Listed according to role and session.
Tuesday, June 7, 2016
DAVID NAVETTA is a US co-chair of Norton Rose Fulbright’s data protection, privacy and access to information practice group. David focuses on technology, privacy, information security and intellectual property law. His work ranges from compliance and transactional work to breach notification, regulatory response and litigation. David currently serves as “breach coach” or is on the approved panel for numerous cyber insurance carriers and companies, and has helped dozens of companies across multiple industries respond to data security breaches. David has enjoyed a wide variety of legal experiences over his career that have provided him with a unique perspective and legal skill set, including work at a large international law firm, in-house experience at a multinational financial institution, and an entrepreneurial endeavor running his own law firm. Prior to joining Norton Rose Fulbright, David co-founded InfoLawGroup LLP, a law firm focusing on information technology, privacy, security and IP-related law. Under David’s leadership, InfoLawGroup was ranked as one of the top privacy and data security firms in the United States by Chambers USA in 2013 and 2014. David and InfoLawGroup successfully served a wide assortment of US and foreign clients from large Fortune 500 multinationals, retailers, hotels and restaurants, ubiquitous social media companies and sophisticated technology companies, to healthcare companies, financial institutions, name-brand traditional brick-and-mortar companies, energy companies and start-ups. David previously worked for over three years in New York as assistant general counsel for American International Group’s eBusiness Risk Solutions Group. While there, David analyzed and forecasted information security, privacy and technology risks, drafted policies to cover such risks, and worked on sophisticated technology transactions. David also engaged in commercial litigation for several years prior to going in-house, including working at the Chicago office of Sedgwick, Detert, Moran and Arnold, a large international law firm. David is a Certified Information Privacy Professional through the International Association of Privacy Professionals. David previously served as a Co-Chair of the American Bar Association’s Information Security Committee and was also Co-Chair of the PCI Legal Risk and Liability Working Group. David also served as the Chairman of the ABA’s Information Security Committee’s Information Security Contracting & Risk Management Working Group. He has spoken and written frequently concerning technology, privacy and data security legal issues, and is frequently cited as an expert in the press and otherwise.
BO HOLLAND has delivered innovative technology solutions to enterprise companies for over twenty years. In 2004, Holland founded AllClear ID and currently serves as CEO. His team of expert consultants advises companies on the customer-facing aspects of data breach response, and provides the operational capacity to successfully respond to data breach events of any size. Holland holds the patent for Instant Authorization, the underlying technology of the exclusive Alert Network (U.S. Patent No. 7,983,979). AllClear ID has notified over 240 million consumers on behalf of Fortune 500 companies and government agencies, while offering the best service in the industry with a 94% customer satisfaction rating and 24 Stevie Awards. Prior to AllClear ID, Holland was founder and CEO of Works, Inc., acquired by Bank of America in 2005. Works develops commercial payment solutions for large organizations and distributes the product through large financial institutions. Holland invented the technology that enables organizations to approve and control payments for operating expenses via credit cards. Prior to Works, Holland served as Director of Product and Marketing for Pervasive Software and was instrumental in taking the company public in 1997. Prior to Pervasive, Holland was employee 32 at Citrix Systems and key to developing the product strategy and distribution that laid the foundation for the company revenue growth to over $750 million in 2004.
JOHN MERCHANT is Senior Vice President, Cyber Insurance Underwiter for Validus Holdings Inc. He is responsible for new product development and production for North America. He has been engaged in product development, marketing and underwriting of Cyber insurance products since 2007 and has held similar positions at Nationwide, Hartford and AIG. John is a graduate of the University of Connecticut, a former rugby player and an avid cyclist.
REBECCA SWANSON is the Managing Director of Miscellaneous E&O at Markel; this includes the Misc. Professional Liability, Information Technology Professional and Data Breach Liability coverage. She began her insurance career in 1996 and is an experienced miscellaneous professional, technology professional and cyber liability specialist with experience in all professional liability insurance coverages. Managed a team of underwriters providing training and leadership with a focus on misc./technology professional and employment practices liability risks. Her focus has been on Miscellaneous and Technology Professional and Cyber liability coverage for the past 10 years. As the Managing Director of Misc. E&O, Technology and Cyber Liability products at Markel Corporation, she is responsible for policy language analysis and development, creation and implementation of underwriting guidelines, rate strategy analysis, training and continued education. Presentations including continuing education instructor on Cyber and Misc. Professional, coverage panels sponsored by brokerage firms, Data Privacy and Security Exposures for public entities, Panel discussions for ACI’s Cyber & Data Forum, NetDiligence Cyber Forum, PLUS panel discussions on Emerging Trends in Professional Liability and What’s New in the Realm of Real Estate and Cyber Security World panel on cyber insurance.
JILL SALMON is Vice President of Berkshire Hathaway Specialty Insurance’s Professional Liability Group. She is involved in the placement and negotiation of coverage related to all lines of Professional Liability, including Media, Tech and Cyber. Most recently, Jill spent 5 years at AIG, managing Lexington’s National Account business. Her previous experience includes senior underwriting positions at Catlin, Quanta and CNA. She started her career at AIG, with National Union in 1995. Jill attended Brooklyn Law School, and earned her MBA and BS in Finance at St. John’s University.
8:45 Cyber Claims & Loss Updates
MEREDITH SCHNUR (moderator) is the national practice leader for the Professional Risk Practice at Wells Fargo Insurance. In her role, she oversees the regional operations for all executive liability and professional liability lines of coverage. She also serves as an in-house resource for all professional liability, technology errors and omissions, media liability, network security, and privacy related lines of coverage. In this role, she provides consultative services, market negotiations, policy analysis and placement, policy administration, and claims advocacy services. Meredith has 21 years of experience in the insurance industry, the last 12 as a national practice leader in the Professional Risk Practice. Prior to joining Wells Fargo Insurance, Meredith was an underwriter at Royal & SunAlliance and American International Group. She spent nine years underwriting professional and technology errors and omissions lines of coverage. She speaks on various panels relating to the topics of network security and privacy for all industry classes and conducts seminars on behalf of our local and regional offices. Meredith received her Bachelor of Science degree in Business/Economics from the State University of New York at Oneonta, where she graduated cum laude, and obtained her Chartered Property Casualty Underwriter designation in 2000. She was named one of the Top 25 “Women to Watch” by Business Insurance in December 2012 and a 2013 “Power Broker” by Risk & Insurance.
MARK GREISIGER is the President of NetDiligence which provides cyber risk assessment and data breach response services for insurers and Risk Managers to help them better understand if an insured organization deploys reasonable & prudent security and privacy safeguards in order to mitigate data breach loss & liability risk. Since 2001 NetDiligence services have been utilized (and often required) by the majority of insurers in US & UK that offer privacy liability insurance products, providing loss control services for their insured business clients. Mark is also to a frequently published contributor for various insurance & risk management publications on similar topics. Education: MS Information Systems, Drexel University; MS Villanova University ; BS Pennsylvania State University.
BETH DIAMOND is the Global Head of Third Party Complex Claims and the Global Claims Team Leader for Technology, Media and Business Services claims at Beazley. Ms. Diamond has extensive experience in data privacy and cyber security matters, assisting insureds in navigating through immediate and comprehensive responses to data breaches and network intrusions. She speaks frequently in national and international forums on issues of privacy, computer security and insurance, and is considered a leading and respected voice in privacy claims. Prior to joining Beazley nine years ago, Ms. Diamond spent over eleven years as a practicing attorney at a large international law firm in New York, specializing in complex commercial litigation. While in private practice, Ms. Diamond handled litigation in state and federal courts, bench and jury trials, as well as domestic and international arbitrations. Ms. Diamond also regularly provided litigation advice on corporate deals, and is a trained mediator. Ms. Diamond graduated from Wellesley College, and Cornell Law School, where she was the Senior Articles Editor of the Cornell Journal of Law and Public Policy and was named to Who’s Who of American Law Students. She completed a federal clerkship in 1996 for The Honorable Alfred J. Lechner, Jr., United States District Court, District of New Jersey.
JEREMY GITTLER is the Practice Leader and Head of Cyber Americas at XL Catlin. He and his team coordinate and implement data breach response and crisis management services for XL Catlin insureds that have suffered a cyber-attack. Jeremy and his team also evaluate coverage and draft detailed analyses pursuant to cyber, technology, media, and miscellaneous professional liability policies. He advises senior management, underwriters, brokers and insureds on coverage, litigation / dispute resolution strategies, and the business impact of lawsuits. He has spoken at numerous conferences throughout the U.S. on Cyber Risk and Privacy Liability. Jeremy joined XL in 2012 after working six years in the Cyber / Technology / Media Liability claims group at AIG, where he rose to the position of Senior Complex Claim Director. Prior to that, Jeremy was a litigator who practiced in both state and federal courts for one of the largest law firms in the U.S. He graduated with honors from Emory University with a B.A. in History, and obtained his J.D. from Benjamin N. Cardozo School of Law.
CHRIS NOVAK is a co-founder and the Director of the Verizon Investigative Response Unit – a division of the Verizon RISK Team. He is an internationally recognized expert in the field of Investigative Response and Computer Forensics. He has been involved with information security for over a dozen years. Christopher has assisted corporations, government agencies, and attorneys with all matters involving computer forensics, fraud investigations, and crisis management. He has testified as an expert witness in various matters and before such bodies as the Supreme Court of the State of New York. He has also briefed United States congressional committees such as Senate Banking, House Financial Services, Senate Commerce, House Energy & Commerce, Senate Judiciary, House Homeland Security and Senate Homeland Security & Government Affairs. He has been an advisor on dozens of high-profile intrusion and data breach investigations around the globe. He works closely with local, state and federal law enforcement agencies as well as joint investigative operations coordinated with foreign law enforcement. Christopher has worked in various consulting positions within Verizon; from individually contributing to a larger tactical response team to his current position, where he manages a global team of highly skilled consultants. Each of these teams around the world maintains experts in various fields of study and practice, such as forensic analysis, malware reverse engineering, threat intelligence analysis and threat actor attribution, among others… Christopher specializes in high-level crisis and emergency response matters and is regularly consulting with executives from Fortune 500 companies with regard to pre-planning for such situations as well as leading active crisis response matters and liaising with external partners. Christopher is an active public speaker, discussing various topics ranging from high-level best practices to executive-level crisis management. He has been a contributing member of the Verizon Data Breach Investigations Report since its first publication in 2008 and has been featured in such media outlets as The Wall Street Journal, ABC News, American Banker, and many others. Christopher is an active member among multiple industry trade groups and a frequent guest lecturer at universities. He also serves as an advisor for many industry-related associations in an effort to further promote cybersecurity awareness and education as well as working closely with organizations as it relates to various policy initiatives on the topic of cybersecurity. Christopher holds a Bachelor of Science Degree in Computer Engineering from Rensselaer Polytechnic Institute.
ROBERT J. JONES is the Global Head of Financial Lines, Specialty Claims, at AIG. Robert is responsible for claims within the Cyber, Technology, Media, Fidelity and Kidnap & Ransom lines of business. Robert has developed Financial Lines expertise through a variety of technical and managerial roles in Claims, Reinsurance and Underwriting. Robert began his career at The Travelers in 1989 and joined AIG in 1992. Robert received a B.S. from the State University of New York at Binghamton.
10:00 BREAK-OUT SESSIONS
Choice A: Internet of Things
DAVE NAVETTA (moderator) See above biography for this conference co-chair.
