Skip to main content

Cybersecurity 2017: Managing Cybersecurity Incidents

Speaker(s): Aaron K. Martin, Bob Lord, Elissa Doroff, Emily Stapf, J. Andrew Heaton, Jaswinder S. Hayre , Laura Riposo VanDruff, Lisa J. Sotto, Paul M. Tiao, Peter M. Marta, Robert V. Lautsch, Vincent Liu
Recorded on: Sep. 15, 2017
PLI Program #: 185528

Elissa Doroff is a Managing Director and Cyber Technical Leader for NFP’s Management and Professional Lines.  Based in New York, she is responsible for the development of thought leadership, claims advocacy and consultation services as well as counseling clients on their risks and insurance needs in the areas of technology, privacy and cyber. 

Elissa has over fifteen years of cyber, technology and media liability insurance expertise having worked as the Underwriting and Product Manager at AXA XL where she worked to direct and manage AXA XL’s risk management services designed to minimize the frequency and severity of data breaches.  Prior to AXA XL, Elissa was a broker in Marsh and McLennan’s Network Security and Privacy Practice and previously, claims counsel at AIG focusing on Data Security and Privacy, Media and Technology Liability. She has considerable experience presenting on these topics on panels and seminars for clients and industry associations and has published several industry related articles. 

Elissa holds a Bachelor of Arts from the State University of New York at Albany and a Juris Doctor from Suffolk University Law School and is admitted to practice law in Massachusetts and Connecticut.

Emily Stapf is a Principal in PwC’s Cybersecurity & Privacy practice focused on incident and threat management and cybersecurity strategy.  She is on PwC’s US cybersecurity leadership team where she leads integration of cybersecurity into PwC ‘s global business portfolio, leads the US Incident and Threat Management team, and leads the Denver market for PwC’s Cybersecurity & Privacy services. 

With 20+ years of consulting experience, Ms. Stapf has helped hundreds of commercial clients prepare for, respond to, and mitigate the impact of unplanned events.  For 16 years she has lead investigations, incident response and strategy projects related to data breaches, cybercrime events, privacy matters, information security strategy, and insider threat using computer forensics, data analytics and cybersecurity techniques.  She helps clients navigate statutory, regulatory and contractual notification, regulatory inquiry and litigation, and regularly briefs senior leaders about cybersecurity risk, resilience and trust.

Ms. Stapf has advised hundreds of corporate, private and law firm clients across healthcare, retail, financial services, insurance, aerospace, technology, manufacturing, data analytics and energy industries on a global scale, and is well connected across PwC's global network.

Ms. Stapf is a frequent speaker on the topics of cybercrime, data breach investigations and information risk management at ABA, IAPP, PLI, CSO and other forums.

Ms. Stapf is a Certified Information Security Manager and a Certified Fraud Examiner, and is an IAPP and ISACA member, and held a Federal Top Secret Clearance.

J. Andrew Heaton serves as overall global privacy lead for the Danaher organization, working with the privacy leads for Danaher's four business segments and the "pivots" at Danaher's operating companies.  He also advises on legal matters pertaining to information security.

Before joining Danahar, Mr. Heaton was a principal in Ernst & Young LLP and served as Global Lead Counsel – Data Privacy and Security for the global EY organization.  In this role, he led EY’s global data protection team, served as global privacy officer for the organization, and advised EY on legal aspects of data protection and information technology worldwide. 

Prior to assuming his global responsibilities in 2014, he served in a similar capacity with EY’s practice in the United States and was also lead counsel for EY’s financial services practice.

Mr. Heaton graduated summa cum laude from Bradley University in Illinois.  He received his law degree with honors from the University of Chicago Law School.  He joined EY in 1994 and was named a principal in 2000.

Mr. Heaton is a Certified Information Privacy Manager, a Certified Information Privacy Professional/US, and a member of the bars of New York, the District of Columbia and Maryland.

Jaswinder Hayre is the CISO of Dow Jones & Company, with responsibility for developing and executing a strategy to protect enterprise systems and customer facing products. He has worked to unify its disparate security practices into a modern, unified framework built to maintain the trust of customers in consumer brands like the WSJ and B2B brands like Factiva and Risk & Compliance. Jas leads the GRC, Secure Design and Architecture and Security Operations teams.

