New feature: Customize your PLUS research experience with My Preferences. Learn more.
Skip to main content

Cybersecurity 2020: Managing Cybersecurity Incidents


Speaker(s): Adam Fletcher, Brittany M. Bacon, Clark Russell, Daniel Chiang, David Wong, Elissa Doroff, Emily Stapf, Eric M. Friedberg, Jay Leek, Lisa J. Sotto, Maneesha Mithal, Matthew W. Van Hise, Michele S. Lucan, Richard T. Jacobs, Robert Lord, Ryan Vinelli, Siobhan Gorman, Tok√ę Vandervoort
Recorded on: Sep. 24, 2020
PLI Program #: 273943

Adam Fletcher is the Chief Information Security Officer for Blackstone, one of the world’s leading investment managers. As a cybersecurity professional with 20 years of experience, Adam has worked with global cybersecurity organizations large and small including McAfee, Nokia, VeriSign, ISS and Accuvant. Adam built a strong technical foundation through roles in security technology implementation and security architecture design, which has been complemented by management experience gained from roles leading consulting engagements and global teams of information security professionals. Prior to joining Blackstone, Adam led the International Security team for Equifax, coordinating a global security program across 14 countries, each with different business, regulatory, and privacy requirements.


Bob Lord is the Chief Security Officer at the Democratic National Committee, bringing more than twenty years of experience in the information security space to the Committee, state parties, and campaigns. Previously he was Yahoo’s CISO, covering areas such as risk management, product security, security software development, e-crimes, and APT programs. Before that he acted as the CISO in Residence at Rapid 7, and before that headed up Twitter’s information security program as its first security hire. You can see some of his hobbies at https://www.ilord.com.


Brittany Bacon is a partner in Hunton Andrews Kurth’s top-ranked Global Privacy and Cybersecurity practice. She has national recognition for her work in the areas of privacy and data security. In 2018 and 2019, Brittany was ranked in Chambers USA and was named a New York Law Journal “Rising Star,” a Law360 “Rising Star” in privacy and cybersecurity, and one of Global Data Review’s 40 Under 40 data lawyers. Legal 500 also lists Brittany as a “Next Generation Lawyer” for cyber law. 

Brittany served as a lead attorney on the two largest reported breaches in history (affecting over three billion user accounts) and has managed hundreds more. Her cybersecurity practice includes advising clients on data breach notification responsibilities; counseling them on responding to multi-jurisdictional regulatory investigations; and providing strategic advice in the breach context for managing inquiries from Boards of Directors, consumers, media and potential acquiring companies in a deal setting. Brittany also helps companies design and build privacy and data security governance programs and conduct proactive breach preparedness activities, including developing workable incident response plans and legal breach notification procedures, running executive-level tabletops with data breach hypotheticals, and engaging third-party experts (such as forensic investigation firms, credit monitoring services, PR firms and call centers) in advance of an incident.

In relation to her privacy compliance practice, Brittany has extensive experience in advising clients on state, federal and international privacy laws, including the EU General Data Protection Regulation and the California Consumer Privacy Act. She routinely conducts privacy impact assessments and advises companies on managing risk in connection with extensive and innovative data collection and use. She also regularly negotiates privacy and data security provisions of complex commercial and technology-related contracts and helps companies design robust vendor management programs.

Brittany is a frequent speaker and author on privacy and cybersecurity topics. She received her JD from the Washington University in St. Louis School of Law, and her BA from the University of Notre Dame, cum laude. She is admitted to practice in the state of New York.


Clark Russell is the Deputy Bureau Chief of the Bureau of Internet and Technology at the New York State Attorney General’s Office.  The Bureau is committed to protecting consumers from online threats and has brought a number of ground-breaking cases involving internet and technology issues.  Clark’s investigations included Secure Our Smartphones, where the office convinced smartphone manufacturers to install a “kill switch” in their smartphones; Operation Clean Turf, the largest investigation into companies flooding the Internet with fake positive reviews; and Operation Child Tracker, the largest state AG investigation of violations of the Children’s Online Privacy Protection Act (“COPPA”) by major child brand websites, and a well-known ad network.  Clark oversees the office’s data breach notification program, and secured numerous record-setting results in data breach cases.  He is also the principal draftsperson of the Stop Hacks and Improve Electronic Data Security Act ("SHIELD Act") which overhauled New York State’s data security and notification, establishing new and unprecedented safeguards of personal data.