NEERAJ SAHNI is a national resource for Willis’s efforts on Network Security, Privacy and Technology Error & Omissions risks. Neeraj focusses on insurance solutions to address the Security / Privacy liability and first party risk associated with in the retail, healthcare and financial industries. Neeraj maintains a strong knowledge of evolving regulatory laws for data breach notification as well as recent developments in the realm of data security and privacy. Prior to joining Willis, Neeraj was Director of Insurance Channel at Kroll responsible for developing and managing opportunities for breach response services with insurance carriers. Neeraj also served as Director of Security and Privacy at AIG responsible for risk assessment of potential insureds, cyber product and underwriting. At CNA, Neeraj was IT Audit Manager responsible for worldwide infrastructure audits, forensic investigations and incident response. Named a 2015 Power Broker for Retail by Risk and Insurance Magazine, Neeraj is a frequent speaker at a wide range of cyber events and conferences and also contributes on data privacy/security issues via social media and publications. Neeraj holds a Bachelor degree in Civil Engineering and Masters in Business Administration from Loyola University Chicago.
PETER HEDBERG started his insurance career on the brokerage side in 2003 at Hays Companies in the Midwest. He handled management liability lines in addition to professional and privacy (cyber) insurance covers, representing his clients to the marketplace and placing coverage. In 2013 he moved to New York and joined the underwriting side at Hiscox, a global specialty insurance company based in London. He currently manages a large book of new and renewal technology professional and privacy liability insurance for the Northeast region of Hiscox. Hedberg earned his BA from Gustavus Adolphus College (St. Peter, MN) and completed relevant graduate work toward a Master of Business Communications from the University of St. Thomas (St. Paul, MN). He recently earned his Registered Professional Liability Underwriter (RPLU) designation in addition to being a licenses insurance agent with the State of New York
BENJAMIN CAUDILL is the Founder and Principal Consultant of Rhino Security Labs, a cybersecurity services firm headquartered in Seattle, WA. As a security professional, Benjamin has seen a wide range of security environments, with clients ranging from mobile startups to government agencies and Fortune 500’s. He’s been published in Wired Magazine, CNN, Forbes and elsewhere, as well as presented at major security conferences such as Defcon. Credentials – Degree – BA of Information Systems from Washington State University; Certifications – GWAPT | CHFI | CEH
PASCAL MILLAIRE is the General Manager of Symantec’s new Cyber Insurance Group. In that role he is responsible for developing new actuarial, underwriting and assessment products that leverages Symantec’s cyber security data and for establishing product partnerships with insurers. He was previously the President of a technology company that provides white label IoT mobile solutions to hotel companies and spent 7 years at McKinsey and Company, where he served insurance clients on topics of P&C product strategy, claims process design, broker compensation, re-insurance risk management and product pricing. Pascal holds an MBA from the Stanford Graduate School of Business and a BA (Hons) from the Univeristy of Cambridge.
MATT AHRENS has over 15 years of security experience leading incident response services, managing security within a DevOps environment, and developing security products for companies including GuidePoint Security, Living Social, and Neustar. He is an industry expert at investigating large data breaches involving millions of records, evaluating DDoS culture, and researching darknet markets and ecosystems. He has extensive experience analyzing large datasets using Hadoop, Splunk, and other manual techniques. Mr. Ahrens also has spent the last couple years researching and working with embedded devices to understand the ecosystem of data stored in those devices. Mr. Ahrens’ background leading data breach investigations has introduced him to a wide breadth of attacks and allowed a macro view across multiple clients targeted by similar threat actors.
Choice B: The Basics of Cyber Risk and Privacy Coverage
REBECCA SWANSON (moderator) See above biography for this conference co-chair.
RICHARD DePIERO is the head of North American Cyber Liability, Technology, Media and Telecom Errors and Omissions for Swiss Re Corporate Solutions. Richard joined Corporate Solutions in 2014 to drive growth and develop Swiss Re’s cyber portfolio. In his role, he is responsible for setting underwriting standards and product development through assessing risk, industry forecasting, and portfolio management. Richard implements professional development and training within his team and is a frequent speaker at industry events. Prior to joining Corporate Solutions, Richard worked at Marsh USA where he led the East Zone placement brokers for large commercial clients in the FINPRO Center of Excellence. In this role he served as a national resource for clients and colleagues focusing on Cyber Liability, Technology/Telecom Liability, Media and Miscellaneous Liability with responsibilities including advising clients on risk identification, programs design, manuscripting policy language, and pricing. He began his career with Electric Insurance (a GE subsidiary) in 2002, holding various claims and management roles. Richard holds a BA in History from the University of Massachusetts at Amherst
TIM BURKE is the Director of Cyber Risk at IMA, Inc. As the practice leader he is in charge of researching emerging issues and creating proprietary solutions. Areas of focus include creation of custom risk transfer programs based on industry segment, loss control solutions and fostering partnerships with service providers. Tim has over 15 years experience underwriting and selling cyber insurance. He has assisted numerous clients manage through high profile data breaches. Those experiences allow him a unique perspective on both the design and claims protocol of cyber insurance. He specializes in working with companies in the energy, retail, hospitality, financial institutions and healthcare industries. He is a frequent presenter at industry conferences and a recognized innovator in the rapidly evolving area of cyber risk. Tim has a BA from the University of Kansas and a MBA from the University of Denver.
THOMAS KANG is the Cyber Product Manager of Harford Financial Products. As the Cyber Product Manager, Thomas is responsible for the strategic development of privacy and network security insurance products and related risk management services. He also oversees the development and execution of cyber related underwriting and product strategies across The Hartford to ensure tailored cyber risk solutions for clients.
Thomas is a graduate of Fordham University School of Law.
FLORENCE LEVY is Senior Vice President at JLT Specialty Services, Inc. Florence focuses on creating cyber and E&O risk management programs for companies in a wide array of industries. She works with clients to understand their business goals, then assesses and develops programs or alternative risk transfer solutions that match their risk management objectives. Her expertise lies in identifying exposures, program design, contract language, negotiation and claims advocacy to ensure her consultancy reflects her clients’ unique exposures. Florence has over ten years of experience in the insurance industry as a Cyber and Commercial E&O specialist. Prior to joining JLT, Florence was the Head of the U.S. Global Technology and Privacy Practice for Lockton Companies, as well as the National Practice Leader for Aon’s Professional Risk Solutions Group for two years prior to that. Florence has spoken at many industry wide events, including RIMS chapter engagements and HB Litigation’s NetDiligence conference. She has also been interviewed and quoted in a variety of trade publications, including Business Insurance and Property Casualty 360 °. Florence obtained a Bachelor of Arts degree from the University of Michigan in Ann Arbor, a Juris Doctor degree from the University of Denver.
SIMON WHITE is Senior Vice President, Liberty International Underwriters – New York. Simon leads LIU’s Professional, Privacy and Technology Liability Group in the US and has national underwriting oversight for product development, marketing and strategy for their suite of MPL, Privacy and Technology E&O products. He is a leading underwriter in this field and has expertise on all aspects of data privacy risk, including exposure assessments, the changing regulatory environment and the development of Cyber products to deal with those exposures. Simon has more than 23 years of experience within the industry, primarily as a broker with both Aon and Marsh, acting in various senior client advisory and transaction specialist roles on behalf of large professional service firms and fortune 500 clients. In every position, he has proven to be an adept communicator who is able to evaluate clients’ needs and recommend appropriate solutions. Simon holds a degree from Cardiff University in the United Kingdom.
Choice C: The Evolution of Cyber Products
JOHN MERCHANT (moderator) See above biography for this conference co-chair.
BRIAN THORNTON is President of ProWriters, which is an MGU and Wholesale Brokerage underwriting and placing Cyber Liability insurance for all sized businesses in all 50 states. ProWriters has a growing niche for Cyber Liability coverage for businesses using their experience and expertise to simplify the process for their agents and insured’s. Brian has 17 years of insurance industry experience in underwriting and leadership roles. Prior to taking the reins at ProWriters, he was the Regional Executive and Senior Vice President at Hiscox Inc., where he started their Los Angeles and Chicago offices to serve those regions for all products. While at Hiscox, Brian also served as the Technology & Cyber Product Head for the U.S. Prior to Hiscox, Brian was an underwriter at Chubb and served in a variety of roles at National Union (AIG) in claims and underwriting focused on large, complex, and difficult Professional and Management Liability risks. Brian holds a B.A. In Management from Gettysburg College.
TED AUGUSTINOS is a partner of Locke Lord LLP, an international law firm in the US, UK and Asia. He serves as a member of the Steering Committee of the firm’s Privacy and Cybersecurity Group, and leads its Breach Response Team. Ted has counselled clients in numerous industries, including financial services, healthcare, insurance, defense, retail, public utilities, and education. He has provided advice on collection, use and sharing of customer information, and breach preparedness and response. Ted has represented clients in many industries in responding to data breaches involving millions of affected individuals throughout the United States and around the world. In the healthcare industry, he has represented large, internationally-known hospitals and hospital groups, as well as small physician’s practices and medical labs. Ted has led teams of internal and external client resources in directing forensic investigations; analyzing applicable state, federal and foreign legal and regulatory requirements; preparing notifications to affected individuals and notices to contractual counterparties and governmental agencies; and responding to inquiries from various regulatory and enforcement agencies. Ted advises clients in compliance with myriad privacy and data security obligations, including those governing collection, use, transmission storage, and destruction of data. He assists clients in product and website design, and the drafting and implementation of appropriate and compliant policies and procedures. In breach preparedness, he provides advice on the development of incident response plans, and the assembly of appropriate teams to identify and address suspected data security incidents. Ted often negotiates terms of vendor contracts and acquisition documents related to privacy and data security, including representations and warranties, and indemnification provisions. A frequent speaker and writer, Ted is a Certified Information Privacy Professional accredited by the International Association of Privacy Professionals. He is a graduate of St. Lawrence University and Boston University School of Law.
LAURA BURKE recently accepted a role as Executive Underwriter of Cyber, Technology, Media and Specialty PI at Allianz Global Corporate & Specialty. In this role, Laura is responsible for the placement of enterprise cyber and professional liability risks. Prior to joining Allianz, Laura was the Cyber Practice Leader for Lockton Chicago. Additionally, Laura has previous experience advising clients on complex risks at a few of the largest international brokerage firms. Laura holds the CIPP/US certification, earned her MBA at the University of Chicago Booth School of Business and BS at Virginia Polytechnic Institute and State University (Virginia Tech).
DAVID LEWISON is the National Co-Practice Leader for the Professional Lines Practice of AmWINS Brokerage Group. AmWINS Group is an insurance wholesaler with over 90 offices in 16 countries. Dave is highly experienced in management and professional liability products such as: Directors & Officers, Cyberliability, Employment Practices and Professional Liability. He supports the national practice by assisting with claim disputes, authoring client advisories, creating risk analysis tools, developing proprietary products, managing market relationships, providing coverage comparisons and other value added resources. Dave has taught continuing education classes on the subjects of Directors & Officers Liability, Employment Practices Liability and Cyberliability. He has presented on seminar panels covering topics such as privacy insurance, leveraging boards of directors, corporate turn-arounds and bankruptcies. Dave regularly authors articles on Cyberliability and management liability issues. Many of them can be found at InsuranceThoughtLeadership.com. He also moderates a LinkedIn group on Security & Privacy Insurance. Dave regularly draws upon his experiences from more than fifteen years as a wholesaler as well as his five and a half years as a retail insurance broker and insurance company underwriter. His knowledge base built from three different sides of an insurance transaction is well rounded, yet specialized in management liability insurance products. Product specialization is a critical component of the value proposition for both Dave and AmWINS Brokerage.
ERICA DAVIS has been Vice President and Assistant National Manager for Specialty E&O at Zurich since April 2012. She oversees the Professional Liability, Security & Privacy and Employed Lawyers lines of business for the National Accounts segment. Previously, Ms. Davis was part of the Commercial Markets division of Zurich with roles as the East Zone Technology Manager and Middle Markets Underwriting Manager for New York and New Jersey. Prior to joining Zurich in 2009, Ms. Davis led a team of underwriters at the Chubb Group of Insurance Companies specializing in Information and Network Technology and was a Senior Underwriting Officer there for the Technology Insurance Specialty. Her background includes both professional coverage as well as the property and casualty lines of business. Ms. Davis received her B.A. degree in English from the University of Arizona.
