Skip to main content

Cybersecurity 2018: Managing Cybersecurity Incidents

Speaker(s): Alan Charles Raul, Aristedes Mahairas, Bryan Hurd, Emily Stapf, Jared Ho, Lisa J. Sotto, Patrick Heim, Robert Ragan, Vincent Liu, Walter J. Andrews, William E. Min
Recorded on: Nov. 6, 2018
PLI Program #: 254929

ALAN RAUL is the founder and leader of Sidley’s highly ranked Privacy and Cybersecurity practice. He represents companies on federal, state and international privacy, cybersecurity and digital technology issues. His practice includes global data protection and compliance programs, data breaches, crisis management, consumer protection issues and internet law. Alan advises companies regarding their cybersecurity preparedness and digital governance. Alan’s practice involves litigation, regulatory defense, internal investigations, counseling and policy advocacy. He handles consumer class actions, enforcement matters, and public policy involving the FTC, State Attorneys General, SEC, FCC, Department of Justice, international data protection authorities and other government agencies.

Alan provides clients with perspective gained from extensive government service. He previously served as Vice Chairman of the White House Privacy and Civil Liberties Oversight Board, General Counsel of the Office of Management and Budget, General Counsel of the U.S. Department of Agriculture, and Associate Counsel to the President.

Alan serves as a member of the Technology Litigation Advisory Committee of the U.S. Chamber Litigation Center (affiliated with the U.S. Chamber of Commerce). He also serves on the American Bar Association’s Cybersecurity Legal Task Force by appointment of the ABA President, and as a member of the Practicing Law Institute’s Privacy Law Advisors Group. He is a member of the governing Board of Directors of the Future of Privacy Forum, and of the Center for Democracy and Technology’s Advisory Committee.

Alan has represented a Special Cybersecurity Review Committee of the Board of Directors of a major tech company in connection with its independent investigation of the company’s handling of major data breaches. The following representative types of matters are also illustrative of the breadth of Alan’s practice:

  • Digital Governance counseling
  • Privacy and cybersecurity litigation, data breach incidents, regulatory investigations and compliance counseling
  • International data protection compliance programs and cross-border transfers
  • FTC, State Attorney General and international DPA investigations involving consumer protection, privacy, data security and unfair or deceptive business practices
  • SEC, DOJ, Congressional and Inspector General investigations 
  • Cybersecurity, government information requests and national security issues 
  • Internet litigation and counseling, and government information requests, under Electronic Communications Privacy Act and the Computer Fraud and Abuse Act
  • Administrative Procedure Act litigation, regulatory advocacy and counseling

In addition to leading a “Privacy and Data Security” practice nationally rated by Chambers Global and Chambers USA, Alan is ranked by Chambers in its top tier of Privacy and Data Security practitioners. Chambers USA has described Alan as a “true ‘ambassador’ for the privacy sector” who “attracts praise for his deep knowledge of the field. Interviewees stress that ‘he gives invaluable advice’ and is known to be a strong litigator. He also earns plaudits for his regulatory compliance and data protection policy expertise.” He has been named as a leading international Internet and E-Commerce Lawyer in Who’s Who Legal. Alan was also named to Ethisphere Institute’s “Attorneys Who Matter” in Data Privacy/Security, which recognizes lawyers with the highest commitment to public service, legal community engagement and academic involvement. The Washingtonian has named Alan one of Washington, D.C.’s Best Lawyers: Cybersecurity, and the National Law Journal named him a “Cyber Security Trailblazer.”

Aristedes Mahairas, Special Agent in Charge, heads the New York (NY) Counterintelligence/Cyber Division.  He previously served as Legal Attache, Athens; Joint Terrorism Task Force Supervisor; Section Chief, Strategic Operations Section-Counterterrorism Division; Chief of Staff to the Executive Assistant Director, National Security Branch.  He previously served as a Police Officer in NY City and received a Bachelor’s of Arts degree in Political Science-Baruch College, and a Juris Doctor-NY Law School.