Prior to DJ, Jas built a security program to satisfy the needs of security conscious Financial Services clients at Davis Polk & Wardwell, a high end law firm serving Fortune 500 companies across the world. Before becoming a Technical Director at HBO, he helped launch products like HBO GO as part of a transformation to digital content delivery.

Jas holds a B.S. in Computer Science from NYU Poly.

Vincent Liu (CISSP) is a Partner at Bishop Fox, a cyber security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. In this role, he oversees firm management, client matters, and strategy consulting.

Vincent is a recognized expert, having presented at Black Hat and Microsoft BlueHat. He is regularly cited by the press, and has been interviewed by media outlets like Al Jazeera and NPR. Vincent has also co-authored seven books including several industry best-sellers, such as: Hacking Exposed Wireless 1st and 2nd Edition; Hacking Exposed Web Applications 3rd Edition, and most recently Web Application Security: A Beginner’s Guide. He serves as returning faculty at the Practicing Law Institute, and sits on the advisory boards for the University of Advancing Technology and the cyber security accelerator, Mod N Labs.

Prior to founding Bishop Fox, Vincent led the Attack & Penetration team for the Global Security unit at Honeywell International. Before that, he was a consultant with the Ernst & Young Advanced Security Centers and an analyst at the National Security Agency.

Dr. Martin is a Vice President at JPMorgan Chase & Co., where he focuses on Global Technology Regulatory Policy.

Aaron is responsible for monitoring and analyzing global regulatory changes impacting on the firm’s use of information technology, across Cybersecurity, Identity & Access Management, Cloud and IT Resiliency.

Prior to joining JPMorgan Chase & Co., Aaron worked on digital economy and cybersecurity policy at the Organisation for Economic Cooperation & Development, and in tech policy roles at the European Commission and Vodafone Group. He occasionally lectures on tech policy topics, most recently at Cornell Tech in 2016.

In 2011 Aaron earned a PhD in Information Systems & Innovation from the London School of Economics.

Mr. Marta is an Executive Director and Assistant General Counsel for Global Cybersecurity at JPMorgan Chase & Co.

Pete is responsible for providing legal advice and policy analysis to the firm’s Global Cybersecurity and Global Technology departments. In addition, he assists with the firm’s efforts to establish and improve government partnerships on cybersecurity and physical security matters.

Prior to joining JPMorgan Chase, Pete held various positions in the government and the private sector.

Pete obtained his Bachelor of Business Administration from the College of William & Mary and his Juris Doctor from Harvard Law School.

Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto chairs Hunton Andrews Kurth’s top-ranked Global Privacy and Cybersecurity practice and is the managing partner of the firm’s New York office. She also serves on the firm’s Executive Committee. Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity. She was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and has received top rankings for privacy and data security by Chambers and Partners and The Legal 500. Chambers and Partners honored Lisa with the 2021 Outstanding Contribution to the Legal Profession award, noting that a peer called her “a legend.” Lisa serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. 

Nicknamed both the “Priestess of Privacy” and “Queen of Breach,” Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices. She provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness. Since 2005, she has advised clients on more than 2,000 cybersecurity and data breach incidents in the U.S. and abroad, including many of the world’s seminal events. She has handled numerous cyber incidents and data breaches involving industrial control systems, proprietary business information, and virtually every type of personal information. Lisa regularly meets with senior management to discuss cybersecurity legal developments, and has led numerous full board and audit committee discussions on these topics.

Lisa also advises clients on CCPA/CPRA, VCDPA, GLB, HIPAA, COPPA, CAN-SPAM, FCRA, VPPA, security breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America). Lisa is the editor and lead author of the legal treatise entitled Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 

Lisa is chair of the New York Privacy Officers’ Forum and a former member of the Board of Directors of IAPP. She received her J.D. from the University of Pennsylvania Law School, where she was an editor of the Law Review. She received her B.A. from Cornell University, with Distinction in All Subjects. Lisa is admitted to practice in New York.

