Skip to main content

Cybersecurity Best Practices for Legal Services Providers 2019

Speaker(s): Alexander L. Greenberg, Christina Roupas, Cynthia J. Larose, Douglas Bloom, E.J. Yerzak, Mark Melodia, Michael F. McGowan, Michael R. Graif, Rhonda Barnat, Richard Raysman, Samantha J Himelman, Taylor Milligan Crotty, Thomas G. A. Brown
Recorded on: Feb. 4, 2019
PLI Program #: 253768

Doug is an Executive Director and Co-Head of Cybersecurity & Privacy for Morgan Stanley's Legal & Compliance Division. In that role, he is responsible for the Firm's legal response to cybersecurity matters—including incident response, regulatory affairs and new legislation affecting the Firm. Doug is also responsible for privacy matters affecting the Firm’s personnel and client base.  Doug has over 20 years’ experience investigating all aspect of financial and computer crimes—having served as a federal prosecutor, criminal defense lawyer and software developer.

Prior to joining Morgan Stanley, Doug was a Director in PwC’s Cybercrime and Breach Response practice, the leader of the Firm’s Cybersecurity Risk & Regulatory Practice, and a member of the Firm’s Financial Crimes Unit.  At PwC, Doug assisted clients across the globe, responding to regulatory changes, conducting cybercrime, fraud and economic espionage investigations, corporate internal investigations and handling breaches of PwC’s clients’ computer networks.  In addition, as a leader of the Firm’s cybersecurity Board governance program, Doug regularly advised clients and their Boards on proper governance of cybersecurity programs and assisted clients in the development of their cybersecurity Board reporting programs.

Prior to joining the PwC, Doug was a federal prosecutor in the United States Attorney’s Office for the Southern District of New York, where he investigated and prosecuted national security cyber offenses, including economic espionage, hacking of national defense and government systems, and the theft of trade secrets.  In addition to his cyber work, Doug investigated and prosecuted several high profile public corruption and accounting fraud cases, and convicted the former majority leader of the New York State Senate and acting Lieutenant Governor of New York State of bribery and extortion.  Doug is a 2015 recipient of the Attorney General’s John Marshal Award, the highest attorney honor granted by the Department of Justice, and a 2013 recipient of the Federal Law Enforcement Foundation’s Prosecutor of the Year award.  Prior to joining the U.S. Attorney’s Office, Doug was an associate in Covington & Burling’s white collar criminal defense and intellectual property practices where he investigated and litigated criminal and civil accounting fraud, tax fraud, and patent infringement cases.

Doug brings deep technical expertise to his legal role, having served as a software engineer and program manager for Xerox’s Palo Alto Research Center, Microsoft and Hewlett Packard.  In those roles, Doug designed and developed artificial intelligence algorithms for natural language processing software and drivers for network management systems. 

Doug is an Adjunct Professor of Law at Fordham University, where he teaches a course on computer crimes.  He is also a published author—whose articles on cybercrime and insider threats regularly appear in the New York Law Journal—and frequent speaker on cybersecurity, fraud, and information management.  He has presented to and taught courses for the Department of Justice, FINRA, the Association of Corporate Counsel, the National Association of Corporate Directors and various universities, businesses and industry participants. 

He received a Bachelor’s degree in Symbolic Systems and a Master’s degree in Linguistics from Stanford University.  He received a Juris Doctor, cum laude, from Harvard Law School.  He is admitted to the New York bar, the U.S. District Courts for the Southern and Eastern Districts of New York, and the U.S. Court of Appeals for the Second Circuit, and is an active member of the Federal Bar Council where he serves on both the Criminal Practice and Westchester County Committees.

Cynthia J. Larose is Chair of Mintz Levin’s Privacy & Security Practice and a Certified Information Privacy Professional (CIPP). 

Cynthia represents companies in communications, information, and technology, including e-commerce and other electronic transactions. She counsels clients through all stages of the “corporate lifecycle,” from start-ups through mid- and later-stage financings to IPO, and has broad experience in technology and business law, including online contracting issues, licensing, domain name issues, software development, and complex outsourcing transactions.

Cynthia has extensive experience in privacy, data security, and information management matters, including state, federal, and international laws and regulations on the use and transfer of information, behavioral advertising, data security breach compliance and incident response, data breach incident response planning, as well as data transfers in the context of mergers and acquisitions and technology transactions. She conducts privacy audits and risk assessments to determine data and transaction flow and to assess privacy practices, and assists with drafting and implementation of privacy policies and information security policies and procedures and monitoring of privacy “best practices” across all levels of the enterprise.

She has been repeatedly recognized by Chambers USA and Chambers Global for her Privacy and Data Security practice.

She received J.D. and M.S. from Boston University.

Mark Melodia is a privacy, data security and consumer class action defense lawyer in Holland & Knight's New York office. Mr. Melodia focuses his practice on governmental and internal investigations, putative class actions and other "bet-the-company" suits in the following areas: data security/privacy, mortgage/financial services and other complex business litigation, including defamation.

