Robert Lee

CEO and Founder

Robert is a recognized pioneer in the industrial security incident response and threat intelligence community. He gained his start in security as a U.S. Air Force  Cyber Warfare Operations Officer tasked to the National Security Agency where he built a first-of-its-kind mission identifying and analyzing national threats to industrial infrastructure. He went on to build the industrial community’s first dedicated monitoring and incident response class at the SANS Institute (ICS515) and the industry recognized cyber threat intelligence course (FOR578).

Forbes named Robert to its 30 under 30 (2016) list as one of the “brightest entrepreneurs, breakout talents, and change agents” in Enterprise Technology. He is a business leader but also technical practitioner. Robert helped lead the investigation into the 2015 cyber attack on Ukraine’s power grid, he and his team at Dragos helped identify and analyze the CRASHOVERRIDE malware that attacked Ukraine’s grid in 2016 and the TRISIS malware deployed against an industrial safety system in the Middle East in 2017.

Robert is routinely sought after for his advice and input into industrial threat detection and response. He has presented at major security conferences such as SANS, BlackHat, DefCon, and RSA and has testified to the Senate’s Energy and National Resources Committee. As a non-resident national security fellow at New America, Robert works to inform policy related to critical infrastructure cyber security and is regularly asked by various governments to brief to national level leaders.

Some of Rob’s many papers:

ICS Cyber Kill Chain
SANS DUC5 Ukraine 2015

My Sessions

Closing Panel

Main Stage

Dale Peterson closes things out with Ralph Langner, Zach Tudor and a possible third guest. What aren’t we talking about that we should be? Reactions to what was heard. Where is the ICS security community today and where does it need to be. Always voted one of the favorite sessions of S4.

Panel / Debate

6. Attacks and Threats


With the barrage of FUD coming from the media, and many ICSsec experts, discover what you should learn from recent ICS attacks and known threat actors. And importantly, what should you prepare for in the next 1 – 3 years.