Skip to main content

Cybersecurity 2021: Managing Cybersecurity Incidents

Speaker(s): Aaron P. Simpson, Amit Kachhia-Patel, Christine Flammer, Daimon E. Geopfert, David Wong, Ed Trissel, Eric M. Friedberg, J. Andrew Heaton, Jesse Whaley, John Neumon, Jordan S. Adler, Justin Grudzien, Katherine A. Lemire, Lauren Heyndrickx, Lisa J. Sotto, Patrick Nowlin, Robert Lord
Recorded on: Sep. 30, 2021
PLI Program #: 303199

Lauren Heyndrickx is the Chief Information Security Officer at Ralph Lauren. She joined Ralph Lauren in January 2021 and is responsible for the company’s Cyber Security and Privacy Program. She leads a global team of security professionals, with a strategic focus on protecting the enterprise information assets, technology, and business processes.

Lauren is a seasoned executive with 20+ years of security experience in multiple technology disciplines. Before joining Ralph Lauren, she was Chief Information Security Officer at JCPenney where she successfully defined and implemented a risk-based information security program.

Prior to joining JCPenney, Lauren served in various leadership roles across Verizon Enterprise Solutions, delivering advanced Security Services to both commercial and government organizations. Her earlier positions include a variety of IT director roles leading the software and system engineering, and compliance efforts for large scale distributed Security Services platforms.

She joined Verizon in 2007 when Verizon acquired Cybertrust, a leading security solutions provider. After the acquisition, she led the integration and rationalization of the Security Solutions platforms within Verizon, putting Verizon on the map as a leader in the Magic Quadrant for Security Solution providers.

Lauren has the proven ability to build strong global teams and successful security programs, leveraging her unique blend of extensive technical know-how and executive leadership. She is a respected security leader, driving security culture across the company, advising executive leadership on cybersecurity risks and proactive cyber incident readiness.

She has been recognized on the 2020 Global CISO 100 list of Hot Topics, the 100 top Women in Technology by Technology Magazine and most recently on the Corinium 2021 list of the world's top 100 leaders in Information Security.

Lauren is member of Evanta's CISO Governing Body in Dallas TX. She holds a master's degree in computer science from the Catholic University of Leuven in Belgium (home of the AES Rijndael algorithm), an MBA from the Vlerick Business School and is CISSP certified.

Aaron Simpson is a partner with Hunton Andrews Kurth. He advises clients on a broad range of complex privacy, data protection and cybersecurity matters, including international and U.S. federal and state privacy and data security requirements. Aaron’s work ranges from advising clients on large-scale cybersecurity incidents to the development of cross-border data transfer solutions, compliance with existing and emerging data protection requirements in Europe, and negotiating data-driven commercial agreements. He frequently assists clients with due diligence and negotiation of privacy and data security issues in corporate transactions. Aaron also prepares proactive, data breach-readiness solutions for clients, including through the creation of incident response plans and conducting board-level tabletop exercises. 

Additionally, Aaron has substantial experience advising clients on global privacy compliance programs, and his work includes developing strategies for compliance with the California Consumer Privacy Act of 2018 and California Privacy Rights Act of 2020. He also has advised numerous clients on the EU General Data Protection Regulation.

Aaron is well known as a top privacy professional and has been recognized by Chambers and Partners, Computerworld and The Legal 500 for his work on behalf of clients. Aaron is the only lawyer listed in both The Legal 500 United States and The Legal 500 United Kingdom guides, providing clients with a broad and unique transatlantic perspective on privacy, data protection and cybersecurity matters.

In addition, Aaron is a sought-after media resource on privacy issues and has been quoted in such publications as Bloomberg BNA, Businessweek Magazine, Computer Weekly, Corporate Secretary, DataGuidance, Law360, SC Magazine, The Times and TIME Magazine. He regularly speaks before industry groups, legal organizations, government agencies and educational institutions at conferences, seminars, roundtables and webinars. He has written and co-written numerous articles, book chapters and handbooks on privacy and information security issues.

Aaron received his JD from the University of Virginia School of Law and his BA from the University of Texas, High Honors. He is admitted to practice in New York, and is a Registered Foreign Lawyer of England and Wales.

