Skip to main content

Cybersecurity 2020: Managing Cybersecurity Incidents


Speaker(s): Adam Fletcher, Brittany M. Bacon, Clark Russell, Daniel Chiang, David Wong, Elissa Doroff, Emily Stapf, Eric M. Friedberg, Jay Leek, Lisa J. Sotto, Maneesha Mithal, Matthew W. Van Hise, Michele S. Lucan, Richard T. Jacobs, Robert Lord, Ryan Vinelli, Siobhan Gorman, Tok√ę Vandervoort
Recorded on: Sep. 24, 2020
PLI Program #: 273943

Adam Fletcher is the Chief Information Security Officer for Blackstone, one of the world’s leading investment managers. As a cybersecurity professional with 20 years of experience, Adam has worked with global cybersecurity organizations large and small including McAfee, Nokia, VeriSign, ISS and Accuvant. Adam built a strong technical foundation through roles in security technology implementation and security architecture design, which has been complemented by management experience gained from roles leading consulting engagements and global teams of information security professionals. Prior to joining Blackstone, Adam led the International Security team for Equifax, coordinating a global security program across 14 countries, each with different business, regulatory, and privacy requirements.


Bob Lord most recently served as the first Chief Security Officer at the Democratic National Committee. In that role he worked to secure the Committee, as well as helping state parties and campaigns. Previous roles include CISO at Yahoo, CISO in Residence at Rapid 7, and before that he headed up Twitter’s information security program as its first security hire. You can see some of his hobbies at https://www.ilord.com


Brittany Bacon is a partner in Hunton Andrews Kurth’s top-ranked Global Privacy and Cybersecurity practice. She has national recognition for her work in the areas of privacy and data security. In 2018 and 2019, Brittany was ranked in Chambers USA and was named a New York Law Journal “Rising Star,” a Law360 “Rising Star” in privacy and cybersecurity, and one of Global Data Review’s 40 Under 40 data lawyers. Legal 500 also lists Brittany as a “Next Generation Lawyer” for cyber law. 

Brittany served as a lead attorney on the two largest reported breaches in history (affecting over three billion user accounts) and has managed hundreds more. Her cybersecurity practice includes advising clients on data breach notification responsibilities; counseling them on responding to multi-jurisdictional regulatory investigations; and providing strategic advice in the breach context for managing inquiries from Boards of Directors, consumers, media and potential acquiring companies in a deal setting. Brittany also helps companies design and build privacy and data security governance programs and conduct proactive breach preparedness activities, including developing workable incident response plans and legal breach notification procedures, running executive-level tabletops with data breach hypotheticals, and engaging third-party experts (such as forensic investigation firms, credit monitoring services, PR firms and call centers) in advance of an incident.

In relation to her privacy compliance practice, Brittany has extensive experience in advising clients on state, federal and international privacy laws, including the EU General Data Protection Regulation and the California Consumer Privacy Act. She routinely conducts privacy impact assessments and advises companies on managing risk in connection with extensive and innovative data collection and use. She also regularly negotiates privacy and data security provisions of complex commercial and technology-related contracts and helps companies design robust vendor management programs.

Brittany is a frequent speaker and author on privacy and cybersecurity topics. She received her JD from the Washington University in St. Louis School of Law, and her BA from the University of Notre Dame, cum laude. She is admitted to practice in the state of New York.


C.M. Tokë Vandervoort is Chief Legal Officer at the non-profit Environmental Defense Fund, with leadership responsibility for the operational legal support areas, including privacy for operations around the world.  Tokë has enjoyed a distinguished career in the law as a strategic partner advising corporate business operations in the technology, privacy/cyber and data, consumer products, retail, manufacturing and telecom sectors.  She has served as the SVP, Deputy General Counsel at Under Armour where she lead a global interdisciplinary team providing Commercial, Digital, Privacy, Litigation, Consumer Protection, Intellectual Property and Employment expertise to advance the mission of UA’s performance sports footwear, apparel and equipment business, as well as its suite of digital health/fitness/wellness mobile apps (MyFitnessPalMapMyFitness, etc  with nearly 300M accounts worldwide). She lead the nascent UA Privacy program to receive international recognition for program innovation and the companies response to a major global data breach in the same year. Prior to that, Ms. Vandervoort served as VP, Asst. General Counsel for technology, privacy/security and the Chief Privacy Officer to a major US telecom/internet solutions company, where she also developed its inaugural privacy program.  She has extensive experience in Technology innovation; Privacy program development, compliance and breach response; Litigation, regulatory enforcement and investigations; Consumer protection, marketing/advertising and social media; Intellectual Property portfolio management; Government relations engagement; and Board, Audit Committee and senior executive briefings in these areas. Ms. Vandervoort is also an active member of the Georgetown Cyber Security Law Institute Advisory Board, and Women in Cyber. She has also served as an advisor to the Center for Democracy & Technology; an HHS-initiated steering committee advising on the creation of non-HIPAA health data rules; and as a Co-founder of the Association of Corporate Counsel Data Privacy & Security Forum.


