I’ve had the privilege of authoring courses and teaching at SANS for years. Thousands of students have taken my FOR578: Cyber Threat Intelligence, ICS515: ICS Visibility, Detection, and Response, and the new ICS310: ICS Cybersecurity Foundations courses. Teaching has always been a humbling part of my career, and no matter how busy I get leading Dragos and pursuing other endeavors, I make time to teach. It has become a core part of my identity, and I draw inspiration and energy from my amazing students and alumni, who continue to do inspiring work in the field.
It’s on this backdrop that I am incredibly proud to have risen through the ranks at SANS to become a SANS Fellow. For over a decade I have called SANS home, and today, I’m very excited to announce a new chapter in my SANS career.
Effective immediately, I am taking on the new role of SANS ICS Practice Lead. In this blog, I will detail a bit of the history of this effort and what it means for the SANS ICS community.
The SANS ICS Practice Area
The SANS ICS team is made up of a number of amazing people across the organization, with many more supporting it behind the scenes. The SANS ICS Security curriculum is led by Michael Harrison and Tim Conway, who oversee everything from course development to daily operations.
Years ago, Michael Assante had a vision for something called the Practice Area and took over as the Practice Area Lead/Director. His goal was to compliment SANS’s traditional curriculum structures while focusing strategically on critical infrastructure organizations. The Practice Area functioned as both a specialized sales and marketing team and a business development unit, fostering alliances and partnership to better serve the ICS community.
Mike’s vision was to ensure SANS ICS reached more professionals while gathering feedback to improve the curriculum. The SANS leadership team gave him the freedom to “break the mold,” whether through strategic partnerships, flexible pricing models, or global collaborations with governments and enterprises.
Mike’s dedication to ICS security education shaped the way SANS supports the industry today, and his vision for a focused ICS Practice Area remains just as relevant. Now, more than ever, we need to expand its reach.
My Role as SANS ICS Practice Lead
With a lot of trust (and patience), the SANS Leadership team has asked me to take on the role of SANS ICS Practice Lead and revive this initiative. SANS’s commitment to the ICS security community is unwavering, and in a time of geopolitical strife, evolving industrial trends, digitization, and an ever-increasing number of cyber threats targeting our community, I’ve been challenged with finding ways to make SANS ICS Security courses and content more accessible.
The Practice Area is still in its early stages, and there’s no established playbook. However, the SANS ICS team understands Mike Assante’s original intent, and I hope to live up to that vision.
Initially, I will be focusing on our efforts in the APAC region before scaling globally. If you’re an APAC customer, expect to hear from me soon (and if you don’t, please reach out). I want to understand your challenges, gather feedback, and collaborate to enhance the accessibility and impact of ICS training.
In doing so, the SANS ICS curriculum team will share key insights from the Practice Area across the broader SANS organization. Our core mission remains the same: to serve SANS ICS students and advance ICS cybersecurity education.
Join Me for a Live Webcast
If you’d like to learn more or ask questions, I’m hosting a live webcast on Tuesday, February 18, 2025, at 11:00AM Singapore Standard Time (SST), (February 17, 7:00 PM Pacific Time (PST)).
You won’t want to miss it. Register here to learn more.
Thank you for trusting me with this responsibility. I’m committed to doing my best to live up to Mike Assante’s vision, carry on the passion of the SANS ICS team, and uphold the SANS missions to empower cybersecurity professionals more than ever before.
Robert M. Lee
SANS ICS Practice Lead
P.S. – Join Me at the 20th Annual SANS ICS Security Summit
I’d be remiss if I didn’t also invite you to join me at the 20th Annual SANS ICS Security Summit and Training event, taking place this June 15-17, 2025, in Orlando, FL.
This historic Summit, founded by Mike Assante and SANS Founder Alan Paller, has played a pivotal role in shaping the ICS-OT security community.
As co-chair of this milestone event, I am excited to bring the ICS/OT community together to celebrate how far we’ve come and to prepare for where we will go in the next 20 years.