Bob Lord most recently served as the first Chief Security Officer at the Democratic National Committee. In that role he worked to secure the Committee, as well as helping state parties and campaigns. Previous roles include CISO at Yahoo, CISO in Residence at Rapid 7, and before that he headed up Twitter’s information security program as its first security hire. You can see some of his hobbies at

Christine Flammer is a Team Leader for AXA XL in the Cyber, Technology & Media Liability claims group. Christine works with AXA XL insureds in responding to cyber incidents including resulting regulatory investigations and lawsuits. Christine also has extensive experience assisting insureds in defending complex technology and media E&O matters. Christine joined AXA XL in 2013, after working for over five years in the Cyber/Technology/ Media Liability claims groups at AIG and Liberty International Underwriters. Prior to working in the insurance industry, Christine practiced law at a boutique firm in Manhattan. She graduated with honors from SUNY Cortland with a B.A. in Political Science, and obtained her J.D. from Hofstra University School of Law.

Daimon Geopfert specializes in penetration testing, vulnerability and risk management, security monitoring, incident response, digital forensics and investigations, and compliance frameworks within heavily regulated industries. Daimon has over 20 years of experience in a wide array of information security disciplines.

Daimon is a regular presenter and trainer for organizations such as Information Systems Audit and Control Association (ISACA), InfraGard, the Certified Fraud Examiners, and the Institute of Internal Auditors (IIA). He has been quoted in a variety of publications, including The Wall Street Journal, Fortune Magazine, and The Washington Post. He has been called upon for US Congressional testimony multiple times in regards to cyber threats to the US economy and infrastructure.

Daimon has led to solution development and delivery in the following core areas:

  • Incident Readiness, Response, Remediation, and Recovery
  • Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) design and implementation
  • Threat Modeling
  • Security testing across the enterprise: network, host, application, and cloud
  • Security Maturity, Strategy, and Threat Vulnerability Management
  • Forensic investigations and e-Discovery

Previously, Daimon spent 10 years as the national leader of the cyber practice of another large CPA firm, and built and led the security testing, security architecture, and incident response practices of another Big 4 firm. His focus industries are private equity, financial services, insurance, and automotive.

Daimon previously served as a special agent with the Air Force Office of Special Investigations focusing on computer crimes, as a cyber researcher within the CIA’s Directorate of Science and Technology, and later deployed and ran Security Operations Centers for various Department of Defense (DoD) entities. He has developed and instructed courses on incident response, malware reverse engineering, and executive and board cyber risk management.

Daimon holds a Bachelor of Science in Computer Science from the United States Air Force Academy, and his Master of Science in Computer Science from the University of Michigan. He also carries the following professional certifications:

  • Certified Information Systems Security Professional (CISSP)—(ISC)2
  • Certified Information Security Manager (CISM)—ISACA
  • Certified Information Systems Auditor (CISA)—ISACA
  • GIAC Certified Incident Handler (GCIH)—The SANS Institute
  • GIAC Certified Reverse Engineer of Malware (GREM)—The SANS Institute
  • Certified Ethical Hacker (CEH)—EC-Council

Dave Wong is a Vice President at FireEye Mandiant. Mr. Wong manages the FireEye Mandiant cybersecurity consulting practice in North America. In this capacity, he leads a team of cybersecurity experts to help organizations respond to cybersecurity attacks and make them more resilient to future cybersecurity attacks.

Mr. Wong has extensive experience in cybersecurity and investigating cybercrime. Over the past 10 years, he has investigated some of the largest cybersecurity incidents, including ransomware attacks and intellectual property theft from nation states. Dave brings true front-line experience of real world cyberattacks. Through the investigations, Mandiant learns how attackers circumvent security controls. He uses this experience to help guide companies to secure their networks, data, and intellectual property.

Prior to joining FireEye, Mr. Wong was the Chief Operating Officer of the Intrepidus Group, a boutique cybersecurity firm that focused on mobile application and device security. Dave also has experience working in the financial industry at hedge funds and investment firms.

