Skip to main content

Cybersecurity 2016: Managing Cybersecurity Incidents

Speaker(s): Adam H.. Solomon, Andrew N. Cadel, Anthony Longo, Elissa Doroff, Emily Stapf, Jaswinder S. Hayre, Jay Leek, Lisa J. Sotto, Matthew F. Fitzsimmons, Paul M. Tiao, Vincent Liu
Recorded on: Sep. 20, 2016
PLI Program #: 150568

Anthony Longo is currently Vice President, Chief Information Security Officer (CISO) of Hudson’s Bay Company, one of the fastest-growing department store retailers in the world and the oldest company in North America. With over $14 billion annually in revenue, HBC’s portfolio today includes ten banners, in formats ranging from luxury to better department stores to off price fashion shopping destinations, with more than 480 stores and 66,000 employees globally.  An accomplished information technology leader with over 15 years’ experience in the design and delivery of enterprise information security environments, Anthony is responsible for the development, implementation, and ongoing leadership of the HBC Global Information Security Program as well as strategic oversight to a team of Information Security professionals that provide Risk Management, IT Compliance, Security Operations, Security Architecture, and Identity and Access Management services.

Prior to joining Hudson’s Bay Company, Anthony has held CISO and other Global Information Security Leadership roles in Luxury Retail, Quick Service Restaurant, Insurance, Financial, and Technology Services industries both domestic and internationally, providing guidance to the executive leadership teams by recommending and prioritizing investments and projects that mitigate risk, strengthen defenses, and reduce vulnerabilities.  Anthony holds a B.S. in Information Technology from Sullivan University and information security certifications including CISSP, CISM, PCI-ISA, as well as is a current member of the NJ Evanta CISO governing body.

Elissa Doroff is a Managing Director and Cyber Technical Leader for NFP’s Management and Professional Lines.  Based in New York, she is responsible for the development of thought leadership, claims advocacy and consultation services as well as counseling clients on their risks and insurance needs in the areas of technology, privacy and cyber. 

Elissa has over fifteen years of cyber, technology and media liability insurance expertise having worked as the Underwriting and Product Manager at AXA XL where she worked to direct and manage AXA XL’s risk management services designed to minimize the frequency and severity of data breaches.  Prior to AXA XL, Elissa was a broker in Marsh and McLennan’s Network Security and Privacy Practice and previously, claims counsel at AIG focusing on Data Security and Privacy, Media and Technology Liability. She has considerable experience presenting on these topics on panels and seminars for clients and industry associations and has published several industry related articles. 

Elissa holds a Bachelor of Arts from the State University of New York at Albany and a Juris Doctor from Suffolk University Law School and is admitted to practice law in Massachusetts and Connecticut.

Emily Stapf is a Principal in PwC’s Cybersecurity & Privacy practice focused on incident and threat management and cybersecurity strategy.  She is on PwC’s US cybersecurity leadership team where she leads integration of cybersecurity into PwC ‘s global business portfolio, leads the US Incident and Threat Management team, and leads the Denver market for PwC’s Cybersecurity & Privacy services. 

With 20+ years of consulting experience, Ms. Stapf has helped hundreds of commercial clients prepare for, respond to, and mitigate the impact of unplanned events.  For 16 years she has lead investigations, incident response and strategy projects related to data breaches, cybercrime events, privacy matters, information security strategy, and insider threat using computer forensics, data analytics and cybersecurity techniques.  She helps clients navigate statutory, regulatory and contractual notification, regulatory inquiry and litigation, and regularly briefs senior leaders about cybersecurity risk, resilience and trust.

Ms. Stapf has advised hundreds of corporate, private and law firm clients across healthcare, retail, financial services, insurance, aerospace, technology, manufacturing, data analytics and energy industries on a global scale, and is well connected across PwC's global network.

Ms. Stapf is a frequent speaker on the topics of cybercrime, data breach investigations and information risk management at ABA, IAPP, PLI, CSO and other forums.

Ms. Stapf is a Certified Information Security Manager and a Certified Fraud Examiner, and is an IAPP and ISACA member, and held a Federal Top Secret Clearance.

