Skip to main content

Cybersecurity 2014: Managing the Risk

Speaker(s): Adam Mattina, Charles E. Beard, Christine Ricci, Deane Davis, Emily Stapf, Erez Liebermann, Lisa J. Sotto, Paul M. Tiao, Samara N. Moore, Scott A. Kamber, Scott L. Vernick, Vincent Liu, Wayne Proctor, CISSP, CISA, CRISC
Recorded on: Sep. 10, 2014
PLI Program #: 51413

Emily Stapf is a Principal in PwC’s Cybersecurity & Privacy practice focused on incident and threat management and cybersecurity strategy.  She is on PwC’s US cybersecurity leadership team where she leads integration of cybersecurity into PwC ‘s global business portfolio, leads the US Incident and Threat Management team, and leads the Denver market for PwC’s Cybersecurity & Privacy services. 

With 20+ years of consulting experience, Ms. Stapf has helped hundreds of commercial clients prepare for, respond to, and mitigate the impact of unplanned events.  For 16 years she has lead investigations, incident response and strategy projects related to data breaches, cybercrime events, privacy matters, information security strategy, and insider threat using computer forensics, data analytics and cybersecurity techniques.  She helps clients navigate statutory, regulatory and contractual notification, regulatory inquiry and litigation, and regularly briefs senior leaders about cybersecurity risk, resilience and trust.

Ms. Stapf has advised hundreds of corporate, private and law firm clients across healthcare, retail, financial services, insurance, aerospace, technology, manufacturing, data analytics and energy industries on a global scale, and is well connected across PwC's global network.

Ms. Stapf is a frequent speaker on the topics of cybercrime, data breach investigations and information risk management at ABA, IAPP, PLI, CSO and other forums.

Ms. Stapf is a Certified Information Security Manager and a Certified Fraud Examiner, and is an IAPP and ISACA member, and held a Federal Top Secret Clearance.

Samara Moore is the Chief Cyber Security Officer for the Office of the Under Secretary for Science and Energy, within the Department of Energy.  She recently completed a two year detail assignment with the White House National Security Council Staff, as the Director for Cybersecurity Critical Infrastructure Protection where she coordinated across the federal government and partnered with the private sector on efforts to strengthen cybersecurity for all critical infrastructure sectors. 

Prior to joining the White House, Mrs. Moore worked as the Senior Information Technology (IT) and Cybersecurity Advisor at the Department of Energy (DOE), focused on cybersecurity for the Energy Sector and managing public-private partnerships.  For nearly 5 years at DOE, she also led the cybersecurity program for internal Energy Program offices and played a key role in IT and cybersecurity governance for the DOE.  While at DOE, Mrs. Moore led the development of the Electricity Sector Cybersecurity Capability Maturity Model which is being used both domestically and internationally.  Prior to joining the DOE, Mrs. Moore worked as the Director of the Office of Management and Data Systems for the Occupational Safety and Health Administration, and for Deloitte Enterprise Risk Services. 

Mrs. Moore has worked as a consultant, systems engineer, and IT manager, and has performed security assessments, managed security operations and security planning for government agencies as well as private industry. Mrs. Moore received a bachelor’s degree from Virginia Tech in Accounting and Information Systems and a master’s degree from the George Washington University in Engineering Management Systems Engineering, where she is currently an adjunct professor.

Scott A. Kamber is the founding member of KamberLaw, the leading plaintiffs’ firm to focus on individual rights in the digital age.  Serving a global client base with lawyers across the United States, Mr. Kamber has led the successful resolution of dozens of high–impact litigations, including In re Blue BuffaloLane v. Facebook and in re Flash cookies. Currently, Mr. Kamber leads numerous litigations arising from various web technologies, wrongful use of deep packet inspection technologies, web-centric violations of Lanham Act, website accessibility and the rights of children on the internet. Mr. Kamber has extensive courtroom and trial experience.

Mr. Kamber’s efforts in Internet privacy rights began in the 1990s when he resolved what is believed to be the first Internet privacy case to recover a benefit for impacted class members. His interest in consumer rights and technology extends to new media, and he has led standard-setting litigations and resolutions involving digital rights management software for computer software, video games, and music. Mr. Kamber is a frequent speaker on these issues in the United States and abroad, of note He was a keynote speaker for the IAPP annual conference and a panelist at the International Conference of Data Protection and Privacy Commissioners where he spoke on the topic of coordinating private class actions with government enforcement. 

