Skip to main content

Cybersecurity Best Practices for Lawyers 2021


Speaker(s): Ami Rodrigues, Andrew Belsick, Douglas Bloom, E.J. Yerzak, Jordan Kelly, Mark Melodia, Mark H. Francis, Michael R. Graif, Rhonda Barnat, Tom Baxley
Recorded on: Feb. 1, 2021
PLI Program #: 305752

Doug is an Executive Director and Co-Head of Cybersecurity & Privacy for Morgan Stanley's Legal & Compliance Division. In that role, he is responsible for the Firm's legal response to cybersecurity matters—including incident response, regulatory affairs and new legislation affecting the Firm. Doug is also responsible for privacy matters affecting the Firm’s personnel and client base.  Doug has over 20 years’ experience investigating all aspect of financial and computer crimes—having served as a federal prosecutor, criminal defense lawyer and software developer.

Prior to joining Morgan Stanley, Doug was a Director in PwC’s Cybercrime and Breach Response practice, the leader of the Firm’s Cybersecurity Risk & Regulatory Practice, and a member of the Firm’s Financial Crimes Unit.  At PwC, Doug assisted clients across the globe, responding to regulatory changes, conducting cybercrime, fraud and economic espionage investigations, corporate internal investigations and handling breaches of PwC’s clients’ computer networks.  In addition, as a leader of the Firm’s cybersecurity Board governance program, Doug regularly advised clients and their Boards on proper governance of cybersecurity programs and assisted clients in the development of their cybersecurity Board reporting programs.

Prior to joining the PwC, Doug was a federal prosecutor in the United States Attorney’s Office for the Southern District of New York, where he investigated and prosecuted national security cyber offenses, including economic espionage, hacking of national defense and government systems, and the theft of trade secrets.  In addition to his cyber work, Doug investigated and prosecuted several high profile public corruption and accounting fraud cases, and convicted the former majority leader of the New York State Senate and acting Lieutenant Governor of New York State of bribery and extortion.  Doug is a 2015 recipient of the Attorney General’s John Marshal Award, the highest attorney honor granted by the Department of Justice, and a 2013 recipient of the Federal Law Enforcement Foundation’s Prosecutor of the Year award.  Prior to joining the U.S. Attorney’s Office, Doug was an associate in Covington & Burling’s white collar criminal defense and intellectual property practices where he investigated and litigated criminal and civil accounting fraud, tax fraud, and patent infringement cases.

Doug brings deep technical expertise to his legal role, having served as a software engineer and program manager for Xerox’s Palo Alto Research Center, Microsoft and Hewlett Packard.  In those roles, Doug designed and developed artificial intelligence algorithms for natural language processing software and drivers for network management systems. 

Doug is an Adjunct Professor of Law at Fordham University, where he teaches a course on computer crimes.  He is also a published author—whose articles on cybercrime and insider threats regularly appear in the New York Law Journal—and frequent speaker on cybersecurity, fraud, and information management.  He has presented to and taught courses for the Department of Justice, FINRA, the Association of Corporate Counsel, the National Association of Corporate Directors and various universities, businesses and industry participants. 

He received a Bachelor’s degree in Symbolic Systems and a Master’s degree in Linguistics from Stanford University.  He received a Juris Doctor, cum laude, from Harvard Law School.  He is admitted to the New York bar, the U.S. District Courts for the Southern and Eastern Districts of New York, and the U.S. Court of Appeals for the Second Circuit, and is an active member of the Federal Bar Council where he serves on both the Criminal Practice and Westchester County Committees.



Ami Rodrigues, Assistant General Counsel – Privacy, Chipotle Mexican Grill, Inc. 

Ami Rodrigues is the head of Chipotle Mexican Grill, Inc.’s privacy program. She oversees legal compliance for global privacy, cybersecurity, technology transactions, e-commerce, machine learning, and mobile app development.  Her prior experience includes working with start-ups, state government agencies, and Fortune 100 companies in setting up privacy programs, working with regulators, and navigating data security incidents. She is an adjunct professor of Privacy and Cyber Law at Georgia State University College of Law and holds the CIPP/US, CIPP/E, CIPM certifications and FIP and PLS designations from the IAPP.


