Listed according to role and session.

Tuesday, October 18, 2016

Conference Co-Chairs

Brew copy 2OLIVER BREW is Executive Vice President, Global Head of Cyber Risk and Head of International Professional Indemnity at Aspen Insuraspenance. He is responsible for direction and implementation of cyber risk underwriting strategy across the global footprint of Aspen and joined in January 2016. Prior to this he was Head of US Professional Liability, including cyber risk at Liberty International Underwriters, part of Liberty Mutual. He also held roles of increasing seniority and management responsibility at Hiscox, which he joined in 2004, and moved to New York in 2006. He started underwriting at CFC in London, and was at Willis on their graduate program. He studied Politics at Cambridge University, is a Chartered Insurer, an Associate of the Chartered Insurance Institute and a Certified Information Privacy Professional. He has regularly spoken at industry events such as PLUS and RIMS. 

STEVE ANDERSON is the VP Underwriting and Product Executive for cyber liability, privacy, network security and technology E&O insurance products at QBE.   With over 20 years’ experience in both the insurance and technology industries; he now works in collaboration with our external customers, third party vendors and product experts to bring to market innovative solutions in the cyber liability space. Steven started his career working with technoloqbe gy start ups. Over the past 10 years, he has worked at XL, RLI and Travelers underwriting professional liability lines. At XL, he played a key role in product development and underwriting, specifically for cyber liability products. Steven holds a Bachelor of Science from Baylor University. He has also earned his Registered Professional Liability Underwriter (RPLU+) designation, and he is a Cisco Certified Network Associate (CCNA).


david lewisonDAVID LEWISON is the National Co-Practice Leader for the Professional Lines Practice of AmWINS Brokerage Group. AmWINS Group is an insurance wholesaler with over 90 offices in 16 countries. Dave is highly experienced in management and professional liability products such as: Directors & Officers, Cyberliability, Employment Practices and Professional Liability. He supports the national practice by assisting with claim disputes, authoring client advisories, creating risk analysis tools, developing proprietary products, managing market relationships, providing coverage comparisons and other value added resources. Dave has taught continuing education classes on the subjects of Directors & Officers Liability, Employment Pramwinsactices Liability and Cyberliability. He has presented on seminar panels covering topics such as privacy insurance, leveraging boards of directors, corporate turn-arounds and bankruptcies. Dave regularly authors articles on Cyberliability and management liability issues. Many of them can be found at InsuranceThoughtLeadership.com. He also moderates aLinkedIn group on Security & Privacy Insurance.   Dave regularly draws upon his experiences from more than fifteen years as a wholesaler as well as his five and a half years as a retail insurance broker and insurance company underwriter. His knowledge base built from three different sides of an insurance transaction is well rounded, yet specialized in management liability insurance products. Product specialization is a critical component of the value proposition for both Dave and AmWINS Brokerage. 


andy obuchoskiANDREW OBUCHOWSKI is the practice leader and supports global operations for cybercrime and data breach investigations, digital forensics and incident response services within the security and privacy consulting group at RSM. Andrew possesses more than 20 years of experience, including 12 years of law enforcement investigations, instruction at numerous police academies, and long-time memberships in several computer and financial crime task forces. He is also currently an adjunct professor of criminal justice at Anna Maria College in Massachusetts, where he developed and teaches graduate and undergraduate programs in information security, digital forensics and cybercrime investigations. As an industry leader and expert in his field, his team provides services and solutions for clients in preparation of and in response to matters involving a wide range of information security and privacy assessments and investigations. Prior to joining RSM, Andrew was a leader with Navigant’s legal technology solutions group overseeing matters and developing business relationships, project plans, and policies/procedures surrounding data privacy and digital forensics. Andrew also managed teams responsible for data breach investigations, complex digital forensic collections, network vulnerability and rapid security assessments. Andrew also consulted on global matters relating to information security, digital forensics and e-discovery with Kroll’s Secure RSM%2520Standard%2520Logo%2520RGBInformation Services and Computer Forensic Consulting Practice. He also developed and implemented new client service offerings relating to incident response protocols and plan development, electronic data collection practices and policy review, digital forensic laboratory assessment, and wireless network vulnerability analysis.  Further, his previous employment experience includes overseeing senior level e-discovery, digital forensic investigations, incident response and information security functions at CIGNA Healthcare. In this role, Andrew assessed and implemented new policies and procedures pertaining to digital evidence preservation, collection and storage in accordance with accepted industry practices. He was also charged with ensuring that confidential information was protected during storage and transmission relating to the daily operations of this global organization. As a former supervisory forensic analyst and Special U.S. Marshall with the Regional Electronic & Computer Crime Task Force (REACCT), he managed digital-related investigations on all types of media, ensured compliance with accepted computer forensic protocols, and presented testimony for numerous criminal cases related to computer crime and digital forensics. Andrew has also lectured across the country on topics relating to computer crime investigations, information security, data privacy and digital forensics for target audiences at all professional levels across various business industries. Education: Masters of Science, national security, University of New Haven; Graduate Certificates in Computer Forensic Investigations and Information Security, University of New Haven; Masters of Science, business administration, Anna Maria College (Currently Pursuing); Bachelor of Science, criminal justice, Anna Maria College.

john-mullenJOHN MULLEN John Mullen is the CEO and a Founding Partner of Mullen Coughlin LLC. Mr. Mullen focuses his practice on the preparation and defense of network security and data privacy breach events, which includes data loss, post-event damage control, and prevention strategies. His post breach mullencoughlinwork focuses on determining the scope of information loss, advising on customer notification (which includes dealing with public relations management), and working with the client to develop data retention and handling policies to help prevent further breaches. He has significant experience in complex e-discovery and insurance litigation. Arizona State University College of Law Juris Doctor, 1991; Penn State University Bachelor in Business Administration, 1987.

8:45 a.m. Cyber Claims & Loss Updates

JOHN MULLEN (moderator) See above biography for this conference co-chair.

MARK GREISIGER is the President of NetDiligence which provides cyber risk assessment and data breach response services for insurers and Risk Managers to help them better understand if an insured organization deploys reasonable & prudent security and privacy safeguards in order to mitigate data breach loss & liability risk. Since 2001 NetDiligence services have been utilized (and often required) by the majority of insurers in US & UK that offer privacy liability insurance products, providing loss control services for their insured business clients. Mark is also to a frequently published contributor for various insurance & risk management publications on similar topics. Education: MS Information Systems, Drexel University; MS Villanova University
; BS Pennsylvania State University.


CHRIS NOVAK is a co-founder and the Director of the Verizon RISK Team. He is an internationally recognized expert in the field of Investigative Response and Computer Forensics. He has been involved with information security for over 15 years. Christopher has assisted corporations, government agencies, and attorneys with all matters involving computer forensics, fraud investigations, and crisis management. He has testified as an expert witness in various matters and before such bodies as the Supreme Court of the State of New York. He has also briefed United States congressional committees such as Senate Banking, House Financial Services, Senate Commerce, House Energy & Commerce, Senate Judiciary, House Homeland Security and Senate Homeland Security & Government Affairs. He has been an advisor on Verizon enterprise solutionsdozens of high-profile intrusion and data breach investigations around the globe. He works closely with local, state and federal law enforcement agencies as well as joint investigative operations coordinated with foreign law enforcement.

In his current position, he manages teams of highly skilled consultants located around the world. Each of these teams maintains experts in various fields of study and practice, such as forensic analysis, malware reverse engineering, threat intelligence analysis and threat actor attribution, among others… Christopher specializes in high-level crisis and emergency response matters and is regularly consulting with executives from Fortune 500 companies with regard to pre-planning for such situations as well as leading active crisis response matters and liaising with external partners. Christopher is an active public speaker, discussing various topics ranging from high-level best practices to executive-level crisis management. He has been a contributing author of the Verizon Data Breach Investigations Report since its first publication in 2008 and has been featured in such media outlets as The Wall Street Journal, ABC News, American Banker, and many others. Christopher is an active member among multiple industry trade groups and a frequent guest lecturer at universities. He also serves as an advisor for many industry-related associations in an effort to further promote cybersecurity awareness and education as well as working closely with organizations as it relates to various policy initiatives on the topic of cybersecurity. Christopher holds a Bachelor of Science Degree in Computer Engineering from Rensselaer Polytechnic Institute.


Brendan Kelley is a Vice President of North American Financial Lines Claims with Chubb where he has North American claims responsibility for the Cyber, Lawyers, Media, and the Miscellaneous Professional Liability lines of business.  Previously, Brendan served as Vice President with worldwide responsibility for claims involving Environmental, Life CHUBB_Logo_Orange_RGB (1)Sciences and Other Mass Torts. He has been tenured with Chubb for 14 years. Prior to joining Chubb, Brendan was an attorney with several large national law firms and an analyst with several of the ‘Big 4’ accounting/consulting firms. Brendan is a graduate of the University of Pennsylvania (B.A.), Carnegie Mellon University (M.B.A.), and the University of Pittsburgh (J.D.).

BRIAN robbROBB is a Senior Claim Counsel in CNA Specialty Claim’s Management Liability, Financial Institutions and Technology unit cnawhere he is focused on the Company’s Global Cyber and Technology claims.  In addition to handling complex claims, Brian’s responsibilities include the support and development of the Company’s Global Cyber and Technology E&O portfolio.  Brian joined CNA’s Specialty Claim unit in 2010, and previously spent over four years as the Director of the Cyber and Technology E&O claim unit.  Prior to joining CNA, Brian worked in private practice in New York, where his practice focused on Professional Liability Litigation.  Brian received his undergraduate degree from The University of North Carolina at Chapel Hill in 2001, his law degree from Brooklyn Law School in 2005 and an MBA from the Zicklin School of Business at the City University of New York in 2014.


Rich Sheridan RRICH SHERIDAN is a Vice President of Claims for AXIS Pro Insurance.  Rich oversees the company’s claims stemming from its Data Breach, Cyber Liability, axisTechnology, and Miscellaneous E&O and product lines.  Prior to joining AXIS Pro, Rich served in a similar role at ACE North American Claims in New York and New Jersey for over 10 years, and before that was a Complex Claim Director for Miscellaneous Professional Liability Claims at AIG Technical Services in New York.  Before entering the insurance industry, Rich worked for 3 years as an associate for law firms in New York, and prior to that for over five years as an Assistant District Attorney in The Bronx, New York.  Rich earned his JD from Fordham University School of Law and has a BA from the State University of New York at Albany.



