Joseph Caruso is a recognized industry leader in the fields of cyber security, computer forensics and eDiscovery. With over 20 years of active in-the-field experience in numerous technology areas, his diverse expert background is unrivaled, giving him the ability to explain a wide array of complex technologies in simple, easy to understand language, so the client, the opposition and the court all fully understand the topic, methods and results, while being able to withstand the highest levels of scrutiny.
Mr. Caruso has been in the computer technology business since 1980, has extensive experience with a wide variety of platforms and has developed databases and real-time systems for major companies, including transactional databases on IBM OS/390 and AS/400 mainframes, in both IMS and DB2. These systems are capable of processing millions of transactions a day and are the basis for reservation systems, financial systems and insurance and retail companies around the world.
Mr. Caruso has led incident response teams for Fortune 500 companies, which include Pfizer, ADCO, Harrah's, and institutions which include World Bank, International Monetary Fund, the US federal court system and L3, to name a few. He is experienced in data breaches of all sizes and has led teams that successfully secured networks after major intrusions and worked closely with clients to help ensure their reputation and assets remained intact.
Mr. Caruso has been featured as a technology expert regarding high profile cases on CNN Headline News, CBS Evening News with Katie Couric, FOX Business’s Varney and Company, as well as WPIX News New York. His opinions and editorials have also been published on many national and local news sites. He has also served in an advisory capacity for national cyber security councils for two US Presidents. He is a seasoned Expert Witness in a wide range of technologies, ensuring a client’s needs are met with a highly qualified, competent and knowledgeable expert with real world experience in the right field(s).
Dual Degree B.S./B.E in Mathematics and Engineering Physics - New York University, College of Arts and Sciences & Stevens Institute of Technology
Knowledge of Systems and Applications
- Extensive background in Mainframe Operating Systems including iSeries, AS/400 and OS/390.
- Programming Languages: COBOL, COBOL II, DB2, CICS, VSAM, TSO/ISPF, ROSCOE, MICRO FOCUS, Basic,
Fortran, SQL, SQL/400, RPG, Pascal, C (all flavors), Assembler, ISPF, PL1 IMS/TSO/CLISTS/JCL/ JCLJes2/3,IMS, MVS, ACF2
Mainframe Security DFHSM, SPUFI,BMC LoadPlus, ACF2 Rumba, EDA, CLISTS FOCUS, TSO/MVS/ Focus, Oracle, ACF2 Security, CA-Spool, Boole & Babbage, Endeavor, BMC Computer Associates Tools, Compuware FILEAID, SAS, CHAMP, PANVALET - Tools VMSECURE, VM-CYPHER
- Desktop and Server Operating Systems: Windows Server and Desktop Platforms, Unix/Linux Platforms, AS/400, OS/390, SUN, Mac OSX, etc.
- Familiar with, and trained on, most major security platforms and devices, including Cisco, McAfee, Symantec, EMC and others
Technical Skills, Training, and Certifications
- CISSP - Certified Information System Security Professional, ISC2
- Certified Forensic Examiner
- Trained in EnCase Enterprise, Access Data and a myriad of open source tools and applications
- Certified Computer Forensic Examiner;
- Member of the College of Forensic Sciences;
- Association of Forensic Examiners;
- IEEE Computer Society
- Association of Expert Witnesses, CA
- EMC Corporation v. Nexaweb, Inc., et al
- ClearOne Communications, Inc., v. Biamp Systems DSP
- Bose Corporation v. Silonsonic, Inc., et al
- Motorola Mobility V. Microsoft Corp.
- J.T. Shannon Lumber Company, Inc., v. Gilco Lumber, Inc., et al
- Calyon v. Mizuho Securities USA Inc., et al
- Holland v. Motown Record Corp., et al (Mainframe)
- Hoffman v. American Express Travel Related Services Co., et al (Mainframe)
- Baker, et al v. KMPG, LLP, et al
- Nisselson v. Lernout, et al (Mainframe)
- Frank K. Cooper Real Estate #1, Inc. v. Cendant Corporation, et al
- In Re Old Banc One Shareholders Securities Litigation
- Brainstorms Internet Marketing, Inc. v. USA Networks, Inc., et al
- Douse v. Quick & Reilly.
