In this interview with Sondra Schneider, Ed Amoroso shares his views on security in a networked world. Ed describes his early exposure to computer security, growing up near Bell Labs. His parents had Peter Neumann as a dinner guest, and Robert Wilson visited Ed's high school after receiving the Nobel prize for his work on the Big Bang Theory. As a graduate student in the Bell Labs doctoral support program, Ed observed that Ken Thompson, Dennis Ritchie, Brian Kernighan, and others were interested in security.

His first year at Bell Labs, Ed worked on a project led by Robert Morris, Sr., to make Unix more secure, as business and government adoption of Unix began. His long experience working in teams at Bell Labs leads to Ed's advice to young people considering careers in computer and network security: Do not jump into management too quickly. Spend a long time learning the technology.

Amoroso was instrumental in a U.S. government Y2K "data fusion" project to collect and analyze data for vulnerabilities. He was disappointed when the government's data fusion lab was shut down, especially given the recent criticism of the government for not having adequate information integration in fighting terrorism.

Ed says his biggest fear is "all the bad software out there" that is "riddled with vulnerabilities." He blames the software engineering discipline and suggests that it needs to become more like civil engineering or medicine, requiring "years of tortured residency," whereas today many developers get into software development with little formal training.

Amoroso argues that businesses "should be booking code on the other side of the accounting ledger," treating it not as an asset, but as a liability. He argues for simplification and reducing features to achieve better security.

Ed describes his respect for hackers, who he says are "defusing bombs" set by real criminals and terrorists. He'd like to see the U.S. Department of Homeland Security recognize hackers as a valuable potential ally.

Amoroso recently has advocated a new approach to security. Observing that today's firewall approach to protecting the edge isn't working. Instead, we should implement security in the network. He predicts that within two years, managed DMZs and firewalls will disappear, because "the carrier can do that more effectively and efficiently." Carriers can detect perturbations in the cloud and filter them.

That sort of analysis of the cloud allows AT&T to anticipate attacks, but communicating those alerts to customers can be difficult. That led AT&T to create a new video network. The Internet Security News Network now broadcasts 24x7 to many AT&T customers and may become more widely available in the future. The network offers security alerts, magazine shows, morning and afternoon news, interviews with CIOs and CSOs, deep technical lectures, event coverage, and more.