Skip to main content

Cybersecurity 2014: Managing the Risk

Speaker(s): Adam Mattina, Charles E. Beard, Christine Ricci, Deane Davis, Emily Stapf, Erez Liebermann, Lisa J. Sotto, Paul M. Tiao, Samara N. Moore, Scott A. Kamber, Scott L. Vernick, Vincent Liu, Wayne Proctor, CISSP, CISA, CRISC
Recorded on: Sep. 10, 2014
PLI Program #: 51413

With experience in government and the private sector, Paul brings in-depth knowledge of cyber and physical security, internal investigations, law enforcement, and national security.

Paul is a partner in the firm’s Washington office. He co-chairs the firm’s multi- disciplinary Cyber and Physical Security Task Force and its Energy Sector Security Team. He assists clients from a wide range of sectors with security, law enforcement, electronic surveillance and privacy issues. Paul regularly advises companies on risk management, preparedness, cyber incident response, compliance, litigation, policy and legislation.

Prior to joining Hunton & Williams, Paul served as Special Counsel and then Senior Counselor for Cybersecurity and Technology to the Director of the Federal Bureau of Investigation. In that position, he advised the FBI Director on programmatic, policy and legal issues relating to cyber, counterintelligence and counter-terrorism. He also represented the FBI in senior-level discussions with other agencies, the White House, Congress, and industry.

Paul previously served on the US Senate Judiciary Committee as Counsel to the Senate Assistant Majority Leader, where he wrote legislation and provided  advice on criminal and national security issues. He is a former Assistant US Attorney in the District of Maryland. At the US Attorney's Office, Paul investigated and prosecuted cyber intrusions, intellectual property violations, white collar fraud, organized crime, drug trafficking, and violent crimes. He also served as the coordinator of computer hacking and intellectual property cases.

Paul began his career as a law clerk for the Honorable Mary Schroeder of the US Court of Appeals for the Ninth Circuit, and then served as a trial lawyer in the honors program of the Department of Justice Civil Rights Division. In between stints in the government, he was in private practice at a large law firm handling civil and criminal litigation matters involving complex technology.

Paul is an adjunct professor of cybersecurity law and policy at George Washington University, a guest lecturer on cybersecurity and privacy at various universities, and an instructor at the National Institute for Trial Advocacy. He is a member of the Virginia Cyber Security Commission, appointed by Governor Terry McAuliffe; a member of the Maryland Cybersecurity Council, appointed by Attorney General Brian Frosh; and Chair of the Montgomery County Criminal Justice Coordinating Commission, appointed by County Executive Ike Leggett.

Relevant Experience

  • Assisted energy, transportation, communications, financial, healthcare, and other companies in managing cybersecurity risk by restructuring the board of directors and executive committee to address cybersecurity, conducting inventories of sensitive data and networks, strengthening network security policies and practices, entering into collaborative information-sharing arrangements with private and public entities, strengthening the cybersecurity provisions in contracts with third-party vendors, updating incident response plans and toolkits, conducting table-top exercises, and reducing financial risk through insurance and the SAFETY Act.
  • Assisted critical infrastructure companies and defense contractors in responding to data breaches and cyber incidents, including supervising the digital forensics analysis, leading the internal investigation, analyzing state and federal breach notification obligations nationwide, engaging with the FBI, US Secret Service and other agencies, communicating with affected employees, preparing notice letters to affected individuals and state regulators, issuing public announcements, and responding to congressional inquiries.
  • Assisted one of the country’s largest utility electric utilities in responding to a white hat hacker that publicly disclosed a third party data exposure involving data regarding the utility’s operational assets, including negotiating with the hacker, engaging and overseeing digital forensics experts, taking action against the third party, assisting with interviews of employees and contractors; and advising on notifications and communications to employees, board members, state and federal agencies, the media, and pertinent industry partners.
  • Assisted a major electric utility company with the response to a ransomware attack on a generation facility.
  • Assisted major power grid company with the response to a significant insider threat, including engaging with the FBI, DHS, DOE, FERC, state regulatory agencies, and affected third parties, supervising the digital forensics analysis, leading the internal investigation, and managing communications with the public.
  • Provided extensive legal and operational advice to major energy, financial, transportation, and communications companies on cybersecurity information- sharing and collaboration opportunities with private sector groups such as ISACs and the NCFTA, and with public entities such as the FBI, Department of Homeland Security, Department of Energy, and NERC. Assisted in negotiating confidentiality agreements with these private and public entities.
  • Assisted energy and financial companies in negotiating the cybersecurity and privacy terms in contracts with major cloud and communications providers.
  • Advised leading financial institution on updates to information security policies, structure and content of table-top exercise, and improvements to security incident response plan.
  • Assisted major energy company in reorganizing its board of directors, executive committee, and management committee to address threats to cyber physical security.
  • Advised transportation company on the government’s law enforcement and counter-terrorism authorities relating to the protection of physical infrastructure.


