Articles and Media


“OMG Cyber!”
with Thomas Rid
Journal of Strategic Studies, February, vol 159, iss 1, p. 4-37

“The Interim Years of Cyberspace”
Air and Space Power Journal, January, p. 58-79


Articles and White Papers

“Malware in Modern ICS: Understanding Impact While Avoiding Hype”
with Ben Miller
POWERMag, May 1st

“Insights Into Building an ICS Security Operations Center”
Dragos, March 6th

“Generating Hypotheses for Successful Threat Hunting”
SANS Institute, August 15

“What Are the Risks of Hacking Infrastructure? Nobody Really Knows”
Motherboard, July 29

“ICS Defense Use Case 5: Analysis of the Cyber Attack on the Ukrainian Power Grid”
SANS Institute, March 18

“The Who, What, Where, When, and How of Effective Threat Hunting”
SANS Institute, March 2

“ICS Defense Use Case 4: Media Reports of Attacks on US Infrastructure by Iran”
SANS Institute, Jan 5

“The ICS Cyber Kill Chain”
SANS Institute, October 1

“The Sliding Scale of Cyber Security”
SANS Institute, August 15

“Why Strong Encryption is Elementary”
Christian Science Monitor’s Passcode, July 8

“Security Firm’s Iran Report Mostly Hype”
Christian Science Monitor’s Passcode, April 17

“The Active Cyber Defense Cycle: A Strategy to Ensure oil and Gas Infrastructure Cyber Security” (Five Part Series)
Oil and Gas Engineering, February 25

“Saving the Air Force Cyber Community”
Signal Magazine, February 1

“The Feds Got the Sony Hack Right, but the Way They’re Framing it is Dangerous”
Wired, January 10

“Snowden’s Leaked PowerPoints Provide Flawed view of American Spy Agencies”
Christian Science Monitor’s Passcode, January 9

“ICS Defense Use Case 2: German Steel Mill Cyber Attack”
SANS Institute, December 30

“ICS Defense Use Case 1: Media Report of the Baku-Tbilsi-Ceyhan (BTC) pipeline Cyber Attack”
SANS Institute, December 20

“It Does Matter That the White House Cybersecurity Czar Lacks Technical Chops”
Forbes, August 25

“Making Digital forensics a Critical Part of Your Cyber Security Defenses”
with Matthew Luallen
Control Engineering, January 15

“The Failing of Air Force Cyber”
Signal Magazine, November 1


Recorded Media and Conferences


“BSides Charm 2017 Keynote: Exploring ICS Cyber Attacks”
BSides Charm (Conference), April 29th

“The Myth of Automated Hunting in ICS/SCADA Networks”
SANS Threat Hunting Summit (Conference), April 18th

“Challenge Tomorrow – Securing Our Virtual World”
Channel News Asia (Documentary for Singapore National News), March 29th

“What is the Extent of the Problem for the Power Grid” Part 1 and Part 2
Siebel Energy Institute (Conference Panel), March 3rd

“HackerNinjaScissors – Robert M. Lee on Threat Intelligence”
CyberSpeak (Podcast), February 4th

“Knowing When to Consume Intelligence and When to Generate It”
SANS Cyber Threat Intelligence Summit (Conference), Jan 18th

“Confronting Cyber Conflict” 
The Agenda with Steve Paikin (Canadian National News), January 24th


CBS Report on Dec 2015 Ukraine Attack

CBS (National News), December 21st

“The Ukraine Cyber Attack: One Year Later”
4SICS (Conference), October 26th

“Exploring the Unknown ICS Threat Landscape”
4SICS (Conference Keynote), October 25th

“ICS/SCADA Threat Hunting”
BSides Augusta (Conference), September 10th

“ICS Network Security Monitoring in Difficult Scenarios”
SecurityOnion Conference, September 9th

“Leverage Cyber Threat Intelligence in an Active Cyber Defense”
SANS DFIR Summit (Conference), June 29

Guarding the Grid (Starts at 39:00)
Christian Science Monitor (Panel), May 13

Hackers Knock Out the Power in Ukraine – It Could Happen in Sweden
Sweden TV4 (National News), March 21

How Hackers Turned off the Lights in Ukraine
BBC Radio 4 (Radio), Feb 29

Fox News Interview on the Ukraine Power Grid Cyber Attack
Fox News (National News), Jan 15

“Asset Identification and Network Security Monitoring in ICS Networks”
4SICS (Conference), October 22

“Panel: Current Threats, Attribution, Disclosure, and Media Coverage”
4SICS (Conference), October 22

“Switches Get Stitches: Episode 3”
Black Hat (Conference), August 5

“Switches Get Stitches: Episode 3”
DefCon (Conference), August 8

“Is Cyber-Warfare Really That Scary?”
BBC World Service Inquiry (Internet Radio), May 6

“Active Cyber Defense Cycle”
BSides Huntsville Keynote (Conference), February 8

“The Interim Years of Cyberspace”
TROOPERS (Conference), April 26


Highlighted in the Media

“Hacking a Power Grid in 3 (Not-So-Easy) Steps”
Wired, October 13th, 2017

“ICS-focused Cybersecurity Startup Dragos Raises $10M to Protect Electric Grid”
CyberScoop, August 14, 2017

“Cybersecurity Expert Fights for Realism”
The Hill, July 11th, 2017

“How an Entire Nation Became Russia’s Test Lab for Cyberwar”
Wired, June 20th, 2017

“Meet the Ex-Army Hackers Trying to Save America from Blackouts”
Forbes, March 23, 2015