Before joining HaystackID as Chief Information Officer, Neubecker launched, grew and sold a successful computer forensics expert witness firm, Forensicon.com. Neubecker holds the prestigious Certified Information Security Systems Professional credential and has had his testimony accepted and upheld on complex litigation involving the misappropriation of trade secrets litigation matters. Neubecker is a licensed professional investigator in his birth state of Michigan and has led many complex financial, RICO, counterfeiting and white collar criminal investigations. Neubecker has assisted law firms and their clients in responding to suspected data breach matters and has assisted companies with mitigation and response to data breach incidents.
Before starting and growing Forensicon in to a national computer forensics firm, Neubecker oversaw product development and incident response to security events with then leading search engine, Lycos.com. In Neubecker’s role at Lycos, he oversaw product development and hosting initiatives across online interactive products such as chat, games, and various messaging platforms.
Curriculum Vitae Lee Neubecker, CISSP, MBA
Lee Neubecker is the Chief Information Security Officer of HaystackID and serves clients across the U.S. as a member of Haystack’s team of experienced computer forensics & eDiscovery experts. Neubecker is the latest addition to Haystack’s team of security and computer forensics experts and is helping to further Haystack’s reputation as an industry leader in eDiscovery, Computer Forensics and legal services. Neubecker also runs an IT Security blog on the web at https://leeneubecker.com.
Neubecker has most recently assisted the U.S. Federal Government in discovering important security compromises including, the compromise of NIST.gov wildcard certificate (boudicca.nist.gov) using deprecated encryption (December 2016), compromise of time.gov NIST time servers (December 2016), compromise of NIST NSRL hashset download page (December 2016) and leaked email usernames and passwords from U.S. Intelligence Agency email account credentials onto public sandbox websites such as pastebin.com. (December 2016 and January 2017). Neubecker has a track record of uncovering Cyber Data Breaches and has performed investigations on the State Governmental and Federal Government Agency levels.
Prior to founding Forensicon, Inc., Mr. Neubecker led the online communities’ product development and programming initiatives for the Lycos Network, a pioneering Web media model that included three Top 10 Web sites and was one of the most visited hubs on the Internet during Neubecker’s tenure. Neubecker was responsible for creating, launching and managing chat, instant messaging, message boards, and online games across the Lycos network. In this role, Mr. Neubecker led the company’s response to legal inquiries from law enforcement personnel and personally oversaw complicated international investigations involving transcontinental Cyber attacks against company servers and users.
Before joining Lycos and graduating with an MBA focused in technology, Mr. Neubecker launched and successfully managed Innovative Consulting, Inc., an information technology consulting company. Mr. Neubecker’s company deployed network management, contact management, sales automation and ERP solutions to small and mid-tier organizations. Prior to Innovative Consulting, Neubecker held operations and finance analyst positions with Ford Motor Company and Comerica Bank. Mr. Neubecker has experience in securities valuation and accounting from his position at Comerica Bank, where he served as a Trust Fund finance analyst. While serving at Ford Motor Company as an intern, Neubecker was integral in automating important processes and bringing financial forecasting methodologies online,
resulting in more timely and accurate quarterly financial forecasts.
Mr. Neubecker graduated magna cum laude from Babson College with a Masters of Business Administration, focus on Technology. Mr. Neubecker also holds an undergraduate degree in Finance, magna cum laude, from Eastern Michigan University. Neubecker is also a Certified Information Systems Security Professional. (CISSP)
Notable Cases of Record As A Computer Forensics Expert Witness
Borchers v. Franciscan Tertiary Province of the Sacred Heart, Inc., et. al.
Testified in support of violation of the Electronic Communications Privacy Act by plaintiff’s former employer Case No. 2011 IL App (2d) 101257
Saban v. Pharmacare Management, LLC et al.
Northern District of Illinois (Chicago), Case No. 1:10-cv-02428 Rebuttal witness regarding trade secret misappropriation http://infosecusa.com/cases/saban-v-caremark-rx
Tranco Industrial Services, Inc. v. Campbell
Northern District Court of Indiana, Hammond Division, Case No. 07-CV-206 Won TRO – Violation of Computer Fraud & Abuse Act – Trade Secret Misappropriation Supervised and prepared our testifying expert for this case.
