Draft:Rob T. Lee

Submission declined on 27 March 2025 by Sohom Datta (talk). This draft's references do not show that the subject qualifies for a Wikipedia article. In summary, the draft needs multiple published sources that are: in-depth (not just passing mentions about the subject) reliable secondary independent of the subject Make sure you add references that meet these criteria before resubmitting. Learn about mistakes to avoid when addressing this issue. If no additional references exist, the subject is not suitable for Wikipedia. This submission appears to read more like an advertisement than an entry in an encyclopedia. Encyclopedia articles need to be written from a neutral point of view, and should refer to a range of independent, reliable, published sources, not just to materials produced by the creator of the subject being discussed. This is important so that the article can meet Wikipedia's verifiability policy and the notability of the subject can be established. If you still feel that this subject is worthy of inclusion in Wikipedia, please rewrite your submission to comply with these policies. If you would like to continue working on the submission, click on the "Edit" tab at the top of the window. If you have not resolved the issues listed above, your draft will be declined again and potentially deleted. If you need extra help, please ask us a question at the AfC Help Desk or get live help from experienced editors. Please do not remove reviewer comments or this notice until the submission is accepted. Where to get help If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews. If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed. How to improve a draft Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia. Help:Wikitext – how to use the markup Help:Referencing for beginners – how to include references Wikipedia:Article development – how to develop your article Wikipedia:Writing better articles – how to improve your article Wikipedia:Verifiability – make sure your article includes reliable third-party sources You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Add tags to your draft Editor resources Easy tools: Citation bot (help) | Advanced: Fix bare URLs Declined by Sohom Datta 59 minutes ago. Last edited by Citation bot 5 seconds ago. Reviewer: Inform author. Resubmit Please note that if the issues are not fixed, the draft will be declined again.

Submission declined on 25 March 2025 by Sophisticatedevening (talk). This submission's references do not show that the subject qualifies for a Wikipedia article—that is, they do not show significant coverage (not just passing mentions) about the subject in published, reliable, secondary sources that are independent of the subject (see the guidelines on the notability of people). Before any resubmission, additional references meeting these criteria should be added (see technical help and learn about mistakes to avoid when addressing this issue). If no additional references exist, the subject is not suitable for Wikipedia. Declined by Sophisticatedevening 2 days ago.

Submission declined on 23 March 2025 by Jlwoodwa (talk). Your draft shows signs of having been generated by a large language model, such as ChatGPT. Their outputs usually have multiple issues that prevent them from meeting our guidelines on writing articles. These include: Promotional tone, editorializing and other words to watch Vague, generic, and speculative statements extrapolated from similar subjects Essay-like writing Hallucinations (plausible-sounding, but false information) and non-existent references Close paraphrasing Please address these issues. The best way to do it is usually to read reliable sources and summarize them, instead of using a large language model. See our help page on large language models. Declined by Jlwoodwa 3 days ago.

Rob T. Lee (born December 7, 1973) is an American cybersecurity expert specializing in digital forensics and incident response (DFIR). A former U.S. Air Force cyber warfare officer, he is currently Chief of Research for AI and Emerging Threats at the SANS Institute. Lee is known for helping develop core DFIR methodologies, such as timeline analysis, and for creating the SIFT Workstation, an open-source forensic toolkit. His work has been recognized through industry awards, including induction into the Forensic 4:cast DFIR Hall of Fame.^[1][2] He has also been referred to as the "Godfather of DFIR" a nickname cited in cybersecurity publications.^[3]

Lee grew up in a military family with ties to the U.S. Air Force and national security. He graduated from the United States Air Force Academy with a Bachelor of Science in Astronautical Engineering and later earned a Master of Business Administration from Georgetown University. This educational background combined technical and leadership training, contributing to his later work in cybersecurity.^[4]

After commissioning, Lee helped launch the U.S. Air Force's first cyber warfare unit, the 609th Information Warfare Squadron, where he worked on early intrusion detection and cyber defense. He later led digital forensics and incident response efforts with the Air Force Office of Special Investigations, analyzing cyber intrusions by nation-state actors. In 2002, he deployed one of the first wireless honeynets in Washington, D.C., reflecting early experimentation with cyber defense techniques during the initial development of U.S. cyber operations.^[5]