  • Appointed Member, Virginia Cyber Security Commission, and Chair of the Commission’s Cyber Crime Working Group
  • Appointed Member and Chair, Montgomery County Criminal Justice Coordinating Commission
  • Appointed Member, Maryland Cybersecurity Council


  • U.S. Promotes Risk-Based Data Breach Response Model (Paul Tiao quoted), January 11, 2017
  • Obama Exit Memos Feature Cybersecurity; Trump Take Unclear (Paul Tiao quoted), January 9, 2017
  • 5 Ways Energy Cos. Can Limit Legal Fallout From Attacks (Tiao quoted),
  • Law360, October 14, 2016
  • Examining Newly Released Privacy and Security Guidance for the Fast-Driving Development of Autonomous Cars (Paul Tiao quoted), October 5, 2016
  • Examining Newly Released Privacy and Security Guidance for the Fast-Driving Development of Autonomous Cars (Tiao, Hutchins quoted), October 5, 2016


  • Privacy and Information Security Law Blog Update, February 3, 2017
  • Privacy and Information Security Law Blog Update, January 5,2017
  • Privacy and Information Security Law Blog Update, December 5, 2016
  • Privacy and Information Security Law Blog Update, November 2, 2016
  • Privacy and Information Security Law Blog Update, October 6, 2016


  • Co-author, Congress Surprisingly Passes Several Cybersecurity Bills, Law360, December 18, 2014
  • Co-author, Antitrust Guidance On Cybersecurity Reaffirms Old Approach, Law360, April 16, 2014
  • Author, Grid vulnerability leak threatens homeland security cooperation, Energy Daily, April 3, 2014
  • Author, National Security at Risk Thanks to Disclosure of Grid Vulnerabilities, Intelligent Utility Update, March 19, 2014
  • “How Can We Realistically Prep For A Cyber Attack?”: Paul Tiao’s Commentary on Nat Geo's Movie “American Blackout,” National Geographic TV Blogs, October 29, 2013


  • Webinar – Energy Sector Security: Supply Chain Cyber Risk Management, January 19, 2017
  • Speaker, Cybersecurity: U.S. and Global Legal Landscape, PLI’s Cybersecurity 2016: Managing Cybersecurity Incidents, September 20, 2016
  • Speaker, Cybersecurity Implementation Challenges: Electric Power in the Southwest, LSI Conference, August 11-12, 2016
  • Speaker, Cybersecurity Solutions: Framework/Datasharing, Howard County Chamber of Commerce GovConnects Cyber 7.0 Conference, June 22, 2016
  • Speaker, Energy Sector Security: Cyber Incident Response, June 16, 2016

Awards & Recognition

  • Recognized by The Legal 500 United States in Cyber Law, 2016


JD, Columbia Law School, Harlan Fiske Stone Scholar, 1995

MPA, Woodrow Wilson School for Public and International Affairs, Princeton University, Herman Somers Award, 1995

BS, Electrical Engineering and Premed, Massachusetts Institute of Technology, 1989


District of Columbia



Privacy & Information Security

Law Blog

Emily Stapf is a Principal in PwC’s Forensic Technology practice focused on incident response, threat management and cybersecurity strategy.  She co-leads PwC’s national Cybersecurity & Privacy Incident & Threat Management offering, and leads the Rockies Market for PwC’s Advisory services.

