Ed Amoroso: Security shouldn't be the main dish. [Computer Science] [Career Notes] - CyberWire Daily

Summary4 min read

Podcast Summary: CyberWire Daily
Episode: Ed Amoroso: Security shouldn't be the main dish
Release Date: August 10, 2025
Host/Author: N2K Networks

Introduction

In this episode of CyberWire Daily, renowned cybersecurity expert Ed Amoroso, CEO and founder of TAG Cyber, shares his extensive journey in the field of computer science and cybersecurity. From his early inspirations influenced by his father to his transformative career at AT&T and eventual founding of TAG Cyber, Amoroso provides valuable insights into the evolution of cybersecurity roles and offers guidance for aspiring professionals in the industry.

Early Inspirations and Career Beginnings

Ed Amoroso begins by delving into his formative years, highlighting the significant influence of his father, one of the first computer science PhDs globally. Growing up with an ARPANET connection in the 1970s, Amoroso's early exposure to computing fueled his passion for the field.

Quote [00:51]:
"My dad famously said, 'Well, if you have to call yourself a science, you probably aren't one.' And he's right. Computer science is not a science. We don't have any laws. But he did that."

Amoroso recounts learning programming languages like Pascal at Carnegie Mellon University during his youth and earning his PhD in computer science. His father's guidance led him to Bell Labs in the mid-1980s, where he joined the UNIX group, immersing himself in a hub of technological genius alongside luminaries like Brian Kernighan and Richie Thompson.

Quote [02:30]:
"I would walk down the hallway where Brian Kernighan and Richie and Thompson, all those guys were working. And I would just go like this, hoping that some of that genius would waft into me."

Transition to Cybersecurity

At Bell Labs, Amoroso's trajectory shifted towards cybersecurity, a decision influenced by his father's advice. In the early '90s, he spearheaded the establishment of a Chief Information Security Officer (CISO) role at AT&T, a pioneering move that would shape his future endeavors.

Quote [04:15]:
"I had a very cool boss then who said, you know what, you can put whatever you want on your business card. Just go. So I print, I still have them. It's a Chief Information Security Officer."

Despite initial setbacks, such as the ineffective deployment of the NetRanger IDS system plagued by false positives, Amoroso persevered. He learned invaluable lessons about running a Security Operations Center (SOC) and developing managed security services, ultimately contributing to AT&T's expansion and mergers, including acquisitions like DirecTV and BellSouth.

Quote [06:50]:
"We built the first managed security service. AT&T starts getting big and powerful... I start becoming this big fancy executive."

From Executive to Entrepreneur

After ascending to executive roles and managing vast teams, Amoroso realized his true passion lay in pure computer science rather than corporate leadership. Opting to leave AT&T, he founded TAG Cyber, a research and advisory firm focused on disrupting and enhancing the cybersecurity landscape.

Quote [08:20]:
"I just wanted to be a computer scientist like my dad. But I became this executive and I decided one day I didn't want to be an executive. So I quit, started TAG Cyber."

Despite initial challenges, including starting with no customers or revenue, Amoroso's dedication paid off as TAG Cyber began to experience exponential growth, doubling in size every year.

Core Philosophy: Security as a Feature

Amoroso emphasizes a critical paradigm shift in cybersecurity: security should be a feature, not the main focus. He advocates for professionals to prioritize mastering the core aspects of computing—such as development, engineering, networking, databases, and cloud systems—as these serve as the foundation upon which robust security measures can be built.

Quote [09:55]:
"Security is a feature, it's an aspect, it's an attribute it's an incredibly important one. So young people... learn something, develop some capability in something and then you'll be very naturally progress into cybersecurity."

This approach not only strengthens the overall functionality of systems but also ensures that security is seamlessly integrated rather than being treated as an afterthought.

Advice for Aspiring Cybersecurity Professionals

When questioned about the best way to break into network security, Amoroso advises aspiring professionals to build strong foundations in related disciplines. Whether one's interest lies in software security, database security, or networking, gaining expertise in these areas facilitates a natural transition into broader cybersecurity roles.

