POPULARITY
Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of MITRE ATT&CK with CyberWire Hash Table guests Frank Duff, Tidal Cyber's Chief Innovation Officer, Amy Robertson, MITRE Threat Intelligence Engineer and ATT&CK Engagement lead, and Rick Doten, Centene's VP of Information Security. References: Amy L. Robertson, 2024. ATT&CK 2024 Roadmap [Essay]. Medium. Blake E. Strom, Andy Applebaum, Doug P. Miller, Kathryn C. Nickels, Adam G. Pennington, Cody B. Thomas, 2018. MITRE ATT&CK: Design and Philosophy [Historical Paper]. MITRE. Eric Hutchins, Michael Cloppert, Rohan Amin, 2010. Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains [Historic Paper]. Lockheed Martin Corporation. Nick Selby, 2014. One Year Later: The APT1 Report [Essay]. Dark Reading. Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. Rick Howard, 2020. Intrusion kill chains: a first principle of cybersecurity. [Podcast]. The CyberWire. Rick Howard, 2022. Kill chain trifecta: Lockheed Martin, ATT&CK, and Diamond. [Podcast]. The CyberWire. Rick Howard, 2020. cyber threat intelligence (CTI) (noun) [Podcast]. Word Notes: The CyberWire. Kevin Mandia, 2014. State of the Hack: One Year after the APT1 Report [RSA Conference Presentation]. YouTube. SAHIL BLOOM, 2023. The Blind Men & the Elephant [Website]. The Curiosity Chronicle. Sergio Caltagirone, Andrew Pendergast, and Christopher Betz. 05 July 2011. The Diamond Model of Intrusion Analysis. Center for Cyber Threat Intelligence and Threat Research.[Historical Paper] Staff, n.d. Home Page [Website]. Tidal Cyber. Learn more about your ad choices. Visit megaphone.fm/adchoices
Join us as we kick off our new bi-weekly 1-1 interview series, starting with Sergio Caltagirone. Sergio was formerly at NSA, Director of Threat Intelligence at Microsoft, VP of Threat Intelligence at Dragos, Technical Director of the Global Emancipation Network, now the founder and president of the Threat Intelligence Academy, and of course, co-author of The Diamond Model. We will talk about all the things threat intelligence, thought models, and probably a solid side of snark. Links: Episode livestream ChrisSanders.org Read the Cuckoos Egg Sergio's new adventure!
TL;DR: I'm extremely excited to present to you, dear listeners and friends, a wonderful conversation with Sergio Caltagirone, who is quite the authority on 'threat intelligence' - where others talk tools and limited knowledge, Sergio literally was there at the birth of the cyber dawn of the threat intelligence operations we know (or don't know) today. Sergio has been at an agency, at Microsoft, at Dragos - and he knows threat intelilgence from theory to applications. Listen in, learn a bit, and laugh along as the Chinese spy baloon (that's my story and I'm sticking to it) disrupts our communications with our pal, Sergio. Video Link (unedited, and hilarious): https://youtube.com/live/SuH4uxBiX3E Guest Sergio Caltagirone LinkedIn: https://www.linkedin.com/in/sergiocaltagirone/
Podcast: Unsolicited Response Podcast (LS 30 · TOP 5% what is this?)Episode: Threat Intelligence with Sergio CaltagironePub date: 2022-03-16Dale Peterson's guest on the Unsolicited Response show is Sergio Caltagirone, VP of Threat Intel at Dragos. What is good threat intel? How does threat intel "reduce harm by reducing operational meantime to recovery"? Should an asset owner care about the various threat actors named by Dragos, Mandiant and others? Does it matter if it was Petrovite or Erythracite? Why are the top recommendations in Dragos and other threat intel annual reports the typical, same as they always are, recommendations? What is the value if this is the case? What does an asset owner need to have in place to make use of threat intel? How does threat intel deal with the fact we are very bad at calculating or predicting likelihood? Why did you feel the new Journal of Threat Intelligence and Incident Response was needed? Links: Dragos 2021 Year In Review Webinar with Sergio on 2021 Year In Review Sergio's Threat Intel Class at the Threat Intelligence Academy S4x22, April 19-21 in Miami South Beach The podcast and artwork embedded on this page are from Dale Peterson: ICS Security Catalyst and S4 Conference Chair, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Dale Peterson's guest on the Unsolicited Response show is Sergio Caltagirone, VP of Threat Intel at Dragos. What is good threat intel? How does threat intel "reduce harm by reducing operational meantime to recovery"? Should an asset owner care about the various threat actors named by Dragos, Mandiant and others? Does it matter if it was Petrovite or Erythracite? Why are the top recommendations in Dragos and other threat intel annual reports the typical, same as they always are, recommendations? What is the value if this is the case? What does an asset owner need to have in place to make use of threat intel? How does threat intel deal with the fact we are very bad at calculating or predicting likelihood? Why did you feel the new Journal of Threat Intelligence and Incident Response was needed? Links: Dragos 2021 Year In Review Webinar with Sergio on 2021 Year In Review Sergio's Threat Intel Class at the Threat Intelligence Academy S4x22, April 19-21 in Miami South Beach
