Under pressure

Inside the high-stress life of a chief information security officer.

He has commanded a war room at home in his pajamas, led a disaster response team from a Little League field and received an alert about the Zotob virus while sunning on a Cape Cod beach.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Click to see: Ed Amoroso, CISO for AT&T

When you're the chief information security officer (CISO) at a large company, the job never goes away and the pressure never lets up.

Ed Amoroso, the 43-year-old CISO at AT&T, has an even more challenging job than the average security pro. He has to protect not only AT&T's internal network from attack, he's also responsible for the service provider's global customer-facing network.

He's also trying to balance his always-on job with a busy family life. What does Amoroso do when the stress starts to build up? "I look at the ducks on the pond," he says, referring to the wildlife outside his office in Florham Park, N.J.

But it's rare to find Amoroso in his office. Instead, he is more likely to be running through an airport on his way to visit one of AT&T's global customers or meeting - often virtually - with his more than 300 far-flung team members who comprise AT&T's Security Center of Excellence.

"I spend 50% of my time with AT&T customers - although my team would say it's more like 100%," he says, joking. "In order to set the security strategy for AT&T, I have to know what's going on in the world."

Amoroso is also devoted to spending time with his wife, Lee, and their three children. He often works from home one day a week to counterbalance his heavy travel schedule.

Amoroso says there are three parts to his position: setting the security strategy for AT&T's internal network, managing the security of AT&T's global network, and helping to create new security products and services for AT&T worldwide. As such, Amoroso leads a unique mix of researchers, network security managers and product designers who tackle internal and external security issues, such as real-time incident response, patch management, anti-virus processes, compliance, policy requirements and enforcement, and intrusion detection.

Hossein Eslambolchi, AT&T's CTO and CIO at the time this article was reported, says having Amoroso head up both the internal and the customer-facing network and services is beneficial to the company. "We're able to leverage what we learn from protecting one of the world's leading global IP networks - our own - to benefit our enterprise customers."

Amoroso's Security Center of Excellence covers four areas: real-time security, enterprise security, design and development, and compliance and audit.

While many of his peers see their job as putting out fires, Amoroso, who was named to the CISO position in 1999, believes his role is more strategic. He says if he spent all his time in a war room fighting off every virus that popped up, he would be doing his job all wrong. For example, when the Zotob virus struck, he received a page while vacationing in Falmouth, Mass., but his team handled the situation.

Although he's not a micromanager, Amoroso does remain tethered to the information generated from his network. His main source of information is his BlackBerry, which he constantly fidgets with. It's set to alert him to changes in network conditions, virus outbreaks and other vital information. He relies heavily on the device, even making sure not to vacation outside its coverage areas.