Skip to main content

Cybersecurity 2016: Managing Cybersecurity Incidents


Speaker(s): Adam H.. Solomon, Andrew N. Cadel, Anthony Longo, Elissa Doroff, Emily Stapf, Jaswinder S. Hayre , Jay Leek, Lisa J. Sotto, Matthew F. Fitzsimmons, Paul M. Tiao, Vincent Liu
Recorded on: Sep. 20, 2016
PLI Program #: 150568

Anthony Longo is currently Vice President, Chief Information Security Officer (CISO) of Hudson’s Bay Company, one of the fastest-growing department store retailers in the world and the oldest company in North America. With over $14 billion annually in revenue, HBC’s portfolio today includes ten banners, in formats ranging from luxury to better department stores to off price fashion shopping destinations, with more than 480 stores and 66,000 employees globally.  An accomplished information technology leader with over 15 years’ experience in the design and delivery of enterprise information security environments, Anthony is responsible for the development, implementation, and ongoing leadership of the HBC Global Information Security Program as well as strategic oversight to a team of Information Security professionals that provide Risk Management, IT Compliance, Security Operations, Security Architecture, and Identity and Access Management services.

Prior to joining Hudson’s Bay Company, Anthony has held CISO and other Global Information Security Leadership roles in Luxury Retail, Quick Service Restaurant, Insurance, Financial, and Technology Services industries both domestic and internationally, providing guidance to the executive leadership teams by recommending and prioritizing investments and projects that mitigate risk, strengthen defenses, and reduce vulnerabilities.  Anthony holds a B.S. in Information Technology from Sullivan University and information security certifications including CISSP, CISM, PCI-ISA, as well as is a current member of the NJ Evanta CISO governing body.


Emily Stapf is a Principal in PwC’s Cybersecurity & Privacy practice focused on incident response, threat management and cybersecurity strategy.  She is the human capital leader for PwC’s national Incident and Threat Management team, and leads the Denver market for PwC’s Cybersecurity & Privacy services. 

With 20 years of consulting experience, Ms. Stapf has helped hundreds of commercial clients prepare for, respond to, and mitigate the impact of unplanned events involving sensitive information.  For 15 years she has lead investigations, assessments and strategy projects related to data breaches, cybercrime events, privacy matters, information security strategy, and insider threat using computer forensics, data analytics and cybersecurity techniques.  She helps clients navigate public and B2B notification, regulatory inquiry and litigation, and regularly briefs senior leaders about cybersecurity risk.

Ms. Stapf has advised hundreds of corporate, private and law firm clients across healthcare, retail, financial services, insurance, aerospace, technology, manufacturing, analytics and energy industries on a global scale, and is well connected across PwC's global network.

Ms. Stapf is a frequent speaker on the topics of cybercrime, data breach investigations and information risk management at ABA, IAPP, PLI, CSO and other forums.

Ms. Stapf is a Certified Information Security Manager and a Certified Fraud Examiner, and is an IAPP and ISACA member, and held a Federal Top Secret Clearance.

Expert testimony experience

  • Led forensic investigation of a large PHI data breach, including deposition in support of a health industry client’s litigation with a third party business partner in 2010
  • Wrote a technical opinion about a cybersecurity technology in support of a health industry client’s litigation against a technology provider in 2017


Jaswinder Hayre is the CISO of Dow Jones & Company, with responsibility for developing and executing a strategy to protect enterprise systems and customer facing products. He has worked to unify its disparate security practices into a modern, unified framework built to maintain the trust of customers in consumer brands like the WSJ and B2B brands like Factiva and Risk & Compliance. Jas leads the GRC, Secure Design and Architecture and Security Operations teams.

Prior to DJ, Jas built a security program to satisfy the needs of security conscious Financial Services clients at Davis Polk & Wardwell, a high end law firm serving Fortune 500 companies across the world. Before becoming a Technical Director at HBO, he helped launch products like HBO GO as part of a transformation to digital content delivery.

Jas holds a B.S. in Computer Science from NYU Poly.


Primary Areas of Practice: His areas of global responsibility include technology, privacy, cyber security, intellectual property, "big data" and antitrust.

