New Feature: Search Alerts are available now. Learn more.
Skip to main content

Cybersecurity 2017: Managing Cybersecurity Incidents

Speaker(s): Aaron K. Martin, Bob Lord, Elissa Doroff, Emily Stapf, J. Andrew Heaton, Jaswinder S. Hayre , Laura Riposo VanDruff, Lisa J. Sotto, Paul M. Tiao, Peter M. Marta, Robert V. Lautsch, Vincent Liu
Recorded on: Sep. 15, 2017
PLI Program #: 185528

Emily Stapf is a Principal in PwC’s Cybersecurity & Privacy practice focused on incident response, threat management and cybersecurity strategy.  She is the human capital leader for PwC’s national Incident and Threat Management team, and leads the Denver market for PwC’s Cybersecurity & Privacy services. 

With 20 years of consulting experience, Ms. Stapf has helped hundreds of commercial clients prepare for, respond to, and mitigate the impact of unplanned events involving sensitive information.  For 15 years she has lead investigations, assessments and strategy projects related to data breaches, cybercrime events, privacy matters, information security strategy, and insider threat using computer forensics, data analytics and cybersecurity techniques.  She helps clients navigate public and B2B notification, regulatory inquiry and litigation, and regularly briefs senior leaders about cybersecurity risk.

Ms. Stapf has advised hundreds of corporate, private and law firm clients across healthcare, retail, financial services, insurance, aerospace, technology, manufacturing, analytics and energy industries on a global scale, and is well connected across PwC's global network.

Ms. Stapf is a frequent speaker on the topics of cybercrime, data breach investigations and information risk management at ABA, IAPP, PLI, CSO and other forums.

Ms. Stapf is a Certified Information Security Manager and a Certified Fraud Examiner, and is an IAPP and ISACA member, and held a Federal Top Secret Clearance.

Expert testimony experience

  • Led forensic investigation of a large PHI data breach, including deposition in support of a health industry client’s litigation with a third party business partner in 2010
  • Wrote a technical opinion about a cybersecurity technology in support of a health industry client’s litigation against a technology provider in 2017

J. Andrew Heaton is a principal in Ernst & Young LLP and serves as Global Lead Counsel – Data Privacy and Security for the global EY organization.  In this role, he leads EY’s global data protection team, serves as global privacy officer for the organization, and advises EY on legal aspects of data protection and information technology worldwide.  Prior to assuming his global responsibilities in 2014, he served in a similar capacity with EY’s practice in the United States, and was also lead counsel for EY’s financial services practice.

Mr. Heaton graduated summa cum laude from Bradley University in Illinois.  He received his law degree with honors from the University of Chicago Law School.  He joined EY in 1994 and was named a principal in 2000.

Mr. Heaton is a Certified Information Privacy Manager, a Certified Information Privacy Professional/US, and a member of the bars of New York, the District of Columbia and Maryland.

Jaswinder Hayre is the CISO of Dow Jones & Company, with responsibility for developing and executing a strategy to protect enterprise systems and customer facing products. He has worked to unify its disparate security practices into a modern, unified framework built to maintain the trust of customers in consumer brands like the WSJ and B2B brands like Factiva and Risk & Compliance. Jas leads the GRC, Secure Design and Architecture and Security Operations teams.

Prior to DJ, Jas built a security program to satisfy the needs of security conscious Financial Services clients at Davis Polk & Wardwell, a high end law firm serving Fortune 500 companies across the world. Before becoming a Technical Director at HBO, he helped launch products like HBO GO as part of a transformation to digital content delivery.

Jas holds a B.S. in Computer Science from NYU Poly.

Vincent Liu (CISSP) is a Partner at Bishop Fox, a cyber security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. In this role, he oversees firm management, client matters, and strategy consulting.

