Articles and Media


“The Industrial Cyber Threat Landscape: The Role of the Private Sector and Government in Addressing Cyber Threats to Energy Infrastructure”
Testimony to the Committee on Energy and Natural Resources, United States Senate, One Hundred Fifteenth Congress, 1 March

“OMG Cyber!”
with Thomas Rid
Journal of Strategic Studies, February, vol 159, iss 1, p. 4-37

“The Interim Years of Cyberspace”
Air and Space Power Journal, January, p. 58-79


Articles and White Papers

“The Four Types of Threat Detection”
with Sergio Caltagirone
Dragos, July 13th

“TRISIS: Analysis of Safety System Targeted Malware”
with the Dragos, Inc. team
Dragos, December 13th

“CRASHOVERRIDE: Analyzing the Threat to Electric Grid Operations”
with the Dragos, Inc. team
Dragos, June 13th

“Malware in Modern ICS: Understanding Impact While Avoiding Hype”
with Ben Miller
POWERMag, May 1st

“Insights Into Building an ICS Security Operations Center”
Dragos, March 6th

“Generating Hypotheses for Successful Threat Hunting”
SANS Institute, August 15

“What Are the Risks of Hacking Infrastructure? Nobody Really Knows”
Motherboard, July 29

“ICS Defense Use Case 5: Analysis of the Cyber Attack on the Ukrainian Power Grid”
SANS Institute, March 18

“The Who, What, Where, When, and How of Effective Threat Hunting”
SANS Institute, March 2

“ICS Defense Use Case 4: Media Reports of Attacks on US Infrastructure by Iran”
SANS Institute, Jan 5

“The ICS Cyber Kill Chain”
SANS Institute, October 1

“The Sliding Scale of Cyber Security”
SANS Institute, August 15

“Why Strong Encryption is Elementary”
Christian Science Monitor’s Passcode, July 8

“Security Firm’s Iran Report Mostly Hype”
Christian Science Monitor’s Passcode, April 17

“The Active Cyber Defense Cycle: A Strategy to Ensure oil and Gas Infrastructure Cyber Security” (Five Part Series)
Oil and Gas Engineering, February 25

“Saving the Air Force Cyber Community”
Signal Magazine, February 1

“The Feds Got the Sony Hack Right, but the Way They’re Framing it is Dangerous”
Wired, January 10

“Snowden’s Leaked PowerPoints Provide Flawed view of American Spy Agencies”
Christian Science Monitor’s Passcode, January 9

“ICS Defense Use Case 2: German Steel Mill Cyber Attack”
SANS Institute, December 30

“ICS Defense Use Case 1: Media Report of the Baku-Tbilsi-Ceyhan (BTC) pipeline Cyber Attack”
SANS Institute, December 20

“It Does Matter That the White House Cybersecurity Czar Lacks Technical Chops”
Forbes, August 25

“Making Digital forensics a Critical Part of Your Cyber Security Defenses”
with Matthew Luallen
Control Engineering, January 15

“The Failing of Air Force Cyber”
Signal Magazine, November 1


Recorded Media and Conferences


“The Adversary’s Ability to Change Their Tradecraft is Difficult”
Cyber Security Interviews, April 24th, 2018

“After Alert on Russian Hacks, Bigger Push to Protect Power Grid”
Morning Edition NPR, April 19th, 2018

“Future of War Conference”
New America, April 9th, 2018

“Testimony to the Senate Energy and Natural Resources Committee on the Industrial Threat Landscape”
U.S. Senate Energy and Natural Resources Committee, March 1st, 2018

“The Challenge of Adversary Intent and Deriving Value Out of It”
SANS Cyber Threat Intelligence Summit, January 30th

“S4x18 Debate: Enterprise SOC or OT SOC?”
S4x18, January 17th


“ICS Cyber Attacks: Fact vs. Fiction”
With The Best (Digital Conference), October 14th, 2017

“BSides Charm 2017 Keynote: Exploring ICS Cyber Attacks”
BSides Charm (Conference), April 29th

“The Myth of Automated Hunting in ICS/SCADA Networks”
SANS Threat Hunting Summit (Conference), April 18th

“Challenge Tomorrow – Securing Our Virtual World”
Channel News Asia (Documentary for Singapore National News), March 29th

“What is the Extent of the Problem for the Power Grid” Part 1 and Part 2
Siebel Energy Institute (Conference Panel), March 3rd

“HackerNinjaScissors – Robert M. Lee on Threat Intelligence”
CyberSpeak (Podcast), February 4th

“Knowing When to Consume Intelligence and When to Generate It”
SANS Cyber Threat Intelligence Summit (Conference), Jan 18th

“Confronting Cyber Conflict” 
The Agenda with Steve Paikin (Canadian National News), January 24th


CBS Report on Dec 2015 Ukraine Attack

CBS (National News), December 21st

“The Ukraine Cyber Attack: One Year Later”
4SICS (Conference), October 26th

“Exploring the Unknown ICS Threat Landscape”
4SICS (Conference Keynote), October 25th

“ICS/SCADA Threat Hunting”
BSides Augusta (Conference), September 10th

“ICS Network Security Monitoring in Difficult Scenarios”
SecurityOnion Conference, September 9th

“Leverage Cyber Threat Intelligence in an Active Cyber Defense”
SANS DFIR Summit (Conference), June 29

Guarding the Grid (Starts at 39:00)
Christian Science Monitor (Panel), May 13

Hackers Knock Out the Power in Ukraine – It Could Happen in Sweden
Sweden TV4 (National News), March 21

How Hackers Turned off the Lights in Ukraine
BBC Radio 4 (Radio), Feb 29

Fox News Interview on the Ukraine Power Grid Cyber Attack
Fox News (National News), Jan 15

“Asset Identification and Network Security Monitoring in ICS Networks”
4SICS (Conference), October 22

“Panel: Current Threats, Attribution, Disclosure, and Media Coverage”
4SICS (Conference), October 22

“Switches Get Stitches: Episode 3”
Black Hat (Conference), August 5

“Switches Get Stitches: Episode 3”
DefCon (Conference), August 8

“Is Cyber-Warfare Really That Scary?”
BBC World Service Inquiry (Internet Radio), May 6

“Active Cyber Defense Cycle”
BSides Huntsville Keynote (Conference), February 8

“The Interim Years of Cyberspace”
TROOPERS (Conference), April 26


Awards and Highlighted in the Media

“Tech Titans 2018: Wasington’s Top Tech Leaders”
Washingtonian, September 20th, 2018

“Meet the Baltimore Business Journal’s 40 under 40”
Baltimore Business Journal, August 29th, 2018

“They’re on the Lookout for Malware that Can Kill”
Washington Post, April 27th, 2018

“Hacking a Power Grid in 3 (Not-So-Easy) Steps”
Wired, October 13th, 2017

“ICS-focused Cybersecurity Startup Dragos Raises $10M to Protect Electric Grid”
CyberScoop, August 14th, 2017

“Cybersecurity Expert Fights for Realism”
The Hill, July 11th, 2017

“How an Entire Nation Became Russia’s Test Lab for Cyberwar”
Wired, June 20th, 2017

“Forbes 30 under 30: Enterprise Technology”
Forbes, 2016

“Meet the Ex-Army Hackers Trying to Save America from Blackouts”
Forbes, March 23, 2015