Skip to main content

Cybersecurity 2016: Managing Cybersecurity Incidents


Speaker(s): Adam H.. Solomon, Andrew N. Cadel, Anthony Longo, Elissa Doroff, Emily Stapf, Jaswinder S. Hayre , Jay Leek, Lisa J. Sotto, Matthew F. Fitzsimmons, Paul M. Tiao, Vincent Liu
Recorded on: Sep. 20, 2016
PLI Program #: 150568

Anthony Longo is currently Vice President, Chief Information Security Officer (CISO) of Hudson’s Bay Company, one of the fastest-growing department store retailers in the world and the oldest company in North America. With over $14 billion annually in revenue, HBC’s portfolio today includes ten banners, in formats ranging from luxury to better department stores to off price fashion shopping destinations, with more than 480 stores and 66,000 employees globally.  An accomplished information technology leader with over 15 years’ experience in the design and delivery of enterprise information security environments, Anthony is responsible for the development, implementation, and ongoing leadership of the HBC Global Information Security Program as well as strategic oversight to a team of Information Security professionals that provide Risk Management, IT Compliance, Security Operations, Security Architecture, and Identity and Access Management services.

Prior to joining Hudson’s Bay Company, Anthony has held CISO and other Global Information Security Leadership roles in Luxury Retail, Quick Service Restaurant, Insurance, Financial, and Technology Services industries both domestic and internationally, providing guidance to the executive leadership teams by recommending and prioritizing investments and projects that mitigate risk, strengthen defenses, and reduce vulnerabilities.  Anthony holds a B.S. in Information Technology from Sullivan University and information security certifications including CISSP, CISM, PCI-ISA, as well as is a current member of the NJ Evanta CISO governing body.


Emily Stapf is a Partner in PwC’s Forensic Technology practice focused on incident response, threat management and cybersecurity strategy. She co-leads PwC’s national Cybersecurity & Privacy Incident & Threat Management offering, and leads the Rockies Market for PwC’s Advisory services.

With 18 years consulting experience, Ms. Stapf helps commercial clients prepare for, respond to, and mitigate the impact of unplanned events involving sensitive information. She leads investigations, assessments and special projects related to data breaches, privacy matters, cybercrime events, information security assessments, and IT system reviews using computer forensics and data analytics techniques; and helps clients navigate constituent notification, regulatory inquiry and litigation.

She has advised hundreds of corporate, government and law firm clients in healthcare, retail, industrial products, financial services, aerospace, technology, manufacturing and energy industries, and is well connected to PwC's global forensics network.

Ms. Stapf is a frequent speaker on the topics of cybercrime, data breach investigations and information risk management at IAPP, PLI, CSO, ABA and other forums.

Ms. Stapf has a Federal Top Secret clearance, is a Certified Information Security Manager and a Certified Fraud Examiner, and is an IAPP and ISACA member.


Jaswinder Hayre is the CISO of Dow Jones & Company, with responsibility for developing and executing a strategy to protect enterprise systems and customer facing products. He has worked to unify its disparate security practices into a modern, unified framework built to maintain the trust of customers in consumer brands like the WSJ and B2B brands like Factiva and Risk & Compliance. Jas leads the GRC, Secure Design and Architecture and Security Operations teams.

Prior to DJ, Jas built a security program to satisfy the needs of security conscious Financial Services clients at Davis Polk & Wardwell, a high end law firm serving Fortune 500 companies across the world. Before becoming a Technical Director at HBO, he helped launch products like HBO GO as part of a transformation to digital content delivery.

Jas holds a B.S. in Computer Science from NYU Poly.


Primary Areas of Practice: His areas of global responsibility include technology, privacy, cyber security, intellectual property, "big data" and antitrust.