Valuepart v. ITR North America et al.
Northern District Court of Illinois, Eastern Division, Case No. 06-CV-02709
ValuePart charged its former CEO with taking trade secrets with him after departure to start a competing company. E-Discovery issues were at the forefront of the case. Using Neubecker’s expert analysis, the defendants were able to defeat a TRO petition and a motion for preliminary injunction.
Charles A. Krumwiede v. Brighton Associates, LLC and Ismael C. Reyes
Northern District Court of Illinois, Eastern Division, Case No. 05-C-3003
What began as an employee’s claims for breach of an Employment Agreement and backpay resulted in a counterclaim alleging tortuous interference, breach of non-compete and confidentiality duties, and violation of the Illinois Trade Secrets Act.
Supervised and prepared the testifying expert for this case matter.
S.C. Johnson & Son, Inc. v. Milton E. Morris et al.
Circuit Court of Racine County, Wisconsin, Case No. 04-CV-1873
Neubecker Led the investigation and preservation effort that uncovered personal webmails revealing the fraudulent kickback scheme, which resulted in a law enforcement sting and later a successful conviction of the accused. This ultimately resulted in an award of $203.8 million to compensate SC Johnson & Son, Inc. for its losses.
Liebert Corporation et al. v. John Mazur et al.
Circuit Court of Cook County, Chancery Division, Case No. 04 CH 02139
Appellate Court, Second Division, Case No. No. 1-04-2794
Neubecker provided expert testimony that proved misappropriation of Trade Secrets. 3005 WL 762954 (Ill. App. 2005) Liebert Corporation, a network protection equipment company and Zonatherm, its exclusive sales representative, brought a legal action to enjoin a former employee of Zonatherm, John Mazur, from using trade secrets in a competing business. More at http://www.illinoiscourts.gov/Opinions/AppellateCourt/2005/1stDistrict/April/HTML/1042794.htm
Kalish v. Leapfrog Online et al.
Circuit Court of Cook County, Illinois, Case No. 03-L-011695
Jason Kalish filed suit against former employer Leapfrog Online after leaving the company claiming that he was owed $781,632 in compensation not paid to him by Leapfrog following his departure. Neubecker performed a computer forensics examination of the work computer used by Kalish prior to his departure and discovered a zip file containing sensitive company data that was emailed outside the company on the plaintiff’s last day of work. After reporting these activities and findings to the court and to counsel for Kalish, the parties reached a settlement that resulted in Kalish writing a check to his former employer.
Lorillard Tobacco Company v. Canstar (U.S.A.), Inc. et al.
Northern District Court of Illinois, Eastern Division, Case No. 03-C-4769
More than Five Million Awarded from Neubecker’s discovery of Panamanian bank account connected to importing and distribution of counterfeit Newport cigarettes.
