Edward G. Amoroso

Last updated
Edward G. Amoroso
Born (1961-12-03) December 3, 1961 (age 62)
Neptune Township, New Jersey, United States
NationalityAmerican
Alma mater Columbia University, Stevens Institute of Technology, Dickinson College
Known forTAG Cyber LLC, AT&T, Bell Laboratories, New York University, Stevens Institute of Technology
Scientific career
Fields Cybersecurity, Computer Science
Website www.tag-cyber.com

Edward G. Amoroso is an American computer security professional, entrepreneur, author, and educator based in the New York City area. His research interests have centered on techniques and criteria for measuring trustworthy software development. [1] the application of these methods to secure software development for critical projects in the defense and aerospace industries, [2] and redefining trust parameters for improved security in the cloud. [3]

Contents

Early on in his career, he was involved with the design of security protections for the Unix operating system in support of the US Government Orange Book security evaluation criteria. This research lead to real-time security design and trusted software protections for the United States Ballistic Missile Defense Program, also known as Star Wars. [4] He has also pioneered concepts related to microsegmentation, [5] a design strategy that allows for the creation of secure zones in data centers and cloud deployments. [6] [7]

During his thirty-one years at AT&T, Amoroso held a variety of research, development, engineering, management, and leadership roles within the company, culminating in 2005 when he became the company's first Chief Information Security Officer (CISO). [8] Outside of the job, his contributions to the emerging cybersecurity industry include numerous articles, interviews, talks, and videos, [9] as well as six books addressing such topics as internet and intranet firewall strategies, intrusion detection, and the protection of large-scale national, critical infrastructure. [10]

After retirement from A&T in 2016, Amoroso founded TAG Cyber LLC with a goal to “democratize cyber security analysis” by providing greater access to “high-quality, military grade analysis that larger firms pay millions for." [11] The primary vehicle used to meet this goal is the Security Annual, a document available for free by download to enterprise security experts. [12] The document includes research on fifty cybersecurity controls, as well as listings for thousands of commercial cybersecurity vendors.

As a member of the National Security Agency (NSA) Advisory Board (NSAAB), Amoroso worked directly with four Presidential administrations on issues related to national security, critical infrastructure protection, and cyber policy. [13] In 2020, Business Insider tapped him as one of the country’s fifty leaders “who helped lead the cyber security industry through an unprecedented and tumultuous year.” [14]

Education and early career accomplishments

Amoroso was born in Neptune Township, New Jersey and attended the Christian Brothers Academy before completing an undergraduate degree in physics in 1983 at Dickinson College. Upon graduation, he shifted his academic interests to computer science, and went on to receive M.S. and Ph.D. degrees in 1986 and 1991, respectively, from Stevens Institute of Technology. [15] Several years later, Amoroso completed the Columbia Senior Executive Program (CSEP) at the Columbia Business School.

One of his early technical achievements was writing inertial measurement software for the Space Shuttle while employed by Singer-Kearfott (now Kearfott Guidance & Navigation) in 1984. His involvement in computer security began at Bell Labs, now part of AT&T, which he joined a year later.

Models and criteria for safer systems

One of the first significant projects Amoroso was involved with at Bell Labs was developing a secure version of the Unix System V to meet the B1 Criteria in the Trusted Computer System Evaluation Criteria (TCSEC). [16] Also known as the Orange Book, TCSEC is a U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of security controls built into a computer system. Amoroso also used Unit System V as a basis for a denial of service model that, in 1992, was included and referenced as the Amoroso Model in the Canadian Trusted Computer Product Evaluation Criteria.

Another important security technique Amoroso pioneered was the concept of threat trees, or conceptual diagrams showing how an asset, or target, might be attacked. Basically identical to the attack tree strategy, Amoroso introduced threat trees in his 1994 text book Fundamentals of Computer Security Technology [17] and it is now an important tool in the quantification of risk.

Academic and professional career

For much of his career, Amoroso has kept a toehold in academia. He has served as an adjunct professor in computer science at Stevens Institute of Technology [18] for almost three decades, and through that post has introduced more than 3,000 graduate students to the topic of information security. [19] A computing security course he taught at Monmouth University in the 1990’s was documented in a paper presented at an ACM conference in 1993. [20]

In 2017, Amoroso accepted the position of Distinguished Research Professor in the Center for Cybersecurity (CCS) at the NYU Tandon School of Engineering in Brooklyn, New York. [21] One of his responsibilities at CCS is serving as the leader of the research team for the Index of Cybersecurity, a monthly reading of sentiment estimates regarding cyber threats. Hosted on the NYU CCS website, it surveys and presents the concerns of practicing security experts around the world on cybersecurity threat-related issues [22]

Amoroso also serves as a senior advisor to the Asymmetric Operations Group at the Johns Hopkins University Applied Physics Laboratory in Laurel, MD. His board-related appointments include one year as an independent director for M&T Bank in Buffalo, New York from 2016 to 2017, and several years as a Board Trustee at the Stevens Institute of Technology. He holds 10 patents for inventions related to cyber security.