11:30 BREAK-OUT SESSIONS
Choice A: Lessons Learned from 10 Years of Litigation
RON RAETHER (moderator) is a partner in the Cybersecurity, Information Governance and Privacy, and Financial Services Litigation practices at Troutman Sanders. Ron is known as the interpreter between the business and information technology, guiding both parties to the best result. In this role, Ron has assisted companies in navigating federal and state privacy laws for almost twenty years. Ron has been involved in seminal data compliance cases, assisting one of the first companies required to provide notice of a data breach and successfully defending companies in over 50 class actions. Ron not only works with companies which have experienced unauthorized access to consumer data or have been named defendants in class actions and before regulators, but also has advised companies in developing compliance programs to proactively address these issues. Ron is also a Certified Information Privacy Professional.
SCOTT VERNICK is a partner at Fox Rothschild LLP. He tries cases for Fortune 500 companies, and focuses his practice on privacy and data security, technology, IP, and health care. A noted authority on privacy law, he counsels multinational and mid-sized businesses on how to mitigate risk and overcome challenges posed by the federal and state enforcement environment. Scott also spearheaded the creation of Fox’s Data Breach 411 iPhone app. Since 2007, Chambers USA has ranked Scott as a leading litigation attorney in Pennsylvania. He received his J.D., cum laude, from Georgetown University and his B.A. from Trinity College.
WINSTON KRONE is the Managing Director of Kivu (www.kivuconsulting.com), a nationwide technology firm specializing in the forensic response to data breaches and proactive IT security compliance. Kivu, headquartered in San Francisco with offices in Los Angeles, New York and Washington DC, is a pre-approved cyber forensics vendor for leading insurance carriers, handling cases throughout the US and Canada. Winston has handled the technical response and remediation on numerous breaches and computer network intrusions in a wide range of sectors including education, healthcare, professional services, and financial institutions. He has frequently testified as a cyber expert before US regulators, in po st-breach litigation, in state and Federal courts regarding computer forensic issues, and has been appointed a Special Master in a major Federal class action involving millions of student records. Winston is an English solicitor and California attorney, experienced in privacy and cyber issues. Winston received his law degree from Oxford University, UK.
ANDREA HOY is the founder of A.Hoy & Associates, a “virtual CISO” provider as well as infosecurity consulting, GRC, incident response, training firm, assisting companies to establish policies and procedures to comply with NIST CyberSecurity Framework, top 20 Critical Controls, EUPD and privacy laws here and abroad to name a few. She represented the US as diplomat to China on eDiscovery and forensics. Ms. Hoy received her initiation into the infosec community when her hard work and dedication for a safe international event earned her the role as an Asst. Venue Manager for the highly successful LA Summer Olympic Games. Andrea’s leadership positions include leadership roles for McDonnell Douglas, Rockwell, and Boeing NA. Her clients are from a diverse mix of industries that include Litton, Pacific Life, Genentech, Molina Healthcare, Activision, WAMU (now Chase), Hamni, Uniti and East West Banks. Among her other accomplishments, she was the first Chief InfoSecurity and Data Privacy Director for Fluor and has served and been recognized as an advisor to the Pentagon, and as ISO for the 5th largest credit union as it went through its most major technology and growth past $10 billion in assets and 600,000 in membership.
Choice B: State of Litigation
JIM GISZCZAK (moderator) is a Member of McDonald Hopkins PLC, in Bloomfield Hills, MI Office. Mr. Giszczak has extensive knowledge advising on, auditing and litigating noncompete, nondisclosure and trade secret matters in nearly every industry. In addition, he has considerable nationwide experience prosecuting and defending employers and employees in noncompete, nondisclosure and trade secret litigation, as well as injunction hearing expertise. Mr. Giszczak has litigated these types of matters in 37 states and counseled in all 50 states. Mr. Giszczak often advises clients regarding restrictive covenant, trade secret and employment issues related to physicians, sales representatives, customer account representatives, key administrators, and technical and clinical personnel. His practice also focuses on business and commercial litigation with trial, litigation and consultation expertise in sales representative and business disputes. Education: University of Notre Dame Law School, J.D., cum laude (1992).
JOHN MULLEN is the Managing Partner of the Philadelphia Regional Office and Chair of the US Data Privacy and Network Security Group with Lewis Brisbois Bisgaard & Smith. Mr. Mullen concentrates his practice on first- and third- party privacy and data security matters, and (with his team) serves as a data breach coach/legal counsel for entities coping with data privacy issues. Mr. Mullen is well-versed in the complex state, federal, and international rules and laws governing data collection, storage and security practices and breach response obligations. Mr. Mullen has been on the forefront of developing the cyber market in the insurance industry, and continues to assist insurers, brokers, risks managers, underwriters, product specialists and professional claims personnel in navigating this rapidly- developing territory. Mr. Mullen holds a B.S. from Pennsylvania State University (1987) and a J.D. from Arizona State University, College of Law (1991).
ALEX TIEVSKY is an attorney at Edelson PC where he represents Thomas Robins, the plaintiff in Spokeo Inc. v. Robins, No. 13-1339 (U.S.). Edelson PC is a recognized leader in plaintiffs’ class and mass action litigation, with a special emphasis on technology and privacy cases. As part of the firm’s Issues & Appeals group, Alex litigates class actions on behalf of consumers in appellate courts nationwide, most recently in Carlsen v. GameStop, Inc., No. 15-2453 (8th Cir.) and Mason v. Machine Zone, Inc., No. 15-2469 (4th Cir.). Alex attended the Northwestern University School of Law and the University of Chicago, and he started his career as an analyst and software developer for an enterprise electronic medical records vendor.
ADAM GOLODNER is a partner and the Leader of the Global Cybersecurity & Privacy Practice Group at Kaye Scholer LLP, a leading global law firm. With a career spanning more than 20 years in leadership positions across business, academia, and government, Mr. Golodner provides strategic advice and action in complex issues at the intersection of technology, security, business, and law – including public policy, litigation, corporate governance and transactions. A recognized thought leader, the National Law Journal named him a “Cybersecurity Trailblazer” in its 2015 inaugural list of people who had made a difference in cybersecurity and privacy. Prior to joining Kaye Scholer, LLP, he spent ten years as an executive at Cisco Systems, Inc., leading its global cyber policy, and advising government leaders globally on cyber and national security issues. Conversant in both the language of C-Suite executives including Chief Information Officers (CIO), and Chief Information Security Officers (CISO), and senior policymakers in The White House, Congress, and governments globally, Mr. Golodner provides concrete advice and win-win solutions to complex cyber problems. Mr., Golodner has driven cross-functional results in issues relating to security, privacy, innovation, antitrust, cloud, Internet of Things, big data, critical infrastructure protection, information sharing, product integrity and supply chain issues. Before joining Cisco, Mr. Golodner held positions at Dartmouth College as the Associate Director of the Institute for Security, Technology and Society; the United States Department of Justice, as the Chief of Staff of the Antitrust Division; the U.S. Department of Agriculture, as Deputy Administrator of the Rural Utilities Service; and The White House as a Search Manager in Presidential Personnel (on leave from law firm). Throughout his career, Mr. Golodner has served on various working groups and participated in various policy dialogues presentations, including the Organization for Economic Co-Operation and Development (OECD) Security Experts Group, the Aspen Institute, the Council of Foreign Relations, Business Executives for National Security (BENS), the Salzburg Global Seminar, the Executive Committee of the Information Technology Sector Coordinating Council (IT-SCC), International Common Criteria Conference, National Academy of Sciences, delegate to the Budapest and the Seoul Global Conferences on Cyberspace, the World Trade Organization (Seattle Round), the White House’s E-Commerce Working Group, the White House’s National Information Infrastructure (NII) Task Force, the National Association of Regulatory Utility Commissioners (NARUC), and the Department of Justice’s Privacy Council. Mr. Golodner is also an Executive Fellow at the Tuck School of Business at Dartmouth College, at the Center for Digital Strategies. He is also a Senior Advisor to The Chertoff Group, a premier security and risk management advisory firm. And a member of the experts group at the RANE risk management consultancy.
Choice C: PHI Breach: Preparation and Response
STU PANENSKY (moderator) is a partner in the Red Bank, New Jersey office of Traub Lieberman Straus & Shrewsberry LLP and is a leader in the firm’s Cyber-Risk, Technology & Data Security practice group. Stu provides legal services relating to cyber-risk including serving as breach counsel, third party defense counsel, attorney-directed risk assessments, first and third party cyber-claim management and technology errors and omissions. Stu provides cyber-insurance coverage opinions and counsels on all cyber-coverage issues including the representation of insurers in declaratory judgment actions. Stu frequently lectures on cyber-risk and data breach issues and co-authors a chapter in Data Security and Privacy Law – Combating Cyberthreats (West Publishing, latest update published June 2015). Stu holds a Juris Doctor from Syracuse University College of Law.
MICHAEL BRUEMMER is Vice President of Experian® Data Breach Resolution at Experian Consumer Direct, the leading provider of online consumer credit reports, credit scores, credit monitoring, other credit-related information, and protection products. With more than 25 years in the industry, Michael brings a wealth of knowledge related to business operations and development in the identity theft and fraud resolution space where he has educated businesses of all sizes and sectors through pre-breach and breach response planning and delivery, including notification, call center and identity protection services. Michael maintains a practical and cooperative approach to partnering with some of the largest and most complex organizations to address their data breach preparation and resolution needs. By applying his experience as a general manager in the manufacturing industry as well as in global operations, he has a keen insight into the complexities and regulatory standards many organizations face when it comes to data privacy and security. He is a Certified Information Privacy Professional, a contributor to the Experian Data Breach blog and a speaker on various privacy and security panels for industry associations, including Health Care Compliance Association (HCCA) and International Association of Privacy Professionals (IAPP). In addition to his current role, Michael is actively involved in the community as a board member of the Girl Scout’s Development Board and has formerly served on the Board of Trustees for the Trinity Episcopal School in Austin, Texas. He holds a Bachelor of Arts in Labor Economics from the University of Wisconsin-Madison.
KURT SUHS Vice President and Technology E&O & Privacy National Practice Leader with Ironshore Insurance Services, LLC Mr. Suhs is the National Practice Leader for Privacy, Security and Technology insurance and also serves as the Southeast Regional Manager for Professional Liability at Ironshore Insurance Services, LLC. With 30 years of insurance, risk management, bank regulatory and financial services experience, Mr. Suhs is recognized as one of the pioneers in privacy and network security insurance having joined INSUREtrust in 1997, the first company to launch a cyber security insurance product. Prior to Ironshore, Mr. Suhs spent six years as the Southeast Regional Manager for Professional Liability at ACE USA. Mr. Suhs previously worked for Galaxy Computer Services, Inc., an IT Security firm where he provided consultative services to financial institutions on IT security, compliance, litigation support, computer forensics and computer security incident response. Mr. Suhs began his insurance career as an investigator with the Federal Deposit Insurance Corporation where he pursued failed bank professional liability claims. He also taught courses on financial institution fraud, directors’ and officers’ liability insurance, criminal restitution recovery and civil asset forfeitures at the FDIC’s national training facility in Washington D.C. He has authored a number of articles on network security risk management and speaks frequently on privacy and network security topics. Mr. Suhs is a graduate of Western New England College, Springfield, MA where he received a M.B.A. with a concentration in Accounting. He completed his undergraduate studies at the University of Massachusetts in Amherst, MA where he received a B.S. in Economics and a B.A. in Geology.