With 17 years consulting experience, Ms. Stapf helps commercial clients prepare for, respond to, and mitigate the impact of unplanned events involving sensitive information.  She leads investigations, assessments and special projects related to data breaches, privacy matters, cybercrime events, information security assessments, and IT system reviews using computer forensics and data analytics techniques; and helps clients navigate constituent notification, regulatory inquiry and litigation.

She has advised hundreds of corporate, government and law firm clients in healthcare, retail, industrial products, financial services, aerospace, technology, manufacturing and energy industries, and is well connected to PwC's global forensics network.

Ms. Stapf is a frequent speaker on the topics of cybercrime, data breach investigations and information risk management at IAPP, PLI, CSO, ABA and other forums.

Ms. Stapf has a Federal Top Secret clearance, is a Certified Information Security Manager and a Certified Fraud Examiner, and is an IAPP and ISACA member.

Samara Moore is the Chief Cyber Security Officer for the Office of the Under Secretary for Science and Energy, within the Department of Energy.  She recently completed a two year detail assignment with the White House National Security Council Staff, as the Director for Cybersecurity Critical Infrastructure Protection where she coordinated across the federal government and partnered with the private sector on efforts to strengthen cybersecurity for all critical infrastructure sectors. 

Prior to joining the White House, Mrs. Moore worked as the Senior Information Technology (IT) and Cybersecurity Advisor at the Department of Energy (DOE), focused on cybersecurity for the Energy Sector and managing public-private partnerships.  For nearly 5 years at DOE, she also led the cybersecurity program for internal Energy Program offices and played a key role in IT and cybersecurity governance for the DOE.  While at DOE, Mrs. Moore led the development of the Electricity Sector Cybersecurity Capability Maturity Model which is being used both domestically and internationally.  Prior to joining the DOE, Mrs. Moore worked as the Director of the Office of Management and Data Systems for the Occupational Safety and Health Administration, and for Deloitte Enterprise Risk Services. 

Mrs. Moore has worked as a consultant, systems engineer, and IT manager, and has performed security assessments, managed security operations and security planning for government agencies as well as private industry. Mrs. Moore received a bachelor’s degree from Virginia Tech in Accounting and Information Systems and a master’s degree from the George Washington University in Engineering Management Systems Engineering, where she is currently an adjunct professor.

Scott A. Kamber is the founding member of KamberLaw, the leading plaintiffs’ firm to focus on individual rights in the digital age.  Serving a global client base with lawyers across the United States, Mr. Kamber has led the successful resolution of dozens of high–impact litigations, including In re Blue Buffalo, Lane v. Facebook and in re Flash cookies. Currently, Mr. Kamber leads numerous litigations arising from various web technologies, wrongful use of deep packet inspection technologies, web-centric violations of Lanham Act, website accessibility and the rights of children on the internet. Mr. Kamber has extensive courtroom and trial experience.

Mr. Kamber’s efforts in Internet privacy rights began in the 1990s when he resolved what is believed to be the first Internet privacy case to recover a benefit for impacted class members. His interest in consumer rights and technology extends to new media, and he has led standard-setting litigations and resolutions involving digital rights management software for computer software, video games, and music. Mr. Kamber is a frequent speaker on these issues in the United States and abroad, of note He was a keynote speaker for the IAPP annual conference and a panelist at the International Conference of Data Protection and Privacy Commissioners where he spoke on the topic of coordinating private class actions with government enforcement. 