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

In computer security, a covert channel is a type of attack that creates a capability to transfer information objects between processes that are not supposed to be allowed to communicate by the computer security policy. The term, originated in 1973 by Butler Lampson, is defined as channels "not intended for information transfer at all, such as the service program's effect on system load," to distinguish it from legitimate channels that are subjected to access controls by COMPUSEC.

<span class="mw-page-title-main">David Parnas</span> Canadian software engineer

David Lorge Parnas is a Canadian early pioneer of software engineering, who developed the concept of information hiding in modular programming, which is an important element of object-oriented programming today. He is also noted for his advocacy of precise documentation.

<span class="mw-page-title-main">Gene Spafford</span> American computer scientist

Eugene Howard Spafford, known as Spaf, is an American professor of computer science at Purdue University and a computer security expert.

<span class="mw-page-title-main">Dorothy E. Denning</span> American information security researcher

Dorothy Elizabeth Denning is a US-American information security researcher known for lattice-based access control (LBAC), intrusion detection systems (IDS), and other cyber security innovations. She published four books and over 200 articles. Inducted into the National Cyber Security Hall of Fame in 2012, she is now Emeritus Distinguished Professor of Defense Analysis, Naval Postgraduate School.

Virgil Dorin Gligor is a Romanian-American professor of electrical and computer engineering who specializes in the research of network security and applied cryptography.

John Viega is an American computer security author, researcher and professional.

<span class="mw-page-title-main">Elie Bursztein</span> French computer scientist and hacker (born 1980)

Elie Bursztein, born 1 June 1980 in France, is a French computer scientist and software engineer. He is currently Google and DeepMind AI cybersecurity technical and research lead.

Carl E. Landwehr is an American computer scientist whose research focus is cybersecurity and trustworthy computing. His work has addressed the identification of software vulnerabilities toward high assurance software development, architectures for intrusion-tolerant and multilevel security systems, token-based authentication, and system evaluation and certification methods. In an invited essay for ACSAC 2013, he proposed the idea of developing building codes for building software that is used in critical infrastructures. He has organized an NSF funded workshop to develop a building code and research agenda for medical device software security. The final committee report is available through the Cyber Security and Policy Institute of the George Washington University, and the building code through the IEEE.

Kenneth P. Birman is a professor in the Department of Computer Science at Cornell University. He currently holds the N. Rama Rao Chair in Computer Science.

Cyber-insurance is a specialty insurance product intended to protect businesses from Internet-based risks, and more generally from risks relating to information technology infrastructure and activities. Risks of this nature are typically excluded from traditional commercial general liability policies or at least are not specifically defined in traditional insurance products. Coverage provided by cyber-insurance policies may include first and third parties coverage against losses such as data destruction, extortion, theft, hacking, and denial of service attacks; liability coverage indemnifying companies for losses to others caused, for example, by errors and omissions, failure to safeguard data, or defamation; and other benefits including regular security-audit, post-incident public relations and investigative expenses, and criminal reward funds.

Ramesh Karri is a researcher specializing in trustworthy hardware, high assurance nanoscale integrated circuits, architectures and systems. He is a Professor of Electrical and Computer Engineering at New York University Polytechnic School of Engineering. Additionally, Karri is the co-founder of Trust-Hub, Embedded Security Challenge and NYU CRISSP center, the IEEE/ACM Symposium on Nanoscale Architectures and the IEEE Computer Society Technical Committee on Nanoscale Architectures. He is a member of NYU WIRELESS. He was awarded the Humboldt Fellowship and the National Science Foundation CAREER Award.

Justin Cappos is a computer scientist and cybersecurity expert whose data-security software has been adopted by a number of widely used open-source projects. His research centers on software update systems, security, and virtualization, with a focus on real-world security problems.

William "Chuck" Easttom II is an American computer scientist specializing in cyber security, cryptography, quantum computing, and systems engineering.

Static application security testing (SAST) is used to secure software by reviewing the source code of the software to identify sources of vulnerabilities. Although the process of statically analyzing the source code has existed as long as computers have existed, the technique spread to security in the late 90s and the first public discussion of SQL injection in 1998 when Web applications integrated new technologies like JavaScript and Flash.

<span class="mw-page-title-main">Raheem Beyah</span> American computer engineer

Raheem Beyah is an American computer engineer, researcher, and educator. As of January 15, 2021 he is the Dean of the College of Engineering and Southern Company Chair at the Georgia Institute of Technology. Prior to becoming the Dean, he was the vice president for Interdisciplinary Research and the Motorola Foundation Professor and the executive director of Georgia Tech's online masters in cyber security program. Beyah is also the co-founder and chair of industrial security company Fortiphyd Logic, Inc.

Nancy Rose Mead is an American computer scientist. She is known for her contributions to security, software engineering education and requirements.

Ali Dehghantanha is an academic-entrepreneur in cybersecurity and cyber threat intelligence. He is a Professor of Cybersecurity and a Canada Research Chair in Cybersecurity and Threat Intelligence.

