Rob and Blake discuss vulnerability and exploit discover in the age of AI and increasingly intelligent cyber threats.
Rob and Blake discuss vulnerability and exploit discover in the age of AI and increasingly intelligent cyber threats.
Rob Lee is the Chief of Research and Head of Faculty at SANS Institute and runs his own consulting business specializing in information security, incident response, threat hunting, and digital forensics. With more than 20 years of experience in digital forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response, he is known as “The Godfather of DFIR”. Rob co-authored the book Know Your Enemy, 2nd Edition, and is course co-author of FOR500: Windows Forensic Analysis and FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics.
Rob graduated from the U.S. Air Force Academy and served as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on information operations. Later, he was a member of the Air Force Office of Special Investigations (AFOSI) where he led a team conducting computer crime investigations, incident response, and computer forensics.
[00:00:00]
[00:00:05] Blake: Hello and welcome to We're In a podcast that gets inside the brightest minds in cybersecurity. I'm your host, Blake Thompson Heuer, and joining me today is none other than Rob T. Lee, chief of research at the SANS Institute. Rob, thanks so much for joining the podcast.
[00:00:19] Rob: Hey Blake, uh, really enjoy being invited on here. I appreciate it. Thank you.
[00:00:23] Blake: Now, jumping right in, you've been called the quote, "Godfather of Digital Forensics and Incident Response." How did you come by that?
[00:00:31] Rob: The other Robert, uh, Lee. Robert M. Lee, uh, there was a Digital Forensic Sensory Response Summit. They were kind of presenting a, you know. Um, my impact on digital forensics and they had Robert M. Lee go up there and says, you know, Rob is the godfather of digital forensics.
[00:00:46] And everyone was like, ah, that's perfect. And it was during that, that, that kind of came around. It kind of stuck. So thankfully I did not self moniker because I think that's just weird and people do that. But just like call signs from the Air Force, you know, which I'm wearing right here, is that, you know, you're given your call sign, you're not able to veto it, is what it comes down to.
[00:01:05] Blake: So the, the follow up there is, would you have vetoed it if, given the option?
[00:01:09] Rob: I am, I, I am a very, like, it's everyone else. I like helping out, you know, folks in the mission. You know, it's one of the reasons I've always enjoyed teaching is that you're arming people for the front lines of what they're gonna experience. And if I'm able to help them do that, that's great. Not in it to be a hood ornament or, you know, do this for ego.
[00:01:28] I actually kind of like being behind the scenes. People remember Hey, I'm where you're at because I took your class, and I'm like, oh great. So, you're writing books and all this stuff and I was able to get you started. I'm more of, I don't like the spotlight.
[00:01:41] I was vetoing it for a long time, but then someone else said, mostly my PR team, uh, said, Nope, you gotta use it. And I'm like, all right.
[00:01:48] Blake: Well, and I feel like if it's coming from Rob m. Lee as well, also a friend of the podcast incidentally, you know, that that also cements it even, even more there.
[00:01:56] Rob: Yeah.
[00:01:57] Blake: You've worked at the SANS Institute for many years in a variety of roles. It's obviously an organization that's just been central to your career. Many We're In listeners are no doubt familiar with SANS and its resources, certs, and, and courses. But, for those that aren't in the know or are new to the SANS Institute, how would you bring them up to speed and, and, and how can you describe your roles there?
[00:02:18] Rob: How I ended up getting pulled into SANS is they identify a practitioner in the field and say, Hey, you know, would you give a talk based off of what you're discovering? And that's really how I started. And for nearly 20 years, I'm a contractor practitioner in the field doing, you know, cybersecurity, starting businesses, working with Mandiant, ManTech, you know, air Force.