Jaswinder Hayre is the CISO of Dow Jones & Company, with responsibility for developing and executing a strategy to protect enterprise systems and customer facing products. He has worked to unify its disparate security practices into a modern, unified framework built to maintain the trust of customers in consumer brands like the WSJ and B2B brands like Factiva and Risk & Compliance. Jas leads the GRC, Secure Design and Architecture and Security Operations teams.

Prior to DJ, Jas built a security program to satisfy the needs of security conscious Financial Services clients at Davis Polk & Wardwell, a high end law firm serving Fortune 500 companies across the world. Before becoming a Technical Director at HBO, he helped launch products like HBO GO as part of a transformation to digital content delivery.

Jas holds a B.S. in Computer Science from NYU Poly.

Primary Areas of Practice: His areas of global responsibility include technology, privacy, cyber security, intellectual property, "big data" and antitrust.


Law School/ Law degree from the University of Virginia School of Law


Graduate School: English Literature Degree from Columbia University


Work History: His prior experience includes IBM and the law firms of Brobeck, Phleger & Harrison and Weil, Gotschal & Manges


Professional Memberships: Board member of "My Sister's Place"

Vincent Liu (CISSP) is a Partner at Bishop Fox, a cyber security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. In this role, he oversees firm management, client matters, and strategy consulting.

Vincent is a recognized expert, having presented at Black Hat and Microsoft BlueHat. He is regularly cited by the press, and has been interviewed by media outlets like Al Jazeera and NPR. Vincent has also co-authored seven books including several industry best-sellers, such as: Hacking Exposed Wireless 1st and 2nd Edition; Hacking Exposed Web Applications 3rd Edition, and most recently Web Application Security: A Beginner’s Guide. He serves as returning faculty at the Practicing Law Institute, and sits on the advisory boards for the University of Advancing Technology and the cyber security accelerator, Mod N Labs.

Prior to founding Bishop Fox, Vincent led the Attack & Penetration team for the Global Security unit at Honeywell International. Before that, he was a consultant with the Ernst & Young Advanced Security Centers and an analyst at the National Security Agency.

Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto chairs Hunton Andrews Kurth’s top-ranked Global Privacy and Cybersecurity practice and is the managing partner of the firm’s New York office. She also serves on the firm’s Executive Committee. Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity. She was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and has received top rankings for privacy and data security by Chambers and Partners and The Legal 500. Chambers and Partners honored Lisa with the 2021 Outstanding Contribution to the Legal Profession award, noting that a peer called her “a legend.” Lisa serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. 

Nicknamed both the “Priestess of Privacy” and “Queen of Breach,” Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices. She provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness. Since 2005, she has advised clients on more than 2,000 cybersecurity and data breach incidents in the U.S. and abroad, including many of the world’s seminal events. She has handled numerous cyber incidents and data breaches involving industrial control systems, proprietary business information, and virtually every type of personal information. Lisa regularly meets with senior management to discuss cybersecurity legal developments, and has led numerous full board and audit committee discussions on these topics.

Lisa also advises clients on CCPA/CPRA, VCDPA, GLB, HIPAA, COPPA, CAN-SPAM, FCRA, VPPA, security breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America). Lisa is the editor and lead author of the legal treatise entitled Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 

Lisa is chair of the New York Privacy Officers’ Forum and a former member of the Board of Directors of IAPP. She received her J.D. from the University of Pennsylvania Law School, where she was an editor of the Law Review. She received her B.A. from Cornell University, with Distinction in All Subjects. Lisa is admitted to practice in New York.

Paul is a partner in Hunton & Williams LLP’s Washington office. He co-chairs the firm’s multi-disciplinary Cyber and Physical Security Task Force and its Energy Sector Security Team. He assists clients from a wide range of sectors with security, law enforcement, electronic surveillance and privacy issues. Paul regularly advises companies on risk management, preparedness, cyber incident response, compliance, litigation, policy and legislation.  

Prior to joining Hunton & Williams, Paul served as Special Counsel and then Senior Counselor for Cybersecurity and Technology to the Director of the Federal Bureau of Investigation. In that position, he advised the FBI Director on programmatic, policy and legal issues relating to cyber, counterintelligence and counter-terrorism. He also represented the FBI in senior-level discussions with other agencies, the White House, Congress and industry.