Mr. Wong is a Certified Information Systems Security Professional (CISSP) and holds a degree in Engineering from the Cooper Union for the Advancement of Science and Art.

Ed Trissel provides strategic communications counsel to U.S. and international companies and private equity firms regarding long-term corporate positioning and investor relations programs, crises and issues, restructurings, special situations and transactions. His cross-border experience includes matters throughout Asia, Europe, the Middle East and the Americas. His areas of expertise include:

Crisis Communications & Special Situations

He has considerable crisis and issues management experience, which includes counseling public and private companies, municipalities and non-profits on a wide variety of matters including cybersecurity incidents / data breaches, earnings misses and restatements, ethics violations, government investigations, litigation, layoffs and management changes.

Restructuring & Bankruptcy

He has advised companies in connection with both court-supervised and out-of-court restructurings. Assignments include American Tire Distributors, Accredited Home Lenders, BI-LO, Bruno’s, Luckin Coffee, Libbey, RentPath, Rural/Metro, Taco Bueno, Titan Petrochemicals, and United Subcontractors.

Shareholder Activism, Short Attacks & Corporate Governance

His experience includes counseling clients on engagement with and defense against activist hedge funds, dissident shareholders and short attacks including Burlington Stores (Spruce Point Capital), Berkshire Hills Bancorp (HoldCo Asset Management), Endurance International (Gotham Research), Gannett (MNG Enterprises), MBIA (Pershing Square), Newell Brands (Carl Icahn and Starboard), Samsonite (Blue Orca) and Sina (Aristeia Capital).

Transaction Communications

He advises companies on communications in both friendly and unsolicited M&A, IPOs, SPACs and PIPE transactions. Assignments include assisting Reinvent Technology Partners with SPAC business combinations with Joby Aviation and Hippo; Frontier Airlines with its IPO; Affirm with its IPO and acquisitions of PayBright and Returnly; Kansas City Southern with its proposed acquisition by CN; S&P Global with its proposed acquisition of IHS Markit; Opendoor with its proposed acquisition by the SPAC, Social Capital Hedosophia; Consolidated Communications with its proposed PIPE investment from Searchlight Capital; Lone Star Funds’ portfolio company, Foundation Building Materials, with its proposed acquisition by American Securities; Mastercard with its proposed acquisition of Finicity; RentPath with its proposed acquisition by CoStar Group; WESCO International with its acquisition of Anixter International; KEMET with its acquisition by Yageo; Dada Nexus and Q&K International with their U.S. IPOs; Gannett with its acquisition by New Media and its successful defense of an unsolicited takeover attempt by MNG Enterprises; Fiserv with its acquisition of First Data; Apollo Management’s Momentive with its announced sale to an investor group comprised of KCC Corporation, Wonik QnC and SLJ Partners; Tianqi Lithium with its minority investment in SQM; Knauf with its announced acquisition of USG Corporation; Shire in its sale to Takeda.

Ed served as a managing director and then a partner at Joele Frank from 2007 to 2011 and rejoined the firm in 2016. From 2011 to 2016, he served as the chief communications officer of Warburg Pincus. In this role, he led the private equity firm’s global communications strategy and team as well as the firm’s service offering to its portfolio companies in the Americas, Europe, Middle East and Asia. He was also a member of the firm’s environmental, social and governance committee. Earlier in his career, Ed was a founding principal at Vistance Group, a corporate and financial communications advisory, and held senior roles at the international public relations firms including Hill & Knowlton and Ketchum. He is a member of the Arthur W. Page Society. Ed has lectured on communications topics at a wide variety of academic and industry functions. He received a bachelor of journalism degree from The University of Texas at Austin.

Eric M. Friedberg is co-founder and Co-President of Stroz Friedberg, LLC, a cyber consultancy and technical services firm acquired by Aon plc in 2016. Mr. Friedberg has 30 years of public and private sector experience in law, cyber-crime response, cyber-governance, IT security, forensics, investigations and e-discovery. His expertise is sought by boards, audit committees, C-suites, law firms and the courts. Mr. Friedberg has led responses to some of the most serious cyber-attacks on the nation’s companies, including attacks by state-sponsored agents, organized crime, hacktivists and malicious insiders. He is an expert in incident response governance, technologies and policies. He has also conducted enterprise-wide cyber security risk assessments in many business sectors. He has been quoted extensively on cyber-crime and IT security issues in print, digital and television media.