 

Law School/ Law degree from the University of Virginia School of Law

 

Graduate School: English Literature Degree from Columbia University

 

Work History: His prior experience includes IBM and the law firms of Brobeck, Phleger & Harrison and Weil, Gotschal & Manges

 

Professional Memberships: Board member of "My Sister's Place"


Vincent Liu (CISSP) is a Partner at Bishop Fox, a cyber security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. In this role, he oversees firm management, client matters, and strategy consulting.

Vincent is a recognized expert, having presented at Black Hat and Microsoft BlueHat. He is regularly cited by the press, and has been interviewed by media outlets like Al Jazeera and NPR. Vincent has also co-authored seven books including several industry best-sellers, such as: Hacking Exposed Wireless 1st and 2nd Edition; Hacking Exposed Web Applications 3rd Edition, and most recently Web Application Security: A Beginner’s Guide. He serves as returning faculty at the Practicing Law Institute, and sits on the advisory boards for the University of Advancing Technology and the cyber security accelerator, Mod N Labs.

Prior to founding Bishop Fox, Vincent led the Attack & Penetration team for the Global Security unit at Honeywell International. Before that, he was a consultant with the Ernst & Young Advanced Security Centers and an analyst at the National Security Agency.


Elissa Doroff is a Vice President and Product Manager for XL Catlin’s Cyber & Technology Underwriting team.  In this role, she works to direct and manage XL Catlin’s risk management services designed to minimize the frequency and severity of data breaches.  She has considerable cyber and technology insurance expertise having worked as claims counsel at AIG and as a broker of cyber insurance at Marsh and McLennan Companies.  Throughout her tenure in the industry, she has counseled public and private clients on their risks and insurance needs in the areas of media, technology, privacy and cyber. She is a frequent speaker on these topics at seminars for clients and industry associations and has authored many industry related articles.

Elissa has a Bachelor of Arts degree from the State University of New York at Albany and a Juris Doctor from Suffolk University Law School. Elissa is admitted to practice law in Massachusetts and Connecticut.


Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto chairs Hunton Andrews Kurth’s top-ranked Global Privacy and Cybersecurity practice and is the managing partner of the firm’s New York office.  She also serves on the firm’s Executive Committee.  Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity.  She was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and has received top rankings for privacy and data security by Chambers and Partners and The Legal 500.  Lisa serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. 

Featured as “The Queen of Breach” in an article by New York Super Lawyers Magazine, Lisa provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness.  Since 2005, she has advised clients on more than 1,600 cybersecurity and data breach incidents in the U.S. and abroad, including many of the seminal events.  Lisa is the editor and lead author of the legal treatise entitled Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 

Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices.  She advises clients on GLB, HIPAA, COPPA, CAN-SPAM, FCRA, VPPA, security breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America).  More recently, Lisa’s work includes assisting dozens of clients in developing strategies for complying with the California Consumer Privacy Act of 2018.

Lisa is chair of the New York Privacy Officers’ Forum and a former member of the Board of Directors of IAPP.  She received her J.D. from the University of Pennsylvania Law School, where she was an editor of the Law Review.  She received her B.A. from Cornell University, with Distinction in All Subjects.  Lisa is admitted to practice in New York.


 


Paul is a partner in Hunton & Williams LLP’s Washington office. He co-chairs the firm’s multi-disciplinary Cyber and Physical Security Task Force and its Energy Sector Security Team. He assists clients from a wide range of sectors with security, law enforcement, electronic surveillance and privacy issues. Paul regularly advises companies on risk management, preparedness, cyber incident response, compliance, litigation, policy and legislation.  

Prior to joining Hunton & Williams, Paul served as Special Counsel and then Senior Counselor for Cybersecurity and Technology to the Director of the Federal Bureau of Investigation. In that position, he advised the FBI Director on programmatic, policy and legal issues relating to cyber, counterintelligence and counter-terrorism. He also represented the FBI in senior-level discussions with other agencies, the White House, Congress and industry.

