Robert M. Lee
- Courses1
- Reviews1
- School: Utica College
- Campus:
- Department: Computer Science
- Email address: Join to see
- Phone: Join to see
-
Location:
1600 Burrstone Rd
Utica, NY - 13502 - Dates at Utica College: December 2016 - December 2016
- Office Hours: Join to see
Biography
Utica College - Computer Science
Founder and CEO, Dragos, Inc.
Defense & Space
Robert M.
Lee
Gambrills, Maryland
Robert M. Lee is the founder and CEO at Dragos Inc. where he and his team develop solutions for some of the industrial control system (ICS) community's hardest cyber security challenges. He is also a non-resident National Cybersecurity Fellow at New America focusing on policy issues relating to the cyber security of critical infrastructure. For his research and focus areas, Robert was named one of Passcode’s Influencers, awarded EnergySec's 2015 Cyber Security Professional of the Year, and named one of Forbes' 30 under 30 in Enterprise Technology in 2016.
A passionate educator, Robert is the course author of SANS ICS515 – “Active Defense and Incident Response”, the co-author of SANS FOR578 – “Cyber Threat Intelligence” and an Adjunct Lecturer at Utica College for the M.S. Cyber Operations specialization.
Robert obtained his start in cyber security in the U.S. Air Force where he served as a Cyber Warfare Operations Officer. He has performed defense, intelligence, and attack missions in various government organizations including the establishment of a first-of-its-kind ICS/SCADA cyber threat intelligence and intrusion analysis mission. Robert routinely writes articles and journals in publications such as Control Engineering and the Christian Science Monitor’s Passcode. He is also a frequent speaker at conferences around the world. Lastly, Robert, along with Jeff Haas, creates a weekly technology and security web comic titled Little Bobby.
Experience
Recorded Future
Advisor
In the role of Advisor, serves the company on a limited basis with input into the threat intelligence community, trends, and positioning.
Recorded Future’s mission is to empower customers with real-time threat intelligence, to defend their organizations against threats at the speed and scale of the internet. With billions of indexed facts, and more added every day, their patented Web Intelligence Engine continuously analyzes the entire web to give unmatched insight into emerging threats. Recorded Future helps protect four of the top five companies in the world, and over 20,000 IT security professionals use Recorded Future everyday.Dragos, Inc.
Chief Executive Officer and Founder
Dragos industrial cybersecurity software platform codifies advanced threat analytics to provide OT and IT practitioners unprecedented visibility and prescriptive procedures to respond to adversaries in the industrial threat landscape.
Dragos' platform distills decades of real-world experience from an elite team of ICS cybersecurity experts across the U.S. intelligence community and private industrial companies enabling ICS cybersecurity personnel to independently identify ICS assets, detect ICS threats and determine ICS cybersecurity specific responses.
Dragos' offerings include: the Dragos Platform for ICS Threat detection and response, Dragos Threat Operations Center for ICS threat hunting and incident response services, and Dragos ICS WorldView for weekly threat intelligence reports.
More information can be found here: https://dragos.com
Dragos, Inc. was covered here by the Washington Post: https://www.washingtonpost.com/world/national-security/theyre-on-the-lookout-for-malware-that-can-kill/2018/04/27/33190738-32c1-11e8-8abc-22a366b72f2d_story.html
Dragos, Inc. founders Robert Lee, Jon Lavender, and Justin Cavinee were profiled here http://www.forbes.com/sites/thomasbrewster/2016/03/23/saving-america-from-hacker-blackouts/
Dragos, Inc. founder and CEO Robert Lee was also profiled here:
http://thehill.com/business-a-lobbying/lobbyist-profiles/341363-cybersecurity-expert-fights-for-realismNew America
Non-Resident National Cybersecurity Fellow
A non-resident fellow at New America as part of their Cybersecurity Initiative. The purpose of this fellowship is to produce recommendations for policy on securing industrial control systems and critical infrastructure. This will be accomplished through authoring papers, participating in discussions, and speaking at public events.
CCI, Centro de Ciberseguridad Industrial-Industrial Cybersecurity Center
Advisor
The Industrial Cybersecurity Center (Centro de Ciberseguridad Industrial) is a think tank focused on advocating for and educating on industrial cybersecurity especially for Spanish-speaking countries. Industrial control systems (ICS) are a major component of modern society and their protection from digital threats ensures a more reliable and safe future.
In this role I will be advising them especially in areas of industrial network monitoring, incident response, and threat intelligence.Cyber Resilient Energy Delivery Consortium (CREDC)
Advisor
The Cyber Resilient Energy Delivery Consortium (CREDC) works to make energy delivery system (EDS) cyber infrastructure more secure and resilient. CREDC funding support is provided by DOE-OE and DHS S&T. CREDC is the successor to the TCIPG Project which was also funded by the DOE and DHS and is seeking to be independently funded by 2020 to continue research into making the energy infrastructure of North America more reliable and secure.
Education
Intermediate Network Warfare Training
Intermediate Network Warfare Training is a three month Air Force technical school focused on training students in red team and blue team ops and various advanced cyber related skills to perform the Air Force cyber ops missions.Utica College
Master of Science (M.S.)