Education & Professional Development
Managed Engineering Development and data analysis activities across many disparate
technologies, from legacy through more recent technologies and platforms including;
Filemaker, MySql, Oracle, Sql, Sql Server, Law eDiscovery, & Medical ERP Patient Record Systems
Aircrack, Airmon, Access Data, Cellebrite, Encase, Forensic Toolkit, Paraben, & Wifite
Dark Web, IRC, GFI Languard, Maltego, & Usenet
Nmap, Splunk, Snort, Wireshark, Sophos UTM, & Shodan
Operating Systems / Command Line Shells:
Mac OS X, Windows (Dos/3.1/NT/2000/XP/Vista/2008/2012/7/8/10), Windows Server NT, 2000, 2008, 2012 (Active Directory, Group Policy Management, Certificate Management), Bash, Busybox, Amiga, Commodore, CPM, TI 99/4a, Grub, Kali Linux, Linux, Raspbian OS,
Solaris, Vmware, & Unix
C++, CVS, DOM, Pascal, Xcode, Xml, & Visual Basic
MS Office, SDR, Webx, WebTrends, Camtasia, Adobe Photoshop, MS Office, MS Project, MS Access, MS Excel, MS Powerpoint, MS Word, MS Visio, Peachtree, Quickbooks & Quicken
Education & Professional Development
● M.B.A., Magna Cum Laude – Babson F.W. Olin Graduate School of Business – Wellesley, MA
● B.B.A. Finance, Magna Cum Laude – Eastern Michigan University Ypsilanti, MI
● Guidance Software – EnCase® Introduction to Computer Forensics 32 credits – Sterling, VA
● Guidance Software – EnCase® Intermediate Analysis and Reporting 32 credits – Sterling, VA
● Guidance Software – Information Risk and Policy Compliance 3 credits – Chicago, IL
● Continuing Education – Computer Programming – Harry S. Truman College – Chicago, IL
● Novell Computer Network Training – Walsh College – Troy, MI
HaystackID – Chief information Security Officer (CISO) – Chicago, il (2018 – present)
LeeNeubecker.com – River Forest, IL (2017 – Present)
FORENSICON, a QDiscovery Company — founder – Chicago, IL (2016 – 2017)
● Identified opportunities to provide existing client base with services available from combined companies
● Presented on the Telephone Consumer Protection Act regarding strategies towards mitigating lawsuits
FORENSICON, INC. — Chicago, IL (2000 – 2016)
President & CEO
● Conducted fraud examinations involving misappropriation of funds, trade secrets, tax evasion, money laundering, and other white collar related investigations
● Supervised a team of forensics experts in providing complex litigation plaintiff and defense consulting
● Appointed by the U.S District Court of the Northern District of Illinois to assist defense counsel in the trial against accused terrorist trial of Tahawwur Rana – The single count where my firm presented testimony, the defendant was found not guilty
● Performed online investigative work to identify and assist law enforcement with the apprehension of the Boston Bombing perpetrators, Dzhokhar and Tamerlan Tsarnaev
● Uncovered and reported the third known data breach of the Chicago Board of Elections voter database and election worker personal information
● Supervised testifying experts on many cases of record to prepare technical experts for cross examination and rebuttal of their findings
● Preserved electronic evidence for a range of clients using legally sanctioned protocols
● Selected as preferred vendor by the Illinois Attorney Registration Disciplinary Commission – assisted with investigating various claims filed against licensed Illinois Attorneys
● Developed Custom ERP System for evidence management, project management, time tracking and billing
● Provided expert testimony to resolve disputes for various commercial, nonprofit, and governmental agency clients
● Appeared several times as a computer forensics expert on WCIU TV Chicago Channel 26, First Business, NPR Business News, NBC Chicago and more
● Led data breach first responder efforts for; State Government Social Services Department, Non-Profit HealthCare Organization, Financial Services Company, Accounting Firm, Private Membership Club Organization and various Corporations
● Oversaw the development and presentations made to attorneys and legal support staff at the Chicago Bar Association, Illinois Attorney & Discipline Regulatory Commission, Dupage County Bar Association, various associations and more
● Provided expert witness testimony regarding willful deletion of evidence by a departing employee where the testimony was upheld on appeal proving spoliation of evidence
● Compiled emails from numerous platforms into popular litigation support platforms
