2017 CyberSecure
8:00 am - 8:30 amBreakfast & Registration
8:30 am - 9:30 amOpening Address: The New Realities of Post-Breach Crisis Management
Speaker: Kathleen McGee, Internet and Technology Bureau Chief, Office of the Attorney General of the State of New York
9:30 am - 10:30 amMorning Keynote: Trends & Priorities to Manage the Cyber Frontier - CLOSED TO PRESS
Speaker: Richard T. Jacobs, Assistant Special Agent in-Charge, New York Cyber Branch, FBI
10:30 am - 11:15 amNetworking Break
11:15 am - 12:15 pmRegulatoryRisk ManagementIndustry and Technical
The Year in Data Breach and Privacy Litigation
Moderator: Sam Rubin, Vice President, The Crypsis Group
Speaker: Travis LeBlanc, Partner, Boies Schiller Flexner LLP
Speaker: Linda Clark, Chief Data Security Counsel, RELX Group
Speaker: Heidi Salow, Chief Privacy Officer, Leidos

With data breaches becoming more commonplace the occurrence of litigation has spiked. Whether it be class action or vendor breach of contract litigation, the loss or misuse of proprietary information can lead to a serious disruption in delivery of products and services. This session will cover how to effectively partner with outside counsel during litigation and the key factors to consider during breach reporting, disclosure notifications, insurance claim submission and restoration of services.
Integrating Periodic Risk Assessment to Avoid Becoming the Next Target of a High-Profile Cyber-Attack
Moderator: Eric Hodge, Director of Consulting, CyberScout
Speaker: Ronald N Sarian, Vice President & General Counsel, E-Harmony Inc
Speaker: Justin Castillo, Head of Legal, BT Americas
Speaker: Ashok Marin, Vice President, Compliance & Chief Privacy Officer, Mallinckrodt Pharmaceuticals

Many cybersecurity regulation updates, such GDPR and those issued by NYDFS now require formal risk assessment. While this may add to the workload, identifying your company’s weak spots during the assessment period will help inform data security initiatives to reduce your chances of experiencing a major cyber-attack. This hour will cover how to integrate, in real-time, assessment findings into existing security programs, and highlight some of the major regulatory consequences when failing to address security threat discoveries.
Mitigating Cybersecurity Vulnerabilities in Your Supply Chain
Moderator: Jennifer Archie, Partner, Latham & Watkins LLP
Speaker: Ryan Lobato, Corporate Counsel, ExxonMobil
Speaker: Holly Brady, Senior Counsel, Altria Client Services
Speaker: Buck De Wolf, Vice President, Chief Intellectual Property Counsel & General Counsel, GE Global Research
Speaker: Nicole Eagan, CEO, Darktrace

Companies are improving their supply chain through the use of interconnected technologies, but with increased interconnectivity comes increased cyber risk. This panel will highlight the importance of specific checklist items to consider and address for secure interconnected relationships, including:

• Vendor access to a company's internal system

• Network segmentation

• Vendor selection, guidelines, standards and controls, including required reporting and validation of performance

• Password and monitoring safeguards, policies and practices

• Insider threat training, both intentional and unintentional

• Audit programs to monitor security protocols within the company and at supply chain vendors
12:15 pm - 1:30 pmLunch
1:30 pm - 2:30 pmRegulatoryRisk ManagementIndustry and Technical
Deep Dive of the NYDFS Cyber Security Regulation Update: How to Ensure Compliance
Moderator: Mark Sangster, Vice President and Industry Security Strategist, eSentire Inc.
Speaker: Monique Ferraro, Cyber Counsel, The Hartford Steam Boiler
Speaker: Alexander Greenberg, Head of IP & Cybersecurity Legal, Americas, Barclays
Speaker: Paul Caulfield, Chief Risk & Compliance Officer, Israel Discount Bank

This session will offer a timely discussion of NYDFS’ new cyber security provisions and upcoming deadlines to prove compliance. Panelists will offer guidelines for small to mid-sized organizations on how to prove compliance in time with limited resources and budget. This panel will also explore the potential impact on organizations who fail to meet the new requirements issued by NYDFS.
Revamping Employee Cybersecurity Policies and Training to Mitigate Legal Risks
Moderator: Scott Petry, Co-Founder & CEO, Authentic8
Speaker: Daniel Pepper, Vice President & Deputy General Counsel, Comcast Corporation
Speaker: Adam Rubin, General Counsel, PrizeLogic
Speaker: Allen Brandt, Executive Director, Associate General Counsel & Chief Privacy Officer, Depository Trust & Clearing Corporation

