New feature: Customize your PLUS research experience with My Preferences. Learn more.
Skip to main content

Cybersecurity 2019: Managing Cybersecurity Incidents


Speaker(s): Adam Fletcher, Brittany M. Bacon, Clark Russell, David Wong, Douglas Bloom, Emily Stapf, Eric M. Friedberg, Erika Brown Lee, Jay Leek, Katherine E. McCarron, Lisa J. Sotto, Mark Seifert, Matthew W. Van Hise, Michele S. Lucan, Panagiotis (Pete) Balias, Perry Lee, Robert Lord, William E. Min
Recorded on: Sep. 13, 2019
PLI Program #: 252400

Doug is an Executive Director and Co-Head of Cybersecurity and Privacy for Morgan Stanley's Legal & Compliance Division. In that role, he is responsible for the Firm's legal response to cybersecurity and privacy matters globally—including incident response, regulatory affairs and new legislation affecting the Firm.  Doug has over 20 years’ experience investigating all aspect of financial and computer crimes—having served as a federal prosecutor, criminal defense lawyer and software developer.

Prior to joining Morgan Stanley, Doug was a Director in PwC’s Cybercrime and Breach Response practice, the leader of the Firm’s Cybersecurity Risk & Regulatory Practice, and a member of the Firm’s Financial Crimes Unit.  At PwC, Doug assisted clients across the globe, responding to regulatory changes, conducting cybercrime, fraud and economic espionage investigations, corporate internal investigations and handling breaches of PwC’s clients’ computer networks.  In addition, as a leader of the Firm’s cybersecurity Board governance program, Doug regularly advised clients and their Boards on proper governance of cybersecurity programs and assisted clients in the development of their cybersecurity Board reporting programs.

Prior to joining the PwC, Doug was a federal prosecutor in the United States Attorney’s Office for the Southern District of New York, where he investigated and prosecuted national security cyber offenses, including economic espionage, hacking of national defense and government systems, and the theft of trade secrets.  In addition to his cyber work, Doug investigated and prosecuted several high profile public corruption and accounting fraud cases, and convicted the former majority leader of the New York State Senate and acting Lieutenant Governor of New York State of bribery and extortion.  Doug is a 2015 recipient of the Attorney General’s John Marshal Award, the highest attorney honor granted by the Department of Justice, and a 2013 recipient of the Federal Law Enforcement Foundation’s Prosecutor of the Year award.  Prior to joining the U.S. Attorney’s Office, Doug was an associate in Covington & Burling’s white collar criminal defense and intellectual property practices where he investigated and litigated criminal and civil accounting fraud, tax fraud, and patent infringement cases.

Doug brings deep technical expertise to his legal role, having served as a software engineer and program manager for Xerox’s Palo Alto Research Center, Microsoft and Hewlett Packard.  In those roles, Doug designed and developed artificial intelligence algorithms for natural language processing software and drivers for network management systems. 

Doug is an Adjunct Professor of Law at Fordham University, where he teaches a course on computer crimes.  He is also a published author—whose articles on cybercrime and insider threats regularly appear in the New York Law Journal—and frequent speaker on cybersecurity, fraud, and information management.  He has presented to and taught courses for the Department of Justice, FINRA, the Association of Corporate Counsel, the National Association of Corporate Directors and various universities, businesses and industry participants. 

He received a Bachelor’s degree in Symbolic Systems and a Master’s degree in Linguistics from Stanford University.  He received a Juris Doctor, cum laude, from Harvard Law School.  He is admitted to the New York bar, the U.S. District Courts for the Southern and Eastern Districts of New York, and the U.S. Court of Appeals for the Second Circuit, and is an active member of the Federal Bar Council where he serves on both the Criminal Practice and Westchester County Committees. 



Adam Fletcher is the Chief Information Security Officer for Blackstone, one of the world’s leading investment managers. As a cybersecurity professional with 20 years of experience, Adam has worked with global cybersecurity organizations large and small including McAfee, Nokia, VeriSign, ISS and Accuvant. Adam built a strong technical foundation through roles in security technology implementation and security architecture design, which has been complemented by management experience gained from roles leading consulting engagements and global teams of information security professionals. Prior to joining Blackstone, Adam led the International Security team for Equifax, coordinating a global security program across 14 countries, each with different business, regulatory, and privacy requirements.


Bill Min is Deputy General Counsel & Chief Privacy and Data Governance Officer for Western Union where he leads the company’s global privacy and information governance organization. 

