New Feature: Search Alerts are available now. Learn more.
Skip to main content

CFIUS Process, Risks, Opportunities, and Change


Speaker(s): Luke Tenery, Michael Garson, Randall Cook, William Bray
Recorded on: Nov. 3, 2017
PLI Program #: 229890

Luke Tenery is a Senior Managing Director and the Cybersecurity Practice Leader at Ankura Consulting Group, located in the Chicago, IL office. He has more than 15 years of experience in handling complex cyber issues covering investigations and forensics, data privacy and security, and security management. Mr. Tenery has an extensive background in leading cyber incident response and investigations into a wide array of active and emergent cybersecurity threats while leveraging industry best practices and relevant threat intelligence capabilities. He also has extensive experience in applying cybersecurity risk management leadership in threat and incident management, cybersecurity operations, security policy development, and IT project management and implementation, among others.

Prior to joining Ankura, Mr. Tenery served at a global risk management and investigations firm where he most recently rose to deputy cyber practice leader, as well as leading another cyber practice group covering incident response. He was regularly called upon to mitigate complex computer intrusion and breach matters through investigation and to devise strategies to contain and eradicate threats in client networks and systems. Mr. Tenery was also responsible for aligning and developing practice capabilities and offerings to respond to and mitigate current and emergent cyber risks and threats.

In addition to his deep leadership experience in cyber incident response and investigations, Mr. Tenery led many significant matters covering cyber risk management and information security management. Among several achieved industry leading certifications, Mr. Tenery is a certified network penetration tester where he was regularly engaged to ethically compromise the security of client systems and simulate attacker computer intrusion activities. Further, he proactively assisted clients in incident and breach preparedness exercises such as table top exercises and specialized security awareness training. Mr. Tenery regularly applied information security leadership functions for his clients, conducting risk assessments, compliance and security standard reviews (PCI-DSS, ISO, NIST, GLBA, FFIEC), GAP analyses, and security policy development, among others.

Some of the more notable information risk management engagements included threat identification and compromise assessments highlighting active or previously unidentified computer intrusions or threat actors on client systems. In his prior role, Mr. Tenery developed the primary methodologies and delivery capabilities for the execution of these compromise assessments on a global basis.

Through his experience, Mr. Tenery has been privileged to manage a variety of highly sensitive cybersecurity risks associated with a myriad of threats. Some of his more notable engagements include the following:

  • Persistent Threat Investigation – A global company had been compromised by a foreign attacker. Mr. Tenery identified the tactics, techniques and procedures (TTPs) that the attacker used to ex-filtrate data and quantify what data was exposed. Mr. Tenery also identified the indicators of compromise (IOCs) so the client could continue its containment efforts to lockout the attacker.
  • Organized Crime Attack – FIN4 Bio-Pharma – Mr. Tenery identified the organized crime group FIN4 in a bio-pharma’s Cloud environment. The attacker was successfully identified and removed while also determining what data was affected.
  • Payment Card Incidents – While previously certified as a QSA, Mr. Tenery was regularly sought out on a privileged basis to assist clients in responding to payment card breach matters by identifying various payment card information theft methods including point of sale (POS) memory scraping malware and e-commerce system compromise. Mr. Tenery’s analyses would confirm the timeline of compromise and advise on containment strategy.
  • Global Risk Assessment and Intellectual Property Protection – Mr. Tenery assisted a global energy firm in assessing the risks of sending critical intellectual property (IP) out to third parties in developing countries. Following the risk assessment, he developed a security policy for protecting the IP and then conducted global audits of the vendors receiving the IP to ensure compliance with the IP protection security policy.
  • Targeted Destructive Cyber Attacks – Mr. Tenery has responded to a wide array of targeted cyber-attacks including ransomware and cyber extortion. He has assisted firms in containing malware and ransomware incidents by confirming the damage, assisting in the recovery, and mitigating the infection.
  • Data Breach Analysis – Mr. Tenery has assisted in the quantification of a variety of data breach exposures. He assisted a firm that had a secure file transfer site containing patient information exposed to the Internet. He assisted in confirming what information was accessed and crawled by public search engines.
  • White Collar Intellectual Property Theft – Mr. Tenery assisted a global engineering firm in investigating the theft of source code. Mr. Tenery conducted forensics on digital evidence to identify the transference of the source code to removable media by third party contractors.
  • Root Cause Analysis – Mr. Tenery has investigated the cause and source of systems outages including denial service attacks and failures of critical IT infrastructure devices.
  • Third-Party Unauthorized Access – Mr. Tenery has been regularly engaged to audit and assess the impact of access by third parties to client systems as a result of government inquiry, threat intelligence or contract disputes.