Published Articles and Works on Computer Forensics
- Managing Complex Computer Forensic Examinations – Secure World Expo 2005, 2006 & 2007
- Comparing Computer and Network Forensics, Vol.2 – Winter 2003, Security Horizons
- Advanced Computer Forensics – Techniques for the Security Specialist (textbook published by BIA)
- Basic Computer Forensics (textbook published by BIA)
- Basic Computer Forensics, Class Materials (published by BIA)
- Advanced Computer Forensics, Class Materials (published by BIA)
- Numerous other miscellaneous cyber security and computer forensics related articles and opinions
Accomplishments and Career Highlights
- Advisor - White House Cyber Terrorism Infrastructure Security Council;
- Advisor - Department of Defense and Department of Homeland Security regarding cyber threat identification and classification systems
- Instructor - Media exploitation, social engineering and zero-day exploits for the Department of Defense, Digital Warfare School (US Army) and the US Air Force OSI program
- Lecturer - Yale University, School of Law
- Lecturer - Leeds University (UK)
- Complex Litigation Summit, Am Law, San Francisco, CA (2004-2009 and 2012)
- Sedona Conference Board of Advisors (2005, 2007 and 2008)
- Lecturer - Inn Of The Court, Nassau County, NY – “What is ESI and where is it hiding, an ESI primer for family law practitioners” (2008-2010)
- Conducted incident response, analysis and remediation for the IMF and the World Bank
- Analysis of data and computer systems related to an intrusion of several Sun Micro System servers. The investigation spanned 3 countries and involved the FBI, Scotland Yard and the Argentinian National Police
- Consultant to the FDA and the Los Angeles County Sheriff’s Office during the investigation of millions of dollars in diverted and counterfeit drugs being sold in the US
- Analysis of an intrusion involving an engineering and construction management firm that designs nuclear power plants, power grids and SCADA installations for US and worldwide municipalities and corporations. GDF was able to determine the root cause, identify the attackers and track the origins to a large nation state in Asia
- Lead expert and consultant for consumer class action law suit against American Express. Fields of expertise for this action included analysis of airline reservation systems architecture, real-time transactions and mainframe database systems, including source code analysis and system configuration
- Consultant for shareholders class action law suit against Bank One Corporation. Fields of expertise included complex credit card transactions systems and drop box deposit systems
- Analysis of various database systems in a complex class action suit against multiple oil and gas companies
- Consultant and analyst for franchisee class action law suit against major real estate corporation Cendant, Inc. involving certain accounting systems
- Lead examiner for the Department of Securities and Insurance Regulation in the investigation of a large insurance company, which included onsite inspection of data systems, workflow process and electronic accounting control systems
- Lead examiner for the US Marshal Service in the investigation of counterfeit products in the commercial and retail brand name clothing markets. Acted as the custodian of all seized systems and coordinated digital investigations in multiple U.S. geographic locations
Global Digital Forensics
Responsible for the overall operation of Global Digital Forensics. Global Digital Forensics, Inc. creates and implements solutions which help ease the way through complicated legal and technical issues, from the initial collection of digital evidence, to the full analysis of that digital information. GDF offers a wide range of services, including digital forensics analysis, commercial fraud analysis, electronic evidence discovery, cyber security solutions, cyber emergency incident response, e-policy consulting and auditing, and certification services, for both private industry and the government.
Business Intelligence Associates, Inc.
Director and President
Founded BIA to fill a gap in the current security landscape. BIA had two lines of business computer forensics/incident response and litigation support. Mr. Caruso led the incident response business, and when the litigation support practice and software was sold off, he continued to run the incent response business under the Global Digital Forensics name.
The Learning Curve, Inc.
CTO and CIO
Founded The Learning Curve, Inc. in Clearwater, Florida in order to address the growing commercial demand for high-end data recovery and error correction code based products for large scale data warehousing systems, technical education products and security related systems. The company was sold in 1996 and the technology and methodologies are still in use.
Consolidated Software Products, Inc.
Founder & CTO
Founded Consolidated Software Products, Inc. of New York in 1985, which developed software libraries that allowed applications to manage and co-ordinate massive amounts of data in real-time, the technology is still in use in the SAABER System developed for American Airlines. Developed the first PC-based data recovery utility with RAID capability for the National Geological Survey, which was successfully marketed in the private industry and is still in use today. Designed security enforcement protocols and systems for military- grade communications, including cryptographic recovery code.
R & D Engineer; Corporate Liaison
At Bell labs, performed file system design for embedded systems and Unix engineering duties in the research and development facility in New Jersey, and acted as a corporate liaison in Germany, troubleshooting for clients worldwide. He specialized in government contracts and technology transfers of high end communications and military systems with a specialty in real-time systems, including design and development of Terrain Tracking Radar Systems for the joint Navy/Air force Tomahawk Missile Project with E-Systems. He was also responsible for security analysis of systems involved in the storage of classified information.