● Speaker at various events on the topic of computer forensics (see list below)
● Performed computer forensics examinations in FBI forensics labs
● Led the successful forensic analysis defense efforts against a law firm client of our firm that was accused of willful spoliation of evidence – discovered and reported our findings to Judge Mikva that no spoliation had occurred as alleged, the drive was merely encrypted and contained all information
● Led numerous anonymous online defamation investigations resulting in the identification of many anonymous persons responsible for the defaming activities
LYCOS, INC. — Waltham, MA (1998 – 1999)
Senior Product Development Manager, Community Products Group
● Managed and/or launched a large group of products including chat, message boards, and games
● Responded to SEC/FBI Inquiries pertaining to illicit behavior in Lycos network online properties
● Tracked hacker attacks on the Lycos network of sites to help identify and prosecute
● Implemented safeguards against denial-of-service attacks across product group area
● Instituted product development and service roadmap management system for teams
● Created & managed multiple cross-functional product teams
● Managed transition of products from external to internal hosting
● Led engineering team on development of scalable & secure online products
INNOVATIVE CONSULTING, INC. — Brownstown, MI (1994 – 1997
President & Lead Technical Consultant
● Led a company of five professionals providing IT support to various sized Companies
● Provided Network support in a multi server environment (NT, Novell, Mac, Linux)
● Implemented financial management software for tier 3 automotive suppliers
● Designed & executed disaster recovery procedures for multiple businesses
● Architected multi-office communication infrastructure for multiple companies
COMERICA BANK — Detroit, MI (1994)
Securities & Trust Fund Accountant
● Audited security transactions for bank trust funds
● Researched discrepancies in reporting
● Published & verified daily yield rates of several portfolios of marketable securities
● Initiated automation of trust fund daily reporting
FORD MOTOR COMPANY, INC. — Detroit, MI (1992 – 1994)
Product Pricing Analyst
● Estimated cost impact on production forecast for various product design changes
● Benchmarked sourced products to ensure price competitiveness
● Designed & implemented automated profit forecasting system using Excel and EDI to internal systems
● Illinois Public Pension Advisory Committee: Friday, December 2nd’s IPPAC Winter Conference “WWIII: The Attack on Your Cyber Security” presentation
● Illinois Public Pension Advisory Committee: Friday, December 2nd’s IPPAC Winter Conference “The Imminent Threat of Cyber Attacks to your Pension Boards” panel
● National Society of Insurance Investigators: “ Cellphones, Pictures, Videos . . . What a Cyber Forensic Investigation Can Reveal”, December 4th, 2014
● The Disaster Conferences : “Cyber Threats and Data Breaches”, September 18th, 2014
● First Chair Awards : “Data Breach & Incident Response: How to Mitigate Your Risk Exposure”, August 2014
● Cigar Society of Chicago : “How to Catch a Terrorist”, September 2013
● ICPAS Fraud Conference 2012: “What a Responsible Professional (CPA or Attorney)
● Should Know about eDiscovery and Document Management”, September 2012
● Law Bulletin E-Discovery Seminar: “Managing Scope & Review”, June 28th, 2011
● NetSecure ‘11: IT Security and Forensics Conference and Expo: “Protecting Digital Assets from Hackers and Thieves”, March 24th, 2011
● Chicago Association of Litigation Support Managers, CALSMposium: “Seventh Circuit Electronic Discovery Pilot Program”, October 7th, 2009
● National Business Institute – “E-Discovery Searching the Virtual File Cabinets”: (co-presented with Christopher S. Griesmeyer, partner at Levenfeld Pearlstein, LLC and David W. Porteous, partner at Faegre Baker Daniels LLP) “Obtaining Electronic Data & Best Practices in using Computer Forensics”, September 19th, 2008
● Secret Service Electronic Crimes Task Force – Computer Forensics May, 2007 http://www.forensicon.com/forensicon-news/forensicon-praised-by-u-s-secret-service-anddepartment-of-homeland-security/
● Law Bulletin E-Discovery Seminar — “Electronic Discovery in Practice”: (co-presented with Jennifer Wojciechowski of Kroll Ontrack) “Avoiding the Pitfalls of the Electronic Era”, October 2005
