CyberSide Chats

Season 2, Episode 3: Everyone wants to be Batman. Hacking Back & Cybersecurity Law

April 29, 2022
 

Professor, Attorney and Expert in Cybersecurity Policy & Governance, Kevin Powers joins Jerich Beason & Whitney McCollum to discuss where the law stands on “Hacking Back”. Everyone at some point wants to be Batman. During this Cyberside Chat they will answer questions such as: Is it ok to do whatever it takes to protect data or is it like breaking back into a thief’s house to steal your items back? What could go wrong? How does the Computer Fraud & Abuse Act apply? What are the civil and criminal ramifications to the company executives and board of directors? How do you advise as internal counsel or outside counsel on corporate vigilantism? Where should law and regulation go in regard to the ever-changing landscape of cyber threats? Kevin Powers also speaks about the need for legal professionals to learn cybersecurity law, the programs available, and how you can add CLE’s on the subject.

Articles & Links for Reference

https://www.justice.gov/jm/jm-9-48000-computer-fraud

https://blog.malwarebytes.com/ransomware/2022/03/nvidia-the-ransomware-breach-with-some-plot-twists/

https://www.wired.com/story/north-korea-hacker-internet-outage/

Note: “The statements of the guest speakers and hosts in this podcast should not be construed as legal advice.  They represent their views only and not those of Epiq or their respective employers.”

BIOGRAPHY

Professor Kevin R. Powers, J.D., Founder and Director, Master of Science in Cybersecurity Policy and Governance Programs, Boston College 
Kevin is the founder and director of the Master of Science in Cybersecurity Policy and Governance Programs at Boston College, and an Assistant Professor of the Practice at Boston College Law School and in Boston College’s Carroll School of Management’s Business Law and Society Department. Along with his teaching at Boston College, Kevin is a Cybersecurity Research Affiliate at the MIT Sloan School of Management, and he has taught courses at the U.S. Naval Academy, where he was also the Deputy General Counsel to the Superintendent. 
 
With over 20 years of combined cybersecurity, data privacy, business, law enforcement, military, national security, higher education, and teaching experience, he has worked as an analyst and an attorney for the U.S. Department of Justice, U.S. Navy, U.S. Department of Defense, law firms in Boston and Washington, D.C., and as the general counsel for an international software company based in Seattle, Washington. Kevin also is an expert witness and consultant with the Analysis Group and serves as a Director for the Board of Reading Cooperative Bank, a Trustee for the Board of Boston College High School, an Advisory Board Member for HYCU, Inc. (Backed by Bain Capital Ventures) and CyberSaint Security, and as a Member of the Boston College Law School Business Advisory Council. From 2016-2017, he was the Panel Lead for the Collegiate Working Group for the U.S. Department of Homeland Security's National Initiative for Cybersecurity Education (NICE). Kevin, a Navy Veteran, regularly provides expert commentary regarding cybersecurity and national security concerns for varying local, national, and international media outlets.

Find us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com.

 

Season 2, Episode 2: There is a war in Europe. What does that mean for your cyber insurance policy?

March 7, 2022
 

Jerich Beason & Whitney McCollum speak on this Cyberside Chat to discuss the recent Merck & Co. cyber insurance win and how this impacts future wars fought with cyber weapons such as the conflict in Ukraine. This case sets a precedent for how legal teams and cyber insurers will draft contracts in the future. What defines war? Could a separatist group or terrorist attack be considered an act of war, or does it require a nation state? Should you worry about your third parties’ diligence on their contracts? If your third party is attacked and you are collateral damage, how are you protected? They discuss how insurance companies are providing less coverage but charging higher premiums all while expecting organizations to prove the maturity of their cybersecurity programs.

Articles & Links for reference

https://news.bloomberglaw.com/privacy-and-data-security/mercks-1-4-billion-insurance-win-splits-cyber-from-act-of-war

https://www.bloomberglaw.com/public/desktop/document/MerckCoIncvsAceAmericanInsuranCeDocketNoL00268218NJSuperCtLawDivA?1646370280

https://supreme.justia.com/cases/federal/us/263/487/

Jerich Beason https://www.linkedin.com/in/jerich-beason

Whitney McCollum https://www.linkedin.com/in/whitneymccollum

Note: “The statements of the guest speakers and hosts in this podcast should not be construed as legal advice and they represent their views only and not those of their respective companies.”

