Skip to main content

Cybersecurity 2018: Managing Cybersecurity Incidents


Speaker(s): Adam Fletcher, Alan Charles Raul, Aristedes Mahairas, Ben Rossen, Bob Lord, Christie Terrill, Eric M. Friedberg, Gerasimos J. Stellatos, Jay Kelath, Lisa J. Sotto, Stephen T. Gannon, Tracey E. Scraba, Walter J. Andrews, William E. Min
Recorded on: Sep. 14, 2018
PLI Program #: 221101

Adam Fletcher, CISM, is a Managing Director and the Chief Information Security Officer for Blackstone. As a security professional for 20 years, Adam has worked with global security organizations large and small including Internet Security Systems, VeriSign, McAfee, Nokia, and Accuvant. Adam has a strong technical foundation, developed from roles in security architecture design and implementation, complemented by management experience gained from roles leading consulting engagements and global teams of information security professionals. Prior to joining Blackstone, Adam led the International Security team for Equifax, coordinating a global security program across 14 countries, each with different business, regulatory, and privacy requirements.


ALAN RAUL is the founder and leader of Sidley's highly ranked Privacy and Cybersecurity practice. He represents companies on federal, state and international privacy and cybersecurity issues, including digital governance, global data protection and compliance programs, data breaches, consumer protection issues and Internet law. Alan advises companies regarding their cybersecurity preparedness and helps them manage data security incidents. His practice involves litigation and counseling regarding consumer class actions and investigations, enforcement actions and policy development by the FTC, State Attorneys General, SEC, Department of Justice, financial regulators, EU Data Protection Authorities, and other government agencies.

He regularly represents leading tech, telecom, media, financial services and other companies with respect to their digital governance, compliance and crisis management. Alan has recently represented a special cybersecurity review committee of the Board of Directors of a major tech company in connection with its independent investigation of the company's handling of significant data breaches.

Alan provides clients with perspective gained from extensive government service. He previously served as Vice Chairman of the White House Privacy and Civil Liberties Oversight Board, General Counsel of the Office of Management and Budget, General Counsel of the U.S. Department of Agriculture, and Associate Counsel to the President.

Alan serves as a member of the Technology Litigation Advisory Committee of the U.S. Chamber Litigation Center (affiliated with the U.S. Chamber of Commerce). He also serves as a member of the American Bar Association's Cybersecurity Legal Task Force by appointment of the ABA President, and as a member of the Practicing Law lnstitute's (PLI) Privacy Law Advisors Group.

Alan is a member of the governing Board of Directors of the Future of Privacy Forum. He is a member of the Center for Democracy and Technology's Advisory Committee. Alan also serves on the Executive Committee of the Federalist Society's Administrative Law Practice Group. Alan is a frequent author and speaker on privacy, cybersecurity and related issues. He is overall editor arid a contributing author of The Privacy, Data Protection and Cybersecurity Law Review (Law Business Research Ltd, 5th ed. 2018).

Alan holds degrees from Harvard College (AB magna cum /aude),  Harvard Kennedy School of Government (MPA), and Yale Law School (JD).  He clerked for Judge Malcolm R. Wilkey of the U.S. Court of Appeals for the D.C. Circuit.


Aristedes Mahairas, Special Agent in Charge, heads the New York (NY) Counterintelligence/Cyber Division.  He previously served as Legal Attache, Athens; Joint Terrorism Task Force Supervisor; Section Chief, Strategic Operations Section-Counterterrorism Division; Chief of Staff to the Executive Assistant Director, National Security Branch.  He previously served as a Police Officer in NY City and received a Bachelor’s of Arts degree in Political Science-Baruch College, and a Juris Doctor-NY Law School.


Bill Min is Deputy General Counsel & Chief Privacy and Data Governance Officer for Western Union where he leads the company’s global privacy and information governance organization. 