Emily Stapf is a Principal in PwC’s Cybersecurity & Privacy practice focused on incident and threat management and cybersecurity strategy.  She is on PwC’s US cybersecurity leadership team where she leads integration of cybersecurity into PwC ‘s global business portfolio, leads the US Incident and Threat Management team, and leads the Denver market for PwC’s Cybersecurity & Privacy services. 

With 20+ years of consulting experience, Ms. Stapf has helped hundreds of commercial clients prepare for, respond to, and mitigate the impact of unplanned events.  For 16 years she has lead investigations, incident response and strategy projects related to data breaches, cybercrime events, privacy matters, information security strategy, and insider threat using computer forensics, data analytics and cybersecurity techniques.  She helps clients navigate statutory, regulatory and contractual notification, regulatory inquiry and litigation, and regularly briefs senior leaders about cybersecurity risk, resilience and trust.

Ms. Stapf has advised hundreds of corporate, private and law firm clients across healthcare, retail, financial services, insurance, aerospace, technology, manufacturing, data analytics and energy industries on a global scale, and is well connected across PwC's global network.

Ms. Stapf is a frequent speaker on the topics of cybercrime, data breach investigations and information risk management at ABA, IAPP, PLI, CSO and other forums.

Ms. Stapf is a Certified Information Security Manager and a Certified Fraud Examiner, and is an IAPP and ISACA member, and held a Federal Top Secret Clearance.

Patrick Heim joined ClearSky as an Operating Partner and Chief Information Security Officer. Mr. Heim is a senior security executive with over two decades working in security spanning Fortune 500 enterprises, cloud providers as well as early stage security technology companies.

Prior to joining the Fund, Mr. Heim was Head of Trust and Security at Dropbox. He also served as Senior Vice President and Chief Trust Officer at Patrick has also held Chief Information Security Officer roles at Kaiser Permanente and McKesson Corporation. In the startup world he was Vice President and Chief Technology Officer at eNetSecure (a subsidiary of Applied Signal Technologies / Raytheon). Mr. Heim also has previously held senior positions at nCircle and Ernst & Young.

Patrick holds a B.S. from Indiana University marketing as well as an MBA in international business / finance from the University of South Carolina.

Mr. Heim currently serves as a director for Cylance and Ticto. He also advises a number of startup companies in the security space.


Bryan is Vice President in Stroz Friedberg’s Seattle office, where he directs engagements involving cybercrime and data breach response, information security, digital forensics intellectual property protection, and electronic discovery. 


Prior to joining Stroz Friedberg, Bryan served as the first Director of Intelligence for the Digital Crimes Unit within the Microsoft Cyber Crime Center.

Bryan. He was also the security strategy lead for an artificial intelligence start up in Seattle. He has more than 25 years of experience in computer forensics, counterterrorism, and intelligence leadership roles. Bryan is an international keynote speaker, adjunct professor, and board advisor.

He created the first Cyber Counterintelligence program for the US Navy at the Naval Criminal Investigative Service (NCIS) in 1994.

He was in charge of innovation for the entire US watchlisting system as the Chief of Operations, Director of Terrorist Identities at the National Counterterrorism Center (NCTC).


Areas of focus:

  • Cybercrime and Data Breach Response
  • Information Security, Governance, and Risk Management Strategy
  • Anti-terrorism, Cyberterrorism, Threats to Infrastructure, and Physical Security
  • Data Analytics, Data Visualization
  • Digital forensics, Electronic Discovery


  • BS Degree - U.S. Naval Academy
  • MBA - University of Maryland
  • Bryan holds numerous certifications in computer security, anti-terrorism, and computer forensics


  • Bryan received a Director of National Intelligence award for the Terrorism Case Management System he designed for US watchlisting that drastically improved the national response to the Boston Marathon Bombing
  • Chief intelligence knowledge architect for Defense Intelligence Agency and National Counterterrorism Center
  • Founded Global Computer Forensics Program at EDS
  • Created the first Information Warfare Cell at U.S. European Command (1996)

Rob Ragan is a Partner at Bishop Fox, a security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. He focuses on security solutions, security architecture, and strategy as well as fostering industry relationships. Other areas of expertise include red teaming and continuous assessment. 