Education

BS, Information Systems Management, David Lipscomb University

Certifications

Certified Information Systems Security Professional (CISSP)
Certified Information Systems Manager (CISM)
Global Information and Assurance Certified (GIAC) Penetration Tester (GPEN)
Network Plus Engineer (N+)

Affiliations

International Information Systems Security Certification Consortium (ISC2)
Information System Security Association (ISSA)
Information Systems Audit and Control Association (ISACA)
Association of Information Technology Professionals (AITP)


Michael Garson is a Senior Managing Director at Ankura with more than 20 years of experience as an attorney in private practice, an in-house general counsel, and a C-suite operations and compliance executive. In those roles, he advised companies and enterprises of all sizes on US federal, state, and municipal procurements and grants and has specific expertise in defense and technology matters. He specializes in helping clients build and execute on market strategy, prepare winning bids and proposals, and design compliant and efficient business processes and systems. He is based in Washington, DC.

Prior to joining Ankura, Michael provided government contracting and business advisory services to a variety of companies through his own independent consulting firm. Before starting his own firm, he served in various capacities for LGS Innovations, a large US federal government contractor. Those roles included executive vice president and chief administrative officer, general counsel and secretary, chief compliance and ethics officer, and ITAR-empowered official as well as technology control officer. LGS, a technology and R&D company, is primarily focused on supporting the US defense and intelligence communities and, at the time of Michael’s departure, had over 1,000 employees and $300 million in annual revenue. Before that, Michael was a division counsel with Lucent Technologies, supporting its government solutions team, the main predecessor of LGS.

Education

  • AB, Princeton University
  • JD, The George Washington University Law School

Certifications

Certified Compliance and Ethics Professional

Affiliations

  • American Bar Association – Section of Public Contract Law
  • Society of Corporate Compliance and Ethics
  • Ethics and Compliance Initiative
  • International Association of Independent Private Sector Inspectors General, Member


William Bray is a Managing Director at Ankura Consulting Group based in Washington, DC. He brings more than 25 years of experience in geopolitical threat analysis and national security. Mr. Bray is the research director for the geopolitical advisory practice. He leverages his leadership experience, analytical tradecraft expertise, and years of overseas service to ensure firms receive incisive, objective analysis on risks and opportunities in emerging markets.

Mr. Bray, a Navy veteran who retired as a Captain, has over 25 years of experience in the U.S. Intelligence Community, primarily in military and geopolitical risk analysis and production, and senior executive level support.

Prior to joining Ankura, from 2014 Mr. Bray served as a Chief of Naval Operations Strategic Studies Fellow in Newport, Rhode Island where he was part of a small, select group responsible to the Chief of the Navy for forecasting the operational and strategic environment the Navy will face in 2030 and beyond. From 2012 to 2014 Mr. Bray lived in Italy and served as the Navy’s Senior Intelligence Officer in Europe, leading a large team of professionals responsible for geopolitical analysis of Europe, Russia, Eurasia, the Levant countries, and North and Sub-Saharan Africa.

From 2010 to 2012, Mr. Bray was in charge of the Navy’s largest Intelligence Center with over 500 full-time professionals. Mr. Bray’s Center provided expert global maritime and geopolitical threat analysis to senior National Security leaders across the government. From 2009-2010 Mr. Bray served as a Senior Military Fellow to the Director of U.S. National Intelligence where he led a comprehensive study of U.S. foreign intelligence sharing policy.

From 2007 to 2009, Mr. Bray served as a division chief in the Pentagon where he supervised the production and dissemination of the Chairman of the Joint Chiefs of Staff’s Daily Intelligence Briefing. He also supervised the Chairman’s 24-hour Intelligence Watch. Mr. Bray delivered over 2,000 intelligence reports on behalf of the Joint Staff Director of Intelligence to the Chairman of the Joint Chiefs of Staff, the Secretary of Defense, the National Security Advisor, and the Secretary of State.

In his military career, Mr. Bray has served in numerous intelligence roles of vital importance to national security. He has developed subject matter expertise in a number of areas to include Russian maritime and strategic forces, Levant and East African geopolitics, counterterrorism, counterproliferation, and counternarcotics. He has lived in both Italy and the United Kingdom, and has served in the Philippines, South Korea, Japan, Bahrain, the United Arab Emirates, Oman, Djibouti and Kenya.

Mr. Bray received a Masters in National Resource Strategy from the National Defense University in 2007, where he was a distinguished graduate. He received a Masters in Strategic intelligence from the National Intelligence University in 1993, where he was also a distinguished graduate. Mr. Bray received his commission in 1988 from the United States Naval Academy where he majored in Political Science.

