ROBERT K. LEWIS

ad4672@r.postjobfree.com

314-***-****

I have designed and executed forensic collection processes which were used in Roundup, Dicamba and PCB cases litigation (corporate 2/14/2014-12-22/2022) and which were intended and proven to be unchallengable with regard to their totality, completeness and absolutely Daubert compliant with no failures. These processes have a high immunity to mis-specified search/collection parameters, self collection and lexical distancing evasion tactics.

I have no NonDisclosure nor NonCompete issues. (no NDA nor NC)

PROFESSIONAL SYNOPSIS

Security professional with 29 years of experience supporting global enterprise networks and eDiscovery/Investigations

Strong eDiscovery skills including use of appropriate industry standard tools to achieve objectives

Knowledgeable about proper implementation of security best practices including intrusion prevention/detection, data integrity, encryption, virus protection and forensics

Strong knowledge of working in a global business environment

Solid understanding of domestic and international legal aspects of performing security work

Served as high level support for security, network and general IT issues

Performed Global eDiscovery from home base in St. Louis, Missouri

SPECIAL INVESTIGATIONS

For Solutia:

Investigated and remediated misuse of bandwidth reources leading to risk abatement solution.

Investigated, imaged and forensically produced evidence about user setting up fictitious shipping destinations in multiple countries towards the end of selling product well below msrp.

Found user in Romania through proxy logs continually accessing NSFW material which I reported to FBI and exploited and missing children site. Further problems relating to the country of origin and lack of formal redress mechanism, the problem had to be finessed through local FBI contact to his superior in Washington DC who was to meet with MI5. Ultimate resolution was that the user was arrested in Romania and dealt harsh penalties due to the process I started with the FBI.

Developed and implemented global DLP (Data Loss Prevention) solutions covering trade secret and intellectual property using smart proxy features in Sophos

Remote eDiscovery project concerning plantation personnel mortality when growing high nicotine tobacco strains for pesticide usage in South America

Investigation of Aniline exposure to litigation risk following spill in off-site storage facility due to presumed mishandling

Performed security investigations in mergers & acquisitions.

For Monsanto:

Using forensic tools for OSx, found patterns of misappropriation of IP and tracked computer into Canada with cartographic details accurate to 70 meters of less.

Forensically found application hiding IP on apparent desktop link which was actually an encrypted folder comtaining the intellectual property using alternate data streams

CORE COMPETENCIES

Security Functions eDiscovery (Electronic Discovery, e-Discovery), Security Analyst, Computer Forensic Analysis, Network Security, Systems Analyst specializing in Daubert compliant eDiscovery tool operation, Systems Integration, Microsoft 365 Security & Compliance, Google Vault eDiscovery, Azure data migration

Security Tools Forensic ToolKit (FTK6), Encase7, Access Data Password Recovery ToolKit, Sherpa Discovery Attender 3.7 WireShark, Ntop, Nmap,PENtesting

Operating Systems Windows, Linux, Unix

PROFESSIONAL HISTORY

Physical Security (April 2023-Present)

Access control using Aurora Access Control Management Software

Vivotek CCTV monitor and reporting

Alerting to safety issues caused by inattention to electrical and chemical hazard labelling

Daily interaction on a personal level with plant workforce

Maintain high visibility and perform periodic monitoring for a variety of environmental issues

Senior Forensic Analyst (29 years experience)

Monsanto-Bayer - St. Louis, MO

February 2014 to December 2022

February 18,2014 began working again as a consultant for Monsanto in legal collections and production. After onboarding and acclimation, I found many disparate collection practices and began replacing them on an as found basis with defensible policies. Next, I went through tools which were to be used and found gaps which would cause failures in the Daubert Standard. Some of the problems were in application and server configuration while others were in incorrect statements in vendor documentation regarding search terms and near attributes. Ultimately, I developed collection predictive coding processes which were forensic in nature and would produce all custodian files for processing. This obviated opposing counsel process repudiation attempts.

Corrected firewall configuration to allow Aspera to upload hundreds of gigabytes upwards of one terabyte in a single work day. Refined and corrected practices for Clearwell, Enterprise Vault, Sherpa Discovery Attender as well a forensic tools (FTK, Encase and Blacklight).

Performed majority of collection and production for following litigation matters: Roundup 2015-2018 and Dicamba 2016-2018

Worked with outside eDiscovery firms to refine search terms and solve lexical distancing problems to be more responsive in Relativity and Nuix and Daubert safe

performed collection and production for PCB 2014-2018 deposition 2021 about methods of collection

court directed third party discovery LGBT parentage 2017.

