Edward G. Amoroso

Edward G. Amoroso is an American computer security professional, entrepreneur, author, and educator based in the New York City area. His research interests have centered on techniques and criteria for measuring trustworthy software development. the application of these methods to secure software development for critical projects in the defense and aerospace industries, and redefining trust parameters for improved security in the cloud.

Early on in his career, he was involved with the design of security protections for the Unix operating system in support of the US Government Orange Book security evaluation criteria. This research lead to real-time security design and trusted software protections for the United States Ballistic Missile Defense Program, also known as Star Wars. He has also pioneered concepts related to microsegmentation, a design strategy that allows for the creation of secure zones in data centers and cloud deployments.

During his thirty-one years at AT&T, Amoroso held a variety of research, development, engineering, management, and leadership roles within the company, culminating in 2005 when he became the company's first Chief Information Security Officer (CISO). Outside of the job, his contributions to the emerging cybersecurity industry include numerous articles, interviews, talks, and videos, as well as six books addressing such topics as internet and intranet firewall strategies, intrusion detection, and the protection of large-scale national, critical infrastructure.

After retirement from A&T in 2016, Amoroso founded TAG Cyber LLC with a goal to “democratize cyber security analysis” by providing greater access to “high-quality, military grade analysis that larger firms pay millions for." The primary vehicle used to meet this goal is the Security Annual, a document available for free by download to enterprise security experts. The document includes research on fifty cybersecurity controls, as well as listings for thousands of commercial cybersecurity vendors.

As a member of the National Security Agency (NSA) Advisory Board (NSAAB), Amoroso worked directly with four Presidential administrations on issues related to national security, critical infrastructure protection, and cyber policy. In 2020, Business Insider tapped him as one of the country’s fifty leaders “who helped lead the cyber security industry through an unprecedented and tumultuous year.”

Education and early career accomplishments
Amoroso was born in Neptune Township, New Jersey and attended the Christian Brothers Academy before completing an undergraduate degree in physics in 1983 at Dickinson College. Upon graduation, he shifted his academic interests to computer science, and went on to receive M.S. and Ph.D. degrees in 1986 and 1991, respectively, from Stevens Institute of Technology. Several years later, Amoroso completed the Columbia Senior Executive Program (CSEP) at the Columbia Business School.

One of his early technical achievements was writing inertial measurement software for the Space Shuttle while employed by Singer-Kearfott (now Kearfott Guidance & Navigation) in 1984. His involvement in computer security began at Bell Labs, now part of AT&T, which he joined a year later.

Models and criteria for safer systems
One of the first significant projects Amoroso was involved with at Bell Labs was developing a secure version of the Unix System V to meet the B1 Criteria in the Trusted Computer System Evaluation Criteria (TCSEC). Also known as the Orange Book, TCSEC is a U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of security controls built into a computer system. Amoroso also used Unit System V as a basis for a denial of service model that, in 1992, was included and referenced as the Amoroso Model in the Canadian Trusted Computer Product Evaluation Criteria.

Another important security technique Amoroso pioneered was the concept of threat trees, or conceptual diagrams showing how an asset, or target, might be attacked. Basically identical to the attack tree strategy, Amoroso introduced threat trees in his 1994 text book Fundamentals of Computer Security Technology and it is now an important tool in the quantification of risk.

Academic and professional career
For much of his career, Amoroso has kept a toehold in academia. He has served as an adjunct professor in computer science at Stevens Institute of Technology for almost three decades, and through that post has introduced more than 3,000 graduate students to the topic of information security. A computing security course he taught at Monmouth University in the 1990’s was documented in a paper presented at an ACM conference in 1993.

In 2017, Amoroso accepted the position of Distinguished Research Professor in the Center for Cybersecurity (CCS) at the NYU Tandon School of Engineering in Brooklyn, New York. One of his responsibilities at CCS is serving as the leader of the research team for the Index of Cybersecurity, a monthly reading of sentiment estimates regarding cyber threats. Hosted on the NYU CCS website, it surveys and presents the concerns of practicing security experts around the world on cybersecurity threat-related issues

Amoroso also serves as a senior advisor to the Asymmetric Operations Group at the Johns Hopkins University Applied Physics Laboratory in Laurel, MD. His board-related appointments include one year as an independent director for M&T Bank in Buffalo, New York from 2016 to 2017, and several years as a Board Trustee at the Stevens Institute of Technology. He holds 10 patents for inventions related to cyber security.