Education

MS, National Resource Strategy, National Defense University
MS, Strategic Intelligence, National Intelligence University
BS, United States Naval Academy

Affiliations

National Military Intelligence Association
Naval Intelligence Professionals

Honors & Awards

2012 National Military Intelligence Association Vice Admiral Rufus L. Taylor Award for Leadership
1998 Proceedings magazine Author of the Year

Languages

Spanish (novice)
Italian (novice)


Randall H. Cook is a Senior Managing Director at Ankura based in New York. He has more than 20 years of experience as a former federal prosecutor, in-house executive leader and counsel, Inspector General, law firm attorney, and US Army officer leading and advising organizations engaged with critical operational, compliance, and risk mitigation challenges. Randy assists companies, organizations, investors, and counsel to navigate complex risks arising from national security concerns (including the Committee on Foreign Investment in the US (CFIUS) and US trade controls); government and regulatory investigations and audits; and public and fiscal integrity issues.

Prior to joining Ankura, Randy was Senior Counsel for two Fortune 50 aerospace technology companies, where he built and led global compliance and investigation programs focused on consistent, process-based risk analysis, engagement, and mitigation. These programs were a critical enabler for the companies’ successful navigation of consent agreements with the US Department of State.

Randy also was an Assistant United States Attorney in the federal district of New Jersey, where he prosecuted numerous complex crimes while serving as District Coordinator for Counterproliferation Initiatives and as the Anti-Money Laundering District Coordinator for the Organized Crime and Drug Enforcement Task Force. Previously, he was an attorney for Covington & Burling LLP in Washington, DC, where he provided counsel and advocated for clients confronting complex regulatory issues in multiple industries.

Randy served in the United States Army and Army Reserve as an Infantry Officer, Battalion Executive Officer, Company Commander, and Inspector General. He is currently assigned as an instructor in the US Army Command and General Staff College, where he teaches strategy and operational design to Army field-grade officers.

Randy’s professional experience includes:

  • CFIUS Monitorships: Supervised design and implementation of CFIUS-required independent third party monitorship programs for: a global technology company that recently acquired software products used by US Government agencies; a global financial services company that was acquired by a Chinese multi-national conglomerate; and a sensitive solar power facility. In each instance, the program includes collaborative development and monitoring of sensitive data management, minimization, and security elements; training; incident identification and reporting; non-retaliation; insider threat; cyber security; system and product integrity assurance; and physical security.
  • Disaster Recovery Procurement Compliance Program Design and Implementation: Led a team of Ankura professionals to design and implement a public procurement compliance program office in support of disaster recovery and rebuilding efforts for a large public utility following a catastrophic hurricane. The program office reviewed over $1.5 billion in procurement activity for Stafford Act compliance, conducted a compliance assessment and enhancement plan, and provided policy support and reporting in order to assure the utility’s credibility and the availability of federal disaster recovery assistance funds.
  • Compliance Risk Assessment and Prioritized Program Design: Led a team of Ankura professionals to design a post-audit compliance program for fortune 500 international manufacturer. Approach integrated existing enterprise processes and systems, and developed a project plan that enabled the enterprise to implement the program through phased, risk-prioritized, iterative enhancements.
  • Monitorship Investigations and Compliance Program Implementation: Led a team of Ankura professionals to design and implement an internal investigations and related compliance program for a fortune 50 aerospace defense and technology company to satisfy the requirements of a Consent Agreement with the US Department of State. The program enabled the company to successfully implement an accountable, efficient investigation process and fulfill its compliance requirements to the satisfaction of the Consent Agreement’s monitor.
  • As Senior Counsel and Empowered Official for two fortune 50 aerospace technology firms, Randy built a compliance, investigation, and audit program specifically cited by State Department regulators as the “best in the industry” and led over 250 investigations with 100 percent success in resolution without enforcement action. Randy reduced outside counsel fees by over 90 percent over a two-year period.
  • As an Assistant US Attorney, Randy served as the lead federal prosecutor on over 100 cases involving trade controls, sanctions, government contracts, fraud, computer crimes, money laundering, bank and tax fraud, narcotics, war crimes, and terrorism. During his tenure, he tried five cases to verdict, prepared 10 cases to within weeks of trial, and drafted and argued dozens of motions, as well as interviewed and prepared hundreds of targets, subjects, and witnesses.
  • As a law firm attorney, Randy focused his practice on government, congressional, and internal investigations; CFIUS; trade controls; public integrity; anti-corruption; anti-fraud; and corporate defense for defense, policy, financial services, logistics, pharmaceutical, and technology clients.
  • As a Lieutenant Colonel for the US Army and the Army Reserve, Randy served as an Inspector General, conducted federal whistleblower and contract fraud investigations, and led organizational audits. As an Infantry Battalion Executive Officer, Task Force Operations Officer, and Company Commander, he provided mission-critical leadership, planning, coordination, and decision-making during multiple international and domestic contingencies.