BARBARA J. HOLLAND Barbara became Regional Manager for the Department of Health and Human Services Office of Civil Rights in October 2012 and is responsible for management and oversight of OCR’s work enforcing both civil rights and HIPAA compliance in PA, DE, MD, WV, VA, and DC. Prior to that appointment, Barbara served as the Department’s Deputy Executive Secretary, managing on behalf of the Secretary the review and thorough vetting of regulatory policies and decisions for the Affordable Care Act and other Department initiatives and the development and implementation of Department responses to Presidential Executive Orders and Memoranda on regulatory reform and regulatory agenda-setting.
Barbara began her public service career at HHS and was one of the youngest members to be inducted into the United States Government Senior Executive Service.
Barbara holds a bachelor’s degree from Cornell University and a law degree from the University of Pennsylvania where she was an Editor of the Law Review. She also holds a Masters Degree in Public Health from Yale University.
LAUREN B. STEINFELD Lauren Steinfeld serves as Chief Privacy Officer for Penn Medicine. In this position, Ms. Steinfeld leads and oversees the HIPAA compliance program and other privacy initiatives for Penn’s five hospitals, over 200 physician practices, and the School of Medicine research program. She works on institution-wide training, policy development, and systems monitoring initiatives as well as evaluating individual strategic partnerships with data sharing elements.
Ms. Steinfeld previously served as Senior Advisor for Privacy and Compliance and as Chief Privacy Officer focusing on University-specific issues. In those positions, she created, for the first time in higher education, an infrastructure for an institution-wide privacy program. Ms. Steinfeld developed and implemented policies, procedures, risk assessment models, risk mitigation strategies and other initiatives to protect the privacy and security of personal information. She addressed issues in cloud computing, social media, electronic information, courseware, location data, internal information systems risk assessments, FERPA compliance, HIPAA compliance, and incident response.
Ms. Steinfeld teaches a Privacy Law course at Penn Law with Professor Christopher Yoo.
Ms. Steinfeld received her B.A. from the University of Pennsylvania, graduating Phi Beta Kappa and magna cum laude. She received her J.D. in 1992 from New York University School of Law. She also holds the Certified Information Privacy Professional (CIPP) certification.
JOEL BRENNER specializes in cyber and physical security, data protection and privacy, intelligence law, the administration of classified information and facilities, and the regulation of sensitive cross-border transactions. He has represented companies and individuals in a wide variety of transactions and proceedings including sensitive foreign acquisitions involving the Committee on Foreign Investment in the U.S. (CFIUS), the law governing network operations, the liability of foreign governments, export controls, and internal corporate and government investigations. He has years of experience inside and outside government involving national and homeland security. Mr. Brenner was Senior Counsel at the National Security Agency, advising Agency leadership on the public-private effort to create better security for the Internet. From 2006 until mid-2009, he was the head of U.S. counterintelligence under the Director of National Intelligence and was responsible for integrating the counterintelligence activities of the 17 departments and agencies with intelligence authorities, including the FBI and CIA and elements of the Departments of Defense, Energy, and Homeland Security. From 2002 – 2006, Mr. Brenner was NSA’s Inspector General, responsible for that agency’s top-secret internal audits and investigations. He has also served as a prosecutor in the Justice Department’s Antitrust Division and has extensive trial and arbitration experience in private practice.
1:45 CISO Objections to the Need for Cyber Coverage
JILL SALMON (moderator) See above biography for this conference co-chair.
TOBY MERRILL is Division Senior Vice President of Chubb (formerly ACE) Group’s Global Cyber Risk Practice. In this role, he is responsible for overseeing Chubb’s cyber risk-related business units around the world, inc luding underwriting, services and global expertise. Toby first joined Chubb (formerly ACE) in 2006 as Vice President in ACE USA’s Professional Risk division, where he served as the national product manager of the network security, privacy, and technology Errors & Omissions (E&O) liability products. In this capacity, he was responsible for product development as well as overseeing underwriting operations for those lines. With nearly 20 years of experience in the insurance arena, specifically in underwriting professional liability, management liability and cyber risk exposures, Toby joined ACE from Chubb Specialty Insurance, where he served as Regional Professional Liability Specialist in the Department of Financial Institutions. He also previously held an Information Technology position at Cozen & O’Connor in Philadelphia. He has authored a number of articles on privacy, network, and social media risks, and speaks frequently on cyber risk and network security topics. Toby is a graduate of Franklin & Marshall College in Lancaster, Pennsylvania, with a Bachelor of Arts. in Business Administration.
TANYA FORSHEIT is a Partner in the Los Angeles office of BakerHostetler. Tanya is a career litigator and trusted counselor who works with clients to address legal requirements and best practices for protection of customer and employee information. Tanya serves as outside privacy counsel to a number of organizations and advises companies across disciplines, from multinationals to start-ups, in compliance, transactions, and litigation matters involving the use, sharing, and protection of sensitive information. She has advised on more than 100 data security breaches and has represented clients in Federal Trade Commission and California Attorney General investigations involving privacy and data security. Tanya brings to bear more than 18 years of experience litigating complex disputes, as well as her cloud computing and social media knowledge, in counseling clients on thorny issues in data management and information protection. She is certified as an information privacy professional by the International Association of Privacy Professionals (IAPP). Tanya was a founding partner of InfoLawGroup LLP, one of the nation’s leading privacy and data security boutiques, and spent the first 12 years of her career as an associate and partner with an Am Law 100 firm. She was President of the Women Lawyers Association of Los Angeles in 2011 and 2012, and has twice been named one of the Los Angeles Daily Journal‘s Top 100 Women Litigators in California, in 2009 and again in 2015. Education: J.D., University of Pennsylvania Law School, 1997; Senior Editor, Journal of International Economic Law; A.B., Political Science and English, Duke University, 1994, cum laude.
KURT HAGERMAN serves as Chief Information Security Officer for Armor. He is responsible for the governance, risk and compliance side of the security mission for both corporate and customer facing products. He regularly consults with Armor prospects and customers on PCI, HIPAA and financial services regulations and helps them understand how these regulations impact their business and how Armor can help them meet their regulatory responsibilities. Mr. Hagerman regularly speaks and writes on information security topics in the payments and health care spaces as well as on cloud security. He holds CISA and CISSP certifications and is an active participant with local chapters of ISACA, CSA and ISSA. Prior to joining Armor he was a Managing Director and national PCI Practice Director for Coalfire Systems, Inc., a leading IT Security GRC company. Mr. Hagerman has conducted hundreds of security reviews and audits across a number of industries including the payment space, healthcare, financial services and higher education. During his twenty-five plus years in the field of information technology, he has held a wide number of positions encompassing many IT and security disciplines including: network engineering; systems engineering; security engineering; and IT/Security auditing and compliance.
MATT KLETZLI is a Senior Vice President and Head of Management Liability for Victor O. Schinnerer & Company, Inc., the largest professional lines managing general underwriter in the United States. He has over 20 years of commercial lines insurance experience, mostly in management liability lines. Prior to his current role, Matt was the Head of Multinational for Latin America and the Caribbean for AIG following several positions of increasing leadership responsibility in their executive liability group. He began his career as a multiline broker. Matt earned his bachelor of business administration in risk management and insurance from Temple University and his masters of business administration with a focus in finance from Drexel University. He is an adjunct professor at Drexel University, trustee of Gamma Iota Sigma international insurance fraternity and a pro-bono strategic consultant to several not-for-profit entities.
3:15 BREAK-OUT SESSIONS
Choice A: Security of Payments
MATT PREVOST (moderator) is Chubb’s National Product Line Manager for Cyber and Technology E&O Product Lines. In this role, he is responsible for cyber product management in the United States, and plays a significant role in Chubb’s Global Cyber Practice, which addresses growing risks as legislation and exposures for privacy and network security evolve around the world, and customer demands for cyber insurance and risk management solutions grow. Mr. Prevost is also responsible for underwriting and negotiating complex accounts, developing and maintaining a broad network of brokerage and vendor relationships, and developing and driving distribution and marketing strategies. Mr. Prevost previously served as Assistant Vice President at Philadelphia Insurance/Tokio Marine Group, where he was responsible for the management and professional liability division for the Western U.S. Prior to accepting that role, he oversaw the carrier’s cyber and miscellaneous professional liability portfolio in the U.S. Mr. Prevost is a certified Continuing Education (CE) instructor in more than 36 states and regularly speaks on the topics of Directors & Officers (D&O), Errors & Omissions (E&O), cyber and privacy liability. He is a graduate of Lafayette College with a degree in International Economics and Commerce and also studied at Ecole Superieure de Commerce de Dijon in France.
DAVID HERRON is Executive Vice President and Chief Legal Officer at Hyperwallet. David is responsible for overseeing all company legal affairs as well as the regulatory compliance, government affairs, and risk functions of Hyperwallet’s global business. He manages a team of attorneys, compliance, and risk professionals who provide strategic legal and regulatory counsel and support to the business and its operations. In addition, David leads Hyperwallet’s enterprise risk management and insurance programs as important components of the company’s risk mitigation efforts. David has spent over half of his nearly 20 year legal career building in-depth payments industry experience. He spent more than 12 years at Vantiv – the second largest payment processing company in the U.S. – serving as their senior strategic legal counsel responsible for multiple practice areas and support to its executive management throughout several significant corporate events including Vantiv’s separation from its parent company, IPO, and four major acquisitions totaling in excess of $3B. Prior to Vantiv, David was Assistant General Counsel for International Total Services, Inc. and a partner in private practice in Cleveland, Ohio focusing on business planning and litigation management. David has a B.A. in Political Science from Miami University and J.D. from Case Western University School of Law.
DAVID MOLITANO Senior Vice President at OneBeacon Technology Insurance. David is responsible for OneBeacon’s Network Security and Privacy, Technology E&O and Media Liability lines of business. David’s extensive underwriting background includes underwriting and Product Manager roles at Beazley, XL, Lexington, and Chubb. David received a Bachelor of Arts degree from Central Connecticut State University, and his Masters of Business Administration from Rensselaer Polytechnic Institute.
DAWN-MARIE HUTCHINSON is Executive Advisor, Office of the CISO , at Optiv. Dawn-Marie Hutchinson brings 15 years of enterprise information technology experience to her role as an executive advisor in the Office of the CISO at Optiv. She is an innovative business partner with extensive experience serving on Enterprise Risk Management teams. Hutchinson is an expert in providing data privacy and security solutions to manage information risk, improve IT governance and strengthen internal controls. Hutchinson’s extensive experience in information security and privacy program development has served the healthcare, insurance, retail and higher education sectors.
While serving on the HITRUST working group for Data De-Identification, Hutchinson established standards and controls for the anonymization of patient level data and is credited with authoring the white paper for defining those levels, as well as use cases for the secondary uses of medical data. Additionally, she served on the HITRUST Privacy working group tasked with revising the HITRUST Common Security Framework to include additional privacy controls and the inclusion of NIST application recommendations.
Prior to joining Optiv, Hutchinson was the chief information security officer at Comm Solutions and also led the information security program at Urban Outfitters, based in Philadelphia. Her tenure in information technology also includes work at Walt Disney World, Co., Banknorth Group, Inc., Independence Blue Cross and Protiviti.
Hutchinson currently sits on the Cyber Security Canon Committee, was the recipient of the CRM Women’s Power 50 award and hold accreditations that include Certified Information Security Manager (CISM), Certified in Risk and Information System Controls (CRISC), Certified Information Systems Auditor (CISA) and former Payment Card Industry Qualified Security Assessor (QSA). She is also a 2013 Master’s of Business Administration graduate of the Saint Joseph’s University Haub School of Business.
JUSTIN WEISSERT is the Director of Proactive Services with the CrowdStrike Services team. In this role he is responsible for building and supporting the complete set of offerings in the
proactive services arena, including Cybersecurity Maturity Assessments, IR Policy and Playbook Development, Tabletop Exercises, and Next Generation Penetration Tests. Justin continuously works to mature these offerings by integrating the latest adversary TTPs and adapting to customer requirements.
