Sergio began his career doing threat intelligence in the US Government's NSA and now is the VP of Threat Intel at Dragos. We focus in this episode on where the data for threat intel is obtained, how the threat intel product is created, and how it should be used by an ICS asset owner. Where are the data 'mines' where the raw data is available and how to find the nuggets? What is a typical threat intel product / set of information? Does threat intel include attribution (who is the threat actor(s))? What is the difference between a threat actor and what Sergio calls an activity group? Is this important for the asset owner to know? How do you determine when you have enough completeness and accuracy to write and deliver threat intel product? How do you define the accuracy of a threat intel report or specific findings in a report? How would an asset owner use threat intel? Is it actually providing new recommendations that a good ICS security program wouldn't already prioritize. Customers should drive threat intel through their questions so they can make better business decisions.
Sometimes you only need one name. Prince, Madonna, Oprah....and Sergio. This week I'm thrilled to be joined by my good friend Sergio Caltagirone. We talked about the importance of ICS security, control system themed road trips, and the intersection of information security and philosophy. Sergio takes us through his journey from the Department of Defense, Microsoft and at Dragos. We also get the story of how the Diamond model came into existence. Perhaps most importantly, we talk about his work to fight human trafficking and how he is applying data science to this problem at the Global Emancipation Network.