Sherrod DeGrippo’s father is a “super nerd,” a label she also adopted at a young age. Growing up, DeGrippo—now the director of threat intelligence strategy at Microsoft—learned the ins and outs of computers and technology, including how to install phone jacks so she could have her own line. Her passion for communication is what led her into IT and security.
“I love to talk,” she told IT Brew in an interview at the Microsoft Experience Center in New York City. “How do we communicate? We communicate over the wire.”
“My attraction to networking protocols is about communication, understanding communication, facilitating communication, and stopping threat actors from abusing those protocols.”
DeGrippo believes security professionals should have a “deep mastery of networking capabilities” to be effective. IT Brew caught up with DeGrippo to chat about threat intel, AI, and being a woman in security.
What can you tell us about your role?
“My responsibility is to understand what’s happening with the threat landscape, understand the threat intelligence that we have or that we need, and then leverage that threat intelligence in as many directions as we can.”
DeGrippo says she and her team work with “a variety of partners in the enterprise, government, nonprofit, and the security community to make sure they have what they need,” which includes info related to code, patches, software, and threat intelligence.
What advice do you have for women wanting to get into IT and threat intelligence?
“Learn networking protocols, TCP/IP, DNS, SMTP, HTTP,” she said. “That is the number one thing that anyone trying to get into cybersecurity should be doing.”
How does Copilot for Security work?
“My primary focus is working with the teams that create the threat intelligence that populates Copilot [for Security]. So, we are taking the massive body of Microsoft Threat Intelligence coming back years and years—and years; correlating, normalizing, and aggregating that and hand-curating it. I think that’s something that’s so unique about Copilot for Security is that Microsoft Threat Intelligence analysts and, in theory, everything that the LLM trains on—it has to be rigorously verified.”
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
DeGrippo says Copilot for Security—not to be confused with Microsoft’s Copilot Designer—must “adhere to responsible AI principles.” Copilot Designer recently made headlines after Shane Jones, an AI engineer at the company, noticed the AI image generator had depicted violent and sexual images, CNBC reported in early March.
Do you have a separate team that also ensures that the algorithms are working properly on the security side for Copilot for Security?
“We do—and not only do they make sure the algorithms are as they should be from the algorithm perspective—they then go and interact with the LLM to see if we’re able to break it. And they’ve published papers; they published tools and maps that people can download to use on their own AI systems to see if they’re potentially vulnerable.”
What trends are you seeing?
“My personal focus is generally on crime—that’s something that I find the most interesting,” she said. Octo Tempest, also known as Scattered Spider, she explained, engages in a lot of sim-swapping schemes. The threat actor is known to launch social engineering campaigns to “compromise organizations across the globe with the goal of financial extortion,” Microsoft also reported in a blog last October.
“That’s a TTP in particular—sim swapping—that I find really fascinating from a technical perspective because it’s so complicated.”