This constant evolution strives to keep your company prepared for targeted attacks from individuals hoping to do you harm. Prior to joining CrowdStrike, Justin spent six years with KPMG LLP.
During his tenure there, he worked as a Manager in the Information Protection and Business Resiliency practice, following an initial assignment in the IT Audit and Attestation group. Over the course of his career, Justin has managed both technical and strategic engagements for some of the largest, global Fortune 100 organizations across several industries. These engagements focused on areas including Information Security risk and compliance, IT strategy and governance, third-party access review, identity and access management strategy, social media risk assessment, penetration testing and security services collaboration and centralization. Justin also contributed to the development of KPMG’s Identity and Access Management Center of Enablement, as well as the organization’s Social Media practice with an emphasis on next generation technologies and risk mitigation strategies. Justin graduated cum laude with a Bachelor of Business Administration in Management Information Systems from the University of Notre Dame. Additionally, he received a certificate in Asia Pacific Studies from the University of Notre Dame Australia. Justin holds a professional certification from ISACA in the Certified Information Systems Auditor (CISA).
Choice B: Policyholders’ Perspectives: Getting Claims Covere
SCOTT GODES (moderator) is a veteran trial lawyer with experience in insurance coverage matters and technology issues. He is a partner in Barnes & Thornburg LLP’s Washington, D.C., office. He is a co-chair of the firm’s Data Security and Privacy group and a member of the firm’s Policyholder Insurance Recovery and Counseling Group. Mr. Godes has assisted a variety of clients over the years to obtain more than $1 billion in insurance coverage. In one of his most significant matters, he was co-lead counsel in a landmark class action trial. He represents clients facing cybersecurity, data breach, cyberattack, privacy and other technology-related claims. Mr. Godes has litigated one of the few court cases regarding the scope of coverage available under a cyberinsurance policy, resulting in favorable
settlements for his client. Mr. Godes serves as co-chair of the Cyber Risk & Data Privacy Subcommittee of the American Bar Association Section of Litigation Insurance Coverage Litigation Committee. He has also been a co-chair of the American Bar Association’s Computer Technology Subcommittee of the Insurance Coverage Litigation Committee. Mr. Godes edits the BT Policyholder Protection blog. He has represented policyholders in declaratory judgment, breach of contract, and bad faith insurance coverage actions, insurance-related bankruptcies and adversary actions, federal court receiverships, insurer rehabilitation actions, and commercial arbitrations. He has litigated and advised clients regarding insurance coverage for data breaches and cyber security issues; directors and officers and securities claims; errors and omissions claims; crime and fidelity claims; general liability claims; consumer class action claims; business interruption, extra expense, and contingent business interruption claims; first- party property claims; computer data, hardware, and software claims; mass tort liabilities; product liability claims; class actions; asbestos claims; environmental property damage; flood claims; and class actions. In addition to his insurance coverage experience, Mr. Godes has litigated complex commercial and government contract disputes and business-related torts. He has represented clients before state and federal courts, in administrative proceedings, and in commercial arbitrations. He also has served as in-house counsel to an Internet company. Mr. Godes received a J.D. degree, with honors, in 1998 from The George Washington University Law School, where he was managing editor for the Public Contract Law Journal and was a member of the Moot Court Board. He received his B.A., cum laude, from Middlebury College (1994).
ROB ROSENZWEIG is a Vice President & National Cyber Risk Practice Leader at DeWitt Stern, a Risk Strategies Company. In this role Rob is responsible for coordinating and growing the cyber liability business across all Risk Strategies companies nationwide. Rob also works directly with the firm’s clients and prospects on creating comprehensive and customized coverage for their data security, privacy, and errors & omissions exposures. He has also written on cyber liability topics, has participated on panels and has led seminars on a variety of related topics. Rob currently holds a designation as a Registered Professional Liability Underwriter and he received his Bachelor of Arts Degree in Government & Economics from Hamilton College.
ANN BARRY is currently Director of Risk Management at Junip er Networks, a company that designs, develops and sells products and services for high-performance networks to enable customers to build highly scalable, reliable, secure and cost-effective networks for their business. She has over 20 years’ experience in the Risk Management field and across various industries, including healthcare, financial services and technology. Ann is an experienced leader, with specific areas of expertise in structuring and managing complex insurance programs, regulatory compliance, OSHA regulations, claims management, loss control, contracts, establishing processes & procedures and mergers & acquisitions due diligence & integration. Ann joined Juniper Networks in February of 2016 supporting global operations within the organization. Prior to joining Juniper Networks, Ann was at EMC as the Director of Risk Management, and a Director at Fidelity Investments. Emerson College, M.A. Management & Organizational Communication, Boston, MA; Bridgewater State College, B.S. Management Science, Bridgewater, MA;Insurance Library, Associate in Risk Management (ARM), Boston, MA; OSHA 10-hour Training Course, Boston, MA; Simmons College Women’s Leadership Program.
DAVID J. WALTON litigates employment, benefits, trade secret, unfair competition, fiduciary duty and commercial claims throughout the country. He is a skilled trial lawyer and litigator with a deep understanding of technology and its impact on litigation and applies this knowledge of computer forensics to assist clients in their most high-stakes litigation. His work has been recognized in national circ les. Professor Adam Grant focused on one of Dave’s notable trials in his best-selling book, Give and Take and the Huffington Post has described Dave as a “phenomenally successful trial lawyer.”
As a member of Cozen O’Connor’s Labor and Employment Department, Dave has more than 20 years of experience successfully litigating the full gamut of employment discrimination claims, including class actions and individual claims. He has won numerous injunctions, secured substantial settlements, and won trial verdicts for his clients against some of the largest and most recognized law firms in the country.
Dave also has a wealth of experience in handling trade secret and non-compete litigation. He understands that time is particularly of the essence in these matters, and works tirelessly to learn the clients’ business, and marshal the facts and evidence needed to reach a favorable result, as quickly as possible. Additionally, Dave has extensive experience successfully litigating ERISA claims relating to fiduciary duties and benefits. Dave represents C-level executives in matters involving their employment contracts and executive compensation and has worked with many private equity firms to negotiate executive employment agreements as part of new business ventures.
While his primary substantive focus is labor & employment law, Dave has also litigated numerous commercial cases concerning bet-the-company litigation relating to complicated technologies. As co-chair of the firm’s Privacy, Data & Cybersecurity practice, Dave has significant experience handling cybersecurity breaches and privacy litigation. He also regularly consults with clients in the development of cybersecurity policies and protocols. Dave’s deep knowledge of technology is a key asset for his clients, especially as technology has had a greater impact on the workplace.
In addition to his litigation experience, Dave also has extensive experience negotiating collective bargaining agreements and handling labor arbitrations. He has helped clients successfully withdraw from multi-employer pension plans, he has defended numerous NLRB charges, and he has secured numerous mass-picketing injunctions in hostile labor environments.
Dave is managing director of Cozen O’Connor’s e-Discovery and Practice Advisory Services (ePAS) group. He has been hired as national e-discovery counsel by several major organizations and uses his trial experience to design and implements document retention policies, and customized protocols for preserving and collecting ESI. Dave also provides wide-range training to clients on proactive measures and best practices to effectively resolve e-discovery issues and significantly reduce costs.
Dave is a frequent speaker at national conferences on trade secret litigation, digital forensics, e-discovery and cyber law, and has published numerous articles on these topics. He is an active member of The Sedona Conference and a contributing member of the organization’s drafting team on proportionality. Additionally, Dave is a member of the labor and employment law committees of the American and Pennsylvania Bar Associations.
Dave earned a B.S. in Communications from Ithaca College in 1991, where he played varsity baseball receiving numerous all-state and all-conference honors. Dave earned his law degree, with honors, from the University of Richmond School of Law in 1995, where he was awarded the Sheppard Scholarship. At Richmond, Dave served as an editor of the University of Richmond Law Review, and won the American Jurisprudence and Corpus Juris Secundum Book Awards for Civil Procedure.
MATTHEW TUCCI has more than eleven years of claims experience in the insurance industry, and as a litigator. He currently serves as Vice President, Professional Liability Claims, at Aspen Specialty Insurance in the U.S. At Aspen, Mr. Tucci oversees professional liability claims involving cyber matters and data breaches, media, technology and miscellaneous professional liability. Prior to Aspen, Mr. Tucci handled professional liability claims involving lawyers, real estate agents, employment practices, accountants, consultants and title agents at Zurich American Insurance Company. While at Zurich, Mr. Tucci also managed teams of claims professionals handling claims relating to directors & officers liability, life agents, financial representatives and brokers. Prior to joining Zurich, Mr. Tucci was an associate at Wilson, Elser, Moskowitz, Edelman & Dicker where he handled insurance defense matters. Upon graduation from law school, Mr. Tucci clerked in New Jersey Superior Court. He received his B.A. in Psychology from Rutgers University and his M.A. in Psychology from Fairleigh Dickinson University. He graduated cum laude with his J.D. from New York Law School. Mr. Tucci is admitted to practice law in New York and New Jersey. Mr. Tucci also is a member of the CLM Cyber Liability Committee and serves as co-chair of the CLM Professional Liability Publications Sub-Committee.
Choice C: The Interaction Between Forms
BRAD GOW (moderator) is a Senior Vice President at Endurance, where he provides global oversight of the company’s cyber risk underwriting operations including underwriting management, product development and services coordination. Prior to his current role, he was a Senior Vice President in Zurich’s Specialties division where he led the Errors & Omissions liability unit. From 2002 through 2008 he was with ACE USA’s Professional Risk division, responsible for all professional liability product management operations. Mr. Gow also led ACE’s technology E&O and network risk underwriting operations, including the development of the ACE DigiTechsm line of products. Mr. Gow co-founded NetDiligence in 2000, a venture backed organization providing network security, incident response and forensic computer investigation programs specifically suited to the needs of insurance carriers and brokers.
Mr. Gow also spent eight years working in the Asian insurance markets for CIGNA International and American International Group. Education: Master of International Business Studies, University of South Carolina Bachelor of Arts, Hamilton College.
RICH SHERIDAN as a Vice President of Claims for AXIS Pro Insurance. Rich oversees the company’s claims stemming from its Data Breach, Cyber Liability, Technology, and Miscellaneous E&O and product lines. Prior to joining AXIS Pro, Rich served in a similar role at ACE North American Claims in New York and New Jersey for over 10 years, and before that was a Complex Claim Director for Miscellaneous Professional Liability Claims at AIG Technical Services in New York. Before entering the insurance industry, Rich worked for 3 years as an associate for law firms in New York, and prior to that for over five years as an Assistant District Attorney in The Bronx, New York. Rich earned his JD from Fordham University School of Law and has a BA from the State University of New York at Albany.
ERIN BONIN Assistant Vice President, Associate General Counsel at Allied World Assurance Co. Erin serves as underwriting counsel for specialty liability lines of coverage including Privacy and Network Security, Insurance Agents Professional Liability, Insurance Company Professional Liability, Lawyers Professional Liability, Architects & Engineers Professional Liability and Miscellaneous Professional Liability. After graduating from law school, Erin worked as a clerk for civil and family matters at the Connecticut Superior Court. Erin earned her B.A. in English from the University of Massachusetts and earned her J.D. from Western New England University School of Law. She is a member of the Connecticut and New York bars.
EVAN FENAROLI has been with Philadelphia Insurance Companies (PHLY) since 2008, where he began his insurance career as an underwriter in the Management and Professional Liability division, focusing on Cyber Security Liability, Professional Liability (Errors & Omissions), and Directors & Officers Liability coverage. He is now an Underwriting Supervisor and Cyber Liability Product Specialist, managing all aspects of PHLY’s Cyber product, including growth, profitability, marketing strategy, and form development. Evan graduated in 2008 from the University of Pennsylvania, majoring in Philosophy, Politics and Economics, and also holds a Registered Professional Liability Underwriter (RPLU) designation from the Professional Liability Underwriting Society.