[00:02:39] They basically have someone, you know, teach but then go back and fight the battle. And we still have that. Four years ago they asked me to come on board as one of their executives, you know, because they need more content people
[00:02:50] to be a part of their executive team. So I, you know, decided to join full time at that point. And so officially, I've only been an employee for four years. But the impact, what SANS has overall, you know, is why I'm there. Alan Poll, a founder, really lived by the moniker that, you know, we're the most trusted cybersecurity capability for both training, certifications, knowledge, and it's that last piece, knowledge that, it, it really drives me. It's like the other piece that are, you know, honestly they're products of ours and we sell 'em, but in reality, like SANS creates a lot of assets, resources, and capabilities for the community for free. We have a lot of, you know, resources that, you know, dedicated to training the workforce.
[00:03:29] And it's that mission impact because, being former military, the. Battles that are being fought by our country and the adversaries are not on a military frontline. They're on corporate financial, systems, medical systems, obviously power, water, you know, the critical infrastructure systems, but you tech any one of these and you are able to get people to like, worry about their retirement and 401k and be able to withdraw from it.
[00:03:52] And I tell people in military, commanders, this all the time. Even if these folks leave the military, they're leaving to go to the front lines. Front lines are not, you know, defending Air force bases, from cyber attack. It's the front lines are defending the power grid, and that's all civilian infrastructure.
[00:04:07] Blake: Now let's talk a little bit about your military service. You've got the Air Force shirt on. You've, and you were a founding officer at the Six Oh Ninth Information Warfare Squadron. Really designated as, my understanding, the first warfare division of its kind in US history. How has that military background shaped your approach to cyber and, and, and digital forensics throughout your career?
[00:04:28] Rob: Greatly. Both my father and my grandfather were career, were career in the, US Air Force and little known, interesting fact, my grandfather was the first deputy director of the NSA. So we have this long history i of you know, service. And so I went to the Air Force Academy.
[00:04:44] I have this massive mission drive to help people to drive businesses to the right area. And right now my, I call it my massive transformative purpose is helping businesses align to AI business transformation in a secure way. And we'll talk about that in a little bit. But you know, the more I'm able to do that, the more I truly believe that not only are defending these systems from adversarial tax, but helping these businesses, you know, weather the AI transformation that's ongoing.
[00:05:10] So you don't have businesses go out of business. That you're able to maintain, you know, structure and maintain what you're doing, have a way to do that, you know, that's secure and risk. Risk averse.
[00:05:20] Blake: Of course, and you kind of alluded to this in earlier comments, the almost fluidity between military service institutes like SANS that are trying to tap into the frontline practitioners who really know their stuff. Not only talk the talk, but have walked the walk and organizations that you worked at like Mandiant. And, my understanding, you've been involved in creating the MREs a PT report, some of these private sector cybersecurity firms, they've. Almost grown to behave like their own intelligence apparatus. And I mean that in a good way in the sense of producing quality research that's used not only by industry, but frankly has informed indictments and things of that nature and is pretty intense.
[00:05:56] What are you watching out for next when it comes to a PT activity?
[00:06:00] Rob: First of all, you're, you're spot on because the front lines are actually civilian infrastructure, whether it's a pharmaceutical industry or you know, whether it's a financial firm dow chemicals, anything. Uh, so we need, you know, taking a look at that. You know, of course when we're able to look at these reports, and I remember sitting back in Mandiant, we were coming out with our first a PT report and everyone was like, afraid in the community is like, you can't name it China, that is all classified information.
[00:06:25] I'm like, well, we're staring at it and you know, when we're doing these instant response engagements. And so we felt, you know, exposing it, you know, more and more was part of our duty. You know, like even the term a PT, you know, it's gestation. Where did it really come from? Um, so the nation state adversaries, I've been investigating them ever since 1998 when I. If you go Google this, it's kind of an interesting, fun fact. Moonlight Maze was one of the first official Russian based attacks against us, laboratories, you know, to gain information that led to the formation of J-T-F-C-D, joint Task Force, computer Network defense, and later became Cyber Command.