9:45 a.m. Breakout A – The Evolution of Cyber Products

Jeremy Barnett.HS
 (moderator) is Senior Vice President of Marketing for NAS Insurance, based in Los Angeles. Jeremy works across all NAS lines of business including Cyber, Specialty Products and Reinsurance Solutions to provide product marketing, sales training, and producer support. He has led NAS’ cyber liability initiatives including the introduction of BrandGuard in 2013.  Barnett is responsible for all corporate Basic CMYKcommunications and strategic marketing programs including national advertising, PR, and partnership programs. Jeremy also provides leadership for NAS Online, the producer portal that enables brokers and agents to quote and issue a broad range of NAS policies including cyber liability, Medefense Plus, and a range of E&O products. Prior to joining NAS, Jeremy held various corporate marketing and technology roles for SONY, HP, Pepsi-Cola, Toyota, Qualcomm, Oracle, Charles Schwab, and Credit Suisse.



EVAN FENAROLI has been with Philadelphia Insurance Companies (PHLY) since 2008, where he began his insurance career as an underwriter in the Management and Professiophiladelphia ins cosnal Liability division,  focusing on Cyber Security Liability, Professional Liability (Errors & Omissions), and Directors & Officers Liability coverage. He is now an Underwriting Manager and Cyber Liability Product Specialist, managing all aspects of PHLY’s Cyber product, including growth, profitability, marketing strategy, and form development. Evan graduated in 2008 from the University of Pennsylvania, majoring in Philosophy, Politics and Economics, and also holds a Registered Professional Liability Underwriter (RPLU) designation from the Professional Liability Underwriting Society.


Marcus BreeseMARCUS BREESE  has been a Professional Liability and Cyber Insurance Underwriter at Hiscox for 15 years.  During that time he has managed a team of UK and European underwriters and underwritten a diverse range of professions.  These range from tech and media companies to architects, engineers and law firms in jurisdictions from US, Canada and the UK. As part of his role he spends a lot of time meeting clients and having a deep understanding of what and how clients practice enhances his understanding of their requirements and the practices they are trying to protect.


MuziiRENNIE MUZII is a senior vice president at Endurance Specialty Holdings Ltd where his responsibilities include business development and underwriting ofendurance executive lines of insurance such as Directors and Officers Liability, Professional Liability, Employment Practices and Cyber Insurance.  Prior to his current role, he was a Managing Director Marsh & McLennan where he worked with both public and private companies, specializing in the communication, media, and technology industries. He began his career with AIG Executive Liability as a professional liability underwriter, holding various underwriting and management roles.


Kamaiko_Laurie_300lAURIE KAMAIKO is a Partner in the New York City office of Sedgwick LLP.  She is on the Leadership Team of the firm’s Cybersecurity & Privacy Group as well as of its Cyber Insurance Task Force. She regularly advises on the exposures, risk management and compliance issues presented by cyber and privacy risks, and on incident preparedness and response. She also represents companies inPrint the insurance industry on issues involving coverage, claims handling, and extra-contractual liabilities. She often works with insurers on drafting insurance forms and endorsements, including those addressing privacy and cyber risk exposures.  Laurie is a frequent author and regular lecturer on cyber risk and insurance issues. Laurie is a graduate of  Vassar College and Boston University School of Law.

ADAM COTTINI is Managing Director, Cyber Liability Practice for Arthur J. Gallagher & Co. He is responsible for the overall direction of the Cyber Liability Practice including development of state of the art product solutions, insurance gap analysis, risk exposure analysis, risk modeling, benchmarking, and best practices implementation. He has been brokering cyber liability for 10 years. From 2008 – 2014, Adam managed a diverse book of professional liability accounts for Arthur J. Gallagher & Co. consisting of Directors & Officers Liability, Employment Practices, Fiduciary Liability, Professional Errors & Omissions, Cyber Risk, and Media Liability. Adaarthur j gallagherm came to Gallagher from AmWINS Brokerage of New York, Inc. where he was an Assistant Vice President within the Financial Risk Group from 2005 – 2008. His focus within AmWINS was producing and marketing Professional and Executive Liability insurance solutions for public, private, nonprofit and association entities.   Prior to joining AmWINS Brokerage of New York, Adam was employed by American International Group Inc. (AIG) in the Middle Market Executive Liability Group from 2000 to 2005 as an Underwriter/Underwriting Manager. At AIG Adam shared day to day management responsibility of a large book of Executive Liability products consisting of Directors & Officers Liability, Employment Practice Liability, and Fiduciary Liability for Public, Private, and Non-Profit corporations. While at AIG additional emphasis was placed on policy form analysis, education of underwriting peers, and financial analysis. Adam began his insurance career at Reliance National in 1998 in the Casualty Risk Management division underwriting Workers Compensation, General liability and Commercial Auto Liability for Fortune 1000 insureds. While at Reliance he underwent a 3 month intensive insurance training program focusing on all facets of the commercial property and casualty industry.   Education: State University of New York – New Paltz, BS in Business Administration and Finance.

9:45 a.m. Breakout B – Sector Risk

PASCAL MILLAIRE (moderator) is the General Manager of Symantec’s new Cyber Insurance Group. In that role he is responsible for developing new actuarial, symantecunderwriting and assessment products that leverages Symantec’s cyber security data and for establishing product partnerships with insurers. He was previously the President of a technology company that provides white label IoT mobile solutions to hotel companies and spent 7 years at McKinsey and Company, where he served insurance clients on topics of P&C product strategy, claims process design, broker compensation, re-insurance risk management and product pricing. Pascal holds an MBA from the Stanford Graduate School of Business and a BA (Hons) from the Univeristy of Cambridge.


JOHN FARLEY is currently serving as a Vice President and Cyber Risk Consulting Practice Leader for HUB International’s Risk Services Division. Headquartered in Chicago, IL, HUB International Limited is a leading North American insurance brokerage that provides a broad array of property and casualty, life and health, employee benefits, reinsurance, investment and risk management products and services through offices located throughout the United States and Canada.  John is based in New York City and brings 24 years of risk consulting experience to the firm. While working at HUB International John has performed a variety of cybehub-logo-fullr risk consulting services for clients across many industries, including but not limited to Healthcare, Retail, Financial Services, Higher Education and Information Technology companies.  He serves as a resource for pre-breach planning and post-data breach response in network security & privacy liability consulting. In this role he applies extensive knowledge in data breach response best practices and  works diligently with clients to achieve optimal results in cost mitigation.

John acts as a central coordinator between all parties involved – the client, insurance carriers, and any outsourced service provider hired, including , IT forensics experts, privacy attorneys, public relations firms, call center operators and other breach response service providers.

John also facilitates online access to HUB International’s e-Risk Hub. This online database serves clients’ ongoing educational needs in the ever-changing network security and privacy risk environment. In addition, John provides client training that assists clients efforts in forecasting potential loss costs related to a network security event.

He is a regular speaker at educational seminars on multiple network security and privacy liability challenges facing organizations today. Areas of focus are HIPAA, Payment Card Industry Data Security Standards, FERPA, government threat sharing initiatives, regulatory compliance and data breach notice requirements at the state, federal and international levels.

John has a Bachelors of Arts degree in English and a minor in Business Management from Manhattan College. In addition, John is a Certified Information Privacy Professional (CIPP/US) and has received his Associate in Claims (AIC) designation.

Mary GuzmanMARY GUZMAN is Senior Vice President, E&O/Information Security Practice Leader at McGriff, Seibels & Williams – Financial Services Division. She joined McGriff in September of 2009 as a Senior Vice President and Errors & Omissions/Information Security practice leader concentrating on the design, placement and oversight of customized executive risk solutions for the Fortune 1000 and other complex accounts.  Mary has a background in both property/casualty and executive rimcgriffsks issues and has concentrated the past several years in the errors and omissions/professional liability, cyber/privacy, and media risks across industry groups.  Her current responsibilities include the strategic leadership role for both clients and the insurance markets relative to product and service development, education and consulting, and the development of market capacity in difficult to insure industries such as energy and financial institutions.  Mary and her colleagues have developed several leading edge proprietary solutions in the E&O and Information Security arena, which are regarded as some of the broadest on the market today.  These include a combined E&O/media/cyber form used by several very complex clients, and an industry line slip of $100M for utility clients, which offers the largest capacity and broadest terms in the market today.   Ms. Guzman is also a senior broker for the Law Firm team at McGriff.  Ms. Guzman is involved with the DHS and other government agencies in various working groups where the insurance industry is leading some initiatives around helping public/private partnerships secure US Critical Infrastructure.

paul nikhinsonPAUL NIKHINSON is a Privacy Breach Response Services Manager with Beazley’s Breach Response Services unit.  Paul suppoBrts Beazley’s clients in data breach investigations, assists with privacy risk management and loss control, and helps Beazley insureds respond to the wide range of issues arising subsequent to an actual or suspected data privacy breach.



sarah stephensSARAH STEPHENS Partner, Head of Cyber, Technology, and Media E&O Financial Risk Division JLT Specialty Limited.   As part of JLT Specialty’s London-based Financial Lines Group, Sarah and her team work both directly with our clients and with network colleagues and independent partners to make sense of cyber, technology, and media E&O (PI) risks and create leading edge bespoke insurance solutions in the London market.   Prior to joining JLT, Sarah spent 12 years with Aon in a variety of roles.  Most recently Sarah was Aon’s Head of Cyber & Commercial E&O for the Europe, Middle East, and Africa (EMEA) Region, working with colleagues across business JLTLogogroups and clients in the region to identify, analyze, and drive awareness of cyber risks, exposures, and both insurance and noninsurance solutions.   Previously, Sarah spent seven years with Aon’s US Cyber and Errors & Omissions practice group thinking nonstop about cyber insurance way before it was cool.  Her first four years at Aon were spent in the Account Management group working with large clients and developing a keen eye for excellent client service.   Education, Affiliations and Awards: Sarah holds BA with Distinction from Duke University in Durham, North Carolina in 2002. She also holds an Associate in Risk Management designation and is an active member of the Professional Liability Underwriting Society, formerly as part of the Northern California Chapter Steering Committee and currently as part of the Europe Chapter Steering Committee. Sarah received a Risk and Insurance Magazine Power Broker Award in the Technology Category in 2013. Sarah is a keen supporter of diversity in the insurance industry and contributed to PLUS’s Diversity and Inclusion Initiative.  She currently participates on the newly formed JLT Group Diversity committee.

