Skip to main content

Cybersecurity 2018: Managing Cybersecurity Incidents

Speaker(s): Adam Fletcher, Alan Charles Raul, Aristedes Mahairas, Ben Rossen, Bob Lord, Christie Terrill, Eric M. Friedberg, Gerasimos J. Stellatos, Jay Kelath, Lisa J. Sotto, Stephen T. Gannon, Tracey E. Scraba, Walter J. Andrews, William E. Min
Recorded on: Sep. 14, 2018
PLI Program #: 221101

Adam Fletcher is the Chief Information Security Officer for Blackstone, one of the world’s leading investment managers. As a cybersecurity professional with 20 years of experience, Adam has worked with global cybersecurity organizations large and small including McAfee, Nokia, VeriSign, ISS and Accuvant. Adam built a strong technical foundation through roles in security technology implementation and security architecture design, which has been complemented by management experience gained from roles leading consulting engagements and global teams of information security professionals. Prior to joining Blackstone, Adam led the International Security team for Equifax, coordinating a global security program across 14 countries, each with different business, regulatory, and privacy requirements.

ALAN RAUL is the founder and leader of Sidley’s highly ranked Privacy and Cybersecurity practice. He represents companies on federal, state and international privacy, cybersecurity and digital technology issues. His practice includes global data protection and compliance programs, data breaches, crisis management, consumer protection issues and internet law. Alan advises companies regarding their cybersecurity preparedness and digital governance. Alan’s practice involves litigation, regulatory defense, internal investigations, counseling and policy advocacy. He handles consumer class actions, enforcement matters, and public policy involving the FTC, State Attorneys General, SEC, FCC, Department of Justice, international data protection authorities and other government agencies.

Alan provides clients with perspective gained from extensive government service. He previously served as Vice Chairman of the White House Privacy and Civil Liberties Oversight Board, General Counsel of the Office of Management and Budget, General Counsel of the U.S. Department of Agriculture, and Associate Counsel to the President.

Alan serves as a member of the Technology Litigation Advisory Committee of the U.S. Chamber Litigation Center (affiliated with the U.S. Chamber of Commerce). He also serves on the American Bar Association’s Cybersecurity Legal Task Force by appointment of the ABA President, and as a member of the Practicing Law Institute’s Privacy Law Advisors Group. He is a member of the governing Board of Directors of the Future of Privacy Forum, and of the Center for Democracy and Technology’s Advisory Committee.

Alan has represented a Special Cybersecurity Review Committee of the Board of Directors of a major tech company in connection with its independent investigation of the company’s handling of major data breaches. The following representative types of matters are also illustrative of the breadth of Alan’s practice:

  • Digital Governance counseling
  • Privacy and cybersecurity litigation, data breach incidents, regulatory investigations and compliance counseling
  • International data protection compliance programs and cross-border transfers
  • FTC, State Attorney General and international DPA investigations involving consumer protection, privacy, data security and unfair or deceptive business practices
  • SEC, DOJ, Congressional and Inspector General investigations 
  • Cybersecurity, government information requests and national security issues 
  • Internet litigation and counseling, and government information requests, under Electronic Communications Privacy Act and the Computer Fraud and Abuse Act
  • Administrative Procedure Act litigation, regulatory advocacy and counseling

In addition to leading a “Privacy and Data Security” practice nationally rated by Chambers Global and Chambers USA, Alan is ranked by Chambers in its top tier of Privacy and Data Security practitioners. Chambers USA has described Alan as a “true ‘ambassador’ for the privacy sector” who “attracts praise for his deep knowledge of the field. Interviewees stress that ‘he gives invaluable advice’ and is known to be a strong litigator. He also earns plaudits for his regulatory compliance and data protection policy expertise.” He has been named as a leading international Internet and E-Commerce Lawyer in Who’s Who Legal. Alan was also named to Ethisphere Institute’s “Attorneys Who Matter” in Data Privacy/Security, which recognizes lawyers with the highest commitment to public service, legal community engagement and academic involvement. The Washingtonian has named Alan one of Washington, D.C.’s Best Lawyers: Cybersecurity, and the National Law Journal named him a “Cyber Security Trailblazer.”

Aristedes Mahairas, Special Agent in Charge, heads the New York (NY) Counterintelligence/Cyber Division.  He previously served as Legal Attache, Athens; Joint Terrorism Task Force Supervisor; Section Chief, Strategic Operations Section-Counterterrorism Division; Chief of Staff to the Executive Assistant Director, National Security Branch.  He previously served as a Police Officer in NY City and received a Bachelor’s of Arts degree in Political Science-Baruch College, and a Juris Doctor-NY Law School.