[00:07:06] Being a part of those investigations been fighting nation state adversaries all along has been fascinating. Where things are kind of trending now is nation state capabilities required hundreds of people, you know, to potentially do the development of the tools operations and more.
[00:07:25] I get a little bit sideways here because before you ended up having the most advanced folks in the nation state adversaries, but it also was a reverse variant. And you also employed the massive pound of funds to accomplish that organized crime. One level down activists. And what we're gonna be able to see with AI is the ability for a hacktivist to labor leverage.
[00:07:45] The same capabilities as a nation state, which gets interesting quick because if you have a single group out there, one or two individuals that say, Hey, we want to knock out a power grid, it is theoretically possible with AI-based capabilities that they're gonna be able to leverage the same type of powers a nation state more quickly than they were before.
[00:08:04] So it's a leveling, you know, AI is a leveling aspect against the different groups out there that are using, you know, attacking infrastructure. And so that's a concern of mine because before nation state actors will obviously not take care of para grid because of potential attribution and that likelihood of it crossing over to a kinetic, um, combat, you know, obviously bullets flying, you know, saying, Hey, disrupted, you know, medical
[00:08:26] Blake: Is this an act of war or you know, an
[00:08:28] Rob: It's a, it's an act of war.
[00:08:30] Blake: civilian infrastructure? Yeah.
[00:08:31] Rob: Now you could potentially have, you know, one or two people that could affect, you know, the same type of destruction. The same like, uh, group with the dirty bomb. You know, these kind of things hasn't happened obviously. But I keep on raising the flag a little bit that AI is the great leveler, um, that's going to occur in our, at least the adversary groups that we're looking at.
[00:08:49] Blake: That's so interesting, and you hear the AI companies, you know, anthropic of course, comes to mind trying to do some work on AI safety crafting models in such a way that they can't be abused to help create a recipe for a dirty bomb. Or they can't be used to say, Hey, find all the low hanging fruit vulnerabilities in this power grid system and give, give us a, a, a foothold in the ICS or the industrial control system, what have you.
[00:09:12] Uh. It sounds like you're skeptical that those safeguards might keep out the attackers.
[00:09:19] Rob: Well, it talk about two different things, AI enabling, uh, capabilities, meaning you can move faster with greater velocity. So if you have a single individual want to coat up a, a swarming, think of it like drones. Like you see these swarms of drones like attack a ship or something. It's very similar where you have a single individual that could swarm a target with multiple different.
[00:09:39] Agents, well, you just referenced there, is the ability to establish guardrails and restrictions in the different models. So someone can't write malicious code, they can't write spear phishing emails. They can't look up, you know, like, how do I create a bomb? Now having said that, the competitiveness in the different, um, groups, philanthropic, open ai, deep seek, and the others, when you end up taking a look at how competitive it is for them to release models.
[00:10:05] It is fascinating to see that even the difference between GPT 4.0 and 4.1 we've been able to test both models and the guardrails that were in 4.0 didn't exist in 4.1.. And it's not like they're trying to take him out. It's just they're rushing things to the market as quick as possible, remain competitive, and they're not putting and testing the, uh, guardrails, uh, to be able to make sure that people can't do weird things.
[00:10:31] But we are able to create spearfishing emails. Even using terms be as evil as possible. Evil this, evil that. And it's still, you know, it was creating the emails. So it's kind of fascinating that the real risk is competitiveness and moving fast. We're trying to slow them down and be able to say, do we have the security safeguards in place?
[00:10:51] Both of these things end up being cross dynamic and creating friction. When you're trying to basically, satisfy investors. And it's again, that's where we see people fail, is adopting the proper security culture when you're being driven to innovation and revenue.
[00:11:07] Blake: I do wanna flip back to some of your sans work soon. But this AI conversation is just too fascinating and honestly, at my organization we talk a lot about the potential for adversaries to start leveraging Ag agentic ai. That's something that we've started to see. Possibilities with some of these agents that they're powerful enough to exploit certain low hanging fruit type vulnerabilities, right?