Cybersecurity - Computer Forensics
King's College London
Doctor of Philosophy (PhD) (Not Finished)
War Studies
Attempting a PhD in War Studies with a focus on cyber conflict to industrial environments (ICS cybersecurity). Taking a 2 year break because of having a kid and the company doing well.
Publications
Generating Hypotheses for Successful Threat Hunting
SANS Institute
Threat hunting is a proactive and iterative approach to detecting threats. On the Sliding Scale of Cyber Security, hunting falls under the active defense category because it is performed primarily by a human analyst. Although threat hunters should rely heavily on automation and machine assistance, the process itself cannot be fully automated nor can any product perform hunting for an analyst. One of the human’s key contributions to any hunt is the initial conception of what threat the analyst would like to hunt and how he or she might find that type of malicious activity in the environment. We typically refer to this initial conception as the hunt’s hypothesis, but it is really just a statement about the hunter’s testable ideas of what threats might be in the environment and how to go about finding them.
Generating Hypotheses for Successful Threat Hunting
SANS Institute
Threat hunting is a proactive and iterative approach to detecting threats. On the Sliding Scale of Cyber Security, hunting falls under the active defense category because it is performed primarily by a human analyst. Although threat hunters should rely heavily on automation and machine assistance, the process itself cannot be fully automated nor can any product perform hunting for an analyst. One of the human’s key contributions to any hunt is the initial conception of what threat the analyst would like to hunt and how he or she might find that type of malicious activity in the environment. We typically refer to this initial conception as the hunt’s hypothesis, but it is really just a statement about the hunter’s testable ideas of what threats might be in the environment and how to go about finding them.
The Who, What, Where, When, Why and How of Effective Threat Hunting
SANS Institute
This paper will explain what threat hunting is (and what it is not), why it is needed, when threat hunting is appropriate, where it fits into maturity efforts, how to get started and who should do the hunting.
Generating Hypotheses for Successful Threat Hunting
SANS Institute
Threat hunting is a proactive and iterative approach to detecting threats. On the Sliding Scale of Cyber Security, hunting falls under the active defense category because it is performed primarily by a human analyst. Although threat hunters should rely heavily on automation and machine assistance, the process itself cannot be fully automated nor can any product perform hunting for an analyst. One of the human’s key contributions to any hunt is the initial conception of what threat the analyst would like to hunt and how he or she might find that type of malicious activity in the environment. We typically refer to this initial conception as the hunt’s hypothesis, but it is really just a statement about the hunter’s testable ideas of what threats might be in the environment and how to go about finding them.
The Who, What, Where, When, Why and How of Effective Threat Hunting
SANS Institute
This paper will explain what threat hunting is (and what it is not), why it is needed, when threat hunting is appropriate, where it fits into maturity efforts, how to get started and who should do the hunting.
The ICS Cyber Kill Chain
SANS Institute
Cyber attacks on industrial control systems (ICS) differ in impact based on a number of factors, including the adversary’s intent, their sophistication and capabilities, and their familiarization with ICS and automated processes. Cyber attackers target systems not in single incidents and breaches but, instead, through a campaign of efforts that enables access and provides sufficient information to devise an effect. A campaign represents the entirety of the operation against the defender organization and its systems. Understanding where an adversary is in his or her campaign can enable defenders to make better-informed security and risk management decisions. Additionally, this knowledge of the adversary’s operations can help defenders appreciate the attacker’s possible intent, level of sophistication, capabilities and familiarization with the ICS, which together work to unveil the potential impact of the attack on an organization. The authors believe ICS networks are more defensible than enterprise information technology (IT) systems. By understanding the inherent advantages of well-architected ICS networks and by understanding adversary attack campaigns against ICS, security personnel can see how defense is doable. The authors introduce the concept of the ICS Cyber Kill Chain to help defenders understand the adversary’s cyber attack campaign
Generating Hypotheses for Successful Threat Hunting
SANS Institute
Threat hunting is a proactive and iterative approach to detecting threats. On the Sliding Scale of Cyber Security, hunting falls under the active defense category because it is performed primarily by a human analyst. Although threat hunters should rely heavily on automation and machine assistance, the process itself cannot be fully automated nor can any product perform hunting for an analyst. One of the human’s key contributions to any hunt is the initial conception of what threat the analyst would like to hunt and how he or she might find that type of malicious activity in the environment. We typically refer to this initial conception as the hunt’s hypothesis, but it is really just a statement about the hunter’s testable ideas of what threats might be in the environment and how to go about finding them.
The Who, What, Where, When, Why and How of Effective Threat Hunting
SANS Institute
This paper will explain what threat hunting is (and what it is not), why it is needed, when threat hunting is appropriate, where it fits into maturity efforts, how to get started and who should do the hunting.