Mr. Kamber graduated cum laude from the University of California Hastings College of the Law in 1991 where he was Order of the Coif, Articles Editor for the Hastings Constitutional Law Quarterly and a member of the Moot Court Board. He graduated with University and Departmental Honors from The Johns Hopkins University in 1986. He is admitted to practice before the United States Supreme Court, the State of New York and the District of Columbia, as well as the United States Courts of Appeals for the Second, Eighth and Ninth Circuits, and several United States District Courts.

Scott L. Vernick is a partner with the national law firm of Fox Rothschild LLP, resident in its Philadelphia office. For eight consecutive years, Chambers USA has ranked him as a leading litigation attorney in Pennsylvania, and he was previously named a BTI Client Service All-Star.

Scott’s diverse national trial practice focuses on pharmaceutical, technology and intellectual property litigation for Fortune 500 clients, ranging from First Data Corporation and GlaxoSmithKline plc to Merck & Co., Inc. He represents clients in state and federal courts, as well as in arbitration forums, in commercial disputes regarding intellectual property, licensing and technology transfer agreements, trade secrets, restrictive covenants and unfair competition; software and hardware technology service agreements; merchant processing and electronic payments; mergers, acquisitions and corporate changes-of-control; government contracting and procurement; and commercial lending, FCRA, FDCPA and TIL.

Over the past decade, Scott has developed a particular fluency in the rapidly evolving field of privacy and data security. He routinely counsels multinational and mid-sized businesses on how to mitigate risk and overcome the challenges posed by the current state and federal enforcement environment. For several years, Scott has contributed to the “Combating Cyberthreats” section to West/Thompson Reuters’s Data Security and Privacy Law guide.

Scott spearheaded the creation of the firm’s Data Breach 411 iPhone app, which provides immediate access to state data breach notification statut¬es, as well as other pertinent resources. In addition, he serves as a contributor to the firm’s Privacy Compliance & Data Security Privacy blog.

As a recognized authority on privacy and data security, Scott is a sought-after media source on these issues and a frequent guest speaker. He has recently been featured in outlets including Forbes, CRAIN’s New York Business, The Wall Street Journal, USA Today, Inside Counsel,  Law360, NPR and The National Law Journal, and has appeared on “The O’Reilly Factor” and “Studio B with Shepard Smith.”

Scott earned his J.D., cum laude, from Georgetown University and his B.A. from Trinity College.

Vincent Liu (CISSP) is a Partner at Bishop Fox, a cyber security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. In this role, he oversees firm management, client matters, and strategy consulting.

Vincent is a recognized expert, having presented at Black Hat and Microsoft BlueHat. He is regularly cited by the press, and has been interviewed by media outlets like Al Jazeera and NPR. Vincent has also co-authored seven books including several industry best-sellers, such as: Hacking Exposed Wireless 1st and 2nd Edition; Hacking Exposed Web Applications 3rd Edition, and most recently Web Application Security: A Beginner’s Guide. Additionally, Vincent has contributed several features to Dark Reading. He serves as returning faculty at the Practicising Law Institute, and sits on the advisory boards for the University of Advancing Technology and the cyber security accelerator, Mod N Labs.

Prior to founding Bishop Fox, Vincent led the Attack & Penetration team for the Global Security unit at Honeywell International. Before that, he was a consultant with the Ernst & Young Advanced Security Centers and an analyst at the National Security Agency.

Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto is the managing partner of the firm’s New York office and chairs the firm’s top-ranked Global Privacy and Cybersecurity practice.  She also serves on the firm’s Executive Committee.  Ms. Sotto was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and was recognized by Chambers and Partners as a “Star” performer (the highest honor) for privacy and data security.  Ms. Sotto also is recognized as a “leading lawyer” by The Legal 500 United States for cyber crime and privacy and data security.  She serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. 