Balancing employee monitoring with privacy concerns can be very challenging. This session will look at the specific privacy issues to consider when constructing your employee monitoring policies. Learn the importance of reviewing other company policies, implementation of technological safeguards (such as encryption), incident response guidelines, employee training, remote working rules and rules covering data ownership. Panelists will also dive into the approaches to help reduce the risk of data theft and highlight the dangers of utilizing corporate supplied devices.
Practicing Good Data Hygiene to Effectively Manage Data Security in eDiscovery
Moderator: Zach Warren, Editor-in-Chief, Legaltech News, ALM Media
Speaker: Brian Corbin, Vice President & Assistant General Counsel, JPMorgan Chase
Speaker: Farrah Pepper, Executive Counsel - Discovery, General Electric Company

Breaches in data security during e-discovery can lead to spoliation claims by opposing counsel. With new requirements for secure data disposal and increased responsibilities for all across the organization, in-house counsel can’t solely rely on law firms and vendors to ensure data integrity. This session will cover how to improve data management internally to document an unbroken chain of custody during litigation, and guidelines during eDiscovery for your vendor and outside counsel.
2:30 pm - 2:45 pmSession Rotation
2:45 pm - 3:45 pmRegulatoryRisk ManagementIndustry and Technical
GDPR: The Rush for Compliance and Moving the Needle on Your Company’s Cybersecurity Culture - CLOSED TO PRESS
Moderator: Daniel K. Alvarez, Partner, Willkie Farr & Gallagher LLP
Speaker: Kimberly Goldberg, Assistant General Counsel, Horizon Blue Cross Blue Shield of New Jersey
Speaker: Alfredo Della Monica, Vice President & Senior Counsel, American Express
Speaker: Farah Zaman, Senior Global Data Privacy Counsel, Colgate-Palmolive
Speaker: Allison Dodd, Senior Counsel, The WhiteWave Foods Company

With the onset of GDPR quickly approaching, now is the time for multi-national companies to pause and revisit their planned action to meet the requirements of GDPR. This session will cover the key steps that will ensure your organization is free from costly penalties; including review of privacy notices, evaluation of your detection and data breach reporting procedures, and how to handle data access requests. Leave this session understanding how an updated compliance program that falls in line with GDPR can move the needle on companies’ cybersecurity culture.
The Emergence of Ransomware - Emergence and Prevention
Moderator: Eric Hodge, Director of Consulting, CyberScout
Speaker: Dr Christopher Pierson, Chief Security Officer & General Counsel, ViewPost
Speaker: Christopher Frenz, Director of Infrastructure, Interfaith Medical Center
Speaker: Afzal Khan, Vice President, Global Head of IT Security, Risk Management & Compliance, Everest Reinsurance Company

Many high-profile law firms and large corporations have been in the spotlight recently due to far-reaching ransomware attacks. Hear first-hand some of the blind spots and key takeaways that speak to improving early detection efforts and effective crisis management strategies. This session will also examine the benefits of cyber liability insurance and what’s missing in your policy to help mitigate the effects of a ransomware attack.
Protecting PII—Balancing Data Security and Global Privacy Laws
Moderator: Jay Johnson, Partner, Jones Day
Speaker: Orrie Dinstein, Global Chief Privacy Officer, Marsh & McLennan Companies, Inc.
Speaker: Carrie Parikh, Vice President, Legal, Wyndham Hotel Group
Speaker: Hugo Teufel, Senior Counsel, Raytheon Company

Cyber criminals are attacking companies in unprecedented numbers and levels of sophistication, targeting all manner of data, whether it is financial data, PII, critical infrastructure or employment data nothing seems to be off limits. As companies seek to increase their monitoring of their systems and their users they are increasingly bumping up against constraints from increasingly strict privacy laws that pose real challenges to deployment of solutions like DLP tools anomalistic behavior driven tools. This session will cover some of the key privacy law elements that challenge the security tools and discuss strategies to balance between the two in order to allow companies to protect their data troves against the threats.
3:45 pm - 4:30 pmNetworking Break
4:30 pm - 5:30 pmRegulatoryRisk ManagementIndustry and Technical
Building Holistic Compliance Strategies to Navigate the Complexities of State, International and Federal Regulations - CLOSED TO PRESS
Moderator: Lori Nugent, Shareholder, Greenberg Traurig, LLP
Speaker: Catherine Mulrow - Peattie, Lead Counsel Enterprise Security Solutions, MasterCard
Speaker: Annmarie Giblin, Senior Counsel, Cyber Liability Attorney, Chubb