STKohnUART KOHN has over twenty years of insurance experience as an underwriter and broker.  He is currently a Vice President in the Professional Liability Division of Navigators Management Company, Inc. and is the company’s practice leader for NavSecure®, Navigators’ cyber liability, network security and privacy/data breach product. Prior to Navigators, Stuart was an underwriter with AIG, New York Marine and General Insurance Company, and Hartford Financial Products, as well as a broker with MarshNavigators_Logo and Aon.  He has been a leader in cyber liability, network security and privacy/data breach insurance since joining AIG eBusiness Risk Solutions in 2000.  His work has focused on cyber, privacy, technology, and media lines of professional liability.  Stuart is a graduate of the George Washington University and the Fordham University School of Law and is a member of the bars of New York and New Jersey.





11:15  a.m. Breakout A – State of Litigation

STEVEN ANDERSON (moderator) See above biography for this conference co-chair.

Meade_MatthewMATT MEADE is co-chair of Buchanan Ingersoll & Rooney’s Cybersecurity and Data Protection Group, where he provides advice regardiBuchananLogong data security breaches, information and records management and other areas regarding privacy. He helps clients identify business risks associated with the use and storage of sensitive information. Matt regularly advises clients on security breach notification laws and other U.S. state and federal data security requirements (including laws regarding disposal of records). Matt drafts agreements addressing issues related to data use, privacy and security. He also has prepared document retention and management policies and developed associated training programs.

Dominic-Paluzzi-69694DOM PALUZZI is a member in the firm’s national Data Privacy and Cybersecurity Practice Group. He advises organizations on data privacy and cybersecurity risks on both a national and international basis, including proactive compliance, incident response strategies and management, and defense of regulatory enforcement actions and single-plaintiff and class action litigation. Dominic has counseled clients through over 425 mcdonald hopkinsdata breaches and privacy incidents where he works closely with state and federal law enforcement, forensic investigators and third-party vendors to offer his clients efficient and effective breach response services in compliance with the numerous state, federal, international and industry-specific legal obligations. Dominic has significant experience defending organizations in third-party and regulatory enforcement actions arising out of a data breach. He also focuses his practice on proactively protecting clients’ personal, sensitive and confidential information and minimizing the risk of a data privacy incident. He has conducted more than 165 breach response workshops and training sessions for organizations and their risk management teams, and helps clients with the development of their written information security programs and incident response plans. In recognition of his efforts in this area, Dominic was named to Cybersecurity Docket’s inaugural Incident Response 30, a list of the “best and brightest” data breach response attorneys and compliance professionals in the industry. Dominic and his team were also named a finalist for Advisen’s 2015 Cyber Risk Awards in the Cyber Risk Pre-Breach Team of the Year category.

His work in this area covers a multitude of industries, including, higher education, healthcare, hospitality, retail, automotive, utilities, accounting, financial services, law, information technology, staffing services, manufacturing, professional employer organizations, fleet services, franchising, non-profits, drug and pharmacy, municipalities, and insurance. Dominic is also a frequent speaker and writer on data privacy law. If you suspect that your organization has suffered a data breach, call our 24/7 Hotline: 855-MH-DATA1 (855-643-2821).

Dominic also has significant experience in the area of trade secret and non-compete law, counseling clients in nearly every industry. He has considerable nationwide experience prosecuting and defending employers and employees in non-compete, non-solicit, non-disclosure and trade secret litigation. Dominic’s national practice also involves drafting of complex restrictive covenant agreements and auditing of protectable business assets. Dominic earned a J.D./M.B.A., cum laude, from University of Detroit Mercy School of Law in 2007. He received a B.S.A., summa cum laude, from University of Detroit Mercy in 2004.

Rapp300EVE-LYNN RAPP is Partner at Edelson PC, where she focuses her practice on consumer technology class actions, with a particular emphasis on cell phone telephony and Telephone Consumer Protection Act (“TCPA”) cases and “negative option” enrollment consumer fraud cases. She also regularly handles plaintiff’s side employment class actions, including federal Fair Labor Stands Act cases and their state law counterparts. Eve is the hiring partner for the firm’s Chicago office.

Eve has helped lead approximately 20 TCPA class actions, including Birchmeier v. Caribbean Cruise Line, Inc. et al., No. 12-cv-04069 (N.D.Edelson-PC-300x152 Ill.), where she secured the largest adversarial TCPA class in this nation’s history. She is also lead counsel in one of the few “Do Not Call” TCPA cases to settle, resulting in a multi-million dollar settlement and affording class members with as much as $5,000 individually. Eve has also prosecuted TCPA cases on an individual basis in arbitrations, winning six-figure settlements.

Eve received her J.D. from Loyola University of Chicago-School of Law, graduating cum laude, with a Certificate in Trial Advocacy. Eve graduated from the University of Colorado, Boulder, with distinction and Phi Beta Kappa honors, receiving a B.A. in Political Science.

JOHN Yanchunis300YANCHUNIS leads the National Consumer Class Action and False Claims Act sections of Morgan & Morgan’s Complex Litigation Group.   After the completion of a two-year clerkship with United States District Court Judge Carl O. Bue, Jr. (retired) Southern District of Texas, he began a career as a trial lawyer, and has concentrated his practice on consumer class actions for the last 19 years. He has represented consumers in numerous privacy rights and data breach cases, beginning with the multidistrict consolidated class case of In re DoubleClick Inc. Privacy Litigation, No. 00-cv-0641-NRB (S.D.N.Y.), a seminal privacy class action that settled in 2002 and involved DoubleClick’s use of cookies to track the private activities of internet users. He was also appointed by the court as co-lead counsel in the successful prosecution and class settlement of the two largest class action cases in the United Statemorgan & morgans: Fresco v. Automotive Directions, Inc., No. 03-61063-JEM (S.D. Fla.), and Fresco v. R.L. Polk, No. 07-cv-60695-JEM (S.D. Fla.). Both of these cases involved the protection of the important privacy rights of a class in excess of 225 million consumers throughout the United States and its territories. He has also served as co-lead counsel in the successful resolution of the following privacy class actions: Davis v. Bank of America, No. 05-cv-80806 (S.D. Fla.) (10 million dollar fund); Kehoe v. Fidelity Federal Bank and Trust, No. 03-cv-80593 (S.D. Fla.) (50 million dollar common fund) and Pino v. Warranty Acceptance Corporation, No. 05-cv-61576 (S.D. Fla.). In addition, he served as lead counsel in the following data breach class cases: Burrows v. Purchasing Power, LLC, No. 1:12-cv-22800 (S.D. Fla.), Elyzabeth Ramirez v. ChenMed, LLC, No. 1:14-cv-20497-KMW (Fla. 11th Cir. Ct.), and Carsten v. University of Miami, No. 14-cv-20497 (S.D. Fla.), all of which were settled and provided monetary and injunctive relief to members of the class.

11:15  a.m. Breakout A – Standard of Care
mark maoMARK MAO (moderator) is a partner in the Cybersecurity, Information Governance and Privacy and Business Litigation practices of Troutman Sanders. Mark is certified by the International Association of Privacy Professionals (IAPP), for their ISO-approved programs, as a Certified Information Privacy Technologist (CIPT), and a Certified Information Privacy Professional in the United States (CIPP/US). Mark’s practice focuses primtroutman sandersarily on emerging-technology companies, with a particular interest in their intellectual property and privacy (“cyber”) law needs. He has substantial experience advising and litigating on behalf of companies across a broad spectrum of industries, including consumer and enterprise software, database applications, e-commerce, data brokers, advertisers, social networking, mobile applications, and payment technologies, in addition to hardware, bio-tech, “green”-tech, and renewable energy. Mark has successfully defended numerous organizations through difficult intellectual property disputes, insider/shareholder disputes, and consumer-class actions where the regulatory and legal issues continue to evolve rapidly, such as in the areas of Telephone Consumer Protection Act (TCPA) and Fair Credit Reporting Act (FCRA) litigation. Mark has advised companies throughout their product life cycles on emerging privacy law issues, in addition to handling their data breach needs.

meal-doug-newDOUG MEAL is a seasoned trial lawyer representing companies in complex transaction-related disputes arising from all varieties of business agreements. Most recently, he has played a leading role in the firm’s privacy and data security practice, specializing particularly in representing clients targeted by litigation and government investigations stemming from highly publicized data security breaches. As the lead outside lawyer handling claims stemming from the data security breaches suffered by Target, Neiman Marcus, The Home Depot, Supervalu, Sony, Heartlaropes & graynd Payment Systems, The TJX Companies, Hannaford Brothers, Aldo, Genesco, and Wyndham Hotels—some of the most highly publicized data security breaches in recent years—Doug has become the national leader in defending companies that suffer significant data security breaches involving consumer information against the ensuing claims and regulatory investigations. He frequently writes and lectures on privacy and data security issues.  Doug received a B.A. from the University of Pennsylvania and a J.D. from Harvard Law School.

KangTHOMAS KANG is the Cyber Product Manager of Harford Financial Products.Hartford As the Cyber Product Manager, Thomas is responsible for the strategic development of privacy and network security insurance products and related risk management services. He also oversees the development and execution of cyber related underwriting and product strategies across The Hartford to ensure tailored cyber risk solutions for clients.
Thomas is a graduate of Fordham University School of Law.



Adam HammADAM HAMM, Insurance Commissioner, North Dakota Department of Insurance. He was appointed Insurance Commissioner by Governor John Hoeven in October 2007, elected to a four-year term in November 2008 and reelected to a second four-year term in November 2012. Adam has a strong and varied background that includes experience both in public service and in the private sector.ND Dept of Ins Adam’s dedication to serve the public began with his work as a prosecutor at the Cass County State’s Attorney’s office. Adam prosecuted personal crimes, including murder, rape, robbery, assault, and child physical and sexual abuse. This work gave Adam an understanding of what it takes to protect the public. Among the cases he handled during his time as a prosecutor was the prosecution of Kyle Bell for the murder of Jeanna North, an 11-year-old Fargo girl. This case ultimately resulted in a life sentence for Bell, but just as importantly, prompted the enactment of tougher laws against sex offenders in North Dakota. Adam has also worked as an attorney in private practice advocating for North Dakota businesses and individuals. He is a graduate of Sam Houston State University and received his Juris Doctorate Degree, with Distinction, from the University of North Dakota School of Law in 1998.