Ms. Sotto was named one of Ethisphere Magazine’s 2015 “Attorneys Who Matter,” listing attorneys who “have risen to the top,” and was named among The National Law Journal’s 2015 “Cybersecurity & Data Privacy Trailblazers” and “Regulatory & Compliance Trailblazers.”  She has been profiled in numerous publications including the Crain’s New York Business feature “Lawyer Goes Into the Breach” and the SC Magazine feature “Women of Influence.”  She also was featured as “The Queen of Breach” in an article by New York Super Lawyers Magazine.  Ms. Sotto is the editor and lead author of the legal treatise entitled Privacy and Data Security Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 

In 2014, Ms. Sotto was selected to represent the U.S. Chamber of Commerce to present a report, “Business Without Borders: The Importance of Cross-Border Data Transfers to Global Prosperity,” which the firm prepared in collaboration with the Chamber.  The two-day workshop was hosted by AmCham Indonesia and the U.S. Chamber of Commerce in Jakarta, Indonesia.  In addition, in 2012, Ms. Sotto was selected to advise the Serbian government on global data protection law and to draft the country’s data security and breach notification laws.  Her work in Serbia was sponsored by the USAID-funded Judicial Reform and Government Accountability Project.

Ms. Sotto is co-chair of the International Privacy Law Committee of the New York State Bar Association, chair of the New York Privacy Officers’ Forum, and former member of the Board of Directors of the International Association of Privacy Professionals.  Ms. Sotto received her J.D. from the University of Pennsylvania Law School, where she was an editor of the Law Review.  She received her B.A. from Cornell University, with Distinction in All Subjects.  She is admitted to practice in New York and the District of Columbia.

Charles E. Beard is a Principal in PWC’s Forensics practice where he specializes in supporting commercial concerns in the strategic application of technology to business designs, inherent duties and risks associated with operating in the digital economy, and investigations of computer and intellectual property crimes. With more than 25 years of experience, Mr. Beard supports corporate officers, their directors and counselors to identify practical solutions to the digital risk environments confronting their organizations as a result of emerging threat intelligence, contractual obligations, regulatory environments or investigatory events. Charles has been both a testifying and consulting expert witness, managed global P&Ls exceeding $400M annually, served as the Chief Information Officer of an $11B Fortune 300 Defense Industry company and leading that firms operational transformation. He was a founding member of the public-private partnership for threat information sharing for the US Defense Industrial Base and previously served as an officer in the US Air Force. Charles is a member of the Inova Health Care Services Board, was recognized by Consulting Magazine as one of the Top 25 consultants in the US in 2004 and a Top 50 Chief Information Officer by ExecRank in 2012.

Christine S. Ricci
Senior Counsel, Corporate Legal – Privacy and Data Protection
General Electric Company

Christine is an executive counsel in GE’s corporate legal department, supporting GE’s corporate IT Risk and Technology Solutions organizations and businesses on cyber related legal and compliance issues. In that role, she provides advice and counsel on threat management, cyber incident management, regulatory compliance, and contractual interpretations; analyzes cybersecurity legislation and regulatory issues to ascertain potential impacts on GE; and manages existing agreements and relationships with government organizations pertaining to cybersecurity. Christine is responsible for leading the company’s government relations and industry initiatives, including coordination of GE’s position, on emerging cyber legislation and regulation. She is also a government contracts expert, previously serving as a senior counsel in the GE Aviation Legal Operation supporting GE Aviation’s Military Systems Operation and Government Business. Prior to joining GE, Christine held positions at Xerox Corporation, the Department of Defense General Counsel’s Office, the Department of Justice, and in private practice in DC. She graduated from James Madison University and Catholic University Columbus School of Law.

As Director of Information Security and IT Risk Management, Wayne Proctor has global responsibility for the UPS information security program. His key responsibilities include: strategy, architecture, security operations, IT risk management, policy, awareness, forensics, compliance and IT business continuity.

Wayne has more than 20 years of IT management experience with fourteen years in Information Security leadership positions. Prior to joining UPS, Wayne held CISO positions in: Bank of the West, First Data USA, Certegy and BellSouth International.

