Skip to main content

Cybersecurity 2018: Managing Cybersecurity Incidents


Speaker(s): Alan Charles Raul, Aristedes Mahairas, Bryan Hurd, Daniel Chiang, Emily Stapf, Jah-Juin “Jared” Ho, Lisa J. Sotto, Patrick Heim, Robert Ragan, Ryan Vinelli, Vincent Liu, Walter J. Andrews, William E. Min
Recorded on: Nov. 6, 2018
PLI Program #: 254929

ALAN RAUL is the founder and leader of Sidley's highly ranked Privacy and Cybersecurity practice. He represents companies on federal, state and international privacy and cybersecurity issues, including digital governance, global data protection and compliance programs, data breaches, consumer protection issues and Internet law. Alan advises companies regarding their cybersecurity preparedness and helps them manage data security incidents. His practice involves litigation and counseling regarding consumer class actions and investigations, enforcement actions and policy development by the FTC, State Attorneys General, SEC, Department of Justice, financial regulators, EU Data Protection Authorities, and other government agencies.

He regularly represents leading tech, telecom, media, financial services and other companies with respect to their digital governance, compliance and crisis management. Alan has recently represented a special cybersecurity review committee of the Board of Directors of a major tech company in connection with its independent investigation of the company's handling of significant data breaches.

Alan provides clients with perspective gained from extensive government service. He previously served as Vice Chairman of the White House Privacy and Civil Liberties Oversight Board, General Counsel of the Office of Management and Budget, General Counsel of the U.S. Department of Agriculture, and Associate Counsel to the President.

Alan serves as a member of the Technology Litigation Advisory Committee of the U.S. Chamber Litigation Center (affiliated with the U.S. Chamber of Commerce). He also serves as a member of the American Bar Association's Cybersecurity Legal Task Force by appointment of the ABA President, and as a member of the Practicing Law lnstitute's (PLI) Privacy Law Advisors Group.

Alan is a member of the governing Board of Directors of the Future of Privacy Forum. He is a member of the Center for Democracy and Technology's Advisory Committee. Alan also serves on the Executive Committee of the Federalist Society's Administrative Law Practice Group. Alan is a frequent author and speaker on privacy, cybersecurity and related issues. He is overall editor arid a contributing author of The Privacy, Data Protection and Cybersecurity Law Review (Law Business Research Ltd, 5th ed. 2018).

Alan holds degrees from Harvard College (AB magna cum /aude),  Harvard Kennedy School of Government (MPA), and Yale Law School (JD).  He clerked for Judge Malcolm R. Wilkey of the U.S. Court of Appeals for the D.C. Circuit.


Aristedes Mahairas, Special Agent in Charge, heads the New York (NY) Counterintelligence/Cyber Division.  He previously served as Legal Attache, Athens; Joint Terrorism Task Force Supervisor; Section Chief, Strategic Operations Section-Counterterrorism Division; Chief of Staff to the Executive Assistant Director, National Security Branch.  He previously served as a Police Officer in NY City and received a Bachelor’s of Arts degree in Political Science-Baruch College, and a Juris Doctor-NY Law School.


Bill Min is Deputy General Counsel & Chief Privacy and Data Governance Officer for Western Union where he leads the company’s global privacy and information governance organization. 

Prior to Western Union, Bill was Senior Vice President, Legal and Chief Privacy Officer at Live Nation Entertainment, Inc.  He also worked for 16+ years at Starwood Hotels & Resorts Worldwide, Inc. where he led several global functions, including privacy, enterprise risk management, and operational compliance.  Among his accomplishments, Bill is acknowledged as an expert in the area of data privacy, and established the global privacy function at both Live Nation and Starwood.  Earlier in his career, Bill held in-house legal positions at Sara Lee Corporation and at Sunkyong America, Inc., the US subsidiary of one of the largest Korean conglomerates.  Prior to working as in-house counsel, Bill was a mergers and acquisitions attorney at two New York City law firms.  

