DRI Faculty List

Cybersecurity and Data Privacy Seminar

Westin Michigan Avenue Chicago | Chicago, IL | September 7 - 8, 2017

William Boeck
Senior Vice President, Insurance and Claims Counsel
Lockton Companies

William Boeck is Senior Vice President, Insurance and Claims Counsel, at Lockton Companies' Financial Services and Global Cyber Technology Practice in Kansas City, Missouri. He leads a team of 16 lawyer/claim advocates in the United States, and works with clients throughout the world. In addition, he leads the company's efforts to develop proprietary cyber policy forms and endorsements. He also works with Lockton's client service teams to help clients understand and manage cyber and management liability risks. Lockton is the world's largest privately held, independent insurance broker. William's career has focused on resolving insurance claims under cyber, directors and officers (D&O), errors and omissions (E&O), crime, fiduciary liability, and employment practices liability policies

Michael R. Booden
YMCA of Metro Chicago

Michael R. Booden is the Senior Legal Counsel of the YMCA of Metropolitan Chicago where he is accountable for providing advice and counsel to all levels of management with regard to labor & employment matters, managing litigation, intellectual property matters, risk management, compliance and negotiating complex commercial transactions. Mr. Booden previously served as Assistant General Counsel to Blue Cross Blue Shield of Illinois where was responsible for negotiating, reviewing and drafting complex information technology agreements, providing advice and counsel with regard to conducting investigations, litigating labor and employment matters, and was responsible for managing a multi-million dollar portfolio of defense litigation matters. Mr. Booden has served as either first or second chair in over thirty trials in state and federal courts and before administrative judges. He has also authored several appellate briefs and represented clients before state and federal appellate tribunals. Upon graduating from The John Marshall Law School, Mr. Booden served as Judicial Law Clerk to John J. Stamos, who formerly served on the Illinois Appellate Court and Illinois Supreme Court.

Michelle Kaiser Bray, CIPP/US
Vice President, Intellectual Property and Technology Counsel
KAR Auction Services Inc

Michelle Kaiser Bray, CIPP/US serves as Vice President, Intellectual Property and Technology Counsel for KAR Auction Services, Inc. and divisional General Counsel to its Digital Services group of companies. KAR, a Fortune 1000 public company based in Carmel, Indiana, provides vehicle remarketing and related technology services around the globe, employing approximately 17,000 employees in 300 locations. Ms. Bray assists KAR with legal matters relating to global technology transactions including intellectual property licensing, data security, vendor management and compliance. Ms. Bray is also a Certified Information Privacy Professional (CIPP/US) and works regularly across industries and technologies. Prior to joining KAR, Ms. Bray spent 14 years in private practice and 5 years as Senior Intellectual Property Counsel for Playboy Enterprises, Inc. in its Chicago headquarters. Ms. Bray has a Masters of Law in Transnational Business Practice from McGeorge School of Law via University of the Pacific and University of Salzburg in Austria. She earned her Juris Doctor from The John Marshall Law School in Chicago and her Bachelor's degree in International Business Relations from Xavier University in Cincinnati.

Oliver P. Christ

Oliver P. Christ CEO Healthcare of PROSYSTEM with more than 25 years of experience in International Standardization on IEC/ISO Standards for Medical Devices, such as ISO 14971 (Risk Management), IEC 62366-1, IEC 80001-1 (IT-Networks) among amnay others including AAMI/UL 2800 on Interoperability and Medical Devices Regulations.

Karrieann Couture
Assistant Vice President Specialty Claim
CNA Insurance Company

Karrieann Couture is an attorney with CNA's AVP Specialty Claim Department. She works with technology, cyber, media and fidelity claims. She attended Drake University Law School and the University of Iowa.

Aaron D. Crews
Senior Associate General Counsel and Global Head of EDiscovery
Walmart Stores Inc

Aaron D. Crews is Senior Associate General Counsel and global head of eDiscovery at Walmart. In this role, Aaron is responsible for Walmart's eDiscovery process and strategy, as well as the legal portion of the company's information governance programs. In addition, Aaron collaborates with other groups within Walmart regarding data privacy, information security, technology, and related issues. Prior to joining Walmart, Aaron was an equity shareholder at Littler Mendelson, and one of the firm's eDiscovery Counsel.

