Get an iPad mini, ASUS ZenScreen LED Monitor, or $350 Off with OnDemand Training thru 5/19


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Leveraging Managed Threat Hunting for an Effective ICS/OT Cybersecurity Program

  • Friday, April 17, 2020 at 1:00 PM EDT (2020-04-17 17:00:00 UTC)
  • Robert M. Lee, Tim Conway


  • Dragos, Inc.

You can now attend the webcast using your mobile device!



Managed Detection and Response and Managed Threat Hunting solutions have been available for the Enterprise IT networks for many years but have been lacking in ICS/OT. Until now.

Dragos is launching the first MTH program for ICS/OT called Neighborhood Watch.

Join Tim Conway and Robert M. Lee for a discussion about the value of MDR/MTH programs, considerations to keep in mind and how to evaluate offerings. Youll learn about:

  •    Providing more security coverage with fewer staff resources
  •    Transferring knowledge to your cybersecurity staff team for long term success
  •    Identifying threats often leveraging a vendor's technology stack
  •    Evaluating cost, time to ramp and overall effectiveness

Speaker Bios

Robert M. Lee

Rob is a recognized pioneer in the industrial security incident response and threat intelligence community. He started in security as a U.S. Air Force Cyber Warfare Operations Officer tasked to the National Security Agency where he built a first-of-its-kind mission identifying and analyzing national threats to industrial infrastructure. He went on to build the industrial community’s first dedicated monitoring and incident response class at the SANS Institute (ICS515) and the industry recognized cyber threat intelligence course (FOR578).

Forbes named Robert to its 30 under 30 (2016) list as one of the “brightest entrepreneurs, breakout talents, and change agents” in Enterprise Technology. He is a business leader but also technical practitioner. Robert helped lead the investigation into the 2015 cyber attack on Ukraine’s power grid, he and his team at Dragos helped identify and analyze the CRASHOVERRIDE malware that attacked Ukraine’s grid in 2016 and the TRISIS malware deployed against an industrial safety system in the Middle East in 2017.

Tim Conway

Technical Director - ICS and SCADA programs at SANS. Responsible for developing, reviewing, and implementing technical components of the SANS ICS and SCADA product offerings. Formerly, the Director of CIP Compliance and Operations Technology at Northern Indiana Public Service Company (NIPSCO). Responsible for Operations Technology, NERC CIP Compliance, and the NERC training environments for the operations departments within NIPSCO Electric. Previously, an EMS Computer Systems Engineer at NIPSCO for eight years, with responsibility over the control system servers and the supporting network infrastructure. Former Chair of the RFC CIPC, current Chair of the NERC CIP Interpretation Drafting Team, member of the NESCO advisory board, current Chair of the NERC CIPC GridEx Working Group, and Chair of the NBISE Smart Grid Cyber Security panel.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.