ZDNet Security Update: Danny Palmer talks to Sergio Caltagirone, VP of Threat Intelligence at Drago,s about the risk cyber attacks pose to industrial infrastructure and what actions need to be taken to stop them before it's too late. Learn more about your ad choices. Visit megaphone.fm/adchoices
Colonial Pipeline shuts down some systems after a ransomware attack, disrupting refined petroleum product delivery in the Eastern US. We’ll check in with Sergio Caltagirone from Dragos for his analysis. Other ransomware attacks hit city and Tribal governments. Joint UK-US alert on SVR tactics issued, and the SVR may have changed its methods accordingly. SolarWinds revised downward its estimate of the number of customers affected by its compromise. Rick Howard previews his CSO Perspectives podcasts on risk metrics. Four guilty pleas in “bulletproof hosting” RICO case. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/89
Criminal-on-criminal cyber crime. Ransomware hits European and North American businesses. Big Tech goes (virtually) to Capitol Hill to talk disinformation and Section 230. The head or NSA and US Cyber Command discusses election security and cyber defense with the Senate Armed Services Committee. Russia complains of a US assault on Russia’s “civilizational pillars.” Accenture’s Josh Ray shares his thoughts on securing the supply chain. Our guest is Sergio Caltagirone from Dragos on their 2020 ICS/OT Cybersecurity Year in Review. And there appears to be a minor resurgence of hacktivism. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/58
Podcast: Unsolicited Response PodcastEpisode: ICS Threat Intel with Sergio CaltagironePub date: 2020-03-23Sergio began his career doing threat intelligence in the US Government's NSA and now is the VP of Threat Intel at Dragos. We focus in this episode on where the data for threat intel is obtained, how the threat intel product is created, and how it should be used by an ICS asset owner. Where are the data 'mines' where the raw data is available and how to find the nuggets? What is a typical threat intel product / set of information? Does threat intel include attribution (who is the threat actor(s))? What is the difference between a threat actor and what Sergio calls an activity group? Is this important for the asset owner to know? How do you determine when you have enough completeness and accuracy to write and deliver threat intel product? How do you define the accuracy of a threat intel report or specific findings in a report? How would an asset owner use threat intel? Is it actually providing new recommendations that a good ICS security program wouldn't already prioritize. Customers should drive threat intel through their questions so they can make better business decisions. The podcast and artwork embedded on this page are from Dale Peterson: ICS Security Catalyst and S4 Conference Chair, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Sergio began his career doing threat intelligence in the US Government's NSA and now is the VP of Threat Intel at Dragos. We focus in this episode on where the data for threat intel is obtained, how the threat intel product is created, and how it should be used by an ICS asset owner. Where are the data 'mines' where the raw data is available and how to find the nuggets? What is a typical threat intel product / set of information? Does threat intel include attribution (who is the threat actor(s))? What is the difference between a threat actor and what Sergio calls an activity group? Is this important for the asset owner to know? How do you determine when you have enough completeness and accuracy to write and deliver threat intel product? How do you define the accuracy of a threat intel report or specific findings in a report? How would an asset owner use threat intel? Is it actually providing new recommendations that a good ICS security program wouldn't already prioritize. Customers should drive threat intel through their questions so they can make better business decisions.