Scott A. Ernst
Vice President
Wells Fargo Insurance Services USA Inc

Scott A. Ernst is Vice President and Team Member of the Insurance Brokerage and Consulting for Wells Fargo Insurance Services in New York. Scott has over 25 years of experience in the commercial insurance business and for the last 15 years has focused on the advancing risks of the technology service and product companies, as well as the evolving areas of network security and insurance and risk management business. Scott benefits from broad overall insurance experience with a specialization in technology-related exposures, including network security and privacy risks, technology errors and omissions, data and systems failure protection, technology-related business interruption risks, intellectual property risks, directors' and officers' liability, and merger and acquisition-related risks. Scott is a frequent speaker and has presented to the New York State Bar Association, the New Jersey State Bar Association, the American Bar Association, The Information Governance Initiative, and The Risk Management Society (RIMS). Scott received his BBA degree from The University of Michigan Steven M. Ross School of Business. Scott was born and raised in Milburn, New Jersey and currently lives in Rockville Centre, New York with his wife and three children.

Mark A. Fahleson
Rembolt Ludtke LLP

Mark A. Fahleson is a Partner at Remboldt Ludtke LLP in Lincoln, Nebraska. His practice centers on management-side employment and labor law, including the defense of discrimination and other workplace claims and counseling employers to prevent such claims. Since 2006 he has been listed as a leading employment lawyer in Nebraska in Chambers USA: America's Leading Lawyers for Business. Mark also acts as City Attorney for the City of Waverly and the City of Ashland in addition to appointments as Special Assistant Nebraska Attorney General. Mark is a member of DRI's Law Institute.

Security & Privacy Advisor
NotSoSecure Inc

Debra J. Farber, CISSP-ISSMP, CIPP/US/G, CIPT, CIPM, FIP is a data privacy and information security executive and entrepreneur with 15 years of strategy, operations, public policy, training, and compliance experience across industries and frameworks. She is Co-Founder of Women in Security and Privacy (WISP) and Founder and CEO of Orinoco Privacy - a SaaS-based platform company that connects privacy consultant expertise to small and medium-sized businesses. Debra also heads up U.S. Operations for NotSoSecure, Inc., a boutique security firm that specializes in pentesting and ethical hacking training classes ("Web Hacking," "AppSec for Developers," "IoT Hacking," etc.). Debra lives in San Francisco and serves as Advisor for several innovative tech companies, like BigID. In addition, she sits on the California Cyber Security Task Force, the Editorial Board for Cyber Security: A Peer-Reviewed Journal, and IAPP's CIPT Exam Development Advisory Board. Prior to her current positions, she held privacy and security leadership roles at Visa, TRUSTe, IBM, American Express, IANS, The Advisory Board Company, and Farber Strategies. Debra holds a BA in English from Binghamton University and a JD from Brooklyn Law School. When not geeking out about data protection, she enjoys learning about new technologies, binge-watching scifi, playing viola, and keeping up on social media.

Laura Clark Fey, CIPP/US, CIPP/E, CIPM, FIP
Fey| LLC

Laura Clark Fey, CIPP/US, CIPP/E, CIPM, FIP is Principal at Fey | LLC in Leawood, Kansas. She utilizes her deep expertise in data privacy & cybersecurity, regulatory compliance, eDiscovery & legal holds, and enterprise content management & defensible disposition to help U.S. and multinational organizations develop and implement practical, legally compliant solutions to their unique information governance challenges. Laura, a lawyer with 24 years of experience, has been accepted as member of the inaugural class of IAPP Fellows of Information Privacy (FIP). She is also a Certified Information Privacy Professional for the U.S. and Europe (CIPP/US; CIPP/E) and a Certified Information Privacy Manager (CIPM). She has been selected as a Missouri & Kansas Super Lawyer for ten straight years – 2007-2016 – and has been named to the Law & Politics list of "Top 50 Women." Laura also has been named a Top Attorney in Business Services by Super Lawyers Corporate Counsel Edition. She has been named a Fellow in the Trial Lawyer Honorary Society of the Litigation Counsel of America. Ingram's magazine recognized Laura's exceptional leadership abilities and accomplishments by naming her to Kansas City's "40 under Forty." She has been widely published in the area of cybersecurity and information governance and is a frequent presenter on these topics as well.

