Introduction by Tag Cyber
Nowhere is Supply Chain Risk more pronounced than the Federal Government. DHS CISA provides extensive guidance on everything from software, hardware, policies, and procedures to people on staff and third-party providers. In this video, hear Ed Amoroso, of TAG Cyber and Allan Friedman of CISA, as they dig into the Software Bill of Materials and the importance of tracking and understanding its components as part of Supply Chain Risk.
Up Next:
- 25:41 Introduction by Tag Cyber
Ed Amoroso
Dr. Ed Amoroso is currently Chief Executive Officer of TAG Cyber LLC, a global research and advisory company that supports enterprise cyber security teams and commercial security vendors around the world. Ed recently retired from AT&T after thirty-one years of service, beginning in Unix security R&D at Bell Labs and culminating as Senior Vice President and Chief Security Officer of AT&T from 2004 to 2016.
Allen Friedman
Wearing the hats of both a technologist and a policymaker, Allan has over 15 years of experience in international cybersecurity and technology policy. His experience and research focus on economic and market analyses of information security. On the practical side, he has designed, convened, and facilitated national and international multistakeholder processes that have produced real results, helping diverse organizations find common ground on contentious, cutting-edge issues.
IR Partner Technology Discussion of Recent Supply Chain Incidents
What made the SolarWinds and Kaseya attacks unique and how did clients react? What can you do to prevent future exposure from similar attacks? In this video, practitioners in the field will talk about the challenges that incident responders face, what approach they should take to learn more about attack origins, and how to keep your organization protected from similar threats.
Up Next:
- 36:33 IR Partner Technology Discussion of Recent Supply Chain Incidents
Nicole Sette
Nicole Sette is a Senior Vice President in the Cyber Risk practice of Kroll, a division of Duff & Phelps, based in the Secaucus office. Nicole served as a Cyber Intelligence Analyst with the Federal Bureau of Investigation for nearly 10 years and was an Intelligence Specialist with the U.S. Army Communications-Electronics Command for four years.
- https://www.kroll.com/en/insights/publications/cyber/boardroom-cyber-risk-2021-threat-landscape
- https://www.kroll.com/en/insights/publications/cyber/data-breach-outlook-2021
- https://www.kroll.com/en/services/supply-chain-risk-management-services
- https://www.kroll.com/en/insights/publications/cyber/state-of-incident-response
Sriram Tarikere
Sriram Tarikere has over 15 years of experience in executing cybersecurity and privacy risk assessments, ranging from very detailed ISO 27001/NIST, HIPAA, PCIDSS and Risk Quantification assessments, to technical cloud and blockchain secure design and architecture reviews, application and network security assessments, red teaming, threat hunting and social engineering exercises. He has led and coordinated incident response and forensic investigation efforts for some of the largest and high-profile breaches in the recent past.
Additional Reading:
Leean Nicolo
Leeann Nicolo specializes in digital forensics and cyber investigations. She has conducted investigations into ransomware, phishing, hacking, data breaches, trade secret theft, and employee malfeasance. She has expertise in Windows enterprise forensics, mobile device forensics, business email compromise, cloud security, and ransomware and is a SANS Lethal Forensicator Coin Holder and on the GIAC Advisory Board.
Chris Kimpland
Christopher Kimpland is a Senior Security Analyst at Arete, focused on helping organizations proactively defend themselves against the threat landscape. With over 19 years of experience, Christopher has helped countless organizations address their cybersecurity challenges, and is specialized in incident response, threat hunting, and penetration testing. Christopher has served organizations in both the government and public sectors as a vCISO and consultant.
Data Security Law Firms - Managing & Preventing Complex Incidents
What are the characteristics of Supply Chain attacks and how should you prepare for them? Our panel of attorneys dig into how the Government is addressing supply chain risk, what type of notice is anticipated in international events, and who will be assigned liability, and share best practices to reduce client exposure for pre- and post-incident.
Up Next:
- 45:40 Data Security Law Firms - Managing & Preventing Complex Incidents
Heather Egan Sussman
Heather Egan Sussman is head of Orrick’s global Cyber, Privacy & Data Innovation Group and is ranked by Chambers USA, Chambers Global and The Legal 500 United States as a leader in her field. Heather devotes a significant part of her practice to helping clients reduce the risk of privacy and security incidents. In the event of a privacy or security breach, she helps companies respond, successfully guiding them through investigation, remediation, notification and any ensuing government inquiries.