Clark Russell is the Deputy Bureau Chief of the Bureau of Internet and Technology at the New York State Attorney General’s Office. The Bureau is committed to protecting consumers and families from new and developing online threats. As a pioneer in this field, the office has brought cutting edge cases and entered important settlements related to a wide range of online issues, including child safety, privacy, deceptive or illegal trade practices, consumer fraud, spyware, spam, discrimination, and free speech. Clark’s investigations included Secure Our Smartphones, where the office convinced smartphone manufacturers to install a “kill switch” in their smartphones; Operation Clean Turf, the largest investigation into companies flooding the Internet with fake positive reviews; and Operation Child Tracker, the largest state AG investigation of violations of the Children’s Online Privacy Protection Act (“COPPA”) by major child brand websites, and a well-known ad network. Clark oversees the office’s data breach notification program and secured numerous record-setting settlements in data breach cases. He is also the principal draftsperson of the Stop Hacks and Improve Electronic Data Security Act, the office’s overhaul of New York State’s data security law to require new and unprecedented safeguards of personal data.


Dave Wong is a Vice President at FireEye Mandiant. Mr. Wong manages the FireEye Mandiant cybersecurity consulting practice in North America. In this capacity, he leads a team of cybersecurity experts to help organizations respond to cybersecurity attacks and make them more resilient to future cybersecurity attacks.

Mr. Wong has extensive experience in cybersecurity and investigating cybercrime. Over the past 10 years, he has investigated some of the largest cybersecurity incidents, including ransomware attacks and intellectual property theft from nation states. Dave brings true front-line experience of real world cyberattacks. Through the investigations, Mandiant learns how attackers circumvent security controls. He uses this experience to help guide companies to secure their networks, data, and intellectual property.

Prior to joining FireEye, Mr. Wong was the Chief Operating Officer of the Intrepidus Group, a boutique cybersecurity firm that focused on mobile application and device security. Dave also has experience working in the financial industry at hedge funds and investment firms.

Mr. Wong is a Certified Information Systems Security Professional (CISSP) and holds a degree in Engineering from the Cooper Union for the Advancement of Science and Art.


Elissa Doroff is a Managing Director and Cyber Technical Leader for NFP’s Management and Professional Lines.  Based in New York, she is responsible for the development of thought leadership, claims advocacy and consultation services as well as counseling clients on their risks and insurance needs in the areas of technology, privacy and cyber. 

Elissa has over fifteen years of cyber, technology and media liability insurance expertise having worked as the Underwriting and Product Manager at AXA XL where she worked to direct and manage AXA XL’s risk management services designed to minimize the frequency and severity of data breaches.  Prior to AXA XL, Elissa was a broker in Marsh and McLennan’s Network Security and Privacy Practice and previously, claims counsel at AIG focusing on Data Security and Privacy, Media and Technology Liability. She has considerable experience presenting on these topics on panels and seminars for clients and industry associations and has published several industry related articles. 

Elissa holds a Bachelor of Arts from the State University of New York at Albany and a Juris Doctor from Suffolk University Law School and is admitted to practice law in Massachusetts and Connecticut.


Emily Stapf is a Principal in PwC’s Cybersecurity & Privacy practice focused on incident and threat management and cybersecurity strategy.  She is on PwC’s US cybersecurity leadership team where she leads integration of cybersecurity into PwC ‘s global business portfolio, leads the US Incident and Threat Management team, and leads the Denver market for PwC’s Cybersecurity & Privacy services. 