Jason N. Gull
US Department of Justice

Jason N. Gull is Senior Trial Attorney at the U.S. Department of Justice's Computer Crime & Intellectual Property Section in Washington, DC, where he has worked for 16 years. While there, Jason has prosecuted numerous cybercrimes, including in the area of copyright infringement. Jason is a frequent speaker at panels and conferences related to computer crime and intellectual property.

Elaine F. Harwell, CIPP/US
Of Counsel
Selman Breitman LLP

Elaine F. Harwell, CIPP/US is Of Counsel in Selman Breitman's San Diego Office and heads up the firm's Cyber Law Department. Elaine is a Certified Information Privacy Professional credential through the IAPP. She practices in the areas privacy law and information security and routinely draws on her vast litigation experience to assist clients in managing their privacy risks in the digital age. She also frequently handles cases in the areas of complex tort and business litigation.

Lewis Brisbois Bisgaard & Smith LLP

Sean B. Hoar, CISSP, GISP, CIPP/US, is a partner in the Portland office of Lewis Brisbois Bisgaard & Smith LLP and chair of their national Data Privacy & Cyber Security Practice. Sean has extensive experience managing responses to digital crises and effectively marshalling resources to contain and remediate information security incidents. He served as the lead cyber attorney for the U.S. Attorney's Office in Oregon where he was the point of contact for the FBI, Secret Service, and Homeland Security in system intrusions and other digital crime emergencies. He now manages responses to data breaches and counsels businesses on best practices in data privacy and cyber security. He serves as the Executive Director of the Financial Crimes & Digital Evidence Foundation, and he served as an adjunct professor at the University of Oregon School of Law and the Lewis & Clark Law School, where he taught cybercrime and privacy law.

Linda Wendell Hsu
Managing Partner
Selman Breitman LLP

Linda Wendell Hsu is the Managing Partner of Selman Breitman's San Francisco office. Her practice includes insurance coverage and insurance bad faith litigation. She handles all first- and third-party insurance coverage issues involving all types of insurance policies, including cyber coverage, personal and commercial auto, homeowners, CGL, and professional errors & omissions policies. She has authored countless coverage opinions, has mediated hundreds of cases, and successfully litigates both declaratory relief and bad faith actions.

James H. Kallianis, Jr.
Hinshaw & Culbertson LLP

James H. Kallianis, Jr., 2017 Committee Chair, is a Partner at Hinshaw & Culbertson LLP in Chicago. Among his areas of specialty is representing insurers in matters involving directors and officers, cyber, employment practices, general liability and professional liability policies. Chambers USA has described James as a "brilliant trial lawyer" that is recognized by his peers as someone who "fights hard but conducts himself professionally." James has also been recognized as a "Super Lawyer" by Illinois Super Lawyers magazine from 2009 to the present and has been recognized by his peers as a Leading Lawyer in the categories of Commercial Litigation, Insurance, Insurance Coverage and Reinsurance Law. He has tried cases in state and federal courts around the country and has argued appeals before state and federal appellate courts. James is a member of DRI's Insurance Law Committee as well as the organization's Data Management and Security Committee. He currently chairs DRI's Data Management and Privacy Sub-Committee.

Yangsu Ann Kim
Assistant Attorney General
Office of the Illinois Attorney General

Yangsu Ann Kim is an Assistant Attorney General with the Illinois Attorney General Lisa Madigan's Office. She practices in the Office's Consumer Fraud Bureau and focuses her practice on privacy and data security. She investigates and prosecutes violations of the Illinois Consumer Fraud and Deceptive Business Practices Act and the Illinois Personal Information Protection Act. Prior to joining the office, she was in private practice, litigating tort and insurance coverage matters.

Beverly Kracher, Ph.D.
Professor of Business Ethics & Society
Creighton University Heider College of Business

Beverly Kracher, Ph.D., is the Robert B. Daugherty Endowed Chair in Business Ethics & Society at Creighton University in Omaha, Nebraska. She is also the Executive Director and CEO of the Business Ethics Alliance, whose purpose is to promote an environment in Omaha where the discussion and practice of business ethics is encouraged and expected. She is widely published in the field of business ethics and is a frequent presenter and speaker in the field. She serves as an advisory board member of the Cary M. Maguire Center for Ethics in Financial Services at The American College and was named one of the Top 100 Thought Leaders by Trust across America. In 2013, she was named the Omaha Business Woman of the Year.