With more states issuing cybersecurity regulations and the upcoming onset of GDPR, keeping track of all the varying requirements and deadlines can become overwhelming. For multinational companies that operate in various states and abroad, hear about what to consider when trying to simultaneously ensure compliance with multiple agencies and regulations such as the EU’s NIS Directive and the latest NYDFS cybersecurity provisions. Learn what questions to ask and the benefits of working with cross-functional team members to construct and implement a compliance program that adheres to all regulation changes.
Strengthening your Data Security: Third Party Vendor Risk Classification and Screening
Moderator: Ian Lopez, Senior Technology Editor, ALM Media
Speaker: Kevin Fumai, Managing Counsel, Oracle America, Inc.
Speaker: Michael Avalos, Assistant General Counsel, AIG Insurance
Speaker: Jordan Thompson, Associate General Counsel & Chief Privacy Officer, New York Institute of Technology

By making sure your vendors comply with federal and state regulations, you avoid costly fines, disruption to your operation of business, and reduce the number of vendor-sourced data breaches. Learn some of the key factors to consider before screening vendors and how to classify vendor risk. Discussion will cover how to determine risk appetite, the hallmarks of a solid vendor vetting process, including developing and analyzing vendor questionnaires, establishing scope of services and supporting documentation from vendors.

Protecting your IP & Patents from Cyber Threats
Moderator: Jarno Vanto, Shareholder, Polsinelli LLP
Speaker: Moshe Malina, Director & Chief Patent Counsel, Citi Group
Speaker: Keir Loiacono, Lead In House Counsel & Director of Intellectual Property, Advaxis, Inc

A surge in cybersecurity patent litigation involving large corporations has led to heightened concern among in-house counsel from small and mid-sized companies. In this hour panelists will discuss the hallmarks of a comprehensive plan that protects company patents and trade secrets: agreements and procedures that establish document protection, prioritization of trade secret vulnerabilities, creation of third party data management procedures, implementation of employee training and monitoring policies. Also hear about the latest technology used to safeguard patents and trade secrets and how to reassess your cyber insurance policy to ensure your IP is protected.
5:30 pm - 6:30 pmCocktail Reception

8:00 am - 8:30 amBreakfast & Registration
8:30 am - 9:15 amOpening Address: Cyber-Physical and Other Growing Threats to Critical Infrastructure
Speaker: Christopher C. Krebs, Senior Official Performing the Duties of Under Secretary National Protection and Programs Directorate, Department of Homeland Security
9:15 am - 10:00 amMorning Keynote: Building Organizational Resiliency to Deal With Data Breaches
Speaker: Eric Friedberg, Co-President, Stroz Friedberg LLC
2017 has seen many high profile cyber incidents occur, and the reality of 'it's when, not if' is finally setting in. This keynote address will explore how to identify and prioritize critical action steps to close the gap on risk assessment, oversight and breach response plans, then accelerate your path to resiliency.
10:00 am - 11:00 amBenchmarkingCrisis ManagementData Governance
Data & Trends: Challenges at the Intersection of Cybersecurity and Legal Services
Moderator: Daniella Isaacson, Senior Analyst, ALM Intelligence
Speaker: Steve Kovalan, Senior Analyst, ALM Intelligence
Speaker: Alan Brill, Senior Managing Director, Cyber Security & Investigations, Kroll
Speaker: Kevin Fumai, Managing Counsel, Oracle America, Inc.

Recent breaches at top law firms have led many to question whether law firms are up to the task of ensuring confidentiality in an era of free-flowing digital information networks. At the same time, the resignation of Yahoo’s general counsel amid accusations its legal team failed to properly respond to a 2014 breach has brought the issue of data security to the doorstep of corporate law departments

In this session, ALM Intelligence analysts will discuss the state of the legal services sector in the age of ever present cybersecurity threats. Drawing on ALM Intelligence’s latest surveys of corporate law departments and law firms on the topic of data security, the presentation will give attendees an inside look at the challenges at the intersection of cybersecurity and legal services

Speaking a Common Language with your C-Suite when Setting Risk Responsibility Across the Organization
Moderator: Harriet Pearson, Partner, Hogan Lovells
Speaker: Andrew Tannenbaum, Cybersecurity Counsel, IBM
Speaker: Elise Houlik, Associate General Counsel, Fannie Mae
Speaker: Marc Berger, General Counsel, FlatIron Health
Speaker: Roger O'Sullivan, General Counsel, Corporate Secretary and Chief Privacy Officer, Cogstate

Cyber risk and overall business performance are becoming increasingly more interdependent. As a result, effective cyber risk management includes awareness at the C-suite level. This panel will present some of the key questions to discuss with your C-Suite during evaluation of your company’s cyber risk programs/policies and provide strategies for setting risk responsibility at various levels across the organization. Leave this session with guidelines for how to establish a common language between organizational members to effectively discuss crisis response and how to engage external stakeholders during risk mitigation.
The Cloud and your Database: Rethinking Data Governance
Moderator: Alan Raul, Partner, Sidley Austin LLP
Speaker: Lawrence Montle, Chief Information Security and Privacy Officer, New York State Insurance Fund
Speaker: John Whiting, Chief Security Officer, DDB