Dave Wong is a Vice President at FireEye Mandiant. Mr. Wong manages the FireEye Mandiant cybersecurity consulting practice in North America. In this capacity, he leads a team of cybersecurity experts to help organizations respond to cybersecurity attacks and make them more resilient to future cybersecurity attacks.

Mr. Wong has extensive experience in cybersecurity and investigating cybercrime. Over the past 10 years, he has investigated some of the largest cybersecurity incidents, including ransomware attacks and intellectual property theft from nation states. Dave brings true front-line experience of real world cyberattacks. Through the investigations, Mandiant learns how attackers circumvent security controls. He uses this experience to help guide companies to secure their networks, data, and intellectual property.

Prior to joining FireEye, Mr. Wong was the Chief Operating Officer of the Intrepidus Group, a boutique cybersecurity firm that focused on mobile application and device security. Dave also has experience working in the financial industry at hedge funds and investment firms.

Mr. Wong is a Certified Information Systems Security Professional (CISSP) and holds a degree in Engineering from the Cooper Union for the Advancement of Science and Art.


Elissa Doroff is a Managing Director and Cyber Technical Leader for NFP’s Management and Professional Lines.  Based in New York, she is responsible for the development of thought leadership, claims advocacy and consultation services as well as counseling clients on their risks and insurance needs in the areas of technology, privacy and cyber. 

Elissa has over fifteen years of cyber, technology and media liability insurance expertise having worked as the Underwriting and Product Manager at AXA XL where she worked to direct and manage AXA XL’s risk management services designed to minimize the frequency and severity of data breaches.  Prior to AXA XL, Elissa was a broker in Marsh and McLennan’s Network Security and Privacy Practice and previously, claims counsel at AIG focusing on Data Security and Privacy, Media and Technology Liability. She has considerable experience presenting on these topics on panels and seminars for clients and industry associations and has published several industry related articles. 

Elissa holds a Bachelor of Arts from the State University of New York at Albany and a Juris Doctor from Suffolk University Law School and is admitted to practice law in Massachusetts and Connecticut.


Emily Stapf is a Principal in PwC’s Cybersecurity & Privacy practice focused on incident and threat management and cybersecurity strategy.  She is on PwC’s US cybersecurity leadership team where she leads integration of cybersecurity into PwC ‘s global business portfolio, leads the US Incident and Threat Management team, and leads the Denver market for PwC’s Cybersecurity & Privacy services. 

With 20+ years of consulting experience, Ms. Stapf has helped hundreds of commercial clients prepare for, respond to, and mitigate the impact of unplanned events.  For 16 years she has lead investigations, incident response and strategy projects related to data breaches, cybercrime events, privacy matters, information security strategy, and insider threat using computer forensics, data analytics and cybersecurity techniques.  She helps clients navigate statutory, regulatory and contractual notification, regulatory inquiry and litigation, and regularly briefs senior leaders about cybersecurity risk, resilience and trust.

Ms. Stapf has advised hundreds of corporate, private and law firm clients across healthcare, retail, financial services, insurance, aerospace, technology, manufacturing, data analytics and energy industries on a global scale, and is well connected across PwC's global network.

Ms. Stapf is a frequent speaker on the topics of cybercrime, data breach investigations and information risk management at ABA, IAPP, PLI, CSO and other forums.

Ms. Stapf is a Certified Information Security Manager and a Certified Fraud Examiner, and is an IAPP and ISACA member, and held a Federal Top Secret Clearance.


Eric M. Friedberg is co-founder and Co-President of Stroz Friedberg, LLC, a cyber consultancy and technical services firm acquired by Aon plc in 2016. Mr. Friedberg has 30 years of public and private sector experience in law, cyber-crime response, cyber-governance, IT security, forensics, investigations and e-discovery. His expertise is sought by boards, audit committees, C-suites, law firms and the courts. Mr. Friedberg has led responses to some of the most serious cyber-attacks on the nation’s companies, including attacks by state-sponsored agents, organized crime, hacktivists and malicious insiders. He is an expert in incident response governance, technologies and policies. He has also conducted enterprise-wide cyber security risk assessments in many business sectors. He has been quoted extensively on cyber-crime and IT security issues in print, digital and television media.

