Robert Lee

ICS Threat Intelligence Pioneer

Robert M. Lee is the CEO and Founder of the industrial (ICS/IIoT) cyber security company Dragos, Inc. He is also a non-resident National Cybersecurity Fellow at New America focusing on policy issues relating to the cyber security of critical infrastructure. For his research and focus areas, Robert was named one of Passcode’s Influencers, awarded EnergySec’s Cyber Security Professional of the Year (2015), and inducted into Forbes’ 30 under 30 for Enterprise Technology (2016).

A passionate educator, Robert is the course author of SANS ICS515 – “ICS Active Defense and Incident Response” with its accompanying GIAC certification GRID and the lead-author of SANS FOR578 – “Cyber Threat Intelligence” with its accompanying GIAC GCTI certification.

Robert obtained his start in cyber security in the U.S. Air Force where he served as a Cyber Warfare Operations Officer in the National Security Agency. He has performed defense, intelligence, and attack missions in various government organizations including the establishment of a first-of-its-kind ICS/SCADA cyber threat intelligence and intrusion analysis mission. He was a lead investigator on the cyber attack on the Ukraine power grid in 2015 and he and his firm analyzed the malware known as CRASHOVERRIDE that caused the attack on the Ukraine power grid in 2016.

Some of Rob’s many papers:

ICS Cyber Kill Chain
SANS DUC5 Ukraine 2015

My Sessions

OT Secure Operations Center (SOC) or Enterprise SOC?

Main Stage

Detection and response are two security functions receiving a growing amount of attention and funding. This panel will debate: should asset owners deploy a SOC specialized and dedicated to ICS / OT / IoT or should this be integrated into an enterprise SOC. Dan Scali of Mandiant will take the enterprise SOC position, and Rob […]

Detection & Response Panel / Debate

The Past, The Present & The Future – An Optimists View

Sponsor Stage

Much has been said about the lost decade of ICS cyber security, but there is a lot to appreciate that may be easily overlooked. This presentation takes a light hearted but optimistic view of the past 10 years, the present and the next 10 years of ICS cybersecurity. Anecdotal wisdom will be shared along with […]