Paul is a partner in Hunton & Williams LLP’s Washington office. He co-chairs the firm’s multi-disciplinary Cyber and Physical Security Task Force and its Energy Sector Security Team. He assists clients from a wide range of sectors with security, law enforcement, electronic surveillance and privacy issues. Paul regularly advises companies on risk management, preparedness, cyber incident response, compliance, litigation, policy and legislation.  

Prior to joining Hunton & Williams, Paul served as Special Counsel and then Senior Counselor for Cybersecurity and Technology to the Director of the Federal Bureau of Investigation. In that position, he advised the FBI Director on programmatic, policy and legal issues relating to cyber, counterintelligence and counter-terrorism. He also represented the FBI in senior-level discussions with other agencies, the White House, Congress and industry.

Paul previously served on the US Senate Judiciary Committee as Counsel to the Senate Assistant Majority Leader, where he wrote legislation and provided advice on criminal and national security issues. He is a former Assistant US Attorney in the District of Maryland. At the US Attorney's Office, Paul investigated and prosecuted cyber intrusions, intellectual property violations, white collar fraud, organized crime, drug trafficking, and violent crimes. He also served as the coordinator of computer hacking and intellectual property cases.

Paul began his career as a law clerk for the Honorable Mary Schroeder of the US Court of Appeals for the Ninth Circuit, and then served as a trial lawyer in the honors program of the Department of Justice Civil Rights Division. In between stints in the government, he was in private practice at a large law firm handling civil and criminal litigation matters involving complex technology.

Paul is an adjunct professor of cybersecurity law and policy at George Washington University, a guest lecturer on cybersecurity and privacy at various universities, and an instructor at the National Institute for Trial Advocacy. He is a member of the Virginia Cyber Security Commission, appointed by Governor Terry McAuliffe; a member of the Maryland Cybersecurity Council, appointed by Attorney General Brian Frosh; and Chair of the Montgomery County Criminal Justice Coordinating Commission, appointed by County Executive Ike Leggett.

Robert is responsible for the development and management of the Information Security program throughout Rite Aid and its subsidiaries. In addition, he is also the co-chairman of the corporate contingency planning steering committee. Robert was recognized by as one of the top 32 security executives in 2012/2013. Previously he was Senior Vice President /CISO for Charter One Financial Corp.

Key Accomplishments:

  • Vice President / Chief Information Security Officer (2005 to Present)
  • Ranked 32 Out of Top 150 U.S. Security Officers in 2013
  • Obtained Diplomat status for Certification in Homeland Security - 2014
  • Over 20 years experience in IT auditing, information security, risk management, and DR/BRP consulting
  • SVP – CISO – Charter One Bank, Cleveland, OH
  • VP – CISO – Old Kent Financial, Grand Rapids, MI / Chicago, IL
  • Directs Rite Aid Information Security Program
  • Chairs – Security Management Steering Committee and BRP Steering Committee
  • Instructor/ Presenter – Lehigh University, Harrisburg University, CISO Forum

Bob Lord is the Chief Security Officer at the Democratic National Committee, bringing more than twenty years of significant experience in the information security space to the Committee, state parties, and campaigns. Previously he was Yahoo’s CISO, covering areas such as risk management, product security, security software development, e-crimes, and APT programs. Before that he acted as the CISO in Residence at Rapid 7, and before that headed up Twitter’s information security program as its first security hire. You can see some of his hobbies at

Laura Riposo VanDruff is an Assistant Director of the Division of Privacy and Identity Protection at the Federal Trade Commission in Washington, D.C.  An experienced litigator, she supervises matters relating to violations of U.S. laws enforced by the Commission regarding the privacy and security of consumer information.  Ms. VanDruff also manages privacy and security initiatives at the Commission, including the Commission’s study of security in the mobile device ecosystem and its Stick with Security and Start with Security initiatives.  She served as trial counsel in the agency’s first administrative litigation alleging that a company failed to provide lawful security for consumers’ personal information.  Ms. VanDruff is a graduate of the University of Virginia School of Law.