In 2019, Mr. Friedberg was appointed by Governor Andrew Cuomo to the New York State Cyber Advisory Board.

Mr. Friedberg is also a leader in the fields of e-discovery, forensics and privacy, having managed many high-profile assignments in those areas, testified as an expert, been appointed by courts as a Special Master and led the development of new investigative methodologies. He has lectured and published book chapters and articles on e-discovery and forensics. He was previously a member of the Sedona Conference’s Working Group 6, the International Association of Privacy Professionals, and the advisory board of The Future of Privacy Forum.

For the 16 years before Stroz Friedberg was acquired by Aon, Mr. Friedberg co-led that firm from a start-up to a 550+ person firm with nine U.S. and four foreign offices. While always a principal business developer and leader of major client assignments, Mr. Friedberg oversaw geographic and service line growth, M&A, infusions of private equity capital, board interactions, and many of the firm’s divisions. Mr. Friedberg was an officer and director of the firm, and a member of the compensation committee.

Before building Stroz Friedberg, Mr. Friedberg was for 11 years a federal prosecutor at the U.S. Attorney’s Office in Brooklyn, New York.

Mr. Friedberg began his career as an intellectual property and securities litigator at Skadden, Arps.


Michele S. Lucan is an Assistant Attorney General at the Connecticut Attorney General's Office in its Privacy and Data Security Department. In this role, Michele handles all matters involving consumer privacy and information security. Most notably, Michele is currently leading and/or co-leading multistate investigations of several massive data breaches involving sensitive personal information.

Michele joined the Attorney General's Office in 2008 and first served in its Consumer Protection Division, where she investigated and pursued enforcement actions against a variety of unfair and deceptive business practices under the Connecticut Unfair Trade Practices Act. In 2013, Michele was appointed to a multidisciplinary Privacy Task Force that was created to focus the Office's response to privacy concerns and data breaches, and educate the public and Connecticut businesses about data protection responsibilities under state and federal law. In early 2015, a dedicated Privacy and Data Security Department was formed and Michele was assigned full-time to the Department from its inception. Michele has spent the past several years working exclusively on privacy-related matters.

Michele is a Certified Information Privacy Professional (CIPP)/ U.S.  She received her B.A. from Loyola University in Maryland and her J.D. from the Quinnipiac University School of Law. Michele speaks regularly on privacy-related topics to government, bar and industry groups.


Ryan Vinelli is a Vice President, Privacy and Technology counsel at Western Union. Western Union is a global leader in cross-border, cross-currency money movement. His work focuses on data protection, information security and ensuring a global-approach to securing data. Ryan leads a global team of attorneys addressing all manner of data protection and cyber security issues.

Prior to joining Western Union, Ryan was Global Cybersecurity Counsel for Verizon Media supporting brands including Yahoo, Aol, Tumblr, Huffington Post, Techcrunch and Engagdet. Ryan was also a Vice President handling global legal and privacy matters for Starwood Hotels & Resorts Worldwide, Inc. and after its acquisition at Marriott Hotels International. Ryan began his career in data protection as privacy counsel for General Electric.

Ryan is a graduate of the Benjamin N. Cardozo School of Law and holds undergraduate and graduate degrees in computer science from Tufts University. Ryan is licensed to practice law in multiple states and is a registered Patent attorney.


Siobhan Gorman is a Partner in the Washington, D.C. office of the Brunswick Group, where she concentrates on crisis, cybersecurity, public affairs, and media relations. Siobhan has worked on corporate crisis across a range of industries, including financial services, healthcare, defense, entertainment, technology, and automotive.

Siobhan has also led a range of cybersecurity, public affairs, litigation, and corporate reputation projects in the financial, retail, airline, and technology sectors. Tapping her longtime journalism experience, she regularly advises clients on media relations issues and conducts media training for executives.