Rob has presented at Black Hat, DEF CON, RSA, and Interop. He is also a contributing author to Hacking Exposed Web Applications 3rd Edition. His writing has appeared in Dark Reading and he has been quoted in publications such as Wired.

Rob is based in San Francisco, previously was a senior penetration tester and managed Bishop Fox’s Atlanta team. He has more than a decade of security experience and once worked as a Software Engineer at Hewlett-Packard’s Application Security Center. Rob was also with SPI Dynamics where he was a software engineer on the dynamic analysis engine for WebInspect and the static analysis engine for DevInspect.

Rob holds a Bachelor of Science from Pennsylvania State University with a major in Information Sciences and Technology and a focus on System Development. 

Vincent Liu (CISSP) is a Partner at Bishop Fox, a cyber security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. In this role, he oversees firm management, client matters, and strategy consulting.

Vincent is a recognized expert, having presented at Black Hat and Microsoft BlueHat. He is regularly cited by the press, and has been interviewed by media outlets like Al Jazeera and NPR. Vincent has also co-authored seven books including several industry best-sellers, such as: Hacking Exposed Wireless 1st and 2nd Edition; Hacking Exposed Web Applications 3rd Edition, and most recently Web Application Security: A Beginner’s Guide. He serves as returning faculty at the Practicing Law Institute, and sits on the advisory boards for the University of Advancing Technology and the cyber security accelerator, Mod N Labs.

Prior to founding Bishop Fox, Vincent led the Attack & Penetration team for the Global Security unit at Honeywell International. Before that, he was a consultant with the Ernst & Young Advanced Security Centers and an analyst at the National Security Agency.

William (Bill) Min is Executive Vice President and General Counsel for the LexisNexis® Risk Solutions Group (RSG). In this role, he is responsible for all legal, compliance and regulatory matters across the global organization. RSG has more than 8,700 employees serving customers in over 180 countries. RSG is part of RELX (LSE: REL/AMS: REN/NYSE: RELX), a global provider of information and analytics.

RSG is a portfolio of brands that provides its customers with innovative technologies, information-based analytics and decision tools and data services that help solve problems, make better decisions, stay compliant, reduce risk, improve their operations and benefit people around the globe across multiple industries, including aviation, agriculture, chemical and energy, financial services, collections and payments, commercial property, corporations and non-profits, government and law enforcement agencies, healthcare, human resources, insurance and tax. RSG is headquartered in metro Atlanta, Georgia.

Prior to joining LexisNexis® Risk Solutions Group, Bill served as Deputy General Counsel and Chief Privacy & Data Governance Officer at Western Union. He also held in-house legal positions at Live Nation Entertainment, Inc., Starwood Hotels & Resorts, Sara Lee Corporation and Sunkyong America, Inc. Prior to working as in-house counsel, Bill was a mergers and acquisitions attorney at two New York City law firms.

Among his accomplishments, Bill is acknowledged as an expert in the area of data privacy, and he structured and led the global privacy function at Western Union, Live Nation and Starwood.

Bill holds a BA in the Biological Basis of Behavior from the University of Pennsylvania, a MA in Liberal Studies from State University of New York at Stony Brook, and a JD from Fordham University School of Law.

Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto chairs Hunton Andrews Kurth’s top-ranked Global Privacy and Cybersecurity practice and is the managing partner of the firm’s New York office. She also serves on the firm’s Executive Committee. Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity. She was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and has received top rankings for privacy and data security by Chambers and Partners and The Legal 500. Chambers and Partners honored Lisa with the 2021 Outstanding Contribution to the Legal Profession award, noting that a peer called her “a legend.” Lisa serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. 

