Two Days Left to Get a Free GIAC Certification Attempt or Take $350 Off with OnDemand or vLive Training!

San Francisco Winter 2017

San Francisco, CA | Mon, Nov 27, 2017 - Sat, Dec 2, 2017
This event is over,
but there are more training opportunities.

Scott Roberts

Scott Roberts has always had an unquenchable curiosity to understand how things work. As a child, he tore apart electronics and mechanical bits to find answers. As he grew older, spy novels by Tom Clancy and John Le Carré fed his investigative mindset.

Today, Scott gets to live those stories in real life through his work as an incident responder, manager, and developer at GitHub, the world's code collaborative development platform.  As a specialist in incident response, intrusion detection, and cyber threat intelligence operations, Scott often works on high-profile projects that routinely show up on the news.

Throughout his career, Scott has worked on major investigations involving criminal fraud and abuse and nation-state espionage with Symantec, Mandiant, and other organizations. 

At SANS, Scott took on the SANS 504: Hacker Tools, Techniques, Exploits & Incident Handling course from SANS Fellow Ed Skodius and was inspired to learn everything he could.

"I saw Ed's passion and depth of knowledge and wanted to do the same thing," says Scott. Teaching that course prompted Scott to further pursue teaching and to work to inspire his students as much as Ed had inspired him.

Now, as an instructor for FOR578: Cyber Threat Intelligence, Scott aims to ignite "rabid curiosity," something he sees as essential to success in this field, and encourage students to tap into their own desire to understand and beat the adversary. Key to Scott's success in teaching FOR578 is adapting to each student?s needs, a perspective he's gained through a wide variety and depth of experiences in Cyber Threat Intelligence (CTI) and Digital Forensics & Incident Response (DFIR).

"I think the toughest thing about FOR578 is the breadth of the course, the topic, and the variety of ways students will use what they learn depending on their organization," he says.  Although CTI threats may seem daunting, Scott works to instill confidence in his students that it can be accomplished with hard work, the right training, and passion for their work.

Scott is a sought-after speaker, having presented on threat intelligence and incident response for SANS, various Silicon Valley firms, and at BSides events. He is an author of O'Reilly's upcoming book, Intelligence Driven Incident Response, and serves as a member of the SANS CTI Summit and New York University Poly Cyber Security Awareness Week advisory boards.

Scott is a subject-matter expert on network security monitoring, incident response, and threat intelligence. He specializes in network security, Unix client and server security, Windows client security, active directory, group policy, vulnerability assessment, and network, host and wireless auditing.

When he's not cyber-sleuthing for GitHub and teaching at SANS, Scott spends a lot of time working on projects involving CTI and DFIR, blogging, planning conferences, speaking, working on books, and writing CTI software, one of his biggest passions.

In his down time, Scott enjoys riding road bikes, playing board games, cooking, learning about wine, and sampling whiskey.

Qualifications Summary

Publications and Papers

  • Author of O'Reilly's upcoming Intelligence Driven Incident Response


  • Member of the SANS CTI Summit advisory board
  • Member of the NYU Poly Cyber Security Awareness Week advisory board


  • ArcSight Certified Security Analyst
  • DoD NSTISSI No. 4011
  • GIAC Certified Incident Handler

Get to Know Scott Roberts

Scott Roberts Will Be Teaching the Following Course:

San Francisco Winter 2017 Instructors