Conversations with Chief Innovators
Ep 9: SANS Institute
Published on: February 20, 2025
Last update: February 20, 2025
Welcome to Conversations with Chief Innovators, where our CEO Pat Sheridan discusses innovation in business with transformational leaders across industries. To kick off 2025, we bring you Rob Lee, Chief of Research and Head of Faculty at SANS Institute.
Watch the full episode below:
Rob Lee is Chief of Research and Head of Faculty at SANS Institute. Known as “The Godfather of DFIR,” Rob has over 20 years of experience in cybersecurity, threat hunting, and digital forensics. He’s also key contributor to SANS’ advanced cybersecurity training programs.
Rob’s journey from the Air Force Academy to becoming a leading figure in cybersecurity is nothing short of remarkable. With a career spanning government contracting, startups, and now SANS, Rob has been at the forefront of defending organizations against some of the most sophisticated cyber threats.
Rob and I discussed the intersection of AI and cybersecurity, the top challenges keeping executives up at night, and how organizations can stay secure in an increasingly complex threat landscape. Here are a few excerpts from our conversation.
1. What led you to become “The Godfather of DFIR” and how did you start at SANS?
I didn’t begin my career with cybersecurity in mind. I actually studied astronautical engineering and planned to send heavy things into orbit. A color-vision issue at the Air Force Academy derailed that path and prevented me from going into space operations.
So, I started doing some side work at the academy and got into trouble for doing things like email spoofing. Some senior generals tracked the work back to me and offered me a chance to join the Information Warfare Squadron. This was my foray into cybersecurity, cyber defense, and offense.
Fast forward 25 years, and I’ve worked for the Air Force Office of Special Investigations (AFOSI), government contractors, and incident response startups.
I joined SANS as an entrepreneur-of-sorts, building and expanding our forensics and incident response curriculum, and eventually took on the role of Chief of Research. My focus has always been on helping organizations detect intruders, respond quickly, and proactively defend against the next wave of threats.
2. How is AI changing cybersecurity?
I think about how AI is fundamentally shifting the way businesses operate. There’s a lot of noise, and many companies are just slapping AI stickers on things. But underneath that, the way work is done is about to change completely, and how we think about software architecture and building digital platforms will change with it.
We’ve already seen a 10-100X increase in the speed of intrusions across every industry. Phishing, up until a year ago, was 70% of all intrusions. Now, almost 60% of all intrusions are zero-day exploits. Why? Malicious actors have started applying machine learning and GenAI capabilities for source code analysis.
With the development of agentic AI, the challenge will further intensify. Once an attacker gains a foothold inside an organization, AI-driven agents can operate independently and exploit vulnerabilities in real-time. And while many still believe, "That doesn't exist yet," the reality is, it's only a matter of time. The velocity of cyber threats is increasing and defenders are struggling to keep up.
3. Can AI alone solve cyber threats or do people still matter?
The cybersecurity industry is being sold on automation and AI-driven products instead of people. But the smartest teams, the ones that can adapt and innovate on the fly, are what truly protect an organization. It’s the human-based visionaries leveraging the right tools, not just tools alone.
Some organizations try to modularize security, treating it as a set of repeatable tasks that can be learned in weeks. But that’s like limiting neurosurgery to cutting, removing, and stitching. This mindset ignores the deep expertise required in cybersecurity, which is the same level of skill as medicine or law.
AI can be a force multiplier, but without skilled professionals guiding it, it becomes a weapon for attackers, not a shield for defenders.
The cybersecurity industry is being sold on automation and AI-driven products instead of people. But the smartest teams, the ones that can adapt and innovate on the fly, are what truly protect an organization.
4. Quantum computing is on the horizon, with talk of encryption-breaking and massive compute power. Should CISOs worry now or wait?
Yes, quantum will break all encryption. That’s the headline everyone chases.
But if you're a nation-state with quantum, would you waste it on breaking encryption? Or would you use it for greater economic and strategic value? Would you be cracking passwords or finding a cure for cancer?
So, should CISOs or CTOs panic and pour their budgets into quantum-proofing encryption today? No. Should they be thinking about it strategically? Absolutely.
I want organizations to stay ahead of the AI curve, but not overreact to it. Before worrying about theoretical quantum breaches, focus on the real threats like securing hugging face AI models and exposed API keys. Because these are the threats companies are facing right now.
I want organizations to stay ahead of the AI curve, but not overreact to it. Before worrying about theoretical quantum breaches, focus on the real threats like securing hugging face AI models and exposed API keys. Because these are the threats companies are facing right now.
5. What’s your one big piece of advice for the next generation of cybersecurity leaders?
Treat AI and cybersecurity like a workout. This will increase your lifespan. If you want your organization to last, and you’re in a CISO, board, or executive role, you must view this as a daily habit and keep learning and staying on top of the latest trends.
Study every day. It’s hard, it takes time, but just like working out, once you stop, you fall out of shape. Learning is a full-time job. Dedicate at least 30 minutes to an hour a day, and even more on weekends, to stay abreast of advancements in AI and cybersecurity and their impact on your industry. Read journals, listen to podcasts, and become obsessed with it. The health of your organization depends on it.
STORIES OF TRANSFORMATION
Dive into Conversations with Chief Innovators to learn how business leaders are redefining their industries
