Senior CTI Analyst at Major US Retailer
Scott Small is an expert in open source research, investigations, and analysis. Scott’s recent roles focused on advising clients on technical and strategic applications of intelligence, and using technology to help identify and mitigate supply chain and cyber risk. Scott has published multiple projects that aggregate and streamline publicly accessible intelligence/security resources. He believes strongly in the power of open source for upskilling and strengthening our collective security. His favorite ATT&CK technique is T1027.
Control Validation Compass ("CVC") is the hub for publicly accessible, operational cybersecurity resources. CVC unites a broad set of technical controls, offensive security tests, and governance resources around a common language for adversary behavior (MITRE ATT&CK). CVC allows intelligence analysts, defenders, and red teamers to instantly surface relevant detection rules, scripts, and policy controls across more than 30 repositories, reducing time and effort to strengthen, validate, and measure security posture.