Skip to main content

CFIUS Process, Risks, Opportunities, and Change


Speaker(s): Luke Tenery, Michael Garson, Randall Cook, William Bray
Recorded on: Nov. 3, 2017
PLI Program #: 229890

Luke Tenery is a Senior Managing Director and the Cybersecurity Practice Leader at Ankura Consulting Group, located in the Chicago, IL office. He has more than 15 years of experience in handling complex cyber issues covering investigations and forensics, data privacy and security, and security management. Mr. Tenery has an extensive background in leading cyber incident response and investigations into a wide array of active and emergent cybersecurity threats while leveraging industry best practices and relevant threat intelligence capabilities. He also has extensive experience in applying cybersecurity risk management leadership in threat and incident management, cybersecurity operations, security policy development, and IT project management and implementation, among others.

Prior to joining Ankura, Mr. Tenery served at a global risk management and investigations firm where he most recently rose to deputy cyber practice leader, as well as leading another cyber practice group covering incident response. He was regularly called upon to mitigate complex computer intrusion and breach matters through investigation and to devise strategies to contain and eradicate threats in client networks and systems. Mr. Tenery was also responsible for aligning and developing practice capabilities and offerings to respond to and mitigate current and emergent cyber risks and threats.

In addition to his deep leadership experience in cyber incident response and investigations, Mr. Tenery led many significant matters covering cyber risk management and information security management. Among several achieved industry leading certifications, Mr. Tenery is a certified network penetration tester where he was regularly engaged to ethically compromise the security of client systems and simulate attacker computer intrusion activities. Further, he proactively assisted clients in incident and breach preparedness exercises such as table top exercises and specialized security awareness training. Mr. Tenery regularly applied information security leadership functions for his clients, conducting risk assessments, compliance and security standard reviews (PCI-DSS, ISO, NIST, GLBA, FFIEC), GAP analyses, and security policy development, among others.

Some of the more notable information risk management engagements included threat identification and compromise assessments highlighting active or previously unidentified computer intrusions or threat actors on client systems. In his prior role, Mr. Tenery developed the primary methodologies and delivery capabilities for the execution of these compromise assessments on a global basis.

Through his experience, Mr. Tenery has been privileged to manage a variety of highly sensitive cybersecurity risks associated with a myriad of threats. Some of his more notable engagements include the following:

  • Persistent Threat Investigation – A global company had been compromised by a foreign attacker. Mr. Tenery identified the tactics, techniques and procedures (TTPs) that the attacker used to ex-filtrate data and quantify what data was exposed. Mr. Tenery also identified the indicators of compromise (IOCs) so the client could continue its containment efforts to lockout the attacker.
  • Organized Crime Attack – FIN4 Bio-Pharma – Mr. Tenery identified the organized crime group FIN4 in a bio-pharma’s Cloud environment. The attacker was successfully identified and removed while also determining what data was affected.
  • Payment Card Incidents – While previously certified as a QSA, Mr. Tenery was regularly sought out on a privileged basis to assist clients in responding to payment card breach matters by identifying various payment card information theft methods including point of sale (POS) memory scraping malware and e-commerce system compromise. Mr. Tenery’s analyses would confirm the timeline of compromise and advise on containment strategy.
  • Global Risk Assessment and Intellectual Property Protection – Mr. Tenery assisted a global energy firm in assessing the risks of sending critical intellectual property (IP) out to third parties in developing countries. Following the risk assessment, he developed a security policy for protecting the IP and then conducted global audits of the vendors receiving the IP to ensure compliance with the IP protection security policy.
  • Targeted Destructive Cyber Attacks – Mr. Tenery has responded to a wide array of targeted cyber-attacks including ransomware and cyber extortion. He has assisted firms in containing malware and ransomware incidents by confirming the damage, assisting in the recovery, and mitigating the infection.
  • Data Breach Analysis – Mr. Tenery has assisted in the quantification of a variety of data breach exposures. He assisted a firm that had a secure file transfer site containing patient information exposed to the Internet. He assisted in confirming what information was accessed and crawled by public search engines.
  • White Collar Intellectual Property Theft – Mr. Tenery assisted a global engineering firm in investigating the theft of source code. Mr. Tenery conducted forensics on digital evidence to identify the transference of the source code to removable media by third party contractors.
  • Root Cause Analysis – Mr. Tenery has investigated the cause and source of systems outages including denial service attacks and failures of critical IT infrastructure devices.
  • Third-Party Unauthorized Access – Mr. Tenery has been regularly engaged to audit and assess the impact of access by third parties to client systems as a result of government inquiry, threat intelligence or contract disputes.

Education

BS, Information Systems Management, David Lipscomb University

Certifications

Certified Information Systems Security Professional (CISSP)
Certified Information Systems Manager (CISM)
Global Information and Assurance Certified (GIAC) Penetration Tester (GPEN)
Network Plus Engineer (N+)

Affiliations

International Information Systems Security Certification Consortium (ISC2)
Information System Security Association (ISSA)
Information Systems Audit and Control Association (ISACA)
Association of Information Technology Professionals (AITP)


Michael Garson is a Senior Managing Director at Ankura with more than 20 years of experience as an attorney in private practice, an in-house general counsel, and a C-suite operations and compliance executive. In those roles, he advised companies and enterprises of all sizes on US federal, state, and municipal procurements and grants and has specific expertise in defense and technology matters. He specializes in helping clients build and execute on market strategy, prepare winning bids and proposals, and design compliant and efficient business processes and systems. He is based in Washington, DC.