[00:11:27] Like if something's a pretty obvious cross-site scripting, or if something's a pretty obvious, you know, uh, I door or whatever it is that is not gonna be 3 0 1 level needs a human in the loop, really looking under the hood at that, some zero day or whatever. But that said, well, the writing might be on the wall there, and I think it's kind of accepted that these age agentic threats, I mean certainly would enable the bad actors you're referring to, to scale way more than they ever had the chance to.
[00:11:52] But have you really seen evidence of these sorts of breaches playing out like in the wild, is this, is this a here now kind of thing, or is it more like a year or two on the horizon?
[00:12:01] Rob: It's a here now thing that we're seeing.
[00:12:03] Blake: Dang it. I was hoping we.
[00:12:05] Rob: No, no, no. Yeah. Do we have direct evidence of it? Anecdotally, yes. Even Google's come out and said the velocity of intrusions has increased so fast that it, it's not possible to get these gains without some help. It's all of a sudden seeing a friend all of a sudden just like being muscled out and you're like, okay, I know that's not a natural growth, so, you know, are you, are you taking HGH or something like that?
[00:12:29] That's essentially what we're seeing. Do we actually have videotape and monitoring of them using this?
[00:12:35] So recently AI released a report. Actually, it was kind of a notification that they've, you know, recently booted a bunch of foreign actors, uh, from their systems, you know, primarily using ChatGPT and others that they had accounts and they were able to detect. Somehow, uh, that there was being done.
[00:12:51] So this is kind of the digital forensics of the future, which is, you know, be able to tell that this is a bad actor, they're employed by nation state and so forth. And opening ai, you know, real big hat to, to them for not only finding them, acknowledging it and saying get off our systems and banning those accounts.
[00:13:06] It's not gonna stop the nation state adversaries. It's pretty easy to replicate accounts, but I think they're signaling very much so that we could see what you're doing. But that is, you know, that's hard proof that, and even Google said they were able to take adversaries, you know, using Gemini.
[00:13:21] So are we leaning into more agentic? Yes. How fast? I have to assume a lot of this stuff because what I used to work for on the offensive side in the U.S. Government, that so many of those aspects of it are really closely guarded. Capabilities and how fast and how vicious that groups like Typhoon Salt and Typhoon Volt are able to penetrate both telecommunications and critical infrastructure networks.
[00:13:48] And to stay there and not be able to be fully remediated is a drastic concern. Now they starting to leverage AI to assist there, undoubtedly. Are they fully coding agentic? Obviously reasoning, you know, drone type capabilities inside a network. Well, no one's detected it yet, but again, the velocity may be so fast that, you know, we don't have the defenses that are able to match velocity so it's a, it's kind of like a, supersonic, uh, missile and we just like, okay, our interceptors are used to, you know, catching something a lot less, you know, fast fasten that.
[00:14:23] And so you're gonna be always playing this catchup game with offense, and that's traditionally always been the case.
[00:14:29] Blake: Well, and I imagine it's really hard to go reverse engineer these and say for sure something was an AI enabled adversarial threat, right? I'm in the content business, right? I, I do a lot of communications work. I'll use AI to help write something or sharpen an email. And I don't expect the receiving end person on the other end to know that I used AI for that.
[00:14:49] They might make some assumptions, but I, I, are there similar challenges playing out where attributing something to an AI agent is. Technically just not feasible.
[00:14:59] Rob: It's possible. The greatest thing that we're seeing right now is used by organized crime and scams using deep fakes. Um, and again, you know, they might be, and we've seen this on more of the celebrity stuff they might see on like social media. Or something sent to you is like, Hey, I'm Elon Musk and you know I have the greatest deal ever.
[00:15:17] You invest in this Bitcoin thing and you know, it's what I advise you. You only have like 10 days to get in the initial round or whatnot, and then you, they'll send a take down order and all of a sudden, 10 different variants now pop up. And so this chasing be illegal is becoming more problematic. Just using deep fake technology, what it exists today is fairly convincing and organized crime is definitely utilizing those type of technologies.
