Skip to main content

Cybersecurity 2014: Managing the Risk


Speaker(s): Adam Mattina, Charles E. Beard, Christine Ricci, Deane Davis, Emily Stapf, Erez Liebermann, Lisa J. Sotto, Paul M. Tiao, Samara N. Moore, Scott A. Kamber, Scott L. Vernick, Vincent Liu, Wayne Proctor, CISSP, CISA, CRISC
Recorded on: Sep. 10, 2014
PLI Program #: 51413

Emily Stapf is a Principal in PwC’s Forensic Technology practice focused on incident response, threat management and cybersecurity strategy.  She co-leads PwC’s national Cybersecurity & Privacy Incident & Threat Management offering, and leads the Rockies Market for PwC’s Advisory services.

With 17 years consulting experience, Ms. Stapf helps commercial clients prepare for, respond to, and mitigate the impact of unplanned events involving sensitive information.  She leads investigations, assessments and special projects related to data breaches, privacy matters, cybercrime events, information security assessments, and IT system reviews using computer forensics and data analytics techniques; and helps clients navigate constituent notification, regulatory inquiry and litigation.

She has advised hundreds of corporate, government and law firm clients in healthcare, retail, industrial products, financial services, aerospace, technology, manufacturing and energy industries, and is well connected to PwC's global forensics network.

Ms. Stapf is a frequent speaker on the topics of cybercrime, data breach investigations and information risk management at IAPP, PLI, CSO, ABA and other forums.

Ms. Stapf has a Federal Top Secret clearance, is a Certified Information Security Manager and a Certified Fraud Examiner, and is an IAPP and ISACA member.


Paul Tiao is a partner in Hunton & Williams LLP’s Global Privacy and Cybersecurity Group, resident in the Washington D.C. office. He co-chairs the firm’s multi-disciplinary Cyber and Physical Security Task Force and its Energy Sector Security Team. He assists clients from a wide range of sectors with cybersecurity, law enforcement, electronic surveillance, and privacy issues. Paul regularly advises companies on risk management, preparedness, cyber incident response, compliance, litigation, policy and legislation. 

Prior to joining Hunton & Williams, Paul served as Special Counsel and then Senior Counselor for Cybersecurity and Technology to the Director of the Federal Bureau of Investigation. In that position, he advised the FBI Director on programmatic, policy and legal issues relating to cyber, counterintelligence and counter-terrorism. He also represented the FBI in senior-level discussions with other agencies, the White House, Congress, and industry.

Paul previously served on the US Senate Judiciary Committee as Counsel to the Senate Assistant Majority Leader, where he wrote legislation and provided advice on criminal and national security issues.  He is a former Assistant US Attorney in the District of Maryland. At the US Attorney's Office, Paul investigated and prosecuted cyber intrusions, intellectual property violations, white collar fraud, organized crime, drug trafficking, and violent crimes. He also served as the coordinator of computer hacking and intellectual property cases.

Paul began his career as a law clerk for the Honorable Mary Schroeder of the US Court of Appeals for the Ninth Circuit, and then served as a trial lawyer in the honors program of the Department of Justice Civil Rights Division.

Paul is an adjunct professor of cybersecurity law and policy at George Washington University, a guest lecturer on cybersecurity and privacy at various universities, and an instructor at the National Institute for Trial Advocacy. He is a member of the Virginia Cyber Security Commission, appointed by Governor; a member of the Maryland Cybersecurity Council, appointed by the State Attorney General; and Chair of the Montgomery County Criminal Justice Coordinating Commission, appointed by the County Executive. Paul has a J.D. from Columbia University, M.P.A. from Princeton, and S.B. in electrical engineering from MIT.


Samara Moore is the Chief Cyber Security Officer for the Office of the Under Secretary for Science and Energy, within the Department of Energy.  She recently completed a two year detail assignment with the White House National Security Council Staff, as the Director for Cybersecurity Critical Infrastructure Protection where she coordinated across the federal government and partnered with the private sector on efforts to strengthen cybersecurity for all critical infrastructure sectors. 