Vincent is a recognized expert, having presented at Black Hat and Microsoft BlueHat. He is regularly cited by the press, and has been interviewed by media outlets like Al Jazeera and NPR. Vincent has also co-authored seven books including several industry best-sellers, such as: Hacking Exposed Wireless 1st and 2nd Edition; Hacking Exposed Web Applications 3rd Edition, and most recently Web Application Security: A Beginner’s Guide. He serves as returning faculty at the Practicing Law Institute, and sits on the advisory boards for the University of Advancing Technology and the cyber security accelerator, Mod N Labs.

Prior to founding Bishop Fox, Vincent led the Attack & Penetration team for the Global Security unit at Honeywell International. Before that, he was a consultant with the Ernst & Young Advanced Security Centers and an analyst at the National Security Agency.

Dr. Martin is a Vice President at JPMorgan Chase & Co., where he focuses on Global Technology Regulatory Policy.

Aaron is responsible for monitoring and analyzing global regulatory changes impacting on the firm’s use of information technology, across Cybersecurity, Identity & Access Management, Cloud and IT Resiliency.

Prior to joining JPMorgan Chase & Co., Aaron worked on digital economy and cybersecurity policy at the Organisation for Economic Cooperation & Development, and in tech policy roles at the European Commission and Vodafone Group. He occasionally lectures on tech policy topics, most recently at Cornell Tech in 2016.

In 2011 Aaron earned a PhD in Information Systems & Innovation from the London School of Economics.

Elissa Doroff is a Vice President and Product Manager for XL Catlin’s Cyber & Technology Underwriting team.  In this role, she works to direct and manage XL Catlin’s risk management services designed to minimize the frequency and severity of data breaches.  She has considerable cyber and technology insurance expertise having worked as claims counsel at AIG and as a broker of cyber insurance at Marsh and McLennan Companies.  Throughout her tenure in the industry, she has counseled public and private clients on their risks and insurance needs in the areas of media, technology, privacy and cyber. She is a frequent speaker on these topics at seminars for clients and industry associations and has authored many industry related articles.

Elissa has a Bachelor of Arts degree from the State University of New York at Albany and a Juris Doctor from Suffolk University Law School. Elissa is admitted to practice law in Massachusetts and Connecticut.

Mr. Marta is an Executive Director and Assistant General Counsel for Global Cybersecurity at JPMorgan Chase & Co.

Pete is responsible for providing legal advice and policy analysis to the firm’s Global Cybersecurity and Global Technology departments. In addition, he assists with the firm’s efforts to establish and improve government partnerships on cybersecurity and physical security matters.

Prior to joining JPMorgan Chase, Pete held various positions in the government and the private sector.

Pete obtained his Bachelor of Business Administration from the College of William & Mary and his Juris Doctor from Harvard Law School.

Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto chairs Hunton Andrews Kurth’s top-ranked Global Privacy and Cybersecurity practice and is the managing partner of the firm’s New York office. She also serves on the firm’s Executive Committee. Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity. She was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and has received top rankings for privacy and data security by Chambers and Partners and The Legal 500. Lisa serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. 

Nicknamed both the “Priestess of Privacy” and “Queen of Breach,” Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices. She advises clients on GLB, HIPAA, COPPA, CAN-SPAM, FCRA, VPPA, security breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America). More recently, Lisa and her team have assisted more than 100 clients in developing strategies for complying with the California Consumer Privacy Act of 2018.

Lisa also provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness. Since 2005, she has advised clients on more than 1,600 cybersecurity and data breach incidents in the U.S. and abroad, including many of the seminal events. Lisa is the editor and lead author of the legal treatise entitled Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 

Lisa is chair of the New York Privacy Officers’ Forum and a former member of the Board of Directors of IAPP. She received her J.D. from the University of Pennsylvania Law School, where she was an editor of the Law Review. She received her B.A. from Cornell University, with Distinction in All Subjects. Lisa is admitted to practice in New York.