Mr. Kamber graduated cum laude from the University of California Hastings College of the Law in 1991 where he was Order of the Coif, Articles Editor for the Hastings Constitutional Law Quarterly and a member of the Moot Court Board. He graduated with University and Departmental Honors from The Johns Hopkins University in 1986. He is admitted to practice before the United States Supreme Court, the State of New York and the District of Columbia, as well as the United States Courts of Appeals for the Second, Eighth and Ninth Circuits, and several United States District Courts.


Scott L. Vernick is a partner with the national law firm of Fox Rothschild LLP, resident in its Philadelphia office. For eight consecutive years, Chambers USA has ranked him as a leading litigation attorney in Pennsylvania, and he was previously named a BTI Client Service All-Star.

Scott’s diverse national trial practice focuses on pharmaceutical, technology and intellectual property litigation for Fortune 500 clients, ranging from First Data Corporation and GlaxoSmithKline plc to Merck & Co., Inc. He represents clients in state and federal courts, as well as in arbitration forums, in commercial disputes regarding intellectual property, licensing and technology transfer agreements, trade secrets, restrictive covenants and unfair competition; software and hardware technology service agreements; merchant processing and electronic payments; mergers, acquisitions and corporate changes-of-control; government contracting and procurement; and commercial lending, FCRA, FDCPA and TIL.

Over the past decade, Scott has developed a particular fluency in the rapidly evolving field of privacy and data security. He routinely counsels multinational and mid-sized businesses on how to mitigate risk and overcome the challenges posed by the current state and federal enforcement environment. For several years, Scott has contributed to the “Combating Cyberthreats” section to West/Thompson Reuters’s Data Security and Privacy Law guide.

Scott spearheaded the creation of the firm’s Data Breach 411 iPhone app, which provides immediate access to state data breach notification statut¬es, as well as other pertinent resources. In addition, he serves as a contributor to the firm’s Privacy Compliance & Data Security Privacy blog.

As a recognized authority on privacy and data security, Scott is a sought-after media source on these issues and a frequent guest speaker. He has recently been featured in outlets including Forbes, CRAIN’s New York Business, The Wall Street Journal, USA Today, Inside Counsel,  Law360, NPR and The National Law Journal, and has appeared on “The O’Reilly Factor” and “Studio B with Shepard Smith.”

Scott earned his J.D., cum laude, from Georgetown University and his B.A. from Trinity College.

Vincent Liu (CISSP) is a Partner at Bishop Fox, a cyber security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. In this role, he oversees firm management, client matters, and strategy consulting.

Vincent is a recognized expert, having presented at Black Hat and Microsoft BlueHat. He is regularly cited by the press, and has been interviewed by media outlets like Al Jazeera and NPR. Vincent has also co-authored seven books including several industry best-sellers, such as: Hacking Exposed Wireless 1st and 2nd Edition; Hacking Exposed Web Applications 3rd Edition, and most recently Web Application Security: A Beginner’s Guide. He serves as returning faculty at the Practicing Law Institute, and sits on the advisory boards for the University of Advancing Technology and the cyber security accelerator, Mod N Labs.

Prior to founding Bishop Fox, Vincent led the Attack & Penetration team for the Global Security unit at Honeywell International. Before that, he was a consultant with the Ernst & Young Advanced Security Centers and an analyst at the National Security Agency.

Erez is Prudential’s chief counsel on cybersecurity and privacy matters.  He leads a team on a wide range of cybersecurity and privacy legal, policy and investigative matters.  Erez serves as primary counsel to the Chief Information Security Officer, Chief Privacy Officer, and IT Risk on information security and privacy matters.  In this role, Erez also oversees the High Tech Investigations Unit. Together with the Information Security Office and IT Risk, Erez works closely to review the enterprise’s cybersecurity program and update executive management on the enterprise’s program.  Erez also serves as a point of contact to regulators and law enforcement on cyber security matters and provides updates to the enterprise on the regulatory and threat landscape.  Since joining Prudential in 2014, Erez has also worked on response planning for a cybersecurity and privacy incidents including technical and business oriented tabletop exercises.  Through his work with the High Tech Investigations Unit, Erez oversees investigations into cyber incident response, cyber crimes, privacy breaches, and intellectual property theft, as well as E-Discovery production and computer forensics.

Erez previously led Prudential’s Corporate Investigations Division (CID), which consists of attorneys and investigators responsible for investigations relating to internal and external fraud, regulatory matters, employee misconduct, and sales practice.

