“Sergio is what I envision as the optimal Cyber Leader for facilitating Cyber Security. He is a great instructor of new methodology and implementation of most anything Cyber. He is able to bridge any generational and technical gap when explaining methodology and terminology so nobody felt left behind. Sergio has a great mind for technology and innovation with all the social skills of a professional speaker. He is a true gift to the Cyber world that I had the awesome pleasure of working with.”
Services
Experience & Education
-
Georgia Institute of Technology
View Sergio’s full experience
See their title, tenure and more.
or
Licenses & Certifications
Publications
-
The Diamond Model of Intrusion Analysis
Center for Cyber Intelligence Analysis and Threat Research
The Diamond Model presents a novel concept of intrusion analysis built by analysts, derived from years of experience, asking the simple question, “What is the underlying method to our work?” The model establishes the basic atomic element of any intrusion activity, the event, composed of four core features: adversary, infrastructure, capability, and victim.
These features are edge-connected representing their underlying relationships and arranged in the shape of a diamond, giving the…The Diamond Model presents a novel concept of intrusion analysis built by analysts, derived from years of experience, asking the simple question, “What is the underlying method to our work?” The model establishes the basic atomic element of any intrusion activity, the event, composed of four core features: adversary, infrastructure, capability, and victim.
These features are edge-connected representing their underlying relationships and arranged in the shape of a diamond, giving the model its name: the Diamond Model.
It further defines additional meta-features to support higher-level constructs such as linking events together into activity threads and further coalescing events and threads into activity groups.
These elements, the event, thread, and group all contribute to a foundational and comprehensive model of intrusion activity built around analytic processes. It captures the essential concepts of intrusion analysis and adversary operations while allowing the model flexibility to expand and encompass new ideas and concepts.
The model establishes, for the first time, a formal method applying scientific principles to intrusion analysis – particularly those of measurement, testability, and repeatability – providing a comprehensive method of activity documentation, synthesis, and correlation.
This scientific approach and simplicity produces improvements in analytic effectiveness, efficiency, and accuracy. Ultimately, the model provides opportunities to integrate intelligence in real-time for network defense, automating correlation across events, classifying events with confidence into adversary campaigns, and forecasting adversary operations while planning and gaming mitigation strategies.
Other authors -
-
Design and Implementation of a Multi-use Attack-Defend Computer Security Lab
Proceedings of the 39th Annual Hawaii International Conference on System Sciences
-
Active Response
Master's Thesis in Computer Science. Moscow, ID: University of Idaho, 2005, pp. 183
-
RADICL: A Reconfigurable Attack-Defend Instructional Computing Laboratory
Proceedings of the International Conference on Security and Management
-
The Response Continuum
6th IEEE Information Assurance Workshop, West Point, NY, USA
-
RADICL: Design and Feasibility
University of Idaho, Moscow, ID, Technical Report CSDS-DF-TR-05-29
-
Questions About Active Response
4th Workshop on the Active Response Continuum to Cyber Attacks. George Mason University, Fairfax, VA, USA
-
ADAM: Active Defense Algorithm and Model
Aggressive Network Self Defense; Syngress Publishing pp. 287-311
-
Criminal Law Perspectives of Contemporary Issues in Computer Security
University of Idaho, Moscow, ID, Technical Report CSDS-DF-TR-05-28
-
Evolving Active Defense Strategies
University of Idaho, Moscow, ID, Technical Report CSDS-DF-TR-05-27
-
Active Defense Decision and Escalation Model
20th Annual Computer Security Applications Conference
-
Architecture for a Massively Multiplayer Online Role Playing Game Engine
Journal of Computing Sciences in Colleges, v.18 n.2
Patents
-
Method for Generating and Using Composite Scene Passcodes
Issued US 60/851,695
Courses
-
Advanced Operating Systems
-
-
Computer Security
-
-
Computer and Network Forensics
-
-
Criminal Law
-
-
Criminal Procedure
-
-
Evolutionary Computation
-
-
Human Computer Interaction
-
-
Intrusion Detection
-
-
Network Security
-
-
SANS Advanced Computer Forensic Analysis and Incident Response
FOR508
-
SANS Advanced Penetration Testing, Exploits, and Ethical Hacking
SEC660
-
SANS Intrusion Detection In-Depth
SEC503
-
SANS Network Penetration Testing and Ethical Hacking
SEC560
-
SANS Reverse-Engineering Malware: Malware Analysis Tools and Techniques
FOR610
Honors & Awards
-
Influencer Award
SC Magazine
Over the course of his career, Sergio Caltagirone has worked with some of the leading cybersecurity companies and developed the landmark Diamond Model of Intrusion Analysis that has since influenced cyber threat intelligence analysis and incident response around the world.
The Diamond Model presents a novel concept of intrusion analysis that creates the foundational elements of any intrusion activity and establishes the basis of cyber activity, taxonomies, cyberthreat intelligence…Over the course of his career, Sergio Caltagirone has worked with some of the leading cybersecurity companies and developed the landmark Diamond Model of Intrusion Analysis that has since influenced cyber threat intelligence analysis and incident response around the world.
The Diamond Model presents a novel concept of intrusion analysis that creates the foundational elements of any intrusion activity and establishes the basis of cyber activity, taxonomies, cyberthreat intelligence sharing protocols and knowledge management. Caltagirone's model has been widely touted as the first of its kind that successfully establishes a formal method to apply scientific principles to intrusion detection.
At the start of his career in the federal governments, Caltagirone was recognized as one of the best, if not the best technical strategists for tracking and stopping sophisticated hackers. After developing the Diamond Model for Intrusion Analysis, he created coursework and taught it to young military and government analysts. Eventually, his efforts were expanded and the Diamond Model was incorporated into “cyber-analyst” training taught across the government. It's also taught at public seminars run by the SANS Institute.
After nine years with the federal government, Caltagirone worked at Microsoft where he was a catalyst for cultural change. Through his influence, silos built around teams and individual product data were torn down, systems capable of correlating and analyzing telemetry from arguably the world's largest install base of products were architected. His team also developed a new product based in threat intelligence, Advanced Threat Analytics, which offers affordable protection against advanced attackers.
Today at Dragos Inc., Caltagirone works on the underserved but critical area of industrial control system security developing products that protect critical infrastructure.
https://www.scmagazine.com/influencer--sergio-caltagirone/article/682618/ -
Adjunct Faculty of the Year
National Cryptologic School
Developed the DoD's first cyber threat analysis course and delivered it to over 3000 students worldwide.
Recommendations received
4 people have recommended Sergio
Join now to viewOther similar profiles
Explore more posts
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore More