Rob T. Lee | Source | Chief of Research and Head of Faculty at SANS Institute
Rob T. Lee
Rob Lee is the Chief of Research and Head of Faculty at SANS Institute and runs his own consulting business specializing in information security, incident response, threat hunting, and digital forensics. With more than 20 years of experience in digital forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response, he is known as “The Godfather of DFIR”. Rob co-authored the book Know Your Enemy, 2nd Edition, and is course co-author of FOR500: Windows Forensic Analysis and FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics.
Rob graduated from the U.S. Air Force Academy and served as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on information operations. Later, he was a member of the Air Force Office of Special Investigations (AFOSI) where he led a team conducting computer crime investigations, incident response, and computer forensics.
Prior to starting his own firm, he worked directly with a variety of government agencies, U.S. Department of Defense, and intelligence communities as the technical lead for a vulnerability discovery and an exploit development team, lead for a cyber forensics branch, and lead for a digital forensic and security software development team. Rob was also a director for MANDIANT, a company focused on investigating advanced adversaries, such as the APT, for five years prior to starting his own business.
Throughout his career, Rob has worked on both Offensive and Defensive Cyber Operations supporting multiple organizations and agencies in and out of uniform. He co-authored the book Know Your Enemy, 2nd Edition and was recently inducted into the Forensic 4Cast Hall of Fame. Rob is also a co-author of the MANDIANT threat intelligence report M-Trends: The Advanced Persistent Threat.
Rob earned his MBA from Georgetown University in Washington DC and currently lives in the Denver, CO area where he helps lead the SANS Institute as the Chief, Curriculum Director, and Head of Faculty. Rob is also a faculty member of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense and multiple winner of the National Cyber League competition.
-
SANS Institute
Chief of Research and Head of Faculty
-
Supply Chain Risk Mitigation Must Be a Priority in 2025
A balance of rigorous supplier validation, purposeful data exposure, and meticulous preparation is key to managing and mitigating risk.
Article -
The hidden dangers of a toxic cybersecurity workplace - Help Net Security
A toxic cybersecurity environment breeds distrust, poor communication, micromanagement, and blame, undermining teamwork and efficiency.
Article
-
Real ID: A Step Forward, But More Security Upgrades Needed
Rob emphasizes that while Real ID strengthens identity verification, it’s just the beginning. He notes, “Real ID is the floor, not the ceiling.” Advanced identity systems, including biometrics and real-time fraud detection, are needed to keep pace with evolving threats. Real ID reduces forged credential risks but must be part of a broader, adaptive security strategy. -
23andMe Bankruptcy Sparks Concerns Over Genomic Data Privacy
Rob warns that the "challenge with 23andMe is particularly troubling" due to the sensitive genomic data involved. He questions how data will be handled during a sale, noting that "most organizations think they have systems to clean and restore laptops," but these processes are often flawed, risking privacy breaches.