LAURA FOGGAN leads the Insurance Appellate Group at Wiley Rein LLP. She is described by LawDragon 500 Magazine as “one of the most successful advocates for the insurance industry to ever practice” and has been named one of Law360’s “10 Most Admired Insurance Attorneys.” Laura serves as lead counsel in trial and appellate matters involving complex insurance claims. Practicing for more than 25 years, she has participated in more than 200 insurance coverage appeals nationwide and has made significant contributions to the development of key insurance law precedents across the country. A former co-chair of the Insurance Coverage Litigation Committee of the American Bar Association (ABA) Litigation Section, Laura is praised by Chambers USA as an “acknowledged expert in her field” (2013) with an “encyclopedic knowledge of insurance law” (2014) and by LawDragon 500 Magazine as “the best in the business at protecting insurers facing all types of major claims with an unmatched track record in significant trials and appellate cases” (2014). In addition to her litigation work, Laura counsels insurers on emerging exposures, currently addressing issues such as cyber risk, privacy and data breach claims, and risks and opportunities relating to the commercial use of unmanned aircraft systems (“UAS” or, more commonly, drones). She also represents insurers in arbitration and mediation settings. On behalf of both individual insurers and industry trade groups, she advocates for insurers in legislative and regulatory matters. Laura is regularly rated by Chambers USA as one of Washington, DC’s “Leading Lawyers” for insurers in commercial insurance work, is included in the Best Lawyers in America directory for insurance law, and has been named one of Washington, DC’s “Top 100 Lawyers” (2012- 2014), “Top 50 Women Lawyers” (2009, 2011-2014), “Top 10 Lawyers” (2015), and “Super Lawyers” for Insurance Coverage (2008-2015), among many other honors. Laura received her J.D., with high honors, The George Washington University Law School; Order of the Coif , and her M.S. Ed, and her B.A., magna cum laude, from the University of Pennsylvania.
4:30 Automation and The Next Generation of Cyber Security
JOE LOOMIS (moderator) is the founder & CEO of Security Operations Technology CyberSponse. Joe is a serial security entrepreneur whose has provided security based technology for companies like Apple, Microsoft, Novartis, Sony, LG, Pfizer and many others. Mr. Loomis is well versed in Cyber Security methodologies, incident response and leverages his relationships to help define visionary and innovative product offerings for the information security sector. Joe is often seen speaking on national news networks to include CNBC, FOX, CNN and a few others. Joe works closely with multiple government agencies in his cooperative efforts combating Cybercrime and Cybersecurity. Joe has a Bachelor’s degree in Electrical Engineering and Business Management from University of Florida and Phoenix.
ALEKSANDR YAMPOLSKIY, CEO, Co-founder – SecurityScorecard. Previously, Aleksandr was the CTO of BlogTalkRadio/Cinchcast, the former Head of Security and Compliance at Gilt Groupe, and has held lead technologist and security roles at Goldman Sachs, Oracle, and Microsoft. He is a published author and active speaker in the security and software development communities. He has a B.A. in Mathematics/Computer Science from New York University, and a Ph.D. in Cryptography from Yale University.
CARSON ZIMMERMAN is a principal cybersecurity engineer with The MITRE Corporation. He has more than a decade of experience working with various Cybersecurity Operations Centers (CSOCs) to better defend against the adversary. He has held roles in the CSOC ranging from tier 1 analyst to senior architect. Mr. Zimmerman wrote Ten Strategies of a World-Class Cybersecurity Operations Center, published by MITRE in 2014. The book is available for free download at http://bit.ly/1sKCOH9. He holds a bachelor’s degree in computer engineering from Purdue University and a master’s degree in information systems from George Mason University.
Wednesday, June 8, 2016
8:00 Anatomy of a Data Breach from a Regulator’s Perspective
BO HOLLAND (moderator) has delivered innovative technology solutions to enterprise companies for over twenty years. In 2004, Holland founded AllClear ID and currently serves as CEO. His team of expert consultants advises companies on the customer-facing aspects of data breach response, and provides the operational capacity to successfully respond to data breach events of any size. Holland holds the patent for Instant Authorization, the underlying technology of the exclusive Alert Network (U.S. Patent No. 7,983,979). AllClear ID has notified over 160 million consumers on behalf of Fortune 1000 companies and government agencies, while offering the best service in the industry with a 97% customer satisfaction rating and 15+ customer service awards. Prior to AllClear ID, Holland was founder and CEO of Works, Inc., acquired by Bank of America in 2005. Works develops commercial payment solutions for large organizations and distributes the product through large financial institutions. Holland invented the technology that enables organizations to approve and control payments for operating expenses via credit cards. Prior to Works, Holland served as Director of Product and Marketing for Pervasive Software and was instrumental in taking the company public in 1997. Prior to Pervasive, Holland was employee 32 at Citrix Systems and key to developing the product strategy and distribution that laid the foundation for the company revenue growth to over $750 million in 2004. Holland holds a B.B.A., Finance and Entrepreneurship, Baylor University.
PATRICE MALLOY is the Multi-State and Privacy Bureau Chief at Florida’s Office of the Attorney General where she handles privacy and breach related matters. Ms. Malloy was on the Executive Committee of the Multi-State investigations into the TJX data breach, Google Street View and Google Safari matters which resulted in nationwide multi-million dollar settlements. In addition, Ms. Malloy
served on the Executive Committee for several multi-state pharmaceutical settlements, leading the investigation of Risperdal. Following her undergraduate education from Temple University in Philadelphia, Ms. Malloy attained a Masters in Business Administration from the University of Missouri, subsequently achieving her Juris Doctorate from the University of Miami. Prior to practicing law, Ms. Malloy worked for CBS affiliated stations in Southwest Florida and St. Louis as an Emmy nominated consumer reporter. She was also an anchor and has twice won the Champion-Tuck Award for Economics Reporting from the Amos Tuck School of Business Administration, Dartmouth College.
GENE FISHEL currently serves as Senior Assistant Attorney General and Chief of the Computer Crime Section in the Virginia Attorney General’s Office. In this capacity he directs prosecutions of computer fraud, identity theft, and child exploitation cases in state courts across Virginia, and serves as a Special Assistant United States Attorney in both the Eastern and Western Districts of Virginia where he prosecutes computer crime cases in federal court. He also monitors organizations’ compliance with Virginia’s database breach notification laws, drafts legislation for the Virginia General Assembly, trains law enforcement and prosecutors statewide, and educates the public on issues involving computer crimes. During his thirteen-year tenure, Gene has helped to draft and enact sweeping reforms to computer crime and child exploitation laws in Virginia, and has been involved in numerous novel and complex federal and state prosecutions, including the nation’s first, felony prosecution for spamming. In 2007, Gene was appointed as Senior Assistant Attorney General. Prior to his time at the Attorney General’s Office, Gene served as law clerk for the Second Judicial Circuit in Virginia Beach, VA. He received his JD from Wake Forest University and his BA, magna cum laude, from James Madison University.
NICOLE DiTOMO is a Deputy Attorney General with the Pennsylvania Attorney General’s Bureau of Consumer Protection. She has been with the Bureau for nine years and is currently handling a variety of cases, which include matters related to contractor fraud, debt collection, the unauthorized practice of law, and privacy and data security concerns. Mrs. DiTomo earned the Certified Information PrivacyProfessional/United States (CIPP/US) credential through the International Association of Privacy Professionals (IAPP). Mrs. DiTomo received her J.D. from Widener University School of Law and her B.A. from Ursinus College.
9:05 BREAK-OUT SESSIONS
Choice A: Cyber Risks and Exposure in the Manufacturing Sector
ANDY OBUCHOWSKI (moderator) is the practice leader and supports global operations for cybercrime and data breach investigations, digital forensics and incident response services within the security and privacy consulting group at RSM. Andrew possesses more than 20 years of experience, including 12 years of law enforcement investigations, instruction at numerous police academies, and long-time memberships in several computer and financial crime task forces. He is also currently an adjunct professor of criminal justice at Anna Maria College in Massachusetts, where he developed and teaches graduate and undergraduate programs in information security, digital forensics and cybercrime investigations. As an industry leader and expert in his field, his team provides services and solutions for clients in preparation of and in response to matters involving a wide range of information security and privacy assessments and investigations. Prior to joining RSM, Andrew was a leader with Navigant’s legal technology solutions group overseeing matters and developing business relationships, project plans, and policies/procedures surrounding data privacy and digital forensics. Andrew also managed teams responsible for data breach investigations, complex digital forensic collections, network vulnerability and rapid security assessments. Andrew also consulted on global matters relating to information security, digital forensics and e-discovery with Kroll’s Secure Information Services and Computer Forensic Consulting Practice. He also developed and implemented new client service offerings relating to incident response protocols and plan development, electronic data collection practices and policy review, digital forensic laboratory assessment, and wireless network vulnerability analysis. Further, his previous employment experience includes overseeing senior level e-discovery, digital forensic investigations, incident response and information security functions at CIGNA Healthcare. In this role, Andrew assessed and implemented new policies and procedures pertaining to digital evidence preservation, collection and storage in accordance with accepted industry practices. He was also charged with ensuring that confidential information was protected during storage and transmission relating to the daily operations of this global organization. As a former supervisory forensic analyst and Special U.S. Marshall with the Regional Electronic & Computer Crime Task Force (REACCT), he managed digital-related investigations on all types of media, ensured compliance with accepted computer forensic protocols, and presented testimony for numerous criminal cases related to computer crime and digital forensics. Andrew has also lectured across the country on topics relating to computer crime investigations, information security, data privacy and digital forensics for target audiences at all professional levels across various business industries. Education: Masters of Science, national security, University of New Haven; Graduate Certificates in Computer Forensic Investigations and Information Security, University of New Haven; Masters of Science, business administration, Anna Maria College (Currently Pursuing); Bachelor of Science, criminal justice, Anna Maria College.
CHRIS KEEGAN is Senior Managing Director and Cyber and Technology Practice Leader at Beecher Carlson in the Executive Liability Practice. Chris places network, privacy, technology and media E&O insurance for a wide variety of companies including financial institutions, technology, manufacturers, healthcare and retail companies. Christopher has also executed Cyber Information Risk Assessment projects and worked with regulators on evaluation of cyber and technology risks. Prior to joining Beecher Carlson, Christopher was a National Resource at Willis for Cyber and E&O and a leader of the Information Risk Advisory Practice at Marsh focusing on Privacy, Technology, Media, Network Intellectual Property and Professional Liability insurance products. Before joining Marsh, Christopher was Vice President at Zurich Reinsurance (North America) Inc., where he was instrumental in the development of the Zurich Re E-Commerce and technology reinsurance portfolio, advising the company with regard to IP infringement, breach of rights of privacy, electronic contracts, electronic signatures, trademarks, trade secrets, electronic attacks and electronic breaches of security. Chris worked in New York and London as a lawyer in private practice from 1985 to 1999, dealing with general commercial and corporate risks, professional liability claims and reinsurance disputes in the UK, Europe, the Middle East, the Far East, Latin America and the United States. Christopher has published a number of articles and a book on privacy, intellectual property and technology and is licensed to practice law in New York, New Zealand and England. Chris is a Senior Research Fellow at the University of Maryland, Smith School of Business, assisting their efforts for the Department of Homeland Security and NIST in designing cyber assessments. Christopher graduated from Long Island University with a B.A. in English and a J.D. from Saint John’s University School of Law.