Find us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com.

 

Season 2, Episode 1: Zero Trust and Cyber Negligence: A conversation with Dr. Zero Trust Chase Cunningham

February 2, 2022
 

Dr Zero Trust – Chase Cunningham creator of the Zero Trust eXtended Framework joins Jerich Beason & Whitney McCollum for today’s Cyberside Chat to discuss the principles and types of technologies that support a zero trust architecture and whether you are negligent if you are not adopting a Zero Trust methodology. While companies are concentrating on delivering the best service to their customers, they also need to begin ingraining what would be considered reasonable security measures into their processes. They discuss how Zero Trust means you implicitly trust no one, verify often , and make sure when the bad guys get in, they are segmented so they won’t be successful in causing widespread damage. To conclude the show, they share both a CISOs and a lawyer's perspective on negligence in cyber and whether it can be proven in court.

Articles & Links for reference

https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf

https://www.cisco.com/c/dam/m/en_sg/solutions/security/pdfs/forrester-ztx.pdf<

https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/

BIOGRAPHY

Chase Cunningham is the creator of the Zero Trust eXtended framework and a cybersecurity expert with decades of operational experience in NSA, US Navy, FBI Cyber, and other government mission groups, Chase is responsible for ZTEdge’s overall strategy and technology alignment. Chase was previously VP and Principal Analyst at Forrester Research; Director of Threat Intelligence for Armor; Director of Cyber Analytics for Decisive Analytics; and Chief Cryptologic Technician, US Navy. He’s author of the Cynja series and Cyber Warfare: Truth, Tactics, and Strategies.

Dr Zero Trust Podcast - https://podcasts.apple.com/us/podcast/drzerotrust/id1570251081

Chase Cunningham https://www.linkedin.com/in/dr-chase-cunningham-54b26243/

Jerich Beason https://www.linkedin.com/in/jerich-beason

Whitney McCollum https://www.linkedin.com/in/whitneymccollum

#ZeroTrust #Epiq #Cybersecurity #Negligence #CyberSideChats #legal

Note: “The statements of the guest speakers and hosts in this podcast should not be construed as legal advice and they represent their views only and not those of their respective companies.”

Find us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com.

 

Episode 12: New Year resolution: No more M&A until we understand the cyber risk first (with Stefanie Drysdale)

January 3, 2022
 

On this episode of CyberSide Chats, Epiq’s CISO Jerich Beason, and this week’s co-host Whitney McCollum are joined by Stefanie Drysdale to discuss M&A. They discuss the process of evaluating a target company’s cybersecurity risk and the implications of managing that risk after the deal is closed. They also opine the importance of taking into account other factors when evaluating a target organization such as security culture, reputation, regulations, existing contracts, privacy statements, and prior incidents. The three of them close the show discussing ways that security can collaborate with other parts of an organization.

Stefanie Drysdale’s Biography

As a Vice President of Prescient in the firm’s Cyber Practice, Stefanie works closely with practitioners to provide support for organizations and high-profile clients ranging from Fortune 100 corporations to boutique consulting firms. She has been instrumental in building Prescient’s Cyber offerings since joining the firm in 2016, particularly its Executive Digital Protection (EDP) program. Stefanie has also been an active proponent of cybersecurity awareness, having hosted and participated in many panel discussions, webinars, and presentations about online safety and good digital hygiene, as well as the role of women in privacy and cybersecurity fields. She hosts a weekly industry news roundup on her LinkedIn feed and YouTube channel, which covers current trends and news pieces, as well as regular interviews with others leaders in the fields of corporate security, risk management, and information technology.

Note: “The statements of the guest speakers and hosts in this podcast should not be construed as legal advice and they represent their views only and not those of their respective companies.”

The articles that framed this episode's conversation can be found here:

Jerich Beason | LinkedIn

Whitney McCollum | LinkedIn

Stefanie Drysdale | LinkedIn

Find us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com.

