Skip to main content

Cybersecurity 2015: Managing the Risk

Speaker(s): Aaron P. Simpson, David Stampley, Emily Stapf, Greg Temm, Jenny Menna, Jon Rose, Josh Goldfarb, Lisa J. Sotto, McLean B. Sieverding, Michael A. Vatis, Milan Patel, Vincent Liu
Recorded on: Sep. 25, 2015
PLI Program #: 59135

Position/Title: Chief Security Officer

Firm or Place of Business: Dun and Bradstreet

Primary Areas of Practice: Security

Law School/Graduate School: N/A

Work History:

Professional Memberships: CISSP

Aaron Simpson is a partner with Hunton Andrews Kurth. He advises clients on a broad range of complex privacy, data protection and cybersecurity matters, including international and U.S. federal and state privacy and data security requirements. Aaron’s work ranges from advising clients on large-scale cybersecurity incidents to the development of cross-border data transfer solutions, compliance with existing and emerging data protection requirements in Europe, and negotiating data-driven commercial agreements. He frequently assists clients with due diligence and negotiation of privacy and data security issues in corporate transactions. Aaron also prepares proactive, data breach-readiness solutions for clients, including through the creation of incident response plans and conducting board-level tabletop exercises. 

Additionally, Aaron has substantial experience advising clients on global privacy compliance programs, and his work includes developing strategies for compliance with the California Consumer Privacy Act of 2018 and California Privacy Rights Act of 2020. He also has advised numerous clients on the EU General Data Protection Regulation.

Aaron is well known as a top privacy professional and has been recognized by Chambers and Partners, Computerworld and The Legal 500 for his work on behalf of clients. Aaron is the only lawyer listed in both The Legal 500 United States and The Legal 500 United Kingdom guides, providing clients with a broad and unique transatlantic perspective on privacy, data protection and cybersecurity matters.

In addition, Aaron is a sought-after media resource on privacy issues and has been quoted in such publications as Bloomberg BNA, Businessweek Magazine, Computer Weekly, Corporate Secretary, DataGuidance, Law360, SC Magazine, The Times and TIME Magazine. He regularly speaks before industry groups, legal organizations, government agencies and educational institutions at conferences, seminars, roundtables and webinars. He has written and co-written numerous articles, book chapters and handbooks on privacy and information security issues.

Aaron received his JD from the University of Virginia School of Law and his BA from the University of Texas, High Honors. He is admitted to practice in New York, and is a Registered Foreign Lawyer of England and Wales.

Emily Stapf is a Principal in PwC’s Cybersecurity & Privacy practice focused on incident and threat management and cybersecurity strategy.  She is on PwC’s US cybersecurity leadership team where she leads integration of cybersecurity into PwC ‘s global business portfolio, leads the US Incident and Threat Management team, and leads the Denver market for PwC’s Cybersecurity & Privacy services. 

With 20+ years of consulting experience, Ms. Stapf has helped hundreds of commercial clients prepare for, respond to, and mitigate the impact of unplanned events.  For 16 years she has lead investigations, incident response and strategy projects related to data breaches, cybercrime events, privacy matters, information security strategy, and insider threat using computer forensics, data analytics and cybersecurity techniques.  She helps clients navigate statutory, regulatory and contractual notification, regulatory inquiry and litigation, and regularly briefs senior leaders about cybersecurity risk, resilience and trust.

Ms. Stapf has advised hundreds of corporate, private and law firm clients across healthcare, retail, financial services, insurance, aerospace, technology, manufacturing, data analytics and energy industries on a global scale, and is well connected across PwC's global network.

Ms. Stapf is a frequent speaker on the topics of cybercrime, data breach investigations and information risk management at ABA, IAPP, PLI, CSO and other forums.

Ms. Stapf is a Certified Information Security Manager and a Certified Fraud Examiner, and is an IAPP and ISACA member, and held a Federal Top Secret Clearance.

Jenny Menna is the Cybersecurity Partnership Executive at U.S. Bancorp, leading sector-wide efforts to strengthen public and private partnerships and promoting meaningful cybersecurity legislation.   She also leads the Bank’s information systems security strategic intelligence efforts.

Jenny is a nationally recognized cybersecurity leader, with substantial achievements in building large-scale information technology and security programs and plans across government and the private sector. She brings nearly 20 years experience in leadership roles in cybersecurity, information sharing, systems development and integration, and critical infrastructure protection.

Prior to joining U.S. Bank, Jenny held a variety of leadership positions in the Department of Homeland Security’s Office of Cybersecurity and Communications, the component responsible for securing federal civilian, state and local government and critical infrastructure networks, as well as for coordinating cyber incident response.  Her responsibilities ranged from strategic risk management and partnership engagement to front-line operational and technical activities, to leading national-level policy initiatives. She was selected for the Senior Executive Service in 2009.