Offshore eDiscovery in subcontinental India observing country's legal requirements 2017.

worked on processing IP misappropriation through disparate points of egress 2017 using embedded gis tools in Blacklight.

July 2018, Monsanto acquired by Bayer. Worked until 9 December 2022 to perform migration and eDiscovery tasks. 2020-2022 worked on data migration for 400 terabyte dataset.

9 December 2022 end of contract (Envision LLC) with Bayer/Monsanto.

Monsanto (contract through Envision February 2014 to 2022)

Bayer acquires Monsanto June 2018

IT Litigation Admin (prior to acquisition)

Performed collections for large and class-action litigation as well as Criminal cases and DOJ matters

Organized preservation copies for multi-terabyte collections

Instituted and managed logging for collections with date and file size info

Corrected network and firewall connectivity issues to enable usage of Aspera

Monitored carefully for missing tool collected data with Clearwell found instance of tool malfunction missing 20 gigabytes out of 130 gigabytes worked with tech support to get them to correct problem in underlying Java code took 8 months problem caused by nonstandard Sharepoint site design…after resolution developed ongoing monitoring process

Clearwell and Enterprise Vault collections to support class action

Instituted collection naming identifying case, custodian and datatype

Security Analyst – eDiscovery (e-Discovery) Collection (post acquisition)

Complete eDiscovery collection requests following documented processes and chain of custody requirements following legal demand timeframes

Maintain effective data management during collection and migration activities

Work with the infrastructure team to insure stable and sustainable eDiscovery data store and tool implementation

Find ways to get in-house Bayer-written Atticus management software to work with legacy Monsanto collections

Solutia, Inc., St. Louis, MO 200*-****-**/00 to 02/2014

Global Security Analyst - eDiscovery

Performed eDiscovery (Electronic Discovery, e-Discovery) on computers and storage media using Access Data’s Forensic Toolkit and Encase Forensic.

Created ancillary processes to gather and search throughout Solutia’s world-wide network.

Used Linux techniques to map unknown infrastructure and design roadmap for discovery.

Ensured that discovery process complied with the current Federal Rules of Civil Procedure and the Daubert standard.

Provided security of all networks and computer systems including the protection of data from unauthorized use or access.

Researched, troubleshot and managed the anti-virus solution, proxy installation, IDS network and other security systems and tools and resolved and reported security violations.

Researched, designed and ensured compliance with corporate security standards.

Performed defensible collections of surveillance camera data

Tested and validated security assumptions and practices.

Reported suspected instances of searching for and/or viewing child pornography or similar illegal activity in compliance with the State of Missouri and/or federal reporting guidelines.

Assisted in security and operations which in implementing Windows group policies, deploying security patches to all critical server and desktop platforms, administering server and desktop security policies and supporting second level operating system problems.

Completed documentation of security standards, policies and procedures and made recommendations for end-user training requirements.

Provided 4th level technical support for escalated desktop problems.

Installed and supported server management software to report on installed applications, assisted in software license, reporting and compliance; performed administration and audited user IDs.

Understood user community and delivered to user expectations.

Solutia filed for bankruptcy in December 2003 and emerged in February 2008. Due to staff reductions, the security team was reformed with 3 domestic members, one in Belgium for the EU and one in Singapore. The five of us globally covered group policy, intrusion detection and prevention, antivirus, proxy, user account and group provisioning. My roles were intrusion detection and prevention, antivirus, proxy for the global domain in all sites. While running my security roles, I constructed a process to proactively abrogate attackers' efforts in minimum times. This process, along with changing the AV to Sophos, cut our response time to milliseconds. Reports and statistics were automatically generated from our security servers.

Instituted post-bankrupcy processes to insure ISO17799 and ISO27001(2013 revision) compliance.

Cooperatively worked with process control engineering to design and implement product facilities in Asian locations while protecting Intellectual Property and Trade Secret data

Designed and implemented Qualys project to meet corporate needs.

HIPAA trained to support Corporate eDiscovery requirements

30(b)(6) deponent in multiple cases

Supported EHS processes through design checks,eDiscovery in case data and audit checks of design data and as-built information

GDPR trained and country aware of privacy restrictions and provisions within EU to facilitate eDiscovery in Europe using St. Louis as the Forensic Processing location

Full Disk Encryption (FDE) (2010)

Tested vendor wares and detected those which were not full disk products. Used FTK and Encase forensic software to test vendor claims.