Mark Melodia is a privacy, data security and consumer class action defense lawyer in Holland & Knight's New York office. Mr. Melodia focuses his practice on governmental and internal investigations, putative class actions and other "bet-the-company" suits in the following areas: data security/privacy, mortgage/financial services and other complex business litigation, including defamation.

Mr. Melodia has defended more than 80 putative class actions – including as lead defense counsel in multiple multidistrict litigations (MDLs) – arising from alleged consumer privacy violations, data incidents and allegations of data misuse. He routinely represents clients responding to government privacy investigations before the Federal Trade Commission (FTC), Office for Civil Rights, state attorneys general and the U.S. Department of Justice (DOJ). He has guided clients in a wide range of industries through several hundred data incidents over the past dozen years. He advises clients on their obligations and helps them operationalize the requirements of General Data Protection Regulation (GDPR) as well as federal and state laws in the U.S. He consults with boards and executive teams on these issues.

Mr. Melodia has been an instructor of Information Security Law in the Chief Information Security Officer (CISO) Executive Education and Certification Program at Carnegie Mellon University's Heinz College, as well as a guest lecturer at Seton Hall Law School and New York University School of Law.

Mr. Melodia served as a law clerk for the Honorable Timothy K. Lewis of the U.S. District Court for the Western District of Pennsylvania.


Andrew Belsick is the Information Security GRC Director at Dick’s Sporting Goods.  In this role, he is responsible for all things governance/risk/compliance as they relate to data and technology (e.g. PCI, risk/control assessments, privacy, SOX, vendor risk, business continuity, etc).  He is an information security/IT audit professional with over fifteen years of experience in the technology GRC field.  Andrew’s experience includes a combination of external audit/advisory, internal audit, and information security across a broad range of industries: retail, healthcare, manufacturing, and financial services.  He has been an ISACA member since 2009 and holds the CISA, CISM, and CRISC certifications.


E.J. Yerzak is Director of Cyber IT Services at Compliance Solutions Strategies (CSS), a global regulatory compliance consultancy and regtech software provider for the financial services space. E.J. assists hedge funds, private equity funds, funds of funds, pension advisers, and retail investment advisers in cybersecurity risk assessments, from network vulnerability scanning and penetration testing to policy and control assessments and helping firms implement the NIST cybersecurity framework.  He has authored articles and alerts on emerging regulatory and technology issues, and speaks regularly as a cybersecurity expert at industry conferences and events throughout the country. He is a Certified Information Systems Auditor (CISA®), Certified Information Security Manager (CISM®), and Certified in Risk and Information Systems Control (CRISC™).


Jordan Rae Kelly

Head of Cybersecurity, Americas

Senior Managing Director

Ms. Kelly has more than 15 years of experience coordinating incident response and managing cyber policy planning.

Ms. Kelly advises clients on a broad range of cybersecurity and data privacy matters involving breaches, insider threats, intellectual property, crisis communications, vendor management, compliance, regulation, risk management, and forensic investigations.

Prior to joining FTI Consulting, Ms. Kelly served as the Director for Cyber Incident Response on the National Security Council at the White House. During her tenure there, she was responsible for both national incident response coordination, as well as management of the U.S. Government’s process for managing zero-day exploits. She was also a chief author of the National Cyber Strategy, the first of its kind in the United States in 15 years.

Before joining the National Security Council in 2017, Ms. Kelly served as Chief of Staff and Chief of Strategic Initiatives in the Federal Bureau of Investigation’s (FBI) Cyber Division, where she managed daily operations and strategic and policy planning for the FBI’s national cyber program. Prior to her 10-year tenure at the FBI, she was a law clerk in the Office of General Counsel at the Y-12 National Security Complex, a Department of Energy facility in Tennessee.