Before her government service, Jenny worked in a series of increasingly responsible management roles in systems integration and consulting.  She received both her Bachelors and Masters degrees from the University of Chicago, and received certification as Project Management Professional.

Vincent Liu (CISSP) is a Partner at Bishop Fox, a cyber security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. In this role, he oversees firm management, client matters, and strategy consulting.

Vincent is a recognized expert, having presented at Black Hat and Microsoft BlueHat. He is regularly cited by the press, and has been interviewed by media outlets like Al Jazeera and NPR. Vincent has also co-authored seven books including several industry best-sellers, such as: Hacking Exposed Wireless 1st and 2nd Edition; Hacking Exposed Web Applications 3rd Edition, and most recently Web Application Security: A Beginner’s Guide. He serves as returning faculty at the Practicing Law Institute, and sits on the advisory boards for the University of Advancing Technology and the cyber security accelerator, Mod N Labs.

Prior to founding Bishop Fox, Vincent led the Attack & Penetration team for the Global Security unit at Honeywell International. Before that, he was a consultant with the Ernst & Young Advanced Security Centers and an analyst at the National Security Agency.

Milan Patel is a Managing Director at K2 Intelligence.

Before joining K2 Intelligence, Milan served as the FBI Cyber Division’s Chief Technology Officer (CTO) where he was responsible for advising FBI Cyber Division on policy, strategy and the tactical direction of information and operational technologies used in cyber investigations by the FBI’s cyber field operations across all 56 FBI offices in the United States.  As the technology lead for the FBI Cyber Division he identified and implemented technologies used in cyber incident response, traditional cyber investigations, and to support interagency cyber threat intelligence sharing within the United States intelligence community – the CIA, NSA, and DHS. Leading a team of senior FBI agents, he was also charged with developing more efficient processes and utilization of the Cyber Division’s enterprise cyber threat management platform.

Most recently, Milan organized and co-led the Joint Requirements Team, facilitated by the White House National Security Council – Cyber Security Directorate, a team charged with creating inter-agency business and technology requirements to address President Obama’s Executive Order 13636, “Improving Critical Infrastructure Cyber Security.” This led to the development of the first national cyber incident severity scheme approved by the White House and senior leadership within the United States Intelligence and Federal Law Enforcement Communities and outlines how and when the United States Government will respond and coordinate during cyber incidents within the United States.

Prior to serving as the technology lead for the Cyber Division, Milan was one of the most senior Special Agents in the Cyber Division. He was a Supervisory Special Agent at FBI headquarters in Washington DC where his responsibilities included managing enterprise investigations, as well as providing cyber threat intelligence briefings to the critical infrastructure sector organizations.

Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto chairs Hunton Andrews Kurth’s top-ranked Global Privacy and Cybersecurity practice and is the managing partner of the firm’s New York office. She also serves on the firm’s Executive Committee. Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity. She was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and has received top rankings for privacy and data security by Chambers and Partners and The Legal 500. Chambers and Partners honored Lisa with the 2021 Outstanding Contribution to the Legal Profession award, noting that a peer called her “a legend.” Lisa serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. 

Nicknamed both the “Priestess of Privacy” and “Queen of Breach,” Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices. She provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness. Since 2005, she has advised clients on more than 2,000 cybersecurity and data breach incidents in the U.S. and abroad, including many of the world’s seminal events. She has handled numerous cyber incidents and data breaches involving industrial control systems, proprietary business information, and virtually every type of personal information. Lisa regularly meets with senior management to discuss cybersecurity legal developments, and has led numerous full board and audit committee discussions on these topics.

Lisa also advises clients on CCPA/CPRA, VCDPA, GLB, HIPAA, COPPA, CAN-SPAM, FCRA, VPPA, security breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America). Lisa is the editor and lead author of the legal treatise entitled Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 

Lisa is chair of the New York Privacy Officers’ Forum and a former member of the Board of Directors of IAPP. She received her J.D. from the University of Pennsylvania Law School, where she was an editor of the Law Review. She received her B.A. from Cornell University, with Distinction in All Subjects. Lisa is admitted to practice in New York.

Michael Vatis has spent most of his career addressing cutting edge issues at the intersection of law, policy, and technology. Michael's practice focuses on Internet, e-commerce, and technology matters, providing legal advice and strategic counsel on matters involving privacy, security, encryption, intelligence, law enforcement, Internet gambling, and international regulation of Internet content. He also is an experienced appellate litigator, representing clients before the US Supreme Court and federal courts of appeals. Michael is praised by clients in Legal 500 as "a deep thinker [who] thoroughly analyzes issues, identifies solutions and is able to apply his analysis to business reality."

Michael was the founding director of the National Infrastructure Protection Center at the FBI, the first government organization responsible for detecting, warning of, and responding to cyberattacks. Before that, Michael served as Associate Deputy Attorney General and Deputy Director of the Executive Office for National Security in the Department of Justice, where he advised the Attorney General and Deputy Attorney General and coordinated the Department’s activities involving counterterrorism, intelligence, encryption, and cybercrime. In that capacity, he also helped lead the development of the nation’s first policies regarding critical infrastructure protection. Michael served as Special Counsel at the Department of Defense, where he handled sensitive legal and policy issues for the Secretary and Deputy Secretary of Defense and the General Counsel, receiving the Secretary of Defense Award for Excellence.