Chose single vendor’s product and ensured its safe performance during new computer deployment or reprovisioning.

eDiscovery (Electronic Discovery (2000 to 2014)

Supported large eDiscovery project in developing acquisition and forensic process improvements. Ensured legitimacy of the search so eDiscovery could proceed.

Performed discovery with regard to local legal standards on multiple continents including Europe, Asia and Americas based on search criteria and developmental searches.

Built forensic lab capable of supporting multiple concurrent, multi-terabyte discovery operations using AccessData’s Forensic Toolkit 4.0.2 (64bit), Encase Forensic 7.04.01 (64bit), Sherpa Discovery Attender and personally written software. Retooled hardware to employ virtual platforms (VMware 8.0.4) and octa-core AMD FX8150 processors, 32gigabyte memory and 6 terabytes drive space.

Developed procedures for data capture, discovery, transmission and archival to preserve data integrity and all metadata.

Supported design of Automatic Policy Engine for getting Solutia to “Safe Harbor”.

Implemented AES256 encryption for use within litigation projects to prevent accidental or unintended disclosure protecting both data in motion and at rest.

Used heuristic approach to human factors evident in data storage patterns to improve retrieval of keyword queries and correlation.

Network/Security

Sophos Endpoint Protection (2011/2012)

Supported Sophos Endpoint Protection to improve ZeroAccess rootkit detection.

Provided proof of concept based upon ease of migration and product efficacy. Supported SMS phase of product deployment with 700 client copies deployed with only 1 failure. The malicious website detection in this product exceeded its predecessor with less bandwidth impact.

Supported a project with TrendMicro which resulted in development of pattern response for automatically defeating Vundo class of virii. Analyzed the attacking methodologies and kept the Trend personnel on task.

Migrated from ISA to iPrism.

Migrated proxy to Internet Security and Acceleration.

Completed implementation and “operationalization” of Internet Security and Acceleration (ISA) server for >6000 users in >40 sites worldwide. Accomplished project in 4 months from pilot phase to complete implementation with complex rule sets in order to provide barrier protection and augmented by feeds from corporate Intrusion Detection System array and anti-virus consoles. Resolved 7 mis-configured servers that were eliminated and inefficacious rules.

Supported Human Resources to improve responses to incidents as detected with the proxy, AV and IDS systems.

Implemented Win32 version of SNORT (open-source with code changes) as Intrusion Detection System (IDS) reporting to MYSQL database to address specific intrusion problem replacing Linux implementation.

Implemented Microsoft Internet Security and Acceleration (ISA) server as single proxy for 5000 seats.

Improved monitoring practices and determined gaps in anti-virus solution (AV).

Implemented and corrected Win32 SNORT based network monitoring system for ongoing access/intrusion study to locate perpetrator.

Wrote custom query system to use Intrusion Detection System (IDS) to triage viral and intrusion problems and published application.

Supported wireless implementation, developed process to find mis-configured access points and converted to WPA with TKIP.

Used Snort to create defense against msblaster.d and other viral attacks with ongoing responsibilities.

Assumed Active Directory Synchronization code support (perl) and made substantial process and code improvements toward compliance with documentation.

Designed and implemented consolidation for 8 to one server reduction project including Fiber NIC and terabyte storage array and quota management software.

Prototyped code for software metering application to replace ineffective applications metering software presently in use.

Designed and prototyped document transmission and accountability system for legal department for an improved version of software written for Monsanto and featuring accountability checks as well as transmission tracking.

Maintained Web server front-end for Concur expense account system.

Licensing & Keyservers

Managed 8 keyservers authorizing use of $750K/year software usage on worldwide basis.

Maintained software packages as delivered by vendors with regard to licensing instabilities and kept vendors focused on remediation and away from denial.

Monitored network for configuration changes that impaired the function of networked key servers.

Tested new releases of vendor software for compatibility issues.

Computer-Aided Engineering Systems Administrator (9/00 – 1/01)

Managed engineering CAD and Modeling systems (AutoCAD, Intellicad, Microstation, high volume and large format plotting).

Administered Windows NT/Windows 2000 (NT/2000) domain and services.

Provided application and general desktop support.

Maintained CAD workstation configuration and integrity through monitoring and intervention software to provide high availability.

Performed CAD file translations and repair.