Bill earned his Bachelor of Arts degree from the University of Pennsylvania, his Master of Arts degree from the State University of New York at Stony Brook, and his Juris Doctor degree from Fordham University School of Law. 


Daniel Chiang is formerly the Director of Security Risk at Oath, previously Yahoo!. After spending over a decade in cybersecurity consulting for Silicon Valley startups, Fortune 500 companies, and the Federal Government, Daniel has a passion for making security relevant in both the boardroom and the war room in terms of identifying, quantifying, and escalating the key cyber risks to the business. Daniel’s consulting career included working for Ernst & Young, Deloitte, as well as Booz Allen Hamilton and has been a speaker at conferences, panels and university seminars. Daniel holds a BA in Economics from The Johns Hopkins University.


Emily Stapf is a Principal in PwC’s Cybersecurity & Privacy practice focused on incident response, threat management and cybersecurity strategy.  She is the human capital leader for PwC’s national Incident and Threat Management team, and leads the Denver market for PwC’s Cybersecurity & Privacy services. 

With 20 years of consulting experience, Ms. Stapf has helped hundreds of commercial clients prepare for, respond to, and mitigate the impact of unplanned events involving sensitive information.  For 15 years she has lead investigations, assessments and strategy projects related to data breaches, cybercrime events, privacy matters, information security strategy, and insider threat using computer forensics, data analytics and cybersecurity techniques.  She helps clients navigate public and B2B notification, regulatory inquiry and litigation, and regularly briefs senior leaders about cybersecurity risk.

Ms. Stapf has advised hundreds of corporate, private and law firm clients across healthcare, retail, financial services, insurance, aerospace, technology, manufacturing, analytics and energy industries on a global scale, and is well connected across PwC's global network.

Ms. Stapf is a frequent speaker on the topics of cybercrime, data breach investigations and information risk management at ABA, IAPP, PLI, CSO and other forums.

Ms. Stapf is a Certified Information Security Manager and a Certified Fraud Examiner, and is an IAPP and ISACA member, and held a Federal Top Secret Clearance.

Expert testimony experience

  • Led forensic investigation of a large PHI data breach, including deposition in support of a health industry client’s litigation with a third party business partner in 2010
  • Wrote a technical opinion about a cybersecurity technology in support of a health industry client’s litigation against a technology provider in 2017


Patrick Heim joined ClearSky as an Operating Partner and Chief Information Security Officer. Mr. Heim is a senior security executive with over two decades working in security spanning Fortune 500 enterprises, cloud providers as well as early stage security technology companies.

Prior to joining the Fund, Mr. Heim was Head of Trust and Security at Dropbox. He also served as Senior Vice President and Chief Trust Officer at Salesforce.com. Patrick has also held Chief Information Security Officer roles at Kaiser Permanente and McKesson Corporation. In the startup world he was Vice President and Chief Technology Officer at eNetSecure (a subsidiary of Applied Signal Technologies / Raytheon). Mr. Heim also has previously held senior positions at nCircle and Ernst & Young.

Patrick holds a B.S. from Indiana University marketing as well as an MBA in international business / finance from the University of South Carolina.

Mr. Heim currently serves as a director for Cylance and Ticto. He also advises a number of startup companies in the security space.


Responsibilities

Bryan is Vice President in Stroz Friedberg’s Seattle office, where he directs engagements involving cybercrime and data breach response, information security, digital forensics intellectual property protection, and electronic discovery. 


Experience

Prior to joining Stroz Friedberg, Bryan served as the first Director of Intelligence for the Digital Crimes Unit within the Microsoft Cyber Crime Center.

Bryan. He was also the security strategy lead for an artificial intelligence start up in Seattle. He has more than 25 years of experience in computer forensics, counterterrorism, and intelligence leadership roles. Bryan is an international keynote speaker, adjunct professor, and board advisor.