With 20+ years of consulting experience, Ms. Stapf has helped hundreds of commercial clients prepare for, respond to, and mitigate the impact of unplanned events.  For 16 years she has lead investigations, incident response and strategy projects related to data breaches, cybercrime events, privacy matters, information security strategy, and insider threat using computer forensics, data analytics and cybersecurity techniques.  She helps clients navigate statutory, regulatory and contractual notification, regulatory inquiry and litigation, and regularly briefs senior leaders about cybersecurity risk, resilience and trust.

Ms. Stapf has advised hundreds of corporate, private and law firm clients across healthcare, retail, financial services, insurance, aerospace, technology, manufacturing, data analytics and energy industries on a global scale, and is well connected across PwC's global network.

Ms. Stapf is a frequent speaker on the topics of cybercrime, data breach investigations and information risk management at ABA, IAPP, PLI, CSO and other forums.

Ms. Stapf is a Certified Information Security Manager and a Certified Fraud Examiner, and is an IAPP and ISACA member, and held a Federal Top Secret Clearance.


Eric M. Friedberg is co-founder and Co-President of Stroz Friedberg, LLC, a cyber consultancy and technical services firm acquired by Aon plc in 2016. Mr. Friedberg has 30 years of public and private sector experience in law, cyber-crime response, cyber-governance, IT security, forensics, investigations and e-discovery. His expertise is sought by boards, audit committees, C-suites, law firms and the courts. Mr. Friedberg has led responses to some of the most serious cyber-attacks on the nation’s companies, including attacks by state-sponsored agents, organized crime, hacktivists and malicious insiders. He is an expert in incident response governance, technologies and policies. He has also conducted enterprise-wide cyber security risk assessments in many business sectors. He has been quoted extensively on cyber-crime and IT security issues in print, digital and television media.

In 2019, Mr. Friedberg was appointed by Governor Andrew Cuomo to the New York State Cyber Advisory Board.

Mr. Friedberg is also a leader in the fields of e-discovery, forensics and privacy, having managed many high-profile assignments in those areas, testified as an expert, been appointed by courts as a Special Master and led the development of new investigative methodologies. He has lectured and published book chapters and articles on e-discovery and forensics. He was previously a member of the Sedona Conference’s Working Group 6, the International Association of Privacy Professionals, and the advisory board of The Future of Privacy Forum.

For the 16 years before Stroz Friedberg was acquired by Aon, Mr. Friedberg co-led that firm from a start-up to a 550+ person firm with nine U.S. and four foreign offices. While always a principal business developer and leader of major client assignments, Mr. Friedberg oversaw geographic and service line growth, M&A, infusions of private equity capital, board interactions, and many of the firm’s divisions. Mr. Friedberg was an officer and director of the firm, and a member of the compensation committee.

Before building Stroz Friedberg, Mr. Friedberg was for 11 years a federal prosecutor at the U.S. Attorney’s Office in Brooklyn, New York.

Mr. Friedberg began his career as an intellectual property and securities litigator at Skadden, Arps.


Michele Lucan is a Deputy Associate Attorney General at the Connecticut Attorney General's Office and Chief of its Privacy Section. In this role, Michele oversees all matters involving consumer privacy and information security. Most notably, the Section is currently leading and/or co-leading multistate investigations of several massive data breaches involving sensitive personal information.

Michele joined the Attorney General's Office in 2008 and first served in its Consumer Protection Division, where she investigated and pursued enforcement actions against a variety of unfair and deceptive business practices under the Connecticut Unfair Trade Practices Act. In 2013, Michele was appointed to a multidisciplinary Privacy Task Force that was created to focus the Office's response to privacy concerns and data breaches, and educate the public and Connecticut businesses about data protection responsibilities under state and federal law. In early 2015, a dedicated Privacy Section was formed and Michele was assigned full-time to the Section from its inception. Michele has spent the past several years working exclusively on privacy-related matters.

Michele is a Certified Information Privacy Professional (CIPP)/ U.S.  She received her B.A. from Loyola University in Maryland and her J.D. from the Quinnipiac University School of Law. Michele speaks regularly on privacy-related topics to government, bar and industry groups.


Ryan Vinelli is the Chief Privacy Officer at Finance of America Companies. His work focuses on data protection, information security and ensuring a global-approach to data.