Paul previously served on the US Senate Judiciary Committee as Counsel to the Senate Assistant Majority Leader, where he wrote legislation and provided advice on criminal and national security issues. He is a former Assistant US Attorney in the District of Maryland. At the US Attorney's Office, Paul investigated and prosecuted cyber intrusions, intellectual property violations, white collar fraud, organized crime, drug trafficking, and violent crimes. He also served as the coordinator of computer hacking and intellectual property cases.

Paul began his career as a law clerk for the Honorable Mary Schroeder of the US Court of Appeals for the Ninth Circuit, and then served as a trial lawyer in the honors program of the Department of Justice Civil Rights Division. In between stints in the government, he was in private practice at a large law firm handling civil and criminal litigation matters involving complex technology.

Paul is an adjunct professor of cybersecurity law and policy at George Washington University, a guest lecturer on cybersecurity and privacy at various universities, and an instructor at the National Institute for Trial Advocacy. He is a member of the Virginia Cyber Security Commission, appointed by Governor Terry McAuliffe; a member of the Maryland Cybersecurity Council, appointed by Attorney General Brian Frosh; and Chair of the Montgomery County Criminal Justice Coordinating Commission, appointed by County Executive Ike Leggett.


Adam Solomon is an associate with Hunton & Williams LLP's global privacy and cybersecurity practice. Adam advises clients on all areas of U.S. privacy and cybersecurity law, including compliance with privacy and data security laws, proactive cyber incident readiness and incident response, and privacy and information management requirements. He has assisted with the development and implementation of comprehensive information security programs and routinely counsels multinational clients on data breach response and notification responsibilities. He also regularly negotiates privacy and data security provisions of complex commercial and technology-related contracts and assists corporate clients in evaluating cybersecurity risks in connection with potential acquisitions.


Jay Leek, CISM, CISA, CISSP, is a Managing Director and Co-founder of ClearSky Security.  He also consults with Blackstone on various areas of cyber security strategy and investing, and he is currently co-leading Blackstone’s portfolio company CISO community. Prior to joining ClearSky, Leek was the Chief Information Security Officer for Blackstone, where he also worked with their information security investments and portfolio companies.  Over the past 20 years, Leek built and headed up global information risk and security programs for Equifax and Nokia and also worked as a Product Manager as well as a Consultant to telecom companies, government agencies and financial institutions assisting them with strategic planning and architectural design required to meet their information risk and security objectives. Leek currently serves as a member of the boards of directors for BigID, BlueLava, Capsule8, CloudKnox, CyberGRX, IntSights and Respond, and the NY Metro ISSA Chapter. He was also formerly a member of the board of directors of Carbon Black, Demisto, Optiv, ProtectWise, RedOwl, Verodin, a Board Observer for Cylance and Phantom and a member of the advisory boards of Accuvant and iSIGHT Partners.


Matthew Fitzsimmons is the Head of Cigna’s Privacy & Information Protection Compliance Office and Lead Privacy & Cybersecurity Counsel. At Cigna, Matt is responsible for leading the privacy and information protection compliance team, handling complex privacy and information protection issues and leading the enterprise’s incident response team, leading investigations, breach notification, and incident management activities. Matt also oversees the review and implementation of privacy related legislation, the conduct environmental scans to identify external privacy issues. 

Prior to joining Cigna, Matt was an Assistant Attorney General in Connecticut, heading that Office’s Privacy and Data Security Department. In that role, Matt served as the lead attorney in the AG’s Office on all matters involving data security and privacy, including co-leading the investigation and negotiating the largest ever multistate data breach settlement with a prominent retailer. Matt also served as co-lead counsel in the first-ever state enforcement action for alleged violations of HIPAA. Throughout his time in the AG’s Office, Matt litigated an array of complex matters in state and federal court.

Matt is a frequent guest speaker and panelist at industry and continuing legal education events on the topic of data privacy and security, and has contributed to panel discussions in the United States and Canada. Recently, he was named one of Law360’s “5 Influential Privacy Regulators That You Should Know,” as well as being named to Connecticut Magazine’s 2014 “Forty under 40” and Connecticut Law Tribune’s “New Leaders in the Law.”

Matt also served as Adjunct Professor at the University of Connecticut School of Law, where he taught oral advocacy and brief writing as part of the school’s Moot Court program.