Please join us for an online discussion to hear from experts, including USC faculty, about the limits of cyber risk management in the wake of SolarWinds. Our first panel session will explore personal, business, and systemic risks associated with both non-state and state-sponsored cyber incidents. Our second panel session will discuss how organizations can most effectively respond to cyber incidents. In addition, USC Chief Information Security Officer Gus Anagnos will be providing a keynote address on proactive steps that we can all take to protect our data.
Cyber Risk Management Webinar
Friday, February 26, 9:00 am – 12:00 pm Pacific
PANEL SESSION 1
NotPetya, SolarWinds, What’s Next?
9:00 am – 10:10 am Pacific
- Maura Godinez, Adjunct Professor of the Practice for Intelligence and Cyber Conflict, USC Dornsife School of Letters, Arts and Sciences
- Stevan J. Bernard, Founder and Chief Executive, Bernard Global, LLC
- Serene Davis, Southwest/South Central Regional Manager, US Cyber & Tech, Cyber & Executive Risk, Beazley Insurance Services
- Michael A. Gold, Partner and Co-Chair, Cybersecurity & Privacy Group, Jeffer Mangels Butler & Mitchell LLP
Protecting Your Data: Advice from USC’s CISO
10:20 am – 10:40 am Pacific
- Gus Anagnos, Chief Information Security Officer, University of Southern California
PANEL SESSION 2
Incident Response When the Well Is Poisoned?
10:50 am – 12:00 pm Pacific
- Joseph Greenfield, Associate Professor of Information Technology Practice, USC Viterbi School of Engineering
- Pierson Clair, Managing Director, Cyber Risk, Kroll
- Tiffany Garcia, Director and Cybersecurity Practice Leader, CBIZ
- Wendi Whitmore, Senior Vice President, Palo Alto Networks
As the chief information security officer (CISO) for USC, Gus Anagnos is responsible for providing leadership and strategic direction on information security. He oversees key security initiatives, including the four-year intensive transformation of USC’s information security environment. He and his team collaborate with advisory groups across the university to develop, promote, and oversee the implementation of a comprehensive information security program.
Gus is an information security professional with more than twenty years of experience in application security, vulnerability detection and management, crisis management, electronic crime and threat intelligence, business continuity management, privacy and information risk management. Prior to joining USC in 2017, he served as vice president of global alliances at Synack, Inc., a computer and network security firm delivering crowd-sourced security testing, whose clients include leading Fortune 500 companies, the Department of Defense, and the Internal Revenue Service. Previously, Gus had held leadership positions in information security at organizations such as eBay, PayPal, IndyMac Bancorp, and General Motors Corporation, where he created and led key transformational programs, such as the PayPal Bug Bounty Program.
Stevan Bernard founded Bernard Global, LLC in July 2018 and he currently serves as its Chief Executive.
Prior to this he held the position of Executive Vice President of global protection services at Sony Pictures Entertainment. During his 16 years with Sony, Stevan initiated numerous programs in support of Sony worldwide. His staff covered 50 countries with 150 offices, and they supported contracted production personnel operating in the far corners of the globe. Responsibilities included: global threat management; investigations; forensics (with three labs); information security and data privacy; content protection; resilience; threat management; major event security; environment; health and safety; production safety and security; sustainability; medical services; BCP/CM and incident management (including cyber); physical security; law-enforcement and government liaison; fire and life safety.
In addition to the entertainment field Stevan has also held key leadership roles in energy, food, and hi-tech. His public service included 12 years in municipal police. He has lived overseas for seven years of his life and traveled in over 50 countries.
Today, Stevan is very engaged with the law-enforcement community, the U.S. Department of State, Academia, the International Security Management Association (ISMA), the Domestic Security Alliance Council (DSAC) for the FBI, the Overseas Security Advisory Council (OSAC), InfraGard with the FBI, and ASIS International. He has been recognized by the CIA, the FBI, AT&F NRT, the U.S. Army, and the U.S. Department of State for his service to country.
Stevan is a sought-after speaker, advisor, and confidant on topics such as corporate security, crisis preparedness, cyber security, resilience, leadership, duty of care, and risk mitigation.
Pierson Clair is a Managing Director with Kroll Cyber Risk where he leads one of Kroll’s global cyber incident response teams from Los Angeles, California. With over a decade of experience in private sector digital forensics and incident response he has worked and led teams in support of complex digital investigations entailing tens of thousands of compromised endpoints. He currently helps organizations detect, respond to, and eject long-term embedded threat actors. Pierson has deep subject matter expertise in Mac and mobile device digital forensic acquisition and analysis and has taught advanced courses in these topics at the University of Southern California for the past nine years. He is a frequent speaker on a range of cyber security and digital forensic related topics. Prior to assisting organizations out of their most challenging cyber situations, Pierson worked in the U.S. Intelligence Community on a range of national security activities.