Following active duty, Lee supported U.S. intelligence and defense agencies in offensive cyber operations, leading teams focused on vulnerability research, digital forensics, and forensic software development for organizations including the CIA and NSA. In 2007, he joined Mandiant as Director of Incident Response, where he worked on investigations involving advanced persistent threats (APTs) and co-authored the first M-Trends report.^[6] In 2009, he was named Digital Forensic Examiner of the Year by the Forensic 4:cast Awards.^[7] After leaving Mandiant, he established a consulting practice focused on digital forensics and incident response, advising both government and private-sector clients.^[4]

Since the early 2000s, Lee has been involved with the SANS Institute, contributing to digital forensics education as an instructor and course author.^[4] He currently serves as Chief of Research and Head of Faculty, overseeing curriculum development and mentoring instructors. Lee co-authored the SANS courses FOR500: Windows Forensic Analysis and FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics.^[8][9] He also contributed to the establishment of the SANS DFIR Summit and the development of the DFIR training track at the Institute.^[10][11]

Lee has contributed to the development of modern digital forensics and incident response (DFIR), a term he is credited with coining in 2014 to describe the combined discipline. He introduced techniques such as timeline analysis and the "Super Timeline" methodology, and developed the SIFT Workstation, an open-source forensic toolkit used in training and investigations.^[1][4] He has also contributed to the evolution of threat hunting practices, co-authoring resources such as Huntpedia and promoting structured, hypothesis-driven approaches to intrusion detection. ^[12]His work has included research and training in areas such as memory forensics, honeynet deployment, and intelligence-driven incident response.

Lee has authored and contributed to a number of publications and training resources in the field of cybersecurity, particularly in digital forensics and threat hunting.^[13] His work includes contributions to Know Your Enemy (2004), co-authorship of the M-Trends 2010 report on advanced persistent threats (APTs), and the SANS 2017 Threat Hunting Survey.^[14] He also contributed to Huntpedia, a freely available collection of threat hunting techniques, and helped develop educational materials such as the "Windows Forensics" and "Hunt Evil" posters^[12]. In addition to formal publications, Lee has written blog posts, whitepapers, and course materials used in cybersecurity training programs.^[4]

Lee has participated in cybersecurity conferences, podcasts, and media interviews on topics such as nation-state cyber threats, ransomware, and emerging attack techniques.^[15][16] He has spoken at events including the RSA Conference and the SANS DFIR Summit. In addition to public speaking, he has contributed to cybersecurity education through mentoring, participating in community forums, and supporting initiatives aimed at increasing diversity in the field.^[17][18]

Lee has received several professional honors related to his work in cybersecurity and digital forensics. In 2009, he was named Digital Forensic Examiner of the Year by the Forensic 4:cast Awards.^[7] In 2020, he was inducted into the Forensic 4:cast DFIR Hall of Fame.^[2] In 2018, he was appointed as a Technical Amicus Curiae to the United States Foreign Intelligence Surveillance Court, providing independent technical advice on matters involving cybersecurity and surveillance.^[19] He has also been recognized as a SANS Faculty Fellow, the highest instructor rank at the SANS Institute.^[20] The nickname "Godfather of DFIR" has been used in cybersecurity publications to refer to his role in the field.^[5]

Lee has played a role in the development and formalization of digital forensics and incident response as a professional discipline. He is credited with coining the term "DFIR" and has advocated for a unified approach combining digital forensic analysis with incident response practices.^[1] He has promoted the use of open-source tools, including the SIFT Workstation, and contributed to the development of training programs and certification standards. Through efforts such as the SANS DFIR Summit, he has supported collaboration within the DFIR community. His mentorship and educational work have been cited as influential in the careers of cybersecurity professionals. The nickname "Godfather of DFIR" has been used in industry publications to describe his contributions.^[5]