Quote [10:00]:
"If you want to get into something, then look at the meat of it. Learn development, learn engineering, learn networking, learn to build databases, learn to build cloud systems."

Conclusion

Ed Amoroso's journey from a computer science enthusiast inspired by his father to a cybersecurity trailblazer underscores the importance of foundational knowledge and adaptive learning in the ever-evolving tech landscape. His insights serve as a guiding beacon for both seasoned professionals and newcomers aiming to make meaningful contributions to the field of cybersecurity.

Notable Quotes with Timestamps:

[00:51]
"Computer science is not a science. We don't have any laws."
[02:30]
"I was hoping that some of that genius would waft into me."
[04:15]
"It's a Chief Information Security Officer."
[06:50]
"We built the first managed security service."
[08:20]
"I quit, started TAG Cyber."
[09:55]
"Security is a feature, it's an aspect, it's an attribute."
[10:00]
"Learn development, learn engineering, learn networking..."

This comprehensive summary encapsulates Ed Amoroso's insights and experiences shared during the podcast, providing listeners with a clear understanding of his perspectives on cybersecurity and career development within the field.

Loading summary

Transcript4 lines

[00:02]
A
You're listening to the Cyberwire network powered by N2K.
[00:13]
B
And now a word from our sponsor, ThreatLocker, the powerful Zero Trust Enterprise solution that stops ransomware in its tracks. Allow Listing is a deny by default software that makes application control simple and fast. Ring Fencing is an application containment strategy ensuring apps can only act the files, registry keys, network resources and other applications they truly need to function. Shut out cybercriminals with world class endpoint protection from Threat Locker.
[00:51]
A
Hi, this is Ed Amoroso and I'm the chief executive officer and founder of TAG Cyber, which is a research and advisory firm located in New York City. And I also am a professor over at NYU where I teach in the computer science and engineering department. Well, my dad was the second computer science PhD ever in the world. He was at UPenn and he was doing a PhD in electrical engineering. And they came to him and said, we'd like to make it computer science. This was the Moore school in the 60s. That's where ENIAC was built in the 50s. And my dad famously said, well if you have to call yourself a science, you probably aren't one. And he's right. Computer science is not a science. We don't have any laws. But he did that. So I grew up in a family where we had an ARPANET connection into our home in the 70s. I was a very mischievous kid and I, you know, learned to program on Carnegie mellons CMUA and CMUB is where I learned Pascal when I was about 12. My dad guided me along. I eventually got my PhD in computer science. I went to Bell Labs and joined the UNIX group again with guidance from my dad. He said again famously, think of unfair this is that I had this guidance in 83. He said you should go to Bell Labs, you should work in computer security. That's going to be big. It's like, could you have had better advice, you know, in the mid-80s than to go work on UNIX at Bell Labs? Jabs on security, I mean, talk about died and went to heaven. That was the greatest place I've ever seen in my life. You know, I would walk down the hallway where Brian Kernahan and Richie and Thompson, all those guys were working. And I would just go like this, hoping that some of that genius would waft into me. I don't think it ever did, but it felt good. Like, I often ask my teams, what was the best day you ever had at work? And it's a fun question to ask. And most people sadly say the day I got like this promotion or Raise. What a sad reflection. If that was your best day. I always tell them, you know, it was my best day. When I was about 27, I was working a UNIX project and I'm in a meeting and Brian Kernahan, the inventor of the C programming language, he said, ed, that's a good idea. That's it. I walked out of there probably about six feet off the ground. And I've gotten to know Brian since then. I've interviewed him. He came at TAG Cyber, we have a conference. He was our keen, I would sign books. I joke with him about that. He didn't remember it, but for me, the greatest thing ever. We were doing UNIX security and in 92 or 93, the CEO of AT&T, the president of the network, Frank Ayana at the time, pulled me aside and said, hey, all this work you guys are doing with government, you think you could do like a security group to protect our company. And I remember going, wow, what a great idea. Like you'd have a group that would do security for the company. And he goes, yeah, what do you think? And I went, wow. I go in nose and ran asking if anybody else was