Prior to Western Union, Bill was Senior Vice President, Legal and Chief Privacy Officer at Live Nation Entertainment, Inc.  He also worked for 16+ years at Starwood Hotels & Resorts Worldwide, Inc. where he led several global functions, including privacy, enterprise risk management, and operational compliance.  Among his accomplishments, Bill is acknowledged as an expert in the area of data privacy, and established the global privacy function at both Live Nation and Starwood.  Earlier in his career, Bill held in-house legal positions at Sara Lee Corporation and at Sunkyong America, Inc., the US subsidiary of one of the largest Korean conglomerates.  Prior to working as in-house counsel, Bill was a mergers and acquisitions attorney at two New York City law firms.  

Bill earned his Bachelor of Arts degree from the University of Pennsylvania, his Master of Arts degree from the State University of New York at Stony Brook, and his Juris Doctor degree from Fordham University School of Law. 


Christie Terrill (CISSP) is a Partner at Bishop Fox, a security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. She has accumulated more than a decade of information security experience in providing security advisory services. Christie is based in New York City where she provides engagement oversight, thought leadership, and client relationship management to Bishop Fox’s clients.

Christie is a monthly contributor to Forbes, where her articles translate cybersecurity issues into business-relevant action. In 2017 and 2016, she spoke at several Dark Reading webinars on the topic of Preparing a Next-Generation IT Security Strategy. She also took part in a panel discussion on “Stories from the Battlefield – Cybersecurity Incident Response” at the Women in Cybersecurity Conference 2017 (WiCyS). Previously, Christie had appeared as a panelist at the first annual “Career Discovery in Cyber Security: A Women’s Symposium” in 2014 and as a speaker at the BayThreat 2012 Conference, presenting Where to Start When Securing a Startup. Other accomplishments include working as a Technical Editor for the Legal, Regulatory, and Standards Compliance chapter in Information Security: The Complete Reference, published by McGraw-Hill in addition to being quoted in publications such as MarketWatch, Infosecurity Magazine, and eWeek.

Prior to joining Bishop Fox, Christie spent several years in the security consulting practices at Accenture and Ernst & Young for clients in the Global 500. During this time, she lived and worked in the United States, the United Kingdom, and India. Christie holds a Bachelor of Arts with Honors from the University of California, Santa Cruz.


Gerasimos (Gerry) J. Stellatos is a Principal in PwC’s Cyber Incident Threat Management practice where he is the national lead for incident response engagements.  Gerry has extensive experience developing strategies in matters involving sensitive data breaches, intellectual property thefts, hacking events, forensic investigations and security and vulnerability assessments.

Previously, Gerry was a Managing Director at Mandiant, responsible for leading the security consulting practice for the Mid-Atlantic and South East regions. Prior to joining Mandiant, Gerry provided Program Management and Incident Response services to multiple federal government clients.

Gerry began his career with the National Security Agency (NSA) as a Global Network Analyst and has also been a Professorial Lecturer for the High Technology Crime Investigation Program at The George Washington University. He has developed and instructed courses on file system forensics, incident response, and malware analysis.

Gerry holds a Bachelor of Science in Criminal Justice from Utica College of Syracuse University and his MBA from Loyola College of Maryland.


Stephen T. Gannon is General Counsel and Chief Legal Officer of Citizens Financial Group. He leads the bank’s legal function and serves as the chief legal advisor for the company and its Board, where he counsels the company’s executives and provides strategic leadership on matters of legal risk.

Prior to joining CFG, Gannon served as executive vice president and deputy general counsel for Capital One Financial Corporation, leading that company’s Legal Department. In addition, he served as Capital One’s market president for Central Virginia, coordinating business development, government relations and community activities in the state capital region. Previously, Gannon served as General Counsel of the retail brokerage group of Wachovia Securities, where he was a member of the Operating Committee and managed the legal affairs for the nation’s third largest brokerage firm. He also served as a Branch Chief in the Division of Enforcement with the U.S. Securities Exchange Commission and in private practice advising broker dealer and financial services clients.

Gannon has held numerous positions within financial industry and legal organizations, including with the SIFMA Compliance and Legal Division and the Financial Services Roundtable. He served as President of the John Marshall Inn of Court and is currently Vice Chairman of the Managing Board of The Clearing House Association, and sits on their Finance Committee. He is also a member of the Georgetown Law Corporate Counsel Institute.