● Institute of Internal Auditors, Chicago West Chapter Meeting: (co-presented with Cameron Nelson, attorney at Greenberg Traurig) “Using Computer Forensics To Conduct Investigations”, May 9th, 2006
● Association of Certified Fraud Examiners Workshop: (co-presented with Kathryn Hoying, attorney at Johnson & Bell, Ltd.) “Using Computer Forensics to Conduct Investigations”, February 10, 2006
● Chicago Law & Technology Conference: “Computer Forensic Update”, co-presented with Greenberg Traurig LLP Attorney Cameron Nelson, February 23, 2006
● FagelHaber, LLC’s E-Discovery Conference: (co-presented with Richard Chapman, Gary Green, David Rownd and Robert Kamensky, attorneys at FagelHaber, LLC) “Avoiding the Pitfalls of the Electronic Era”, October, 2005
● Chicago Bar Association, CLE Seminar: (co-presented with Kathryn Hoying, attorney at Johnson & Bell, Ltd.) — “Deliverables to Request From Your Computer Forensics Examiner”, 2005
● Chicago Economic Development Council: “Internal Fraud Investigations”, 2005
● Law Bulletin Publishing Company E-Discovery Conference 2005: “Show me the Smoking Gun!”, 2005
● American Law Firm Association’s International Client Seminar 2005: (co-presented with Joe Marconi, attorney at Johnson & Bell, Ltd and Donald Kaufman, attorney at McNees, Wallace & Nurick LLC) — “Discovery, Document Retention & eDiscovery in a Post-Enron/Andersen World”, 2005
● Chicago Bar Association, CLE Seminar: (co-presented with William J. Cook of Wildman Harrold, Jeffrey L. Hartman of Competitive Advantage Solutions and Mark S. Simon of Eclipsecurity, LLC) “Computer Forensics For Lawyers”, May 6th, 2004
● Chicago/Milwaukee Joint Midwest Law & Technology Conference 2004: “Finding the Smoking Guns: Legal Computer Forensics Without the Geekspeak”, November 30th, 2004
● Chicago Bar Association, CLE Seminar: “Resolving Intellectual Property Theft with Computer Forensics”, October 20th, 2004
● Chicago Bar Association, CLE Seminar: “Computer Forensics for Lawyers”, May 6th, 2004
● Law Bulletin Publishing Company E-Discovery Conference: “Electronic Document Collection and Processing”, April 27th, 2004
● LegalTech 2003, Chicago : “True Electronic Discovery”, October 30th, 2003
● Chicago Bar Association (Law Office Technology Committee): “Electronic Discovery 101”, 2003
● Illinois Academy of Criminology: “Electronic Discovery 101”, Circa 2003
● Greater Chicago Chapter of the Association of Legal Administrators: “Electronic Discovery 101”, Circa 2003
● Chicagoland Chamber of Commerce: “Web Page Programming For Search Engine Effectiveness”, Circa 2001
● NORBIC: “Web Page Programming For Search Engine Effectiveness”, Circa 2001
● Law Practice Today – (July 2004) – Invited to be a contributing expert on a roundtable article by Dennis Kennedy on the online magazine. http://www.abanet.org/lpm/lpt/articles/ftr07041.html
● Time Is of the Essence — Provides an overview of why it is important to act fast when seeking to obtain electronic evidence.
● The Liability of Email as Evidence — Reflects on the recent impact of the Andersen case involving Enron (Also in the Nov. 22, 2004 issue of C hicago Daily Law Bulletin) – http://www.wislawjournal.com/special/law-tech-2004/evidence.html
● Document Retention Policies — Develop, enforce and audit your document retention policy
● Monitoring Employees — Provides reader an understanding of some of the liability issues involved with employee monitoring
● Worker Beware — Why employees should be careful about what they do with their workplace computer
● Data Security — What to do when an employee leaves
● Virus-proof Your Computer — Simple lessons in computer security
● Microsoft Learns to Prioritize — Implementing security measures at the OS level A
Past & Current Memberships / Certifications
● HTCIA (High Tech Crime Investigation Association) – Past President Midwest Chapter
● Illinois Academy of Criminology — Chicago Chapter
● U.S. Secret Service Electronic Crimes Task Force Member — Chicago Midwest Region
● Union League Club of Chicago
● River Forest – Economic Development Commission – Commissioner (2016-Present)
● Association of Certified Fraud Examiners — Associate Member
● State of Michigan — Private Investigator – License Number 3701205872
● The International Information System Security Certification Consortium, or (ISC)² – Certified Information Systems Security Professional (CISSP) License Number 637872