Robert M. Lee
FellowCEO at Dragos, Inc
Specialities
Industrial Control Systems Security, Digital Forensics and Incident Response
SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504Offensive Operations
ICS515: ICS Visibility, Detection, and Response
ICS515Industrial Control Systems Security
- GIAC Response and Industrial Defense (GRID)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 25 Hours of hands-on instruction
FOR578: Cyber Threat Intelligence
FOR578Digital Forensics and Incident Response
- GIAC Cyber Threat Intelligence (GCTI)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 20 Hours of hands-on instruction
ICS310: ICS Cybersecurity Foundations
ICS310Industrial Control Systems Security
- 6 CPEs / 6 Hours (Self-Paced)
- Labs: 3 Hours of hands-on instruction
Virtual Events
Explore content featuring this instructor’s insights and expertise.
- Slide 1 of 12
2021 ICS/OT Year in Review Executive Briefing
The ICS/OT community has long suffered from a lack of insight into cyber threats, vulnerabilities, and incident response observations. The annual Dragos ICS/OT Year in Review reports on how the community is performing and surfaces areas of improvement needed to provide safe and reliable operations.
WebinarCyber Defense
- 1 Mar 2022
- 15:30 UTC
- Robert M. Lee
- Slide 2 of 12
The 5 Critical Controls for ICS/OT Cybersecurity
SANS authors and instructors Robert M. Lee and Tim Conway have been working with the community to analyze all the known ICS cyber attacks for the purpose of creating the most important cybersecurity controls for organizations to implement.
WebinarCyber Defense
- 31 Oct 2022
- 13:00 UTC
- Tim Conway & Robert M. Lee
- Slide 3 of 12
2022 ICS/OT Cybersecurity Year in Review Executive Briefing
The ICS/OT community has long suffered from a lack of insight into cyber threats, vulnerabilities, and incident response observations. The annual Dragos ICS/OT Cybersecurity Year in Review provides a comprehensive look at the events that shaped the ICS/OT community and the current threat landscape. It also reports on how the community is performing, and surfaces areas of improvement needed to provide safe and reliable operations.
WebinarDigital Forensics and Incident Response
- 23 Feb 2023
- 13:00 UTC
- Robert M. Lee & Ben Miller
- Slide 4 of 12
SANS Cyber Defense Initiative 2023: SANS@Night- The Industrial (ICS/OT) Cyber Threat Landscape
This talk will give an introduction to ICS/OT followed by an in depth discussion on the changes that are taking place in the industrial world such as digital transformation as a precursor to an in-depth discussion on the threats. The talk will cover new adversary groups targeting industrial networks, the trends to watch, and make recommendations with a walkthrough of the SANS ICS five critical controls.This talk is accessible to everyone of any background.
WebinarCyber Defense
- 14 Dec 2023
- 19:15 UTC
- Robert M. Lee
- Slide 5 of 12
2023 OT Cybersecurity Year in Review Executive Briefing
The Dragos OT Cybersecurity Year in Review is a mainstay for ICS asset owners and defenders to stay abreast of cyber threats, vulnerabilities, and frontline observations from the previous year. Covering the key OT cybersecurity events that shaped the threat landscape for industrial sectors, how the ICS community is performing, areas of improvement for safe and reliable operations.Join Dragos CEO and SANS Fellow Robert M. Lee for a look at the most important OT cybersecurity events and lessons learned in 2023. This webinar features exclusive data-driven analysis and recommendations on:
WebinarCyber Defense- 23 Feb 2024
- 10:30 UTC
- Robert M. Lee
- Slide 6 of 12
The Business Risks of Ignoring ICS Security
In an era where cybersecurity threats are escalating, the oversight of Industrial Control Systems (ICS) is more critical than ever. Join us for an exclusive panel discussion with SANS instructors Robert M. Lee, Tim Conway, Dean Parsons, and Jason Christopher, as they address cybersecurity leaders on the imperative of securing ICS.
WebinarIndustrial Control Systems Security
- 3 Sep 2024
- 13:00 UTC
- Robert M. Lee, Tim Conway & Dean Parsons
- Slide 7 of 12
Take the First Step in ICS/OT Security with ICS310
Discover how the new ICS310: ICS Cybersecurity Foundations course is transforming the way professionals enter the critical field of ICS/OT cybersecurity. The world relies on critical infrastructure for all aspects of daily life, and sectors across the board have integrated Industrial Control Systems (ICS) and Operational Technology (OT) into their key operations. This evolution has created a pressing need for a uniquely skilled, diverse workforce equipped with expertise in engineering, operations, IT/OT, and cybersecurity.
WebinarIndustrial Control Systems Security- 24 Jan 2025
- 15:00 UTC
- Robert M. Lee, Tim Conway & Jeffrey Shearer
- Slide 8 of 12
The New SANS ICS/OT Practice Area: Town Hall and Q/A
SANS is excited to launch the SANS ICS/OT Practice Area under the leadership of SANS Fellow Robert M. Lee. Building on the vision of the late Michael Assante, this initiative is designed to enhance engagement with the cybersecurity community by tailoring course accessibility, content development, and strategic outreach to better serve the ICS/OT community.
WebinarIndustrial Control Systems Security
- 18 Feb 2025
- 11:00 UTC
- Robert M. Lee
- Slide 9 of 12
OT Ransomware on the Rise – How to Protect Your Operations and Business
OT ransomware is a growing threat to any organization that relies on ICS/OT to power its operations. Whether securing critical infrastructure or ensuring the continuity of manufacturing, pharmaceuticals, food and beverage production, or other industrial processes, protecting these environments is essential.
WebinarIndustrial Control Systems Security- 16 May 2025
- 09:00 UTC
- Tim Conway, Robert M. Lee & Lesley Carhart
- Slide 10 of 12
SANS Security Awareness: Managing Human Risk 2024
teaser
WebinarArtificial Intelligence
- 25 May 2025
- 12:30 EDT
- Mr. Harry James Smith Jr., FirstName LastNamé, Robert M. Lee + 1 more
- Slide 11 of 12
NERC CIP-015: Monitoring Deep Inside Critical Networks to Keep Adversaries Outside
As cyber threats become increasingly advanced and persistent, traditional perimeter-based defenses are no longer sufficient to protect critical infrastructure.
WebinarIndustrial Control Systems Security- 19 Aug 2025
- 13:00 UTC
- Tim Conway & Robert M. Lee
- Slide 12 of 12
Fall Cyber Solutions Fest 2025: Cloud Identity and Access Management Track
This focused track explores the ever-evolving world of Cloud IAM, diving into modern strategies, common missteps, and emerging tools designed to help organizations reclaim control over sprawling identities and creeping permissions.
WebinarCloud Security
- 5 Nov 2025
- 08:00 EST
- Aaron Sparling, Rob Lee, Robert M. Lee + 2 more