Skip to main content

Cybersecurity Best Practices for Legal Services Providers 2019


Speaker(s): Alexander L. Greenberg, Christina Roupas, Cynthia J. Larose, Douglas Bloom, E.J. Yerzak, Mark Melodia, Michael F. McGowan, Michael R. Graif, Rhonda Barnat, Richard Raysman, Samantha J Himelman, Taylor Milligan Crotty, Thomas G. A. Brown
Recorded on: Feb. 4, 2019
PLI Program #: 253768

Doug is an Executive Director and Head of Cybersecurity and North American Data Protection & Privacy for Morgan Stanley's Legal & Compliance Division. In that role, he is responsible for the Firm's legal response to cybersecurity matters—including incident response, regulatory affairs and new legislation affecting the Firm. Doug is also responsible for privacy matters affecting the Firm’s U.S. and Canadian clients, its largest client base.  Doug has over 20 years’ experience investigating all aspect of financial and computer crimes—having served as a federal prosecutor, criminal defense lawyer and software developer.

Prior to joining Morgan Stanley, Doug was a Director in PwC’s Cybercrime and Breach Response practice, the leader of the Firm’s Cybersecurity Risk & Regulatory Practice, and a member of the Firm’s Financial Crimes Unit.  At PwC, Doug assisted clients across the globe, responding to regulatory changes, conducting cybercrime, fraud and economic espionage investigations, corporate internal investigations and handling breaches of PwC’s clients’ computer networks.  In addition, as a leader of the Firm’s cybersecurity Board governance program, Doug regularly advised clients and their Boards on proper governance of cybersecurity programs and assisted clients in the development of their cybersecurity Board reporting programs.

Prior to joining the PwC, Doug was a federal prosecutor in the United States Attorney’s Office for the Southern District of New York, where he investigated and prosecuted national security cyber offenses, including economic espionage, hacking of national defense and government systems, and the theft of trade secrets.  In addition to his cyber work, Doug investigated and prosecuted several high profile public corruption and accounting fraud cases, and convicted the former majority leader of the New York State Senate and acting Lieutenant Governor of New York State of bribery and extortion.  Doug is a 2015 recipient of the Attorney General’s John Marshal Award, the highest attorney honor granted by the Department of Justice, and a 2013 recipient of the Federal Law Enforcement Foundation’s Prosecutor of the Year award.  Prior to joining the U.S. Attorney’s Office, Doug was an associate in Covington & Burling’s white collar criminal defense and intellectual property practices where he investigated and litigated criminal and civil accounting fraud, tax fraud, and patent infringement cases.

Doug brings deep technical expertise to his legal role, having served as a software engineer and program manager for Xerox’s Palo Alto Research Center, Microsoft and Hewlett Packard.  In those roles, Doug designed and developed artificial intelligence algorithms for natural language processing software and drivers for network management systems. 

Doug is an Adjunct Professor of Law at Fordham University, where he teaches a course on computer crimes.  He is also a published author—whose articles on cybercrime and insider threats regularly appear in the New York Law Journal—and frequent speaker on cybersecurity, fraud, and information management.  He has presented to and taught courses for the Department of Justice, FINRA, the Association of Corporate Counsel, the National Association of Corporate Directors and various universities, businesses and industry participants. 

He received a Bachelor’s degree in Symbolic Systems and a Master’s degree in Linguistics from Stanford University.  He received a Juris Doctor, cum laude, from Harvard Law School.  He is admitted to the New York bar, the U.S. District Courts for the Southern and Eastern Districts of New York, and the U.S. Court of Appeals for the Second Circuit, and is an active member of the Federal Bar Council where he serves on both the Criminal Practice and Westchester County Committees. 



Cynthia J. Larose is Chair of Mintz Levin’s Privacy & Security Practice and a Certified Information Privacy Professional (CIPP). 

Cynthia represents companies in communications, information, and technology, including e-commerce and other electronic transactions. She counsels clients through all stages of the “corporate lifecycle,” from start-ups through mid- and later-stage financings to IPO, and has broad experience in technology and business law, including online contracting issues, licensing, domain name issues, software development, and complex outsourcing transactions.

Cynthia has extensive experience in privacy, data security, and information management matters, including state, federal, and international laws and regulations on the use and transfer of information, behavioral advertising, data security breach compliance and incident response, data breach incident response planning, as well as data transfers in the context of mergers and acquisitions and technology transactions. She conducts privacy audits and risk assessments to determine data and transaction flow and to assess privacy practices, and assists with drafting and implementation of privacy policies and information security policies and procedures and monitoring of privacy “best practices” across all levels of the enterprise.

She has been repeatedly recognized by Chambers USA and Chambers Global for her Privacy and Data Security practice.