The ICS Cyber Kill Chain
SANS Institute
Cyber attacks on industrial control systems (ICS) differ in impact based on a number of factors, including the adversary’s intent, their sophistication and capabilities, and their familiarization with ICS and automated processes. Cyber attackers target systems not in single incidents and breaches but, instead, through a campaign of efforts that enables access and provides sufficient information to devise an effect. A campaign represents the entirety of the operation against the defender organization and its systems. Understanding where an adversary is in his or her campaign can enable defenders to make better-informed security and risk management decisions. Additionally, this knowledge of the adversary’s operations can help defenders appreciate the attacker’s possible intent, level of sophistication, capabilities and familiarization with the ICS, which together work to unveil the potential impact of the attack on an organization. The authors believe ICS networks are more defensible than enterprise information technology (IT) systems. By understanding the inherent advantages of well-architected ICS networks and by understanding adversary attack campaigns against ICS, security personnel can see how defense is doable. The authors introduce the concept of the ICS Cyber Kill Chain to help defenders understand the adversary’s cyber attack campaign
The Feds Got the Sony Hack Right, But the Way They’re Framing It Is Dangerous
Wired
The FBI’s statement that North Korea is responsible for the cyber attack on Sony Pictures Entertainment has been met with various levels of support and criticism, which has polarized the information security community. At its core, the debate comes down to this: Should we trust the government and its evidence or not? But I believe there is another view that has not been widely represented. Those who trust the government, but disagree with the precedent being set.
Generating Hypotheses for Successful Threat Hunting
SANS Institute
Threat hunting is a proactive and iterative approach to detecting threats. On the Sliding Scale of Cyber Security, hunting falls under the active defense category because it is performed primarily by a human analyst. Although threat hunters should rely heavily on automation and machine assistance, the process itself cannot be fully automated nor can any product perform hunting for an analyst. One of the human’s key contributions to any hunt is the initial conception of what threat the analyst would like to hunt and how he or she might find that type of malicious activity in the environment. We typically refer to this initial conception as the hunt’s hypothesis, but it is really just a statement about the hunter’s testable ideas of what threats might be in the environment and how to go about finding them.
The Who, What, Where, When, Why and How of Effective Threat Hunting
SANS Institute
This paper will explain what threat hunting is (and what it is not), why it is needed, when threat hunting is appropriate, where it fits into maturity efforts, how to get started and who should do the hunting.
The ICS Cyber Kill Chain
SANS Institute
Cyber attacks on industrial control systems (ICS) differ in impact based on a number of factors, including the adversary’s intent, their sophistication and capabilities, and their familiarization with ICS and automated processes. Cyber attackers target systems not in single incidents and breaches but, instead, through a campaign of efforts that enables access and provides sufficient information to devise an effect. A campaign represents the entirety of the operation against the defender organization and its systems. Understanding where an adversary is in his or her campaign can enable defenders to make better-informed security and risk management decisions. Additionally, this knowledge of the adversary’s operations can help defenders appreciate the attacker’s possible intent, level of sophistication, capabilities and familiarization with the ICS, which together work to unveil the potential impact of the attack on an organization. The authors believe ICS networks are more defensible than enterprise information technology (IT) systems. By understanding the inherent advantages of well-architected ICS networks and by understanding adversary attack campaigns against ICS, security personnel can see how defense is doable. The authors introduce the concept of the ICS Cyber Kill Chain to help defenders understand the adversary’s cyber attack campaign
The Feds Got the Sony Hack Right, But the Way They’re Framing It Is Dangerous
Wired
The FBI’s statement that North Korea is responsible for the cyber attack on Sony Pictures Entertainment has been met with various levels of support and criticism, which has polarized the information security community. At its core, the debate comes down to this: Should we trust the government and its evidence or not? But I believe there is another view that has not been widely represented. Those who trust the government, but disagree with the precedent being set.
The Sliding Scale of Cyber Security
SANS Institute
The Sliding Scale of Cyber Security is a model for providing a nuanced discussion to the categories of actions and investments that contribute to cyber security. The five categories in the scale are Architecture, Passive Defense, Active Defense, Intelligence, and Offense. The continuum between the five categories helps visualize that not all actions are static or easily defined. Understanding these interconnected categories that contribute to cyber security helps individuals and organizations better understand the purpose and impacts of their resource investments, establish a maturity model for their security program, and break down cyber attacks to identify root cause analysis in a way that encourages growth by defenders over time. The understanding of each phase helps individuals and organizations understand that categories on the left hand side of the scale build the appropriate foundation that make the other actions of the scale more obtainable, useful, and less resource intensive. The goal should be to invest resources starting on the left hand side of the scale and address those issues to achieve a proper return on investment before allocating significant resources to the other categories. This approach recognizes the increasing cost of success to adversaries facing properly prepared organizations and empowers defenders to engage security in a manner that evolves over time.
Generating Hypotheses for Successful Threat Hunting
SANS Institute
Threat hunting is a proactive and iterative approach to detecting threats. On the Sliding Scale of Cyber Security, hunting falls under the active defense category because it is performed primarily by a human analyst. Although threat hunters should rely heavily on automation and machine assistance, the process itself cannot be fully automated nor can any product perform hunting for an analyst. One of the human’s key contributions to any hunt is the initial conception of what threat the analyst would like to hunt and how he or she might find that type of malicious activity in the environment. We typically refer to this initial conception as the hunt’s hypothesis, but it is really just a statement about the hunter’s testable ideas of what threats might be in the environment and how to go about finding them.