 

Episode 11: Preserving Legal Privilege After a Cybersecurity Incident

November 29, 2021
 

Jerich is joined by Melissa Parisi of Herbalife Nutrition and Caroline Morgan of Culhane Meadows to discuss the topic of retaining privilege after engaging a cyber attorney during or after a cyber incident. An organization may lose legal privilege after a cyber incident if they don’t take some of the steps that Caroline & Melissa discuss in this episode. In the event of post-incident litigation, the do’s and don’ts covered can make or break a defense strategy.

Bio's

Melissa Parisi is the Senior Director of Worldwide Privacy at Herbalife Nutrition, a global leader in meal replacement protein shakes, dietary supplements and skin care products. She leads the Company’s global privacy program, which spans over 90 markets. Prior to joining Herbalife, Melissa was at the law firm of Sidley Austin LLP, where her practice focused on government enforcement matters, internal investigations, and commercial litigation and disputes. Melissa has represented companies in the health, wellness and fitness industry, as well as a wide range of other industries, including apparel, pharmaceutical, medical device, energy, oil and gas, banking, and insurance. Melissa earned her J.D. from Northwestern University School of Law and B.A. cum laude from the University of California, San Diego.

Caroline Morgan is a partner in the litigation and privacy groups at the New York office of Culhane Meadows, the largest national women owned law firm in the country. Caroline counsels companies on navigating state, federal and international data privacy and breach notification laws. Caroline also assists clients with data security incident plans, privacy policies and achieving cybersecurity best practices to minimize losses. She is a frequent speaker and writer on a wide variety of emerging data privacy and cybersecurity legal developments, in addition to the regulatory and litigation landscape in the digital assets or blockchain/distributed ledger technology space.

The statements of the guest speakers in this podcast should not be construed as legal advice and they represent their views only and not those of their respective companies.

Article -

Dark Reading: 8 Ways to Preserve Legal Privilege After a Cybersecurity Incident
https://www.darkreading.com/author/caroline-morgan-melissa-parisi

Find us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com.

 

Episode 10: Recap of the White House Cyber Summit with Amanda Fennell

November 2, 2021
 

During this special edition of CISO vs CISO, Jerich and Amanda Fennell, Relativity CSO & CIO, discuss the White House Cyber Summit that took place in August. During this candid discussion, they provide their perspectives on the outcomes of the summit and the impact businesses can expect. They also took a look at what promises from industry giants such as Amazon, Microsoft, and IBM mean for the future of the cybersecurity industry.

Bio

Amanda joined the Relativity team in 2018 as CSO and her responsibilities expanded to include the role of CIO in 2021. In her role, Amanda is responsible for championing and directing security strategy in risk management and compliance practices as well as building and supporting Relativity’s information technology. She also hosts Relativity’s Security Sandbox podcast, which looks to explore and explain the unique links between non-security topics and the security realm. Relativity is passionate about its culture of security to ensure its data (and its customers’ and partners’ data) is secure.

Prior to joining Relativity, Amanda served as the global head of cyber response and digital forensics at Zurich Insurance Company. She also held several management and consulting positions at Symantec, Dell SecureWorks, Booz Allen Hamilton, and Guidance Software. Amanda received her Master’s in Forensic Science in the field of Digital Forensics: High-Technology Crime Investigation at the George Washington University.

FACT SHEET: Biden Administration and Private Sector Leaders Announce Ambitious Initiatives to Bolster the Nation’s Cybersecurity

Find us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com.

 

Episode 9: Yes, you needed a cyber attorney a long time ago (with Erik Weinick)

October 19, 2021
 

Jerich Beason is joined by Erik Weinick. Erick's experience includes privacy, cybersecurity, bankruptcy, commercial torts, defamation/slander, regulatory to name a few. He is also the co-founder of Otterburg’s Privacy & Cybersecurity Practice and has contributed multiple pieces of thought leadership on cyber security.

Jerich and Erik discuss why an organization should consider retaining a cyber attorney, when they should consider taking that step and how an introductory conversation would go if an organization called to use his services.

Find us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com.

 

Episode 8: Why brokers, not breaches, are America's greatest privacy threat (with Rob Shavell)

September 27, 2021
 

Jerich is joined by Rob Shavell.  Rob is CEO of Abine / DeleteMe, The Online Privacy Company. Rob has been quoted as a privacy expert in the Wall Street Journal, New York Times, The Telegraph, NPR, ABC, NBC, and Fox. Rob is a vocal proponent of privacy legislation reform, including the California Privacy Rights Act (CPRA).