Christie Terrill (CISSP) is a Partner at Bishop Fox, a security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. She has accumulated more than a decade of information security experience in providing security advisory services. Christie is based in New York City where she provides engagement oversight, thought leadership, and client relationship management to Bishop Fox’s clients.

Christie is a monthly contributor to Forbes, where her articles translate cybersecurity issues into business-relevant action. In 2017 and 2016, she spoke at several Dark Reading webinars on the topic of Preparing a Next-Generation IT Security Strategy. She also took part in a panel discussion on “Stories from the Battlefield – Cybersecurity Incident Response” at the Women in Cybersecurity Conference 2017 (WiCyS). Previously, Christie had appeared as a panelist at the first annual “Career Discovery in Cyber Security: A Women’s Symposium” in 2014 and as a speaker at the BayThreat 2012 Conference, presenting Where to Start When Securing a Startup. Other accomplishments include working as a Technical Editor for the Legal, Regulatory, and Standards Compliance chapter in Information Security: The Complete Reference, published by McGraw-Hill in addition to being quoted in publications such as MarketWatch, Infosecurity Magazine, and eWeek.

Prior to joining Bishop Fox, Christie spent several years in the security consulting practices at Accenture and Ernst & Young for clients in the Global 500. During this time, she lived and worked in the United States, the United Kingdom, and India. Christie holds a Bachelor of Arts with Honors from the University of California, Santa Cruz.

Eric M. Friedberg is co-founder and Co-President of Stroz Friedberg, LLC, a cyber consultancy and technical services firm acquired by Aon plc in 2016. Mr. Friedberg has 30 years of public and private sector experience in law, cyber-crime response, cyber-governance, IT security, forensics, investigations and e-discovery. His expertise is sought by boards, audit committees, C-suites, law firms and the courts. Mr. Friedberg has led responses to some of the most serious cyber-attacks on the nation’s companies, including attacks by state-sponsored agents, organized crime, hacktivists and malicious insiders. He is an expert in incident response governance, technologies and policies. He has also conducted enterprise-wide cyber security risk assessments in many business sectors. He has been quoted extensively on cyber-crime and IT security issues in print, digital and television media.

In 2019, Mr. Friedberg was appointed by Governor Andrew Cuomo to the New York State Cyber Advisory Board.

Mr. Friedberg is also a leader in the fields of e-discovery, forensics and privacy, having managed many high-profile assignments in those areas, testified as an expert, been appointed by courts as a Special Master and led the development of new investigative methodologies. He has lectured and published book chapters and articles on e-discovery and forensics. He was previously a member of the Sedona Conference’s Working Group 6, the International Association of Privacy Professionals, and the advisory board of The Future of Privacy Forum.

For the 16 years before Stroz Friedberg was acquired by Aon, Mr. Friedberg co-led that firm from a start-up to a 550+ person firm with nine U.S. and four foreign offices. While always a principal business developer and leader of major client assignments, Mr. Friedberg oversaw geographic and service line growth, M&A, infusions of private equity capital, board interactions, and many of the firm’s divisions. Mr. Friedberg was an officer and director of the firm, and a member of the compensation committee.

Before building Stroz Friedberg, Mr. Friedberg was for 11 years a federal prosecutor at the U.S. Attorney’s Office in Brooklyn, New York.

Mr. Friedberg began his career as an intellectual property and securities litigator at Skadden, Arps.

Gerasimos (Gerry) J. Stellatos is a Principal in PwC’s Cyber Incident Threat Management practice where he is the national lead for incident response engagements.  Gerry has extensive experience developing strategies in matters involving sensitive data breaches, intellectual property thefts, hacking events, forensic investigations and security and vulnerability assessments.

Previously, Gerry was a Managing Director at Mandiant, responsible for leading the security consulting practice for the Mid-Atlantic and South East regions. Prior to joining Mandiant, Gerry provided Program Management and Incident Response services to multiple federal government clients.

Gerry began his career with the National Security Agency (NSA) as a Global Network Analyst and has also been a Professorial Lecturer for the High Technology Crime Investigation Program at The George Washington University. He has developed and instructed courses on file system forensics, incident response, and malware analysis.

Gerry holds a Bachelor of Science in Criminal Justice from Utica College of Syracuse University and his MBA from Loyola College of Maryland.