Prior to joining Finance of America Companies, Ryan was Head of Global Privacy Legal & Compliance at Western Union.  Ryan was Global Cybersecurity Counsel for Verizon Media supporting brands including Yahoo, Aol, Tumblr, Huffington Post, Techcrunch and Engagdet. Ryan was also a Vice President handling global legal and privacy matters for Starwood Hotels & Resorts Worldwide, Inc. and after its acquisition at Marriott Hotels International. Ryan began his career in data protection as privacy counsel for General Electric.

Ryan is a graduate of the Benjamin N. Cardozo School of Law and holds undergraduate and graduate degrees in computer science from Tufts University. Ryan is licensed to practice law in multiple states and is a registered Patent attorney.


Siobhan Gorman is a Partner in the Washington, D.C. office of the Brunswick Group, where she concentrates on crisis, cybersecurity, public affairs, and media relations. Siobhan has worked on corporate crisis across a range of industries, including financial services, healthcare, defense, entertainment, technology, and automotive.

Siobhan has also led a range of cybersecurity, public affairs, litigation, and corporate reputation projects in the financial, retail, airline, and technology sectors. Tapping her longtime journalism experience, she regularly advises clients on media relations issues and conducts media training for executives.

Siobhan is a member of the Senior Advisory Group for Harvard University’s Defending Digital Democracy Project, which is focused on preventing and mitigating cyberattacks on the election process. She is also member of the Advisory Committee for Brown University's Executive Master in Cybersecurity.

Prior to joining Brunswick, Siobhan had a successful 17-year career as a reporter, most recently at The Wall Street Journal. At The Journal, she covered a range of national security and law enforcement topics, including counterterrorism, intelligence, and cybersecurity. Prior to joining The Journal in 2007, Siobhan was a Washington correspondent for The Baltimore Sun covering intelligence and security. From 1998 to 2005, she was a staff correspondent for National Journal covering similar issues. She began her career as a researcher for a columnist at The Washington Post.

Siobhan won the 2006 Sigma Delta Chi Award for Washington Correspondence for her coverage of the National Security Agency and in 2000 received a special citation in national magazine writing from the Education Writers Association. She has been nominated three times for the Pulitzer Prize and is a graduate of Dartmouth College.

Siobhan was featured in Cybersecurity Venture's Women Know Cyber: 100 Fascinating Females Fighting Cybercrime, released in 2019.


Assistant Special Agent in-Charge (ASAC) Richard T. Jacobs leads the Cyber Branch in the FBI’s New York office.  The branch investigates national security and criminal cyber matters and responds to cyber incidents in the New York metropolitan area.  In 2014, Mr. Jacobs helped establish the Financial Cyber Crimes Task Force, a multiagency initiative targeting cyber crime and technology-based fraud schemes.

Following graduation from the FBI Academy in 1999, Mr. Jacobs was assigned to New York where he investigated a variety of securities fraud matters.  From 2002 to 2005 he played the role of a corrupt stock broker in a market manipulation undercover operation which resulted in the convictions of 49 individuals.  In June 2010, he was selected to lead a Manhattan-based securities fraud unit which handled the Bernard L. Madoff and the Galleon Group insider trading investigations.  He was named Assistant Special Agent in-Charge in October 2014. 

Prior to joining the FBI, Mr. Jacobs was a risk manager on Wall Street.  He holds a Master’s Degree in information technology from Carnegie Mellon University, where he graduated with highest distinction, and an MBA with a concentration in finance. He is also a Certified Information Systems Security Professional.


Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto chairs Hunton Andrews Kurth’s top-ranked Global Privacy and Cybersecurity practice and is the managing partner of the firm’s New York office. She also serves on the firm’s Executive Committee. Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity. She was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and has received top rankings for privacy and data security by Chambers and Partners and The Legal 500. Chambers and Partners honored Lisa with the 2021 Outstanding Contribution to the Legal Profession award, noting that a peer called her “a legend.” Lisa serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. 

Nicknamed both the “Priestess of Privacy” and “Queen of Breach,” Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices. She provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness. Since 2005, she has advised clients on more than 2,000 cybersecurity and data breach incidents in the U.S. and abroad, including many of the world’s seminal events. She has handled numerous cyber incidents and data breaches involving industrial control systems, proprietary business information, and virtually every type of personal information. Lisa regularly meets with senior management to discuss cybersecurity legal developments, and has led numerous full board and audit committee discussions on these topics.