Active in the community, Gannon has served on the Boards of the Homeless Shelter of Richmond, Junior Achievement of Richmond, and Communities in Schools of Virginia, as well as being appointed by the Governor to the Board of the Virginia Community College System. He now serves as an Overseer for the Boston Symphony Orchestra and is a member of their Audit Committee.

He earned his undergraduate and J.D. degrees from Georgetown University.


Jay started his career in security setting up honeypots to profile attackers. The many interesting challenges in the field led him to become a penetration tester to help businesses expose their security weaknesses, first in network security and then in application security. He found his stride in helping develop and mature information security programs. Jay is passionate about building cross-functional teams between engineering and security and bringing security into every aspect of a company’s culture through a focus on automation, tooling, and processes.


Mr. Friedberg is a seasoned executive with 30 years of public and private sector experience in law, cyber-crime response, IT security, forensics, investigations and e-discovery. His expertise is sought by boards, audit committees, law firms, and the courts. He has helped many Fortune 500 companies improve their governance and technology initiatives and their cyber regulatory compliance. He led Stroz Friedberg for over 16 years, from a start-up into a $150m, 550-person consulting and technical services firm with nine U.S. and four foreign offices. While always a principal business developer and leader of major client assignments, he oversaw geographic and service line growth, M&A, infusions of $150m in private equity capital, board interactions and, in late 2016, the sale of the company to Aon plc.

Before building Stroz Friedberg, Mr. Friedberg was for 11 years a federal prosecutor in Brooklyn, where he led the Computer Crime and Narcotics Units. He began his career as an intellectual property and securities litigator at Skadden, Arps.

Mr. Friedberg is national leader in all forms of computer crime, including attacks by state-sponsored agents, organized crime, hacktivists, and malicious insiders. He has led responses to some of the most serious attacks on the nation’s companies and has conducted enterprise security risk assessments in many sectors, including financial services, media and entertainment, Internet, sports, health care, law, consulting, oil and gas, and engineering. He is an expert in incident response governance, technologies, policies, and procedures. He has been quoted extensively on cyber-crime and IT security issues in print, digital and television media, including the Wall Street Journal, the Financial Times, The New York Times, cnbc.com, and Fox Business News.

Mr. Friedberg is also a leader in the fields of e-discovery, forensics and privacy, having managed hundreds of high-profile assignments in those areas, testified as an expert, been appointed by courts as a Special Master, and led the development of methodologies for forensic and privacy investigations. He has lectured extensively and has published book chapters and articles on managing risk and conducting investigations in e-discovery and forensics. He is a member of the International Association of Privacy Professionals.

Mr. Friedberg holds a J.D. from Brooklyn Law School and a B.A. from Brandeis University.


Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto chairs Hunton Andrews Kurth’s top-ranked Global Privacy and Cybersecurity practice and is the managing partner of the firm’s New York office.  She also serves on the firm’s Executive Committee.  Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity.  She was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and has received top rankings for privacy and data security by Chambers and Partners and The Legal 500.  Lisa serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. 

Featured as “The Queen of Breach” in an article by New York Super Lawyers Magazine, Lisa provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness.  Since 2005, she has advised clients on more than 1,600 cybersecurity and data breach incidents in the U.S. and abroad, including many of the seminal events.  Lisa is the editor and lead author of the legal treatise entitled Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 

Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices.  She advises clients on GLB, HIPAA, COPPA, CAN-SPAM, FCRA, VPPA, security breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America).  More recently, Lisa’s work includes assisting dozens of clients in developing strategies for complying with the California Consumer Privacy Act of 2018.

Lisa is chair of the New York Privacy Officers’ Forum and a former member of the Board of Directors of IAPP.  She received her J.D. from the University of Pennsylvania Law School, where she was an editor of the Law Review.  She received her B.A. from Cornell University, with Distinction in All Subjects.  Lisa is admitted to practice in New York.