JEFF STUTZMAN is the Co-founder and CEO of Red Sky Alliance and Wapack Labs Corporations. Red Sky Alliance™ is a cyber threat intelligence collaborative and reporting center consisting of roughly 25 global organizations sharing information about targeted, advanced, and emerging cyber threats. Wapack Labs is a private cyber intelligence organization that performs research, analysis, and intelligence operations. The Lab authors cyber threat intelligence and analysis for nearly 7000 organizations worldwide, including the global memberships of the Red Sky Alliance, the Financial Services ISAC. Prior to Red Sky Alliance and Wapack Labs, Mr. Stutzman served as a Director at the DoD Cyber Crime Center (DC3) where he built and then operated the DoD/DIB Collaborative Information Sharing Environment (referred to in the press as the “DIB Program”) and the financial community’s Government Information Sharing Framework (GISF), where he was tasked with, and built the operational arm of a public private partnership designed to diagnose cyber espionage and fraud in the Defense, Banking/Finance and Energy communities. Mr. Stutzman came up from the analyst ranks, specializing in cyber and intelligence collections/analysis. He has ‘boots on the ground’ experience in more than two dozen high-risk cyber threat areas including China, Brazil, the Middle East, and South America where he performed information security work, investigations, risk analysis, and mergers and acquisitions. He is a former active duty US Navy Intelligence Officer, specializing in information warfare. Mr. Stutzman spent two years as a visiting scientist with Carnegie Mellon’s Software Engineering Institute/CERT-CC where he researched emerging technologies and wrote models for profiling behavioral characteristics of hackers using network flow data. Mr. Stutzman has held positions with Cisco Systems, Northrop Grumman, and the Software Engineering Institute at Carnegie Mellon University, the DoD Cyber Crime Center and is a former Navy Intelligence Officer. He is a founding member of the Honeynet Project, founded the Healthcare ISAC, and was a first watch stander in SANS GIAC (now the SANS Internet Storm Center). He has been cited in the Wall Street Journal, Wired Magazine, NH Public Radio, and numbers trade publications. He holds a BS in Liberal Sciences from Excelsior College, an MBA from Worcester Polytechnic Institute, and is a Harvard Kennedy School Senior Executive Fellow.
BRAD MURLICK is a Managing Director in the Disputes & Investigations practice of the Chicago office of Navigant Consulting, Inc. He has extensive experience assisting numerous clients with the preparation, negotiation and settlement of complex insurance claims, and he leads Navigant Consulting’s Insurance Claims Accounting and Consulting (ICAC) practice. Prior to joining Navigant Consulting, Mr. Murlick was a Principal at Deloitte & Touche LLP and the North American Practice Leader of their Insurance Claims Consulting practice. Education: BA, University of Michigan, Ann Arbor; MBA, Michigan State University, East Lansing.
Choice B: Vendor Management
JOHN FARLEY (moderator) is currently serving as a Vice President and Cyber Risk Consulting Practice Leader for HUB International’s Risk Services Division. Headquartered in Chicago, IL, HUB International Limited is a leading North American insurance brokerage that provides a broad array of property and casualty, life and health, employee benefits, reinsurance, investment and risk management products and services through offices located throughout the United States and Canada. John is based in New York City and brings 24 years of risk consulting experience to the firm. While working at HUB International John has performed a variety of cyber risk consulting services for clients across many industries, including but not limited to Healthcare, Retail, Financial Services, Higher Education and Information Technology companies. He serves as a resource for pre-breach planning and post-data breach response in network security & privacy liability consulting. In this role he applies extensive knowledge in data breach response best practices and works diligently with clients to achieve optimal results in cost mitigation.
John acts as a central coordinator between all parties involved – the client, insurance carriers, and any outsourced service provider hired, including , IT forensics experts, privacy attorneys, public relations firms, call center operators and other breach response service providers.
John also facilitates online access to HUB International’s e-Risk Hub. This online database serves clients’ ongoing educational needs in the ever-changing network security and privacy risk environment. In addition, John provides client training that assists clients efforts in forecasting potential loss costs related to a network security event.
He is a regular speaker at educational seminars on multiple network security and privacy liability challenges facing organizations today. Areas of focus are HIPAA, Payment Card Industry Data Security Standards, FERPA, government threat sharing initiatives, regulatory compliance and data breach notice requirements at the state, federal and international levels.
John has a Bachelors of Arts degree in English and a minor in Business Management from Manhattan College. In addition, John is a Certified Information Privacy Professional (CIPP/US) and has received his Associate in Claims (AIC) designation.
BOB PARISI is a managing director and National Cyber Product Leader in Marsh’s New York City headquarters. His current responsibilities include advising clients on issues related to intellectual property, technology, privacy, and cyber related risks as well as negotiating with the carriers on terms and conditions. Robert is also responsible for coordinating Marsh’s Global Cyber Network. Prior to joining Marsh, Robert was the senior vice president and Chief Underwriting Officer (CUO) of eBusiness Risk Solutions at AIG. Robert joined AIG in 1998 as legal counsel for its Professional Liability group and held several executive and legal positions, including CUO for Professional Liability and Technology. While at AIG, Robert oversaw the creation and drafting of underwriting guidelines and policies for all lines of Professional Liability. Robert was also instrumental in the development of specialty reinsurance to address aggregation of risk issues inherent in cyber, privacy and technology insurance. In addition to working with AIG, Robert has also been in private practice, principally as legal counsel to various Lloyds of London syndicates. While at Marsh, Robert has worked extensively with Marsh clients in all industries, assisting them in analysis of their risk as well as in the placement of coverage for cyber risks. Education: BA in economics, Fordham College; JD, Fordham University School of Law.
ADAM COTTINI is Managing Director, Cyber Liability Practice for Arthur J. Gallagher & Co. He is responsible for the overall direction of the Cyber Liability Practice including development of state of the art product solutions, insurance gap analysis, risk exposure analysis, risk modeling, benchmarking, and best practices implementation. He has been brokering cyber liability for 10 years. From 2008 – 2014, Adam managed a diverse book of professional liability accounts for Arthur J. Gallagher & Co. consisting of Directors & Officers Liability, Employment Practices, Fiduciary Liability, Professional Errors & Omissions, Cyber Risk, and Media Liability. Adam came to Gallagher from AmWINS Brokerage of New York, Inc. where he was an Assistant Vice President within the Financial Risk Group from 2005 – 2008. His focus within AmWINS was producing and marketing Professional and Executive Liability insurance solutions for public, private, nonprofit and association entities. Prior to joining AmWINS Brokerage of New York, Adam was employed by American International Group Inc. (AIG) in the Middle Market Executive Liability Group from 2000 to 2005 as an Underwriter/Underwriting Manager. At AIG Adam shared day to day management responsibility of a large book of Executive Liability products consisting of Directors & Officers Liability, Employment Practice Liability, and Fiduciary Liability for Public, Private, and Non-Profit corporations. While at AIG additional emphasis was placed on policy form analysis, education of underwriting peers, and financial analysis. Adam began his insurance career at Reliance National in 1998 in the Casualty Risk Management division underwriting Workers Compensation, General liability and Commercial Auto Liability for Fortune 1000 insureds. While at Reliance he underwent a 3 month intensive insurance training program focusing on all facets of the commercial property and casualty industry. Education: State University of New York – New Paltz, BS in Business Administration and Finance.
JENNY SOUBRA is National Practice Leader for Cyber, Media & Specialty PI with Allianz Global Corporate & Specialty. In this role, Jenny is establishing enterprise strategy for Cyber, Tech E&O, Media and MPL products, and is working to build out strategic partnerships supporting these products on a national basis, including vendor engagement and distribution partner selection, as well as development of appetite, rate, underwriting guidelines, and reinsurance structure. Jenny is a seasoned Insurance professional, with over 17 years of experience in financial lines. Post Target Breach, Jenny was charged with principal underwriting responsibilities for one of the largest U.S. Cyber carriers, where she managed the Fortune 1000 book nationally, including primary placements for many of the largest retail, healthcare, and cloud providers in the world. Prior to this, Jenny managed regional and national management liability and professional liability teams, coordinated actuarial and claims review of complex risks in the Crime and EPL space, and managed national distribution networks for several carriers in the financial lines space. She received her BA in Mass Communications from Cal State University at Hayward, and is a licensed CA Fire and Casualty Broker. Jenny co-founded the Northern California chapter of Emerging Insurance Professionals (EIP), for which she most recently served as VP of Communications. Jenny recently completed her second term as National Committee Chair for Future PLUS. Additionally, she is a frequent speaker for various affinity groups on topics of cyber, professional & management liability.
JOHN COLETTI is a Senior Vice President and the Chief Underwriting Officer in XL Group’s Cyber & Technology business unit. Based in New York, he manages a cyber insurance and technology E&O underwriting team throughout the country. Under his leadership, the team works with businesses across various industry sectors to develop insurance coverage specifically tailored to meet their needs. John has more than 20 years of cyber and technology insurance expertise. He joined XL Group in 2012 after an eight year career at CNA as an Assistant Vice President where he managed a nationwide team of underwriters and a book of business which included technology E&O, miscellaneous professional liability, cyber liability and media liability. Prior to CNA, he held various underwriting, audit and accounting positions at Gulf Insurance. John is a frequent presenter on cyber and technology related issues on panels, seminars and for industry associations. John is a graduate of Adelphi University with a bachelor’s degree in accounting.
10:15 BREAK-OUT SESSIONS
Choice A: Cloud Providers: Beyond Certification & Other Current Issues
STEVE ANDERSON (moderator) is the VP Underwriting and Product Executive for cyber liability, privacy, network security and technology E&O insurance products at QBE. With over 20 years’ experience in both the insurance and technology industries; he now works in collaboration with our external customers, third party vendors and product experts to bring to market innovative solutions in the cyber liability space. Steven started his career working with technolo gy start ups. Over the past 10 years, he has worked at XL, RLI and Travelers underwriting professional liability lines. At XL, he played a key role in product development and underwriting, specifically for cyber liability products. Steven holds a Bachelor of Science from Baylor University. He has also earned his Registered Professional Liability Underwriter (RPLU+) designation, and he is a Cisco Certified Network Associate (CCNA).
SHAWN CAREY is Senior Vice President of Sales and Marketing and co-founder of Keystone NAP. Shawn is a Cloud, Infrastructure-as-a-Service & IT Managed Services executive & entrepreneur with 25 years of experience, including executive leadership, business operations, sales & marketing, channel development, product management, product development & strategy.
Most recently, Shawn spent 6 years as Managing Director of Xtium, an enterprise cloud software & solutions company he co-founded and grew from its first $6.5 million 5-year customer agreement to doubling the recurring revenue in 2012. While leading Xtium, Shawn was responsible for the overall production of the business development effort to include direct sales, indirect channel sales & sales engineering. Shawn selected, trained and managed the direct sales team, established team goals and objectives and was held accountable for the sales team’s overall achievements. In addition, Shawn developed & managed the indirect sales program. Shawn was responsible for program development, market segmentation selection, partner selection, partner training & overall production of the indirect sales channel.
Earlier, Shawn was Executive Vice President of Technology of iPipeline, a sales & distribution software company he co-founded & was responsible for growing from initial business concept to it’s becoming the leading Software-as-a-Service vendor in life insurance industry. Funded by Technology Crossover Ventures, Volition Capital and New Spring Capital, iPipeline’s technology processes nearly 75% of all life insurance transactions annually. While with iPipeline, Shawn invented a patented method for electronic insurance application fulfillment.
Shawn has held founding and executive positions with several start-ups, including Executive Technology Center (cloud hosting), Swingtide (business process automation) & served in technical & management capacities with Bell Atlantic (Novell & Netscape program management) & Prudential Insurance (LAN/WAN management).
Shawn holds a BS in Computer Engineering, Electrical Engineering and Computer Science from Boston University.
