United States Response to Grizzly Steppe

Kremlin from the River. Source: Wikipedia. Here it is. After weeks of wondering if and how the United States Government might respond the United States White House, State Dept, Treasury, and US-CERT have released information on and sanctions against the Russian government’s efforts to influence the United States elections. I offer all this without too much analysis given I’ve just seen it myself and expect it will take a long time to digest....

December 29, 2016 · 4 min · Scott J Roberts

ACH Analysis of a Trump Campaign Compromise

ASIDE: This post gets political. People may agree or disagree based on their own experience or personal belief. I accept that. I’m attempting to use evidence and analytical rigor to reach my conclusions while averting my own bias. If you think I missed the mark on those aspects (evidence or rigor) feel free to reach out to me. If you just disagree with my conclusions then I’d love to see a blog post exploring your own evidence and process....

December 12, 2016 · 10 min · Scott J Roberts

Waiting vs Passivity in DFIR

From the New York Times: “Review: ‘Hamilton,’ Young Rebels Changing History and Theater” Give it a second, I’ll explain the Hamilton reference to DFIR, but for now let me share one of my favorite songs. Aaron Burr thinks Alexander Hamilton is a brash aggressive brute and believes Hamilton thinks him slow and unwilling to make a decision. Burr then sings this song to explain his true goals: Wait for It by the cast of Hamilton....

December 10, 2016 · 3 min · Scott J Roberts

Python for CND

One thing I constantly harp on while talking to people beginning in the security community is the importance of learning to code. I think it is awful that we have so many security professionals cannot write a line of code. It’s useful for automating common tasks, gathering & manipulating data, almost anything you can imagine. I think everyone should learn some coding and Python is the best place to start....

November 30, 2016 · 6 min · Scott J Roberts

Intelligence Collection Priorities

One of the hardest things when starting a threat intelligence program is deciding where to start collection. This begins with an initial set of requirements and evolves from there. Everyone will give you a different opinion and insist on a different approach probably biased by their favorite collection sources. As for me I think the best approach is to start with the small things, the easy things, and build up from there....

November 23, 2016 · 5 min · Scott J Roberts