Siobhan is a member of the Senior Advisory Group for Harvard University’s Defending Digital Democracy Project, which is focused on preventing and mitigating cyberattacks on the election process. She is also member of the Advisory Committee for Brown University's Executive Master in Cybersecurity.

Prior to joining Brunswick, Siobhan had a successful 17-year career as a reporter, most recently at The Wall Street Journal. At The Journal, she covered a range of national security and law enforcement topics, including counterterrorism, intelligence, and cybersecurity. Prior to joining The Journal in 2007, Siobhan was a Washington correspondent for The Baltimore Sun covering intelligence and security. From 1998 to 2005, she was a staff correspondent for National Journal covering similar issues. She began her career as a researcher for a columnist at The Washington Post.

Siobhan won the 2006 Sigma Delta Chi Award for Washington Correspondence for her coverage of the National Security Agency and in 2000 received a special citation in national magazine writing from the Education Writers Association. She has been nominated three times for the Pulitzer Prize and is a graduate of Dartmouth College.

Siobhan was featured in Cybersecurity Venture's Women Know Cyber: 100 Fascinating Females Fighting Cybercrime, released in 2019.


Toke Vandervoort is SVP, Deputy General Counsel at Under Armour. Previously, she served as technology, privacy and litigation counsel and CPO to major US telecom and tech companies. Presently at Under Armour, she leads a 43+ person team of experts in commercial and technology transactions, privacy and consumer protection, patents and trademarks, employment and litigation supporting its global sports apparel and footwear business and Connected Fitness digital enterprise—the world’s largest online fitness/wellness community. She is also a member of the DHS Security Data Privacy & Integrity Advisory Committee; advisory board for Georgetown Cyber Security Law Institute; an HHS-initiated steering committee advising on the creation of non-HIPAA health data rules; and a co-founder of the ACC Data Privacy & Security Forum.


Assistant special agent in-charge (ASAC) Richard T. Jacobs leads the Cyber Branch in the FBI’s New York office.  The branch investigates national security and criminal cyber matters and responds to cyber incidents in the New York metropolitan area.  In 2014, Mr. Jacobs helped establish the Financial Cyber Crimes Task Force, a multi-agency initiative targeting cyber crime and technology-based fraud schemes.

Following graduation from the FBI Academy in 1999, Mr. Jacobs was assigned to New York where he investigated a variety of securities fraud matters.  From 2002 to 2005 he played the role of a corrupt stock broker in a market manipulation undercover operation which resulted in the convictions of 49 individuals.  In June 2010, he was selected to lead a Manhattan-based securities fraud unit which handled the Bernard L. Madoff and the Galleon Group insider trading investigations.  He was named assistant special agent in-charge in October 2014.

Prior to joining the FBI, Mr. Jacobs was a risk manager on Wall Street.  He holds a Master’s Degree in information technology from Carnegie Mellon University, where he graduated with highest distinction, and an MBA with a concentration in finance. He is also a Certified Information Systems Security Professional.


Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto chairs Hunton Andrews Kurth’s top-ranked Global Privacy and Cybersecurity practice and is the managing partner of the firm’s New York office. She also serves on the firm’s Executive Committee. Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity. She was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and has received top rankings for privacy and data security by Chambers and Partners and The Legal 500. Lisa serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. 

Nicknamed both the “Priestess of Privacy” and “Queen of Breach,” Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices. She advises clients on GLB, HIPAA, COPPA, CAN-SPAM, FCRA, VPPA, security breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America). More recently, Lisa and her team have assisted more than 100 clients in developing strategies for complying with the California Consumer Privacy Act of 2018.

Lisa also provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness. Since 2005, she has advised clients on more than 1,600 cybersecurity and data breach incidents in the U.S. and abroad, including many of the seminal events. Lisa is the editor and lead author of the legal treatise entitled Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 

Lisa is chair of the New York Privacy Officers’ Forum and a former member of the Board of Directors of IAPP. She received her J.D. from the University of Pennsylvania Law School, where she was an editor of the Law Review. She received her B.A. from Cornell University, with Distinction in All Subjects. Lisa is admitted to practice in New York.