Prior to joining the White House, Mrs. Moore worked as the Senior Information Technology (IT) and Cybersecurity Advisor at the Department of Energy (DOE), focused on cybersecurity for the Energy Sector and managing public-private partnerships.  For nearly 5 years at DOE, she also led the cybersecurity program for internal Energy Program offices and played a key role in IT and cybersecurity governance for the DOE.  While at DOE, Mrs. Moore led the development of the Electricity Sector Cybersecurity Capability Maturity Model which is being used both domestically and internationally.  Prior to joining the DOE, Mrs. Moore worked as the Director of the Office of Management and Data Systems for the Occupational Safety and Health Administration, and for Deloitte Enterprise Risk Services. 

Mrs. Moore has worked as a consultant, systems engineer, and IT manager, and has performed security assessments, managed security operations and security planning for government agencies as well as private industry. Mrs. Moore received a bachelor’s degree from Virginia Tech in Accounting and Information Systems and a master’s degree from the George Washington University in Engineering Management Systems Engineering, where she is currently an adjunct professor.


Scott L. Vernick is a partner with the national law firm of Fox Rothschild LLP, resident in its Philadelphia office. For eight consecutive years, Chambers USA has ranked him as a leading litigation attorney in Pennsylvania, and he was previously named a BTI Client Service All-Star.

Scott’s diverse national trial practice focuses on pharmaceutical, technology and intellectual property litigation for Fortune 500 clients, ranging from First Data Corporation and GlaxoSmithKline plc to Merck & Co., Inc. He represents clients in state and federal courts, as well as in arbitration forums, in commercial disputes regarding intellectual property, licensing and technology transfer agreements, trade secrets, restrictive covenants and unfair competition; software and hardware technology service agreements; merchant processing and electronic payments; mergers, acquisitions and corporate changes-of-control; government contracting and procurement; and commercial lending, FCRA, FDCPA and TIL.

Over the past decade, Scott has developed a particular fluency in the rapidly evolving field of privacy and data security. He routinely counsels multinational and mid-sized businesses on how to mitigate risk and overcome the challenges posed by the current state and federal enforcement environment. For several years, Scott has contributed to the “Combating Cyberthreats” section to West/Thompson Reuters’s Data Security and Privacy Law guide.

Scott spearheaded the creation of the firm’s Data Breach 411 iPhone app, which provides immediate access to state data breach notification statut¬es, as well as other pertinent resources. In addition, he serves as a contributor to the firm’s Privacy Compliance & Data Security Privacy blog.

As a recognized authority on privacy and data security, Scott is a sought-after media source on these issues and a frequent guest speaker. He has recently been featured in outlets including Forbes, CRAIN’s New York Business, The Wall Street Journal, USA Today, Inside Counsel,  Law360, NPR and The National Law Journal, and has appeared on “The O’Reilly Factor” and “Studio B with Shepard Smith.”

Scott earned his J.D., cum laude, from Georgetown University and his B.A. from Trinity College.


Vincent Liu (CISSP) is a Partner at Bishop Fox, a cyber security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. In this role, he oversees firm management, client matters, and strategy consulting.

Vincent is a recognized expert, having presented at Black Hat and Microsoft BlueHat. He is regularly cited by the press, and has been interviewed by media outlets like Al Jazeera and NPR. Vincent has also co-authored seven books including several industry best-sellers, such as: Hacking Exposed Wireless 1st and 2nd Edition; Hacking Exposed Web Applications 3rd Edition, and most recently Web Application Security: A Beginner’s Guide. Additionally, Vincent has contributed several features to Dark Reading. He serves as returning faculty at the Practicising Law Institute, and sits on the advisory boards for the University of Advancing Technology and the cyber security accelerator, Mod N Labs.

Prior to founding Bishop Fox, Vincent led the Attack & Penetration team for the Global Security unit at Honeywell International. Before that, he was a consultant with the Ernst & Young Advanced Security Centers and an analyst at the National Security Agency.


Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto is the managing partner of the firm’s New York office and chair of the firm’s top-ranked Global Privacy and Cybersecurity practice.  She was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and was recognized by Chambers and Partners as a “Star” performer (the highest honor) for privacy and data security.  Ms. Sotto also is recognized as a “leading lawyer” by The Legal 500 United States for cyber crime and privacy and data security.  She serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. 