Amy Mushahwar
Amy Mushahwar is a partner on the Privacy, Cyber & Data Strategy team. Amy has over 20 years of experience in the technology space and focuses her practice on data security, cyber risk, privacy, and emerging technologies. She advises clients on proactive data security practices, data breach incident response, and regulatory compliance and has interacted with federal and state agencies and forensic service providers, overseen investigations, and designed post-incident response notification and remediation plans.
Keily Blair
Keily Blair heads up the Cyber, Privacy, & Data Innovation Group in London. Keily directs cybersecurity incidents and investigations across multiple jurisdictions and incident types from simple business email compromises, to enterprise-wide network intrusions and cyberattacks with national security implications. Keily has worked with national and international law enforcement and is called upon to act as external legal counsel to security and forensics firms when engaging with regulators
Evan Wolff
A unique Washington lawyer, Evan D. Wolff possesses the hands-on experience in the technologies and policies that govern the cybersecurity space and is an authority on cybersecurity and privacy regulations. As Crowell & Moring’s Privacy & Cybersecurity Practice Co-chair, Evan advises companies on network security, investigation coordination after intrusions, data breaches, and insurance issues.
Avi Gesser
Avi Gesser is partner in the Data Strategy & Security practice at Debevoise & Plimpton. He advises companies on privacy and cybersecurity matters, including incident response, artificial intelligence and data minimization. He has represented international financial services firms, private equity firms, hedge funds, and media organizations through large-scale data breaches, including coordinating with law enforcement, responding to regulatory investigations, advising boards and executives on liability issues, and defending against civil lawsuits.
Cyber Insurance and Risk Transfer - A Market in Transition
What systemic risks concern the insurers and reinsurers the most? Can they be insured? Are the insurers seeing the benefit of those insured who are using MFA, secure backups, and recovery plans? Are the models changing? What pricing should buyers expect to see in the next 12 months in response to cyber risks? Our Insurance panel will address all these questions and more in this video.
Up Next:
- 46:23 Cyber Insurance and Risk Transfer - A Market in Transition
Libby Benet
Libby currently serves as the Global Chief Underwriting Officer at Financial Lines, overseeing the global product strategy for direct and indirect cyber, employment practice liability and professional lines from an aggregated global product view. Her team is responsible for implementing strong underwriting standards globally and driving product innovation within Financial Lines. Libby is an accomplished author and speaker, regularly participating in industry events and composing articles about ever-evolving insurance industry.
David Lewison
David Lewison leads the Professional Practice for AmWINS Brokerage Group. This practice includes all types of Professional Liability, Management Liability, Cyberliability, Transactional Risk, Crime, Health Care and more. Our Professional Lines Practice places well over $1 billion of premium in the US. Dave develops proprietary products, manages market relationships, assists with claim disputes, authors client advisories, creates risk analysis tools and other value-added resources.
Additional Reading:
- https://www.amwins.com/resources-insights/article/top-3-trends-affecting-cyber-risk-and-insurance-in-the-energy-sector
- https://www.amwins.com/resources-insights/article/top-10-cyber-risks-facing-the-transportation-and-logistics-industry_9-18
Chris Keegan
Christopher Keegan is Senior Managing Director and Cyber and Technology Practice Leader at Brown & Brown in the Executive Liability Practice. Chris places network, privacy, technology and media E&O insurance for a wide variety of companies including financial institutions, authentication providers, manufacturers, healthcare, retail and telecommunications companies. Christopher has also executed Cyber Information Risk Assessment projects and worked with regulators on evaluation of E-Business risks.
Erica Davis
Erica Davis is Managing Director and Global Co-Head of Cyber at Guy Carpenter. Erica joined the Guy Carpenter team through the 2019 Marsh and McLennan acquisition of JLT Group, where she led the Cyber and E&O practice for JLT Re in North America. Erica serves clients by utilizing years of cyber, professional, and multi-line underwriting expertise to design new products for emerging affirmative and non-affirmative cyber risks. Erica joined JLT Re from Zurich, where she was senior vice president and Head of Specialty Errors & Omissions for Zurich North America.