Prior to Western Union, Bill was Senior Vice President, Legal and Chief Privacy Officer at Live Nation Entertainment, Inc.  He also worked for 16+ years at Starwood Hotels & Resorts Worldwide, Inc. where he led several global functions, including privacy, enterprise risk management, and operational compliance.  Among his accomplishments, Bill is acknowledged as an expert in the area of data privacy, and established the global privacy function at both Live Nation and Starwood.  Earlier in his career, Bill held in-house legal positions at Sara Lee Corporation and at Sunkyong America, Inc., the US subsidiary of one of the largest Korean conglomerates.  Prior to working as in-house counsel, Bill was a mergers and acquisitions attorney at two New York City law firms.  

Bill earned his Bachelor of Arts degree from the University of Pennsylvania, his Master of Arts degree from the State University of New York at Stony Brook, and his Juris Doctor degree from Fordham University School of Law. 


Bob Lord is the Chief Security Officer at the Democratic National Committee, bringing more than twenty years of experience in the information security space to the Committee, state parties, and campaigns. Previously he was Yahoo’s CISO, covering areas such as risk management, product security, security software development, e-crimes, and APT programs. Before that he acted as the CISO in Residence at Rapid 7, and before that headed up Twitter’s information security program as its first security hire. You can see some of his hobbies at https://www.ilord.com.


Brittany Bacon is a partner in Hunton Andrews Kurth’s top-ranked Global Privacy and Cybersecurity practice. She has national recognition for her work in the areas of privacy and data security. In 2018 and 2019, Brittany was ranked in Chambers USA and was named a New York Law Journal “Rising Star,” a Law360 “Rising Star” in privacy and cybersecurity, and one of Global Data Review’s 40 Under 40 data lawyers. Legal 500 also lists Brittany as a “Next Generation Lawyer” for cyber law. 

Brittany served as a lead attorney on the two largest reported breaches in history (affecting over three billion user accounts) and has managed hundreds more. Her cybersecurity practice includes advising clients on data breach notification responsibilities; counseling them on responding to multi-jurisdictional regulatory investigations; and providing strategic advice in the breach context for managing inquiries from Boards of Directors, consumers, media and potential acquiring companies in a deal setting. Brittany also helps companies design and build privacy and data security governance programs and conduct proactive breach preparedness activities, including developing workable incident response plans and legal breach notification procedures, running executive-level tabletops with data breach hypotheticals, and engaging third-party experts (such as forensic investigation firms, credit monitoring services, PR firms and call centers) in advance of an incident.

In relation to her privacy compliance practice, Brittany has extensive experience in advising clients on state, federal and international privacy laws, including the EU General Data Protection Regulation and the California Consumer Privacy Act. She routinely conducts privacy impact assessments and advises companies on managing risk in connection with extensive and innovative data collection and use. She also regularly negotiates privacy and data security provisions of complex commercial and technology-related contracts and helps companies design robust vendor management programs.

Brittany is a frequent speaker and author on privacy and cybersecurity topics. She received her JD from the Washington University in St. Louis School of Law, and her BA from the University of Notre Dame, cum laude. She is admitted to practice in the state of New York.


Clark Russell is the Deputy Bureau Chief of the Bureau of Internet and Technology at the New York State Attorney General’s Office.  The Bureau is committed to protecting consumers from online threats and has brought a number of ground-breaking cases involving internet and technology issues.  Clark’s investigations included Secure Our Smartphones, where the office convinced smartphone manufacturers to install a “kill switch” in their smartphones; Operation Clean Turf, the largest investigation into companies flooding the Internet with fake positive reviews; and Operation Child Tracker, the largest state AG investigation of violations of the Children’s Online Privacy Protection Act (“COPPA”) by major child brand websites, and a well-known ad network.  Clark oversees the office’s data breach notification program, and secured numerous record-setting results in data breach cases.  He is also the principal draftsperson of the Stop Hacks and Improve Electronic Data Security Act ("SHIELD Act") which overhauled New York State’s data security and notification, establishing new and unprecedented safeguards of personal data.


Dave Wong is a Vice President at FireEye Mandiant. Mr. Wong manages the FireEye Mandiant cybersecurity consulting practice in North America. In this capacity, he leads a team of cybersecurity experts to help organizations respond to cybersecurity attacks and make them more resilient to future cybersecurity attacks.