 

Law School/ Law degree from the University of Virginia School of Law

 

Graduate School: English Literature Degree from Columbia University

 

Work History: His prior experience includes IBM and the law firms of Brobeck, Phleger & Harrison and Weil, Gotschal & Manges

 

Professional Memberships: Board member of "My Sister's Place"


Vincent Liu (CISSP) is a Partner at Bishop Fox, a cyber security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. In this role, he oversees firm management, client matters, and strategy consulting.

Vincent is a recognized expert, having presented at Black Hat and Microsoft BlueHat. He is regularly cited by the press, and has been interviewed by media outlets like Al Jazeera and NPR. Vincent has also co-authored seven books including several industry best-sellers, such as: Hacking Exposed Wireless 1st and 2nd Edition; Hacking Exposed Web Applications 3rd Edition, and most recently Web Application Security: A Beginner’s Guide. He serves as returning faculty at the Practicing Law Institute, and sits on the advisory boards for the University of Advancing Technology and the cyber security accelerator, Mod N Labs.

Prior to founding Bishop Fox, Vincent led the Attack & Penetration team for the Global Security unit at Honeywell International. Before that, he was a consultant with the Ernst & Young Advanced Security Centers and an analyst at the National Security Agency.


Elissa Doroff is a Vice President and Product Manager for XL Catlin’s Cyber & Technology Underwriting team.  In this role, she works to direct and manage XL Catlin’s risk management services designed to minimize the frequency and severity of data breaches.  She has considerable cyber and technology insurance expertise having worked as claims counsel at AIG and as a broker of cyber insurance at Marsh and McLennan Companies.  Throughout her tenure in the industry, she has counseled public and private clients on their risks and insurance needs in the areas of media, technology, privacy and cyber. She is a frequent speaker on these topics at seminars for clients and industry associations and has authored many industry related articles.

Elissa has a Bachelor of Arts degree from the State University of New York at Albany and a Juris Doctor from Suffolk University Law School. Elissa is admitted to practice law in Massachusetts and Connecticut.


Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto chairs Hunton Andrews Kurth’s top-ranked Global Privacy and Cybersecurity practice and is the managing partner of the firm’s New York office.  She also serves on the firm’s Executive Committee.  Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity.  She was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and has received top rankings for privacy and data security by Chambers and Partners and The Legal 500.  Lisa serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. 

Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices.  She advises clients on GLB, HIPAA, COPPA, CAN-SPAM, FCRA, VPPA, security breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America).  More recently, Lisa’s work includes assisting dozens of clients in developing strategies for complying with the California Consumer Privacy Act of 2018.

Featured as “The Queen of Breach” in an article by New York Super Lawyers Magazine, Lisa provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness.  Since 2005, she has advised clients on more than 1,600 cybersecurity and data breach incidents in the U.S. and abroad, including many of the seminal events.  Lisa is the editor and lead author of the legal treatise entitled Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 

Lisa is chair of the New York Privacy Officers’ Forum and a former member of the Board of Directors of IAPP.  She received her J.D. from the University of Pennsylvania Law School, where she was an editor of the Law Review.  She received her B.A. from Cornell University, with Distinction in All Subjects.  Lisa is admitted to practice in New York.


 


Paul is a partner in Hunton & Williams LLP’s Washington office. He co-chairs the firm’s multi-disciplinary Cyber and Physical Security Task Force and its Energy Sector Security Team. He assists clients from a wide range of sectors with security, law enforcement, electronic surveillance and privacy issues. Paul regularly advises companies on risk management, preparedness, cyber incident response, compliance, litigation, policy and legislation.  

Prior to joining Hunton & Williams, Paul served as Special Counsel and then Senior Counselor for Cybersecurity and Technology to the Director of the Federal Bureau of Investigation. In that position, he advised the FBI Director on programmatic, policy and legal issues relating to cyber, counterintelligence and counter-terrorism. He also represented the FBI in senior-level discussions with other agencies, the White House, Congress and industry.