Matthew W. Van Hise is an Assistant Attorney General and Chief of the Privacy Unit at the Illinois Attorney General’s Office.  AAG Van Hise has been with the Attorney General’s Office working in the Consumer Fraud Bureau since 2011.  He enforces the Illinois Consumer Fraud and Deceptive Business Practices Act and spends the majority of his time focusing on privacy, data security, and data breach related investigations and litigation.  AAG Van Hise functions as both the lead and co-lead attorney for many national multistate investigations into several of the largest data breach incidents to date.

As Chief of the Privacy Unit, he serves as the point person within the Illinois Attorney General’s Office on matters such as privacy, data security, technology, and the secure handling of consumers’ personal information.  AAG Van Hise also oversees the Illinois Attorney General’s Identity Theft Unit, which was created in 2006 and has assisted over forty-five thousand consumers with complaints covering a wide variety of identity theft issues and privacy areas. 

Matthew leads the National Association of Attorneys General Privacy Working Group, on both privacy and identity theft.  He also co-leads the NAAG medical privacy discussions. 

Prior to this, he worked at the Michigan Attorney General’s Office, on both privacy and identity theft.  Matthew received a B.A. from Bradley University and a J.D. from the Thomas M. Cooley Law School in Lansing, Michigan.  Matthew has served as panelist and as guest speaker at numerous data security and privacy conferences throughout the country.  He is an active member in the International Association of Privacy Professionals, holding the CIPP/US certification, as well as a member in many local, state, and national Bar Associations.


Daniel Chiang is the VP of Security at Stitch Fix, an online personal styling service in the US and the UK. Before Stitch Fix, he was the Director of Security Risk at Yahoo where he was responsible for post-breach remediation initiatives. Prior experiences also include cybersecurity consulting roles at Deloitte, Booz Allen Hamilton and Ernst & Young. Daniel is a graduate of Johns Hopkins University and Carnegie Mellon University’s Chief Information Security Officer (CISO) Executive program. 


Jay Leek, CISM, CISA, CISSP, is a Managing Partner and Co-founder of ClearSky Security, and leading venture fund focused on investing in early- and growth-stage security companies.  He also consults with Blackstone on various areas of cyber security strategy and investing, and he is currently co-leading Blackstone’s portfolio company CISO community. Prior to joining ClearSky, Leek was the Chief Information Security Officer for Blackstone, where he also worked with their information security investments and portfolio companies.  Over the past 20 years, Leek built and headed up global information risk and security programs for Equifax and Nokia and also worked as a Product Manager as well as a Consultant to telecom companies, government agencies and financial institutions assisting them with strategic planning and architectural design required to meet their information risk and security objectives. Leek currently serves as a member of the board of directors for AppOmni, BigID, BlueLava, Capsule8, CloudKnox, CyberGRX, IntSights, SecZetta and Respond, and the NY Metro ISSA Chapter. He was also formerly a member of the board of directors for Carbon Black, Cylance, Demisto, Optiv, Phantom, ProtectWise, RedOwl and Verodin, and a former member of the advisory boards for Accuvant, iSIGHT Partners and Risk IO.


Maneesha Mithal is the Associate Director of the Federal Trade Commission’s Division of Privacy and Identity Protection, which focuses on consumer privacy, data security, and credit reporting issues.  In this capacity, she has managed significant initiatives, including reports on Big Data, the data broker industry, the Internet of Things, consumer privacy, facial recognition, and mobile privacy disclosures.  She has testified before Congress on data security, connected cars, facial recognition, and identity theft.  She has also supervised dozens of Commission enforcement actions, including against companies such as Wyndham, Google, Youtube, Equifax, Facebook, Twitter, HTC, Snapchat, Uber, and Lenovo.  She has held numerous positions at the Commission, including Chief of Staff of the Bureau of Consumer Protection, and Assistant Director of the International Division of Consumer Protection.  Prior to joining the Commission 1999, Ms. Mithal was an attorney at the Washington law firm of Covington & Burling.  Ms. Mithal earned her law degree from the Georgetown University Law Center and her undergraduate degree from Georgetown University.