The Who, What, Where, When, Why and How of Effective Threat Hunting
SANS Institute
This paper will explain what threat hunting is (and what it is not), why it is needed, when threat hunting is appropriate, where it fits into maturity efforts, how to get started and who should do the hunting.
The ICS Cyber Kill Chain
SANS Institute
Cyber attacks on industrial control systems (ICS) differ in impact based on a number of factors, including the adversary’s intent, their sophistication and capabilities, and their familiarization with ICS and automated processes. Cyber attackers target systems not in single incidents and breaches but, instead, through a campaign of efforts that enables access and provides sufficient information to devise an effect. A campaign represents the entirety of the operation against the defender organization and its systems. Understanding where an adversary is in his or her campaign can enable defenders to make better-informed security and risk management decisions. Additionally, this knowledge of the adversary’s operations can help defenders appreciate the attacker’s possible intent, level of sophistication, capabilities and familiarization with the ICS, which together work to unveil the potential impact of the attack on an organization. The authors believe ICS networks are more defensible than enterprise information technology (IT) systems. By understanding the inherent advantages of well-architected ICS networks and by understanding adversary attack campaigns against ICS, security personnel can see how defense is doable. The authors introduce the concept of the ICS Cyber Kill Chain to help defenders understand the adversary’s cyber attack campaign
The Feds Got the Sony Hack Right, But the Way They’re Framing It Is Dangerous
Wired
The FBI’s statement that North Korea is responsible for the cyber attack on Sony Pictures Entertainment has been met with various levels of support and criticism, which has polarized the information security community. At its core, the debate comes down to this: Should we trust the government and its evidence or not? But I believe there is another view that has not been widely represented. Those who trust the government, but disagree with the precedent being set.
The Sliding Scale of Cyber Security
SANS Institute
The Sliding Scale of Cyber Security is a model for providing a nuanced discussion to the categories of actions and investments that contribute to cyber security. The five categories in the scale are Architecture, Passive Defense, Active Defense, Intelligence, and Offense. The continuum between the five categories helps visualize that not all actions are static or easily defined. Understanding these interconnected categories that contribute to cyber security helps individuals and organizations better understand the purpose and impacts of their resource investments, establish a maturity model for their security program, and break down cyber attacks to identify root cause analysis in a way that encourages growth by defenders over time. The understanding of each phase helps individuals and organizations understand that categories on the left hand side of the scale build the appropriate foundation that make the other actions of the scale more obtainable, useful, and less resource intensive. The goal should be to invest resources starting on the left hand side of the scale and address those issues to achieve a proper return on investment before allocating significant resources to the other categories. This approach recognizes the increasing cost of success to adversaries facing properly prepared organizations and empowers defenders to engage security in a manner that evolves over time.
Threat Intelligence and Me
Amazon Createspace
Threat Intelligence is a topic that has captivated the cybersecurity industry. Yet, the topic can be complex and quickly skewed. Author Robert M. Lee and illustrator Jeff Haas created this book to take a lighthearted look at the threat intelligence community and explain the concepts to analysts in a children's book format that is age-appropriate for all. Threat Intelligence and Me is the second work by Robert and Jeff who previously created SCADA and Me: A Book for Children and Management. Their previous work has been read by tens of thousands in the security community and beyond including foreign heads of state. Threat Intelligence and Me promises to reach an even wider audience while remaining easy-to-consume and humorous.
Generating Hypotheses for Successful Threat Hunting
SANS Institute
Threat hunting is a proactive and iterative approach to detecting threats. On the Sliding Scale of Cyber Security, hunting falls under the active defense category because it is performed primarily by a human analyst. Although threat hunters should rely heavily on automation and machine assistance, the process itself cannot be fully automated nor can any product perform hunting for an analyst. One of the human’s key contributions to any hunt is the initial conception of what threat the analyst would like to hunt and how he or she might find that type of malicious activity in the environment. We typically refer to this initial conception as the hunt’s hypothesis, but it is really just a statement about the hunter’s testable ideas of what threats might be in the environment and how to go about finding them.
The Who, What, Where, When, Why and How of Effective Threat Hunting
SANS Institute
This paper will explain what threat hunting is (and what it is not), why it is needed, when threat hunting is appropriate, where it fits into maturity efforts, how to get started and who should do the hunting.