In 2019, Mr. Friedberg was appointed by Governor Andrew Cuomo to the New York State Cyber Advisory Board.

Mr. Friedberg is also a leader in the fields of e-discovery, forensics and privacy, having managed many high-profile assignments in those areas, testified as an expert, been appointed by courts as a Special Master and led the development of new investigative methodologies. He has lectured and published book chapters and articles on e-discovery and forensics. He was previously a member of the Sedona Conference’s Working Group 6, the International Association of Privacy Professionals, and the advisory board of The Future of Privacy Forum.

For the 16 years before Stroz Friedberg was acquired by Aon, Mr. Friedberg co-led that firm from a start-up to a 550+ person firm with nine U.S. and four foreign offices. While always a principal business developer and leader of major client assignments, Mr. Friedberg oversaw geographic and service line growth, M&A, infusions of private equity capital, board interactions, and many of the firm’s divisions. Mr. Friedberg was an officer and director of the firm, and a member of the compensation committee.

Before building Stroz Friedberg, Mr. Friedberg was for 11 years a federal prosecutor at the U.S. Attorney’s Office in Brooklyn, New York.

Mr. Friedberg began his career as an intellectual property and securities litigator at Skadden, Arps.

J. Andrew Heaton serves as overall global privacy lead for the Danaher organization, working with the privacy leads for Danaher's four business segments and the "pivots" at Danaher's operating companies.  He also advises on legal matters pertaining to information security.

Before joining Danahar, Mr. Heaton was a principal in Ernst & Young LLP and served as Global Lead Counsel – Data Privacy and Security for the global EY organization.  In this role, he led EY’s global data protection team, served as global privacy officer for the organization, and advised EY on legal aspects of data protection and information technology worldwide. 

Prior to assuming his global responsibilities in 2014, he served in a similar capacity with EY’s practice in the United States and was also lead counsel for EY’s financial services practice.

Mr. Heaton graduated summa cum laude from Bradley University in Illinois.  He received his law degree with honors from the University of Chicago Law School.  He joined EY in 1994 and was named a principal in 2000.

Mr. Heaton is a Certified Information Privacy Manager, a Certified Information Privacy Professional/US, and a member of the bars of New York, the District of Columbia and Maryland.

Jesse Whaley is an accomplished thought and action leader across multiple disciplines encompassing technology, security, intelligence, and criminal investigations. He has consistently delivered award-winning cybersecurity performance and groundbreaking improvements for the U.S. Department of Defense, international governmental alliances and private companies.

As Amtrak’s current Chief Information Security Officer, Jesse leads the management of cyber risk and information security matters. He manages everything from traditional enterprise technology risks to unique challenges with operational technology that securely moves trains and safely delivers passengers to their destinations. Jesse authored and is delivering a comprehensive cybersecurity strategy to strengthen the company’s security posture while supporting the digital transformation of the business.

Previously, Jesse transformed cybersecurity operations at the Pentagon. He designed and built major programs to protect the nation’s military headquarters from cyber threats including cyber intelligence fusion, cyber hunt, and user activity monitoring in support of the DoD Insider Threat Program.  Jesse held many other leadership positions throughout DoD including leading defensive cyberspace operations at a regional cyber center. He delivered unique critical technology capabilities as a Director within the military intelligence community and served as an IT Director (CIO equivalent) overseas. Jesse also provides expert advisory services through Alpha Sights and Emissary.

Jesse is especially known for leading revolutionary global initiatives. His accomplishments include successfully leading teams through resolution of over 10,000 cybersecurity incidents and over 500 criminal investigations. Jesse and his teams have received numerous awards. In 2017, Jesse was named the Pentagon IT Senior Civilian Employee of the Year. Jesse is active throughout the technology and security communities as a member of (ISC)2, ISACA, Evanta’s Washington DC CIO/CISO Governing Body, the Association of American Railroads (AAR) Rail Information Security Committee (RISC), and HMG Strategy’s Washington DC CISO Advisory Board.