Paul previously served on the US Senate Judiciary Committee as Counsel to the Senate Assistant Majority Leader, where he wrote legislation and provided advice on criminal and national security issues. He is a former Assistant US Attorney in the District of Maryland. At the US Attorney's Office, Paul investigated and prosecuted cyber intrusions, intellectual property violations, white collar fraud, organized crime, drug trafficking, and violent crimes. He also served as the coordinator of computer hacking and intellectual property cases.

Paul began his career as a law clerk for the Honorable Mary Schroeder of the US Court of Appeals for the Ninth Circuit, and then served as a trial lawyer in the honors program of the Department of Justice Civil Rights Division. In between stints in the government, he was in private practice at a large law firm handling civil and criminal litigation matters involving complex technology.

Paul is an adjunct professor of cybersecurity law and policy at George Washington University, a guest lecturer on cybersecurity and privacy at various universities, and an instructor at the National Institute for Trial Advocacy. He is a member of the Virginia Cyber Security Commission, appointed by Governor Terry McAuliffe; a member of the Maryland Cybersecurity Council, appointed by Attorney General Brian Frosh; and Chair of the Montgomery County Criminal Justice Coordinating Commission, appointed by County Executive Ike Leggett.

Adam Solomon is an associate with Hunton & Williams LLP's global privacy and cybersecurity practice. Adam advises clients on all areas of U.S. privacy and cybersecurity law, including compliance with privacy and data security laws, proactive cyber incident readiness and incident response, and privacy and information management requirements. He has assisted with the development and implementation of comprehensive information security programs and routinely counsels multinational clients on data breach response and notification responsibilities. He also regularly negotiates privacy and data security provisions of complex commercial and technology-related contracts and assists corporate clients in evaluating cybersecurity risks in connection with potential acquisitions.

Jay Leek, CISM, CISA, CISSP, is a Managing Partner and Co-founder of ClearSky Security, and leading venture fund focused on investing in early- and growth-stage security companies.  He also consults with Blackstone on various areas of cyber security strategy and investing, and he is currently co-leading Blackstone’s portfolio company CISO community. Prior to joining ClearSky, Leek was the Chief Information Security Officer for Blackstone, where he also worked with their information security investments and portfolio companies.  Over the past 20 years, Leek built and headed up global information risk and security programs for Equifax and Nokia and also worked as a Product Manager as well as a Consultant to telecom companies, government agencies and financial institutions assisting them with strategic planning and architectural design required to meet their information risk and security objectives. Leek currently serves as a member of the board of directors for AppOmni, BigID, BlueLava, Capsule8, CloudKnox, CyberGRX, IntSights, SecZetta and Respond, and the NY Metro ISSA Chapter. He was also formerly a member of the board of directors for Carbon Black, Cylance, Demisto, Optiv, Phantom, ProtectWise, RedOwl and Verodin, and a former member of the advisory boards for Accuvant, iSIGHT Partners and Risk IO.

Matthew Fitzsimmons is the Head of Cigna’s Privacy & Information Protection Compliance Office and Lead Privacy & Cybersecurity Counsel. At Cigna, Matt is responsible for leading the privacy and information protection compliance team, handling complex privacy and information protection issues and leading the enterprise’s incident response team, leading investigations, breach notification, and incident management activities. Matt also oversees the review and implementation of privacy related legislation, the conduct environmental scans to identify external privacy issues. 

Prior to joining Cigna, Matt was an Assistant Attorney General in Connecticut, heading that Office’s Privacy and Data Security Department. In that role, Matt served as the lead attorney in the AG’s Office on all matters involving data security and privacy, including co-leading the investigation and negotiating the largest ever multistate data breach settlement with a prominent retailer. Matt also served as co-lead counsel in the first-ever state enforcement action for alleged violations of HIPAA. Throughout his time in the AG’s Office, Matt litigated an array of complex matters in state and federal court.

Matt is a frequent guest speaker and panelist at industry and continuing legal education events on the topic of data privacy and security, and has contributed to panel discussions in the United States and Canada. Recently, he was named one of Law360’s “5 Influential Privacy Regulators That You Should Know,” as well as being named to Connecticut Magazine’s 2014 “Forty under 40” and Connecticut Law Tribune’s “New Leaders in the Law.”

Matt also served as Adjunct Professor at the University of Connecticut School of Law, where he taught oral advocacy and brief writing as part of the school’s Moot Court program.