Mr. Wong has extensive experience in cybersecurity and investigating cybercrime. Over the past 10 years, he has investigated some of the largest cybersecurity incidents, including ransomware attacks and intellectual property theft from nation states. Dave brings true front-line experience of real world cyberattacks. Through the investigations, Mandiant learns how attackers circumvent security controls. He uses this experience to help guide companies to secure their networks, data, and intellectual property.

Prior to joining FireEye, Mr. Wong was the Chief Operating Officer of the Intrepidus Group, a boutique cybersecurity firm that focused on mobile application and device security. Dave also has experience working in the financial industry at hedge funds and investment firms.

Mr. Wong is a Certified Information Systems Security Professional (CISSP) and holds a degree in Engineering from the Cooper Union for the Advancement of Science and Art.


Emily Stapf is a Principal in PwC’s Cybersecurity & Privacy practice focused on incident and threat management and cybersecurity strategy.  She is on PwC’s US cybersecurity leadership team where she leads integration of cybersecurity into PwC ‘s global business portfolio, leads the US Incident and Threat Management team, and leads the Denver market for PwC’s Cybersecurity & Privacy services. 

With 20+ years of consulting experience, Ms. Stapf has helped hundreds of commercial clients prepare for, respond to, and mitigate the impact of unplanned events.  For 16 years she has lead investigations, incident response and strategy projects related to data breaches, cybercrime events, privacy matters, information security strategy, and insider threat using computer forensics, data analytics and cybersecurity techniques.  She helps clients navigate statutory, regulatory and contractual notification, regulatory inquiry and litigation, and regularly briefs senior leaders about cybersecurity risk, resilience and trust.

Ms. Stapf has advised hundreds of corporate, private and law firm clients across healthcare, retail, financial services, insurance, aerospace, technology, manufacturing, data analytics and energy industries on a global scale, and is well connected across PwC's global network.

Ms. Stapf is a frequent speaker on the topics of cybercrime, data breach investigations and information risk management at ABA, IAPP, PLI, CSO and other forums.

Ms. Stapf is a Certified Information Security Manager and a Certified Fraud Examiner, and is an IAPP and ISACA member, and held a Federal Top Secret Clearance.


Eric M. Friedberg is co-founder and Co-President of Stroz Friedberg, LLC, a cyber consultancy and technical services firm acquired by Aon plc in 2016. Mr. Friedberg has 30 years of public and private sector experience in law, cyber-crime response, cyber-governance, IT security, forensics, investigations and e-discovery. His expertise is sought by boards, audit committees, C-suites, law firms and the courts. Mr. Friedberg has led responses to some of the most serious cyber-attacks on the nation’s companies, including attacks by state-sponsored agents, organized crime, hacktivists and malicious insiders. He is an expert in incident response governance, technologies and policies. He has also conducted enterprise-wide cyber security risk assessments in many business sectors. He has been quoted extensively on cyber-crime and IT security issues in print, digital and television media.

In 2019, Mr. Friedberg was appointed by Governor Andrew Cuomo to the New York State Cyber Advisory Board.

Mr. Friedberg is also a leader in the fields of e-discovery, forensics and privacy, having managed many high-profile assignments in those areas, testified as an expert, been appointed by courts as a Special Master and led the development of new investigative methodologies. He has lectured and published book chapters and articles on e-discovery and forensics. He was previously a member of the Sedona Conference’s Working Group 6, the International Association of Privacy Professionals, and the advisory board of The Future of Privacy Forum.

For the 16 years before Stroz Friedberg was acquired by Aon, Mr. Friedberg co-led that firm from a start-up to a 550+ person firm with nine U.S. and four foreign offices. While always a principal business developer and leader of major client assignments, Mr. Friedberg oversaw geographic and service line growth, M&A, infusions of private equity capital, board interactions, and many of the firm’s divisions. Mr. Friedberg was an officer and director of the firm, and a member of the compensation committee.

Before building Stroz Friedberg, Mr. Friedberg was for 11 years a federal prosecutor at the U.S. Attorney’s Office in Brooklyn, New York.

Mr. Friedberg began his career as an intellectual property and securities litigator at Skadden, Arps.