The ICS Cyber Kill Chain
SANS Institute
Cyber attacks on industrial control systems (ICS) differ in impact based on a number of factors, including the adversary’s intent, their sophistication and capabilities, and their familiarization with ICS and automated processes. Cyber attackers target systems not in single incidents and breaches but, instead, through a campaign of efforts that enables access and provides sufficient information to devise an effect. A campaign represents the entirety of the operation against the defender organization and its systems. Understanding where an adversary is in his or her campaign can enable defenders to make better-informed security and risk management decisions. Additionally, this knowledge of the adversary’s operations can help defenders appreciate the attacker’s possible intent, level of sophistication, capabilities and familiarization with the ICS, which together work to unveil the potential impact of the attack on an organization. The authors believe ICS networks are more defensible than enterprise information technology (IT) systems. By understanding the inherent advantages of well-architected ICS networks and by understanding adversary attack campaigns against ICS, security personnel can see how defense is doable. The authors introduce the concept of the ICS Cyber Kill Chain to help defenders understand the adversary’s cyber attack campaign
The Feds Got the Sony Hack Right, But the Way They’re Framing It Is Dangerous
Wired
The FBI’s statement that North Korea is responsible for the cyber attack on Sony Pictures Entertainment has been met with various levels of support and criticism, which has polarized the information security community. At its core, the debate comes down to this: Should we trust the government and its evidence or not? But I believe there is another view that has not been widely represented. Those who trust the government, but disagree with the precedent being set.
The Sliding Scale of Cyber Security
SANS Institute
The Sliding Scale of Cyber Security is a model for providing a nuanced discussion to the categories of actions and investments that contribute to cyber security. The five categories in the scale are Architecture, Passive Defense, Active Defense, Intelligence, and Offense. The continuum between the five categories helps visualize that not all actions are static or easily defined. Understanding these interconnected categories that contribute to cyber security helps individuals and organizations better understand the purpose and impacts of their resource investments, establish a maturity model for their security program, and break down cyber attacks to identify root cause analysis in a way that encourages growth by defenders over time. The understanding of each phase helps individuals and organizations understand that categories on the left hand side of the scale build the appropriate foundation that make the other actions of the scale more obtainable, useful, and less resource intensive. The goal should be to invest resources starting on the left hand side of the scale and address those issues to achieve a proper return on investment before allocating significant resources to the other categories. This approach recognizes the increasing cost of success to adversaries facing properly prepared organizations and empowers defenders to engage security in a manner that evolves over time.
Threat Intelligence and Me
Amazon Createspace
Threat Intelligence is a topic that has captivated the cybersecurity industry. Yet, the topic can be complex and quickly skewed. Author Robert M. Lee and illustrator Jeff Haas created this book to take a lighthearted look at the threat intelligence community and explain the concepts to analysts in a children's book format that is age-appropriate for all. Threat Intelligence and Me is the second work by Robert and Jeff who previously created SCADA and Me: A Book for Children and Management. Their previous work has been read by tens of thousands in the security community and beyond including foreign heads of state. Threat Intelligence and Me promises to reach an even wider audience while remaining easy-to-consume and humorous.
Why Strong Encryption is Elementary
Christian Science Monitor
The case against encryption ‘back doors’ simplified so even a child can understand it.
Generating Hypotheses for Successful Threat Hunting
SANS Institute
Threat hunting is a proactive and iterative approach to detecting threats. On the Sliding Scale of Cyber Security, hunting falls under the active defense category because it is performed primarily by a human analyst. Although threat hunters should rely heavily on automation and machine assistance, the process itself cannot be fully automated nor can any product perform hunting for an analyst. One of the human’s key contributions to any hunt is the initial conception of what threat the analyst would like to hunt and how he or she might find that type of malicious activity in the environment. We typically refer to this initial conception as the hunt’s hypothesis, but it is really just a statement about the hunter’s testable ideas of what threats might be in the environment and how to go about finding them.
The Who, What, Where, When, Why and How of Effective Threat Hunting
SANS Institute
This paper will explain what threat hunting is (and what it is not), why it is needed, when threat hunting is appropriate, where it fits into maturity efforts, how to get started and who should do the hunting.
The ICS Cyber Kill Chain
SANS Institute
Cyber attacks on industrial control systems (ICS) differ in impact based on a number of factors, including the adversary’s intent, their sophistication and capabilities, and their familiarization with ICS and automated processes. Cyber attackers target systems not in single incidents and breaches but, instead, through a campaign of efforts that enables access and provides sufficient information to devise an effect. A campaign represents the entirety of the operation against the defender organization and its systems. Understanding where an adversary is in his or her campaign can enable defenders to make better-informed security and risk management decisions. Additionally, this knowledge of the adversary’s operations can help defenders appreciate the attacker’s possible intent, level of sophistication, capabilities and familiarization with the ICS, which together work to unveil the potential impact of the attack on an organization. The authors believe ICS networks are more defensible than enterprise information technology (IT) systems. By understanding the inherent advantages of well-architected ICS networks and by understanding adversary attack campaigns against ICS, security personnel can see how defense is doable. The authors introduce the concept of the ICS Cyber Kill Chain to help defenders understand the adversary’s cyber attack campaign
The Feds Got the Sony Hack Right, But the Way They’re Framing It Is Dangerous
Wired
The FBI’s statement that North Korea is responsible for the cyber attack on Sony Pictures Entertainment has been met with various levels of support and criticism, which has polarized the information security community. At its core, the debate comes down to this: Should we trust the government and its evidence or not? But I believe there is another view that has not been widely represented. Those who trust the government, but disagree with the precedent being set.
