William Roberts
PORTRAIT drop assets/portrait.jpg
ID · WR-13 // BIRMINGHAM, AL

BUILD · SECURE · SHIP

William
Roberts

Co-Founder & CTO, Red Whistle / Cybersecurity Engineer

I build safety hardware and the networks that defend it. At Red Whistle I took a panic-button keychain from concept to a complete engineering package — firmware, mesh protocol, app, and a ray-traced product site — in 30 days for about $100. The same hands run NervHQ, a fully segmented SIEM-monitored network I designed end to end.

CORE
STACK

Who I Am

I'm the co-founder and CTO of Red Whistle, a personal-safety hardware + community network startup, and I come from the defense side of the keyboard. My edge is range with rigor: I design the enclosure, write the firmware, define the radio protocol, ship the app, and then monitor the whole thing like a SOC analyst — because I am one. Everything on this page runs in production, on my hardware or my company's.

NOW CTO @ Red Whistle — safety hardware, RWP-1 mesh protocol, EVT prototypes next
EDUCATION B.S. Cybersecurity & Information Assurance — WGU (in progress) · A+ · Net+
FRAMEWORKS MITRE ATT&CK · SOC workflows · DFM & EVT hardware flow

Service Record

Download résumé
2026Present

Co-Founder & Chief Technology Officer

Red Whistle · Birmingham, AL

  • Shipped the complete Gen 3 engineering package in 30 days: industrial design, DFM-ready CAD, and BOM for a 42mm glass-and-aluminum safety keychain.
  • Wrote the embedded firmware (nRF52840, BLE, LoRa) with automated on-boot acceptance tests, and designed RWP-1 — a signed mesh relay protocol that delivers alerts when cell networks fail.
  • Built the companion PWA, the WebGL ray-traced product experience, and the film + brand that launched the waitlist.
  • Own the roadmap through EVT prototypes, FCC Part 15 certification path, and a 1,000-unit Birmingham pilot.
2026Present

Data Support Technician

CSpire · Birmingham, AL

  • Monitored network connectivity, routing devices, and traffic flows to keep service delivery stable and secure.
  • Verified public IP handoffs and analyzed traffic to troubleshoot connectivity and routing issues.
  • Documented, tracked, and resolved network incidents in ServiceNow using structured ticket workflows.
  • Partnered with internal teams to diagnose infrastructure problems and support escalated network requests.
2025Present

Founder & Security Engineer

ScanForge · scanforge.net

  • Built and launched a live cybersecurity SaaS that runs safe, passive, read-only security scans for small businesses.
  • Engineered the scanning engine assessing SPF/DMARC/DKIM email authentication, HTTPS/TLS configuration, and exposed-surface hygiene.
  • Developed the full-stack app in Next.js 14 (App Router), TypeScript, and Tailwind; deployed on Railway with Postgres and Clerk auth.
  • Enforced security-by-design constraints: non-intrusive scanning only, Content Security Policy, and rate-limited endpoints.
  • Drove the product from prototype to production — branding, co-branded reporting, and go-to-market included.
InProgress

B.S. Cybersecurity & Information Assurance

Western Governors University

Coursework aligned to SOC operations, network defense, and information assurance.

What I Run

Hardware & Embedded

nRF52840Embedded CBLE GATT Design LoRa / MeshProtocol DesignOpenSCAD CAD DFM / BOMFirmware Testing

Product Engineering

WebGL / GLSL RaymarchingPWACloudflare Workers & KV Python AutomationBrand & Motion DesignVideo Production

Full-Stack & SaaS

Next.js 14ReactTypeScript Tailwind CSSPostgreSQLClerk Auth Railway / DockerREST APIsSPF / DMARC / DKIM TLS & CSP HardeningRate Limiting

SIEM & Detection

WazuhElastic StackKibana Log CorrelationAlert TriageThreat Hunting MITRE ATT&CKFIM

Firewalls & IDS/IPS

pfSenseSuricataStateful Inspection NATVLAN SegmentationNACiptables

Networking

TCP/IPStatic & Inter-VLAN RoutingDHCP tcpdumpPacket Capturesyslog (RFC 5424)

VPN & DNS Security

WireGuardPiVPNFull-Tunnel Routing Pi-holeUnboundDNSSECC2 Detection

Infrastructure

Proxmox VETrueNAS SCALEDocker ZFSUbuntu ServerDebian / DietPi

Systems & Tools

Windows ServerActive DirectoryGroup Policy ServiceNowLinux CLI / bashNGINX

What I'm Building

FOUNDER BUILD · CTO

RedWhistle

Personal-safety keychain + community-responder network · Birmingham, AL

A 42mm glass-and-aluminum keychain where the logo is the panic button. Double-press pings trusted contacts and nearby opted-in responders with a fixed GPS pin; hold escalates to 911; and when cell networks die, our signed relay protocol RWP-1 passes alerts device-to-device over LoRa. Concept to complete engineering package in 30 days, for about $100 of burn.

