Skip to main content

Cybersecurity 2015: Managing the Risk


Speaker(s): Aaron P. Simpson, David Stampley, Emily Stapf, Greg Temm, Jenny Menna, Jon Rose, Josh Goldfarb, Lisa J. Sotto, McLean B. Sieverding, Michael Vatis, Milan Patel, Vincent Liu
Recorded on: Sep. 25, 2015
PLI Program #: 59135

Position/Title: Chief Security Officer

Firm or Place of Business: Dun and Bradstreet

Primary Areas of Practice: Security

Law School/Graduate School: N/A

Work History: Linkedin.com/in/jrose400

Professional Memberships: CISSP


Emily Stapf is a Partner in PwC’s Forensic Technology practice focused on incident response, threat management and cybersecurity strategy. She co-leads PwC’s national Cybersecurity & Privacy Incident & Threat Management offering, and leads the Rockies Market for PwC’s Advisory services.

With 18 years consulting experience, Ms. Stapf helps commercial clients prepare for, respond to, and mitigate the impact of unplanned events involving sensitive information. She leads investigations, assessments and special projects related to data breaches, privacy matters, cybercrime events, information security assessments, and IT system reviews using computer forensics and data analytics techniques; and helps clients navigate constituent notification, regulatory inquiry and litigation.

She has advised hundreds of corporate, government and law firm clients in healthcare, retail, industrial products, financial services, aerospace, technology, manufacturing and energy industries, and is well connected to PwC's global forensics network.

Ms. Stapf is a frequent speaker on the topics of cybercrime, data breach investigations and information risk management at IAPP, PLI, CSO, ABA and other forums.

Ms. Stapf has a Federal Top Secret clearance, is a Certified Information Security Manager and a Certified Fraud Examiner, and is an IAPP and ISACA member.


Jenny Menna is the Cybersecurity Partnership Executive at U.S. Bancorp, leading sector-wide efforts to strengthen public and private partnerships and promoting meaningful cybersecurity legislation.   She also leads the Bank’s information systems security strategic intelligence efforts.

Jenny is a nationally recognized cybersecurity leader, with substantial achievements in building large-scale information technology and security programs and plans across government and the private sector. She brings nearly 20 years experience in leadership roles in cybersecurity, information sharing, systems development and integration, and critical infrastructure protection.

Prior to joining U.S. Bank, Jenny held a variety of leadership positions in the Department of Homeland Security’s Office of Cybersecurity and Communications, the component responsible for securing federal civilian, state and local government and critical infrastructure networks, as well as for coordinating cyber incident response.  Her responsibilities ranged from strategic risk management and partnership engagement to front-line operational and technical activities, to leading national-level policy initiatives. She was selected for the Senior Executive Service in 2009.

Before her government service, Jenny worked in a series of increasingly responsible management roles in systems integration and consulting.  She received both her Bachelors and Masters degrees from the University of Chicago, and received certification as Project Management Professional.


Vincent Liu (CISSP) is a Partner at Bishop Fox, a cyber security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. In this role, he oversees firm management, client matters, and strategy consulting.

Vincent is a recognized expert, having presented at Black Hat and Microsoft BlueHat. He is regularly cited by the press, and has been interviewed by media outlets like Al Jazeera and NPR. Vincent has also co-authored seven books including several industry best-sellers, such as: Hacking Exposed Wireless 1st and 2nd Edition; Hacking Exposed Web Applications 3rd Edition, and most recently Web Application Security: A Beginner’s Guide. He serves as returning faculty at the Practicing Law Institute, and sits on the advisory boards for the University of Advancing Technology and the cyber security accelerator, Mod N Labs.

Prior to founding Bishop Fox, Vincent led the Attack & Penetration team for the Global Security unit at Honeywell International. Before that, he was a consultant with the Ernst & Young Advanced Security Centers and an analyst at the National Security Agency.


Milan Patel is a Managing Director at K2 Intelligence.

Before joining K2 Intelligence, Milan served as the FBI Cyber Division’s Chief Technology Officer (CTO) where he was responsible for advising FBI Cyber Division on policy, strategy and the tactical direction of information and operational technologies used in cyber investigations by the FBI’s cyber field operations across all 56 FBI offices in the United States.  As the technology lead for the FBI Cyber Division he identified and implemented technologies used in cyber incident response, traditional cyber investigations, and to support interagency cyber threat intelligence sharing within the United States intelligence community – the CIA, NSA, and DHS. Leading a team of senior FBI agents, he was also charged with developing more efficient processes and utilization of the Cyber Division’s enterprise cyber threat management platform.

