Get Your AI Tool Approved
A field workbook · Rob T. Lee
Vol. 01 · Field Manual
Est. 2026
The companion workbook to the LinkedIn Learning course of the same name
A field manual by Rob T. Lee

Get Your AI
ToolApproved.

Most AI tools enter your company the same way — quietly, unapproved, in a browser tab. This workbook walks you through the seven steps that turn that shadow usage into a pilot your security team signs off on. In about five hours.

No sign-in required.·Saved in your browser.
Want to sync across devices or export later? . Your current draft will carry over.
7
Steps
Sequential, not skippable
4
Questions
Asked of every vendor
1
Page
The proposal is one page
Vendor Scorecard
Anthropic · Claude Enterprise
anthropic.com
  • SOC 2 Type II Yes
  • Training opt-out Yes
  • Retention policy Unclear
  • Export & delete rights Yes
"We will not use your Inputs or Outputs to train our models."
anthropic.com/legal/commercial-terms
Classification-aware
Proceed with mitigations
Fig. 01 — Live sample
Premise
Your team is already using AI. The browser tab is open right now. This workbook isn't another blocker — it's the path to bring that usage into the open, governed, and approved.
Rob T. Lee
Chief AI Officer, SANS Institute
The Workflow

Seven steps.
Roughly five hours.
One approved sandbox.

Each step is gated. You don't evaluate a vendor before you've classified your data. You don't generate a proposal before a peer has pressure-tested it. The sequence is the method — it's how you end up with a document security reads instead of rejects.

01

Champion Diagnostic

Three questions establish whether you're the person to carry this.
02

Business Needs

Map weekly tasks, surface the three real AI use cases — and the ones AI won't help with.
03

Security Buddy

A drafted outreach email, not a cold message. Find an ally before you need one.
04

Intake Form

Three specific answers that shrink security's objection surface.
05

Data Classification

Green, Yellow, Red. If everything is Red, nothing ships.
06

Vendor Evaluation

Paste a URL. We scrape policies, score the four questions, cite the sources.
07

Proposal Generator

One page, five sections, auto-filled — editable, exportable, sendable.
§

The Reddit Test

Required gate · between 6 and 7
Put your evaluation in front of someone who'll poke holes in it. A sharp skeptic is more valuable than a friendly teammate. The proposal stays locked until you've logged who you shared it with, what came back, and what you changed.
Why it works

Security doesn't say no to tools.
They say no to vague.

Specificity over theater

Three answers about data, tool, and outcome shrink the surface area security has to object to.

Citations, not vibes

Every vendor claim is backed by the actual quote from their own policy — with a link.

A buddy before a pitch

You find the ally inside the security team before you ever submit anything. That changes the meeting.

One page, five sections

Security reads one-pagers. They don't read decks. The output matches the attention they'll give it.

About the author
Black and white portrait of Rob T. Lee
Rob T. LeeMMXXVI

Rob T. Lee

Chief AI Officer, SANS Institute · Chief of Research

Rob has spent more than twenty-seven years inside cybersecurity — Air Force cyber operations, intelligence work with AFOSI, the CIA, and NSA, and the early foundations of the field now known as digital forensics and incident response. He coined the term DFIR, and later cyber threat intelligence (CTI), when the practices they described still needed naming.

Today, as Chief AI Officer and Chief of Research at SANS Institute, his work focuses on the practical security of how organizations actually use AI — not how policy documents say they should. That work includes the SANS Critical AI Security Guidelines, partnerships with OWASP, advisory roles with the Foreign Intelligence Surveillance Court and the CSIS Commission on U.S. Cyber Force Generation, and this workbook: the companion to his LinkedIn Learning course Get Your AI Tool Approved.

The course lays out the philosophy — moving from shadow AI to sunlight. This workbook is where you actually do the work.

View full profile on LinkedIn
Bio drafted from publicly known roles. Corrections welcome.
Begin

Stop hiding your AI usage.
Start governing it.