Peer-Reviewed and Testimony
2023
“Addressing Cybersecurity Risks to the Critical Parts of the United States’ Energy Infrastructure”
Testimony to the Committee on Energy and Natural Resources, United States Senate, One Hundred Eighteenth Congress, 23 March
2021
“Countering Ransomware in Critical Infrastructure”
Testimony to the Subcommittee on Oversight and Investigations of the Committee on Energy and Commerce of the House of Representatives, One Hundred Seventeenth Congress, 20 July
2018
“The Industrial Cyber Threat Landscape: The Role of the Private Sector and Government in Addressing Cyber Threats to Energy Infrastructure”
Testimony to the Committee on Energy and Natural Resources, United States Senate, One Hundred Fifteenth Congress, 1 March
2014
“OMG Cyber!”
with Thomas Rid
Journal of Strategic Studies, February, vol 159, iss 1, p. 4-37
2013
“The Interim Years of Cyberspace”
Air and Space Power Journal, January, p. 58-79
Articles and White Papers
2019
“Exploring the Human Fingerprints on Malware”
with Tobias Johansson
SANS, November 22nd
2018
“Collection Management Frameworks: Looking Beyond Asset Inventories In Preparation for and Response to Cyber Threats”
with Ben Miller and Mark Stacey
Dragos, December 11th
“The Four Types of Threat Detection”
with Sergio Caltagirone
Dragos, July 13th
2017
“TRISIS: Analysis of Safety System Targeted Malware”
with the Dragos, Inc. team
Dragos, December 13th
“CRASHOVERRIDE: Analyzing the Threat to Electric Grid Operations”
with the Dragos, Inc. team
Dragos, June 13th
“Malware in Modern ICS: Understanding Impact While Avoiding Hype”
with Ben Miller
POWERMag, May 1st
“Insights Into Building an ICS Security Operations Center”
Dragos, March 6th
2016
“Generating Hypotheses for Successful Threat Hunting”
SANS Institute, August 15
“What Are the Risks of Hacking Infrastructure? Nobody Really Knows”
Motherboard, July 29
“ICS Defense Use Case 5: Analysis of the Cyber Attack on the Ukrainian Power Grid”
SANS Institute, March 18
“The Who, What, Where, When, and How of Effective Threat Hunting”
SANS Institute, March 2
“ICS Defense Use Case 4: Media Reports of Attacks on US Infrastructure by Iran”
SANS Institute, Jan 5
2015
“The ICS Cyber Kill Chain”
SANS Institute, October 1
“The Sliding Scale of Cyber Security”
SANS Institute, August 15
“Why Strong Encryption is Elementary”
Christian Science Monitor’s Passcode, July 8
“Security Firm’s Iran Report Mostly Hype”
Christian Science Monitor’s Passcode, April 17
“The Active Cyber Defense Cycle: A Strategy to Ensure oil and Gas Infrastructure Cyber Security” (Five Part Series)
Oil and Gas Engineering, February 25
“Saving the Air Force Cyber Community”
Signal Magazine, February 1
“The Feds Got the Sony Hack Right, but the Way They’re Framing it is Dangerous”
Wired, January 10
“Snowden’s Leaked PowerPoints Provide Flawed view of American Spy Agencies”
Christian Science Monitor’s Passcode, January 9
2014
“ICS Defense Use Case 2: German Steel Mill Cyber Attack”
SANS Institute, December 30
“ICS Defense Use Case 1: Media Report of the Baku-Tbilsi-Ceyhan (BTC) pipeline Cyber Attack”
SANS Institute, December 20
“It Does Matter That the White House Cybersecurity Czar Lacks Technical Chops”
Forbes, August 25
“Making Digital forensics a Critical Part of Your Cyber Security Defenses”
with Matthew Luallen
Control Engineering, January 15
2013
“The Failing of Air Force Cyber”
Signal Magazine, November 1
Recorded Media and Conferences
2021
“Countering Ransomware in Critical Infrastructure”
Testimony to the Subcommittee on Oversight and Investigations of the Committee on Energy and Commerce of the House of Representatives, One Hundred Seventeenth Congress, 20 July
2020
“The Industrial Cyber Threat Landscape: 2019 in Review”
RSA Keynote, January 27th
2019
“The Five Most Dangerous New Attack Techniques”
RSA APJ Keynote, August 2nd
“America’s Hidden Stories: CIA Cyber Attack”
Smithsonian Channel Documentary
2018
“Mini-Stories Volume 1: Bitcoin Mining in a Wind Farm”
Darknet Diaries, 15 September
“The Adversary’s Ability to Change Their Tradecraft is Difficult”
Cyber Security Interviews, April 24th
“After Alert on Russian Hacks, Bigger Push to Protect Power Grid”
Morning Edition NPR, April 19th
“Future of War Conference”
New America, April 9th
“Testimony to the Senate Energy and Natural Resources Committee on the Industrial Threat Landscape”
U.S. Senate Energy and Natural Resources Committee, March 1st, 2018
“The Challenge of Adversary Intent and Deriving Value Out of It”
SANS Cyber Threat Intelligence Summit, January 30th
“S4x18 Debate: Enterprise SOC or OT SOC?”