Mr. Melodia has defended more than 80 putative class actions – including as lead defense counsel in multiple multidistrict litigations (MDLs) – arising from alleged consumer privacy violations, data incidents and allegations of data misuse. He routinely represents clients responding to government privacy investigations before the Federal Trade Commission (FTC), Office for Civil Rights, state attorneys general and the U.S. Department of Justice (DOJ). He has guided clients in a wide range of industries through several hundred data incidents over the past dozen years. He advises clients on their obligations and helps them operationalize the requirements of General Data Protection Regulation (GDPR) as well as federal and state laws in the U.S. He consults with boards and executive teams on these issues.

Mr. Melodia has been an instructor of Information Security Law in the Chief Information Security Officer (CISO) Executive Education and Certification Program at Carnegie Mellon University's Heinz College, as well as a guest lecturer at Seton Hall Law School and New York University School of Law.

Mr. Melodia served as a law clerk for the Honorable Timothy K. Lewis of the U.S. District Court for the Western District of Pennsylvania.

Assistant United States Attorney Thomas G.A. Brown is the Deputy Chief for Cyber of the Complex Frauds Unit at the United States Attorney's Office for the Southern District of New York. A federal prosecutor with more than 10 years' experience, Mr. Brown leads a group of 15 AUSAs focused on prosecuting computer and intellectual property offenses, including computer hacking, Internet-based fraud, theft of trade secrets, and cyber national security matters, including economic espionage. Mr. Brown and his team have a particular focus on pursuing overseas cyber criminals using novel and creative investigative techniques. Mr. Brown also serves as an advisor to other AUSAs around the country on cyber crime and electronic evidence matters, and regularly lectures on cyber crime issues to business and law enforcement groups. In addition, Mr. Brown is an Adjunct Professor of Law at Fordham University School of Law where he teaches a seminar on cyber crime, covering computer misuse crimes, intellectual property offenses, the Fourth Amendment in cyberspace, computer evidence at trial, data breach and privacy issues, and information security, among other areas. Mr. Brown is a recipient of the FBI Director's Award for Outstanding Cyber Investigation and the Federal Law Enforcement Foundation's Federal Prosecutor of the Year Award in connection with his work on developing the Southern District of New York's nationally recognized cyber crime program.


E.J. Yerzak is Director of Cyber IT Services at Compliance Solutions Strategies (CSS), a global regulatory compliance consultancy and regtech software provider for the financial services space. E.J. assists hedge funds, private equity funds, funds of funds, pension advisers, and retail investment advisers in cybersecurity risk assessments, from network vulnerability scanning and penetration testing to policy and control assessments and helping firms implement the NIST cybersecurity framework.  He has authored articles and alerts on emerging regulatory and technology issues, and speaks regularly as a cybersecurity expert at industry conferences and events throughout the country. He is a Certified Information Systems Auditor (CISA®), Certified Information Security Manager (CISM®), and Certified in Risk and Information Systems Control (CRISC™).

Michael F. McGowan is the Principal at Metafor LLC, which specializes in data and metadata forensics and cybersecurity. He has been at the forefront of applying digital forensics, statistical analysis, and investigative skills to resolving issues involving electronic data for over 15 years. 

Mr. McGowan is a sought-after consultant and expert witness. He has testified on numerous occasions from being the government's expert witness in the Enron Barge trial at age 23 to testifying on behalf of Facebook about the results of his forensic analysis that demonstrated the documents produced by an individual claiming to own half of Facebook were not authentic. 

Michael is an intellectual property attorney whose practice encompasses trademark and copyright enforcement, technology and licensing transactions, patent and trademark portfolio management, and counseling clients on intellectual property issues that arise in business deals. He also has extensive experience in cybersecurity, privacy, and social media law. His clients range from start-ups to Fortune 500 companies in a broad range of industries, including technology, manufacturing, sports & entertainment, and digital & social media.

The rights enforcement side of Michael’s practice includes trademark, copyright, and patent matters, domain name proceedings, and advising clients on publicity and privacy rights.

Michael’s IP transactional work includes drafting licensing, joint venture, and other agreements involving trademarks and technology. He also frequently conducts due diligence on intellectual property issues related to mergers and acquisitions, securitizations, loans, securities offerings, and other transactions.

Michael has been interviewed on television and quoted in national media outlets on file-sharing and copyright issues. Along with appearing on Bloomberg Television and Reuters Television, he has been quoted in the Washington Post, San Francisco Chronicle, Above the Law, The Guardian of London and The Daily Deal, and other news outlets. He teaches social media law as a lecturer in law at the University of Pennsylvania Law School and an adjunct professor at Benjamin N. Cardozo School of Law.

Prior to joining Mintz, Michael was chair of the intellectual property group at a New York-based international law firm, where he was a partner for a decade. Earlier, he was a partner at a Washington, DC-based national law firm; a counsel and associate at another New York-based global law firm; and an associate at a New York-based intellectual property law firm.