She received J.D. and M.S. from Boston University.


Mark Melodia is a privacy, data security and consumer class action defense lawyer in Holland & Knight's New York office. Mr. Melodia focuses his practice on governmental and internal investigations, putative class actions and other "bet-the-company" suits in the following areas: data security/privacy, mortgage/financial services and other complex business litigation, including defamation.

Mr. Melodia has defended more than 80 putative class actions – including as lead defense counsel in multiple multidistrict litigations (MDLs) – arising from alleged consumer privacy violations, data incidents and allegations of data misuse. He routinely represents clients responding to government privacy investigations before the Federal Trade Commission (FTC), Office for Civil Rights, state attorneys general and the U.S. Department of Justice (DOJ). He has guided clients in a wide range of industries through several hundred data incidents over the past dozen years. He advises clients on their obligations and helps them operationalize the requirements of General Data Protection Regulation (GDPR) as well as federal and state laws in the U.S. He consults with boards and executive teams on these issues.

Mr. Melodia has been an instructor of Information Security Law in the Chief Information Security Officer (CISO) Executive Education and Certification Program at Carnegie Mellon University's Heinz College, as well as a guest lecturer at Seton Hall Law School and New York University School of Law.

Mr. Melodia served as a law clerk for the Honorable Timothy K. Lewis of the U.S. District Court for the Western District of Pennsylvania.


Assistant United States Attorney Thomas G.A. Brown is the Deputy Chief for Cyber of the Complex Frauds Unit at the United States Attorney's Office for the Southern District of New York. A federal prosecutor with more than 10 years' experience, Mr. Brown leads a group of 15 AUSAs focused on prosecuting computer and intellectual property offenses, including computer hacking, Internet-based fraud, theft of trade secrets, and cyber national security matters, including economic espionage. Mr. Brown and his team have a particular focus on pursuing overseas cyber criminals using novel and creative investigative techniques. Mr. Brown also serves as an advisor to other AUSAs around the country on cyber crime and electronic evidence matters, and regularly lectures on cyber crime issues to business and law enforcement groups. In addition, Mr. Brown is an Adjunct Professor of Law at Fordham University School of Law where he teaches a seminar on cyber crime, covering computer misuse crimes, intellectual property offenses, the Fourth Amendment in cyberspace, computer evidence at trial, data breach and privacy issues, and information security, among other areas. Mr. Brown is a recipient of the FBI Director's Award for Outstanding Cyber Investigation and the Federal Law Enforcement Foundation's Federal Prosecutor of the Year Award in connection with his work on developing the Southern District of New York's nationally recognized cyber crime program.


 


E.J. assists advisers to hedge funds, private equity funds, funds of funds, pension advisers, and retail investment advisers in bridging the gap between compliance and cybersecurity risk management. In addition to conducting compliance program annual reviews, risk assessments, and mock exams, E.J. is Director of Cyber IT Services of the technology team at Ascendant which provides cybersecurity consulting services to Ascendant’s clients. In this capacity, E.J. assists firms in assessing and managing their cybersecurity risk - from network vulnerability scanning and penetration testing to onsite cybersecurity assessments and assistance in implementing the NIST cybersecurity framework.

E.J. has authored articles and alerts on emerging regulatory and technology issues, and is regularly requested to speak as a cybersecurity expert at industry conferences and events throughout the country. He is a Certified Information Systems Auditor (CISA®), Certified Information Security Manager (CISM®), and Certified in Risk and Information Systems Control (CRISC™).

E.J. holds a Bachelor of Arts in both English and Computer Science, Magna Cum Laude, from Colgate University, a Master of Science degree in Computer Information Technology from Central Connecticut State University, as well as a J.D., Magna Cum Laude, from Quinnipiac University School of Law. He is licensed to practice at the State Bar of Connecticut and in federal court before the U.S. District Court for the District of Connecticut.


Michael F. McGowan is the Principal at Metafor LLC, which specializes in data and metadata forensics and cybersecurity. He has been at the forefront of applying digital forensics, statistical analysis, and investigative skills to resolving issues involving electronic data for over 15 years. 

Mr. McGowan is a sought-after consultant and expert witness. He has testified on numerous occasions from being the government's expert witness in the Enron Barge trial at age 23 to testifying on behalf of Facebook about the results of his forensic analysis that demonstrated the documents produced by an individual claiming to own half of Facebook were not authentic. 


Michael is an intellectual property attorney whose practice encompasses trademark and copyright enforcement, technology and licensing transactions, patent and trademark portfolio management, and counseling clients on intellectual property issues that arise in business deals. He also has extensive experience in cybersecurity, privacy, and social media law. His clients range from start-ups to Fortune 500 companies in a broad range of industries, including technology, manufacturing, sports & entertainment, and digital & social media.