  • Gen 3 engineering package: DFM-ready CAD, BOM, nRF52840 + LoRa
  • Firmware with automated acceptance tests + companion PWA
  • RWP-1 signed mesh relay protocol — provisional patent in progress
  • Product page ray-traces the actual CAD live in WebGL — no photos
SF

ScanForge — Co-Founder

Security-scanning SaaS built with the same two-man team. Production Next.js app on Railway with Postgres and Clerk auth, an automated scanner engine, and co-branded security reports for local businesses. The proving ground where Owen and I learned to ship together.

Visit ScanForge.net

RW

RWP-1 Protocol — R&D

Signed store-and-forward LoRa relay for life-safety alerts: per-hop verifiable authenticity, privacy-preserving routing tokens, alert-storm congestion control, and coin-cell power budgets. The research core of an NSF SBIR Project Pitch.

NervHQ

FEATURED BUILD

NervHQ

Enterprise-grade home network & security infrastructure

A multi-host homelab that simulates enterprise network architecture with layered security controls: VLAN segmentation, centralized SIEM monitoring, IDS/IPS enforcement at the perimeter, and encrypted remote access. It's my proving ground — every alert, tuning decision, and incident writeup on my resume originates here on the 10.6.7.0/24 network.

  • Centralized Wazuh SIEM (v4.7.5) + Elastic Stack across all hosts
  • pfSense perimeter with Suricata IDS/IPS & VLAN isolation
  • Pi-hole + Unbound DNS sinkhole with DNSSEC validation
  • WireGuard full-tunnel VPN via PiVPN for remote access

Network Topology

Data path Log / telemetry → SIEM
INTERNET WAN / ISP pfSense FIREWALL Suricata IDS/IPS · NAT stateful inspection WireGuard VPN PiVPN · full-tunnel remote peers CORE SWITCH VLAN segmentation 10.6.7.0/24 · inter-VLAN routing DNS SECURITY Pi-hole v6 · Unbound DNSSEC · sinkhole PROXMOX VE VMs · containers Docker Compose TrueNAS SCALE ZFS storage media & app stack WAZUH SIEM Elastic Stack log correlation MITRE ATT&CK mapping ◂ all hosts forward syslog
01

Perimeter — pfSense + Suricata

All WAN traffic terminates at a pfSense firewall enforcing stateful inspection, custom rule sets, and NAT policies. Suricata runs inline as an IDS/IPS, doing signature-based detection and auto-alerting on malicious traffic before it reaches internal segments.

02

Segmentation — VLANs & Routing

A segmented core carves the 10.6.7.0/24 network into isolated VLANs with interface-level ACLs and inter-VLAN routing policies. Security boundaries are explicit — each segment only talks to what it's allowed to.

03

DNS Defense — Pi-hole + Unbound

Pi-hole v6 acts as a network-wide DNS sinkhole for malware-domain filtering and full query logging, while Unbound provides DNSSEC-validated recursive resolution. Query logs are mined for anomalies and potential C2 callbacks.

04

Compute — Proxmox & TrueNAS

Proxmox VE hosts the VMs and Docker workloads; TrueNAS SCALE handles ZFS storage and the media/app stack. Both forward syslog to the SIEM and run Wazuh agents for endpoint visibility and file integrity monitoring.

05

Remote Access — WireGuard

Encrypted remote access rides a WireGuard tunnel deployed via PiVPN with full-tunnel routing, persistent keepalive, and preshared-key auth. pfSense static routes and firewall rules handle VPN return traffic under policy.

06

Visibility — Wazuh SIEM

Every host forwards logs to a central Wazuh SIEM on the Elastic Stack. Firewall, auth, and system events are correlated, mapped to MITRE ATT&CK tactics, and triaged — with detection rules tuned continuously to cut false positives and sharpen signal.

Build Log

  1. SHIPPED

    Red Whistle Gen 3 engineering package

    Industrial design, DFM CAD, BOM, firmware with acceptance tests, companion app, and the RWP-1 relay protocol — 30 days, ~$100.

  2. LIVE

    joinredwhistle.com + the 60-second film

    Ray-traced product experience, waitlist, and a published launch film scored and edited in-house.

  3. NEXT

    Red Whistle EVT prototypes & Birmingham pilot

    First physical builds, FCC pre-scan groundwork, provisional patent filing, and a 1,000-unit pilot in our home city.

  4. DEPLOYED

    NervHQ — network design & VLAN segmentation

    Carved the 10.6.7.0/24 network into isolated segments with inter-VLAN routing and interface ACLs.

  5. DEPLOYED

    pfSense + Suricata perimeter

    Stateful firewall, NAT policies, and inline IDS/IPS with signature-based detection and firewall log forwarding.

  6. LIVE

    Wazuh SIEM & MITRE mapping

    Centralized log aggregation on Elastic Stack; alerts correlated and mapped to ATT&CK tactics, rules tuned for signal.

  7. LIVE

    DNS security & encrypted access

    Pi-hole + Unbound sinkhole with DNSSEC, and WireGuard full-tunnel remote access via PiVPN.

  8. NEXT

    Automated response (SOAR)

    Active-response playbooks and Suricata-triggered blocking to move from detection toward containment.

  9. PLANNED

    Detection-as-code & dashboards

    Version-controlled detection rules and purpose-built Kibana dashboards for triage and threat-hunting.