Lisa also advises clients on CCPA/CPRA, VCDPA, GLB, HIPAA, COPPA, CAN-SPAM, FCRA, VPPA, security breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America). Lisa is the editor and lead author of the legal treatise entitled Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 

Lisa is chair of the New York Privacy Officers’ Forum and a former member of the Board of Directors of IAPP. She received her J.D. from the University of Pennsylvania Law School, where she was an editor of the Law Review. She received her B.A. from Cornell University, with Distinction in All Subjects. Lisa is admitted to practice in New York.


Matthew W. Van Hise is an Assistant Attorney General and Chief of the Privacy Unit at the Illinois Attorney General’s Office.  AAG Van Hise has been with the Attorney General’s Office working in the Consumer Fraud Bureau since 2011.  He enforces the Illinois Consumer Fraud and Deceptive Business Practices Act and spends the majority of his time focusing on privacy, data security, and data breach related investigations and litigation.  AAG Van Hise functions as both the lead and co-lead attorney for many national multistate investigations into several of the largest data breach incidents to date.

As Chief of the Privacy Unit, he serves as the point person within the Illinois Attorney General’s Office on matters such as privacy, data security, technology, and the secure handling of consumers’ personal information.  AAG Van Hise also oversees the Illinois Attorney General’s Identity Theft Unit, which was created in 2006 and has assisted over forty-five thousand consumers with complaints covering a wide variety of identity theft issues and privacy areas. 

Matthew leads the National Association of Attorneys General Privacy Working Group, on both privacy and identity theft.  He also co-leads the NAAG medical privacy discussions. 

Prior to this, he worked at the Michigan Attorney General’s Office, on both privacy and identity theft.  Matthew received a B.A. from Bradley University and a J.D. from the Thomas M. Cooley Law School in Lansing, Michigan.  Matthew has served as panelist and as guest speaker at numerous data security and privacy conferences throughout the country.  He is an active member in the International Association of Privacy Professionals, holding the CIPP/US certification, as well as a member in many local, state, and national Bar Associations.


Jay Leek, CISM, CISA, CISSP, is a Managing Partner and Co-founder of ClearSky Security, and leading venture fund focused on investing in early- and growth-stage security companies.  He also consults with Blackstone on various areas of cyber security strategy and investing, and he is currently co-leading Blackstone’s portfolio company CISO community. Prior to joining ClearSky, Leek was the Chief Information Security Officer for Blackstone, where he also worked with their information security investments and portfolio companies.  Over the past 20 years, Leek built and headed up global information risk and security programs for Equifax and Nokia and also worked as a Product Manager as well as a Consultant to telecom companies, government agencies and financial institutions assisting them with strategic planning and architectural design required to meet their information risk and security objectives. Leek currently serves as a member of the board of directors for AppOmni, BigID, BlueLava, Capsule8, CloudKnox, CyberGRX, IntSights, SecZetta and Respond, and the NY Metro ISSA Chapter. He was also formerly a member of the board of directors for Carbon Black, Cylance, Demisto, Optiv, Phantom, ProtectWise, RedOwl and Verodin, and a former member of the advisory boards for Accuvant, iSIGHT Partners and Risk IO.


Maneesha Mithal is the Associate Director of the Federal Trade Commission’s Division of Privacy and Identity Protection, which focuses on consumer privacy, data security, and credit reporting issues.  In this capacity, she has managed significant initiatives, including reports on Big Data, the data broker industry, the Internet of Things, consumer privacy, facial recognition, and mobile privacy disclosures.  She has testified before Congress on data security, connected cars, facial recognition, and identity theft.  She has also supervised dozens of Commission enforcement actions, including against companies such as Wyndham, Google, Youtube, Equifax, Facebook, Twitter, HTC, Snapchat, Uber, and Lenovo.  She has held numerous positions at the Commission, including Chief of Staff of the Bureau of Consumer Protection, and Assistant Director of the International Division of Consumer Protection.  Prior to joining the Commission 1999, Ms. Mithal was an attorney at the Washington law firm of Covington & Burling.  Ms. Mithal earned her law degree from the Georgetown University Law Center and her undergraduate degree from Georgetown University.