EDWIN ACOSTA, U.S. Department of Health and Human Services, Office of Civil Rights


12:15 p.m. Lunch Keynote Speaker

Peter Swire

PETER SWIRE has been a leading privacy and cyberlaw scholar, government leader, and practitioner since the rise of the Internet in the 1990’s. In 2013, he became the Nancy J. and Lawrence P. Huang Professor of Law and Ethics at the Georgia institute of Technology. Swire teaches in the Scheller College of Business, with appointments by courtesy with the College of Computing and School of Public Policy. He is senior counsel with the law firm of Alston & Bird LLP.

Swire served as one of five members of President Obama’s Review Group on Intelligence and Communications Technology. Prior to that, he was co-chair of the global Do Not Track process for the World Wide Web Consortium. He is a Senior Fellow with the Future of Privacy Forum.

Under President Clinton, Swire was the Chief Counselor for Privacy, in the U.S. Office of Management and Budget, the only person to date to have U.S. government-wide responsibility for privacy policy. Under President Obama, he was Special Assistant to the President for Economic Policy.

1:45 p.m. Crime & Extortion

DAVID LEWISON (moderator) See above biography for this conference co-chair.

Artin HSKELLI ARTIN is a Vice President at Liberty International Underwriters in New York City.  Ms. Artin works in the Professional, Privacy and TecLibertyHRhnology Department primarily underwriting Privacy and Technology E&O risks throughout the U.S.  Ms. Artin has more than 23 years of experience in underwriting technology, privacy and miscellaneous professional liability.  Prior to her working at Liberty for the last 10 years, she worked at Zurich and AIG.  Ms. Artin graduated from Rutgers University with BA in Communications.


Krone300WINSTON KRONE is the Global Managing Director of Kivu (www.kivuconsulting.com), a nationwide technology firm specializing in the forensic response to data breaches and proactive IT security compliance.   Kivu, headquartered in San Francisco with offices in Los Angeles, New York and Washington DC, is a pre-approved cyber forensics vendor for leading AmericKIVU LOGOan and UK insurance carriers.  Winston has handled the technical response and remediation on numerous breaches and computer network intrusions in a wide range of sectors including education, healthcare, professional services, and financial institutions.  He has frequently testified as a cyber expert before US regulators, in post-breach litigation, and in state and Federal courts regarding computer forensic issues.  Winston is also an English solicitor and California attorney, experienced in privacy and cyber issues.  Winston received his law degree from Oxford University, UK.

liuCHRISTOPHER LIU is the Head of Cyber Risk for AIG’s Financial Institutions Group and oversees the underwriting of network security products within the F.I. DivisiAIG_logon of AIG Property & Casualty.  Prior to assuming responsibility for the cyber practice, Chris had a focus on a broader array of management and professional liability products for banks and lenders, insurance companies and asset management firms. AIG is a diversified global market leader, serving businesses and individuals worldwide. The firm’s Financial Institutions Group is a leading provider of management, professional, and cyber liability products and customized risk solutions.


ERICH KRON  Erich Kron, Security Awareness Advocate at KnowBe4, is a veteran information security professional with over 18 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the 2nd Regional Cyber Center-Western Hemisphere and holds CISSP, CISSP-ISSAP, MCITP and ITIL v3 certifications, among others. He has managed the technical integration and functional testing of multi-million-dollar enterprise level technology projects within the Department of Defense, as well as large military security programs. Erich has worked with information security professionals around the world to provide the tools, training knowbe4and educational opportunities to succeed in the InfoSec industry.  Erich holds a Bachelor of Science, IT – Networks Administration from Western Governors University.

KIMBERLY ANDERSON Special Agent FBIfbi logo




3:15  p.m. Breakout A – Intrusion Detection Systems & Liability

ANDREW OBUCHOWSKI (moderator) See above biography for this conference co-chair.


SchworerANDY SCHWORER has over 10 years of Computer Network Defense experience in support of both Fortune 500 organizations and the United States Department of Defense. As the Director of Technical and Network Operations, Andy leads a team responsible for delivering incident response and proactive services to customers while leading the development of CrowdStrike Services’ Falcon Network detection capabilities. Prior to joining CrowdStrike Andy supported the United States Department of Defense as a Global Network Exploitation and Vulnerability Analyst. Andy led network vulnerability assessments, incident response, and penetration testing missions around the world evaluating the security posture of strategic and tactical networks. As a recrowdstrikesult of his service, Andy was awarded the Global War on Terrorism Civilian Service Medal and received multiple letters of commendation. Andy received a Bachelor of Science in Computer Science from the University of Dayton and a Master of Science in Computer Science from the University of Hawaii at Manoa. He has delivered network hunting and incident response focused Black Hat training courses on three continents.


Rebholz_Jason_largeJASON REBHOLZ is the Director of Professional Services at The Crypsis Group. He oversees the consulting organization and all services that Crypsis provides its clients. In addition, Jason manages incident response and security services engagements. He has an extensive background in incident response and specializes in forensic analysis of Windows and Linux operating systems.Crypsis_logo final_updated tagline

Prior to joining The Crypsis Group, Jason was at Mandiant for six years. During his time there, he led incident response investigations that involved multiple threat actors including financially motivated attackers, organized crime, nation-state threat actors, and hacktivists. Jason has led engagements for law enforcement and a number of Fortune 100 companies across multiple industries including defense, retail, financial services, and healthcare. He has also worked with organizations to develop and secureworksimprove incident response procedures and policies to assist in the future detection and remediation of incidents.

Lysaught copy 2

BILL LYSAUGHT has enjoyed a 20+ year career in information technology, security technologies and programs across the organizational continuum in financial services, defense and aerospace, telecommunications, and a variety other industries. He currently serves as a senior cyber-security architect and subject matter expert for Dell SecureWorks, providing strategic security expertise to leadership teams within the Dell constituency and counseling global security organizations on best practices in the prevention of advanced attacks and data theft. Bill has held a range of technical and leadership positions, such as Strategic Security Advisor for two large fortune 100 companies, Professional Services Director at several large security software/consulting companies, and Security Architecture and Program Development consultant for numerous companies.  His security career began in the late 1990’s when he was involved with one of the largest financial services firms in the development of their first customer facing portal strategy. Bill has experience working with technical teams on up to the C-Suite, focusing his background in cyber security strategy and architecture, program development, mergers and acquisitions, network and computer forensics, and privacy on the evangelism of Information Security concepts across diverse enterprises. He earned his BS in computer science from Illinois State University.


BRIAN KLENKE is a Cofounder and Vice President of Incident Response for Morphick, Inc.  He leads a team of experienced incident responders that help organizations identify and respond to targeted cyber intrusions. Brian brings over 15 years of information security experience to Morphick. Before joining Morphick, he was the Senior Cyber Intelligence Analyst for the Lockheed Martin CIRT and was instrumental in building the counter-APT program for General Electric’s Aviation, Energy, and

morphick-logo_0Transportation businesses. He has been a leading contributor to the counter-APT community within the Defense Industrial Base, organizing and leading cyber intelligence sharing events between the major defense contractors and the US intelligence community, including the DoD, FBI, USAF, and NCIS. Brian has presented on counter-APT techniques and initiatives to the CIO of the Pentagon, the Department of Defense Cyber Crime Center (DC3), and defense industry groups. Additionally, he has participated in meetings with senior cyber policy makers at the White House and Department of State.


Cronin 20160719v2 copy 2CHRIS CRONIN has been an information technology and security professional for twenty years building and operating secure networks, managing incident responses, supporting litigation using forensics and risk analysis, and working with organizations to make their networks demonstrably secure and compliant. Chris brings a deep knowledge of technology, management, and security blended with an academic background in the history of law to his clients. This unique combination of capabilities has provided Chris’ clients with a security program that is as sensible to technologists as it is to executives, legal counsel, and regulators. Chris has operated as a GIAC-certified incident handler and a security auditor, and has helped organizations achieve ISO 27001 certifihalock security labscation using his risk management expertise. Chris has advanced industry understanding of cyber risk management through articles and blogs he has authored for InfoSec and industry publications, and by presenting at InfoSec and legal conferences and events. Chris has been with HALOCK Security labs since 2010, where his primary focus has been to help organizations secure their information assets while complying with relevant regulations and statutes.

3:15  p.m. Breakout B – Business Interruption Issues & Coverage

BOB PARISI (moderator) is a managing director and National Cyber Product Leader in Marsh’s New York City headquarters. His current responsibilities include advising clients on issues related to intellectual property, technology, privacy, and cyber related risks as well as negotiating with the carriers on terms and conditions. Robert is also responsible for coordinating Marsh’s Global Cyber Network.   Prior to joining Marsh, Robert was the senior vice president and Chief Underwriting Officer (CUO) of eBusiness Risk Solutions at AIG. Robert joined AIG in 1998 as legal counsel for its Professional Liability group and held several executive and legal positions, including CUO for Professional Liability and Technology. While at AIG, Robert oversaw the creation and drafting of underwriting guidelines and policies for all lines of marshProfessional Liability. Robert was also instrumental in the development of specialty reinsurance to address aggregation of risk issues inherent in cyber, privacy and technology insurance. In addition to working with AIG, Robert has also been in private practice, principally as legal counsel to various Lloyds of London syndicates.   While at Marsh, Robert has worked extensively with Marsh clients in all industries, assisting them in analysis of their risk as well as in the placement of coverage for cyber risks. Education: BA in economics, Fordham College; JD, Fordham University School of Law.