Stephen T. Gannon is General Counsel and Chief Legal Officer of Citizens Financial Group. He leads the bank’s legal function and serves as the chief legal advisor for the company and its Board, where he counsels the company’s executives and provides strategic leadership on matters of legal risk.

Prior to joining CFG, Gannon served as executive vice president and deputy general counsel for Capital One Financial Corporation, leading that company’s Legal Department. In addition, he served as Capital One’s market president for Central Virginia, coordinating business development, government relations and community activities in the state capital region. Previously, Gannon served as General Counsel of the retail brokerage group of Wachovia Securities, where he was a member of the Operating Committee and managed the legal affairs for the nation’s third largest brokerage firm. He also served as a Branch Chief in the Division of Enforcement with the U.S. Securities Exchange Commission and in private practice advising broker dealer and financial services clients.

Gannon has held numerous positions within financial industry and legal organizations, including with the SIFMA Compliance and Legal Division and the Financial Services Roundtable. He served as President of the John Marshall Inn of Court and is currently Vice Chairman of the Managing Board of The Clearing House Association, and sits on their Finance Committee. He is also a member of the Georgetown Law Corporate Counsel Institute.

Active in the community, Gannon has served on the Boards of the Homeless Shelter of Richmond, Junior Achievement of Richmond, and Communities in Schools of Virginia, as well as being appointed by the Governor to the Board of the Virginia Community College System. He now serves as an Overseer for the Boston Symphony Orchestra and is a member of their Audit Committee.

He earned his undergraduate and J.D. degrees from Georgetown University.

William (Bill) Min is Executive Vice President and General Counsel for the LexisNexis® Risk Solutions Group (RSG). In this role, he is responsible for all legal, compliance and regulatory matters across the global organization. RSG has more than 8,700 employees serving customers in over 180 countries. RSG is part of RELX (LSE: REL/AMS: REN/NYSE: RELX), a global provider of information and analytics.

RSG is a portfolio of brands that provides its customers with innovative technologies, information-based analytics and decision tools and data services that help solve problems, make better decisions, stay compliant, reduce risk, improve their operations and benefit people around the globe across multiple industries, including aviation, agriculture, chemical and energy, financial services, collections and payments, commercial property, corporations and non-profits, government and law enforcement agencies, healthcare, human resources, insurance and tax. RSG is headquartered in metro Atlanta, Georgia.

Prior to joining LexisNexis® Risk Solutions Group, Bill served as Deputy General Counsel and Chief Privacy & Data Governance Officer at Western Union. He also held in-house legal positions at Live Nation Entertainment, Inc., Starwood Hotels & Resorts, Sara Lee Corporation and Sunkyong America, Inc. Prior to working as in-house counsel, Bill was a mergers and acquisitions attorney at two New York City law firms.

Among his accomplishments, Bill is acknowledged as an expert in the area of data privacy, and he structured and led the global privacy function at Western Union, Live Nation and Starwood.

Bill holds a BA in the Biological Basis of Behavior from the University of Pennsylvania, a MA in Liberal Studies from State University of New York at Stony Brook, and a JD from Fordham University School of Law.

Jay started his career in security setting up honeypots to profile attackers. The many interesting challenges in the field led him to become a penetration tester to help businesses expose their security weaknesses, first in network security and then in application security. He found his stride in helping develop and mature information security programs. Jay is passionate about building cross-functional teams between engineering and security and bringing security into every aspect of a company’s culture through a focus on automation, tooling, and processes.

Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto chairs Hunton Andrews Kurth’s top-ranked Global Privacy and Cybersecurity practice and is the managing partner of the firm’s New York office. She also serves on the firm’s Executive Committee. Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity. She was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and has received top rankings for privacy and data security by Chambers and Partners and The Legal 500. Chambers and Partners honored Lisa with the 2021 Outstanding Contribution to the Legal Profession award, noting that a peer called her “a legend.” Lisa serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. 

Nicknamed both the “Priestess of Privacy” and “Queen of Breach,” Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices. She provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness. Since 2005, she has advised clients on more than 2,000 cybersecurity and data breach incidents in the U.S. and abroad, including many of the world’s seminal events. She has handled numerous cyber incidents and data breaches involving industrial control systems, proprietary business information, and virtually every type of personal information. Lisa regularly meets with senior management to discuss cybersecurity legal developments, and has led numerous full board and audit committee discussions on these topics.