Most recently, Milan organized and co-led the Joint Requirements Team, facilitated by the White House National Security Council – Cyber Security Directorate, a team charged with creating inter-agency business and technology requirements to address President Obama’s Executive Order 13636, “Improving Critical Infrastructure Cyber Security.” This led to the development of the first national cyber incident severity scheme approved by the White House and senior leadership within the United States Intelligence and Federal Law Enforcement Communities and outlines how and when the United States Government will respond and coordinate during cyber incidents within the United States.

Prior to serving as the technology lead for the Cyber Division, Milan was one of the most senior Special Agents in the Cyber Division. He was a Supervisory Special Agent at FBI headquarters in Washington DC where his responsibilities included managing enterprise investigations, as well as providing cyber threat intelligence briefings to the critical infrastructure sector organizations.


Greg Temm is Vice President for Information Security at MasterCard joining MasterCard in 1999. Mr. Temm currently has leadership responsibility for Public Private Partnership and Cyber Intelligence. Mr. Temm is accountable for the development and ownership of MasterCard’s cyber intelligence program while also serving as MasterCard’s emissary to the intelligence and information-sharing community for cyber threats. Prior to his current role, Mr. Temm has lead Information Security Strategy, charged with the development and ownership of the overall strategy for MasterCard’s Informaton Security program; Security Detection and Response, accountable for the response to cyber security incidents as well as the Security Event Management program; Threat Management, charged with governance and oversight for vulnerability identification & remediation efforts; Information Security Technical Services, responsible for access management of MasterCard’s systems; and numerous leadership roles in Global Network Operations and Global Debit Operations.

Mr. Temm is a strong advocate for information sharing initiatives where he started or expanded MasterCard’s participation with information sharing entities. Mr. Temm serves as a key leader on the Threat Intelligence Committee (TIC) of the Financial Services Information Sharing & Analysis Center (FS-ISAC) serving as secretary for both the TIC Executive Committee and the TIC. Mr. Temm is also a member of the Financial Services Sector Coordinating Council (FSSCC). Additionally, Mr. Temm contributes to the Financial Services Roundtable, BITS, the Business Roundtable, U.S. Secret Service’s Gateway Electronic Crimes Task Force, Infragard, and Washington University in Saint Louis’ Information Security Roundtable, among other industry security boards.

Mr.Temm is a member of the Board of Directors for the FS-ISAC and is also Chairperson of the Board of Directors for MPACT, a state-wide 501(c)(3) training agency serving thousands of families across the state for over 26 years. Additionally, he serves on the Advisory Board for Lindenwood University.

Mr. Temm holds a Bachelor of Science degree in Business Administration from Lindenwood University graduating with Magna Cum Laude honors and is a Certified Information Systems Security Professional (CISSP). He is also a member of the High Technology Investigation Association (HTCIA) and the Intelligence and National Security Alliance (INSA).


Michael A. Vatis is a partner in the New York office of Steptoe.  His practice focuses on Internet, e-commerce, and technology matters, providing legal advice and strategic counsel on matters involving privacy, security, encryption, intelligence, law enforcement, Internet gambling, and international regulation of Internet content.  He also is an experienced appellate litigator, representing clients before the US Supreme Court and federal courts of appeals.

Mr. Vatis has spent most of his career addressing cutting edge issues at the intersection of law, policy, and technology.  He was the founding director of the National Infrastructure Protection Center at the FBI, the first government organization responsible for detecting, warning of, and responding to cyber attacks, including computer crimes, cyber terrorism, cyber espionage, and information warfare.  Before that, Mr. Vatis served as Associate Deputy Attorney General and Deputy Director of the Executive Office for National Security in the Department of Justice, where he advised the Attorney General and Deputy Attorney General and coordinated the Department’s activities involving counterterrorism, intelligence, encryption, and cyber crime.  In that capacity, he also helped lead the development of the nation’s first policies regarding critical infrastructure protection.  Mr. Vatis served as Special Counsel at the Department of Defense, where he handled sensitive legal and policy issues for the Secretary and Deputy Secretary of Defense and the General Counsel, receiving the Secretary of Defense Award for Excellence.