Murlick_Brad_headshot 4-2016BRAD MURLICK is a Managing Director and leader in Navigant’s Forensic Accounting Claims and Consulting (FACC) practice, and is based in Chicago, IL.  Navigant’s FACC practice is focused on assisting clients, including their counsel and brokers with large, complex, insurance claims, specifically those related to first party and third party loss situations and disputes.  During his career, he has assisted thousands of clients with the recovery of billions of dollars in connection with cyber/data breach, property/business interruption, product recall/product liability, fraud and fidelity, builder’s risk, political risk, as well as other first party and third party/casualty claims.  Prior to Navigant, he was a Partner at Deloitte, and led its North American Business Insurance Consulting practice, as well as its Global Product Recall practice. In Navigant_Logo_Coloraddition to helping clients prepare claims after a loss, Brad also has significant experience assisting clients with the computation and analysis of insurable values in connection with both cyber/data breach, and property and business interruption insurance policies.  He has also assisted numerous insurance brokerage clients in the defense of E&O matters involving property and casualty disputes, and litigation. Brad has testified in State and Federal Court as well as in alternative dispute resolution situations on numerous occasions, and regularly assists clients with pre-trial mediations.  He is widely published (John Liner, IRMI, Risk and Compliance, Risk Management Magazine, etc.) and has spoken numerous times on business insurance and claims topics in a variety of settings, including the American Bar Association, and Risk and Insurance Management Society (RIMS) national, regional and local events.  He is also frequently quoted in insurance industry publications, including Business Insurance, Best’s Review, Crain’s and Risk and Management; and has appeared on CNBC, Summit TV (South Africa) and National Public Radio to discuss claim issues.

Cleary_John_print1JOHN CLEARY is a New York Shareholder in the Privacy, CyberSecurity & Media Practice Group at Vedder Price P.C., having joined the firm after an extensive career at LeBoeuf Lamb LLP (later Dewey & LeBoeuf LLP).  Mr. Cleary has over 25 years of commercial litigation experience for U.S. and international clients, including extensive experience representing Lloyd’s and London Market insurers and reinsurers in U.S. litigation and arbitration.  He has expertise in insurance wordings and coverage issues as well as the disclosure, policy interpretation and mitigation issues that arise in contested matters.  Mr. Cleary’s cyber experience includes pre-breach and post-breach services for a wide range of public and private sector clients, both insured and uninsured.

A fovedder-price-logormer Assistant U.S. Attorney, Mr. Cleary has litigated privacy and data security issues on behalf of the U.S. government in a number of settings and continues to represent clients whose data breach and related issues bring them into contact with law enforcement or regulators at the federal or state level.  Mr. Cleary is licensed to practice in New York, New Jersey, multiple federal courts and the U.S. Patent and Trademark Office.  He has a B.S. in Chemical Engineering from Cornell University and a J.D. from Harvard Law School.  He is a frequent speaker and panelist on cyber and insurance topics, most recently at St. John’s Law School in New York and at the New York City Bar Association Center for CLE.

NEERAJ SAHNI is a national resource for Willis’s efforts on Network Security, Privacy and Technology Error & Omissions risks.   Neeraj focusses on insurance solutions to address the Security / Privacy liability and first party risk associated with in the retail, healthcare and financial industries. Neeraj maintains a strong knowledgwillis towers watsone of evolving regulatory laws for data breach notification as well as recent developments in the realm of data security and privacy.   Prior to joining Willis, Neeraj was Director of Insurance Channel at Kroll responsible for developing and managing opportunities for breach response services with insurance carriers. Neeraj also served as Director of Security and Privacy at AIG responsible for risk assessment of potential insureds, cyber product and underwriting. At CNA, Neeraj was IT Audit Manager responsible for worldwide infrastructure audits, forensic investigations and incident response.   Named a 2015 Power Broker for Retail by Risk and Insurance Magazine, Neeraj is a frequent speaker at a wide range of cyber events and conferences and also contributes on data privacy/security issues via social media and publications. Neeraj holds a Bachelor degree in Civil Engineering and Masters in Business Administration from Loyola University Chicago.

schibukJAMIE SCHIBUK is a Vice President and the national manager of the Miscellaneous Professional Liability & Cyber Department of Arch Insurance Group. His unit underwrites professional liability and network security and privacy coverage across various industry classes. His responsibilities include underwriting, strategy, product development and implementation, staff and portfolio management, quote authorization, financial budgeting and monthly reporting. Prior to joining Arch in 2009, Arch-logoJamie spent 4 years working for The Hartford where he worked in the Financial Services Department within the Hartford Financial Products unit. He has a MS in risk management from St. John’s University and a BA in economics and mathematics from Hamilton College.  He has also earned the Chartered Property Casualty Underwriter and Registered Professional Liability Underwriter designations.

JEREMY GITTLER is the Practice Leader and Head of Cyber Americas at XL Catlin.  He and his team coordinate and implement data breach response and crisis management services for XL Catlin insureds that have suffered a cyber-attack.  Jeremy and his team also evaluate coverage and draft detailed analyses pursuant to cyber, technology, media, and miscellaneous professional liability policies. He advises senior management, underwriters, brokers and insureds on coverage, litigation / dispute resolution strategies, and the business impact of lawsuits. He has spoken at XL_Catlin_logo_black_rgbnumerous conferences throughout the U.S. on Cyber Risk and Privacy Liability. Jeremy joined XL in 2012 after working six years in the Cyber / Technology / Media Liability claims group at AIG, where he rose to the position of Senior Complex Claim Director.  Prior to that, Jeremy was a litigator who practiced in both state and federal courts for one of the largest law firms in the U.S.  He graduated with honors from Emory University with a B.A. in History, and obtained his J.D. from Benjamin N. Cardozo School of Law. 

4:15 p.m. Cyber Physical Perils

OLIVER BREW (moderator) See above biography for this conference co-chair.

DAVID NAVETTA is a US co-chair of Norton Rose Fulbright’s data protection, privacy and access to information practice group. David focuses on technology, privacy, information security and intellectual property law. His work ranges from compliance and transactional work to breach notification, regulatory response and litigation. David currently serves as “breach coach” or is on the approved panel for numerous cyber insurance carriers and companies, and has helped dozens of companies across multiple industries respond to data security breaches.   David has enjoyed a wide variety of legal experiences over his career that have provided him with a unique perspective and legal skill set, including work at a large international law firm, in-house experience at a multinational financial institution, and an entrepreneurial endeavor running his own law firm.   Prior to joining Norton Rose Fulbright, David co-founded InfoLawGroup LLP, a law firm focusing on information technology, privacy, security and IP-related law. Under David’s leadership, InfoLawGroup was ranked as one of the top privacy and data security firms in the United States by Chambers USA in 2013 and 2014. David and InfoLawGroup successfully served a wide assortment of US and foreign clients from large Fortune 500 multinationals, retailers, hotels and restaurants, ubiquitous social media companies and sophisticated technology companies, to healthcare companies, financial institutions, name-brand traditional brick-and-mortar companies, NortonRoseFulbrightLogoenergy companies and start-ups.   David previously worked for over three years in New York as assistant general counsel for American International Group’s eBusiness Risk Solutions Group. While there, David analyzed and forecasted information security, privacy and technology risks, drafted policies to cover such risks, and worked on sophisticated technology transactions. David also engaged in commercial litigation for several years prior to going in-house, including working at the Chicago office of Sedgwick, Detert, Moran and Arnold, a large international law firm.   David is a Certified Information Privacy Professional through the International Association of Privacy Professionals. David previously served as a Co-Chair of the American Bar Association’s Information Security Committee and was also Co-Chair of the PCI Legal Risk and Liability Working Group. David also served as the Chairman of the ABA’s Information Security Committee’s Information Security Contracting & Risk Management Working Group. He has spoken and written frequently concerning technology, privacy and data security legal issues, and is frequently cited as an expert in the press and otherwise.

David_White_1David White is Founder and Chief Knowledge Officer at Axio — a cyber risk-engineering firm that helps organizations comprehensively manage cyber risk by harmonizing cybersecurity controls and cyber risk transfer. David works directly with many of Axio’s clients and is responsible for Axio’s frameworks and methods, including cybersecurity program evaluation, cyber loss scenario analysis, insurance program analysis, and benchmarking. David also leads Axio’s work with the insurance industry, where he supports insurers in underwriting complex cyber risk, data analysis, cyber exposure analysis, and new product development. Previouslyaxio-logo, David worked in the CERT Program at Carnegie Mellon, a cybersecurity research program primarily funded by the US Department of Defense and Department of Homeland Security. He provided technical leadership for a portfolio of cybersecurity maturity models, diagnostic methods, research, and training. David served as chief architect for the Electricity Subsector Cybersecurity Capability Maturity Model (ESC2M2), and supported the creation of the oil-and-natural-gas and industry-agnostic versions (ONG-C2M2 and C2M2). David co-authored the CERT Resilience Management Model (CERT-RMM) and was the chief architect for the Smart Grid Maturity Model (SGMM).

BRENT RIETH serves as the Western Region Team Leader for Aon’s Professional Risk Solutions practice, part of Aon’s Financial Services Group.  Brent is responsibAonLogo-bxle for the resources which support clients across the western region as they assess, quantify, and transfer risks related to Network Security and Privacy, Technology and Professional Services, and Intellectual Property. Brent has worked with companies to address exposure related to Network Security and Privacy, Technology and Professional Services, and Intellectual Property since 2007. Brent works with clients from a wide range of industry sectors as a risk advisor, placing coverage, and supporting clients throughout claims and data breaches.  Brent also is involved with public speaking engagements across the country related to E&O and Cyber related risks.

gail-arkin-3GAIL ARKIN is Senior Vice President and General Counsel of Berkley Cyber Risk Solutions (BCRS), a W. R. Berkley Company.  Her current responsibilities for BCRS include providing advice in the areas of regulatory compliance, distribution, corporate matters and product development.  Gail has over 20 years of insurance company claims, general counsel and management experience, and last held the position of Senior Vice President & Associate General Counsel in the financial lines division of another iberkleynsurer.  Her general counsel background includes development of cyber liability products, as well as management and professional liability products, and  providing general counsel services to the wholesale/MGU division of her prior employer.  Gail devotes much of her time to actively participating in insurance industry associations and cyber educational events, as well as pro bono services and mentoring programs.  Gail graduated from the University of Vermont with a BA in Economics, and from Rutgers School of Law with a Juris Doctorate.