Simone McCormick
Selman Breitman LLP

Simone McCormick, 2017 Program Chair, is a Partner in the Portland and San Francisco offices of Selman Breitman LLP, and is a member of the firm's Cyber Law and Employment practice groups. She has extensive experience representing businesses and professionals in commercial litigation, professional liability, privacy, and employment matters, in state and federal courts, as well as in administrative proceedings. Simone holds the ANSI-accredited Certified Information Privacy Professional (CIPP/US) designation from the International Association of Privacy Professionals (IAPP), and has represented clients in cases involving data incidents, including forensic investigations, and notifications to affected clients and governmental entities. She regularly advises clients on best practices for information privacy and data security and risk assessment, and conducts management/employee training on how to counter and respond to cyber threats and incidents.

Nicholas R. Merker, CISSP, CIPT
Ice Miller LLP

Nicholas R. Merker, CISSP, CIPT, is a Partner at Ice Miller LLP's Chicago office and co-chairs the firm's Data Security and Privacy Practice. With almost a decade of hands-on, pre-legal computer systems, network, and security experience in the public and private sector, Nick bridges the gap between information technology and the law. Privacy law and technology are both constantly changing - Nick assists clients by analyzing laws against emerging technology and preparing clients to address regulatory and contractual audits, customer expectations, and assessment of risk. Clients seek Nick's counsel in all areas where data security and privacy is an issue, including PCI-DSS, the HIPAA Security Rule, online privacy statements, vendor contract issues, the EU Data Protection Directive, anti-SPAM issues, regulatory enforcement, privacy due diligence in mergers and acquisitions, privacy audits (i.e. GAPP), and data security standards and audits (i.e. NERC, SSAE 16, etc.). Nick also strives to educate others on trending privacy issues. He is Faculty at the International Association of Privacy Professionals where he leads privacy training across the globe to executives, engineers, lawyers and managers. Along with Stephen Reynolds, Nick teaches a course on Data Security and Privacy Law at the Robert H. McKinney School of Law, Indiana University.

Steven M. Mitchell
Deputy Regional Manager
US Department of Health and Human Services

Steven M. Mitchell is Equal Opportunity Compliance Personnel at the U.S. Department of Health and Human Services in Kansas City, Missouri. He is a native of Kansas City. He graduated from the University of Missouri with an undergraduate degree in 1981, and a law degree in 1984. He maintained a private practice of law with a significant health law component, until 1997, when he joined the Missouri Department of Social Services as a managing attorney in charge of regulating nursing homes and Medicaid reimbursement rates. He later worked as a consumer fraud attorney in the Missouri Attorney General's office, and as the managing attorney in the Kansas City office of Missouri Protection and Advocacy Services, before joining the U.S. Department of Health and Human Services, Office for Civil Rights in Region VII as an Equal Opportunity Specialist in 2003. Steve became a Supervisory Equal Opportunity Specialist in 2008, supervising a team of investigators charged with enforcement of non-discrimination laws and HIPAA. In June, 2013, Steve was named Deputy Regional Manager for Region VII. In June, 2015, OCR Regions V and VII were consolidated into the new Midwest Region, and Steve is the Deputy Regional Manager for the new region.

Lanny Morrow, EnCE, CTFI
Senior Data Scientist

Lanny Morrow, EnCE, CTFI is a 21-year veteran at BKD, Lanny is the Senior Data Scientist and testifying expert in digital forensics and advanced forensic data mining for BKD's Forensic & Valuation Services division. He is a frequent speaker and writer on both topics, including contributions to university textbooks and the Association of Certified Fraud Examiners' Fraud Magazine publication. Forensic Data Analytics and Artificial Intelligence Lanny has developed proprietary artificial intelligence used to uncover patterns and relationships in structured and textual data. His technology allows BKD's fraud investigators to rapidly identify relevant content in emails, documents, social media, and other sources early in an investigation. This technology also assesses the overall emotional state of communications, identifies hidden relationship networks among subjects in an investigation, and traces the evolution of topics, concepts and emotional states over time.