Implemented secure transfer solutions for contractor workgroups.

Maintained secure transfer methods for engineering data.

Supported out-of-state/country workgroups with VNC and PCANYWHERE.

Maintained FEXLM and RAINBOW software licensing servers and installation sites.

Maintained secure terminal server computers for process design data, capital metrics and expense account data.

Created NT/2000 builds for workstation rapid rollout.

Consultant

Envision, LLC, St. Louis, MO 2/1992 – 9/2000

Monsanto Chemical

Performed ongoing support and programming tasks for both Monsanto and Solutia.

Migrated engineering applications from VMS to UNIX.

Implemented and managed security for CAD workgroups including security scanning and intrusion detection and wrote software and configured workgroups within domain model to accomplish tasks.

Managed engineering CAD systems.

Served as domain administrator.

Implemented YP security domain on UNIX systems which was converted into NT domain as NT 3.1 became available.

Managed security across two UNIX domains using COPS to measure vulnerabilities.

Performed data/file translation for CAD and Microsoft documents.

Served as Unix Security Analyst for Monsanto CAD systems.

Programmed MFC, OLE application for Monsanto which extracted data from drawing files and automatically built report in Excel. Updated application to handle 3D files.

Programmed MFC, ODBC application for Monsanto which was a document distribution system. Redesigned GUI.

Constructed design file and bit level data extractors for drawing management systems in use at both Monsanto and Solutia.

Supported OPEN VMS applications and Visual Fortran Code for engineering applications.

Set up and maintained network licensing servers for Hyprotech, Aspen, Icarus, Rebis, Codeware, Lanner and Microstation software.

Analyzed and designed terminal served environment to encapsulate financial metrics and cost analysis software that was either intolerant of antivirus software or inadequately protected by the corporate standard antivirus software.

Conducted network problem analysis and helped troubleshoot switch failures after move-in to new building and resolved terminal server connectivity problem between Ruabon (NL) and St Louis.

Provided software specification and troubleshooting for CAD applications and separate good marketing from function to get optimal performance.

Added remote administration abilities to CAD PC’s in Michigan, Alabama and several Missouri sites.

Instituted checks in CAD to insure design compliance with ISO 9000/9001

Analyst Programmer/Systems Administrator

Tobin Surveys, Inc., San Antonio, TX 1982 – 1992

Ported plotting, analytic and payroll software from Univac 9030 to Vax 11/780.

Supervised project workgroups.

Added pc automation to office environment and accounting systems.

Wrote 3740 data input emulator on VAX to facilitate Univac to VAX migration.

Added PC’s to replace $65K Intergraph CAD workstations at one-tenth the cost.

Designed, programmed and implemented GIS system used to map AT&T Fiber Optic transmission lines for use in routing petroleum pipelines and power transmission lines.

Designed and wrote OIL Well location spotting software to query a GIS database and report map features associated with geopolitical feature names and locate the well visually using CAD software and application programming.

Well Logging Engineer/Geological Analyst

Schlumberger Well Services, New Orleans, LA/Pleasanton, TX 1980 - 1982

Supervised crew of seven to produce raw and interpreted data logs of geological formations.

Ran on-site advanced computational graphics logs as interpretations of raw data.

Performed formation coring and perforation to recover samples.

Electronics and Materials Maintenance Specialist/Crewman

US Army, Ft. Bliss, TX/Baumholder FRD, Homestead, FL 7/75 – 7/78

Served as warhead and assembly technician.

Acted as crew chief for 14-man crew in Germany.

Received Army Commendation Medal and Good Conduct Medal.

Lab Assistant/Tutor/Physics Major

Eckerd College, St. Petersburg, FL 1970 - 1975

Acted as research assistant in supporting high vacuum, low energy particle scattering systems.

Served as electronics technician in repairing and calibrating counters, oscilloscopes, scintillometers and various x-ray machines.

Taught coursework in operational amplifier-based active filter design to students.

EDUCATION

Eckerd College, St. Petersburg, FL

Bachelor of Science in Physics, 1975

Thesis “Digital Waveform Recording and Analysis”

PROFESSIONAL AFFILIATIONS

Member, Infragard

Contributor, Regional Computer Crimes Enforcement Group

Participant, Counter Terrorism Advisory Council

PUBLICATIONS

Published “MYSQLIDS – A Quicklook Approach to Intrusion Detection Systems” on http://www.codeproject.com/, June 2004

Contact this candidate