[00:15:41] So when you talk about ai, it's not just agent, it's, you know, all these technologies. You could say from scams all the way down to political influence operations everyone points to the Biden thing. But I was like, ah, that's, that's too basic for what's gonna about to occur.
[00:15:57] Blake: I feel like with somebody with your background and and varied career, I mean, you mentioned earlier Moonlight Maze, you're probably familiar with Eligible Receiver and some of these early exercises and whatnot. You've witnessed several technological transformations. I feel like sometimes new changes like the AI and generative AI era can be, I.
[00:16:14] Helpfully put into context by previous shifts. Right. One that comes to mind for me, and I'd be curious to hear your thoughts, is the shift to the cloud. How has that impacted the field of digital forensics, particularly for, for Windows environments? I.
[00:16:29] Rob: So you're specifically asking about like transition to cloud versus ai or.
[00:16:33] Blake: Yeah, I guess we could start with a comparison between AI and cloud. I feel like, you know, I've seen some analysis that like back in 2011, people were sick of seeing cloud everywhere as a buzzword, right? And now it's like people are sick of seeing AI everywhere as a buzzword. And now guess what? We're still operating in the cloud.
[00:16:48] That hasn't gone anywhere, I expect 10 years from now. We'll still have ai to some extent, but you know what, what analogs are there from past and maybe not even cloud, if there are other examples that spring to mind that can help put into context what AI is doing to this industry.
[00:17:03] Rob: Well, I mean, first of all, cloud is a, a transparent layer. Like no one, like your sister or brother, you know, partner. Parents, kids, they really don't know if something's in the cloud or not. They don't really care. And in fact, it's not like there's cloud, you know, cloud thing that's in the cloud. You have to deal with it.
[00:17:19] However, uh, a good analogy is this thing. And you end up taking a look at their phones, like everyone has a phone now, you know, AI is very similar to a technology that is gonna permeate into every aspect of everyone's lives, and it'll be very clear, unlike cloud. It's a tech stack that basically move things from data centers and like, you know, co-locations where you work into like a data center, you know, which is again tied to, uh, software as a service in the cloud, you know, exchange online O 365 and whatnot.
[00:17:49] Azure, you know, like maybe the cloud segments, but, uh. The key here is really looking at the implications of what, um, this technology is. And the way I view it, and again, I don't even think it's an extreme view, is that. The internet when people were predicting what this is gonna be in like early nineties, like at and t had these massive, really cool commercials called the You Will commercials.
[00:18:12] Go Google that. It's just eyeopening. No one knew what email was, no one knew what web browsing was, and they're talking about flat screen TVs to be able to watch movies at any time. And you're like, I, you know, that still took 15 years to really come to fruition, but they predicted it.
[00:18:27] The internet is probably the closest analogy, . You and I and others will remember life before, life after internet, and you'll
[00:18:33] Blake: noises. You know, as you're dialing up for the first internet connections.
[00:18:38] Rob: And
[00:18:39] Blake: listeners.
[00:18:39] Rob: it's that kind of thing where like even executives, I tell them today, I said, listen you're making business strategies based off technologies don't understand, and I, I put it in context for them.
[00:18:49] It's like you're sitting back in 1998 trying to make a business strategy for the internet. And you never use a web browser and email. I'm not saying you need to be an expert in this, but you need to start touching the fundamental technologies for what it means. Taking a step further, I believe AI is such a significant change in, you know, human condition that, and it's so rapid and onset that for most individuals. It is going, A, gonna be overwhelming, but B, it is likely as significant as the human race. Being able to write that is, you know, massive technological change from being able to record history and be able to write things down, whereas AI is gonna have that significant impact.
