Rob T. Lee

Globally recognized authority on cybersecurity and AI strategy. Chief of Research & Chief AI Officer at SANS Institute.

100K+
Professionals Trained
20+
Years Leading Security Innovation
Global
Speaking Authority
Rob T. Lee professional headshot

Recent Appointments

Commission on U.S. Cyber Force Generation — Examining whether the U.S. should create a dedicated military service for cyberspace.

Learn more

Presidential AI Challenge — Regional Judge for AI.GOV's national student competition.

Learn more

Recent Highlights

RSAC 2026 Keynote - Five Most Dangerous New Attack Techniques
RSA Conference • San Francisco

Five Most Dangerous New Attack Techniques

Annual keynote panel featuring the latest threats and defensive strategies from leading security researchers.

[un]prompted Conference
[un]prompted Conference

Claude Code on SIFT Workstation

CXOTalk Episode 910
CXOTalk Episode 910

The AI Attack Lifecycle

Agents of Scale with Wade Foster
Agents of Scale

Why "No" to AI Creates More Risk

SANS Institute Leadership

Chief of Research and Chief AI Officer

Defined how modern incident response works, shaped national security policy, and trained the teams defending the world's most critical systems.

Shadow AI Research

Developing methodologies for discovering and managing unauthorized AI deployments

AI Governance Frameworks

Creating comprehensive frameworks for responsible AI implementation and compliance

Adversarial AI Defense

Researching attack vectors and defense strategies for AI system security

AI Risk Management

Advancing risk assessment methodologies for enterprise AI deployments

SANS Institute AI Security Programs

The world's most trusted AI security training and research, developed by practitioners for practitioners.

Approach: Protect, Utilize, and Govern AI

Every executive is prioritizing AI, but confusion and uncertainty still dominate its adoption. I believe success depends on owning AI securely, which means addressing all three dimensions at once.

Why all three matter:

Protecting AI without utilizing it leaves capability on the table. Utilizing AI without governance risks chaos. Governance without technical protections creates a false sense of security. My work and SANS programs bring these together so organizations can move forward with clarity.

Protect AI

SECURING AI SYSTEMS

Defend models, applications, and data pipelines from tampering, poisoning, prompt injection, and other adversarial techniques. This track focuses on the technical security of AI assets from development through deployment.

Utilize AI in Cybersecurity

ENHANCING DEFENSE WITH AI

Leverage AI and ML to improve detection, response, and resilience. This means integrating AI into SOC workflows, threat hunting, and incident analysis to match attacker speed and scale.

Govern AI

REGULATION, COMPLIANCE, AND EXECUTIVE OVERSIGHT

Translate complex AI regulations into actionable governance frameworks that boards and leadership teams can implement. This includes establishing clear structures, ensuring regulatory compliance, and aligning AI initiatives with enterprise risk management and IT transformation goals.

Articles & Insights

ARTICLE

The Framework of No: Why Your Security Team is Killing Your AI Momentum

How traditional security approaches drive shadow AI adoption and what to do instead

View
ARTICLE

Sunlight AI: A Governance Framework That Works in 30 Days

Practical steps to move from shadow AI chaos to working governance without 18-month frameworks

View
OP-ED

AI Chat Data: History's Most Thorough Record of Enterprise Secrets

Why AI conversation logs represent an unprecedented security challenge for organizations

View

Featured In

ForbesRolling StoneWall Street JournalWiredNEWSWEEKTHE HILLNBC NEWSCNBC

Invite Rob to Speak

Topics Include

Boards Can't Pretend to Understand AI. They Have to Learn.

What boardrooms need isn't another jargon-heavy AI strategy session. They need someone who's built the programs, advised the agencies, and seen the breach reports. Rob gives directors a clear language and structure for AI literacy and board engagement.

The Workforce You Need Is Already Behind.

Everyone talks about AI transformation. Few are building teams who can use it, secure it, and respond to it. Rob draws from decades building the global cyber workforce to show what readiness actually looks like, from SOCs to C-suites to startups, and how to lead toward it.

AI Moves Fast. Your Governance Can't Lag.

A sharp, operationally grounded session for executives and boards on what AI adoption looks like in the wild, when tools get ahead of policy, when teams go rogue, and when 'pilot projects' turn into attack surfaces. Rob breaks down how to set the right guardrails early, ask better questions, and reduce real exposure without killing momentum.

Attackers Don't Wait for Your Next Planning Cycle.

Drawing from his work in national security and incident response, Rob shows how adversaries are already using AI systems to scale attacks, break defenses, and shift speed in ways most leaders haven't prepared for. A critical briefing for anyone responsible for protecting systems or investing in them.

About Rob T. Lee

Rob T. Lee is Chief AI Officer and Chief of Research at SANS Institute, where he advises boards, CISOs, and government leaders on how to govern, deploy, and defend AI at scale. He authored the SANS Secure AI Blueprint, introducing the three-pillar model of Protect, Utilize, and Govern, led the development of the SANS Critical AI Security Guidelines, and published widely cited work on Shadow AI and safe harbor protections.

Known as the "Godfather of DFIR," Rob coined the terms digital forensics and incident response (DFIR) and cyber threat intelligence (CTI), pioneered timeline analysis, and created the SIFT Workstation, the open-source forensic platform relied on globally in critical investigations.

His career spans government, industry, and academia. As a U.S. Air Force officer and founding member of the first information warfare unit, he helped build national-level cyber operations. He later served with NSA and CIA before becoming Director of Threat Intelligence at Mandiant, where he co-authored the first M-Trends report.

In 2026, Rob was appointed to the Commission on U.S. Cyber Force Generation, advising on whether the United States should establish a dedicated military service for cyberspace. He also serves as a FISA Court Technical Advisor.

Rob has authored flagship SANS courses, co-developed GIAC certifications used worldwide, and trained more than 100,000 professionals. A global speaker on AI security and innovation, he presents at leading conferences including RSA Conference and AI4, and appears in The Wall Street Journal, CNN, Forbes, Wired, Rolling Stone, and Newsweek.

Media & Speaking Inquiries

For interviews, podcast appearances, and speaking engagements on AI security, cybersecurity leadership, and digital forensics.