MARK WEATHERFORD is Senior Vice President and Chief Cybersecurity Strategist at vArmour. He has more than 20 years of security operations leadership and executive-level policy experience in some of the largest and most critical public and private sector organizations in the world. At vArmour, Mark focuses on helping customers meet the rapidly evolving cybersecurity needs of the Cloud and 21st century data center technologies and expanding vArmour’s global customer-base across the government and commercial markets. Prior to join ing vArmour, he was a Principal at The Chertoff Group where he worked with businesses and organizations around the world create strategic security programs and he remains a Senior Advisor in the firm. In 2011, Mr. Weatherford was appointed by President Obama as the Department of Homeland Security’s first Deputy Under Secretary for Cybersecurity and before DHS, he was the Vice President and Chief Security Officer at the North American Electric Reliability Corporation (NERC) where he directed the cybersecurity and critical infrastructure protection program and worked with electric utility companies across North America. Prior to NERC, Mr. Weatherford was appointed by Governor Arnold Schwarzenegger to serve as California’s first Chief Information Security Officer and was also the first Chief Information Security Officer for the State of Colorado, where he was appointed by two successive governors. As a former U.S. Navy Cryptologic Officer, Mr. Weatherford led the United States Navy’s Computer Network Defense operations and the Naval Computer Incident Response Team (NAVCIRT). Mr. Weatherford is a Distinguished Fellow at the Poneman Institute, a member of the CSIS Cyber Policy Task Force for the 45th President, a Founding member of the CyberCalifornia Board of Advisors, serves as a member of the Board at Coalfire, and is on the Advisory Boards at Cylance and AlertEnterprise. He earned a bachelor’s degree from the University of Arizona, a master’s degree from the Naval Postgraduate School and holds the Certified Information Systems Security Professional (CISSP) certification. He was awarded SC Magazine’s “CSO of the Year” award in 2010, named one of the “10 Most Influential People in Government Information Security” by GovInfoSecurity in both 2012 and 2013 and was selected for the 2013 CSO Compass Award for leadership achievements in the security community.
MICHAEL ERNESTO is a principal solution architect with Verizon Advanced Solutions with over 16 years’ experience designing and implementing IT services for clients primarily through hosting and cloud delivery models. He has specialized in several verticals including health care, life-sciences, finance and manufacturing and has a deep understanding of the security and compliance frameworks required by these industries. Most recently, Mike has been focusing on hybrid support and delivery models for clients, combining multiple services, each tailored to meet specific needs.
Choice B: Systemic Risk and Aggregation Modeling Systemic Risk
TIM FRANCIS (moderator) as a Vice President, Tim leads Travelers’ Business Insurance Management and Professional Liability initiatives. He also serves as the Enterprise Lead for Cyber Insurance. In this latter role, Tim has oversight of all of the company’s cyber product management, including products for businesses of all sizes, public entities, and technology firms. Tim has emerged in the insurance industry as one of the foremost cyber experts, having been quoted in The Wall Street Journal, USA Today, Reuters, Insurance Journal, Property Casualty 360, Business Insurance, CNBC.com, and other premier media outlets. Additionally, he served as co-chair of the NetDiligence Conference and has spoken at numerous other conferences on the evolution of cyber risk and how businesses can protect against them. Tim also is an active member of the Professional Liability Underwriting Society (PLUS) and has served as Chairman of the Hartford Chapter. He is a participant in the Department of Homeland Security’s Cyber Incident Data and Analysis Working Group (CIDAWG), an ongoing private-public engagement that is examining how a cyber incident data repository could help meet the information requirements of insurers, CISOs, and other cybersecurity professionals.
RUSS COHEN Russ Cohen has been at Chubb for over eight years and is currently serving as the Director of Cyber and Privacy Services. The responsibilities of Russ’s position include managing all policyholder services associated with Chubb’s Pre and Post Event Cyber Services, as well as supporting innovations in underwriting, data analytics and predictive modeling associated with enterprise cyber security risks.
Prior to this role, Russ spent seven years as Chubb’s own Global Enterprise Security Architect responsible for developing Chubb’s enterprise security architecture, strategies and methodology on cyber security. Russ has over 15 years of cyber security and technology experience including: an ethical ‘white hat’ hacker, a systems architecture consultant at a large pharmaceutical corporation and also a senior consultant at one of the largest software companies in the world.
Mr. Cohen graduated from Drexel University with a Master of Science in Information Systems. He holds a CISSP certification and is an active member of various security organizations such as Infragard, ISC2, FS-ISAC and the Cloud Security Alliance. He has also has experience teaching classes on ethical hacking to large corporations.
JAY JACOBS has over 15 years of experience within IT and information security with a focus on cryptography, risk, and data science. He is a Senior Data Scientist at BitSight Technologies, the Standard in Security Ratings, and prior to that he was the lead data analyst at Verizon and a co-author of the Data Breach Investigations Report. Jay is also the co-author of “Data Driven Security” a book covering data analysis and visualizations for information security, and a co-founder of the Society of Information Risk Analysts. He is an active blogger, a frequent speaker, and a co-host on both the Risk Science podcast and Data Driven Security podcast. Jay can be found on twitter as @jayjacobs. He holds a bachelor’s degree in technology and management from Concordia University in Saint Paul, Minnesota, and a graduate certificate in Applied Statistics from Penn State.
SASHA ROMANOSKY researches topics in the economics of security and privacy, information policy, applied microeconomics, and law & economics. He is a policy researcher at the RAND Corporation. Sasha holds a PhD in Public Policy and Management from Carneg ie Mellon University and a BS in Electrical Engineering from the University of Calgary, Canada. He has published in the Journal of Policy Analysis and Management, Journal of Empirical Legal Studies, the Berkeley Technology Law Journal, coauthored two book chapters and has written other works on information security. Sasha was a Microsoft research fellow in the Information Law Institute at New York University, and was a security professional for over 10 years within the financial and e-commerce industries at companies such as Morgan Stanley and eBay. Sasha holds a CISSP certification and is co-author of the Common Vulnerability Scoring System (CVSS), an open standard for scoring computer vulnerabilities.
11:30 Compliance: Security Assessments, Training and Planning
TED KOBUS (moderator) is a Partner at BakerHostetler and focuses his practice in the area of privacy, data security, and intellectual property. He advises clients, trade groups, and organizations regarding data security and privacy risks, including compliance, developing breach response strategies, defense of regulatory actions, and defense of class action litigation. Ted counsels clients involved in breaches implicating domestic and international laws, as well as other regulations and requirements. Having led more than 750 data breach responses, Ted was the only private practice attorney invited to speak on the topic of data breaches in a private session with the National Association of Attorneys General. He is invested in his client relationships and approaches engagements practically and thoughtfully. Ted is national co-leader of BakerHostetler’s Privacy and Data Protection team. He is ranked in Chambers USA: America’s Leading Lawyers for Business and was one of only three attorneys named an MVP by Law360 for Privacy & Consumer Protection in 2013. Ted is a regular contributor to BakerHostetler’s Data Privacy Monitor blog and regularly speaks at major industry events regarding data breach response, risk management, and litigation issues affecting privacy. Education: J.D., Widener University School of Law, 1994, cum laude.
JEREMY HENLEY is the director of breach services for ID Experts, where they bring simplicity to the complex world of privacy incident response. Henley has direct oversight for all breach services. He has been certified by the Healthcare Compliance Association for Healthcare Privacy and Compliance and brings more than 15 years of sales, consulting and leadership experience to the ID Experts team. When incidents happen Henley and his team can manage the operational process from beginning to end. He plays an instrumental role in driving innovation in products and services that meet the needs of cyber insurance carriers, attorneys, and our business clients.
Jeremy regularly speaks at national conferences on the topics of privacy and security preparedness and data breach response best practices. Prior to this role with ID Experts, Henley managed the cyber insurance channel for ID Experts and was a regional manager responsible for the Southwest portion of the US. Henley received his Bachelor of Arts in Business Administration-Marketing at Washington State University.
SHAWN MELITO is a Management Consultant and business unit leader for NPC’s Immersion Data Breach Response (DBR), a leading notification and call center service provider in the privacy and cyber insurance communities. He has presented on the topics of data breach, data security and identity theft at multiple IAPP, RIMS, NetDiligence, ACFE and the Institute of Internal Auditors events. Shawn’s prior work experience includes managing a Canadian breach response and identity theft services company, as well as Healthcare, Insurance Services and a contract with the Office of the Privacy Commissioner of Canada. Shawn is a certified information privacy professional (CIPP/US) through the IAPP and previous member of their Canadian Advisory Board. Shawn received his B.A. from the University of Toronto, and his M.B.A. from the Richard Ivey School of Business in London, Ontario.
DARREN GUCCIONE is the co-inventor of Keeper Security and started the company with extensive experience in product design, engineering and development. At Keeper, Darren leads product vision, global strategy, customer experience and business development. Prior to Keeper, Darren served as an advisor to JiWire (www.jiwire.com), now called NinthDecimal. NinthDecimal is the leading media and technology service provider for the Wi-Fi industry. He was formerly the Chief Financial Officer and a primary shareholder of Apollo Solutions, Inc., which he and his partners sold to CNET Networks, Inc. in June 2000. Early in his career, Darren lived in Asia for several years, where he coordinated product development for Bell Sports, a world leader in the bicycle accessories market. He then served Arthur Andersen LLP as a management consultant for publicly owned manufacturing-based companies. Darren holds a Masters of Science in Accountancy with Distinction from the Kellstadt School of Business at DePaul University of Chicago and a Bachelors of Science in Mechanical and Industrial Engineering from the University of Illinois at Urbana-Champaign, where he was the recipient of the Evans Scholarship and Morton Thiokol Excellence in Engineering Design Award. He was also the recipient of the Distinguished Alumnus Award presented by The Department of Industrial & Enterprise Systems Engineering. Additionally, Darren is a licensed Certified Public Accountant. Darren is a community board member of the Chicago Entrepreneurial Center (1871) supporting the development of early stage companies, a board member of A Red Orchid Theatre in Chicago and an advisor to TechStars – a Chicago-based technology incubator for innovative startups. Formerly, Darren served on the Committee of Technology Infrastructure under Mayor Richard Daley. Darren is regularly featured as a mobile- and cyber-security expert in major media outlets including CBS Evening News, Fox & Friends, USA Today, ABC Chicago and Mashable.
STEVEN MECKL is Director of Americas Incident Response at Symantec. Steve leads the team responsible for helping our customers prepare for, detect, and respond to security incidents. Delivering world-class Cyber Readiness, Incident Response, and Advanced Threat Hunting services is is primary responsibility. Doing this, Steve is able to help Symantec customers identify, contain, and eradicate increasingly sophisticated attackers.
ONDREJ KREHEL is the Digital Forensic Lead, CEO & Founder of LIFARS LLC, an international cybersecurity and digital forensics firm, and the Captain at Cyber Team Six, an elite incident response team. He’s the former Chief Information Security Officer of Identity Theft 911, the nation’s premier identity theft recovery and data breach management service. He previously conducted forensics investigations and cyber security consulting at Stroz Friedberg. With two decades of experience in computer security and forensics, he conducted a wide range of investigations, including data breached through computer intrusions, theft of intellectual property, massive deletions, defragmentation, file carvings, anti-money laundering, financial fraud, mathematical modeling and computer hacking. Krehel’s experience also includes working as the IT Security Technical Project Leader for the Loews Corporation, Fortune 100 located New York City, and as a computer analyst for the Slovakian government-owned utility company. He holds an M.S. degree in Mathematical Physics from Comenius University in Bratislava and an Engineering Diploma from Technical University in Zvolen, Slovakia. Krehel is a frequent speaker at industry events and author on matters related to information security and computer forensic. Among other industry groups, he is a member of the High Technology Crime Investigation Association (HTCIA), the Information Systems Security Certification Consortium (ISC) and the International Council of Electronic Commerce (EC Council). He also is a Certified Information Systems Security Professional (CISSP), EnCase Certified Examiner (EnCE), and a Certified Ethical Hacker (CEH). He is one of the few that hold Certified Ethical Hacker Instructor (CEI) accreditation, and being authorized to lecture Ethical Hacking course to government and private sector. His work has received attention from CNN, Reuters, The Wall Street Journal and The New York Times, among many others.