Nicknamed both the “Priestess of Privacy” and “Queen of Breach,” Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices. She provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness. Since 2005, she has advised clients on more than 2,000 cybersecurity and data breach incidents in the U.S. and abroad, including many of the world’s seminal events. She has handled numerous cyber incidents and data breaches involving industrial control systems, proprietary business information, and virtually every type of personal information. Lisa regularly meets with senior management to discuss cybersecurity legal developments, and has led numerous full board and audit committee discussions on these topics.

Lisa also advises clients on CCPA/CPRA, VCDPA, GLB, HIPAA, COPPA, CAN-SPAM, FCRA, VPPA, security breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America). Lisa is the editor and lead author of the legal treatise entitled Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 

Lisa is chair of the New York Privacy Officers’ Forum and a former member of the Board of Directors of IAPP. She received her J.D. from the University of Pennsylvania Law School, where she was an editor of the Law Review. She received her B.A. from Cornell University, with Distinction in All Subjects. Lisa is admitted to practice in New York.

Walter’s practice focuses on complex insurance litigation, counseling and reinsurance arbitrations and expert witness testimony. As the head of the firm’s national insurance coverage practice, Walter offers clients more than 25 years of experience on insurance-related issues, including program audits, policy manuscripting, litigation and arbitration. He works with companies in a diverse range of industries, including financial services, consumer products, energy and real estate.

Walter regularly advises clients on potential D&O and cyber insurance coverage for data breach claims, as well as a variety of insurance contracts, including professional liability, first party property, general liability insurance policies, cyberinsurance, and various reinsurance agreements.

Awards & Recognition

  • Honoree, Attorney of the Year, Daily Business Review’s 2018 Professional Excellence Awards
  • Candidate, Man of the Year, The Leukemia & Lymphoma Society (LLS), 2018


  • Fellow, American College of Coverage and Extracontractual Counsel; Co-Chair, Communications Committee


  • Speaker, Managing Cybersecurity Governance in the Boardroom, June 5, 2018
  • Speaker, “Cyber Thursday: Is Cyber Insurance the Answer: Best Practices for Addressing Cyber Risks and Cyber Insurance,” R-CISC webinar, April 12, 2018
  • Speaker, FEI & WEL Present Cyber Risk – Manage, Transfer or Fingers-Crossed! January 10, 2018


  • Co-author, Bloomberg Law Practice Suite – Cyber Insurance, Bloomberg BNA, October 12, 2017
  • Real Estate Is Not Above the (Cyber Attack) Risk, Commercial Observer, August 9, 2017
  • Commentary, Ransomware Attacks Highlight Need for Cyberinsurance Coverage, Daily Business Review, August 2, 2017
  • Author, Have You Examined Your Cyber Insurance Policy Lately? (Q&A with Walter Andrews), Daily Business Review, July 6, 2017

Jah-Juin “Jared” Ho is an attorney with the Division of Privacy and Identity Protection (DPIP) at the Federal Trade Commission.  This Division of the FTC has responsibility for enforcing federal statutes and regulations that pertain to information security and consumer privacy.  Jared investigates and prosecutes violations of U.S. federal laws governing the privacy and security of consumer information and has worked on FTC enforcement actions under Section 5 of the Federal Trade Commission Act.  Prior to joining DPIP, Jared was an attorney in the FTC’s Office of Technology Research and Investigations.  Jared has also served as a Senior Policy Advisor in the Federal Communications Commission’s Enforcement Bureau where he advised on cases and rulemaking.

In addition to his federal service, Jared was a Deputy Attorney General for the State of New Jersey where he led his office’s privacy and data security efforts. He has also served as a visiting fellow at Princeton University’s Center for Information Technology Policy.