The rights enforcement side of Michael’s practice includes trademark, copyright, and patent matters, domain name proceedings, and advising clients on publicity and privacy rights.

Michael’s IP transactional work includes drafting licensing, joint venture, and other agreements involving trademarks and technology. He also frequently conducts due diligence on intellectual property issues related to mergers and acquisitions, securitizations, loans, securities offerings, and other transactions.

Michael has been interviewed on television and quoted in national media outlets on file-sharing and copyright issues. Along with appearing on Bloomberg Television and Reuters Television, he has been quoted in the Washington Post, San Francisco Chronicle, Above the Law, The Guardian of London and The Daily Deal, and other news outlets. He teaches social media law as a lecturer in law at the University of Pennsylvania Law School and an adjunct professor at Benjamin N. Cardozo School of Law.

Prior to joining Mintz, Michael was chair of the intellectual property group at a New York-based international law firm, where he was a partner for a decade. Earlier, he was a partner at a Washington, DC-based national law firm; a counsel and associate at another New York-based global law firm; and an associate at a New York-based intellectual property law firm.


Recognized as one of BTI’s “Client Service All-Stars,” Christina focuses her practice on general corporate and securities matters, including representing issuers and investment banks in capital markets and leveraged finance transactions, mergers and acquisitions and counseling public companies regarding disclosure, corporate governance, and other securities law and compliance issues. Christina has particular experience advising on corporate and securities transactions involving real estate investment trusts (REITs). She regularly counsels companies on SEC compliance matters and advises management teams and boards on corporate governance and other securities law and compliance issues. Christina has experience in a variety of industries, including real estate, automotive, retail and consumer products, and electric power and utilities, among others. She has particular experience advising issuers and underwriters on corporate and securities transactions involving REITs.

Honors & Awards

Christina was named a BTI Client Service All-Star Attorney in 2018 and has been named an “Illinois Rising Star” by Super Lawyers since 2016. Additionally, IFLR1000 2019 recognized Christina as a "Notable Practitioner" for Capital Markets: Equity and M&A.

Activities

Christina serves as a member of the Planning Committee for the Ray Garrett Jr. Corporate and Securities Law Institute at Northwestern University. She serves on the firm’s Hiring Committee and Associate Evaluation Committee. 

Christina is a member of the National Association of Women Lawyers and the National Association of Real Estate Investment Trusts (NAREIT).

Credentials

Christina received a B.A. in 2005 in History and Political Science from George Washington University and a J.D. in 2008 from William & Mary School of Law, where she was Articles Editor of the William and Mary Law Review and served as a member of the William & Mary National Moot Court Team.

Publications & Speaking Engagements

Christina is a regular speaker and writer on various capital markets and securities topics, including most recently speaking about SEC Disclosure Developments at the 38th Annual Ray Garrett Jr. Corporate and Securities Law Institute at Northwestern University. She is also the co-author of the Bloomberg BNA Corporate Practice Series portfolio “The Board of Directors.”


Taylor Milligan Crotty is a Vice President within BlackRock's Global Information Security organization.  She is responsible for Business Engagement, Cyber Resilience, and Third Party Security.

As part of these responsibilities, Ms. Crotty works directly with BlackRock’s Legal & Compliance team to negotiate Agreements containing Information Security-specific terms with BlackRock’s service providers globally. 

Ms. Crotty first developed a Third Party Security practice at a boutique information security consulting firm, Security Risk Advisors.  She administered the program for one of the nation's largest private healthcare companies in addition to the nation's primary provider of private-label credit cards.  As part of this role, Taylor regularly conducted on-site security assessments of her clients' third parties to ensure sensitive data, including PCI in-scope data and HIPAA-protected information, was treated with the requisite care in accordance with industry best practices. 

Today, Ms. Crotty leads BlackRock’s Cyber Resilience function and is responsible for assuring the resiliency of BlackRock and key partners critical to BlackRock’s business operations before, during, and after a cyber event.  As part of these responsibilities, she coordinates periodic Partner Resilience Exercises, or Wargames, with BlackRock’s most critical provider partners, critical internal business functions, and the industry as a whole.


Richard Raysman is a partner in the New York office of Holland & Knight.  Richard has been selected by Chambers as one of America's leading technology lawyers, and he is a regular guest columnist for The Wall Street Journal Technology Section.  He has represented clients in billions of dollars of outsourcing transactions, and he has litigated reported cases for the New York state and federal courts including Internet and licensing disputes.  Richard writes a monthly column for the New York Law Journal on "Technology Law".  He is a graduate of M.I.T. and prior to practicing law, he was a Systems Engineer for IBM Corporation for six years.