Prior to joining Ankura, Michael provided government contracting and business advisory services to a variety of companies through his own independent consulting firm. Before starting his own firm, he served in various capacities for LGS Innovations, a large US federal government contractor. Those roles included executive vice president and chief administrative officer, general counsel and secretary, chief compliance and ethics officer, and ITAR-empowered official as well as technology control officer. LGS, a technology and R&D company, is primarily focused on supporting the US defense and intelligence communities and, at the time of Michael’s departure, had over 1,000 employees and $300 million in annual revenue. Before that, Michael was a division counsel with Lucent Technologies, supporting its government solutions team, the main predecessor of LGS.

Education

  • AB, Princeton University
  • JD, The George Washington University Law School

Certifications

Certified Compliance and Ethics Professional

Affiliations

  • American Bar Association – Section of Public Contract Law
  • Society of Corporate Compliance and Ethics
  • Ethics and Compliance Initiative
  • International Association of Independent Private Sector Inspectors General, Member


Randall H. Cook is a Senior Managing Director at Ankura based in New York. He has more than 20 years of experience leading and advising organizations engaged with critical operational and compliance challenges; conducting complex investigations and audits; and designing and delivering high-performance, persistent risk mitigation solutions. Randy assists organizations to navigate complex risks arising from national  security  concerns  (including  the  Committee  on  Foreign Investments in the US (CFIUS) and US trade controls); government and regulatory investigations and audits; and public and fiscal integrity issues.

Prior to joining Ankura, Randy was Senior Counsel for two Fortune 50 aerospace technology companies, where he built and led global investigations and compliance programs focused on consistent, process- based risk analysis, engagement, and mitigation. These programs were a critical enabler for the companies’ successful navigation of consent agreements with the US Department of State.

Randy was also an Assistant United States Attorney in the federal district of New Jersey, where he prosecuted numerous complex crimes while serving as the Anti-Money Laundering District Coordinator for the Organized Crime and Drug Enforcement Task Force and as District Coordinator for Counterproliferation Initiatives. In addition to this, as an attorney for Covington & Burling LLP in Washington, DC, he provided counsel and advocated for clients confronting complex regulatory issues in multiple industries.

Education

  • JD, Duke University School of Law
  • MA, International Relations, Duke University
  • BSFS, Georgetown University

Certifications

SCCE Certified Compliance and Ethics Professional (CCEP)

Affiliations

  • American Bar Association Bar Admissions: CT, NJ, NY
  • Society for International Affairs
  • International Association of Independent Private Sector Inspectors General, Member


William Bray is a Managing Director at Ankura Consulting Group based in Washington, DC. He brings more than 25 years of experience in geopolitical threat analysis and national security. Mr. Bray is the research director for the geopolitical advisory practice. He leverages his leadership experience, analytical tradecraft expertise, and years of overseas service to ensure firms receive incisive, objective analysis on risks and opportunities in emerging markets.

Mr. Bray, a Navy veteran who retired as a Captain, has over 25 years of experience in the U.S. Intelligence Community, primarily in military and geopolitical risk analysis and production, and senior executive level support.

Prior to joining Ankura, from 2014 Mr. Bray served as a Chief of Naval Operations Strategic Studies Fellow in Newport, Rhode Island where he was part of a small, select group responsible to the Chief of the Navy for forecasting the operational and strategic environment the Navy will face in 2030 and beyond. From 2012 to 2014 Mr. Bray lived in Italy and served as the Navy’s Senior Intelligence Officer in Europe, leading a large team of professionals responsible for geopolitical analysis of Europe, Russia, Eurasia, the Levant countries, and North and Sub-Saharan Africa.

From 2010 to 2012, Mr. Bray was in charge of the Navy’s largest Intelligence Center with over 500 full-time professionals. Mr. Bray’s Center provided expert global maritime and geopolitical threat analysis to senior National Security leaders across the government. From 2009-2010 Mr. Bray served as a Senior Military Fellow to the Director of U.S. National Intelligence where he led a comprehensive study of U.S. foreign intelligence sharing policy.

From 2007 to 2009, Mr. Bray served as a division chief in the Pentagon where he supervised the production and dissemination of the Chairman of the Joint Chiefs of Staff’s Daily Intelligence Briefing. He also supervised the Chairman’s 24-hour Intelligence Watch. Mr. Bray delivered over 2,000 intelligence reports on behalf of the Joint Staff Director of Intelligence to the Chairman of the Joint Chiefs of Staff, the Secretary of Defense, the National Security Advisor, and the Secretary of State.

In his military career, Mr. Bray has served in numerous intelligence roles of vital importance to national security. He has developed subject matter expertise in a number of areas to include Russian maritime and strategic forces, Levant and East African geopolitics, counterterrorism, counterproliferation, and counternarcotics. He has lived in both Italy and the United Kingdom, and has served in the Philippines, South Korea, Japan, Bahrain, the United Arab Emirates, Oman, Djibouti and Kenya.

Mr. Bray received a Masters in National Resource Strategy from the National Defense University in 2007, where he was a distinguished graduate. He received a Masters in Strategic intelligence from the National Intelligence University in 1993, where he was also a distinguished graduate. Mr. Bray received his commission in 1988 from the United States Naval Academy where he majored in Political Science.

Education

MS, National Resource Strategy, National Defense University
MS, Strategic Intelligence, National Intelligence University
BS, United States Naval Academy

Affiliations

National Military Intelligence Association
Naval Intelligence Professionals

Honors & Awards

2012 National Military Intelligence Association Vice Admiral Rufus L. Taylor Award for Leadership
1998 Proceedings magazine Author of the Year

Languages

Spanish (novice)
Italian (novice)