Rob T. Lee
Chief AI Officer (CAIO), Chief of Research, SANS Institute | “Godfather of Digital Forensics”
Actions
Rob T. Lee is Chief AI Officer and Chief of Research at the SANS Institute, where he leads AI governance, security, and organizational transformation. He authored the SANS Secure AI Blueprint and led development of the SANS Critical AI Security Guidelines, which, through a partnership with OWASP, are informing implementation of the EU AI Act.
A U.S. Air Force Academy graduate, Lee helped found the Air Force’s first operational cyber warfare unit and later served in AFOSI, CIA, and NSA roles supporting offensive cyber operations. He was a Director at Mandiant, co-authoring early M-Trends reports on advanced persistent threats. Known as the “Godfather of DFIR,” Lee helped formalize digital forensics, incident response, and cyber threat intelligence as disciplines and has trained tens of thousands of practitioners through SANS. He also serves as a Technical Advisor to the Foreign Intelligence Surveillance Court.
[Track 6] I Gave Claude Code R00t on the DFIR SIFT Workstation
Sounds reckless. Turns out it's less reckless than letting state actors be the only ones with agentic AI. Anthropic's GTG-1002 report showed adversaries running Claude Code at 80-90% autonomous execution. Your adversary has an AI. You have tab-completion. I wired the same tool into SIFT via Model Context Protocol—timeline generation, memory analysis, malware sweeps, all via natural language. By the end, you'll see me type "SIFT!! Find Evil!" and watch it actually work. Mostly. This is what 40+ hours of testing taught me.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top