 


Walter’s practice focuses on complex insurance litigation, counseling and reinsurance arbitrations and expert witness testimony. As the head of the firm’s national insurance coverage practice, Walter offers clients more than 25 years of experience on insurance-related issues, including program audits, policy manuscripting, litigation and arbitration. He works with companies in a diverse range of industries, including financial services, consumer products, energy and real estate.

Walter regularly advises clients on potential D&O and cyber insurance coverage for data breach claims, as well as a variety of insurance contracts, including professional liability, first party property, general liability insurance policies, cyberinsurance, and various reinsurance agreements.

Awards & Recognition

  • Honoree, Attorney of the Year, Daily Business Review’s 2018 Professional Excellence Awards
  • Candidate, Man of the Year, The Leukemia & Lymphoma Society (LLS), 2018

Membership

  • Fellow, American College of Coverage and Extracontractual Counsel; Co-Chair, Communications Committee

Events

  • Speaker, Managing Cybersecurity Governance in the Boardroom, June 5, 2018
  • Speaker, “Cyber Thursday: Is Cyber Insurance the Answer: Best Practices for Addressing Cyber Risks and Cyber Insurance,” R-CISC webinar, April 12, 2018
  • Speaker, FEI & WEL Present Cyber Risk – Manage, Transfer or Fingers-Crossed! January 10, 2018

Publications

  • Co-author, Bloomberg Law Practice Suite – Cyber Insurance, Bloomberg BNA, October 12, 2017
  • Real Estate Is Not Above the (Cyber Attack) Risk, Commercial Observer, August 9, 2017
  • Commentary, Ransomware Attacks Highlight Need for Cyberinsurance Coverage, Daily Business Review, August 2, 2017
  • Author, Have You Examined Your Cyber Insurance Policy Lately? (Q&A with Walter Andrews), Daily Business Review, July 6, 2017


With a total of 19 years at Aetna, Ms. Scraba is Aetna’s Chief Privacy Officer. Prior to her current role, Ms. Scraba served as Aetna’s Senior Privacy and Security Legal Counsel, as well as General Counsel for Aetna Behavioral Health.  Prior to her work at Aetna, Ms. Scraba worked at the law firm of Robinson & Cole in their health law practice.

Ms. Scraba has expert knowledge in state, federal and international privacy and security laws, data use and governance, enterprise risk, privacy by design, incident response and crisis management. 

Ms. Scraba is a graduate of the Higher Ambition Leadership Institute, a year-long multi-session program that provides leaders the opportunity to both develop their capabilities, as well as contribute to the advancement of their company’s mission and purpose.

Ms. Scraba is a member of the Hartford Chapter of the March of Dimes Executive Leadership Team and is an active member of the Executive Women’s Forum, an organization serving prominent and influential female executives in information security, risk management and privacy.

Tracey enjoys running and spending time with her husband and 6 year old identical twin boys.  Tracey has a B.S. in Business/Health Care Administration, a Masters in Public Health and a Juris Doctor all from the University of Connecticut.


Bob Lord is the Chief Security Officer at the Democratic National Committee, bringing more than twenty years of significant experience in the information security space to the Committee, state parties, and campaigns. Previously he was Yahoo’s CISO, covering areas such as risk management, product security, security software development, e-crimes, and APT programs. Before that he acted as the CISO in Residence at Rapid 7, and before that headed up Twitter’s information security program as its first security hire. You can see some of his hobbies at https://www.ilord.com


Ben Rossen is a senior attorney in the FTC’s Division of Privacy and Identity Protection, where he represents the Commission in consumer protection matters concerning privacy, data security, and the Internet of Things.  Mr. Rossen also advises on a variety of educational and policy initiatives at the Commission, with a special focus on developing consumer and business guidance on ransomware.  Mr. Rossen regularly speaks about the Commission’s privacy and data security efforts at a wide variety of industry conferences and other events.   Previously, Mr. Rossen practiced at Patterson Belknap Webb & Tyler and at Cravath, Swaine & Moore. He clerked for the Hon. Carol Bagley Amon in the Eastern District of New York and is a graduate of Harvard Law School.