Hi I’m Scott 👋

Network Defender, developer, speaker, writer, author of O’Reilly’s Intelligence Driven Incident Response, & SANS instructor. Bad guy catcher.

Burnt TIPs

Special Thanks to Ryan Kovar for the photo & delicious dinner. This is going to be one of those highly metaphor-driven posts I’ve done before (like using Hamilton in Waiting vs Passivity in DFIR). Bail out now or prepare to discuss where threat intel and American BBQ run into each other! What you call something matters in sharing it with others and framing intelligence programs. And lunch orders…...

July 31, 2021 · 7 min · Scott J Roberts

Blogging Again in 2021

I’m back! That means getting things back in order. When I was last writing actively I was using Medium… which was pretty miserable. Medium was great for ease of use with a decent writing interface and app as well as excellent reader acquisition. Unfortunately the upsides had worse downsides. Formatting was limited (no tables?!) and everything was like when I used Jekyll but sort of weird. Then came the lock-in/paywalls and general lack of openness....

June 20, 2021 · 4 min · Scott J Roberts

zsh for Rational Mortals

As someone who’s spent years having to replace bash with zsh in every system I don’t understand this question. I’m a big zsh fan, check out zplug to do some awesome stuff really easily. — Scott J Roberts (@sroberts) June 4, 2019 This post, my first in quite awhile, is inspired by my good friend Phil. I understand these sorts of changes, and why they give people pause, but I see this as a big step forward....

June 5, 2019 · 5 min · Scott J Roberts

Building Better Security Presentations

I’m a person who loves a good presentation. I love building them, giving them, and watching them. I’m also a person who knows they take time and effort. Like any creative process what that time and effort looks like is different for everyone. Here is my process: Write The Abstract Now I’m very aware step one should of course be doing all the research and then building the presentation, but that never happens....

October 27, 2017 · 24 min · Scott J Roberts

Crash Override Chronicles: Victim

Victim Sites & Technology So all of those things were term or bits about generalized grid operations. What about the actual victim in this case. What was the equipment affected? Where was it? Ukrenergo According to Reuters: Kovalchuk said the outage amounted to 200 megawatts of capacity, equivalent to about a fifth of the capital’s energy consumption at night. There’s an interesting piece of data. 1/5 night capacity means one gigawatt (1000 megawatts) of total consumption at night....

August 31, 2017 · 2 min · Scott J Roberts