Ed Amoroso, who spent 31 years working in IT security at AT&T, the last 12 as the company’s CSO, recently let us pick his brain on infosec topics such as vulnerability management, patch prioritization and emerging technology. Below is our Q&A with Amoroso, who is now CEO of TAG Cyber, a cyber security advisory and consulting firm which he founded this year and which recently published its first annual industry report. This report found Vulnerability Management to be one of the top security controls for enterprise CSOs.
Does it surprise you when a vulnerability that was patched years ago continues to be exploited successfully even in companies and government agencies with a lot of IT resources? Do you think this is caused by issues in any one part of the VM process (discovery, prioritization or remediation)?