Wednesday, October 19, 2016

8 a.m. Regulators Speak
ERNEST KOSCHINEG (moderator) is a partner and trial lawyer in the Philadelphia office of Cipriani & Werner.  He serves as chair of the firm’s life sciences practice group.  In this capacity, he focuses his practice primarily on the defense of medical, pharmaceutical and biotech companies as well as healthcare institutions and contract research organizations involved in personal injury and financial loss claims.  He has been designated national coordinating and trial counsel in matters involving cipriani & wernerdefibrillators, pain pumps, bone screws, clinical trials, OTC‘s, generic drugs, cold therapy products, dietary supplements, medical publishers, joint implants, cardiac devices, latex gloves, skin lasers, morcellators and blood related products. Mr. Koschineg has been designated lead counsel in a number of class actions and multi-district litigations.  His focus on the healthcare field has also allowed him to represent physicians and nurses alike in medical and psychiatric malpractice cases. The scope of his representation has involved both domestic and international corporations leading him to practice in over 50 jurisdictions in the United States and in Europe.

Mr. Koschineg is a member of the Information Privacy and Data Security Team. In this role, he advises clients on data protection practices and regulatory compliance. Specifically, he works with clients in the healthcare and life sciences sectors to identify and develop data protection plans, conduct vulnerability evaluations and counsels on mitigation strategy and remedies. He also is well versed in international e-discovery concerning privacy and data protection laws.


VICKI CHOU is an Assistant United States Attorney in the Cyber and Intellectual Property Crimes Section of the National Security Division of the United States Attorney’s Office in the Central District of California where she investigates and prosecutes federal cybercrimes arising from computer hacking, Internet fraud, identity theft, Internet piracy, theft of trade secrets, and the sale of counterfeited trademarked or copyrighted goods.  Prior to joining the Cyber Section, Vicki was a member of the Organized Crime Drug Enforcement Task Force Section where she prosecuted racketeering, drug trafficking, and international money laundering offenses.  She has tried a wide variety of cases to conviction, including access device fraud, child pornography, immigration fraud, and drug trafficking offenses.  She has also briefed and argued multiple appeals before the Ninth Circuit, including one where she obtained an affirmance of a district court’s imposition of keystroke monitoring as part of a defendant’s supervised release conditions.  Before she became an Assistant United States Attorney, Vicki was in private practice at Irell & Manella and Quinn Emanuel.  She also clerked for the Honorable Judge Robert E. Payne in the Eastern District of Virginia.  She is a graduate of Harvard Law School and Harvard College.

GENE FISHEL currently serves as Senior Assistant Attorney General and Chief of the Computer Crime Section in the Virginia Attorney General’s Office. In this capacity he directs prosecutions of computer fraud, identity theft, and child exploitation cases in state courts across Virginia, and serves as a Special Assistant United States Attorney in both the Eastern and Western Districts of Virginia where he prosecutes computer crime cases in federal court. He also va attorney generalmonitors organizations’ compliance with Virginia’s database breach notification laws, drafts legislation for the Virginia General Assembly, trains law enforcement and prosecutors statewide, and educates the public on issues involving computer crimes.   During his thirteen-year tenure, Gene has helped to draft and enact sweeping reforms to computer crime and child exploitation laws in Virginia, and has been involved in numerous novel and complex federal and state prosecutions, including the nation’s first, felony prosecution for spamming. In 2007, Gene was appointed as Senior Assistant Attorney General.   Prior to his time at the Attorney General’s Office, Gene served as law clerk for the Second Judicial Circuit in Virginia Beach, VA. He received his JD from Wake Forest University and his BA, magna cum laude, from James Madison University.

LISA KIM is a Deputy Attorney General in the Privacy Enforcement and Protection Unit of the Consumer Law Section at the California Department of Justice.  She enforces state and federal privacy laws, educates Californians on their rights and strategies for protecting their privacy, encourages businesses to follow privacy-respectful best practices, and advises the Attorney General on privacy matters.  Prior to joining the Attorney General’s office, she was a litigator at Reed Smith LLP in the areas of complex business litigation, data privacy, class action defense, legal calif DOJmalpractice, and products liability.  Lisa earned her B.A. magna cum laude from University of California, Los Angeles and her J.D. from University of California, Berkeley – School of Law.

 9 a.m. Breakout A – Professional Services Breach

STU PANENSKY (moderator) is a partner in the Red Bank, New Jersey office of Traub Lieberman Straus & Shrewsberry LLP and is a leader in the firm’s Cyber-Risk, Technology & Data Security practice group.  Stu provides legal services relating to cyber-risk including serving as breach counsel, third party defense counsel, attorney-directed risk assessments, first and third party cyber-claim management and technology errors and omissions.   Stu provides cyber-insuranceTraubLreibWhtSpace coverage opinions and counsels on all cyber-coverage issues including the representation of insurers in declaratory judgment actions.  Stu frequently lectures on cyber-risk and data breach issues and co-authors a chapter in Data Security and Privacy Law – Combating Cyberthreats (West Publishing, latest update published June 2015). Stu holds a Juris Doctor from Syracuse University College of Law.

david rockDAVID ROCK is an Assistant Vice President, North American Claims Group for Allied World Insurance Company. David is responsible for handling high severity errors and omissions (E&O) liability claims, with an emphasis on privacy and technology liability, media liability, lawyer liability, insurance agent liability, insurance carrier liability, and miscellaneous professional liability. Prior to joining Allied World, David was in private practice where he ran a general litigation law firm in Springfield, Allied WorldMedMassachusetts. His primary areas of practice were civil litigation and criminal defense. David graduated from Grand Canyon University in Phoenix, Arizona and earned his J.D. from Western New England University School of Law where he was a member of the Law Review. David is a member of the bar in the Commonwealth of Massachusetts, United States District Court District of Massachusetts, and United States Court of Appeals for the 1st Circuit. David is affiliated with many professional associations including the American Bar Association, CLM, PLUS, ALFA, and ACI.  David has spoken at several conferences on privacy and professional liability.


tim francisTIM FRANCIS As a Vice President, Tim Francis leads Travelers’ Business Insurance Management and Professional Liability initiatives. He also serves as the Enterprise Lead for Cyber Insurance. In this latter role, Francis has oversight of all of the company’s cyber product management, including products for businesses of all sizes, public entities, and technology firms. Francis has emerged in the insurance industry as one of the foremost cyber experts, having been quoted in Ttravelerslogohe Wall Street Journal, USA Today, Reuters, Insurance Journal, Property Casualty 360, Business Insurance, CNBC.com, and other premier media outlets. Additionally, he served as co-chair of the NetDiligence Conference and has spoken at numerous other conferences on the evolution of cyber risk and how businesses can protect against them. Francis also is an active member of the Professional Liability Underwriting Society (PLUS) and has served as Chairman of the Hartford Chapter. He is a participant in the Department of Homeland Security’s Cyber Incident Data and Analysis Working Group (CIDAWG), an ongoing private-public engagement that is examining how a cyber incident data repository could help meet the information requirements of insurers, CISOs, and other cybersecurity professionals.

Hardin-0406BILL HARDIN has worked on hundreds of forensic engagements in the areas of data breach and cyber incident response, theft of trade secrets, white collar crime, FCPA investigations, and enterprise risk management. Many of his cases have been mentioned in The Wall Street Journal, Financial Times, Forbes, and Krebs on Security, amongst other publications. With a background in finance, operations, and software development, he brings valuable insights to clients from multiple dimensions.   In addition to his CharlesRiver_logo_4Cforensic engagement assignments, Bill has served in numerous interim management roles for organizations experiencing disruption. He has assisted companies with various management consulting assignments pertaining to strategy, operations, and software implementations.  Mr. Hardin is a CPA/CFF, Certified Fraud Examiner (CFE), and a certified Project Management Professional (PMP). Mr. Hardin has spoken at numerous events on cybercrime, risk management, and strategy/operations consulting. He serves on the board for Legal Prep Charter Schools and is an adjunct professor at DePaul University in Chicago.

SHAWN MELITO is a Management Consultant and business unit leader for NPC’s Immersion Data Breach Response (DBR), a leading notification and call center service provider in the privacy and cyber insurance communities.  Shawn’s prior work experience incNPC Logo fka Immersionludes managing a Canadian breach response and identity theft services company, as well as Healthcare, Insurance Services and a contract with the Office of the Privacy Commissioner of Canada. Shawn is a certified information privacy professional (CIPP/US) through the International Association of Privacy Professionals (IAPP) and previous member of their Canadian Advisory Board.  He has presented on the topics of data breach, data security and identity theft at multiple IAPP, RIMS, NetDiligence, ACFE and the Institute of Internal Auditors events.  He was also featured on SiriusXM’s radio show, When Things Go Wrong.

Keegan copyCHRISTOPHER KEEGAN is Senior Managing Director and Cyber and Technology Practice Leader at Beecher Carlson in the Executive Liability Practice.  Chris places network, privacy, technology and media E&O insurance for a wide variety of companies including financial institutions, authentication providers, manufacturers, healthcare, retail and telecommunications companies.  Christopher has also executed Cyber Informbeecher carlsonation Risk Assessment projects and worked with regulators on evaluation of E-Business risks. Prior to joining Beecher, Christopher was a National Resource at Willis for Cyber and E&O and a leader of the Information Risk Advisory Practice at Marsh focusing on Privacy, Technology, Media, Network Intellectual Property and Professional Liability insurance products. Before joining Marsh, Christopher was Vice President at Zurich Reinsurance (North America) Inc., where he was instrumental in the development of the Zurich Re E-Commerce and technology reinsurance portfolio, advising the company with regard to infringements of intellectual property rights, breach of rights of privacy, electronic contracts, electronic signatures, trademarks, trade secrets, electronic attacks and electronic breaches of security.

Christopher is closely involved with the development of new insurance products designed to transfer electronic risk and is often asked to speak on these topics at seminars and functions throughout the United States and Canada. He has published a number of articles and books on privacy, intellectual property and technology. Chris is a Senior Research Fellow at the University of Maryland, Smith School of Business, assisting their efforts for the Department of Homeland Security and NIST in designing assessments for Cyber and technology risk.   Christopher graduated from Long Island University with a B.A. in English and a J.D. from Saint John’s University School of Law.

