Rob graduated from the U.S. Air Force Academy and served as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on information operations. Later, he was a member of the Air Force Office of Special Investigations (AFOSI) where he led a team conducting computer crime investigations, incident response, and computer forensics.
Prior to starting his own firm, he worked directly with a variety of government agencies, U.S. Department of Defense, and intelligence communities as the technical lead for a vulnerability discovery and an exploit development team, lead for a cyber forensics branch, and lead for a digital forensic and security software development team. Rob was also a director for MANDIANT, a company focused on investigating advanced adversaries, such as the APT, for five years prior to starting his own business.
Rob has more than 20 years' experience in computer forensics, incident response, threat hunting, vulnerability and exploit discovery, and intrusion detection/prevention. Over his career, Rob has worked on both Offensive and Defensive Cyber Operations supporting multiple organizations and agencies in and out of uniform. He co-authored the book Know Your Enemy, 2nd Edition and was recently inducted into the Forensic 4Cast Hall of Fame. Rob is also a co-author of the MANDIANT threat intelligence report M-Trends: The Advanced Persistent Threat. He earned his MBA from Georgetown University in Washington DC and currently lives in the Denver, CO area where he helps lead the SANS Institute as the Chief, Curriculum Director, and Head of Faculty.
What other’s have to say about Rob:
“As a police officer entering the field of digital forensics in the late 2000s, I became familiar with Rob Lee from his appearances on forensics podcasts. His enthusiasm for the profession and his quest to share his knowledge immediately made me a fan. After transitioning to the federal law enforcement side, I was lucky to have Rob as the instructor in my first SANS course, FOR500. Rob started each day by welcoming the class and explaining it was going to be the best day of our forensic lives. His infectious personality fueled his students' enthusiasm, and I still hear his passionate voice explaining prefetch files whenever I start diving into artifacts.” - A former FOR500 attendee
“Rob exceeded all my expectations of him. As a long-time fan of him and his work, it’s an honor to be taught by and to facilitate the class for him. It’s awesome to finally meet your hero!” - A former FOR508 attendee
“I worked with Rob many years ago in AFOSI and, while many things have changed, his passion for DFIR and doing the right thing has remained the same. Rob has truly advanced the knowledge of tens of thousands of professionals around the world with his selfless and relentless approach. Not only have I learned from Rob over the years, but I’ve entrusted the training of my entire team to the educational tracks he’s been so critical in developing.” - A former co-worker
ADDITIONAL CONTRIBUTIONS BY ROB LEE:
Threat Hunting Is a Process, Not a Thing: SANS 2018 Survey Results, Part I, September 2018
Threat Hunting in Action: SANS 2018 Survey Results, Part II, September 2018
Introducing the New DFIR “Hunt Evil“ Poster, June 2018
Getting Started with the SIFT Workstation, November 2017