This article can also be found in the Premium Editorial Download "Information Security magazine: Security 7 Award winners unmasked."
Download it now to read this article plus other related content.
Answering the Call
by Michael S. Mimoso
Stress Reliever: Loves watching the New York Yankees.
Favorite geek site: www.mlb.com
There have been few more hallowed halls than one at a Bell Labs research facility in Murray Hill, N.J., during the late 1970s. Adjacent offices housed Unix pioneers Dennis Ritchie, Ken Thompson--both Turing Award winners--Brian Kernighan and Rob Pike. Nobel Prize winner Robert W. Wilson and Bob Morris, whose son would write one of the first Internet worms in 1988, were nearby.
Edward Amoroso quietly trod this hallway hoping not to attract attention, but to absorb any brainpower seeping through the doors. "Anytime I could find an excuse to walk down that hallway, I would," Amoroso says. "I was hoping some of that genius would waft out and hit me."
Almost obligated to succeed in such heady surroundings, Amoroso wanted to figure out how to secure Unix systems. Two decades later, he hasn't scaled down his dreaming or innovation and has put his inspiration to good use.
Now the CISO at AT&T--which split off in 1996 when Bell Labs became Lucent Technologies--Amoroso is responsible not only for keeping one of the largest Tier 1 telecommunication carriers in the world secure, but is trying to shift the security paradigm by having carriers provide security services from the Internet rather than inside the firewall.
"Most companies have decided they want to run a network, which leads to unbridled complexity," Amoroso says. "You have tangled networks connected by 50 different access technologies--topologies driven by nothing more than legacy issues. A network drifts from point A to point B; perimeters are almost impossible to define. This complexity leads to things being insecure."
Amoroso's first project at Bell Labs involved "pulling bugs out of Unix." Now, he's driving a sea change inside AT&T by building worldwide security teams. These teams focus on compliance and maintain consistency with audit requirements; write and maintain policies and best practices for each of AT&T's business units; build the security services used within the company and sold to customers; and defend AT&T's networks, keeping its cloud services functioning and managing its PKI, access control and authentication needs.
Amoroso's infatuation with Bell Labs began in 1978 at Christian Brothers Academy in Lincroft, N.J., at a lecture given by Wilson--who, with partner Arno Penzias, discovered cosmic microwave background radiation, which led to their formulation of the Big Bang Theory--all while working at Bell Labs. This obviously innovative environment lured the impressionable high school junior to enroll in the doctoral support program at Bell Labs and earn his Ph.D.--during which he wrote microprocessor assembly code for gyros used on the Space Shuttle and worked alongside Shuttle astronaut and 1984 Challenger crew member Terry Hart, who was the first to repair a satellite in orbit.
Amoroso eventually rose to the position of CISO, earning his chops and reputation as the co-author of one of the first firewall manifestoes, Intranet and Internet Firewall Strategies, which argued the need for network protection in the early days of e-commerce. Amoroso is eager for the day when the shift happens and carriers absorb security functions from the service provider level.
"Rather than just connect sites, carriers can help you separate them," Amoroso says. "As those services appear, the network topology will simplify; the perimeter will go away. You won't have to fight worms and viruses any more--telecoms will do it for you."
This was first published in September 2005