The Best Online Cybersecurity Training in the World - SANS OnDemand


To attend this webcast, login to your SANS Account or create your Account.

An Inside Look at the Newly Updated ICS515 Course

  • Thursday, February 15th, 2018 at 10:30 AM EST (15:30:00 UTC)
  • Robert M. Lee
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!


Industrial IoT (IIoT) - What are the biggest threats and how are you dealing with them? Take the SANS Industrial IoT Survey and enter to win a $400 Amazon gift card.

Monitoring for, investigating, and responding to industrial security threats requires a combination of numerous skill sets and an understanding of the impact these threats can have as well as real-world examples of what threats have done before. The SANS ICS515 - ICS Active Defense and Incident Response course is the only course in the world that combines threat intelligence, monitoring and investigations, and incident response procedures to give defenders the appropriate skills and knowledge needed to defend their organizations from targeted cyber threats. This class has run now for three years absorbing feedback and best practices throughout the community as well as new case-studies related to threats such as CRASHOVERRIDE and TRISIS. Now, the course is undergoing it's first major change which further solidifies the knowledge gained over the past years as well as an entirely new hands-on lab scenario that takes students through a multi-control system lab range with 24+ hands on labs throughout the five day course.

Prospective ICS515 students should attend this webcast to learn about what changes have been made to the course and what they can expect to take away from the course. It is a hands-on real-world use-cases focused class with practical and applicable guidance for taking any industrial environment and moving it from a defensible ICS to a defended one. Come learn about the class, the updates, and what to expect.

Speaker Bio

Robert M. Lee

Rob is a recognized pioneer in the industrial security incident response and threat intelligence community. He started in security as a U.S. Air Force Cyber Warfare Operations Officer tasked to the National Security Agency where he built a first-of-its-kind mission identifying and analyzing national threats to industrial infrastructure. He went on to build the industrial community’s first dedicated monitoring and incident response class at the SANS Institute (ICS515) and the industry recognized cyber threat intelligence course (FOR578).

Forbes named Robert to its 30 under 30 (2016) list as one of the “brightest entrepreneurs, breakout talents, and change agents” in Enterprise Technology. He is a business leader but also technical practitioner. Robert helped lead the investigation into the 2015 cyber attack on Ukraine’s power grid, he and his team at Dragos helped identify and analyze the CRASHOVERRIDE malware that attacked Ukraine’s grid in 2016 and the TRISIS malware deployed against an industrial safety system in the Middle East in 2017.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.