[00:19:30] In fact, I'm gonna gonna go as far as saying in 20 years you're not gonna remember who's the president of the United States. In fact, you'll probably have to think about it. What you will remember though is this is when AI happened. This is the before and after, and you'll remember the before times, the after times, and you know your kids', kids will like my kids today, 13.
[00:19:50] They will be part of that before and after because that's the same age I was. They will remember, how did you do that before ai? I'm like, I don't know. You know? What did they teach you in school? It's gonna be completely different. And they're gonna say, I was in a classroom and I had these teachers. And their kids are gonna look at them like they're nuts.
[00:20:07] Very similarly, another analogy is this, is everybody put out jobs. No, there's gonna be brand new jobs. It's basically are using, utilizing ai. But like if you told your parents, like, I hire someone to meet me at the gym and they tell me to lift heavy things and they're gonna count for me, uh, while I lift these heavy things, and they're called personal trainers.
[00:20:27] And they're like, you pay someone to do this job. I mean, you could see this disconnect that would occur if we told someone what a future job is going to do and they're gonna be, I don't understand why I, why would you pay someone to do that? These jobs don't exist yet, but they will exist. Um, and I get excited about it because I'm more on the, you know, very positive outlook on the way AI's going to change everything.
[00:20:51] And for the better. Um, I just think everyone's jobs will just change and you'll be doing something else. This could be exciting.
[00:20:58] Blake: Well, I guess we'll have to check back and invite you back on for season 24 of, uh, we're in and, and see how it all plays out. But no, I, I, I agree. I think personally I fall into the more excited camp as well. I wanna talk about forensics 500 for a minute because it's, it's such a mainstay for anybody wanting to, to enter the field. How would you recommend somebody just starting out prepare for a course like that?
[00:21:19] Rob: When I was initially designing the course, we knew a lot of law enforcement would be taking this course. And so in that mindset, you know, do you have to have a deep technical background? The answer is no. Um, I always tell people, you know, I said, listen, you could come to the class.
[00:21:36] Everything is guided. And as long as you don't reject a mouse and a keyboard, it's gonna teach you skills. Um, so do you have to have like a computer science degree? I'm like, no. We're, I'm trying to train law enforcement to potentially put bad guys away, and most of them don't have computer science degrees.
[00:21:51] And if we set the class at that tone, but we also don't want to have, you know, the auto forensics, here run, uh, these tools against it and boom, here's a report. You need to understand the basics enough on the window system to be able to say, here's. Where these artifacts are, and in my opinion, they're no different than DNA fingerprints gun residue, you know, these are the things that most law enforcement are trained.
[00:22:11] But again, very, you know, scientific, you know, if someone's saying, Hey, that that's DNA, do you understand what that means? You have to understand the core of it. What it can mean for your case. How are you gonna be able to use this in court? What are you asking the lab folks to potentially go back and do?
[00:22:26] Uh, but when you're in a crime scene, it's one of the reasons like no one touch anything because you're aware DNA exists. It doesn't mean you have to be a genome, you know, using a CRISPR technology. Be understand, uh, how this fits together. It's, you know, I tell folks, as long as you're able to identify. DNA gun residue, fingerprints, um, you know, uh, hair follicles, you know, what does that all show you?
[00:22:49] You could do digital forensics because you just change the name of things and it's exactly the same.
[00:22:54] Blake: What are some of those analogies, because I love that analogy. I think that's really helpful to kind of imagine what, what is meant by this field? Like what are some of the equivalents, the digital equivalents of fingernails, hair follicles and whatnot.
[00:23:07] Rob: So on a window system. And it's great you, you asked that I categorize things by evidence of categories. You know, for example, you go through can you tell someone executed a program and specifically how they executed that program. So if you're executing things from your task bar or it's on your desktop, if you're launching a menu, we're able to detect that.
[00:23:26] So you get into human habits and you know, myself and Heather Barnhart have consulted with the, um, fBI's, uh, behavioral analytical unit, that's the criminal minds, you know, on the TV show. And they're very interested in, you know, finding out like, can you tell human habits from these forensic artifacts? I'm like, yes.