Ms. Sotto was named one of Ethisphere Magazine’s 2015 “Attorneys Who Matter,” listing attorneys who “have risen to the top,” and was named among The National Law Journal’s 2015 “Cybersecurity & Data Privacy Trailblazers” and “Regulatory & Compliance Trailblazers.”  She has been profiled in numerous publications including the Crain’s New York Business feature “Lawyer Goes Into the Breach” and the SC Magazine feature “Women of Influence.”  She also was featured as “The Queen of Breach” in an article by New York Super Lawyers Magazine.  Ms. Sotto is the editor and lead author of the legal treatise entitled Privacy and Data Security Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 

In 2014, Ms. Sotto was selected to represent the U.S. Chamber of Commerce to present a report, “Business Without Borders: The Importance of Cross-Border Data Transfers to Global Prosperity,” which the firm prepared in collaboration with the Chamber.  The two-day workshop was hosted by AmCham Indonesia and the U.S. Chamber of Commerce in Jakarta, Indonesia.  In addition, in 2012, Ms. Sotto was selected to advise the Serbian government on global data protection law and to draft the country’s data security and breach notification laws.  Her work in Serbia was sponsored by the USAID-funded Judicial Reform and Government Accountability Project.

Ms. Sotto is co-chair of the International Privacy Law Committee of the New York State Bar Association, chair of the New York Privacy Officers’ Forum, and former member of the Board of Directors of the International Association of Privacy Professionals.  Ms. Sotto received her J.D. from the University of Pennsylvania Law School, where she was an editor of the Law Review.  She received her B.A. from Cornell University, with Distinction in All Subjects.  She is admitted to practice in New York and the District of Columbia.


Charles E. Beard is a Principal in PWC’s Forensics practice where he specializes in supporting commercial concerns in the strategic application of technology to business designs, inherent duties and risks associated with operating in the digital economy, and investigations of computer and intellectual property crimes. With more than 25 years of experience, Mr. Beard supports corporate officers, their directors and counselors to identify practical solutions to the digital risk environments confronting their organizations as a result of emerging threat intelligence, contractual obligations, regulatory environments or investigatory events. Charles has been both a testifying and consulting expert witness, managed global P&Ls exceeding $400M annually, served as the Chief Information Officer of an $11B Fortune 300 Defense Industry company and leading that firms operational transformation. He was a founding member of the public-private partnership for threat information sharing for the US Defense Industrial Base and previously served as an officer in the US Air Force. Charles is a member of the Inova Health Care Services Board, was recognized by Consulting Magazine as one of the Top 25 consultants in the US in 2004 and a Top 50 Chief Information Officer by ExecRank in 2012.


Christine S. Ricci
Senior Counsel, Corporate Legal – Privacy and Data Protection
General Electric Company

Christine is an executive counsel in GE’s corporate legal department, supporting GE’s corporate IT Risk and Technology Solutions organizations and businesses on cyber related legal and compliance issues. In that role, she provides advice and counsel on threat management, cyber incident management, regulatory compliance, and contractual interpretations; analyzes cybersecurity legislation and regulatory issues to ascertain potential impacts on GE; and manages existing agreements and relationships with government organizations pertaining to cybersecurity. Christine is responsible for leading the company’s government relations and industry initiatives, including coordination of GE’s position, on emerging cyber legislation and regulation. She is also a government contracts expert, previously serving as a senior counsel in the GE Aviation Legal Operation supporting GE Aviation’s Military Systems Operation and Government Business. Prior to joining GE, Christine held positions at Xerox Corporation, the Department of Defense General Counsel’s Office, the Department of Justice, and in private practice in DC. She graduated from James Madison University and Catholic University Columbus School of Law.


As Director of Information Security and IT Risk Management, Wayne Proctor has global responsibility for the UPS information security program. His key responsibilities include: strategy, architecture, security operations, IT risk management, policy, awareness, forensics, compliance and IT business continuity.

Wayne has more than 20 years of IT management experience with fourteen years in Information Security leadership positions. Prior to joining UPS, Wayne held CISO positions in: Bank of the West, First Data USA, Certegy and BellSouth International.

Wayne is a nationally-recognized information security professional. He is an active member of several information security organizations including: ISACA, ISC2, InfraGard, and is an executive member of the ISSA CISO organization. He has spoken at National InfoSec events and has been quoted in a variety of industry magazines. He received a BS in Computer Science in 1988 and his MBA in 2008.


Deane is a Director within Delhaize America’s Information Security Office. He has twenty years of information technology and security experience including seven years of security consulting for PricewaterhouseCoopers (PWC). Deane currently oversees Delhaize America’s Threat and Vulnerability Management teams and their Cybercrimes and Incident Response teams.