Cinthia Granados Motley
Sedgwick LLP

Cinthia Granados Motley is a co-chair of Sedgwick's cybersecurity practice group. She handles data privacy and security matters assisting clients, domestically and internationally, implement effective information security practices, including information governance and litigation readiness. She is experienced in representing clients in data security and privacy matters and routinely acts as incident response coach to large international entities, as well as breach response and privacy litigation counsel. She has been selected for inclusion in Super Lawyers Top Women Attorneys in Illinois and in Super Lawyers Rising Stars - 2012-2013. In 2015, she was selected as one of The National Law Journal's CyberSecurity and Data Privacy Trailblazers. Ms. Motley also serves as adjunct professor at Chicago-Kent College of Law teaching data management, information governance and e-discovery.

David B. Nides
Managing Director, Cyber Response Services

David B. Nides helps lead innovation and delivery of KPMG's Global and National Cyber Response Services. He has worked on countless high profile matters involving trusted insiders, hacktivist groups and state sponsored adversaries. Further, David's passion spans from his career into the community where he provides free software that is used by government agencies, law enforcement, and companies around the globe to combat cyber-crime.

Alexander E. Potente
Sedgwick LLP

Alexander E. Potente is a Partner at Sedgwick LLP in San Francisco, where he represents insurers in complex commercial insurance litigation matters. His coverage-litigation practice focuses on contractual and extra-contractual exposure for claims arising from environmental contamination, products liability, molestation and abuse, medical technology, cyber liability, consumer class actions, and business tort claims across the United States. Alex has also represented parties in commercial litigation arising from construction, patent infringement, employment and unfair competition disputes.

Chief Information Security Officer
KAR Auction Services Inc

Leon Ravenna, CIPM, CIPP/C, CIPP/E, CIPP/G, CIPP/US, PMP, has over 25 years' experience in Healthcare, Financial Services and Technology companies. He leads Global Security, Strategy, Privacy and Compliance services. Leon has extensive experience in Regulatory, Compliance & Privacy having managed ISO27001, HIPAA, SSAE-16, PCI and NIST audits. Leon is one of a very small group to hold 5 major Global Privacy certifications.

Stephen E. Reynolds, CISSP, CIPP/US
Ice Miller LLP

Stephen E. Reynolds, CISSP, CIPP/US, 2017 Program Vice Chair, is a Partner at the Indianapolis office of Ice Miller LLP and is co-chair of the firm's Data Security and Privacy Practice, with a practice that focuses on commercial litigation and data security and privacy law. He has represented companies in several types of litigation, including products liability cases, mass torts litigation, construction litigation, trade secrets litigation, securities litigation and other commercial litigation. Originally from Sebastian, Fla., Stephen earned his Bachelor of Arts from the University of Florida in 2004. Upon graduation, he was employed as a computer programmer and IT analyst. Stephen received his juris doctorate from the Indiana University Maurer School of Law in 2008, where he was a member of the Indiana Law Journal. As a former computer programmer and IT analyst, Stephen is uniquely able to and routinely uses his computer background in cases involving data security and privacy, electronic discovery, social media discovery, and computer forensics. Stephen has given presentations on data security and privacy, electronic discovery and social media discovery, and is a Certified Information Systems Security Professional (CISSP) and Certified Information Privacy Professional (CIPP/US). Along with Nick Merker, Stephen teaches a course on Data Security and Privacy Law at the Robert H. McKinney School of Law: Indiana University.

David G. Ries
Of Counsel
Clark Hill PLC

David G. Ries is Of Counsel at Clark Hill PLC in Pittsburgh, Pennsylvania, where he practices in the areas of environmental, technology, and data protection law and litigation. For over 15 years, he has increasingly focused on cybersecurity, privacy, and information governance. Dave has recently addressed in his practice such current issues as information security programs and policies, response to data breaches, digital and environmental forensics, admissibility of expert opinions, e-discovery, and defense of enforcement actions. He frequently lectures and writes on them nationally for legal, educational, and professional groups. He is a coauthor of Locked Down: Practical Information Security for Attorneys, Second Edition (American Bar Association 2016) and Encryption Made Simple for Lawyers (American Bar Association 2015) and a contributing author to Information Security & Privacy: A Practical Guide for Global Executives, Lawyers and Technologists (American Bar Association 2011). He is a frequent speaker and panelist in the areas of cybersecurity and data privacy law.