He created the first Cyber Counterintelligence program for the US Navy at the Naval Criminal Investigative Service (NCIS) in 1994.

He was in charge of innovation for the entire US watchlisting system as the Chief of Operations, Director of Terrorist Identities at the National Counterterrorism Center (NCTC).

Expertise

Areas of focus:

  • Cybercrime and Data Breach Response
  • Information Security, Governance, and Risk Management Strategy
  • Anti-terrorism, Cyberterrorism, Threats to Infrastructure, and Physical Security
  • Data Analytics, Data Visualization
  • Digital forensics, Electronic Discovery


Education

  • BS Degree - U.S. Naval Academy
  • MBA - University of Maryland
  • Bryan holds numerous certifications in computer security, anti-terrorism, and computer forensics


Recognition

  • Bryan received a Director of National Intelligence award for the Terrorism Case Management System he designed for US watchlisting that drastically improved the national response to the Boston Marathon Bombing
  • Chief intelligence knowledge architect for Defense Intelligence Agency and National Counterterrorism Center
  • Founded Global Computer Forensics Program at EDS
  • Created the first Information Warfare Cell at U.S. European Command (1996)


Rob Ragan is a Partner at Bishop Fox, a security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. He focuses on security solutions, security architecture, and strategy as well as fostering industry relationships. Other areas of expertise include red teaming and continuous assessment. 

Rob has presented at Black Hat, DEF CON, RSA, and Interop. He is also a contributing author to Hacking Exposed Web Applications 3rd Edition. His writing has appeared in Dark Reading and he has been quoted in publications such as Wired.

Rob is based in San Francisco, previously was a senior penetration tester and managed Bishop Fox’s Atlanta team. He has more than a decade of security experience and once worked as a Software Engineer at Hewlett-Packard’s Application Security Center. Rob was also with SPI Dynamics where he was a software engineer on the dynamic analysis engine for WebInspect and the static analysis engine for DevInspect.

Rob holds a Bachelor of Science from Pennsylvania State University with a major in Information Sciences and Technology and a focus on System Development. 


Vincent Liu (CISSP) is a Partner at Bishop Fox, a cyber security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. In this role, he oversees firm management, client matters, and strategy consulting.

Vincent is a recognized expert, having presented at Black Hat and Microsoft BlueHat. He is regularly cited by the press, and has been interviewed by media outlets like Al Jazeera and NPR. Vincent has also co-authored seven books including several industry best-sellers, such as: Hacking Exposed Wireless 1st and 2nd Edition; Hacking Exposed Web Applications 3rd Edition, and most recently Web Application Security: A Beginner’s Guide. He serves as returning faculty at the Practicing Law Institute, and sits on the advisory boards for the University of Advancing Technology and the cyber security accelerator, Mod N Labs.

Prior to founding Bishop Fox, Vincent led the Attack & Penetration team for the Global Security unit at Honeywell International. Before that, he was a consultant with the Ernst & Young Advanced Security Centers and an analyst at the National Security Agency.


Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto chairs Hunton Andrews Kurth’s top-ranked Global Privacy and Cybersecurity practice and is the managing partner of the firm’s New York office.  She also serves on the firm’s Executive Committee.  Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity.  She was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and has received top rankings for privacy and data security by Chambers and Partners and The Legal 500.  Lisa serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. 

Featured as “The Queen of Breach” in an article by New York Super Lawyers Magazine, Lisa provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness.  Since 2005, she has advised clients on more than 1,600 cybersecurity and data breach incidents in the U.S. and abroad, including many of the seminal events.  Lisa is the editor and lead author of the legal treatise entitled Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 

Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices.  She advises clients on GLB, HIPAA, COPPA, CAN-SPAM, FCRA, VPPA, security breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America).  More recently, Lisa’s work includes assisting dozens of clients in developing strategies for complying with the California Consumer Privacy Act of 2018.