Recognized as one of BTI’s “Client Service All-Stars,” Christina focuses her practice on general corporate and securities matters, including representing issuers and investment banks in capital markets and leveraged finance transactions, mergers and acquisitions and counseling public companies regarding disclosure, corporate governance, and other securities law and compliance issues. Christina has particular experience advising on corporate and securities transactions involving real estate investment trusts (REITs). She regularly counsels companies on SEC compliance matters and advises management teams and boards on corporate governance and other securities law and compliance issues. Christina has experience in a variety of industries, including real estate, automotive, retail and consumer products, and electric power and utilities, among others. She has particular experience advising issuers and underwriters on corporate and securities transactions involving REITs.

Honors & Awards

Christina was named a BTI Client Service All-Star Attorney in 2018 and has been named an “Illinois Rising Star” by Super Lawyers since 2016. Additionally, IFLR1000 2019 recognized Christina as a "Notable Practitioner" for Capital Markets: Equity and M&A.


Christina serves as a member of the Planning Committee for the Ray Garrett Jr. Corporate and Securities Law Institute at Northwestern University. She serves on the firm’s Hiring Committee and Associate Evaluation Committee. 

Christina is a member of the National Association of Women Lawyers and the National Association of Real Estate Investment Trusts (NAREIT).


Christina received a B.A. in 2005 in History and Political Science from George Washington University and a J.D. in 2008 from William & Mary School of Law, where she was Articles Editor of the William and Mary Law Review and served as a member of the William & Mary National Moot Court Team.

Publications & Speaking Engagements

Christina is a regular speaker and writer on various capital markets and securities topics, including most recently speaking about SEC Disclosure Developments at the 38th Annual Ray Garrett Jr. Corporate and Securities Law Institute at Northwestern University. She is also the co-author of the Bloomberg BNA Corporate Practice Series portfolio “The Board of Directors.”

Rhonda Barnat

As one of the country’s leading crisis management advisers, and head of the firm’s crisis management practice, Rhonda Barnat has been involved in helping corporations and non-profits through some of their most defining moments and some of the most visible issues of our time.

Rhonda is an expert in helping companies and non-profits move through an issue and return to normal with their reputations intact.  She is often called upon to assemble the specialized teams that are required when a major crisis befalls an institution.

She is a frequent speaker on crisis communications and crisis management throughout the United States and Europe. In addition, Rhonda also works with clients in complex mergers and acquisition situations, including proxy contests. Other clients look to her for specialized media and presentation training as part of an overall strategic program. Many national and international insurance companies have selected her and the firm for crisis communications and management in complex situations on behalf of their policyholders.

Samantha Himelman is Managing Director and Senior Counsel at BNP Paribas, a French international banking group. She leads the Digital and IP Legal Team for the Americas, covering the corporate and institutional banking business as well as retail banking affiliates throughout North and South America. Samantha advises on a broad swath of issues, including cybersecurity, data protection, privacy, emerging technology and intellectual property matters. She supports major business initiatives for BNP Paribas, including innovation, digitalization, and fintech projects, and advises on the creation of scalable, global privacy and data protection compliance programs. 

Prior to joining BNP Paribas in 2015, Samantha was an associate in Simpson Thacher & Bartlett’s IP and Technology group.   She is a graduate of Tulane University and the Fordham University School of Law, and holds a Certificate in Digital Law from the Sorbonne Assas Law School in Paris, France.


Taylor Milligan Crotty is a Vice President within BlackRock's Global Information Security organization.  She is responsible for Business Engagement, Cyber Resilience, and Third Party Security.

As part of these responsibilities, Ms. Crotty works directly with BlackRock’s Legal & Compliance team to negotiate Agreements containing Information Security-specific terms with BlackRock’s service providers globally. 

Ms. Crotty first developed a Third Party Security practice at a boutique information security consulting firm, Security Risk Advisors.  She administered the program for one of the nation's largest private healthcare companies in addition to the nation's primary provider of private-label credit cards.  As part of this role, Taylor regularly conducted on-site security assessments of her clients' third parties to ensure sensitive data, including PCI in-scope data and HIPAA-protected information, was treated with the requisite care in accordance with industry best practices. 

Today, Ms. Crotty leads BlackRock’s Cyber Resilience function and is responsible for assuring the resiliency of BlackRock and key partners critical to BlackRock’s business operations before, during, and after a cyber event.  As part of these responsibilities, she coordinates periodic Partner Resilience Exercises, or Wargames, with BlackRock’s most critical provider partners, critical internal business functions, and the industry as a whole.

Richard Raysman is a partner in the New York office of Holland & Knight.  Richard has been selected by Chambers as one of America's leading technology lawyers, and he is a regular guest columnist for The Wall Street Journal Technology Section.  He has represented clients in billions of dollars of outsourcing transactions, and he has litigated reported cases for the New York state and federal courts including Internet and licensing disputes.  Richard writes a monthly column for the New York Law Journal on "Technology Law".  He is a graduate of M.I.T. and prior to practicing law, he was a Systems Engineer for IBM Corporation for six years.