Rob T. Lee
Chief of Research, AI & Emerging Threats | SANS Institute
Known as the “Godfather of Digital Forensics & Incident Response (#DFIR),” Rob T. Lee is one of the world’s most respected cybersecurity experts. As Chief of Research at SANS Institute—the leading authority in cybersecurity and digital forensics training—Rob drives cutting‑edge research, curriculum design, and faculty development. With more than 20 years of experience across computer forensics, incident response, threat hunting, vulnerability discovery, and intrusion detection, he has shaped modern cyber‑defense practice.
Rob coined the term Digital Forensics & Incident Response (#DFIR) and co‑authored the groundbreaking Mandiant M‑Trends: The APT Report, which set the industry standard for understanding advanced persistent threats. He has testified before and provided expert analysis to the Foreign Intelligence Surveillance Court (FISC), advised U.S. congressional committees, and supported federal agencies and the U.S. military in high‑stakes cyber investigations.
In the private sector, Rob acts as a hands‑on practitioner, helping corporations investigate security breaches, trade‑secret theft, and other complex incidents. He is also the lead engineer and creator of the widely adopted SIFT Workstation.
Earlier in his career, Rob served as Director of Incident Response at Mandiant and Director of Offensive Cyber Operations and Development at ManTech. A graduate of the U.S. Air Force Academy, he was a founding member of the 609th Information Warfare Squadron—the first U.S. military unit dedicated to information operations—and later led computer crime investigations for the Air Force Office of Special Investigations (AFOSI).
Rob is co‑author of Know Your Enemy, 2nd Edition and the recipient of numerous cybersecurity awards. Over the years, he has mentored thousands of professionals who now serve in critical security roles worldwide.
AI and Executive Leadership
Beyond his technical expertise, Rob has emerged as a leading voice in AI‑driven cybersecurity strategy. He regularly advises CISOs and CTOs on leveraging artificial intelligence to transform security operations and gain competitive advantage. Rob’s unique ability to translate complex technical concepts into actionable business strategies has made him a sought‑after advisor for executive leadership teams navigating digital transformation.
Media Appearances
Rob’s insights have been featured in The Wall Street Journal, WIRED, and The Washington Post. He is a frequent keynote speaker at premier industry events, including RSA Conference and the Cyber Venture Forum hosted by Blu Venture Investors.
Publications & Thought Leadership
-
Mandiant M‑Trends: The APT Report – Co‑author
-
Know Your Enemy, 2nd Edition – Co‑author
-
Multiple industry white papers and peer‑reviewed articles
Personal & Community
The son and grandson of career military officers, Rob remains committed to service. When he isn’t thwarting virtual threats, he spends time with his family, pursues continual learning, and celebrates his lifelong love of Star Wars.
Contact
To schedule a media interview with Rob T. Lee, please contact his Media Relations Manager, Jenn Elston, at jelston@sans.org.
Twitter: @robtlee
LinkedIn: @leerob
Twitter: @sansforensics