Microsoft’s head of threat intelligence leaves to join Dragos

Sergio Caltagirone joins former NSA colleagues to tackle industrial cybersecurity.

Sergio Caltagirone, Microsoft’s head of threat intelligence analysis, announced Tuesday he had left the tech giant to join Dragos, an industrial control center cybersecurity company started in 2013 by former NSA officers.

During an eight year stint in intelligence, Caltagirone hunted and analyzed advanced attacks on critical infrastructure and wrote threat intel reports for the president.

Sergio Caltagirone (via LinkedIn)

Sergio Caltagirone (via LinkedIn)

While he got his masters in computer science at the University of Idaho, Caltagirone worked under and with Deb Frincke, now the director of research at the NSA — the first woman to hold the position. The pair published research on active responses against attackers.


Dragos’s investors, who put $1.2 million into the company in August 2016, share the same background. DataTribe, headed by NSA, Navy and CIA alumnus, is a Maryland venture capital firm whose entire business is helping engineers from U.S. intelligence and government move to the private sector. They’ve been investing in a range of companies led by intelligence veterans, a business opportunity that’s only growing as low morale and greener pastures drive out some of American intel’s most talented toward a private sector with plainly fatter pockets.

The industrial cybersecurity market in particular is rich and getting richer. Growth is expected to hit $11 billion by 2019 at least, with some observers seeing a considerably higher ceiling.

This hiring is, in some ways, just getting the old Fort Meade band back together. Caltagirone worked closely with Dragos CEO Robert Lee and CTO Jon Lavender during their time working on ICS cybersecurity in intelligence and the Defense Department. Lee and Lavender worked in government on security projects that Caltagirone began and Lee describes Caltagirone as a mentor.

Dragos is a Maryland-based firm founded in 2013 with 11 full-time employees. The company’s flagship product, CyberLens, sported 18 corporate customers last year across industries including pharmaceutical, electric, oil, gas, manufacturing and nuclear. By the start of 2017, the customer list is up: CyberLens now has 25 customers and a new platform currently being tested has with 6 clients in beta, according to Lee.

Caltagirone may be most notable for coming up with the diamond model of intrusion analysis which was unclassified several years ago and has since been adopted across the cybersecurity industry.


“If you look at any cybersecurity company today that does threat intelligence, all of them use the diamond model that he created,” Lee told CyberScoop. “It’s the way you do analysis of campaign groups. He’s a steal.”

In addition to his time at Dragos, Caltagirone will also be the technical director at the Global Emancipation Network, a nonprofit that collects and analyzes data on human trafficking to aid law enforcement around the world.

Patrick Howell O'Neill

Written by Patrick Howell O'Neill

Patrick Howell O’Neill is a cybersecurity reporter for CyberScoop based in San Francisco.

Latest Podcasts