Wayne is a nationally-recognized information security professional. He is an active member of several information security organizations including: ISACA, ISC2, InfraGard, and is an executive member of the ISSA CISO organization. He has spoken at National InfoSec events and has been quoted in a variety of industry magazines. He received a BS in Computer Science in 1988 and his MBA in 2008.

Deane is a Director within Delhaize America’s Information Security Office. He has twenty years of information technology and security experience including seven years of security consulting for PricewaterhouseCoopers (PWC). Deane currently oversees Delhaize America’s Threat and Vulnerability Management teams and their Cybercrimes and Incident Response teams.

Deane has significant experience in security architecture, security operations, and cybercrimes incident response. He has worked with companies in the manufacturing, technology, financial services, retail, utilities, and insurance industries. His recent industry experience extends to retail where he is involved in various regulatory compliance requirements including Payment Card Industry (PCI) and Healthcare Insurance Portability and Accountability Act (HIPAA).

Deane obtained is B.A. Information Technology from American InterContinental University where he graduated Summa Cum Laude. Early in his career he obtained several certifications in the technology industry such as a Cisco Certified Network Associate (CCNA), Microsoft Certified Solutions Expert (MCSE) and a Microsoft Certified Trainer (MCT).

Deane is a current member of Information Security Forum (ISF) and Retail Cyber Intelligence Sharing Center (R-CISC).

Erez leads the Corporate Investigations Division (CID) at Prudential Financial.  The Corporate Investigations Division consists of attorneys and investigators responsible for all investigations relating to internal and external fraud, regulatory matters, employee misconduct, and sales practice. CID also includes the High Technology Investigations Unit whose responsibilities include cyber crimes, privacy breaches, intellectual property theft, E-Discovery production, and computer forensics.

Prior to joining Prudential Financial in February 2014, Erez spent 10 years as a federal prosecutor.  He served as Deputy Chief of the Criminal Division at the U.S. Attorney’s Office, District of New Jersey, and Chief of the Computer Hacking and Intellectual Property Section. In that role, Erez oversaw the white collar units, including Economic Crimes, Computer Hacking and Intellectual Property, National Security, Healthcare and Money Laundering. Erez was the lead prosecutor on numerous cyber, securities, and fraud matters, including United States v. Drinkman, the largest data breach investigation and prosecution to date, involving the theft of over 160,000,000 credit and debit card numbers.  Albert Gonzalez was sentenced to 20 years for his role in the conspiracy.  Erez is the recipient of the 2010 Attorney General’s Award for Distinguished Service and numerous awards from the Director of the Federal Bureau of Investigations.

Erez teaches Cybercrime Law at Rutgers University School of Law-Newark, and is a frequent lecturer on cybercrime, privacy, and fraud.  He graduated from the University of Virginia with a degree in Aerospace Engineering.  He received his law degree from Columbia University Law School. 

Mr. Mattina is the Head of Insider Threat Management at The Blackstone Group. The Information Risk and Security Group at Blackstone is charged with protecting the firm’s corporate intellectual property. Prior to his current role, he managed recruitment, training and operations of a global team of the foremost information security experts within the United States Department of Defense.  Mr. Mattina has designed strategic planning and data aggregation tools to solve large-scale organizational problems.  He is a trusted advisor on topics of risk assessment, emerging technologies and data analytics.  Previously, Mr. Mattina was a Senior Sales Engineer for Asigra Inc., the first company to provide cloud backup and recovery software for managed service providers. From 2005 to 2008, Mr. Mattina managed data center operations of a hosting provider and conducted network optimization, design and security consulting for small to medium enterprise clients in several vertical markets. Mr. Mattina graduated with honors from the Rochester Institute of Technology, earned an MBA at George Washington University and is the appointed Chair of Computer Services for a national non-profit organization. He is an adjunct Professor at Stevenson University in the graduate program for Cyber Forensics, a Certified Information Systems Security Professional (CISSP) and has held various vendor-specific certifications.