Continuing Legal Education

Program Agenda

Cybersecurity Law Institute

Wednesday, May 25

7:30-9:30 am
Registration and Continental Breakfast

Sponsored by WilmerHale

8:00-9:30 am
Optional Primer: Top 10 Things You Need to Know

Rena Mears, DLA Piper
Harriet Pearson, Hogan Lovells
Randy V. Sabett, Cooley LLP

  • Review the basics during this popular session reprise
  • Understand why cybersecurity is a "team sport" and where all the players and attorneys fit in
  • Explore governance and oversight, counseling, incidence preparedness and response

9:30-9:45 am
Networking Break

9:45-10:00 am
Welcome and Overview
Alisha Avril, Program Attorney

10:00-11:30 am
Congratulations, You Are Responsible for Cybersecurity Legal Matters! What Must Corporate Counsel Learn?
Christina Ayiotis, Cybersecurity Consultant, Program Co-Chair
Michelle Beistle, Counsel & Chief Compliance Officer, Unisys
Suzanne Rich Folsom, General Counsel, Chief Compliance Officer & Senior Vice President, Government Affairs, United States Steel
Cristin Flynn Goodwin, Assistant General Counsel, Microsoft
Karen I. Moreno, Counsel, Information Technology Law, Exxon Mobil Corporation

  • Prepare to be a leader in cyber matters at the Board level
  • Understand the role of in-house counsel in developing and enhancing cybersecurity programs
  • Grasp the role of the NIST framework: Is it the de facto standard of care?
  • Learn to be prepared with a cybersecurity program that complies with multiple overlapping frameworks, regulations, orders, and guidance

11:30 am-12:30 pm
Regulator Report: How Is Government Addressing Cybersecurity in Key Sectors?
Kim Peretti, Alston & Bird LLP
Allison Lefrak, Senior Attorney, Division of Privacy and Identity Protection, Federal Trade Commission
Jonathan Mayer, Federal Communications Commission
Kevin D. Rosen, Senior Regional Counsel, Department of Enforcement, Financial Industry Regulatory Authority

  • Examine regulatory priorities
  • Review enforcement developments
  • Obtain answers from federal and state officials

12:30-12:45 pm
Boxed Lunch Distribution

12:45-2:15 pm

Session A: Cyber 101: The Technical Basics of Cybersecurity and Forensics
Jim Butler, Senior Director, Global Security & Compliance,
Thomas J. Hibarger, Managing Director, Stroz Friedberg

  • Examine basic technical tools and their use in the law field
  • Review key principles in information security and forensics
  • Receive a tutorial on technical basics on cyber and forensics
  • Ask your toughest questions about technical concepts

Session B: International Cyber Law Issues: Reviewing Other Countries' Approaches
Gary Brown, Professor of Cybersecurity, Marine Corps University
Demetrios A. Eleftheriou, Director of Global Privacy, Symantec Corporation
Jan Ellermann, Senior Specialist, Data Protection Office, Europol
Christopher Painter, Coordinator, Cyber Issues, U.S. Department of State

  • Examine the French surveillance law and German data retention law
  • Analyze UK mass surveillance and bulk collection
  • Survey new laws on cybersecurity throughout the world
  • Assess the breach notification landscape outside the U.S.

Session C: Litigation Trends in Data Breaches
Michelle Cohen, Patterson Belknap Webb & Tyler LLP
Allison Brecher, Senior Litigation Counsel & Director of Information Management and Strategy, Marsh & McLennan Companies
Jay Edelson, Edelson PC
Douglas Meal, Ropes & Gray LLP

  • Review post-breach trends after Wyndham, Neiman Marcus, and Target
  • Learn practical steps to pursue when investigating a potential security incident

2:15-2:45 pm
Networking Break

2:45-3:45 pm

Session A: Privacy and Civil Liberties: Implications of Securing Cyber Environments
Alan Raul, Sidley Austin LLP
Prof. Alvaro Bedoya, Executive Director, Center on Privacy & Technology, Georgetown University Law Center
Jeff Brueggeman, Vice President, Global Public Policy, AT&T

Andrea Glorioso, Counselor, Digital Economy & Cyber Security, Delegation of the European Union to the U.S.

  • Discuss the privacy and civil liberties concerns in sharing cyber threat information
  • Review the issues in monitoring employee and other individuals' use of information systems
  • Explore how privacy concerns can be mitigated when data is shared with third parties
  • Examine how global laws and proposed legislation define the boundaries of appropriate actions
  • Study emerging cybersecurity organizational best practices to address privacy and civil liberties

Session B: What Do You Need to Know About Protecting Controlled Unclassified Information?
M. Peter Adler, PayPal
Mary Beth Bosco, Holland & Knight LLP
Annejanette Pickens, Associate General Counsel, General Dynamics Mission Systems, Inc.

  • Consider the emerging requirements under EO 13556, Safeguarding CUI
  • Understand what CUI is and how it must be protected by federal contractors and subcontractors
  • Assess the state of the final NARA rule, the FAR clause, and how to implement SP800-171
  • Analyze implementation issues faced by the defense community

Session C: Always Connected, Always Vulnerable: The Internet of Things and Hacking Liability
Daniel Mee, Goldberg Segalla
Dan Caprio, Co-Founder & Chairman, The Providence Group
Nancy Sumption, Medtronic
Michael Woods, Associate General Counsel &Vice President, Verizon

  • Identify and define the evolving issues, problems, and threats
  • Review policies on wearables and implantables and (SCIFs)
  • Grasp the EOT/EPS standards
  • Understand security by design and software assurance
  • Explore the proliferation of IOT/CPS standards

3:55-4:55 pm

Session A: Tackling Vendor Risk
Dori Anne Kuchinsky, Assistant General Counsel, Privacy, AOL Inc.
David C. Gryce, Arent Fox LLP
Carmen B. Krueger, Senior Vice President &General Manager, Cloud Operations, SAP National Security Services
C.M. Tokë Vandervoort, Vice President &Deputy Counsel, Under Armour

  • Explore the place of law firms as vendors of legal services
  • Compare and contrast vendor and supply chain risk
  • Review vendor contracting strategies to mitigate risk and avoid pitfalls
  • Assess the value of ongoing auditing and testing of vendor security
  • Learn to engage proactively and cooperatively with vendors to stay abreast of evolving security threats

Session B: What Do CISOs Want Lawyers to Understand About Cybersecurity?
Hilary L. Hageman, Vice President & Deputy General Counsel, CACI International Inc.
Michael Papay, Vice President & CISO, Northrop Grumman Corporation
Dr. J.R. Reagan, Global Chief Information Security Officer, Deloitte Touche Tohmatsu Limited

  • Assess what fosters effective collaboration between information security and legal
  • Review the key elements of a successful relationship between CISOs and lawyers
  • Examine how frequently CISOs and lawyers should engage
  • Learn what lawyers need to know from the CISO's perspective

Session C: Information Sharing: You Want to Share What With Whom?
Justin Castillo, Head of Legal, BT Americas
Susan B. Cassidy, Covington & Burling LLP
Jake Laperruque, Open Technology Institute, New America
Hugo Teufel III, Raytheon Company

  • Learn what questions should be asked before providing legal guidance for a new potential threat
  • Assess the role of the ABA and other professional organizations
  • Analyze potential liability protections
  • Discuss the importance of timely decision-making and efficiency through documented processes

4:55-6:00 pm
Networking Cocktail Reception
Sponsored by Darktrace

Thursday, May 26

8:00-8:15 am
Continental Breakfast

8:15-9:15 am

Interviewer: Kim Peretti, Alston & Bird LLP
Discussant: Julie Brill, Hogan Lovells

9:15-9:40 am
Networking Break

9:40-10:40 am
The National Security Side of Cyber Intrusions
Andrew H. Tannenbaum, Cybersecurity Counsel, IBM
Hon. John P. Carlin, Assistant Attorney General for National Security, U. S. Department of Justice
Steven Chabinsky, General Counsel and Chief Risk Officer, CrowdStrike
Rajesh De, Mayer Brown LLP

  • Understand the evolving threat landscape around state-sponsored attacks and the government's role assisting companies with prevention, detection, and response
  • Learn how to best work with the government in the aftermath of state-sponsored attacks
  • Examine the shifting motives of adversaries, such as espionage and counter intel and the series of intrusions targeting 'bulk PII'.
  • Grasp the importance of needing to have alternative communication infrastructures as part of incident response
  • Understand the impact of "Going Dark,"especially after the Paris attacks

10:50 am-12:05 pm

Session A: Cybersecurity for the Practice of Law: Addressing Legal Ethics Issues Before They Arise
David B. Coher, Principal, Reliability & Cybersecurity, Southern California Edison
Hon. John M. Facciola (Ret.), U.S. District Court for the District of Columbia, Washington, DC
Mark L. Krotoski, Morgan, Lewis & Bockius LLP
James M. McCauley, Ethics Counsel, Virginia State Bar

  • Explore the duty of confidentiality (Model Rule 1.6) as it applies to digital communications and materials provided in the course of representation
  • Review the duty of competency (Model Rule1.1) and the evaluation of suitable technology
  • Study the limited evidentiary protection of attorney-client privilege and work product privilege
  • Consider how online "free" services may use your data to expose your practice to risk
  • Understand data encryption and how to easily implement VPNs and other technologies

Session B: Active Cyber Response: Fad, Fantasy, or Fundamental Right?
Anand R. Shah, Deputy Attorney General, Financial & Computer Crimes Bureau, New Jersey Division of Criminal Justice, New Jersey Office of the Attorney General
Stewart A. Baker, Steptoe & Johnson LLP
Jamil N. Jaffer, Adjunct Professor of Law, Director, Homeland and National Security Law Program, George Mason University School of Law

  • Observe a debate on the use of active defense, including the technical, policy and legal issues
  • Review certain use cases in the private sector
  • Understand the technical realities of using cyber weapons
  • Examine the effect of reforms to the Computer Fraud and Abuse Act and the emergence of international norms and guidance in the "Tallinn Manual 2.0"

Session C: What Every Attorney Needs to Know About Dealing with Law Enforcement
Korin A. Neff, Senior Vice President & Corporate Compliance Officer, Wyndham Worldwide Corporation
Shane McGee, Chief Privacy Officer, FireEye, Inc.
Andrew S. Pak, Assistant U.S. Attorney, U.S.Attorney's Office, New Jersey

David Szuchman, Executive Assistant District Attorney & Chief of Investigation Division, New York County District Attorney's Office

  • Review strategies to make working with law enforcement successful for you
  • Receive an in-house lawyer's guide to working with law enforcement
  • Assess what to share and what not to share and how to protect proprietary information
  • Assess the advantages and disadvantages of working with subpoenas and search warrants

Boxed Lunch Distribution

12:25-1:40 pm

Session A: De-Mystifying the"Dark Web"
Etay Maor, Executive Security Advisor, IBM
Ralph Echemendia, "The Ethical Hacker"

  • Learn what the "hidden internet" is and how to determine whether employees are accessing it
  • Analyze the critical privacy, security, and anonymity concerns
  • Explore the legal avenues to pursue if you are victimized by ransom ware or cyber extortion
  • Examine the ethical issues in gathering and using information available on the dark web

Session B: Developments in Payment Cards and Responses to Breaches
Russell Schrader, General Counsel & Chief Privacy Officer, Commerce Signals Inc.
Christopher Novak, Director, Verizon
Branden R. Williams, Vice President, Head of Strategy, Security & Fraud Solutions, First Data

  • Review the roles of the franchisor and the franchisee
  • Examine the impact of CHIP/EMV rollout in the U.S. and internationally
  • Grasp the impact of the burgeoning increase in e-commerce and of card not present breaches.

Session C: The Role of Insurance in Reducing Cybersecurity Risk
Scott Godes, Barnes &Thornburg LLP
Tom Finan, Chief Strategy Officer, Ark Network Security Solutions
Catherine A. Mulligan, Senior Vice President, Zurich North America
Greg Vernaci, Senior Vice President, American International Group, Inc.

  • Explore the role of insurance in sound cybersecurity risk management and what risk managers and attorneys need to know
  • Examine the evolution of cyber insurance and the types of coverage available
  • Understand the key terms in policies and how they function in practice
  • Grasp the importance of insurance review in vendor and business partner risk management
  • Pinpoint how to answer security questions as part of the underwriting process
  • Review the most recent case law

1:40-2:00 pm
Networking Break

2:00-3:30 pm
Responding to a Data Breach: How to Run a Cyber Investigation and Learn from the Breach
Erez Liebermann, Chief Counsel, Cybersecurity & Privacy, Prudential Financial, Inc.
W. Scott Nehs, Senior Vice President & General Counsel, Blue Cross Blue Shield Association
Timothy Ryan, Managing Director, Cyber Practice Leader, Kroll
Tara M. Swaminatha, DLA Piper

  • Learn how to best assist clients to evaluate a suspected breach or other unusual activity.
  • Share best practices for organizing and overseeing a cyber investigation
  • Understand when and how to assert the attorney-client privilege
  • Receive tips on documenting the investigation and its findings
  • Assess who should be involved in all phases of the investigation

3:30 pm


This event occurred in the past.

On The Web

Maps & Directions

Google Location Map Georgetown University Law Center 600 New Jersey Avenue NW Washington, DC 20001