9 a.m. Breakout B – Cross-Border Data Breach Response

Ted AugustinosTED AUGUSTINOS (moderator)  is a partner of Locke Lord LLP, an international law firm in the US, UK and Asia.  He serves as a member of the Steering Committee of the firm’s Privacy and Cybersecurity Group, and leads its Breach Response Team.  Ted has counselled clients in numerous locke lordindustries, including financial services, healthcare, insurance, defense, retail, public utilities, professional services, and education.  He provides advice on collection, use and sharing of customer information, and breach preparedness and response. A graduate of St. Lawrence University and Boston University School of Law, Ted is a guest lecturer in the Boston College Master’s Program in Cybersecurity Policy and Governance, and former adjunct faculty member of The University of Connecticut School of Law.  Ted is a frequent speaker and writer on privacy and data security issues.  He is a Certified Information Privacy Professional accredited by the International Association of Privacy Professionals.

cameronALEX CAMERON  is a Partner with Fasken Martineau in Toronto, with a leading national practice in the areas of privacy, access to information and litigation. He has acted as lead counsel in a number of landmark privacy cases and before all levels of court, including the Supreme Court of Canada. Alex faskenassists clients in a wide range of sectors, including numerous Fortune 100 and Fortune 500 companies, in all aspects of privacy law and information security. He has acted as breach coach and counsel in numerous Canadian and international data breach matters, including in the retail, telecommunications, financial services, health, and e-commerce sectors.


BOBo Holland HOLLAND has delivered innovative technology solutions to enterprise companies for over twenty years. In 2004, Holland founded AllClear ID and currently serves as CEO. His team of expert consultants advises companies on the customer-facing aspects of data breach response, and provides the operational capacity to successfully respond to data breach events of any size.  Holland holds the patent for Instant Authorization, the underlying technology of the exclusive Alert Network (U.S. Patent No. 7,983,979).  AllClear ID has notified over 240 million consumers on behalf of Fortune 500 companies and government agencies, while offering the best service in the industry with a 94% customer satisfaction rating and 24 Stevie AwALLClearLogoards. Prior to AllClear ID, Holland was founder and CEO of Works, Inc., acquired by Bank of America in 2005. Works develops commercial payment solutions for large organizations and distributes the product through large financial institutions. Holland invented the technology that enables organizations to approve and control payments for operating expenses via credit cards. Prior to Works, Holland served as Director of Product and Marketing for Pervasive Software and was instrumental in taking the company public in 1997. Prior to Pervasive, Holland was employee 32 at Citrix Systems and key to developing the product strategy and distribution that laid the foundation for the company revenue growth to over $750 million in 2004.Presentation1

creasy-jamesJAMES CREASY  is Class Underwriter of the Cyber Division at Novae. James was previously Senior Underwriter of Financial Lines at AIG Cat Excess Liability, where he was responsible for the Professional Indemnity and Cyber book. Prior to this he spent three years at W.R. Berkley Insurance as a Professional Indemnity Underwriter. He also held roles at Berkley Re in Australia and Admiral Insurance Company in the USA.

Shannon GroeberSHANNON GROEBER provides a full range of brokerage placement and advisory services to clients across all industries with respect to cyber and E&O insurance. Shannon assists clients with identifying complex areas of risk through exposure identification and assessment, helps clients prioritize these areas of risk, and creates solutions to minimize the impact to their reputation and balance sheet through negotiation, structure and placement of insurance coverage, or alternate solutions. Shannon also provides claims guidance and assistance through the life of a claim, as well as contract language and vendor management consultation. Shannon has more than 13 years of experience in the insurance industry focused exclusively on complex cyber and E&O placements and related exposures including media liability, intellectual property JLTLogoinfringement and miscellaneous professional liability. Prior to joining JLT in 2014, Shannon was a Senior Vice President with Lockton’s Global Technology and Privacy Practice, offering clients customized solutions for their cyber and E&O needs. Before joining Lockton, Shannon spent seven years with Aon’s Professional Risk Solutions Group providing similar placement and advisory services. She also has nearly five years of underwriting experience, handling complex cyber and E&O programs with both CNA and Gulf Insurance. Shannon is a frequent panelist or contributor at various industry events, including RIMS chapter meetings and industry-specific conferences. Shannon obtained a Bachelor of Arts Degree from Gettysburg College.munich-re

rotharmel_thomas_n005070_x11DR. THOMAS ROTHÄRMEL is responsible for wording and legal issues on Munich RE’s Cyber Team in Munich, offering a vital 2nd-line of defense for all cyber insurance underwriting. With over 18 years of experience in casualty treaty and facultative reinsurance, Thomas has covered global markets from Europe to Asia to the Americas, specializing in a variety of casualty lines ranging from cyber liability and PI to D&O, medical malpractice and workers’ compensation. In Munich RE’s Cyber Team he consults business units and underwriters on a worldwide basis on product development, legal trends, pricing, accumulation management and underwriting strategies. Furthermore he is in charge of monitoring global legal and product trends in cyber insurance.  Thomas has studied law in Germany and Italy, specializing in international comparative law, and he holds a Master of Law from LMU in Munich. 

 10:30 a.m. Breakout A – Vendor Assessments

TimmelSPENCER TIMMEL (moderator) is a member of Hylant’s Executive Risk Practice. Spencer serves as the Network Security and Privacy Liability Specialist. He provides consultation and support to clients for these lines and other Executive Risk products. He has over a dozen years of Executive Risk industry experience working with all ownership structures in various industry classes. Spencer is regularly engaged with various organizations to speak on Network Security and Privacy Liability topics. Most recently, the National Bar Association, Association for Corporate Growth, FinancialhylantGroupSmallLogo Executives International, Risk & Insurance Management Society, Healthcare Financial Managers Association and the NetDiligence Privacy Liability Forum. Prior to joining Hylant, Spencer was an Executive Protection Underwriter for the Chubb Group of Insurance Companies and the Cincinnati Insurance Company. Spencer received his Bachelors degree in Business, Finance from Ohio University in Athens, Ohio and his Masters in Business Administration from Xavier University in Cincinnati, Ohio. Spencer is a Certified Identity Theft Risk Management Specialist (CITRMS) and is working towards his Certified International Privacy Professional (CIPP) designation.

vsakoreVINNY SAKORE is a former CTO of two Health IT companies and joined Verizon in 2011. He serves as Verizon’s HIPAA Security Officer and is also a member of the company’s Cyber Security Strategy and Risk team. Vinny Sakore has a bachelor’s degree from Penn State University and recently graduated from Strayer Univesity with an executive MBA.  He is an active member of both the International Association of Privacy Verizon enterprise solutionsProfessionals (IAPP) and the Healthcare Information Management and Systems Society (HIMSS). Vinny speaks nationally and internationally on topics ranging from Cyber Risk, Cloud Security, and HIPAA Security.   He is a regular presenter at organizations such as the Information Security Forum (ISF), International Association of Privacy Professionals (IAPP), Healthcare Information Management Systems and Society (HIMSS), NetDiligence and the Risk Information Management Society (RIMS).  He has been quoted in numerous publications including CSO Online, the Wall Street Journal, and Information Security Magazine. Vinny Sakore serves on a number of non-profit boards including the Central Pennsylvania HIMSS Chapter and Life Center Ministries International.

MalatestaJ.T. MALATESTA is the chair of Maynard Cooper’s Cybersecurity practice. He also leads the firm’s e-discovery practice. J.T. helps businesses develop cyber risk management and mitigation strategies, including the development and implementation of incident response plans, updating vendor management programs, and performing cybersecurity compliance audits. J.T. is a NetDiliegence® Breach Coach.  He guides clients maynard cooperthrough the immediate and necessary steps following a data breach, including incident response, data breach notification, regulator inquiries and, if necessary, civil litigation. He has represented a number of clients in data breach litigation, particularly in the financial services and insurance industries. J.T. is a frequent speaker on emerging issues in cybersecurity regulation and data breach litigation. He is one of a handful of lawyers from the across the country recently selected by the Sedona Conference to author an upcoming primer on data security. He is also members of Infragard, a public-private partnership between the FBI and the business community on cybersecurity, and the Sedona Conference Data Security and Privacy Liability Working Group.

mary beth borgwingMARY BETH BORGWING Mary Beth Borgwing is the President at LemonFish. LemonFish is a data breach discovery analytics company that monitors client data 365 days a year; externally on the open, deep and dark web and then finds where it came from internally. She brings decades of experience as a senior risk, finance, and insurance executive. Borgwing was the President of Cyber Risk Practice, and founded the Risk Network for Advisen, Ltd, a data technology company that focuses on data and risk analytics in the insurance industry. For 12 years prior to LemonFish, Mary Beth led senior risk teams as an advisor to Fortune 500 clients of Marsh (MMC) and Willis Group Holdings (WSH). During her career, Mary Beth LemonFishhas been a Chief Financial Officer at both Vigilant (sold to Deloitte), a SEIM security company, and Sentillion (sold to Microsoft), a single signon security technology company. She spent her early career in accounting, auditing, and compliance in the financial services sector. Mary Beth is a senior advisor to Eleven Canterbury in New York City, an international consultancy connecting technology and services firms to large Financial Services Corporations. She is the East Coast Steering Committee Chair of Cloud NOW (Cloud Network of Women), a Board Member of NYAIW (Association of Insurance Women), a frequent speaker on cyber risk at global cyber conferences and contributing author to many national cyber publications. Mary Beth has an MBA from Simmons Graduate School of Management, Boston, MA and a BSBA in Accounting Studies. She has served on the board of Financial Executive Institute of New England (FEI), as well as NYMISSA and The Forsyth Biomedical Research Institute. Mary Beth is an enthusiastic athlete and an avid networker.

Hannes Bio Pic copyMEGHAN HANNES is a member of the Product Team that manages underwriting strategy and product development for Technology, Network Security and Privacy Insurance products at AXIS Insurance.  Ms. Hannes has been with AXIS since Spring 2012 and most recently managed the AXISPro U.S. National Account practice, havingaxis a concentration on large account Tech/Cyber, Media & E&O underwriting appetite and strategy for the U.S. book of business. Formerly, Ms. Hannes was the chief program architect at a start-up organization; designing a cloud computing liability insurance program inclusive of base form policy language, rate/pricing engines, full playbook strategy and consumer & cloud applications. Previously, Ms. Hannes has also held various Technology, Network Security, Privacy, MPL and Media underwriting roles at The Hartford and The Chubb Corporation. Ms. Hannes holds a B.S. in Marketing from Miami University (OH) with a concentration in Management Information Systems and is a published author of several topics related to privacy risk and cloud adoption.  Ms. Hannes has also served as a member of the Risk Response Network at The World Economic Forum.