The Sliding Scale of Cyber Security
SANS Institute
The Sliding Scale of Cyber Security is a model for providing a nuanced discussion to the categories of actions and investments that contribute to cyber security. The five categories in the scale are Architecture, Passive Defense, Active Defense, Intelligence, and Offense. The continuum between the five categories helps visualize that not all actions are static or easily defined. Understanding these interconnected categories that contribute to cyber security helps individuals and organizations better understand the purpose and impacts of their resource investments, establish a maturity model for their security program, and break down cyber attacks to identify root cause analysis in a way that encourages growth by defenders over time. The understanding of each phase helps individuals and organizations understand that categories on the left hand side of the scale build the appropriate foundation that make the other actions of the scale more obtainable, useful, and less resource intensive. The goal should be to invest resources starting on the left hand side of the scale and address those issues to achieve a proper return on investment before allocating significant resources to the other categories. This approach recognizes the increasing cost of success to adversaries facing properly prepared organizations and empowers defenders to engage security in a manner that evolves over time.
Threat Intelligence and Me
Amazon Createspace
Threat Intelligence is a topic that has captivated the cybersecurity industry. Yet, the topic can be complex and quickly skewed. Author Robert M. Lee and illustrator Jeff Haas created this book to take a lighthearted look at the threat intelligence community and explain the concepts to analysts in a children's book format that is age-appropriate for all. Threat Intelligence and Me is the second work by Robert and Jeff who previously created SCADA and Me: A Book for Children and Management. Their previous work has been read by tens of thousands in the security community and beyond including foreign heads of state. Threat Intelligence and Me promises to reach an even wider audience while remaining easy-to-consume and humorous.
Why Strong Encryption is Elementary
Christian Science Monitor
The case against encryption ‘back doors’ simplified so even a child can understand it.
Generating Hypotheses for Successful Threat Hunting
SANS Institute
Threat hunting is a proactive and iterative approach to detecting threats. On the Sliding Scale of Cyber Security, hunting falls under the active defense category because it is performed primarily by a human analyst. Although threat hunters should rely heavily on automation and machine assistance, the process itself cannot be fully automated nor can any product perform hunting for an analyst. One of the human’s key contributions to any hunt is the initial conception of what threat the analyst would like to hunt and how he or she might find that type of malicious activity in the environment. We typically refer to this initial conception as the hunt’s hypothesis, but it is really just a statement about the hunter’s testable ideas of what threats might be in the environment and how to go about finding them.
The Who, What, Where, When, Why and How of Effective Threat Hunting
SANS Institute
This paper will explain what threat hunting is (and what it is not), why it is needed, when threat hunting is appropriate, where it fits into maturity efforts, how to get started and who should do the hunting.
The ICS Cyber Kill Chain
SANS Institute
Cyber attacks on industrial control systems (ICS) differ in impact based on a number of factors, including the adversary’s intent, their sophistication and capabilities, and their familiarization with ICS and automated processes. Cyber attackers target systems not in single incidents and breaches but, instead, through a campaign of efforts that enables access and provides sufficient information to devise an effect. A campaign represents the entirety of the operation against the defender organization and its systems. Understanding where an adversary is in his or her campaign can enable defenders to make better-informed security and risk management decisions. Additionally, this knowledge of the adversary’s operations can help defenders appreciate the attacker’s possible intent, level of sophistication, capabilities and familiarization with the ICS, which together work to unveil the potential impact of the attack on an organization. The authors believe ICS networks are more defensible than enterprise information technology (IT) systems. By understanding the inherent advantages of well-architected ICS networks and by understanding adversary attack campaigns against ICS, security personnel can see how defense is doable. The authors introduce the concept of the ICS Cyber Kill Chain to help defenders understand the adversary’s cyber attack campaign
The Feds Got the Sony Hack Right, But the Way They’re Framing It Is Dangerous
Wired
The FBI’s statement that North Korea is responsible for the cyber attack on Sony Pictures Entertainment has been met with various levels of support and criticism, which has polarized the information security community. At its core, the debate comes down to this: Should we trust the government and its evidence or not? But I believe there is another view that has not been widely represented. Those who trust the government, but disagree with the precedent being set.
The Sliding Scale of Cyber Security
SANS Institute
The Sliding Scale of Cyber Security is a model for providing a nuanced discussion to the categories of actions and investments that contribute to cyber security. The five categories in the scale are Architecture, Passive Defense, Active Defense, Intelligence, and Offense. The continuum between the five categories helps visualize that not all actions are static or easily defined. Understanding these interconnected categories that contribute to cyber security helps individuals and organizations better understand the purpose and impacts of their resource investments, establish a maturity model for their security program, and break down cyber attacks to identify root cause analysis in a way that encourages growth by defenders over time. The understanding of each phase helps individuals and organizations understand that categories on the left hand side of the scale build the appropriate foundation that make the other actions of the scale more obtainable, useful, and less resource intensive. The goal should be to invest resources starting on the left hand side of the scale and address those issues to achieve a proper return on investment before allocating significant resources to the other categories. This approach recognizes the increasing cost of success to adversaries facing properly prepared organizations and empowers defenders to engage security in a manner that evolves over time.
