Skip to Content

Joseph F. Rice School of Law

2019 Cybersecurity Legal Institute

Join cybersecurity experts in the fields of law, law enforcement, insurance, and information technology to learn how to protect your firm and keep your data safe.

Institute Agenda

 Approved for 5.25 hours of CLE credit (193597)

 Continental breakfast sponsored by Stasmayer, Inc.
Emerging Threats, Promising Opportunities.

IBM CEO Ginni Rometty has said that data “is the phenomenon of our time. It is the world’s new natural resource. It is the new basis of competitive advantage, and it is transforming every profession and industry.” Society is being transformed by data, bringing concrete changes to our economic activities, to how we learn, to our enjoyment of sports and music, to our understanding and practice of religion, and in so many other areas.  This new age is also dramatically impacting the national security landscape.  The challenges our country faces will increasingly involve the cyber environment, from threats to national security to growing international criminal networks to challenges in global trade.  The challenges our country faces also present promising opportunities – a stronger and more innovative economic base could lead to a more opportunity-based society where anyone can make great contributions. The country will look to the legal community to help lead us in this new age of data.

  • Daniel Sutherland, Associate General Counsel, U.S. Department of Homeland Security Office of the General Counsel


At the highest level, cybersecurity activities can be viewed across five functions: Identify, Protect, Detect, Respond, and Recover. In this panel, we will address each of those functions and how technical and non-technical employees alike share in the responsibility to keep a company ready to respond appropriately to an event or incident at a moment's notice.

  • Andy Bowden, IT Director, Dominion Energy Southeast Energy Group
  • Michael K. Hamilton, CISO, President & Founder, CI Security
  • Rick Krenmayer, Co-Founder & CEO, Stasmayer,  Inc.
  • Mark Lester, Information Security Manager, SC Ports Authority

Does your organization rely on third-party vendors for HR, IT, accounting or other services?   These vendors often require interconnectivity with your systems and data, but if their networks and practices aren’t secure, hackers can use them to steal your data. This panel will address the risks in detail and provide practical steps you can take to manage vendors and best secure their networks.

  • Denver Edwards, Partner, Pierce Bainbridge LLP
  • Steven Kaufman, Deputy Associate General Counsel, U.S. Department of Homeland Security Office of General Counsel
  • Kurtis E. Suhs, Managing Director, Cyber Special Ops LLC

While the attention of the business world was focused on the EU’s General Data Protection Regulation, California blindsided us all with its own domestic privacy law back in June. Now we’re getting closer to the date the CCPA goes into effect. We’ll talk about the differences between the GDPR and the CCPA, and the uncertainties about the final form the California law will take, given the amendments that are already on the table. And we’ll also discuss the possibility that by the time January rolls around (when California’s law takes effect), it may already have been pre-empted by federal legislation. Join us for a discussion on the latest in privacy laws and how to get your organization or clients ready.

  • Laura Berger, Head of Privacy for the Americas, LinkedIn
  • David Hechler, Editor-in-Chief, CyberInsecurity News
  • Alex White, Deputy Chief Privacy Officer, State of South Carolina



The global growth of ransomware along with destructive malware and their related attacks have caused many organizations to stand up and take notice of this crippling threat.  A variety of new perpetrators have emerged and their attacks are now less random and more targeted than ever before.  This panel will provide several experts in incident response and forensic analysis as they discuss their personal involvement with ransomware attacks and share some best practices for addressing the changing threat landscape, legal issues, response and recovery, and strategies for how to combat ransomware.

  • Paul Ihme, Co-Founder & President of Consulting Services, Soteria; former NSA Hacker
  • Ashish Mahajan, Senior Manager, Cyber Risk Services, Deloitte & Touche LLP
  • Will Mendez, Director, Friedman CyZen LLC
  • Matthew Rose, Analyst, Computer Emergency Response Team, Center for Internet Security
  • Tom Scott, Executive Director, CyberSC

This program will address the BEC risk and solution with a discussion on what best practice tips to implement in order to avoid becoming a victim of a business email compromise attack including having an effective security policy in place, security awareness training and incident response planning.

  • Douglas Hemminghaus, Assistant Special Agent in Charge, National Security Branch, Federal Bureau of Investigation
  • Keith Novak, Associate Managing Director, Cyber Risk Practice, Kroll
  • Karen Randall, Chair, Cybersecurity and Privacy, Connell Foley LLP
  • Andrew Arruda, CEO and Co-Founder, ROSS Intelligence
  • Ryan Benjamin, Attorney, US Global Commercial and Field Group, Microsoft
The Federal Trade Commission's Role in Protecting Consumer Privacy

The Federal Trade Commission (FTC) has been the primary federal agency protecting consumer privacy since the enactment of the Fair Credit Reporting Act (FCRA) in 1970. Particularly since the 1990s, the FTC has used its broad authority under the FTC Act and other statutes within its jurisdiction to identify and enforce privacy and data security practices to protect consumers and their personal information. The FTC also actively engages in policy, consumer and business education, and other federal, state, and international privacy and data security initiatives. Much has changed in the 48 years since FCRA was enacted, including the interaction of consumer data, privacy, and technological innovation; the increasing number of federal agencies exercising privacy and data security powers; the expanding influence of state and international data protection law; the tension between consumer and commercial interests; and the near ubiquity of incidents involving personal information. There is a huge debate in Washington and elsewhere around the most effective means of protecting consumer data while supporting innovation and commercial activities, and the FTC is at the heart of that debate. 

  •  Maneesha Mithal, Associate Director, Division of Privacy and Identity Protection, Federal Trade Commission
Transferring the Risk: A Professional's Checklist for Procurement of the Cyber Liability Policy
  • Andrea DeField, Associate, Hunton Andrews Kurth LLP
  • Joe DePaul, Head of FINEX Cyber/E&O, North America
  • Abigail Oliver, Assistant Vice President of Cyber Underwriting, AXIS Capital
  • Anne Macon Smith, Director, State Fiscal Accountability Authority, South Carolina Insurance Reserve Fund
Incident Response Planning for the SMB and Law Firm

Kroll experts will step through a security incident response scenario involving ransomware.  This mini table-top exercise will focus on the procedures organizations must take to minimize the damage from an incident and return to normal business operations.  Proactive best practices for prevention, detection and containment will be discussed throughout the exercise.

  • Isaiah Jensen, Director, Cyber Risk, Kroll
  • Greg Michaels, Managing Director, Cyber Risk, Kroll
  • Keith Novak, Associate Managing Director, Cyber Risk, Kroll

Produced in partnership with
the Federal Bureau of Investigation

  • Official seal for the Federal Bureau of Investigations










Challenge the conventional. Create the exceptional. No Limits.