Jesse also served 10 years in the U.S. Army as a CID Special Agent and a Digital Forensic Examiner. Jesse has lived and worked across the globe, developing trusted partnerships with his counterparts in Asia, Europe, and the Middle East.

Jordan Adler is Senior Enforcement Counsel in the Bureau of Internet and Technology at the New York State Attorney General’s Office.  The Bureau is committed to protecting consumers from new and developing online threats.  As a leader in the field, the office handles a wide range of cutting edge issues relating to data security, privacy, child safety, spyware, deceptive trade practices and consumer fraud.  Jordan has played a leading role in some of the office’s most technical investigations and initiatives, including the office’s investigation into millions of fake comments submitted in the FCC’s 2017 net neutrality rulemaking proceeding; Operation Child Tracker, the largest state AG investigation into violations of the Children’s Privacy Protection Act (“COPPA”); and investigations into illegal ticket bots used to purchase tens of thousands of tickets to popular live events.  Before practicing law, Jordan worked as a software developer.

Patrick Nowlin grew up in Waco, Texas, where he graduated from Baylor University with a B.A. in Political Science. During his time at Baylor and before law school, Patrick served as a Legislative Aide in the Texas House of Representatives. He received his J.D. from the University of Arkansas School of Law and has stayed in the northwest Arkansas region since 2011. After law school, Patrick joined Walmart where he has helped the company navigate compliance and legal issues ranging from product safety to cybersecurity.

In his current role on the Digital Citizenship Legal team, Patrick advises internal associates on:

  • developing Walmart’s public policy strategy for monitoring, communicating, and collaborating on legislative developments related to privacy & information security;
  • investigating and responding to suspected data incidents;
  • training on cybersecurity best practices and incident mitigation efforts; and compliance controls for federal and state privacy laws impacting the processing of customer and associate personal information.

As Executive Deputy Superintendent at the New York State Department of Financial Services, Ms. Lemire oversees the Consumer Protection and Financial Enforcement Division, ensuring that regulated entities comply with local and federal law.  She leads a team of more than 150 attorneys, investigators, and compliance staff who initiate enforcement actions in the banking, insurance, and fintech industries.  Her team also ensures compliance with virtual currency and cyber security regulations.

Ms. Lemire previously served as an Assistant United States Attorney in the Southern District of New York where she investigated complex federal crimes, including allegations of public corruption, racketeering, fraud, and other white-collar crimes. Ms. Lemire also served as a prosecutor in the Manhattan District Attorney’s Office, where she investigated and prosecuted a broad array of criminal cases from grand jury proceedings through trial. In addition, as Counsel and principal advisor to New York Police Commissioner Raymond W. Kelly, Ms. Lemire managed a broad portfolio of operational, legal, and managerial matters.

Prior to her appointment at DFS, Ms. Lemire was a partner at an international consulting firm providing compliance and investigative services.  Ms. Lemire is the recipient of numerous awards, including the New York Federal Executive Board Award (2008), presented by United States Attorney General, as well as the Above & Beyond Award for Outstanding Women in Business (2017).

Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto chairs Hunton Andrews Kurth’s top-ranked Global Privacy and Cybersecurity practice and is the managing partner of the firm’s New York office. She also serves on the firm’s Executive Committee. Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity. She was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and has received top rankings for privacy and data security by Chambers and Partners and The Legal 500. Chambers and Partners honored Lisa with the 2021 Outstanding Contribution to the Legal Profession award, noting that a peer called her “a legend.” Lisa serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. 

Nicknamed both the “Priestess of Privacy” and “Queen of Breach,” Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices. She provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness. Since 2005, she has advised clients on more than 2,000 cybersecurity and data breach incidents in the U.S. and abroad, including many of the world’s seminal events. She has handled numerous cyber incidents and data breaches involving industrial control systems, proprietary business information, and virtually every type of personal information. Lisa regularly meets with senior management to discuss cybersecurity legal developments, and has led numerous full board and audit committee discussions on these topics.