Threat Intelligence and Me
Amazon Createspace
Threat Intelligence is a topic that has captivated the cybersecurity industry. Yet, the topic can be complex and quickly skewed. Author Robert M. Lee and illustrator Jeff Haas created this book to take a lighthearted look at the threat intelligence community and explain the concepts to analysts in a children's book format that is age-appropriate for all. Threat Intelligence and Me is the second work by Robert and Jeff who previously created SCADA and Me: A Book for Children and Management. Their previous work has been read by tens of thousands in the security community and beyond including foreign heads of state. Threat Intelligence and Me promises to reach an even wider audience while remaining easy-to-consume and humorous.
Why Strong Encryption is Elementary
Christian Science Monitor
The case against encryption ‘back doors’ simplified so even a child can understand it.
The Active Cyber Defense Cycle: A Strategy to Ensure Oil and Gas Infrastructure Cyber Security
Oil and Gas Engineering
An introduction to the active cyber defense cycle specifically tailored to the discussion of the oil and gas industry.
Generating Hypotheses for Successful Threat Hunting
SANS Institute
Threat hunting is a proactive and iterative approach to detecting threats. On the Sliding Scale of Cyber Security, hunting falls under the active defense category because it is performed primarily by a human analyst. Although threat hunters should rely heavily on automation and machine assistance, the process itself cannot be fully automated nor can any product perform hunting for an analyst. One of the human’s key contributions to any hunt is the initial conception of what threat the analyst would like to hunt and how he or she might find that type of malicious activity in the environment. We typically refer to this initial conception as the hunt’s hypothesis, but it is really just a statement about the hunter’s testable ideas of what threats might be in the environment and how to go about finding them.
The Who, What, Where, When, Why and How of Effective Threat Hunting
SANS Institute
This paper will explain what threat hunting is (and what it is not), why it is needed, when threat hunting is appropriate, where it fits into maturity efforts, how to get started and who should do the hunting.
The ICS Cyber Kill Chain
SANS Institute
Cyber attacks on industrial control systems (ICS) differ in impact based on a number of factors, including the adversary’s intent, their sophistication and capabilities, and their familiarization with ICS and automated processes. Cyber attackers target systems not in single incidents and breaches but, instead, through a campaign of efforts that enables access and provides sufficient information to devise an effect. A campaign represents the entirety of the operation against the defender organization and its systems. Understanding where an adversary is in his or her campaign can enable defenders to make better-informed security and risk management decisions. Additionally, this knowledge of the adversary’s operations can help defenders appreciate the attacker’s possible intent, level of sophistication, capabilities and familiarization with the ICS, which together work to unveil the potential impact of the attack on an organization. The authors believe ICS networks are more defensible than enterprise information technology (IT) systems. By understanding the inherent advantages of well-architected ICS networks and by understanding adversary attack campaigns against ICS, security personnel can see how defense is doable. The authors introduce the concept of the ICS Cyber Kill Chain to help defenders understand the adversary’s cyber attack campaign
The Feds Got the Sony Hack Right, But the Way They’re Framing It Is Dangerous
Wired
The FBI’s statement that North Korea is responsible for the cyber attack on Sony Pictures Entertainment has been met with various levels of support and criticism, which has polarized the information security community. At its core, the debate comes down to this: Should we trust the government and its evidence or not? But I believe there is another view that has not been widely represented. Those who trust the government, but disagree with the precedent being set.
The Sliding Scale of Cyber Security
SANS Institute
The Sliding Scale of Cyber Security is a model for providing a nuanced discussion to the categories of actions and investments that contribute to cyber security. The five categories in the scale are Architecture, Passive Defense, Active Defense, Intelligence, and Offense. The continuum between the five categories helps visualize that not all actions are static or easily defined. Understanding these interconnected categories that contribute to cyber security helps individuals and organizations better understand the purpose and impacts of their resource investments, establish a maturity model for their security program, and break down cyber attacks to identify root cause analysis in a way that encourages growth by defenders over time. The understanding of each phase helps individuals and organizations understand that categories on the left hand side of the scale build the appropriate foundation that make the other actions of the scale more obtainable, useful, and less resource intensive. The goal should be to invest resources starting on the left hand side of the scale and address those issues to achieve a proper return on investment before allocating significant resources to the other categories. This approach recognizes the increasing cost of success to adversaries facing properly prepared organizations and empowers defenders to engage security in a manner that evolves over time.
Threat Intelligence and Me
Amazon Createspace
Threat Intelligence is a topic that has captivated the cybersecurity industry. Yet, the topic can be complex and quickly skewed. Author Robert M. Lee and illustrator Jeff Haas created this book to take a lighthearted look at the threat intelligence community and explain the concepts to analysts in a children's book format that is age-appropriate for all. Threat Intelligence and Me is the second work by Robert and Jeff who previously created SCADA and Me: A Book for Children and Management. Their previous work has been read by tens of thousands in the security community and beyond including foreign heads of state. Threat Intelligence and Me promises to reach an even wider audience while remaining easy-to-consume and humorous.