Prior to joining Prudential Financial in February 2014, Erez spent 10 years as a federal prosecutor.  He served as Deputy Chief of the Criminal Division at the U.S. Attorney’s Office, District of New Jersey, and Chief of the Computer Hacking and Intellectual Property Section. Additionally, Erez oversaw the white collar units, including Economic Crimes, National Security, Healthcare and Money Laundering. He was the lead prosecutor on numerous cyber, securities, and fraud matters, including United States v. Drinkman, the largest credit card data breach investigation and prosecution to date, involving the theft of over 160,000,000 credit and debit card numbers.  Albert Gonzalez was sentenced to 20 years imprisonment for his role in the conspiracy.

Erez is the recipient of numuerous awards, including the Attorney General’s Award for Distinguished Service, numerous letters of recognition from the Director of the Federal Bureau of Investigations, and Prosecutor of the Year Award by the Federal Law Enforcement Foundation.

Erez is a frequent lecturer on cybercrime, privacy, and fraud.  He previously taught Cybercrime Law at Rutgers University School of Law.

He graduated from the University of Virginia with a degree in Aerospace Engineering.  He received his law degree from Columbia University Law School.

Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto chairs Hunton Andrews Kurth’s top-ranked Global Privacy and Cybersecurity practice and is the managing partner of the firm’s New York office. She also serves on the firm’s Executive Committee. Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity. She was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and has received top rankings for privacy and data security by Chambers and Partners and The Legal 500. Lisa serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. 

Nicknamed both the “Priestess of Privacy” and “Queen of Breach,” Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices. She advises clients on GLB, HIPAA, COPPA, CAN-SPAM, FCRA, VPPA, security breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America). More recently, Lisa and her team have assisted more than 100 clients in developing strategies for complying with the California Consumer Privacy Act of 2018.

Lisa also provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness. Since 2005, she has advised clients on more than 1,600 cybersecurity and data breach incidents in the U.S. and abroad, including many of the seminal events. Lisa is the editor and lead author of the legal treatise entitled Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 

Lisa is chair of the New York Privacy Officers’ Forum and a former member of the Board of Directors of IAPP. She received her J.D. from the University of Pennsylvania Law School, where she was an editor of the Law Review. She received her B.A. from Cornell University, with Distinction in All Subjects. Lisa is admitted to practice in New York.

Paul is a partner in Hunton & Williams LLP’s Washington office. He co-chairs the firm’s multi-disciplinary Cyber and Physical Security Task Force and its Energy Sector Security Team. He assists clients from a wide range of sectors with security, law enforcement, electronic surveillance and privacy issues. Paul regularly advises companies on risk management, preparedness, cyber incident response, compliance, litigation, policy and legislation.  

Prior to joining Hunton & Williams, Paul served as Special Counsel and then Senior Counselor for Cybersecurity and Technology to the Director of the Federal Bureau of Investigation. In that position, he advised the FBI Director on programmatic, policy and legal issues relating to cyber, counterintelligence and counter-terrorism. He also represented the FBI in senior-level discussions with other agencies, the White House, Congress and industry.

Paul previously served on the US Senate Judiciary Committee as Counsel to the Senate Assistant Majority Leader, where he wrote legislation and provided advice on criminal and national security issues. He is a former Assistant US Attorney in the District of Maryland. At the US Attorney's Office, Paul investigated and prosecuted cyber intrusions, intellectual property violations, white collar fraud, organized crime, drug trafficking, and violent crimes. He also served as the coordinator of computer hacking and intellectual property cases.

Paul began his career as a law clerk for the Honorable Mary Schroeder of the US Court of Appeals for the Ninth Circuit, and then served as a trial lawyer in the honors program of the Department of Justice Civil Rights Division. In between stints in the government, he was in private practice at a large law firm handling civil and criminal litigation matters involving complex technology.

Paul is an adjunct professor of cybersecurity law and policy at George Washington University, a guest lecturer on cybersecurity and privacy at various universities, and an instructor at the National Institute for Trial Advocacy. He is a member of the Virginia Cyber Security Commission, appointed by Governor Terry McAuliffe; a member of the Maryland Cybersecurity Council, appointed by Attorney General Brian Frosh; and Chair of the Montgomery County Criminal Justice Coordinating Commission, appointed by County Executive Ike Leggett.