S4x18, January 17th
2017
“ICS Cyber Attacks: Fact vs. Fiction”
With The Best (Digital Conference), October 14th, 2017
“BSides Charm 2017 Keynote: Exploring ICS Cyber Attacks”
BSides Charm (Conference), April 29th
“The Myth of Automated Hunting in ICS/SCADA Networks”
SANS Threat Hunting Summit (Conference), April 18th
“Challenge Tomorrow – Securing Our Virtual World”
Channel News Asia (Documentary for Singapore National News), March 29th
“What is the Extent of the Problem for the Power Grid” Part 1 and Part 2
Siebel Energy Institute (Conference Panel), March 3rd
“HackerNinjaScissors – Robert M. Lee on Threat Intelligence”
CyberSpeak (Podcast), February 4th
“Knowing When to Consume Intelligence and When to Generate It”
SANS Cyber Threat Intelligence Summit (Conference), Jan 18th
“Confronting Cyber Conflict”
The Agenda with Steve Paikin (Canadian National News), January 24th
2016
CBS Report on Dec 2015 Ukraine Attack
CBS (National News), December 21st
“The Ukraine Cyber Attack: One Year Later”
4SICS (Conference), October 26th
“Exploring the Unknown ICS Threat Landscape”
4SICS (Conference Keynote), October 25th
“ICS/SCADA Threat Hunting”
BSides Augusta (Conference), September 10th
“ICS Network Security Monitoring in Difficult Scenarios”
SecurityOnion Conference, September 9th
“Leverage Cyber Threat Intelligence in an Active Cyber Defense”
SANS DFIR Summit (Conference), June 29
Guarding the Grid (Starts at 39:00)
Christian Science Monitor (Panel), May 13
Hackers Knock Out the Power in Ukraine – It Could Happen in Sweden
Sweden TV4 (National News), March 21
How Hackers Turned off the Lights in Ukraine
BBC Radio 4 (Radio), Feb 29
Fox News Interview on the Ukraine Power Grid Cyber Attack
Fox News (National News), Jan 15
2015
“Asset Identification and Network Security Monitoring in ICS Networks”
4SICS (Conference), October 22
“Panel: Current Threats, Attribution, Disclosure, and Media Coverage”
4SICS (Conference), October 22
“Switches Get Stitches: Episode 3”
Black Hat (Conference), August 5
“Switches Get Stitches: Episode 3”
DefCon (Conference), August 8
“Is Cyber-Warfare Really That Scary?”
BBC World Service Inquiry (Internet Radio), May 6
“Active Cyber Defense Cycle”
BSides Huntsville Keynote (Conference), February 8
2013
“The Interim Years of Cyberspace”
TROOPERS (Conference), April 26
Featured in Books
2020
Sandworm
By: Andy Greenberg
Tribe of Hackers Security Leaders: Tribal Knowledge from the best in Cybersecurity Leadership
By: Marcus J. Carey and Jennifer Jin
2018
Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World
By: Marcus J. Carey and Jennifer Jin
Awards and Profiles
“Tech Titans 2018: Wasington’s Top Tech Leaders”
Washingtonian, September 20th, 2018
“Meet the Baltimore Business Journal’s 40 under 40”
Baltimore Business Journal, August 29th, 2018
“They’re on the Lookout for Malware that Can Kill”
Washington Post, April 27th, 2018
“Hacking a Power Grid in 3 (Not-So-Easy) Steps”
Wired, October 13th, 2017
“ICS-focused Cybersecurity Startup Dragos Raises $10M to Protect Electric Grid”
CyberScoop, August 14th, 2017
“Cybersecurity Expert Fights for Realism”
The Hill, July 11th, 2017
“How an Entire Nation Became Russia’s Test Lab for Cyberwar”
Wired, June 20th, 2017
“Forbes 30 under 30: Enterprise Technology”
Forbes, 2016
“Meet the Ex-Army Hackers Trying to Save America from Blackouts”
Forbes, March 23, 2015