Ms. Kelly was named to Consulting magazine’s inaugural Women Leaders in Technology list, recognized in the Leadership category, and Global Investigation Review’s 2020 40 under 40 guide, which honors leading young investigations specialists from across the globe. She is a member of Women in Cybersecurity and Girls Who Code.

Ms. Kelly holds a bachelor’s degree from Wake Forest University and a Juris Doctorate from the University of Tennessee College of Law, where she served as an author and editor for Transactions: The Tennessee Journal of Business Law.


Mark H. Francis is a tech and data partner at the law firm Holland & Knight LLP in New York, with a focus on cybersecurity, data privacy, intellectual property and emerging technology.  Mark’s practice spans counseling, legal compliance, investigations, litigation, and a wide array of transactions.  In connection with his practice, Mark advises clients on information governance, third party risk management, federal, state and foreign privacy laws, artificial intelligence, adtech and data strategy.  He frequently counsels clients in response to data breaches and other incidents, guiding them through internal investigations, regulatory inquiries, and legal disputes.

Mark has a background in computer science and telecommunications, and received his JD/MBA from Fordham University. He is a Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH), as well as an IAPP CIPP/US, CIPT, Privacy Law Specialist and Fellow of Information Privacy. 

Mark is a board member and Governance Committee Chair for the New York Metro InfraGard Members Alliance, and Chair of the IAPP’s CIPP/US Exam Development Board. Mark is currently serving as a Special Government Employee on the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee.


Michael is an intellectual property attorney whose practice encompasses trademark and copyright enforcement, technology and licensing transactions, patent and trademark portfolio management, and counseling clients on intellectual property issues that arise in business deals. He also has extensive experience in cybersecurity, privacy, and social media law. His clients range from start-ups to Fortune 500 companies in a broad range of industries, including technology, manufacturing, sports & entertainment, and digital & social media.

The rights enforcement side of Michael’s practice includes trademark, copyright, and patent matters, domain name proceedings, and advising clients on publicity and privacy rights.

Michael’s IP transactional work includes drafting licensing, joint venture, and other agreements involving trademarks and technology. He also frequently conducts due diligence on intellectual property issues related to mergers and acquisitions, securitizations, loans, securities offerings, and other transactions.

Michael has been interviewed on television and quoted in national media outlets on file-sharing and copyright issues. Along with appearing on Bloomberg Television and Reuters Television, he has been quoted in the Washington Post, San Francisco Chronicle, Above the Law, The Guardian of London and The Daily Deal, and other news outlets. He teaches social media law as a lecturer in law at the University of Pennsylvania Law School and an adjunct professor at Benjamin N. Cardozo School of Law.

Prior to joining Mintz, Michael was chair of the intellectual property group at a New York-based international law firm, where he was a partner for a decade. Earlier, he was a partner at a Washington, DC-based national law firm; a counsel and associate at another New York-based global law firm; and an associate at a New York-based intellectual property law firm.


Rhonda Barnat

As one of the country’s leading crisis management advisers, and head of the firm’s crisis management practice, Rhonda Barnat has been involved in helping corporations and non-profits through some of their most defining moments and some of the most visible issues of our time.

Rhonda is an expert in helping companies and non-profits move through an issue and return to normal with their reputations intact.  She is often called upon to assemble the specialized teams that are required when a major crisis befalls an institution.

She is a frequent speaker on crisis communications and crisis management throughout the United States and Europe. In addition, Rhonda also works with clients in complex mergers and acquisition situations, including proxy contests. Other clients look to her for specialized media and presentation training as part of an overall strategic program. Many national and international insurance companies have selected her and the firm for crisis communications and management in complex situations on behalf of their policyholders.


Tom Baxley is the Chief Information Security Officer at Balyasny Asset Management. Prior to joining Balyasny in 2019 Tom was the Chief Information Security Officer at Pine River Capital Management and Two Harbors Investment Corporation. Tom has previously held roles as a security engineer and a security management consultant with Ernst and Young. Tom holds a Bachelor of Science degree in Information Security and Forensics from Rochester Institute of Technology.