Lisa also advises clients on CCPA/CPRA, VCDPA, GLB, HIPAA, COPPA, CAN-SPAM, FCRA, VPPA, security breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America). Lisa is the editor and lead author of the legal treatise entitled Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 

Lisa is chair of the New York Privacy Officers’ Forum and a former member of the Board of Directors of IAPP. She received her J.D. from the University of Pennsylvania Law School, where she was an editor of the Law Review. She received her B.A. from Cornell University, with Distinction in All Subjects. Lisa is admitted to practice in New York.

Walter’s practice focuses on complex insurance litigation, counseling and reinsurance arbitrations and expert witness testimony. As the head of the firm’s national insurance coverage practice, Walter offers clients more than 25 years of experience on insurance-related issues, including program audits, policy manuscripting, litigation and arbitration. He works with companies in a diverse range of industries, including financial services, consumer products, energy and real estate.

Walter regularly advises clients on potential D&O and cyber insurance coverage for data breach claims, as well as a variety of insurance contracts, including professional liability, first party property, general liability insurance policies, cyberinsurance, and various reinsurance agreements.

Awards & Recognition

  • Honoree, Attorney of the Year, Daily Business Review’s 2018 Professional Excellence Awards
  • Candidate, Man of the Year, The Leukemia & Lymphoma Society (LLS), 2018


  • Fellow, American College of Coverage and Extracontractual Counsel; Co-Chair, Communications Committee


  • Speaker, Managing Cybersecurity Governance in the Boardroom, June 5, 2018
  • Speaker, “Cyber Thursday: Is Cyber Insurance the Answer: Best Practices for Addressing Cyber Risks and Cyber Insurance,” R-CISC webinar, April 12, 2018
  • Speaker, FEI & WEL Present Cyber Risk – Manage, Transfer or Fingers-Crossed! January 10, 2018


  • Co-author, Bloomberg Law Practice Suite – Cyber Insurance, Bloomberg BNA, October 12, 2017
  • Real Estate Is Not Above the (Cyber Attack) Risk, Commercial Observer, August 9, 2017
  • Commentary, Ransomware Attacks Highlight Need for Cyberinsurance Coverage, Daily Business Review, August 2, 2017
  • Author, Have You Examined Your Cyber Insurance Policy Lately? (Q&A with Walter Andrews), Daily Business Review, July 6, 2017

With a total of 19 years at Aetna, Ms. Scraba is Aetna’s Chief Privacy Officer. Prior to her current role, Ms. Scraba served as Aetna’s Senior Privacy and Security Legal Counsel, as well as General Counsel for Aetna Behavioral Health.  Prior to her work at Aetna, Ms. Scraba worked at the law firm of Robinson & Cole in their health law practice.

Ms. Scraba has expert knowledge in state, federal and international privacy and security laws, data use and governance, enterprise risk, privacy by design, incident response and crisis management. 

Ms. Scraba is a graduate of the Higher Ambition Leadership Institute, a year-long multi-session program that provides leaders the opportunity to both develop their capabilities, as well as contribute to the advancement of their company’s mission and purpose.

Ms. Scraba is a member of the Hartford Chapter of the March of Dimes Executive Leadership Team and is an active member of the Executive Women’s Forum, an organization serving prominent and influential female executives in information security, risk management and privacy.

Tracey enjoys running and spending time with her husband and 6 year old identical twin boys.  Tracey has a B.S. in Business/Health Care Administration, a Masters in Public Health and a Juris Doctor all from the University of Connecticut.

Bob Lord is the Chief Security Officer at the Democratic National Committee, bringing more than twenty years of significant experience in the information security space to the Committee, state parties, and campaigns. Previously he was Yahoo’s CISO, covering areas such as risk management, product security, security software development, e-crimes, and APT programs. Before that he acted as the CISO in Residence at Rapid 7, and before that headed up Twitter’s information security program as its first security hire. You can see some of his hobbies at

Ben Rossen is a senior attorney in the FTC’s Division of Privacy and Identity Protection, where he represents the Commission in consumer protection matters concerning privacy, data security, and the Internet of Things.  Mr. Rossen also advises on a variety of educational and policy initiatives at the Commission, with a special focus on developing consumer and business guidance on ransomware.  Mr. Rossen regularly speaks about the Commission’s privacy and data security efforts at a wide variety of industry conferences and other events.   Previously, Mr. Rossen practiced at Patterson Belknap Webb & Tyler and at Cravath, Swaine & Moore. He clerked for the Hon. Carol Bagley Amon in the Eastern District of New York and is a graduate of Harvard Law School.