Hi I’m Scott 👋

Network Defender, developer, speaker, writer, author of O’Reilly’s Intelligence Driven Incident Response, & SANS instructor. Bad guy catcher.

The Difficulty of Saying Nothing

Like everyone else I’ve been following the tragic war in Ukraine and mourning the loss of life and humanitarian crisis. Professionally as an analyst in the threat intelligence and computer network defense world I’ve been considering what this war and spillover means for defending networks, especially as organizations like CISA keep putting out bulletins regarding threats of Russian nexus adversaries. In situations with this level of uncertainty it’s entirely natural that our intelligence customers, whether that’s the most junior SOC analyst or executive like the CISO, keep asking what it means, what we can do, where the threats are, etc....

March 21, 2022 · 5 min · Scott J Roberts

Getting Started with Synapse

If you care about intelligence analysis and management tools (and I presume you do) you’ve hopefully heard about the Vertex Project’s Synapse intelligence… thing. Synapse starts as a little abstract, but once you understand you’ll see it’s a powerful intelligence workbench and data fusion system. I’m here to say it’s actually far easier than you think, worth the time you’ll put in, and ultimately you’ll find yourself doing far more accurate, fast, and comprehensive analysis....

November 2, 2021 · 13 min · Scott J Roberts

Burnt TIPs

Special Thanks to Ryan Kovar for the photo & delicious dinner. This is going to be one of those highly metaphor-driven posts I’ve done before (like using Hamilton in Waiting vs Passivity in DFIR). Bail out now or prepare to discuss where threat intel and American BBQ run into each other! What you call something matters in sharing it with others and framing intelligence programs. And lunch orders…...

July 31, 2021 · 7 min · Scott J Roberts

Blogging Again in 2021

I’m back! That means getting things back in order. When I was last writing actively I was using Medium… which was pretty miserable. Medium was great for ease of use with a decent writing interface and app as well as excellent reader acquisition. Unfortunately the upsides had worse downsides. Formatting was limited (no tables?!) and everything was like when I used Jekyll but sort of weird. Then came the lock-in/paywalls and general lack of openness....

June 20, 2021 · 4 min · Scott J Roberts

zsh for Rational Mortals

As someone who’s spent years having to replace bash with zsh in every system I don’t understand this question. I’m a big zsh fan, check out zplug to do some awesome stuff really easily. — Scott J Roberts (@sroberts) June 4, 2019 This post, my first in quite awhile, is inspired by my good friend Phil. I understand these sorts of changes, and why they give people pause, but I see this as a big step forward....

June 5, 2019 · 5 min · Scott J Roberts