Charles E. Beard is a Principal in PWC’s Forensics practice where he specializes in supporting commercial concerns in the strategic application of technology to business designs, inherent duties and risks associated with operating in the digital economy, and investigations of computer and intellectual property crimes. With more than 25 years of experience, Mr. Beard supports corporate officers, their directors and counselors to identify practical solutions to the digital risk environments confronting their organizations as a result of emerging threat intelligence, contractual obligations, regulatory environments or investigatory events. Charles has been both a testifying and consulting expert witness, managed global P&Ls exceeding $400M annually, served as the Chief Information Officer of an $11B Fortune 300 Defense Industry company and leading that firms operational transformation. He was a founding member of the public-private partnership for threat information sharing for the US Defense Industrial Base and previously served as an officer in the US Air Force. Charles is a member of the Inova Health Care Services Board, was recognized by Consulting Magazine as one of the Top 25 consultants in the US in 2004 and a Top 50 Chief Information Officer by ExecRank in 2012.

Christine S. Ricci
Senior Counsel, Corporate Legal – Privacy and Data Protection
General Electric Company

Christine is an executive counsel in GE’s corporate legal department, supporting GE’s corporate IT Risk and Technology Solutions organizations and businesses on cyber related legal and compliance issues. In that role, she provides advice and counsel on threat management, cyber incident management, regulatory compliance, and contractual interpretations; analyzes cybersecurity legislation and regulatory issues to ascertain potential impacts on GE; and manages existing agreements and relationships with government organizations pertaining to cybersecurity. Christine is responsible for leading the company’s government relations and industry initiatives, including coordination of GE’s position, on emerging cyber legislation and regulation. She is also a government contracts expert, previously serving as a senior counsel in the GE Aviation Legal Operation supporting GE Aviation’s Military Systems Operation and Government Business. Prior to joining GE, Christine held positions at Xerox Corporation, the Department of Defense General Counsel’s Office, the Department of Justice, and in private practice in DC. She graduated from James Madison University and Catholic University Columbus School of Law.

As Director of Information Security and IT Risk Management, Wayne Proctor has global responsibility for the UPS information security program. His key responsibilities include: strategy, architecture, security operations, IT risk management, policy, awareness, forensics, compliance and IT business continuity.

Wayne has more than 20 years of IT management experience with fourteen years in Information Security leadership positions. Prior to joining UPS, Wayne held CISO positions in: Bank of the West, First Data USA, Certegy and BellSouth International.

Wayne is a nationally-recognized information security professional. He is an active member of several information security organizations including: ISACA, ISC2, InfraGard, and is an executive member of the ISSA CISO organization. He has spoken at National InfoSec events and has been quoted in a variety of industry magazines. He received a BS in Computer Science in 1988 and his MBA in 2008.

Deane is a Director within Delhaize America’s Information Security Office. He has twenty years of information technology and security experience including seven years of security consulting for PricewaterhouseCoopers (PWC). Deane currently oversees Delhaize America’s Threat and Vulnerability Management teams and their Cybercrimes and Incident Response teams.

Deane has significant experience in security architecture, security operations, and cybercrimes incident response. He has worked with companies in the manufacturing, technology, financial services, retail, utilities, and insurance industries. His recent industry experience extends to retail where he is involved in various regulatory compliance requirements including Payment Card Industry (PCI) and Healthcare Insurance Portability and Accountability Act (HIPAA).

Deane obtained is B.A. Information Technology from American InterContinental University where he graduated Summa Cum Laude. Early in his career he obtained several certifications in the technology industry such as a Cisco Certified Network Associate (CCNA), Microsoft Certified Solutions Expert (MCSE) and a Microsoft Certified Trainer (MCT).

Deane is a current member of Information Security Forum (ISF) and Retail Cyber Intelligence Sharing Center (R-CISC).

Mr. Mattina is the Head of Insider Threat Management at The Blackstone Group. The Information Risk and Security Group at Blackstone is charged with protecting the firm’s corporate intellectual property. Prior to his current role, he managed recruitment, training and operations of a global team of the foremost information security experts within the United States Department of Defense.  Mr. Mattina has designed strategic planning and data aggregation tools to solve large-scale organizational problems.  He is a trusted advisor on topics of risk assessment, emerging technologies and data analytics.  Previously, Mr. Mattina was a Senior Sales Engineer for Asigra Inc., the first company to provide cloud backup and recovery software for managed service providers. From 2005 to 2008, Mr. Mattina managed data center operations of a hosting provider and conducted network optimization, design and security consulting for small to medium enterprise clients in several vertical markets. Mr. Mattina graduated with honors from the Rochester Institute of Technology, earned an MBA at George Washington University and is the appointed Chair of Computer Services for a national non-profit organization. He is an adjunct Professor at Stevenson University in the graduate program for Cyber Forensics, a Certified Information Systems Security Professional (CISSP) and has held various vendor-specific certifications.