This panel will dive into how to tackle some of the most common threats to your database security, including multiple access points to data on the cloud, privilege abuse, limited security education for all employees, generating security audit reports and lack of clearly defined remediation efforts post breach.
11:00 am - 11:30 amNetworking Break
11:30 am - 12:30 pmBenchmarkingCrisis ManagementData Governance
Cyberinsurance Tune Up—Reassessing Your Policy
Moderator: Shawn Moynihan, Editor-in-Chief, National Underwriter, Property & Casualty
Speaker: Dan DeLoof, Underwriting Specialist - Cyber, Tech, Media & Specialty PI, Allianz Global Corporate and Specialty
Speaker: Gregory Vernaci, Head of Cyber, US & Canada, AIG
Speaker: Laura Rieben, Director, Privacy, Independence Blue Cross

How often do you reassess your cyber insurance policy? This session will address new categories of risk when revisiting your policy and what to consider with regard to third party risk coverage. Hear from cyber liability underwriters on what they assess when creating your premiums and policy limitations, and how to prove actual injury for a successful claim.
The Hacking Update
Moderator: Brandon Graves, Associate, Baker & Mckenzie LLP
Speaker: Robert Sheldon, Director of Government Technology Strategy, CrowdStrike

Larger companies are being proactive in the fight against cybercrime and using Dark Web threat intelligence to help inform both their prevention and incident response playbook. This conversation will cover monitoring strategies to alert your organization to planned adversary attacks and take a deep dive into the latest adversary techniques to help your organization stay on top of prevention strategies.
What You Need to Know about IoT, AI and the Blockchain: Buzz Words Demystified
Moderator: Michael Hazzard, Partner, Jones Day
Speaker: Richard Timbol, Head of Cyber Security, Davis Polk & Wardwell LLP
Speaker: Khurram Nasir Gore, Associate General Counsel, Verizon Media & Telematics
Speaker: Karl Schoen-Rene, Director of IT Security, Knights of Columbus

There will be roughly 24 billion IoT devices connected to the Internet by 2020, according to a Business Insider Intelligence Report. What’s on the horizon for efficient data security in the midst of heightened interconnectivity? Many of the larger banks are testing Blockchain as a way to prevent threat actors from carrying out an attack and reduce office spending on data breach response. Similarly, AI is being discussed as a long-term cost and time saver; potentially turning to AI to sift through numerous security incident logs. This panel will talk about what’s new in the area of IoT network security and the benefits of AI behavioral analysis and Blockchain.
12:30 pm - 1:30 pmStrolling Lunch in the Exhibition Hall
1:30 pm - 2:30 pmBenchmarkingCrisis ManagementData Governance
Benchmarking your Cyber Resiliency
Moderator: Jim Halpert, Partner, DLA Piper
Speaker: David Kessler, General Counsel, McAfee Public Sector LLC
Speaker: Brent Kidwell, Chief Information Security Officer, Jenner & Block LLP
Speaker: Roy Zur, CEO, Cybint Solutions

The growing sophistication of cyber-attacks are forcing companies to reshape their strategies for becoming cyber resilient. Hear about the latest protection against ransomware, the benefits of cyber insurance and what questions to ask when implementing new strategies to bounce back. This session will cover the benefits of integrating encryption, IoT network security, and a multi factor authentication process to protect your network and devices in the office.
Stress Testing your Crisis Management - CLOSED TO PRESS
Moderator: Kimberly Peretti, Partner, Alston & Bird LLP
Speaker: David Peach, Chief Information Security Officer, The Economist Group
Speaker: Jonathan Wright, Chief Legal Officer & General Counsel, QPharma, Inc
Speaker: Gary Lieberman, Head of Information Security Governance, Lazard Frères & Co. LLC

When confidential information/sensitive data is leaked your company can experience a serious blow to its credibility and consumer base. Swift action is key to preventing a negative impact to your company’s financial earnings. Hear about the lessons learned from table top exercises and other incident response simulations. Leave this session with tips for conducting an incident response stress test, how to best partner within the organization to apply lessons learned, and the importance of comprehensive training.
Enforcing Third Party Vendor Compliance
Moderator: Andy Roth, Partner, Cooley LLP
Speaker: Noga Rosenthal, Chief Privacy Officer, Epsilon
Speaker: Catherine Castaldo, Global Chief Privacy Officer, Nuance Communications
Speaker: Patrice Brusko, Senior Vice President, US Chief Privacy Officer, TD

Strengthening your compliance risk strategy means full management of your third party vendor’s activities. Now more than ever companies are being held accountable for all customer data mismanagement. Learn about structuring vendor contract deliverables (including penalties for not abiding by certain regulations) to help enforce third party data security compliance. This panel will also discuss how to monitor vendor processes and the importance of assessing third party’s employee training.