Jay Schulman

Jay Schulman leads RSM's Great Lakes Security and Privacy practice, where he helps CISOs, CIOs and CFOs understand and react to enterprise security risks and protect against attacks. Previously, he was a Managing Principal at Citigal leading the Midwest practice focusing on application security, a Managing Director and National Leader for Identify Management for KPMG, and Business Information Security Officer at JP Morgan Chase. Jay has broken into devices ranging from medical devices to automobiles to welding machines. Today, he spends most of his time helping clients develop processes to better manage security.

Mona Sedky
US Department of Justice

Mona Sedky has been a federal prosecutor for over a decade. While working at the U.S. Department of Justice's Computer Crime & Intellectual Property Section, Mona has led investigations and prosecutions of a wide variety of cybercrimes in federal courts around the country, with a particular focus on computer intrusions involving large-scale theft and trafficking of payment card data and personally identifiable information, as well as "sextortion" and other forms of cyberstalking. She regularly serves as a subject matter expert to Department leadership and policy makers in these areas. Other representative cases include corporate network intrusions, infrastructure cyber-attacks, online securities fraud, and cable modem hacking. Mona has conducted several multi-week jury trials. Prior to joining the Department of Justice, Mona spent ten years at the Federal Trade Commission's Bureau of Consumer Protection in D.C. and was an associate at Gibson, Dunn & Crutcher in Los Angeles. She earned her BA, with distinction, in Economics from Stanford University and her JD, magna cum laude, from Georgetown University Law Center. Mona then clerked on the U.S. District Court for the Central District of California and the Ninth Circuit Court of Appeals.

Jeanne M. Sheahan
Sr. Corporate Counsel

Jeanne M. Sheahan leads the development and implementation of Groupon's worldwide privacy program. She counsels Groupon's entire portfolio of brands on international data protection regulations, privacy by design, digital marketing, and consumer protection issues. Jeanne regularly partners with the product, marketing, human resources, and information security teams to promote privacy and cybersecurity best practices throughout the organization. Prior to working at Groupon, Jeanne worked for four years at the law firm of Davis Wright Tremaine counseling businesses on best practices in information privacy and data security, responses to government investigations, and data breach response. Jeanne is also a seasoned litigator. While at DWT and for four years prior to that at Bingham McCutchen, she represented numerous domestic and international clients from start-ups to Fortune 500 companies in bet-the-company litigation and government investigations. Jeanne is a Fellow of Information Privacy (FIP) with the International Association of Privacy Professionals and holds both the Certified Information Privacy Professional (CIPP/US) and Certified Privacy Program Manager (CIPM) credentials. She is also a frequent speaker on privacy and cybersecurity issues. Jeanne earned her JD from the University of California-Hastings and her undergraduate degree from the University of Wisconsin-Madison.

Melissa K. Ventrone, CIPP/US
Thompson Coburn LLP

Melissa K. Ventrone, CIPP/US, is a Partner at Thompson Coburn LLP in Chicago. When a cybersecurity incident strikes, Melissa coordinates a swift and strong breach response to manage her clients' situation and minimize damage. As chair of Thompson Coburn's cybersecurity practice, she leads teams of first responders, including lawyers and forensic investigators, in jumping head-on into a crisis. Melissa and her team work around the clock to control a breach situation and manage any public or regulatory fallout. When not in urgent response mode, Melissa represents her clients in cybersecurity litigation and proactively managing data privacy and security risks. She has led cybersecurity incident response teams in connection with small breaches impacting a few hundred people to larger breaches impacting millions on behalf of merchants, financial institutions, medical providers and educational institutions. Melissa has also attained considerable success in defending companies facing data security and privacy litigation, including class actions. She also advises clients on compliance with state, federal and international laws and regulations. In addition, Melissa drafts and negotiates contractual agreements concerning data use and retention and privacy and security, including cloud computing contracts. She also serves as a first responder for situations involving use or misuse of computers and other devices. Melissa recently completed a distinguished 21 years of service in the Marine Corps Reserve, holding several key positions, including Company Commander for a 200-person unit, Executive Officer for a 329-person company deployed to Afghanistan, Operations Officer for a 1,000-person motor transport battalion, and the Logistics Officer for Combat Logistics Regiment 4. She also volunteers as an ombudsman for the Employer Support for the Guard and Reserve in which she serves as a mediator on employment-related disputes.