Paul previously served on the US Senate Judiciary Committee as Counsel to the Senate Assistant Majority Leader, where he wrote legislation and provided advice on criminal and national security issues. He is a former Assistant US Attorney in the District of Maryland. At the US Attorney's Office, Paul investigated and prosecuted cyber intrusions, intellectual property violations, white collar fraud, organized crime, drug trafficking, and violent crimes. He also served as the coordinator of computer hacking and intellectual property cases.

Paul began his career as a law clerk for the Honorable Mary Schroeder of the US Court of Appeals for the Ninth Circuit, and then served as a trial lawyer in the honors program of the Department of Justice Civil Rights Division. In between stints in the government, he was in private practice at a large law firm handling civil and criminal litigation matters involving complex technology.

Paul is an adjunct professor of cybersecurity law and policy at George Washington University, a guest lecturer on cybersecurity and privacy at various universities, and an instructor at the National Institute for Trial Advocacy. He is a member of the Virginia Cyber Security Commission, appointed by Governor Terry McAuliffe; a member of the Maryland Cybersecurity Council, appointed by Attorney General Brian Frosh; and Chair of the Montgomery County Criminal Justice Coordinating Commission, appointed by County Executive Ike Leggett.


Adam Solomon is an associate with Hunton & Williams LLP's global privacy and cybersecurity practice. Adam advises clients on all areas of U.S. privacy and cybersecurity law, including compliance with privacy and data security laws, proactive cyber incident readiness and incident response, and privacy and information management requirements. He has assisted with the development and implementation of comprehensive information security programs and routinely counsels multinational clients on data breach response and notification responsibilities. He also regularly negotiates privacy and data security provisions of complex commercial and technology-related contracts and assists corporate clients in evaluating cybersecurity risks in connection with potential acquisitions.


Jay Leek, CISM, CISA, CISSP is a Managing Director and the Chief Information Security Officer for Blackstone since joining in May 2012 where he also oversees the Blackstone Portfolio Company Information Risk & Security Community. Prior to joining Blackstone, Jay established, built and headed up global information risk and security programs for Equifax and Nokia. Over the past 20 years, Jay has also worked as a product manager as well as a consultant to numerous telecom companies, government agencies and financial institutions assisting them with business development, strategic planning and architectural design required to meet their information risk and security objectives. He also acts as an industry advisor for information security organizations and government agencies, and he currently serves as a Board Director for Optiv Security, RedOwl Analytics, CyberGRX and the NY Metro ISSA Chapter, Board Observer for Cylance and Phantom Cyber and on the Advisory Board for iSIGHT Partners and Risk IO.


Matthew Fitzsimmons is the Head of Cigna’s Privacy & Information Protection Compliance Office and Lead Privacy & Cybersecurity Counsel. At Cigna, Matt is responsible for leading the privacy and information protection compliance team, handling complex privacy and information protection issues and leading the enterprise’s incident response team, leading investigations, breach notification, and incident management activities. Matt also oversees the review and implementation of privacy related legislation, the conduct environmental scans to identify external privacy issues. 

Prior to joining Cigna, Matt was an Assistant Attorney General in Connecticut, heading that Office’s Privacy and Data Security Department. In that role, Matt served as the lead attorney in the AG’s Office on all matters involving data security and privacy, including co-leading the investigation and negotiating the largest ever multistate data breach settlement with a prominent retailer. Matt also served as co-lead counsel in the first-ever state enforcement action for alleged violations of HIPAA. Throughout his time in the AG’s Office, Matt litigated an array of complex matters in state and federal court.

Matt is a frequent guest speaker and panelist at industry and continuing legal education events on the topic of data privacy and security, and has contributed to panel discussions in the United States and Canada. Recently, he was named one of Law360’s “5 Influential Privacy Regulators That You Should Know,” as well as being named to Connecticut Magazine’s 2014 “Forty under 40” and Connecticut Law Tribune’s “New Leaders in the Law.”

Matt also served as Adjunct Professor at the University of Connecticut School of Law, where he taught oral advocacy and brief writing as part of the school’s Moot Court program.