Operation Soft Cell was low, slow, patient, and focused, and apparently run from China. Washington and Tehran are woofing at each other, with more exchanges in cyberspace expected. Cyber due diligence is taken increasingly seriously during mergers and acquisitions. Short-sighted design choices affect app security. The US security clearance process gets an overhaul. Shimmers replace skimmers. And yesterday’s US Internet outage explained. Sergio Caltagirone from Dragos on the growing tensions between the US, Russia and Iran and how providers of critical infrastructure can prepare. Tamika Smith interviews Danielle Gaines, a reporter for Maryland Matters, on MD Gov. Hogan’s response to the Baltimore ransomware incident, the creation of the Maryland Cyber Defense Initiative. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_25.html Support our show
Podcast: Down the Security Rabbithole PodcastEpisode: DtSR Episode 276 - Game Changer in ICS (no FUD edition)Pub date: 2017-12-26What: In this episode we get the facts on the recent game-changing malware/attacks that appear to be nation-state sponsored attacking critical safety systems in industrial controls (ICS). Why: You've probably read about it, and depending on what you read you may only have the hype or half the story. Who: As always, Sergio Caltagirone from Dragos is the master at telling a great story, from just the facts. He's part of the team that did the analysis, wrote the narrative, and then ended up on countless phone calls explaining it to executives and national security types. He knows his craft. Links: Dragos blog about the topic: https://dragos.com/blog/trisis/ Fireeye's version: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html We invited him on this special episode to give you the inside story, to separate some of the hyperbole from reality - so listen up. The podcast and artwork embedded on this page are from Rafal Los (Wh1t3Rabbit), which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: Down the Security Rabbithole PodcastEpisode: DtSR Episode 254 - Lowdown and Dirty ICSPub date: 2017-07-25This week Sergio Caltagirone joins James and I to talk about Industrial Controls networks and systems and some of the dangers that go undiscussed. Sergio is a 2nd timer, and we take the opportunity to catch up and discuss one of his favorite topics. Additionally, we talk about a some of the topics that were discussed the week this podcast was recorded, a few weeks ago. Whether you're in Las Vegas for Black Hat Conference 2017 or not, take a listen to this sobering discussion about industrial controls and some of the more clear and present dangers facing us in that sector. Thanks again for joining us, Sergio!The podcast and artwork embedded on this page are from Rafal Los (Wh1t3Rabbit), which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
What: In this episode we get the facts on the recent game-changing malware/attacks that appear to be nation-state sponsored attacking critical safety systems in industrial controls (ICS). Why: You've probably read about it, and depending on what you read you may only have the hype or half the story. Who: As always, Sergio Caltagirone from Dragos is the master at telling a great story, from just the facts. He's part of the team that did the analysis, wrote the narrative, and then ended up on countless phone calls explaining it to executives and national security types. He knows his craft. Links: Dragos blog about the topic: https://dragos.com/blog/trisis/ Fireeye's version: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html We invited him on this special episode to give you the inside story, to separate some of the hyperbole from reality - so listen up.
Sometimes you only need one name. Prince, Madonna, Oprah....and Sergio. This week I'm thrilled to be joined by my good friend Sergio Caltagirone. We talked about the importance of ICS security, control system themed road trips, and the intersection of information security and philosophy. Sergio takes us through his journey from the Department of Defense, Microsoft and at Dragos. We also get the story of how the Diamond model came into existence. Perhaps most importantly, we talk about his work to fight human trafficking and how he is applying data science to this problem at the Global Emancipation Network.
This week Sergio Caltagirone joins James and I to talk about Industrial Controls networks and systems and some of the dangers that go undiscussed. Sergio is a 2nd timer, and we take the opportunity to catch up and discuss one of his favorite topics. Additionally, we talk about a some of the topics that were discussed the week this podcast was recorded, a few weeks ago. Whether you're in Las Vegas for Black Hat Conference 2017 or not, take a listen to this sobering discussion about industrial controls and some of the more clear and present dangers facing us in that sector. Thanks again for joining us, Sergio!