Johnny Lee is a forensic investigator, management consultant, and attorney, specializing in data analytics, computer forensics, and electronic discovery in support of investigations and litigation. He also provides advisory services to companies working to address complex data governance and records / information management issues.
Johnny is a frequent speaker, panelist, and contributor on issues involving CyberSecurity, eDiscovery, Data Analysis, Business Intelligence, Records and Information Management, and the effective use (and risk management) of Information Technology. Johnny received his Juris Doctorate from the Georgia State University College of Law and his Bachelor’s degree from Emory University. In 2000, he was admitted to the State Bar of Georgia, where he maintains an active law license.
He has delivered solutions in both the public and private sector on the effective mitigation of business, compliance, and litigation risk to Law Firms; General Counsel; Boards of Directors; Audit Committees; and Chief Financial, Compliance, and Operations executives. He has led project teams across a variety of industries, including advanced technology, software, communications, private equity / venture capital, healthcare, hospitality, manufacturing, financial services, insurance, retail, construction, transportation, and legal.
1. You started working at Grant Thornton LLP in the capacity of a forensic investigator, cyber security, and data governance specialist back in 2010. What specifically interested you about this job and how, if at all, have the requirements changed in the time you’ve been there?
I came to Grant Thornton because its platform held a lot of promise for where I wanted to take my career. The practice was both established and poised for great growth, and it has not disappointed. The requirements for a complex, fast-paced, and growing practice always feel fluid, so it’s hard to answer the question as to how they’ve changed over the years. I suppose the biggest change is adapting to the issues our clients are facing on a regular basis –- whether that be newly identified threats in the information security arena or new challenges from the industry or regulatory arenas.
2. Looking at your LinkedIn profile, it appears as though you entered the forensic investigator space in 2002 when you worked at Protiviti as director of enterprise information management. Why did you change your focus?
I started my career, more or less, in the IT space, working as a software developer, database administrator, and networking engineer. In law school, I continued with these pursuits and sought to marry them with my legal training after graduation. I’ve tried to cultivate that marriage ever since. I’ve been fortunate enough to work in environments that allow me the flexibility and variety to pursue subjects that genuinely interest me, so it’s tough to pin down precisely when (or, frankly, if) that focus has changed.
3. I would think that no two days would be alike for a forensic investigator, but what tasks might you be required perform on any given day?
You’re right about each day being unique from the next, but that’s a strong part of the allure for me. In a given day, I might be assisting a client in a data breach investigation, helping general counsel think through data preservation issues related to a litigation, preparing for computer forensics expert testimony, supporting a large document review on our eDiscovery platform, working with our team to perform complex data analytics against sizable data stores, or some combination of each of these.
4. What hard and soft skills do you and other forensic investigators require in order to perform all of the functions required?
I joke that the bulk of my professional life is spent translating between legal- and IT-speak, then back again. While this does feel true on many days, the reality is that investigators must have the ability to listen well, to pay attention to detail, to remain both objective and skeptical until facts are in hand, and to communicate clearly in both written and verbal form.
5. Every job has its highs and lows. What do you like most about your job – and what do you like least?
Without a doubt, I enjoy the complexity and the variety of the work I do; I’m quite fortunate in that regard. Of course, each of us has aspects of the job that we find less than optimal. The trick is to focus on the things that excite you and to tackle the other things as quickly and efficiently as possible, so that you can get back to the aspects of the work that keep you motivated.
6. Are forensic investigators required to be lawyers as well? If not, what advantages might you, a practicing lawyer, have over forensic investigators who are not lawyers?
There is no such requirement for investigators to be attorneys, and I have worked with numerous non-lawyers that are superb investigators. That said, attorneys are trained on how the legal system is structured, how laws are drafted and enforced, and how law enforcement typically addresses certain kinds of matters. Admitting my bias freely, I think that attorneys have perhaps an added appreciation for — and a useful perspective on — how best to navigate complex investigations.
7. One of the things I routinely hear from professionals in the IT/IS space is that one of the hardest things about the job is getting clients to recognize the seriousness of the cyber security threats their businesses face. Do you find that your clients understand how high the stakes are?
I think many companies struggle with this. There are a variety of nuances at play here, but the short answer to this question is that this area is both complex and rapidly evolving; even practitioners who have spent their careers in this arena struggle to keep current with developments. For a client to understand the stakes, the person or team articulating the risks must be well versed in risk –- be they business, technology, compliance, legal, and/or regulatory risks.
8. What sorts of trends have you noticed in the forensic investigators field?
One trend that is impossible to ignore is data proliferation and variety. As investigators, one of our principal charters early in a case is drawing a line between data preservation and data analysis. The crux of the first camp is the protection of key evidence and the furtherance of investigative objectives and legal obligations, while the latter camp is really focused on digging into preserved details. With each passing year, our teams need to identify ways to both preserve and analyze ever larger and more complex data stores. While the tools help in keeping pace with these changes, our teams need to be creative and to work closely with counsel and client alike to ensure that we’re preserving and analyzing the most relevant data available.
9. What advice would you give to a college or university student who is interested in pursuing a career as a forensic investigator?
Above all, I would identify the area within this broad field that interests you the most. For instance, if you’re interested in financial fraud, focus on establishing a strong foundation in accounting and auditing principles. Likewise, if you’re interested in computer forensics, work to establish a technical foundation in the computer sciences. These bedrock skill sets allow practitioners to more quickly master a given subject and, by extension, to identify patterns and to assimilate concepts, making them better investigators in the process.
10. Despite devoting much of your time to your career, you still find time toolunteer on advisory boards, at both Georgia State University and Georgia Southern University. How important is it for you to give back in terms of volunteering your expertise?
I find my volunteer efforts to be immensely rewarding. While I’m not sure I would characterize it as “giving back,” I would consider this an investment in the profession. I definitely want to see future forensic investigators positioned with the best training and career advice they can receive. I’ve benefited immensely from (and have definitely needed) excellent coaching over the course of my career, and I find it very rewarding to provide this to others.
Ethical Hacking Training – Resources (InfoSec)