[00:23:42] Because you could see, like, for example, you have a very habitual way of what you do things in the morning when you get on your system, like which websites you go to. All of these things kind of add up to like, you know, we could watch if you're opening up files, which web sites you're going to, how you're executing things, do you type it in?
[00:23:59] Are you clicking on a bookmark? All of these things, I'm able to tell the human behind it, not just that someone did it, you know how they got to it. And because of that very rigorous path, very similar to what you have on your hands, you have a very habitual way of approaching technology. Do you save everything to your downloads folder or do you put 'em in a specific folder?
[00:24:18] All of these things. I could see what you downloaded, what you opened, how you opened it, how you executed things, which programs you used. How do we know it's you versus Wendy, you know, who is on your computer system? It's 'cause the next one that's gonna come up is like, prove it to me it's not ai. The AI is gonna have to monitor exactly the way you do things on a daily basis and replicate that for it to be ai, but having someone else sit down at your keyboard and start doing things. It is such a different fingerprint that's on the system and the way you do things, your very clear habits, that it's nearly impossible to have someone argue that it, you know, it's the same person unless they've watched you specifically and do all these things.
[00:24:57] Blake: If you see me with inbox zero, you know it's an imposter. All right. You
[00:25:00] Rob: Exactly. Exactly.
[00:25:02] Blake: uh, no, that's, that's really interesting. And it's a good point that these digital habits that we might not even consciously think of, but that we're leaving everywhere, like breadcrumbs that a forensic.
[00:25:10] Investigators such as yourself could swing in and piece together, "Hey, wait a minute. No, this account was hijacked, because they're, they're doing something very different all of a sudden that doesn't track with your, you know, your Morning Washington Post and New York Times reading, or what, what have you."
[00:25:22] Right. I would be curious, who do you look up to in cyber and, and who would you most like to rope into teaching a SANS course?
[00:25:29] Rob: Oh, that's a great question. I have a huge fanboy feeling toward Cliff Stole. Like, I've seen him present, I've met him multiple times, and he's just, you know, telling the story of, you know, the initial instant response investigations that he was a part of. And it's worth, you know, a lot of people are like, who the hell is he?
[00:25:46] So you go back in history, he's like one of the first, you know, did it. But now he has this very fascinating, almost Doc Brown from back to the Future style to him, in which it's still engaging. He still insists on using what was the old, like, you know, projector with the, you know, like written slides for your presentations.
[00:26:05] Blake: gosh. I know exactly what you're talking about. Yep.
[00:26:07] Rob: Oh, was it? It's losing, but it, uh, it's that he was, he was like, I'm not using PowerPoint. I'm using, you know, it is kind of like, you know, forcing function, because he has this, you know, discussion down and everything. But Cliff Stoles one of these individuals that it's just having a drink in a, you know, a beer with him and you could sit there for like five, six hours and not get tired.
[00:26:28] It's individuals like that are pioneers. Um. Like a another one, is a big, of course, the individual's passed away now is Alvin Toler. Not many people know who he is, but he was in the late seventies or early seventies, 1970. In fact, published a paper on the future of computing and AI in society and ended up writing two books, future Shock and the Third Wave, and in Future Shock.
[00:26:53] He's the one that kind of coined, uh, information overload and things like techno, which the entire music industry, you know, like bought into is like, that's what we're gonna call this. He was so future thinking that, you know, a lot of his predictions came true. I. And it's a fascinating book to read, you know, now in, uh, 2025, when you go back and look what he wrote in 1970, just sitting down with someone who is just so prescient and able to look at things pragmatically and seeing what the impact is on humans. What's going to occur, not just from, Hey, why predict in the future, you know, people will be watching flat screen TVs, but more of like the social impact of what the changes, you know, will be to the average individual.