After leaving the government in 2001, Michael served as the first Director of the Institute for Security Technology Studies at Dartmouth, a federally funded counterterrorism and cyber security research institute. He was simultaneously the founding Chairman of the Institute for Information Infrastructure Protection (I3P). I3P, a consortium of leading cyber security research organizations, worked with industry, government, and academia to develop a comprehensive research and development agenda to improve the security of the nation’s computer and communications networks. Michael also served as the Executive Director of the Markle Task Force on National Security in the Information Age, a highly influential group of technology company executives, former government officials, and civil libertarians that recommended ways the government could more effectively use information and technology to combat terrorism while preserving civil liberties. Michael was the principal author of the group’s second report, whose recommendations were adopted by the 9/11 Commission and included in the 2004 Intelligence Reform Act.

Greg Temm is Vice President for Information Security at MasterCard joining MasterCard in 1999. Mr. Temm currently has leadership responsibility for Public Private Partnership and Cyber Intelligence. Mr. Temm is accountable for the development and ownership of MasterCard’s cyber intelligence program while also serving as MasterCard’s emissary to the intelligence and information-sharing community for cyber threats. Prior to his current role, Mr. Temm has lead Information Security Strategy, charged with the development and ownership of the overall strategy for MasterCard’s Informaton Security program; Security Detection and Response, accountable for the response to cyber security incidents as well as the Security Event Management program; Threat Management, charged with governance and oversight for vulnerability identification & remediation efforts; Information Security Technical Services, responsible for access management of MasterCard’s systems; and numerous leadership roles in Global Network Operations and Global Debit Operations.

Mr. Temm is a strong advocate for information sharing initiatives where he started or expanded MasterCard’s participation with information sharing entities. Mr. Temm serves as a key leader on the Threat Intelligence Committee (TIC) of the Financial Services Information Sharing & Analysis Center (FS-ISAC) serving as secretary for both the TIC Executive Committee and the TIC. Mr. Temm is also a member of the Financial Services Sector Coordinating Council (FSSCC). Additionally, Mr. Temm contributes to the Financial Services Roundtable, BITS, the Business Roundtable, U.S. Secret Service’s Gateway Electronic Crimes Task Force, Infragard, and Washington University in Saint Louis’ Information Security Roundtable, among other industry security boards.

Mr.Temm is a member of the Board of Directors for the FS-ISAC and is also Chairperson of the Board of Directors for MPACT, a state-wide 501(c)(3) training agency serving thousands of families across the state for over 26 years. Additionally, he serves on the Advisory Board for Lindenwood University.

Mr. Temm holds a Bachelor of Science degree in Business Administration from Lindenwood University graduating with Magna Cum Laude honors and is a Certified Information Systems Security Professional (CISSP). He is also a member of the High Technology Investigation Association (HTCIA) and the Intelligence and National Security Alliance (INSA).

David A. Stampley, a partner at KamberLaw, focuses on litigating data privacy and security issues on behalf of consumers. Mr. Stampley has previously served as an Assistant Attorney General in the New York State Attorney General’s office, where he led landmark cases to protect consumers‘ online privacy and security in enforcement actions against DoubleClick, Ziff Davis Media, Eli Lilly (the data breach), and AOL/Netscape (SmartDownload spyware).

In the private sector, Mr. Stampley managed digital forensics services and served as a privacy compliance consultant to global clients for Neohapsis, a highly regarded provider of information risk management and security consulting services, where he was also General Counsel.

Josh is an experienced information security analyst with over a decade of experience building, operating, and running Security Operations Centers (SOCs). Josh currently serves as VP, CTO - Americas at FireEye. Until its acquisition by FireEye, Josh served as Chief Security Officer for nPulse Technologies. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT. In addition to Josh’s blogging and public speaking appearances, he is also a regular contributor to DarkReading, SecurityWeek, SC Magazine UK, and The Business Journals.

McLean B. Sieverding joined InfoLawGroup as Senior Counsel in 2015.  Mr. Sieverding’s practice focuses on identifying and managing state, federal, and international privacy and data security issues and risks for a broad range of clients in the software, financial services, healthcare, IT, new media, telecommunications, retail, and various other industry sectors.  Mr. Sieverding is also a seasoned data breach law attorney, having closely managed more than 500 data breach remediations.  Prior to joining InfoLawGroup, Mr. Sieverding spent more than a decade practicing in the Communications, Media & Privacy group at Willkie Farr & Gallagher LLP (Washington DC office), and he most recently served as Assistant General Counsel for Int’l Data Protection & Regulatory Compliance at Verizon.