Aug 2025 – Present · 7 mos · Remote

• Technical Advisor and Judge, Presidential AI Challenge -- a federal initiative identifying and developing the next generation of AI talent across the country. Responsibilities include evaluating technical submissions and advising on challenge design and evaluation criteria.

Jul 2024 – Present · 1 yr 8 mos

• Strengthen the global standards of cybersecurity education, research, and certification by fostering robust relationships with the global community.
• Spearhead innovative research, thought leadership, and partnerships, and adhere to SANS' core values.
• Advance and pioneer cybersecurity research and strategy, fostering a robust cybersecurity workforce development system that empowers people and organizations to adapt to evolving threats.

Jan 2020 – Jul 2024 · 4 yrs 6 mos

Jun 2008 – Present · 17 yrs 9 mos

Jan 2008 – Present · 18 yrs 2 mos

• FOR500 builds comprehensive digital forensics knowledge of Microsoft Windows operating systems providing the means to recover, analyze, and authenticate forensic data, track user activity on the network, and organize findings for use in incident response, internal investigations, intellectual property theft inquiries, and civil or criminal litigation. "Former students have contacted me regularly about how they were able to use their digital forensic skills in very real situations that were part of the nightly news cycle. The skills you learn in this class are used directly to stop evil. Graduates of FOR500 are the front-line troops deployed when you need accurate digital forensic, incident response, and media exploitation analysis. From analyzing terrorist laptops and data breaches to investigating insider intellectual property theft and fraud, SANS digital forensic graduates are battling and winning the war on crime and terror. Graduates have directly contributed to solving some of the toughest cases out there because they have learned how to properly conduct analyses and run investigations. It brings me great comfort knowing that this course places the correct methodology and knowledge in the hands of responders who thwart the plans of criminals or foreign attacks. Graduates are doing just that on a daily basis. I am proud that FOR500 helped prepare them to solve cases and fight crime."

Dec 2000 – Present · 25 yrs 3 mos

• Lead author of the number 3 top selling course at the SANS Institute. FOR508 teaches advanced skills to hunt, identify, counter, and recover from a wide range of threats within enterprise networks, including APT nation-state adversaries, organized crime syndicates, and hactivists. We live in a world of unimaginable amounts of data stored on immensely large and complicated networks. Our adversaries use this complexity against us to slice through our defenses and take virtually anything they want, anytime they want it. While this is our current state, it will not be our future. Incident response is at an inflection point. Old models are being upgraded to make defenders more effective and nimbler in response to more sophisticated and aggressive attackers. The most successful incident response teams are evolving rapidly due to near-daily interaction with adversaries. New tools and techniques are being developed, providing better visibility and making the network more defensible. There are an increasing number of success stories, with organizations quickly identifying intrusions and rapidly remediating them.

Jan 2000 – Jan 2020 · 20 yrs

• The SANS Institute, established in 1989 as a cooperative research and education organization, is the most trusted and by far the largest source for information security training and certification in the world. Its programs now reach more than 300,000 security professionals, auditors, system administrators, network administrators, chief information security officers, and CIOs who share the lessons they are learning and jointly find solutions to the challenges they face. SANS training programs are delivered through a variety of channels, including large conference style events, onsite, webinar-enabled and self-study. SANS trains over 10,000 students worldwide annually, training being defined as participation in one of its six-day immersion training classes. Over 75,000 alumni have taken at least one of the SANS course offerings. We also provide one of the largest sources of content to the Security Community to help it be more effective.
• Incident response tactics and procedures have evolved rapidly over the past several years. Data breaches and intrusions are growing more complex. Adversaries are no longer compromising one or two systems in your enterprise; they are compromising hundreds. Your team can no longer afford antiquated incident response techniques that fail to properly identify compromised systems, provide ineffective containment of the breach, and ultimately fail to rapidly remediate the incident.
• A thorough understanding of many detailed areas is required for success, including a mastery of the following fundamental skills covered by the SANS Digital Forensics and Incident Response (DFIR) curriculum:
• A properly trained incident responder could be the only defense an organization has during a compromise. As a forensics investigator, you need to know what you're up against, and you need to have the most up-to-date knowledge of how to detect and fight it - that is what SANS DFIR classes will teach you.

