CyberSide Chats by Epiq

BIOGRAPHY Attorney Benjamin Wright helps others navigate the law of technology.  He teaches the class Law of Data Security and Investigations for SANS Institute, the premier authority for training information security professionals and digital forensics experts. That 5-day boot camp is unique in the world. It trains professionals on how to manage cyber law risk across the globe. Wright advises clients -- in the US and throughout the world -- on privacy, e-discovery, data breaches, online contracting, technology contracts, active defense, forensic investigations, and cyber security policies. Ben helps tech professional firms write engagement contracts, and otherwise manage their legal liability and right to be paid. Such firms include QSAs, auditors, penetration testers, and forensic investigators.  Ben is spotlighted in the book "The Devil Inside the Beltway" for his uncommonly insightful advice to LabMD in its now famous information security law dispute. Wright is the author of the book "The Law of Electronic Commerce" (Wolters Kluwer).Find us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com. 

Cyber law expert, attorney, and SANS instructor, Ben Wright joins hosts Jerich Beason & Whitney McCollum to discuss a variety of topics, including Ben's career path into cyber law and teaching, the pros and cons of having a cyber whistleblower, and the importance of the investigation and knowledge of the impacted company. We talked about the need for cyber security education for all lawyers, how cyber risk should be foundational to legal training and education, and how that could be implemented.  As a lawyer working in the field for decades, Ben explores with us why knowledge of cyber risk is important for lawyers not only to protect client data, but also for advising clients? Who gets access to your firm's information systems? What are the laws and implications around those systems? Should CLE credits on cyber topics be required?   Ben also offers his tips on managing the possibility of cyber whistleblowers within an enterprise and having a process in place to effectively manage internal reporting of concerns. Do limited resources and shortage of talent contribute to whistleblowing? What affect does the social and digital media landscape have on the motivations of whistleblowers?  Learn all this and more in today's episode.  Links from this show: Bloomberg Law "Analysis: Mandatory Cybersecurity CLE Credits – At a Bar Near You” https://news.bloomberglaw.com/bloomberg-law-analysis/analysis-mandatory-cybersecurity-cle-credits-at-a-bar-near-you   Wall Street Journal “Cybersecurity Whistleblowers are Growing Corporate Challenge” https://www.wsj.com/articles/cybersecurity-whistleblowers-are-growing-corporate-challenge-1526403513?tesla=y   Note: “The statements of the guest speakers and hosts in this podcast should not be construed as legal advice.  They represent their views only and not those of Epiq or their respective employers.” BIOGRAPHY Attorney Benjamin Wright helps others navigate the law of technology.  He teaches the class Law of Data Security and Investigations for SANS Institute, the premier authority for training information security professionals and digital forensics experts. That 5-day boot camp is unique in the world. It trains professionals on how to manage cyber law risk across the globe. Wright advises clients -- in the US and throughout the world -- on privacy, e-discovery, data breaches, online contracting, technology contracts, active defense, forensic investigations, and cyber security policies. Ben helps tech professional firms write engagement contracts, and otherwise manage their legal liability and right to be paid. Such firms include QSAs, auditors, penetration testers, and forensic investigators. Ben is spotlighted in the book "The Devil Inside the Beltway" for his uncommonly insightful advice to LabMD in its now famous information security law dispute. Wright is the author of the book "The Law of Electronic Commerce" (Wolters Kluwer). Find us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com. 

Security expert, Roselle Safran, joins hosts Jerich Beason& Whitney McCollum have come together after realizing more people know more about “The Queen's Crown Jewels” than those that are vital to their company.  How do you determine which are those precious systems that are the bare minimum & mission-critical to operate, generate revenue, or contain the In some industries these could mean life or death.  Where do you invest most to protect the organization? The analogy is pondered – No one breaks into a bank to steal the posters.  These experts take a deep dive into what the legal team and board must know about the crown jewels of an organization.  Roselle explains how taking the manual processes, biases, and opinions out of the equation with technology that assesses what your crown jewels are is becoming important to large organizations that have many assets, revenue streams, and layered dependencies.  Once you know what your crown jewels are you can properly assess the risk, manage that risk, protect the crown jewels, and know where you must be most resilient.  What input should legal have on risk?  Who in the organization ultimately owns the risk? The CEO? The board? Who determines the risk appetite? Who communicates it down through the organization? Where does the CISO fall into ownership versus managing risk?  Learn about risk appetite, the tolerance of risk by leadership, and aligning acceptance of risks with business goals.  The conversation closes with a great thought, “Just like an investigator tracking down the bad guys, start where the money is and you will find the crown jewels.”Note: “The statements of the guest speakers and hosts in this podcast should not be construed as legal advice.  They represent their views only and not those of Epiq or their respective employers.” BIOGRAPHYRoselle Safran is the CEO and Founder of KeyCaliber, a technology startup that enables cybersecurity, risk, and infrastructure teams to identify their critical cyber assets automatically and continuously to effectively manage cyber risk and ensure cyber resilience. The first cybersecurity startup that she founded, Uplevel Security, was acquired by McAfee.  Before becoming an entrepreneur, Roselle spent a decade as a cybersecurity practitioner and leader. She led cybersecurity operations at the Executive Office of the President during the Obama Administration, directing tactical measures and strategic initiatives for protecting and defending the White House's network. Prior she managed analysis teams at the Department of Homeland Security's US-CERT. Roselle earned her Bachelor of Science in Engineering degree from Princeton University. Find us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com.

Privacy & Compliance expert from Microsoft, Ingrid Rodriguez, joins hosts Jerich Beason& Whitney McCollum to discuss taking risk out of silos. They talk about how the entire organization needs to have understanding of the enterprise risks.  Specifically, how does security & compliance fit into the enterprise risk framework?  What are the situational perspectives of the C-Suite and how can those perspectives drive compliance goals?  How can the CISO and legal work together and with the enterprise for compliance? They will also talk about risk appetite, the tolerance of risk by leadership, and aligning acceptance of risks with business goals.  How much and how often should you communicate risks and mitigation strategy?  Note: “The statements of the guest speakers and hosts in this podcast should not be construed as legal advice.  They represent their views only and not those of Epiq or their respective employers.”BIOGRAPHYIngrid is an Advanced Compliance Global Black Belt with Microsoft Security Solutions Area supporting the South, Southeast of the US, and LATAM regions. In her role, Ingrid shares her enterprising multinational information and security risk management executive experience, to help customers strategize within their Risk and Compliance obligations leveraging our solutions in Compliance, Information Protection, Privacy Management, and Insider Threat management capabilities. During her 18 years tenure in IT Risk & Compliance Leadership, Ingrid designed for an innovative Global Technology Risk Management Framework, as well as a vision for tactical implementation of technology and security controls by combining a variety of data security standards such as: NIST, ISO, PCI, HIPAA, FFIEC, GDPR, to mention a few. Ingrid designed and built the first Global Technology Risk Management programs in most of her previous employers. She lead, supported and guided over 45 countries to meet US and country-level compliance and privacy needs and well as Global Standards.  Ingrid is from Puerto Rico, based in Dallas, TX but soon relocating to beautiful Pensacola, FL. She is a frequent speaker on Risk Management and Compliance topics, in both languages English and Spanish, in many global, national and regional events including ISACA, Microsoft Executive Briefing Center, Fintech, Partners and many other associations and affiliations within the Privacy, Risk and Compliance industry in the US and LATAM.  Ingrid received a Bachelor's Degree in Computer Engineering from the University of Puerto Rico, and also holds a Master's Degree in Sciences, Computer Sciences from the University of Phoenix. She holds various industry certifications, including CRISC, CDPSE, ITIL among others. LinkedIn: https://www.linkedin.com/in/inrodz/ Find us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com.

Professor, Attorney and Expert in Cybersecurity Policy & Governance, Kevin Powers joins Jerich Beason & Whitney McCollum to discuss where the law stands on “Hacking Back”. Everyone at some point wants to be Batman. During this Cyberside Chat they will answer questions such as: Is it ok to do whatever it takes to protect data or is it like breaking back into a thief's house to steal your items back? What could go wrong? How does the Computer Fraud & Abuse Act apply? What are the civil and criminal ramifications to the company executives and board of directors? How do you advise as internal counsel or outside counsel on corporate vigilantism? Where should law and regulation go in regard to the ever-changing landscape of cyber threats? Kevin Powers also speaks about the need for legal professionals to learn cybersecurity law, the programs available, and how you can add CLE's on the subject.Articles & Links for Reference:https://www.justice.gov/jm/jm-9-48000-computer-fraudhttps://blog.malwarebytes.com/ransomware/2022/03/nvidia-the-ransomware-breach-with-some-plot-twists/https://www.wired.com/story/north-korea-hacker-internet-outage/Note: “The statements of the guest speakers and hosts in this podcast should not be construed as legal advice.  They represent their views only and not those of Epiq or their respective employers.”BIOGRAPHYProfessor Kevin R. Powers, J.D., Founder and Director, Master of Science in Cybersecurity Policy and Governance Programs, Boston College  Kevin is the founder and director of the Master of Science in Cybersecurity Policy and Governance Programs at Boston College, and an Assistant Professor of the Practice at Boston College Law School and in Boston College's Carroll School of Management's Business Law and Society Department. Along with his teaching at Boston College, Kevin is a Cybersecurity Research Affiliate at the MIT Sloan School of Management, and he has taught courses at the U.S. Naval Academy, where he was also the Deputy General Counsel to the Superintendent.   With over 20 years of combined cybersecurity, data privacy, business, law enforcement, military, national security, higher education, and teaching experience, he has worked as an analyst and an attorney for the U.S. Department of Justice, U.S. Navy, U.S. Department of Defense, law firms in Boston and Washington, D.C., and as the general counsel for an international software company based in Seattle, Washington. Kevin also is an expert witness and consultant with the Analysis Group and serves as a Director for the Board of Reading Cooperative Bank, a Trustee for the Board of Boston College High School, an Advisory Board Member for HYCU, Inc. (Backed by Bain Capital Ventures) and CyberSaint Security, and as a Member of the Boston College Law School Business Advisory Council. From 2016-2017, he was the Panel Lead for the Collegiate Working Group for the U.S. Department of Homeland Security's National Initiative for Cybersecurity Education (NICE). Kevin, a Navy Veteran, regularly provides expert commentary regarding cybersecurity and national security concerns for varying local, national, and international media outlets.Find us on LinkedIn or email us at cyberside@epiqglobal.com.

Jerich Beason & Whitney McCollum speak on this Cyberside Chat to discuss the recent Merck & Co. cyber insurance win and how this impacts future wars fought with cyber weapons such as the conflict in Ukraine.  This case sets a precedent for how legal teams and cyber insurers will draft contracts in the future.  What defines war? Could a separatist group or terrorist attack be considered an act of war, or does it require a nation state? Should you worry about your third parties' diligence on their contracts? If your third party is attacked and you are collateral damage, how are you protected?  They discuss how insurance companies are providing less coverage but charging higher premiums all while expecting organizations to prove the maturity of their cybersecurity programs. Articles & Links for referencehttps://news.bloomberglaw.com/privacy-and-data-security/mercks-1-4-billion-insurance-win-splits-cyber-from-act-of-warhttps://www.bloomberglaw.com/public/desktop/document/MerckCoIncvsAceAmericanInsuranCeDocketNoL00268218NJSuperCtLawDivA?1646370280https://supreme.justia.com/cases/federal/us/263/487/ Jerich Beason  https://www.linkedin.com/in/jerich-beasonWhitney McCollum  https://www.linkedin.com/in/whitneymccollum

Dr Zero Trust – Chase Cunningham creator of the Zero Trust eXtended Framework joins Jerich Beason & Whitney McCollum for today's Cyberside Chat to discuss the principles and types of technologies that support a zero trust architecture and whether you are negligent if you are not adopting a Zero Trust methodology.  While companies are concentrating on delivering the best service to their customers, they also need to begin ingraining what would be considered reasonable security measures into their processes. They discuss how Zero Trust means you implicitly trust no one, verify often , and make sure when the bad guys get in, they are segmented so they won't be successful in causing widespread damage. To conclude the show, they share both a CISOs and a lawyer's perspective on negligence in cyber and whether it can be proven in court.  Articles & Links for referencehttps://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdfhttps://www.cisco.com/c/dam/m/en_sg/solutions/security/pdfs/forrester-ztx.pdfhttps://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/ BIOGRAPHYChase Cunningham is the creator of the Zero Trust eXtended framework and a cybersecurity expert with decades of operational experience in NSA, US Navy, FBI Cyber, and other government mission groups, Chase is responsible for ZTEdge's overall strategy and technology alignment. Chase was previously VP and Principal Analyst at Forrester Research; Director of Threat Intelligence for Armor; Director of Cyber Analytics for Decisive Analytics; and Chief Cryptologic Technician, US Navy. He's author of the Cynja series and Cyber Warfare: Truth, Tactics, and Strategies. Dr Zero Trust Podcast - https://podcasts.apple.com/us/podcast/drzerotrust/id1570251081 Chase Cunningham  https://www.linkedin.com/in/dr-chase-cunningham-54b26243/Jerich Beason  https://www.linkedin.com/in/jerich-beasonWhitney McCollum  https://www.linkedin.com/in/whitneymccollum #ZeroTrust #Epiq #Cybersecurity #Negligence #CyberSideChats #legal Note: “The statements of the guest speakers and hosts in this podcast should not be construed as legal advice and they represent their views only and not those of their respective companies.”

On this episode of CyberSide Chats, Epiq's CISO Jerich Beason, and this week's co-host Whitney McCollum are joined by Stefanie Drysdale to discuss M&A. They discuss the process of evaluating a target company's cybersecurity risk and the implications of managing that risk after the deal is closed.  They also opine the importance of taking into account other factors when evaluating a target organization such as security culture, reputation, regulations, existing contracts, privacy statements, and prior incidents. The three of them close the show discussing ways that security can collaborate with other parts of an organization.Stefanie Drysdale's BiographyAs a Vice President of Prescient in the firm's Cyber Practice, Stefanie works closely with practitioners to provide support for organizations and high-profile clients ranging from Fortune 100 corporations to boutique consulting firms. She has been instrumental in building Prescient's Cyber offerings since joining the firm in 2016, particularly its Executive Digital Protection (EDP) program. Stefanie has also been an active proponent of cybersecurity awareness, having hosted and participated in many panel discussions, webinars, and presentations about online safety and good digital hygiene, as well as the role of women in privacy and cybersecurity fields. She hosts a weekly industry news roundup on her LinkedIn feed and YouTube channel, which covers current trends and news pieces, as well as regular interviews with others leaders in the fields of corporate security, risk management, and information technology.  The articles that framed this episode's conversation can be found here:"Managing cyber risks in M&A transactions" from Lexology"Why Cyber Due Diligence Is Essential to the M&A Process" from Dark Reading“Don't drop the ball. Identify and reduce cyber risks during M&A” from Deloitte“Subsidiaries are Global Enterprise Achilles Heel; Increasing Attack Surface and Exposure” from CycognitoJerich Beason | LinkedInWhitney McCollum | LinkedInStefanie Drysdale | LinkedInNote: “The statements of the guest speakers and hosts in this podcast should not be construed as legal advice and they represent their views only and not those of their respective companies.”

Jerich is joined by Melissa Parisi of Herbalife Nutrition and Caroline Morgan of Culhane Meadows to discuss the topic of retaining privilege after engaging a cyber attorney during or after a cyber incident. An organization may lose legal privilege after a cyber incident if they don't take some of the steps that Caroline & Melissa discuss in this episode.  In the event of post-incident litigation, the do's and don'ts covered can make or break a defense strategy. Bio's: Melissa Parisi is the Senior Director of Worldwide Privacy at Herbalife Nutrition, a global leader in meal replacement protein shakes, dietary supplements and skin care products. She leads the Company's global privacy program, which spans over 90 markets. Prior to joining Herbalife, Melissa was at the law firm of Sidley Austin LLP, where her practice focused on government enforcement matters, internal investigations, and commercial litigation and disputes. Melissa has represented companies in the health, wellness and fitness industry, as well as a wide range of other industries, including apparel, pharmaceutical, medical device, energy, oil and gas, banking, and insurance. Melissa earned her J.D. from Northwestern University School of Law and B.A. cum laude from the University of California, San Diego. Caroline Morgan is a partner in the litigation and privacy groups at the New York office of Culhane Meadows, the largest national women owned law firm in the country. Caroline counsels companies on navigating state, federal and international data privacy and breach notification laws. Caroline also assists clients with data security incident plans, privacy policies and achieving cybersecurity best practices to minimize losses. She is a frequent speaker and writer on a wide variety of emerging data privacy and cybersecurity legal developments, in addition to the regulatory and litigation landscape in the digital assets or blockchain/distributed ledger technology space.The statements of the guest speakers in this podcast should not be construed as legal advice and they represent their views only and not those of their respective companies.Article -   Dark Reading: 8 Ways to Preserve Legal Privilege After a Cybersecurity Incident https://www.darkreading.com/author/caroline-morgan-melissa-parisi

During this special edition of CISO vs CISO, Jerich and Amanda Fennell , Relativity CSO & CIO, discuss the White House Cyber Summit that took place in August. During this candid discussion, they provide their perspectives on the outcomes of the summit and the impact businesses can expect.  They also took a look at what promises from industry giants such as Amazon, Microsoft, and IBM mean for the future of the cybersecurity industry.BioAmanda joined the Relativity team in 2018 as CSO and her responsibilities expanded to include the role of CIO in 2021. In her role, Amanda is responsible for championing and directing security strategy in risk management and compliance practices as well as building and supporting Relativity's information technology. She also hosts Relativity's Security Sandbox podcast, which looks to explore and explain the unique links between non-security topics and the security realm. Relativity is passionate about its culture of security to ensure its data (and its customers' and partners' data) is secure.Prior to joining Relativity, Amanda served as the global head of cyber response and digital forensics at Zurich Insurance Company. She also held several management and consulting positions at Symantec, Dell SecureWorks, Booz Allen Hamilton, and Guidance Software. Amanda received her Master's in Forensic Science in the field of Digital Forensics: High-Technology Crime Investigation at the George Washington University.

Jerich Beason is joined by Erik Weinick. Erick's experience includes privacy, cybersecurity, bankruptcy, commercial torts, defamation/slander, regulatory to name a few. He is also the co-founder of Otterburg's Privacy & Cybersecurity Practice and has contributed multiple pieces of thought leadership on cyber security. Jerich and Erik discuss why an organization should consider retaining a cyber attorney, when they should consider taking that step and how an introductory conversation would go if an organization called to use his services.

Jerich is joined by Rob Shavell.  Rob is CEO of Abine / DeleteMe, The Online Privacy Company. Rob has been quoted as a privacy expert in the Wall Street Journal, New York Times, The Telegraph, NPR, ABC, NBC, and Fox. Rob is a vocal proponent of privacy legislation reform, including the California Privacy Rights Act (CPRA).In this episode, Robert Shavell and Jerich Beason opine on the threats posed by data scraping and data brokers.  They discuss ways companies and individuals can protect themselves and their PII.The article mentioned in today's episode can be found here:https://joindeleteme.com/blog/brokers-not-breaches-largest-privacy-threat/Find us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com.

Jerich Beason is joined by John Grange,  who the co-founder and chief technology officer at OpsCompass which is a SaaS product that provides continuous, cloud-native governance and security in Azure, AWS, GCP, and Microsoft 365.Jerich and John discuss the nuances of the public cloud, risks and rewards with using it, and best practices for securing it.The article mentioned in today's episode can be found here:Best practices for securing the public cloud by Bruce Gibson via ermetic Find us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com.

Jerich Beason is joined by Don Dennis, who is an attorney focusing on  copyright and trademark infringement, Internet law, defamation, trade secret misappropriation, data security breach, and privacy law.Jerich and Don discuss what escrow software is, why it matters to the legal industry, and how it can be used to protect important data.The article mentioned in today's episode can be found here:Source Code Escrow Agreements Are Reaching For The Cloud from Lowenstein Sandler LLP via JDSupraFind us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com.

Jerich Beason is joined by Meg Hargrove, who is now at IBM as part of their X-Force Cybersecurity Incident Response Team.  Jerich and Meg discuss how to manage an incident response team, who should be part of a company's security tabletops (hint: legal!), and advice for legal teams interested in being a better advocate for cybersecurity in the incident response process.The article mentioned in today's episode can be found here:The Legal Issues in Cyber Incident Response – Risk Management from RM MagazineFind us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com.

Jerich Beason is joined by Jacob Ingerslev. who is head of cyber risk at The Hartford. Together, they discuss why cyber insurance is so important, how the uptick in ransomware is escalating this need, and everything in between.The article mentioned in today's episode can be found here:"The Next Five Years: Cyber Insurance Predictions Through 2025"  from Forbes.Find us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com.

Jerich Beason is joined by AJ Yawn, who is the co-founder and CEO of Bytechek, to explore the value of SOC2 certifications and review the merits of President Biden's latest executive order on cybersecurity. The article, authored by AJ, that is discussed in this episode can be found here:How law firms can demonstrate strong cybersecurity practices in CISO Magazine.Find us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com.

Jerich Beason is joined by Whitney McCollum who is vice president, assistant general counsel, and chief IP and data protection counsel at AECOM. Together, they discuss the importance of data access, how COVID19 has changed data concerns for organizations, the implications of information governance (hint: it's not just compliance), how cyberattacks can influence a vendor partnership, and advice on joining the cybersecurity industry.The  article mentioned in today's episode can be found here:"Corporate governance in the digital economy: The critical importance of information governance" by Information Governance ANZFind us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com.

Jerich Beason is joined by Michael Mangold, head of privacy and compliance for YouTube, to discuss the ethics involved with artificial intelligence and predictions for what the Biden Administration could spell for privacy regulations.The two articles that framed this episode's conversation can be found here:"What could a Biden administration mean for privacy, cybersecurity" from IAPP"What a picture of Alexandria Ocasio-Cortez in a bikini tells us about the disturbing future of AI" from The GuardianFind us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com.