Paul is a partner in Hunton & Williams LLP’s Washington office. He co-chairs the firm’s multi-disciplinary Cyber and Physical Security Task Force and its Energy Sector Security Team. He assists clients from a wide range of sectors with security, law enforcement, electronic surveillance and privacy issues. Paul regularly advises companies on risk management, preparedness, cyber incident response, compliance, litigation, policy and legislation.  

Prior to joining Hunton & Williams, Paul served as Special Counsel and then Senior Counselor for Cybersecurity and Technology to the Director of the Federal Bureau of Investigation. In that position, he advised the FBI Director on programmatic, policy and legal issues relating to cyber, counterintelligence and counter-terrorism. He also represented the FBI in senior-level discussions with other agencies, the White House, Congress and industry.

Paul previously served on the US Senate Judiciary Committee as Counsel to the Senate Assistant Majority Leader, where he wrote legislation and provided advice on criminal and national security issues. He is a former Assistant US Attorney in the District of Maryland. At the US Attorney's Office, Paul investigated and prosecuted cyber intrusions, intellectual property violations, white collar fraud, organized crime, drug trafficking, and violent crimes. He also served as the coordinator of computer hacking and intellectual property cases.

Paul began his career as a law clerk for the Honorable Mary Schroeder of the US Court of Appeals for the Ninth Circuit, and then served as a trial lawyer in the honors program of the Department of Justice Civil Rights Division. In between stints in the government, he was in private practice at a large law firm handling civil and criminal litigation matters involving complex technology.

Paul is an adjunct professor of cybersecurity law and policy at George Washington University, a guest lecturer on cybersecurity and privacy at various universities, and an instructor at the National Institute for Trial Advocacy. He is a member of the Virginia Cyber Security Commission, appointed by Governor Terry McAuliffe; a member of the Maryland Cybersecurity Council, appointed by Attorney General Brian Frosh; and Chair of the Montgomery County Criminal Justice Coordinating Commission, appointed by County Executive Ike Leggett.

Robert is responsible for the development and management of the Information Security program throughout Rite Aid and its subsidiaries. In addition, he is also the co-chairman of the corporate contingency planning steering committee. Robert was recognized by as one of the top 32 security executives in 2012/2013. Previously he was Senior Vice President /CISO for Charter One Financial Corp.

Key Accomplishments:

  • Vice President / Chief Information Security Officer (2005 to Present)
  • Ranked 32 Out of Top 150 U.S. Security Officers in 2013
  • Obtained Diplomat status for Certification in Homeland Security - 2014
  • Over 20 years experience in IT auditing, information security, risk management, and DR/BRP consulting
  • SVP – CISO – Charter One Bank, Cleveland, OH
  • VP – CISO – Old Kent Financial, Grand Rapids, MI / Chicago, IL
  • Directs Rite Aid Information Security Program
  • Chairs – Security Management Steering Committee and BRP Steering Committee
  • Instructor/ Presenter – Lehigh University, Harrisburg University, CISO Forum

Bob Lord is the Chief Security Officer at the Democratic National Committee, bringing more than twenty years of significant experience in the information security space to the Committee, state parties, and campaigns. Previously he was Yahoo’s CISO, covering areas such as risk management, product security, security software development, e-crimes, and APT programs. Before that he acted as the CISO in Residence at Rapid 7, and before that headed up Twitter’s information security program as its first security hire. You can see some of his hobbies at

Laura Riposo VanDruff is an Assistant Director of the Division of Privacy and Identity Protection at the Federal Trade Commission in Washington, D.C.  An experienced litigator, she supervises matters relating to violations of U.S. laws enforced by the Commission regarding the privacy and security of consumer information.  Ms. VanDruff also manages privacy and security initiatives at the Commission, including the Commission’s study of security in the mobile device ecosystem and its Stick with Security and Start with Security initiatives.  She served as trial counsel in the agency’s first administrative litigation alleging that a company failed to provide lawful security for consumers’ personal information.  Ms. VanDruff is a graduate of the University of Virginia School of Law.