[00:27:34] And he was also diving into ai, uh, Ola too. And one of his key phrases, and I love this about him, is really talking about human beings in this, you know, this 50 year period here, you know, from when he wrote that till now is, uh, those who can learn, unlearn, and relearn is this, is, that's a cycle that we kind of, as a society kind of think.
[00:27:57] You go through grade school, go through high school, go through college, and you're, you're now learn, you know, done that. The idea of like perpetual learning is, needs to be, you know, kind of the set, you know. That's one of the reasons Sanz others exist is like. You're never done, learn, unlearn, relearn, learn, unlearn, relearn.
[00:28:14] It's just this cycle you're gonna be going through again and again and again until you pass away. And again, that's something I want to teach my kids is like, Hey, school's never done. You're always in school. It just changes. You know how you potentially perceive it.
[00:28:27] Blake: Well, and I, I, that's especially apt of course for the cybersecurity industry. As tech stacks evolve, people are constantly layering on new software, new things that we haven't even thought of yet. AI agents, you know, we spent a lot of the podcast talking about, there's never a dull moment, that's for sure.
[00:28:41] And it's great that institutes, of course, like SANS exist to help guide and to hear, to hear more. Definitely check out, uh, Rob T. Lee's courses at SANS, quite famous, i, I should add. We are talking to the, to The Godfather here, so, uh, had to bring that up one more time.
[00:28:57] Rob: I'm turning my camera off.
[00:28:58] Blake: I know, I know.
[00:28:59] Well, before you do, I do have one question that we ask all of our guests in the podcast, which is, what's something that we wouldn't know about you, Rob, just by looking at your LinkedIn profile?
[00:29:09] Rob: It goes back to my kids. Like I have a 13-year-old boy and girl twins and you know, just how much I love being a father. And it's, it's tough because you sit there and you're like doing all this nerd stuff all the time and you want to expose 'em to it, but they're also 13 years old. You just don't pick up on, you know, someone's mentality when it comes to, you know, the family side and what you like to do with your kids and what you expose 'em to and what's like a day in the life for you. I mean, kind of a hint behind the stuff I'm into, but that's like tertiary compared to trying to be the best person you can, you know, both, uh, you know, in your day job and like what your principles are and so forth, but none of that stuff comes across in your profile. I always tell coworkers it's like we run around all each other all the time and run zooms, and all we do is focus on the zooms.
[00:29:55] No one knows what each other's spouses are and their kids' names. In many cases. And I think we've gotten away from that a little bit society-wise because of remote work and whatnot. And I, I think it's important for people to know who their family is, the kids, and so forth. It's hard because it's really, you have to get in someone's mind.
[00:30:11] But I think from an aspect of people just glance at it, they won't know I'm a dad of twins. That's kind of the key.
[00:30:18] Blake: That's, that's really special. And as, as a father of, of one a 20 month old, I, I can certainly respect raising twins. I, I That's impressive. Honestly, you probably should list that on your LinkedIn because that is one heck of a skill is, uh, dad to twins and, uh, I'm sure they appreciate that as
[00:30:31] Rob: To go back into the massive long, you know, like father of twins, you know, like, you know, like breaker of chains and everything else.
[00:30:39] Blake: There we go. I should have introed you, uh, right, right at the outset with that. Well, thank you so much for, for joining me on the podcast, Rob. Really appreciate your perspectives and, and really fascinating discussion.
[00:30:48] Rob: No, it's great. The, the work you guys do on these podcasts is very important because I do believe that this is one of the key reasons how people learn is, you know, by having these discussions and getting them to think. So really hat tip to you for doing these and because it's a lot of work, you don't know it on the front side of it because it looks like it's all polished, but you know, everyone on your team and what you're trying to do here, it takes a lot of work to get these out.
[00:31:11] So hat tip to you guys.
[00:31:13] Blake: I appreciate that. And now we know we're, we're inviting you back for season 24. I forgot comment. So, uh, well thanks Rob.