Usable security is a subfield of computer science, human-computer interaction, and cybersecurity concerned with the user interface design of cybersecurity systems. In particular, usable security focuses on ensuring that the security implications of interacting with computer systems, such as via alert dialog boxes, are accessible and understandable to human users. This differs from the software engineering method of secure by design in that it emphasizes human aspects of cybersecurity rather than the technical. Usable security also sits opposite the idea of security through obscurity by working to ensure that users are aware of the security implications of their decisions.

Houbing Herbert Song (FIEEE) is the Director of the Security and Optimization for Networked Globe Laboratory at the University of Maryland, Baltimore County in Baltimore, USA. He received a Ph.D. degree in Electrical Engineering from the University of Virginia in 2012.

References

  1. Amoroso, Edward; Taylor, Carol; Watson, John; Weiss, Jonathan (November 1994). "A process-oriented methodology for assessing and improving software trustworthiness". Proceedings of the 2nd ACM Conference on Computer and Communications Security. pp. 39–50. doi: 10.1145/191177.191188 .
  2. Amoroso, Edward; Nguyen, Thu; Weiss, Jon; Watson, John; Lapiska, Peter; Starr, Terry (1991). "Towards an approach to measuring software trust". Proceedings of IEEE Conference on Computer and Communications Security. pp. 198–218.
  3. Amoroso, Edward (January–February 2013). "From the enterprise perimeter to a mobility-enabled secure cloud". IEEE Security & Privacy. 11. IEEE Computer Society: 23–31. doi:10.1109/MSP.2013.8. S2CID   12211575.
  4. Amoroso, Edward; Taylor, Carol; Watson, John; Weiss, Jonathan (November 1994). "A process-oriented methodology for assessing and improving software trustworthiness". Proceedings of the 2nd ACM Conference on Computer and Communications Security. pp. 39–50. doi: 10.1145/191177.191188 .
  5. Bednarz, Ann (January 30, 2018). "What is microsegmentation? How getting granular improves network security". Network World.
  6. Amoroso, Edward (January–February 2013). "From the enterprise perimeter to a mobility-enabled secure cloud". IEEE Security & Privacy. 11. IEEE Computer Society: 23–31. doi:10.1109/MSP.2013.8. S2CID   12211575.
  7. Amoroso, Edward (January 2014). "Practical methods for securing the cloud". IEEE Cloud Computing. 1. IEEE Computer Society: 28–38. doi:10.1109/MCC.2014.17. S2CID   16034285.
  8. Gittlen, Sandra (December 5, 2005). "Under Pressure". Network World.
  9. "Interview:AT&T's Edward Amoroso". Infosecurity Magazine. 7 September 2011. Retrieved 29 April 2021.
  10. "Publication List for Edward G. Amoroso". Amazon. Retrieved 29 April 2021.
  11. "About TAG Cyber". TAG Cyber.com. Retrieved 5 May 2021.
  12. "2021 TAG Cyber Security Annual". TAG Cyber.com. Retrieved 5 May 2021.
  13. "Faculty Biography: Edward Amoroso". NYU.edu. Retrieved 5 May 2021.
  14. Elder, Jeff; Holmes, Aaron (2 December 2020). "The power players of cybersecurity: 50 CEOs, leaders, investors, and hackers who will lead the tech industry as it emerges from the pandemic". Business Insider.
  15. "Interview: AT&T's Edward Amoroso", Infosecurity magazine, September 7, 2011. Accessed August 30, 2021. "Amoroso, who grew up in Neptune, New Jersey, hails from a large Italian-American family, which he jokingly refers to as comprising about 30 cousins along with his aunts, uncles, and other immediate family.... After attending Christian Brothers Academy in Lincroft, New Jersey, Amoroso moved on to Dickinson College in Carlisle, Pennsylvania, where he majored in physics."
  16. Amoroso, Edward; Taylor, Carol; Watson, John; Weiss, Jonathan (November 1994). "A process-oriented methodology for assessing and improving software trustworthiness". Proceedings of the 2nd ACM Conference on Computer and Communications Security. pp. 39–50. doi: 10.1145/191177.191188 .
  17. Amoroso, Edward G. (1994). Fundamentals of Computer Security. Upper Saddle River, NJ: Prentice Hall. ISBN   0-13-108929-3.
  18. "Computer Science Faculty". Stevens Institute of Technology.com. Retrieved 5 May 2021.
  19. "Faculty Biography: Edward Amoroso" . Retrieved 5 May 2021.
  20. Amoroso, Edward G. (March 1993). "A graduate course in computing security technology". ACM SIGCSE Bulletin. 25 (1). ACM: 251–255. doi:10.1145/169073.169477 . Retrieved 5 May 2021.
  21. "NYU Center for Cybersecurity" . Retrieved 5 May 2021.
  22. "The Index of Cybersecurity April 2021". April 2021. Retrieved 5 May 2021.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.