Deane has significant experience in security architecture, security operations, and cybercrimes incident response. He has worked with companies in the manufacturing, technology, financial services, retail, utilities, and insurance industries. His recent industry experience extends to retail where he is involved in various regulatory compliance requirements including Payment Card Industry (PCI) and Healthcare Insurance Portability and Accountability Act (HIPAA).

Deane obtained is B.A. Information Technology from American InterContinental University where he graduated Summa Cum Laude. Early in his career he obtained several certifications in the technology industry such as a Cisco Certified Network Associate (CCNA), Microsoft Certified Solutions Expert (MCSE) and a Microsoft Certified Trainer (MCT).

Deane is a current member of Information Security Forum (ISF) and Retail Cyber Intelligence Sharing Center (R-CISC).


Erez leads the Corporate Investigations Division (CID) at Prudential Financial.  The Corporate Investigations Division consists of attorneys and investigators responsible for all investigations relating to internal and external fraud, regulatory matters, employee misconduct, and sales practice. CID also includes the High Technology Investigations Unit whose responsibilities include cyber crimes, privacy breaches, intellectual property theft, E-Discovery production, and computer forensics.

Prior to joining Prudential Financial in February 2014, Erez spent 10 years as a federal prosecutor.  He served as Deputy Chief of the Criminal Division at the U.S. Attorney’s Office, District of New Jersey, and Chief of the Computer Hacking and Intellectual Property Section. In that role, Erez oversaw the white collar units, including Economic Crimes, Computer Hacking and Intellectual Property, National Security, Healthcare and Money Laundering. Erez was the lead prosecutor on numerous cyber, securities, and fraud matters, including United States v. Drinkman, the largest data breach investigation and prosecution to date, involving the theft of over 160,000,000 credit and debit card numbers.  Albert Gonzalez was sentenced to 20 years for his role in the conspiracy.  Erez is the recipient of the 2010 Attorney General’s Award for Distinguished Service and numerous awards from the Director of the Federal Bureau of Investigations.

Erez teaches Cybercrime Law at Rutgers University School of Law-Newark, and is a frequent lecturer on cybercrime, privacy, and fraud.  He graduated from the University of Virginia with a degree in Aerospace Engineering.  He received his law degree from Columbia University Law School. 


Mr. Mattina is the Head of Insider Threat Management at The Blackstone Group. The Information Risk and Security Group at Blackstone is charged with protecting the firm’s corporate intellectual property. Prior to his current role, he managed recruitment, training and operations of a global team of the foremost information security experts within the United States Department of Defense.  Mr. Mattina has designed strategic planning and data aggregation tools to solve large-scale organizational problems.  He is a trusted advisor on topics of risk assessment, emerging technologies and data analytics.  Previously, Mr. Mattina was a Senior Sales Engineer for Asigra Inc., the first company to provide cloud backup and recovery software for managed service providers. From 2005 to 2008, Mr. Mattina managed data center operations of a hosting provider and conducted network optimization, design and security consulting for small to medium enterprise clients in several vertical markets. Mr. Mattina graduated with honors from the Rochester Institute of Technology, earned an MBA at George Washington University and is the appointed Chair of Computer Services for a national non-profit organization. He is an adjunct Professor at Stevenson University in the graduate program for Cyber Forensics, a Certified Information Systems Security Professional (CISSP) and has held various vendor-specific certifications.


Serving a global client base with offices in New York and California, Mr. Kamber has led the successful resolution of dozens of high–impact litigations, including Lane v. Facebook and in re Flash cookies. Currently, Mr. Kamber leads some of the largest pending cases addressing mobile privacy, duties under VPPA, various web technologies, wrongful use of deep packet inspection technologies, and the rights of children on the internet. KamberLaw prides itself on its ability to monitor and investigate privacy compliance to help ensure best practices, whether in the court room or the board room. Mr. Kamber has extensive courtroom, compliance, mediation and arbitration experience both in the United States and abroad.

Specialties: Focus on Internet privacy rights began in the 1990s when he resolved the first Internet privacy class action. His interest in consumer rights and technology extends to new media, and he has led standard-setting litigations and resolutions involving digital rights management software for computer software, video games, and music. Mr. Kamber has contributed greatly to the privacy debate as the consumer’s voice in self-regulation.