After leaving the government in 2001, Mr. Vatis served as the first Director of the Institute for Security Technology Studies at Dartmouth, a federally funded counterterrorism and cyber security research institute.  He was simultaneously the founding Chairman of the Institute for Information Infrastructure Protection (I3P). I3P, a consortium of leading cyber security research organizations, worked with industry, government, and academia to develop a comprehensive research and development agenda to improve the security of the nation’s computer and communications networks.  Mr. Vatis also served as the Executive Director of the Markle Task Force on National Security in the Information Age, a highly influential group of technology company executives, former government officials, and civil libertarians that recommended ways the government could more effectively use information and technology to combat terrorism while preserving civil liberties.  Mr. Vatis was the principal author of the group’s second report, whose recommendations were adopted by the 9/11 Commission and included in the 2004 Intelligence Reform Act.


Aaron advises clients on a broad range of complex privacy and cybersecurity matters, including state, federal and international privacy and data security requirements as well as the remediation of large-scale data security incidents. He helps clients identify, evaluate and manage risks associated with their collection and use of information.

Aaron is well known as a top privacy professional and has been recognized by Chambers and Partners, New York Super LawyersComputerworld and The Legal 500 for his work on behalf of clients. He is a sought-after media resource on privacy issues and has been quoted in publications such as Bloomberg Businessweek Magazine, DataGuidance and TIME Magazine. Aaron regularly speaks before industry groups, legal organizations, government agencies and educational institutions at conferences, seminars, roundtables and webinars. In addition, Aaron lectures on privacy and information security at Columbia University. He has written and co-written numerous articles, book chapters and handbooks on privacy and information security issues.

He is a member of the New York State bar and received his J.D. from the University of Virginia School of Law and his B.A., with high honors, from the University of Texas.


David A. Stampley, a partner at KamberLaw, focuses on litigating data privacy and security issues on behalf of consumers. Mr. Stampley has previously served as an Assistant Attorney General in the New York State Attorney General’s office, where he led landmark cases to protect consumers‘ online privacy and security in enforcement actions against DoubleClick, Ziff Davis Media, Eli Lilly (the prozac.com data breach), and AOL/Netscape (SmartDownload spyware).

In the private sector, Mr. Stampley managed digital forensics services and served as a privacy compliance consultant to global clients for Neohapsis, a highly regarded provider of information risk management and security consulting services, where he was also General Counsel.


Josh is an experienced information security analyst with over a decade of experience building, operating, and running Security Operations Centers (SOCs). Josh currently serves as VP, CTO - Americas at FireEye. Until its acquisition by FireEye, Josh served as Chief Security Officer for nPulse Technologies. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT. In addition to Josh’s blogging and public speaking appearances, he is also a regular contributor to DarkReading, SecurityWeek, SC Magazine UK, and The Business Journals.


McLean B. Sieverding joined InfoLawGroup as Senior Counsel in 2015.  Mr. Sieverding’s practice focuses on identifying and managing state, federal, and international privacy and data security issues and risks for a broad range of clients in the software, financial services, healthcare, IT, new media, telecommunications, retail, and various other industry sectors.  Mr. Sieverding is also a seasoned data breach law attorney, having closely managed more than 500 data breach remediations.  Prior to joining InfoLawGroup, Mr. Sieverding spent more than a decade practicing in the Communications, Media & Privacy group at Willkie Farr & Gallagher LLP (Washington DC office), and he most recently served as Assistant General Counsel for Int’l Data Protection & Regulatory Compliance at Verizon.


Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto chairs Hunton & Williams’ top-ranked Global Privacy and Cybersecurity practice and is the managing partner of the firm’s New York office. She also serves on the firm’s Executive Committee. Lisa was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and has received top rankings for privacy and data security by Chambers and Partners and The Legal 500. She serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. Featured as “The Queen of Breach” in an article by New York Super Lawyers Magazine, Lisa provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness. Since 2005, she has advised clients on more than 1,200 cybersecurity and data breach incidents in the U.S. and abroad, including many of the seminal events. Lisa is the editor and lead author of the legal treatise entitled Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. She is co-chair of the International Privacy Law Committee of the New York State Bar Association, chair of the New York Privacy Officers’ Forum, and a former member of the Board of Directors of IAPP.