Robert Lee

ICS Threat Intelligence Pioneer

Robert M. Lee is the CEO and Founder of the industrial (ICS/IIoT) cyber security company Dragos, Inc. He is also a non-resident National Cybersecurity Fellow at New America focusing on policy issues relating to the cyber security of critical infrastructure. For his research and focus areas, Robert was named one of Passcode’s Influencers, awarded EnergySec’s Cyber Security Professional of the Year (2015), and inducted into Forbes’ 30 under 30 for Enterprise Technology (2016).

A passionate educator, Robert is the course author of SANS ICS515 – “ICS Active Defense and Incident Response” with its accompanying GIAC certification GRID and the lead-author of SANS FOR578 – “Cyber Threat Intelligence” with its accompanying GIAC GCTI certification.

Robert obtained his start in cyber security in the U.S. Air Force where he served as a Cyber Warfare Operations Officer in the National Security Agency. He has performed defense, intelligence, and attack missions in various government organizations including the establishment of a first-of-its-kind ICS/SCADA cyber threat intelligence and intrusion analysis mission. He was a lead investigator on the cyber attack on the Ukraine power grid in 2015 and he and his firm analyzed the malware known as CRASHOVERRIDE that caused the attack on the Ukraine power grid in 2016.

Some of Rob’s many papers:

ICS Cyber Kill Chain
SANS DUC5 Ukraine 2015

My Sessions

What Threat Detection And Incident Response Is Right For You?

Stage 2

This session will detail four different technical approaches to threat detection and provide actual real world examples that show the pro’s and con’s of each approach. Learn the value in different types of threat detection, what makes each special, whether or not the alerts and indicators are useful, and what the heck analytics actually are. Just […]

Detection & Response