Lisa also advises clients on CCPA/CPRA, VCDPA, GLB, HIPAA, COPPA, CAN-SPAM, FCRA, VPPA, security breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America). Lisa is the editor and lead author of the legal treatise entitled Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 

Lisa is chair of the New York Privacy Officers’ Forum and a former member of the Board of Directors of IAPP. She received her J.D. from the University of Pennsylvania Law School, where she was an editor of the Law Review. She received her B.A. from Cornell University, with Distinction in All Subjects. Lisa is admitted to practice in New York.

SSA Kachhia-Patel has over 16 years of experience as an FBI Special Agent. During his first seven years, SSA Kachhia-Patel handled foreign counterinlliegence and insider threat matters. SSA Kachhia-Patel, intimately worked Operation Ghost Stories and was responsible for the arrest of the Russian Illegal Anna Chapman. Over the last seven years, SSA Kachhia-Patel has focused his efforts on nation state hacki efforts through field work and program management from FBI Headquarters. Notably, SSA Kachhia-Patel helped to manage large intrusions including the Sony Pictures destructive malware attack and healthcare PII intrusions to name a few. Currently, SSA Kachhia-Patel manages a team investigating nation state sponsored computer network exploitation and attacks.

SSA Kachhia-Patel has over 17 years of experience as an FBI Special Agent having worked counterintelligence, insider threat and cyber matters.  Over the last eight years, SSA Kachhia-Patel has focused his efforts on nation state hacking efforts through field work and program management from FBI Headquarters. Notably, SSA Kachhia-Patel helped to manage large intrusions including the Sony Pictures destructive malware attack and healthcare PII intrusions to name a few. Currently, SSA Kachhia-Patel manages a team investigating nation state sponsored computer network exploitation in the New York FBI’s Cyber Branch.

John Neumon is currently an Assistant Attorney General in the Privacy Section of the Enforcement and Public Protection Division at the Connecticut Attorney General’s Office.  John has been with the State of Connecticut for 27 years serving in many roles as an investigator.  He began with the State as a Social Services Investigator and then Lead Investigator for the Department of Social Services, Bureau of Child Support.  After that he served as a Legal Investigator at the Attorney General’s Office in the Consumer Protection Department and then as Lead Legal Investigator at the State Elections Enforcement Commission, Campaign and Disclosure Audit Unit. During that time, he completed his J.D. with Honors from the University of Connecticut making him a “double Husky” with an M.B.A. earned in the prior century.  His next period of state service was with the Department of Consumer Protection as its Director of Investigations until his appointment in 2018 as an AAG.  He completed his CIPP/US in 2020 since he wasn’t allowed outside anymore, and this paired with his Certified Fraud Examiner credential earned in 2007.       

Justin Grudzien has been in the technology field for over two decades and has spent the last seventeen years primarily focused on information security and information security leadership. As he matured in his career, he came to realize that information security is most successful when treated as a business function. It needs to be planned, built, and run like any other business unit and it must support the business culture and goals. In the past, Justin has previously held roles such as Chief Information Security Officer of Orbitz Worldwide, Chief Security Officer at Raise, and Chief Security and Data Protection Officer at Journera. Justin presently works as the Chief Information Security Officer at DoorDash in Chicago where he oversees IT and global IT security.

High Level Overview
• 20+ years of IT related experience at Internet based companies with a focus on: IT leadership, Infrastructure design, and security architecture and management.
• Proven track record of leading large and diverse technology teams.
• Effective at budget creation and management.
• Fluent in presenting complex IT and IT Security concepts and strategies to personnel at all levels of business.
• Deep technical knowledge and understanding.
• Excellent oral and written skills.
• Exceptional troubleshooting and problem solving skills.

• Delivered Keynote at the 2014 IANS San Francisco Information Security Forum on achieving greater business impact within Information Security teams.
• Delivered Keynote at the 2015 IANS Chicago Information Security Forum on achieving greater business impact within Information Security teams.
• Panel speaker at Crain's Chicago Business Chief Information Officer Breakfast 2015. Topics include: the pathway to the CEO's office and my evolving role within the business

Certifications: CISSP (May 2005 - Current)