In this episode, Robert Shavell and Jerich Beason opine on the threats posed by data scraping and data brokers.  They discuss ways companies and individuals can protect themselves and their PII.

The article mentioned in today's episode can be found here:

Find us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com.

 

Episode 7: Top three things that will mitigate the most common types of cloud breaches (with John Grange)

August 17, 2021
 

Jerich Beason is joined by John Grange, who the co-founder and chief technology officer at OpsCompass which is a SaaS product that provides continuous, cloud-native governance and security in Azure, AWS, GCP, and Microsoft 365.

Jerich and John discuss the nuances of the public cloud, risks and rewards with using it, and best practices for securing it.

The article mentioned in today's episode can be found here:

Find us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com.

 

Episode 6: Software Escrow: An enterprise resiliency tool every legal department should have in their toolbox (with Don Dennis Jr.)

July 14, 2021
 

Jerich Beason is joined by Don Dennis, who is an attorney focusing on copyright and trademark infringement, Internet law, defamation, trade secret misappropriation, data security breach, and privacy law.

Jerich and Don discuss what escrow software is, why it matters to the legal industry, and how it can be used to protect important data.

The article mentioned in today's episode can be found here:

  • Source Code Escrow Agreements Are Reaching For The Cloud from Lowenstein Sandler LLP via JDSupra

Find us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com.

 

Episode 5: Why legal needs a seat at the next cyber security table top (with Meg Hargrove)

June 17, 2021
 

Jerich Beason is joined by Meg Hargrove, who is now at IBM as part of their X-Force Cybersecurity Incident Response Team.

Jerich and Meg discuss how to manage an incident response team, who should be part of a company's security tabletops (hint: legal!), and advice for legal teams interested in being a better advocate for cybersecurity in the incident response process.

The article mentioned in today's episode can be found here:

Find us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com.

 

Episode 4: Ransomware and Cyber Insurance: The good, the bad, and why your insurance data is a target for hackers

May 26, 2021
 

Jerich Beason is joined by Jacob Ingerslev. who is head of cyber risk at The Hartford.

Together, they discuss why cyber insurance is so important, how the uptick in ransomware is escalating this need, and everything in between.

The article mentioned in today's episode can be found here:

Find us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com.

 

Episode 3: Executive Orders and SOC2s: What's a cyber professional to do?

May 19, 2021
 

Jerich Beason is joined by AJ Yawn, who is the co-founder and CEO of Bytechek, to explore the value of SOC2 certifications and review the merits of President Biden's latest executive order on cybersecurity. 

The article, authored by AJ, that is discussed in this episode can be found here:

Find us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com.

 

Episode 2: Would you bury your driver's license? (with Whitney McCollum)

APRIL 13, 2021
 

Jerich Beason is joined by Whitney McCollum who is vice president, assistant general counsel, and chief IP and data protection counsel at AECOM. Together, they discuss the importance of data access, how COVID19 has changed data concerns for organizations, the implications of information governance (hint: it's not just compliance), how cyberattacks can influence a vendor partnership, and advice on joining the cybersecurity industry.

The article mentioned in today's episode can be found here:

Find us on LinkedInTwitterFacebook, and Instagram or email us at cyberside@epiqglobal.com.

 

Episode 1: Artificial Intelligence, Bikinis, and the Future of Privacy Regulations (with Michael Mangold)

MARCH 8, 2021
 

Jerich Beason is joined by Michael Mangold, head of privacy and compliance for YouTube, to discuss the ethics involved with artificial intelligence and predictions for what the Biden Administration could spell for privacy regulations.

The two articles that framed this episode's conversation can be found here:

Find us on LinkedInTwitterFacebook, and Instagram or email us at cyberside@epiqglobal.com.

 

By continuing to browse and accepting this banner, you consent to the storing of first and third-party cookies on your device to enhance site navigation, analyze site usage, and assist in Epiq’s marketing efforts. Read more on our cookie notice.  

© 2022 Epiq. All rights reserved.