Why Strong Encryption is Elementary
Christian Science Monitor
The case against encryption ‘back doors’ simplified so even a child can understand it.
The Active Cyber Defense Cycle: A Strategy to Ensure Oil and Gas Infrastructure Cyber Security
Oil and Gas Engineering
An introduction to the active cyber defense cycle specifically tailored to the discussion of the oil and gas industry.
Security Firm's Iran Report Mostly Hype
Christian Science Monitor's Passcode
A new report from the security firm Norse that claims growing Iranian cyberattacks on critical infrastructure relies on questionable data. It's the latest in a string of cybersecurity vendor reports that grab headlines but erode trust in the industry.
Possible Matching Profiles
The following profiles may or may not be the same professor:
- Robert Lee
Florida Gulf Coast University - Public Affairs - Robert Lee
James Madison University - Mathematics
Possible Matching Profiles
The following profiles may or may not be the same professor:
- Robert Lee Daily (-10% Match)
American Federation of Teachers
El Camino College - El Camino College - Robert Lee White (-40% Match)
Faculty
City College Of San Francisco - City College Of San Francisco - Stuart Robert Lee (-20% Match)
Adjunct Exercise Science Instructor
Grossmont-Cuyamaca Community College District - Grossmont-Cuyamaca Community College District - Robert Lee Fischer (-10% Match)
Adjunct Faculty
Pasadena City College - Pasadena City College - Robert Lee Clark (-40% Match)
Instructional Aide 3
Peralta Community College District - Peralta Community College District - Robert Lee (00% Match)
Instructor
Rancho Santiago Community College District - Rancho Santiago Community College District - Robert Lee Logan II (30% Match)
Adjunct Professor
Southwestern College - Southwestern College - Robert Lee Bohn (-10% Match)
Senior Museum Scientist
University Of California - University Of California - Robert Lee Richard (-10% Match)
Adjunct Professor
University Of California - University Of California - Robert Lee Suddath JR (30% Match)
Associate Clinical Professor
University Of California - University Of California - Robert Lee Thomas (-40% Match)
Lecturer
University Of California - University Of California - Roland Robert Lee (-20% Match)
Professor In Residence
University Of California - University Of California - Robert Lee Grover (-10% Match)
Instructor
Delaware Technical Community College - Owens Campus - Dtcc/owens Campus - Robert Lee Graper (-10% Match)
Instructor
Albany State University - Albany State University - Robert Lee Sterner (-10% Match)
Adjunct Faculty (Academic Personnel Office)
Central Georgia Technical College - Central Georgia Technical College - Robert Lee Hubbard (-20% Match)
Technical Instructor
Coastal Pines Technical College - Coastal Pines Technical College - Robert Lee Williams (-40% Match)
Faculty (Retiree)
Georgia State University - Georgia State University - Kenneth Robert Lee (-40% Match)
Adjunct Faculty (Academic Personnel Office)
Gwinnett Technical College - Gwinnett Technical College - Robert Lee Ausby (10% Match)
Technical Instructor
Wiregrass Georgia Technical College - Wiregrass Technical College - Robert Lee Sterner (-10% Match)
Adjunct Faculty
Middle Georgia Technical College - Middle Georgia Technical College - Robert Lee Norman (-10% Match)
Instructor (Department of Technical and Adult Educ
Moultrie Technical College - Moultrie Technical College - Robert Lee Norman (-40% Match)
Adjunct Faculty (Academic Personnel Office)
Southern Regional Technical College - Southern Regional Technical College - Robert Lee Baker (-40% Match)
Faculty
University Of North Georgia - University Of North Georgia - Robert Lee Johnson (-40% Match)
Postdoctoral Research Associate
Iowa State University - Iowa State University - Robert Lee Parsons (-10% Match)
Director/Professor
University Of Kansas - University Of Kansas - Robert Lee (00% Match)
Faculty (Contracted)
Bunker Hill Community College - Bunker Hill Community College (bhc) - Robert Lee (00% Match)
Faculty (Contracted)
Bunker Hill Community College - Bunker Hill Community College (bhc) - Robert Lee (00% Match)
Contracted Faculty Catallozzi
Bunker Hill Community College - Bunker Hill Community College (bhc) - Robert Lee Jones (-40% Match)
Instructor
College Of Southern Nevada - College Of Southern Nevada - Robert Lee Plienis (-10% Match)
Instructor
Nevada State College - Nevada State College - John Robert Leemuel Morrison (00% Match)
Adjunct Assistant Professor
New York City College of Technology - Nyc College Of Technology Adj - Robert Lee Brackett III (30% Match)
Adjunct Lecturer
New York City College of Technology - Nyc College Of Technology Adj - Robert Lee (00% Match)
Professor
James Madison University - James Madison University - Robert Lee (00% Match)
Stipend For P/T Faculty
Highline Community College - Highline Community College - Robert Lee (00% Match)
Faculty
Tacoma Community College - Tacoma Community College