Lisa is chair of the New York Privacy Officers’ Forum and a former member of the Board of Directors of IAPP.  She received her J.D. from the University of Pennsylvania Law School, where she was an editor of the Law Review.  She received her B.A. from Cornell University, with Distinction in All Subjects.  Lisa is admitted to practice in New York.


 


Walter’s practice focuses on complex insurance litigation, counseling and reinsurance arbitrations and expert witness testimony. As the head of the firm’s national insurance coverage practice, Walter offers clients more than 25 years of experience on insurance-related issues, including program audits, policy manuscripting, litigation and arbitration. He works with companies in a diverse range of industries, including financial services, consumer products, energy and real estate.

Walter regularly advises clients on potential D&O and cyber insurance coverage for data breach claims, as well as a variety of insurance contracts, including professional liability, first party property, general liability insurance policies, cyberinsurance, and various reinsurance agreements.

Awards & Recognition

  • Honoree, Attorney of the Year, Daily Business Review’s 2018 Professional Excellence Awards
  • Candidate, Man of the Year, The Leukemia & Lymphoma Society (LLS), 2018

Membership

  • Fellow, American College of Coverage and Extracontractual Counsel; Co-Chair, Communications Committee

Events

  • Speaker, Managing Cybersecurity Governance in the Boardroom, June 5, 2018
  • Speaker, “Cyber Thursday: Is Cyber Insurance the Answer: Best Practices for Addressing Cyber Risks and Cyber Insurance,” R-CISC webinar, April 12, 2018
  • Speaker, FEI & WEL Present Cyber Risk – Manage, Transfer or Fingers-Crossed! January 10, 2018

Publications

  • Co-author, Bloomberg Law Practice Suite – Cyber Insurance, Bloomberg BNA, October 12, 2017
  • Real Estate Is Not Above the (Cyber Attack) Risk, Commercial Observer, August 9, 2017
  • Commentary, Ransomware Attacks Highlight Need for Cyberinsurance Coverage, Daily Business Review, August 2, 2017
  • Author, Have You Examined Your Cyber Insurance Policy Lately? (Q&A with Walter Andrews), Daily Business Review, July 6, 2017


Ryan Vinelli is a Vice President, Privacy and Technology counsel at Western Union. Western Union is a global leader in cross-border, cross-currency money movement. His work focuses on data protection, information security and ensuring a global-approach to securing data.

Prior to joining Western Union, Ryan was Global Cybersecurity Counsel for Verizon Media supporting brands including Yahoo, Aol, Tumblr, Huffington Post, Techcrunch and Engagdet. Ryan was also a Vice President handling global legal and privacy matters for Starwood Hotels & Resorts Worldwide, Inc. and after its acquisition at Marriott Hotels International. Ryan began his career in data protection as privacy counsel for General Electric.

Ryan is a graduate of the Benjamin N. Cardozo School of Law and holds undergraduate and graduate degrees in computer science from Tufts University. Ryan is licensed to practice law in multiple states and is a registered Patent attorney.


Jah-Juin “Jared” Ho is an attorney with the Division of Privacy and Identity Protection (DPIP) at the Federal Trade Commission.  This Division of the FTC has responsibility for enforcing federal statutes and regulations that pertain to information security and consumer privacy.  Jared investigates and prosecutes violations of U.S. federal laws governing the privacy and security of consumer information and has worked on FTC enforcement actions under Section 5 of the Federal Trade Commission Act.  Prior to joining DPIP, Jared was an attorney in the FTC’s Office of Technology Research and Investigations.  Jared has also served as a Senior Policy Advisor in the Federal Communications Commission’s Enforcement Bureau where he advised on cases and rulemaking.

In addition to his federal service, Jared was a Deputy Attorney General for the State of New Jersey where he led his office’s privacy and data security efforts. He has also served as a visiting fellow at Princeton University’s Center for Information Technology Policy.