Mark Seifert has worked at the center of critical telecommunications, cybersecurity, and technology policy debates in Washington for more than 25 years. A partner at the Brunswick Group, Mark is a co-founder of the global Cybersecurity and Privacy practice. Mark brings a unique understanding of the relationship between government and the private sector based on his extensive experience at the Federal Communications Commission, as well as his service in all three branches of the federal government. At Brunswick he advises major multinational corporations on the communications issues surrounding data, cybersecurity, and privacy, including extensive experience helping companies prepare for, respond to, and recover from cybersecurity incidents. Mark has led retained accounts, projects, and transactions with both public and privately-owned clients including AT&T, Facebook, GE, Visa, Abbott, Southwest Airlines, Novo Nordisk, Blue Cross Blue Shield Association and Cisco. He also serves as a board member for the Center for Democracy and Technology and is an IAPP certified privacy professional.

Before joining Brunswick, Mark oversaw a $5 billion dollar broadband infrastructure program at the U.S. Department of Commerce, where he served as Senior Advisor to the Deputy Secretary.  Mark has also served as Counsel to the House Committee on Energy and Commerce, working on telecommunications and internet issues. He began his government career at the FCC, where he worked for over a decade in various management and policy positions. Mark has previously served as a national constituency Director for the Kerry-Edwards presidential campaign, and after earning his J.D. from University of Virginia School of Law, he clerked on the U.S. Court of Appeals for the Sixth Circuit and worked as a commercial litigator in private practice for five years.


Michele S. Lucan is an Assistant Attorney General at the Connecticut Attorney General's Office in its Privacy and Data Security Department. In this role, Michele handles all matters involving consumer privacy and information security. Most notably, Michele is currently leading and/or co-leading multistate investigations of several massive data breaches involving sensitive personal information.

Michele joined the Attorney General's Office in 2008 and first served in its Consumer Protection Division, where she investigated and pursued enforcement actions against a variety of unfair and deceptive business practices under the Connecticut Unfair Trade Practices Act. In 2013, Michele was appointed to a multidisciplinary Privacy Task Force that was created to focus the Office's response to privacy concerns and data breaches, and educate the public and Connecticut businesses about data protection responsibilities under state and federal law. In early 2015, a dedicated Privacy and Data Security Department was formed and Michele was assigned full-time to the Department from its inception. Michele has spent the past several years working exclusively on privacy-related matters.

Michele is a Certified Information Privacy Professional (CIPP)/ U.S.  She received her B.A. from Loyola University in Maryland and her J.D. from the Quinnipiac University School of Law. Michele speaks regularly on privacy-related topics to government, bar and industry groups.


Perry Lee, Cyber Risk Consultant, is based in New York City. He offers a practiced and successful approach to client interaction, as well as technical depth gained from operational experience helping organizations succeed in meeting their technology goals. Perry’s commitment to servicing clients and ability to communicate and understand client goals is a significant asset to AIG insureds navigating the cyber risk environment.

Prior to joining AIG, Perry was the Director of Professional Services for Precision IT Group, managing a team of senior engineers and overseeing the project management practice at the firm. In his account executive role, he assisted clients with technology planning and execution with a focus on security-forward implementation.

Perry earned his B.A. from Rutgers University in NJ.


Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto chairs Hunton Andrews Kurth’s top-ranked Global Privacy and Cybersecurity practice and is the managing partner of the firm’s New York office. She also serves on the firm’s Executive Committee. Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity. She was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and has received top rankings for privacy and data security by Chambers and Partners and The Legal 500. Lisa serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. 

Nicknamed both the “Priestess of Privacy” and “Queen of Breach,” Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices. She advises clients on GLB, HIPAA, COPPA, CAN-SPAM, FCRA, VPPA, security breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America). More recently, Lisa and her team have assisted more than 100 clients in developing strategies for complying with the California Consumer Privacy Act of 2018.

Lisa also provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness. Since 2005, she has advised clients on more than 1,600 cybersecurity and data breach incidents in the U.S. and abroad, including many of the seminal events. Lisa is the editor and lead author of the legal treatise entitled Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 

Lisa is chair of the New York Privacy Officers’ Forum and a former member of the Board of Directors of IAPP. She received her J.D. from the University of Pennsylvania Law School, where she was an editor of the Law Review. She received her B.A. from Cornell University, with Distinction in All Subjects. Lisa is admitted to practice in New York.


Matthew W. Van Hise is an Assistant Attorney General and Chief of the Privacy Unit at the Illinois Attorney General’s Office.  AAG Van Hise has been with the Attorney General’s Office working in the Consumer Fraud Bureau since 2011.  He enforces the Illinois Consumer Fraud and Deceptive Business Practices Act and spends the majority of his time focusing on privacy, data security, and data breach related investigations and litigation.  AAG Van Hise functions as both the lead and co-lead attorney for many national multistate investigations into several of the largest data breach incidents to date.

