The most up to date version of this post can be found on my website at: https://sroberts.io/posts/2017-10-27-building-better-security-presentations/

I’m a person who loves a good presentation. I love building them, giving them, and watching them. I’m also a person who knows they take time and effort. Like any creative process what…


Source: FinancialTribune

The most up to date version of this post can be found on my website at: https://sroberts.io/posts/2017-10-27-building-better-security-presentations/

There’s a lot to ICS networks, the systems they run, and the protocols that control them. This is the barest treatment, and I have more to do, but I wanted to share what…


Source: Public Domain Pictures

In the first post of the CRASH OVERRIDE Chronicles I outlined my plan for reviewing Drago’s CRASHOVERRIDE report in order to build an understanding of the ICS threat landscape, key technologies, and ultimately one of the major actors involved. …


I’ve been lucky and had a really wide variety of experiences in information security throughout my career. Government & non-government. Vendor & practitioner. Finance & dotcom. I’ve seen a lot of stuff. It’s to the point that I get even more excited about the stuff I’ve never done. …


Here’s a familiar scenario:

A new threat is being whispered about. Maybe your office has someone with special access of some kind and they’re being a bit more secret squirrely than usual. The mailing lists you’re on are a buzz about a new piece of malware or vendor code name…


A few weeks ago while teaching SANS FOR578 one of my students asked a great question by a student: What books or papers should a new cyber threat intelligence analyst read first? It’s a question I’d meant to answer before so instead of just sending back an email (I mean…


On second thought Medium is a nice platform and tweaking my Jekyll blog often gets in the way of writing. For that reason I’m back!

So using Medium to blog was an experiment. It’s a nice platform, but I miss having the control that comes with Jekyll. So with that I’m moving back.

Please feel free to follow me on blog: sroberts.github.io.


Source: Screenshot

Go into a tech interview, especially one for operations or security, and you’re more than likely going to get an interview question like this:

“What happens when you put a URL in the address bar of a browser and hit enter?”

I’ve been on both ends of this question, asked…


Source: Flickr

Ahh January 4th. It’s that time of year to review 2016 and think about what’s coming in 2017. Let’s start by looking at what I kicked off 2016 with:

Did I get it all done or fail miserably?


Kremlin from the River. Source: Wikipedia.

Here it is. After weeks of wondering if and how the United States Government might respond the United States White House, State Dept, Treasury, and US-CERT have released information on and sanctions against the Russian government’s efforts to influence the United States elections. …

Scott J Roberts

Network Defender, developer, speaker, writer, author of O’Reilly’s Intelligence Driven Incident Response, & SANS instructor. Bad guy catcher.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store