Southwest/South Central Regional Manager, US Cyber & Tech
Serene Davis is a Regional Manager for the US Cyber & Tech division of Beazley Insurance Group where she oversees a team of underwriters in Southern California and Texas. Of her many years in the insurance industry, nearly 18 of them have been in the cyber and tech market. Serene has seen the rapid evolution of cyber risks organizations face as well as the response of the insurance market to these changing needs. Serene works actively with her team to continuously assess and underwrite these exposures and build insurance programs based on the findings. Beazley is a proud participant in the Lloyd's market, the largest and oldest insurance market in the world. Beazley’s client base is broadly diversified by type, by size, and by geography. Beazley’s clients are leaders in many of the markets in which they operate. Serene has been with Beazley for 14 years, having started in San Francisco and later migrated south to Los Angeles as the company expanded their U.S. footprint. Serene resides in Long Beach with her husband and two young children.
Tiffany Garcia is a Director in the national Risk and Advisory Services practice and leads the national Cybersecurity Practice for CBIZ. She has extensive IT audit, consulting, and cybersecurity experience across the private and public sector – including many education, commercial, healthcare, and government clients. Her experience includes leading projects focusing on controls and security, primarily on assessing the security and reliability of automated systems and compliance with state and federal laws and regulations, and industry best practices. She has led a variety of engagements including risk and security assessments, cybersecurity risk assessments, IT general and application control reviews, SOC 1 and SOC 2 audits, vulnerability assessment and penetration testing services, social engineering campaigns, and compliance and performance audits.
She has also successfully executed various audits and consulting engagements for many large organizations, including internal audit divisions for a range of industries, including oil and gas, manufacturing, industrial markets, investment firms, banks, and financial services.
Tiffany has abundant knowledge and experience with the HIPAA Privacy, Breach Notification, and Security Rules, as well as other criteria such as FISCAM, NIST, PCI, CIS, FERPA, and IRS Pub 1075 requirements. Tiffany also has in-depth experience in conducting and leading IT audits and consulting engagements under IIA, AICPA, and Government Auditing Standards.
Maura Godinez is an Adjunct Professor of the Practice for intelligence and cyber conflict and the University of Southern California. She served in the Central Intelligence Agency for 29 years in the Directorate of Operations. An operations officer and intelligence practitioner working in Washington, Latin America, Europe and the Middle East, she has done analytic and operational work in the disciplines of counterintelligence, counterterrorism, foreign intelligence collection, and covert action. She has worked at the nexus of technology and human operations throughout her career and began focusing specifically on cyber issues in 2015.
Ms. Godinez first associated with the University of Southern California as CIA’s Officer in Residence at the School of International Relations in 2007; she rotated between teaching and working the intelligence community until 2017. Now she teaches and mentors students and continues to seek opportunities adjacent to the intelligence community to practice and maintain her skills. Her courses present the nuts and bolts of intelligence disciplines and cyber conflict. Prior to joining the CIA, Ms. Godinez was a Foreign Service Officer with the U.S. Department of State. She has a Master’s Degree in International Public Policy from Johns Hopkins University School of Advanced International Relations.
Michael A. Gold
Michael Gold is a Partner and Co-Chair of the Cybersecurity & Privacy Group at Jeffer Mangels Butler & Mitchell LLP. He counsels clients in a wide variety of matters, including information security and privacy compliance, supply chain and outsourcing security issues, data breach responses and investigations, regulatory matters, crisis management, and technology contracts.
He has assisted clients in developing policies and processes to comply with information security and privacy laws throughout the world (including the E.U.'s General Data Protection Regulation, the California Consumer Privacy Act of 2018, and other national, state, and industry-sectoral laws in the U.S.). He negotiates technology agreements relating to information security and privacy, and has particular experience with advanced digital advertising and marketing and emerging information security technologies. He represents clients in a range of industries, including healthcare, defense, major league sports, accounting and business management, and financial services.
Michael was named one of California's “Top 20 Cyber - Artificial Intelligence Lawyers” by the Daily Journal (2018), one of the Daily Journal’s 20 “Top Cyber Lawyers” again in 2020, one of the “Most Influential Lawyers: Digital Media and E-Commerce Law” by the Los Angeles Business Journal, and has been designated a “Top Rated Lawyer in Technology Law” by Martindale Hubbell.
Joseph S. Greenfield
Dr. Joseph Greenfield is an Associate Professor of Information Technology Practice at the University of Southern California. For nearly 15 years, he has taught cyber security and digital forensics in the Information Technology Program at the Viterbi School of Engineering. He authored both undergraduate minors: Applied Computer Security and Computer and Digital Forensics. He also co-authored the interdisciplinary major in Intelligence and Cyber Operations.
In addition, he is the Managing Director at Maryman & Associates, specializing in Windows forensics and network breach investigations.
He holds a B.S. in Computer Engineering and an M.S. in Computer Science from the University of Southern California, and a Ph. D. in Computer Science from the University of Rhode Island.
Wendi Whitmore is a Senior Vice President at Palo Alto Networks. She served formerly as Vice President, IBM Security X-Force. Wendi has nearly two decades of experience in incident response investigations. At IBM, Wendi created IBM X-Force IRIS which includes the global X-Force Incident Response, Proactive Services, Cyber Range, and Threat Intelligence practices. She began her career as a Special Agent conducting computer crime investigations with the Air Force Office of Special Investigations (AFOSI) and held executive-level positions at CrowdStrike Services and Mandiant.