Jan 2023 – Present · 3 yrs 2 mos · On-site

• Selected as an Abundance 360 Fellow—a curated community of forward-focused entrepreneurs, technologists, and executives shaping the future through exponential technologies. As part of this invite-only program founded by Peter Diamandis, I engage with global leaders in AI, longevity, quantum computing, and moonshot innovation.
• 🎯 My focus: Applying cutting-edge AI to transform decision-making, cybersecurity, and enterprise strategy.
• 🧠 The experience: Access to deep-dive briefings, private forums, and closed-door sessions with pioneers driving the next wave of disruption.
• 📍 Why it matters: A360 isn’t just theory—it’s where bold ideas meet strategic execution. I'm here to make AI practical, scalable, and trusted at enterprise scale.

Jun 2018 – Present · 7 yrs 9 mos · Washington DC-Baltimore Area

• Technical Advisor - An amicus curiae (literally, "friend of the court"; plural, amici curiae) is someone who is not a party to a case and may or may not have been solicited by a party and who assists a court by offering information, expertise, or insight that has a bearing on the issues in the case; and is typically presented in the form of a brief. The decision on whether to consider an amicus brief lies within the discretion of the court.

Jun 2017 – Present · 8 yrs 9 mos · Denver, Colorado, United States

• Providing Digital Forensics and Incident Response services, software, and consulting. Provides incident response scenarios and simulations that help organizations test their capabilities before a real incident takes place. Creator and developer on SIFT Workstation a digital forensics and incident response software suite of open source capabilities bundled into Linux.

Jan 2013 – May 2019 · 6 yrs 4 mos · Remote

Aug 2007 – Aug 2011 · 4 yrs · Washington DC-Baltimore Area

• MANDIANT is Intelligent Information Security. Intelligent Information Security is educated, certified and experienced professionals solving complex security issues in a manner whereby organizations know they are spending their IT budgets wisely. MANDIANT offers elite proactive and responsive security services and education to the financial service sector, legal community, government agencies, and many other domestic and international clients. Our people, knowledge, experience and deliverables truly differentiate MANDIANT.
• Rob helped author the first two Mandiant M-Trends reports in addition to being an advocate for Mandiant's OpenIOC indicators sharing capabilities.

Jan 2003 – Aug 2007 · 4 yrs 7 mos

• Directed research and development teams specializing in intrusion operations for national security and intelligence communities. Managed and executed contract valued at $7.2 million dollars. Led engineering for products delivered to government officials. Performed business development, proposal management, and marketing strategy for government sector.

Jan 1998 – Jan 2001 · 3 yrs

• Consisting of more than 2900 federal agents and support personnel, the Air Force Office of Special Investigations has been the Air Force's major investigative service since Aug. 1, 1948. The mission of AFOSI is to Identify, exploit and neutralize criminal, terrorist and intelligence threats to the Air Force, Department of Defense and U.S. Government. Rob supervised and led specialized team for computer crime investigations. Managed and directed operational and technical support for counterespionage activities. He also formulated research and development plans for computer crime operations. Helped investigate Moonlight Maze and other national level cyber intrusions.

Jan 1996 – Jan 1998 · 2 yrs

• On October 1, 1995, the Air Force stood up the Air Force's first information warfare squadron (IWS), the 609th IWS at Shaw AFB, South Carolina. The 609th IWS helped ensure the Air Force protected our own information systems, both in garrison and when deployed, as they developed the ability to attack those of our adversaries. On the offensive side, the Air Force emphasized operational and tactical IW, in conjunction with other federal agencies, that supported strategic information operations As a LT, Rob directed a group of officer and enlisted personnel that conducted defensive counter-information operations to protect critical Air Force systems from internet-based attacks. Rob developed procedures for use in defensive information warfare systems.