Active Response

Always A Bad Day For Adversaries

Leaving Microsoft After 3 Years

After over three years I’ve left Microsoft to pursue two amazing opportunities.

Some Words About Microsoft

Sergio on Microsoft campus in Summer 2016

When I started at Microsoft my mother said to me, “Microsoft?!  I thought you hated them.”  She was right – pre-2003 Microsoft didn’t have their security act together and it frustrated me forming a poor opinion of the company.  However, not only has that changed but they are one of the most advanced and important companies in the security space.  Many people still talk down about Microsoft security, but I can tell you – that crew contains some of the smartest and hardest working security professionals I know – and become just as frustrated when things don’t go perfectly.

When considering joining in the first place a good friend, John Lambert, sold me easily on Microsoft – “Microsoft controls the physics.”  Controlling the physics means that for a large part of the world’s computers, adversaries only operate within the parameters of Microsoft products and services. Microsoft can and does make it harder for adversaries to operate at a global level.  Very few other companies can. This is powerful.  As a security professional within Microsoft, you can influence the security of billions of customers.

I’ve come away from Microsoft learning how to ship product, met hundreds of C-suite executives and learned their perspectives and challenges, learned approaches for security analytics in REALLY BIG DATA, and made the internet just a little safer for billions.  I cannot recommend the company enough for security professionals.  They have big-company challenges, but their family-friendly and mission-focused culture is unique.  You can do big things and also enjoy a life outside of work.

Why I left – Where I’m Going

I’m driven by simple motivation: do as much good as possible.  Obviously, at Microsoft, I affected the security of billions.  But, other problems abound.  Currently, I see two major threats to humanity requiring my attention: threats to critical infrastructure and threats to human life from human trafficking. I’m now working part-time on both problems.

Global Emancipation Network

In March 2016 I began serving as Technical Director for the non-governmental organization (NGO) non-profit Global Emancipation Network.  Human trafficking is a massive human rights issue.  At least 20 million and as many as 50 million are enslaved globally but only 77,000 rescued per year.  This devastating gap that must close.  But, there is an opportunity.   Like any other business, human traffickers use the internet to increase their effectiveness and efficiency – as well as a vulnerability we can leverage against them.

The NGO collects global data on human trafficking on the internet and leveraging analytics and big-data approaches enable intelligence and operations to stop traffickers and rescue victims.  Interestingly, combating traffickers on the internet and hunting hackers are very similar and we’re using many of the same techniques in both domains.  I’m excited to have the opportunity to spend more time on this problem and save millions of lives.


Sergio next to Dragos ICS equipment

My second, equally amazing, opportunity began on 1 January 2017.  I joined Dragos, Inc. as Director of Threat Intelligence and Analytics.  Dragos develops solutions to secure industrial control systems.  A heavily underserved but massively important domain.  Industrial control systems underpin all of the networks and systems running the most critical functions such as power, water, and sewer, not to mention the many hundreds of important domains such as pharmaceutical manufacturing.  These networks and systems enable civil society and are usually classed as life/safety critical systems.  When they fail, people die, services cease, chaos abounds.

I’m proud to join Dragos working to safeguard civilization.  I’m hunting threats targeting and affecting critical infrastructure while delivering the intelligence necessary to enable good decision making.  I’ll work to cut through the FUD surrounding critical infrastructure threats and empower the ICS operator and security community with fact-based knowledge and perspective.


Enabling Skype Two Factor Authentication


Comments on US-CERT Grizzly Steppe Enhanced Analysis Report


  1. Jeremiah J Osburn

    Congratulations Serg, leaving a company and job you love is tough, but doing something new, exciting, and to make the world a better place is always encouraging.

  2. Mark McIntyre

    I’ll miss working with you, Sergio, but you’ll at least still be doing important work, especially to combat human trafficking. I was fortunate to run the Child Exploitation Tracking System initiative for a year, and it was an incredible experience.

  3. Juan Romero

    Thanks for sharing Sergio, and congratulations! I’ll be in touch a bit more formally later. Best of luck to you and your new endeavors.

Leave a Reply

Powered by WordPress & Theme by Anders Norén

%d bloggers like this: