CyberSide Chats by Epiq Epiq

BIOGRAPHY 
Attorney Benjamin Wright helps others navigate the law of technology.  He teaches the class Law of Data Security and Investigations for SANS Institute, the premier authority for training information security professionals and digital forensics experts. That 5-day boot camp is unique in the world. It trains professionals on how to manage cyber law risk across the globe. 
Wright advises clients -- in the US and throughout the world -- on privacy, e-discovery, data breaches, online contracting, technology contracts, active defense, forensic investigations, and cyber security policies. 
Ben helps tech professional firms write engagement contracts, and otherwise manage their legal liability and right to be paid. Such firms include QSAs, auditors, penetration testers, and forensic investigators.  
Ben is spotlighted in the book "The Devil Inside the Beltway" for his uncommonly insightful advice to LabMD in its now famous information security law dispute. 
Wright is the author of the book "The Law of Electronic Commerce" (Wolters Kluwer).
Find us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com. 

Cyber law expert, attorney, and SANS instructor, Ben Wright joins hosts Jerich Beason & Whitney McCollum to discuss a variety of topics, including Ben’s career path into cyber law and teaching, the pros and cons of having a cyber whistleblower, and the importance of the investigation and knowledge of the impacted company. We talked about the need for cyber security education for all lawyers, how cyber risk should be foundational to legal training and education, and how that could be implemented. 
 
As a lawyer working in the field for decades, Ben explores with us why knowledge of cyber risk is important for lawyers not only to protect client data, but also for advising clients? Who gets access to your firm’s information systems? What are the laws and implications around those systems? Should CLE credits on cyber topics be required?  
 
Ben also offers his tips on managing the possibility of cyber whistleblowers within an enterprise and having a process in place to effectively manage internal reporting of concerns. Do limited resources and shortage of talent contribute to whistleblowing? What affect does the social and digital media landscape have on the motivations of whistleblowers?  Learn all this and more in today’s episode. 
 
Links from this show: 
Bloomberg Law "Analysis: Mandatory Cybersecurity CLE Credits – At a Bar Near You” https://news.bloomberglaw.com/bloomberg-law-analysis/analysis-mandatory-cybersecurity-cle-credits-at-a-bar-near-you   
Wall Street Journal “Cybersecurity Whistleblowers are Growing Corporate Challenge” https://www.wsj.com/articles/cybersecurity-whistleblowers-are-growing-corporate-challenge-1526403513?tesla=y   
Note: “The statements of the guest speakers and hosts in this podcast should not be construed as legal advice.  They represent their views only and not those of Epiq or their respective employers.” 
BIOGRAPHY 
Attorney Benjamin Wright helps others navigate the law of technology.  He teaches the class Law of Data Security and Investigations for SANS Institute, the premier authority for training information security professionals and digital forensics experts. That 5-day boot camp is unique in the world. It trains professionals on how to manage cyber law risk across the globe. 
Wright advises clients -- in the US and throughout the world -- on privacy, e-discovery, data breaches, online contracting, technology contracts, active defense, forensic investigations, and cyber security policies. 
Ben helps tech professional firms write engagement contracts, and otherwise manage their legal liability and right to be paid. Such firms include QSAs, auditors, penetration testers, and forensic investigators. 
Ben is spotlighted in the book "The Devil Inside the Beltway" for his uncommonly insightful advice to LabMD in its now famous information security law dispute. 
Wright is the author of the book "The Law of Electronic Commerce" (Wolters Kluwer). 
Find us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com. 

Security expert, Roselle Safran, joins hosts Jerich Beason& Whitney McCollum have come together after realizing more people know more about “The Queen’s Crown Jewels” than those that are vital to their company.  How do you determine which are those precious systems that are the bare minimum & mission-critical to operate, generate revenue, or contain the In some industries these could mean life or death.  Where do you invest most to protect the organization? The analogy is pondered – No one breaks into a bank to steal the posters.  
These experts take a deep dive into what the legal team and board must know about the crown jewels of an organization.  Roselle explains how taking the manual processes, biases, and opinions out of the equation with technology that assesses what your crown jewels are is becoming important to large organizations that have many assets, revenue streams, and layered dependencies.  Once you know what your crown jewels are you can properly assess the risk, manage that risk, protect the crown jewels, and know where you must be most resilient.  
What input should legal have on risk?  Who in the organization ultimately owns the risk? The CEO? The board? Who determines the risk appetite? Who communicates it down through the organization? Where does the CISO fall into ownership versus managing risk?  Learn about risk appetite, the tolerance of risk by leadership, and aligning acceptance of risks with business goals.  
The conversation closes with a great thought, “Just like an investigator tracking down the bad guys, start where the money is and you will find the crown jewels.”
Note: “The statements of the guest speakers and hosts in this podcast should not be construed as legal advice.  They represent their views only and not those of Epiq or their respective employers.”
 
BIOGRAPHY
Roselle Safran is the CEO and Founder of KeyCaliber, a technology startup that enables cybersecurity, risk, and infrastructure teams to identify their critical cyber assets automatically and continuously to effectively manage cyber risk and ensure cyber resilience. The first cybersecurity startup that she founded, Uplevel Security, was acquired by McAfee. 

 Before becoming an entrepreneur, Roselle spent a decade as a cybersecurity practitioner and leader. She led cybersecurity operations at the Executive Office of the President during the Obama Administration, directing tactical measures and strategic initiatives for protecting and defending the White House’s network. Prior she managed analysis teams at the Department of Homeland Security’s US-CERT. Roselle earned her Bachelor of Science in Engineering degree from Princeton University.
 
Find us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com.

Privacy & Compliance expert from Microsoft, Ingrid Rodriguez, joins hosts Jerich Beason& Whitney McCollum to discuss taking risk out of silos. They talk about how the entire organization needs to have understanding of the enterprise risks.  Specifically, how does security & compliance fit into the enterprise risk framework?  What are the situational perspectives of the C-Suite and how can those perspectives drive compliance goals?  How can the CISO and legal work together and with the enterprise for compliance? They will also talk about risk appetite, the tolerance of risk by leadership, and aligning acceptance of risks with business goals.  How much and how often should you communicate risks and mitigation strategy?  
Note: “The statements of the guest speakers and hosts in this podcast should not be construed as legal advice.  They represent their views only and not those of Epiq or their respective employers.”
BIOGRAPHY
Ingrid is an Advanced Compliance Global Black Belt with Microsoft Security Solutions Area supporting the South, Southeast of the US, and LATAM regions. In her role, Ingrid shares her enterprising multinational information and security risk management executive experience, to help customers strategize within their Risk and Compliance obligations leveraging our solutions in Compliance, Information Protection, Privacy Management, and Insider Threat management capabilities. 
During her 18 years tenure in IT Risk & Compliance Leadership, Ingrid designed for an innovative Global Technology Risk Management Framework, as well as a vision for tactical implementation of technology and security controls by combining a variety of data security standards such as: NIST, ISO, PCI, HIPAA, FFIEC, GDPR, to mention a few. Ingrid designed and built the first Global Technology Risk Management programs in most of her previous employers. She lead, supported and guided over 45 countries to meet US and country-level compliance and privacy needs and well as Global Standards.  
Ingrid is from Puerto Rico, based in Dallas, TX but soon relocating to beautiful Pensacola, FL. She is a frequent speaker on Risk Management and Compliance topics, in both languages English and Spanish, in many global, national and regional events including ISACA, Microsoft Executive Briefing Center, Fintech, Partners and many other associations and affiliations within the Privacy, Risk and Compliance industry in the US and LATAM.  
Ingrid received a Bachelor’s Degree in Computer Engineering from the University of Puerto Rico, and also holds a Master’s Degree in Sciences, Computer Sciences from the University of Phoenix. She holds various industry certifications, including CRISC, CDPSE, ITIL among others. 
LinkedIn: https://www.linkedin.com/in/inrodz/ 
Find us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com.

Professor, Attorney and Expert in Cybersecurity Policy & Governance, Kevin Powers joins Jerich Beason & Whitney McCollum to discuss where the law stands on “Hacking Back”. Everyone at some point wants to be Batman. During this Cyberside Chat they will answer questions such as: Is it ok to do whatever it takes to protect data or is it like breaking back into a thief’s house to steal your items back? What could go wrong? How does the Computer Fraud & Abuse Act apply? What are the civil and criminal ramifications to the company executives and board of directors? How do you advise as internal counsel or outside counsel on corporate vigilantism? Where should law and regulation go in regard to the ever-changing landscape of cyber threats? Kevin Powers also speaks about the need for legal professionals to learn cybersecurity law, the programs available, and how you can add CLE’s on the subject.
Articles & Links for Reference:
https://www.justice.gov/jm/jm-9-48000-computer-fraud

https://blog.malwarebytes.com/ransomware/2022/03/nvidia-the-ransomware-breach-with-some-plot-twists/

https://www.wired.com/story/north-korea-hacker-internet-outage/
Note: “The statements of the guest speakers and hosts in this podcast should not be construed as legal advice.  They represent their views only and not those of Epiq or their respective employers.”
BIOGRAPHY
Professor Kevin R. Powers, J.D., Founder and Director, Master of Science in Cybersecurity Policy and Governance Programs, Boston College 
Kevin is the founder and director of the Master of Science in Cybersecurity Policy and Governance Programs at Boston College, and an Assistant Professor of the Practice at Boston College Law School and in Boston College’s Carroll School of Management’s Business Law and Society Department. Along with his teaching at Boston College, Kevin is a Cybersecurity Research Affiliate at the MIT Sloan School of Management, and he has taught courses at the U.S. Naval Academy, where he was also the Deputy General Counsel to the Superintendent. 
 
With over 20 years of combined cybersecurity, data privacy, business, law enforcement, military, national security, higher education, and teaching experience, he has worked as an analyst and an attorney for the U.S. Department of Justice, U.S. Navy, U.S. Department of Defense, law firms in Boston and Washington, D.C., and as the general counsel for an international software company based in Seattle, Washington. Kevin also is an expert witness and consultant with the Analysis Group and serves as a Director for the Board of Reading Cooperative Bank, a Trustee for the Board of Boston College High School, an Advisory Board Member for HYCU, Inc. (Backed by Bain Capital Ventures) and CyberSaint Security, and as a Member of the Boston College Law School Business Advisory Council. From 2016-2017, he was the Panel Lead for the Collegiate Working Group for the U.S. Department of Homeland Security's National Initiative for Cybersecurity Education (NICE). Kevin, a Navy Veteran, regularly provides expert commentary regarding cybersecurity and national security concerns for varying local, national, and international media outlets.
Find us on LinkedIn or email us at cyberside@epiqglobal.com.

Jerich Beason & Whitney McCollum speak on this Cyberside Chat to discuss the recent Merck & Co. cyber insurance win and how this impacts future wars fought with cyber weapons such as the conflict in Ukraine.  This case sets a precedent for how legal teams and cyber insurers will draft contracts in the future.  What defines war? Could a separatist group or terrorist attack be considered an act of war, or does it require a nation state? Should you worry about your third parties’ diligence on their contracts? If your third party is attacked and you are collateral damage, how are you protected?  They discuss how insurance companies are providing less coverage but charging higher premiums all while expecting organizations to prove the maturity of their cybersecurity programs. 
Articles & Links for reference
https://news.bloomberglaw.com/privacy-and-data-security/mercks-1-4-billion-insurance-win-splits-cyber-from-act-of-war
https://www.bloomberglaw.com/public/desktop/document/MerckCoIncvsAceAmericanInsuranCeDocketNoL00268218NJSuperCtLawDivA?1646370280
https://supreme.justia.com/cases/federal/us/263/487/
 
Jerich Beason  https://www.linkedin.com/in/jerich-beason
Whitney McCollum  https://www.linkedin.com/in/whitneymccollum