doing that. Find Steve Katz over at some bank city or something. He hands me his card and it says, Chief Information Security Officer. I said, what's that? He goes, that's my title. And I said, can I keep this business card? So I go back to work. Could I be this? And they go, no, you can't escape the word officer in your title. Forget I had some other thing like I was running something called the Information Security center or something like that. But I had a very cool boss then who said, you know what, you can put whatever you want on your business card. Just go. So I print, I still have them. It's a Chief Information Security Officer. I was like self dubbed from that time on for the next 20 years, it became my passion, my research, my life's work to figure out how to make the Chief Information Security Officer position viable. And man, did we make mistakes. Everything you could imagine that you could goof up on AT&T. I give them so much credit that they didn't fire me because I would kiss my wife goodbye and say, well, today's gonna be the day that they're gonna be on to me and see that I'm making this thing up. There was a tool called NetRanger IDS. We plug them in all over the network and I hire a bunch of operators because it's a phone company to sit in a big room and field the alarms, and it didn't work. It was all this false positive garbage coming in. And I learned on the job what it is to run a security operations center. We figured out that, okay, they can do tier one, so maybe we need some people, like, who can do cybersecurity helping them. We built a managed firewall service, and then we married up some of that ids and we're building the first managed security service. AT&T starts getting big and powerful. SBC buys us, we merge. We bought DirecTV, we bought Bell south, we bought Singular, and then we had the iPhone launch. So my team got bigger and bigger. I start becoming this big fancy executive. And I didn't know what an income statement was. So AT&T sends me off to Columbia Business School to learn to be an executive. I think all the professors must have quit after me. Can you imagine putting a computer scientist, computer science professor, no less, into a business school environment? I'm sure I drew them crazy, but when I retired from AT&T, I'd done all this thing, managed these big teams, had thousands of people working. It was really quite an experience. Nothing I ever wanted. I just wanted to be a computer scientist like my dad. But I became this executive and I decided one day I didn't want to be an executive. So I quit, started TAG Cyber. I had no customers, I had no revenue, I had no office. I just had a logo that I made up. TAG is the Amoroso Group. And my wife thought I was nuts because I was quitting a job that I had, basically tenure. I guess I'm making a lot of money and I quit to make no money, but to do what I wanted to do, which was disrupt and fix, research and advisory. But little by little, we're starting to grow. And now I'm on an exponential where we're doubling every year. So that's my story. Went from my dad having an ARPANET connection and I'm learning PASCAL to Bell Labs to CISO to business, to quitting to starting something new. And now I'm riding a new exponential up, and it's a hell of a ride. I think this is going to sound crazy, but security shouldn't be the main dish. Computing, networking, software, systems that we're building, that's the main dish. I always say, if you want to get into something, then look at the meat of it. Learn development, learn engineering, learn networking, learn to build databases, learn to build cloud systems. There's the construction of working functionality to support business objectives. That's what you want to be good at. Security is a feature, it's an aspect, it's an attribute it's an incredibly important one. So young people, all my grad students they go what's the best way for me to break into network security? I say break into networking. They say I'm really interested in software security what should I do? Learn software. I love database security. What should I do? Learn databases. You got to pay your dues and learn something develop some capability in something and then you'll be very naturally progress into cybersecurity. So that's always been my advice.
[10:08]
B
CISOs and CIOs know machine identities now outnumber humans by more than 80 to 1 and without securing them trust, uptime, outage and compliance are at risk Cyber ARC is leading the way with the only unified platform purpose built to secure every machine identity, certificates, secrets and workloads across all environments, all clouds and all AI agents. Designed for scale automation and quantum readiness Cyber ARC helps modern enterprises secure their machine future. Visit cyberark.com machines to see how Sam.