednarz. Ann. What is microsegmentation? How getting granular improves network security. Network World. January 30, 2018.
  6. Amoroso. Edward. From the enterprise perimeter to a mobility-enabled secure cloud. IEEE Security & Privacy. 23–31. IEEE Computer Society. January–February 2013. 11 . 10.1109/MSP.2013.8 . 12211575 .
  7. Amoroso. Edward. Practical methods for securing the cloud. IEEE Cloud Computing. 28–38. January 2014. 1 . IEEE Computer Society. 10.1109/MCC.2014.17 . 16034285 .
  8. Gittlen. Sandra. Under Pressure. Network World. December 5, 2005.
  9. Interview:AT&T's Edward Amoroso. Infosecurity Magazine. 7 September 2011. 29 April 2021.
  10. Web site: Publication List for Edward G. Amoroso. Amazon . 29 April 2021.
  11. Web site: About TAG Cyber. TAG Cyber.com. 5 May 2021.
  12. Web site: 2021 TAG Cyber Security Annual. TAG Cyber.com. 5 May 2021.
  13. Web site: Faculty Biography: Edward Amoroso. NYU.edu. 5 May 2021.
  14. Elder. Jeff. Holmes. Aaron. The power players of cybersecurity: 50 CEOs, leaders, investors, and hackers who will lead the tech industry as it emerges from the pandemic. Business Insider. 2 December 2020.
  15. https://www.infosecurity-magazine.com/interviews/interview-atts-edward-amoroso/ "Interview: AT&T's Edward Amoroso"
  16. Amoroso. Edward. Taylor. Carol. Watson. John. Weiss. Jonathan. A process-oriented methodology for assessing and improving software trustworthiness. Proceedings of the 2nd ACM Conference on Computer and Communications Security. 39–50. November 1994. 10.1145/191177.191188. free.
  17. Book: Amoroso. Edward G.. Fundamentals of Computer Security. Prentice Hall. 1994. Upper Saddle River, NJ. 0-13-108929-3.
  18. Web site: Computer Science Faculty. Stevens Institute of Technology.com. 5 May 2021.
  19. Web site: Faculty Biography: Edward Amoroso. 5 May 2021.
  20. Amoroso. Edward G.. A graduate course in computing security technology. ACM SIGCSE Bulletin. 25. 1. 251–255. March 1993. ACM. 10.1145/169073.169477 . 5 May 2021.
  21. Web site: NYU Center for Cybersecurity. 5 May 2021.
  22. Web site: The Index of Cybersecurity April 2021. April 2021. 5 May 2021.