10:30 a.m. Breakout B – Security of Payments

CHRIS CALNON, moderator, serves as a Senior Vice President in Chubb’s Financial Lines Division and is the Chief Underwriting Officer for the Professional Liability Business Unit, a position he has held since November of 2013. Based in Los Angeles, he is responsible for managing growth, profitability and underwriting for all professional liability products offered by Chubb Financial Lines in the United States and Canada.

With more than 18 years of experience in the Professional and Cyber Liability space, Mr. Calnon joined Chubb (formerly ACE USA) from The Travelers in 2002, where he held an underwriting position within the Executive Liability Division, with a particular emphasis on underwriting all MaCHUBB_Logo_Orange_RGB (1)nagement and Professional Liability product lines. Early in his career, Mr. Calnon served as an Underwriter for American International Group (AIG) where he spent than 3 years underwriting various Professional Liability classes of business.

Mr. Calnon earned his Bachelor of Science degree in Business Administration and Bachelor of Arts in Economics from the University in Redlands.

DAVID HERRON is Executive Vice President and Chief Legal Officer at Hyperwallet. David is responsible for overseeing all company legal affairs as well as the regulatory compliance, government affairs, and risk functions of Hyperwallet’s global business. He manages a team of attorneys, compliance, and risk professionals who provide strategic legal and regulatory counsel and support to the business and its operations. In addition, David leads Hyperwallet’s enterprise risk management and insurance programs as important components of the company’s risk mitigation efforts.   David has spent over half of his nearly 20 year legal career building in-depth payments industry experience. He spent more than 12 years at Vantiv – the second largest payment processing company in the U.S. – serving as their senior strategic legal counsel responsible for multiple practice areas and support to its executive management throughout several significant corHyperwallet_logo_blueporate events including Vantiv’s separation from its parent company, IPO, and four major acquisitions totaling in excess of $3B.   Prior to Vantiv, David was Assistant General Counsel for International Total Services, Inc. and a partner in private practice in Cleveland, Ohio focusing on business planning and litigation management. David has a B.A. in Political Science from Miami University and J.D. from Case Western University School of Law.

DAVID MOLITANO Senior Vice President at OneBeacon Technology Insurance. David is responsible for OneBeacon’s Network Security and Privacy, Technology E&O and Media Liability lines of business. David’s extensive underwriting background includes one beaconunderwriting and Product Manager roles at Beazley, XL, Lexington, and Chubb. David received a Bachelor of Arts degree from Central Connecticut State University, and his Masters of Business Administration from Rensselaer Polytechnic Institute.


Dawn-Marie Hutchinson Optiv BioDAWN-MARIE HUTCHINSON Dawn-Marie Hutchinson brings 15 years of enterprise information technology experience to her role as an
executive advisor in the Office of the CISO at Optiv. She is an innovative business partner with extensive experience serving on Enterprise Risk Management teams. Hutchinson is an expert in providing data privacy and security solutions to manage information risk, improve IT governance and strengthen internal controls. Hutchinson’s extensive experience in information security and privacy program development hasoptiv
served the healthcare, insurance, retail and higher education sectors. While serving on the HITRUST working group for Data De-Identification, Hutchinson established standards and controls for the anonymization of patient level data and is credited with authoring the white paper for defining those levels, as well as use cases for the secondary uses of medical data. Additionally, she served on the HITRUST Privacy working group tasked with revising the HITRUST Common Security Framework to include additional privacy controls and the inclusion of NIST application recommendations. Prior to joining Optiv, Hutchinson was the chief information security officer at Comm Solutions and also led the information security program at Urban Outfitters, based in Philadelphia. Her tenure in information technology also includes work at Walt Disney World, Co., Banknorth Group, Inc., Independence Blue Cross and Protiviti. Hutchinson currently sits on the Cyber Security Canon Committee, was the recipient of the CRM Women’s Power 50 award and hold accreditations that include Certified Information Security Manager (CISM), Certified in Risk and Information System Controls (CRISC), Certified Information Systems Auditor (CISA) and former Payment Card Industry Qualified Security Assessor (QSA). She is also a 2013 Master’s of Business Administration graduate of the Saint Joseph’s University Haub School of Business.

is a Principal Consultant at Mandiant with over ten years of experience in the field of computer forensics and information security.  At Mandiant, Edward assists clients in the triMandiantage, investigation, and remediation of data breaches and other security related incidents.  Prior to Mandiant, Edward served as a Computer Forensics Consultant at Ernst & Young, where he provided digital forensics services for litigation and HR related matters.



11:30 a.m. Actuarial Risk Modeling

wurzlerJOHN WURZLER (moderator) leads OneBeacon Technology Insurance, a OneBeacon Insurance Group specialty business focused on the technology industry. In this capacity he is responsible for all insurance operations worldwide for technology, life science and medical technology, content providers and media businesses. Products include property-casualty as well as cyber coverages (information risk) tailored for the unique risks faced by these industries. Prior to joining OneBeacon, Wurzler’s career has been focused on the technology sector since the mid-90s, when he recognized the paradigm shift affecting traditional brick and mortar processes precipitated by the rapid advances in technology and the internet. one beaconHe embarked on extensive research and within two years, began a company that developed products insuring companies’ e-commerce and e-business models. In a short period of time, Wurzler and his company grew to be one of the leaders in a competitive global marketplace. Wurzler joined CNA in 2005, as a Vice President of the technology segment and the cyber team. He joined OneBeacon in 2010. Throughout his career, Wurzler has been published in The Industry Standard, CIO, Investor’s Business Daily, E-Commerce Business, Wall Street Journal and other journals. He authored Information Risks and Risk Management, 2013 and has coauthored several publications: Managing the Risks of Intangible Assets; 2009 and the ANSI Primer on Cyber Event Management in 2008. He is also a frequent speaker and panelist at technology and insurance conferences. 2008 Advanced Management Program, Kellogg School of Management, Northwestern University; 1978 MBA, Adelphi University – Finance; 1976 BA, St. Michael’s College – Business Administration.

Laux 2016_smallestJON LAUX  is a managing director with Aon Benfield and global leader of Aon Benfield’s Cyber Analytics practice.  Jon leads a global team of actuaries, consultants, predictive modelers and experts in catastrophe risk focused on helping insurers to grow in cyber insurance and to manage cyber risk effectively through the development of leading edge analytical tools, business intelligence, and advisory services.  This team manages the development of CyberMetrica, Aon Benfield’s probabilistic model for quantifying cyber accumulation risk. Jon has worked at Aon for 10 years and has held roles in three of Aon’s four business units.  Prior to his current role, Jon was a AonLogo-bxconsultant with Inpoint, the management consulting arm of Aon Benfield.  In that capacity, Jon helped insurance and reinsurance clients address concerns ranging from effective risk management to profitable growth, including in emerging risk areas such as cyber.  Jon has also worked as a Director in Aon Broking Global Operations, the team which oversees Aon’s global network of retail broking professionals; as a consultant to the Chief of Staff in the Office of the CEO for Aon plc, and in the Aon Benfield Analytics actuarial team.

Jon joined Aon in 2006.  He is a Fellow of the Casualty Actuarial Society, holds graduate degrees from Wright Graduate University and St. John’s College, and an a undergraduate degree in Mathematics from the University of Chicago.

RUSS COHEN Russ Cohen has been at Chubb for over eight years and is currently serving as the Director of Cyber and Privacy Services.  The responsibilities of Russ’s position include managing all policyholder services associated with Chubb’s Pre and Post Event Cyber Services, as well as supporting innovations in underwriting, data analytics and predictive modeling associated with enterprise cyber security risks.

Prior to this role, Russ spent seven years as Chubb’s own Global Enterprise Security Architect responsible for developing Chubb’s enterprise security architecture, strategies and methodology on cyber security.   Russ has over 15 years of cyber security and technology experience including:  an ethical ‘white CHUBB_Logo_Orange_RGB (1)hat’ hacker, a systems architecture consultant at a large pharmaceutical corporation and also a senior consultant at one of the largest software companies in the world.

Mr. Cohen graduated from Drexel University with a Master of Science in Information Systems.  He holds a CISSP certification and is an active member of various security organizations such as Infragard, ISC2, FS-ISAC and the Cloud Security Alliance.  He has also has experience teaching classes on ethical hacking to large corporations.

Jacobs_JayJAY JACOBS has over 15 years of experience within IT and information security with a focus on cryptography, risk, and data science. He is a Senior Data Scientist at BitSight Technologies, the Standard in Security Ratings, and prior to that he was the lead data analyst at Verizon and a co-author of the Data Breach Investigations Report. Jay is also the co-author of “Data Driven Security” a book covering data analysis and visualizations for information security, and a co-founder of the bitsightSociety of Information Risk Analysts. He is an active blogger, a frequent speaker, and a co-host on both the Risk Science podcast and Data Driven Security podcast. Jay can be found on twitter as @jayjacobs. He holds a bachelor’s degree in technology and management from Concordia University in Saint Paul, Minnesota, and a graduate certificate in Applied Statistics from Penn State.




ASHWIN KASHYAP Ashwin Kashyap is a Director of Product Management leading cyber risk modeling for insurers at Symantec. He has spent his entire career in technology, with his last five years focused on insurance. He is responsible for the creation and commercialization of market leading tools for measuring, managing and mitigating cyber risk for the insurance industry.  He is a domain expert in modeling symanteccomplex systems and has built new analytic products for catastrophic risk quantification. Ashwin has a Master’s degree in Electrical Engineering from the University of Michigan, Ann Arbor and is based out of San Francisco, California.



DeSilvaSANDRA DeSILVA is the Founder, Managing Director and Chief Software Architect at Nova, a Bermuda based software engineering company providing bespoke Nova_Logo_Smalldevelopment to the reinsurance and capital markets industry globally since 2006. She has participated in the systems architecture of a number of billion dollar reinsurance startups and has driven the innovation and execution of large enterprise software systems, including assisting global Silicon-valley start-ups intaking ideas from concept to market execution. Nova has a track record of successful long-term partnership and software development experience with reinsurance clients and the team has specialist expertise in Cyber Security data modeling.