As Chief of the Privacy Unit, he serves as the point person within the Illinois Attorney General’s Office on matters such as privacy, data security, technology, and the secure handling of consumers’ personal information.  AAG Van Hise also oversees the Illinois Attorney General’s Identity Theft Unit, which was created in 2006 and has assisted over forty-five thousand consumers with complaints covering a wide variety of identity theft issues and privacy areas. 

Matthew leads the National Association of Attorneys General Privacy Working Group, on both privacy and identity theft.  He also co-leads the NAAG medical privacy discussions. 

Prior to this, he worked at the Michigan Attorney General’s Office, on both privacy and identity theft.  Matthew received a B.A. from Bradley University and a J.D. from the Thomas M. Cooley Law School in Lansing, Michigan.  Matthew has served as panelist and as guest speaker at numerous data security and privacy conferences throughout the country.  He is an active member in the International Association of Privacy Professionals, holding the CIPP/US certification, as well as a member in many local, state, and national Bar Associations.


Katherine E. McCarron is an attorney with the Bureau of Consumer Protection, Division of Privacy and Identity Protection, at the Federal Trade Commission in Washington, D.C.  This division of the Commission has responsibility for enforcing federal statutes and regulations that pertain to information security and consumer privacy.  Ms. McCarron investigates and prosecutes violations of U.S. federal laws governing the privacy and security of consumer information and has worked on FTC enforcement actions under Section 5 of the Federal Trade Commission Act.  She received her J.D., from Stanford Law School, her M.A. from the London School of Economics and Political Science, and her B.A. from Yale University.


Erika Brown Lee is a Senior Vice President and Assistant General Counsel at Mastercard.  Ms. Brown Lee leads the team that develops policies, provides guidance, and ensures compliance with privacy and data protection laws across the company’s products and services, including payment processing, data analytics, and fraud-related activities.  Ms. Brown Lee also works closely with the company’s cybersecurity teams to develop policies and manage regulatory interactions.  Ms. Brown Lee is the former Chief Privacy and Civil Liberties Officer of the U.S. Department of Justice, where she served as the principal advisor to the Attorney General on privacy and civil liberties matters.  Ms. Brown Lee co-chaired the DOJ breach response team, played a leadership role among agencies working to develop privacy-related legislation, and provided regular briefings to Capitol Hill.  She received an Attorney General Award for Exceptional Contributions in Negotiating a Data Protection and Privacy Agreement with the E.U.  Ms. Brown Lee also served in the Division of Privacy & Identity Protection at the Federal Trade Commission, and chaired the ABA’s Privacy & Information Security Committee.  Ms. Brown Lee is a Certified Information Privacy Professional (CIPP) for Europe and the U.S.


Jay Leek, CISM, CISA, CISSP, is a Managing Partner and Co-founder of ClearSky Security, and leading venture fund focused on investing in early- and growth-stage security companies.  He also consults with Blackstone on various areas of cyber security strategy and investing, and he is currently co-leading Blackstone’s portfolio company CISO community. Prior to joining ClearSky, Leek was the Chief Information Security Officer for Blackstone, where he also worked with their information security investments and portfolio companies.  Over the past 20 years, Leek built and headed up global information risk and security programs for Equifax and Nokia and also worked as a Product Manager as well as a Consultant to telecom companies, government agencies and financial institutions assisting them with strategic planning and architectural design required to meet their information risk and security objectives. Leek currently serves as a member of the board of directors for AppOmni, BigID, BlueLava, Capsule8, CloudKnox, CyberGRX, IntSights, SecZetta and Respond, and the NY Metro ISSA Chapter. He was also formerly a member of the board of directors for Carbon Black, Cylance, Demisto, Optiv, Phantom, ProtectWise, RedOwl and Verodin, and a former member of the advisory boards for Accuvant, iSIGHT Partners and Risk IO.


Supervisory Special Agent Panagiotis (Pete) Balias entered on to duty with the FBI in 2007.  After completing initial training in Quantico, Virginia, SSA Balias was assigned to the FBI’s New York City field office, where he participated in a wide range of investigations to include counterterrorism, white color, and narcotics.  SSA Balias has also investigated intellectual property rights, child pornography, and cyber violations.  SSA Balias currently supervises a cyber squad and Task Force responsible for investigating criminal cyber threats.