Wednesday, March 6, 2019Gasson Hall

t h i r d a n n ua l

welcomewednesday, march 6, 2019

program

»

Boston College and the Federal Bureau of Investigation welcome you to Chestnut Hill for the 3rd Annual Boston Conference on Cyber Security (BCCS 2019). A one-day symposium packed with 10 compelling lectures and panel discussions on critical issues in emerging technologies, operations, and enforcement, as well as real-life cyber and national security concerns, the conference will focus on risk, compliance, policy, threat trends, preparedness, resiliency, and defensive strategies. In addition, BCCS 2019 will offer sponsors’ exhibitions and exceptional networking opportunities throughout the day.

Today’s conference provides an opportunity for cybersecurity leaders from the academic, analytic, operations, research, corporate, and law enforcement arenas to come together and coordinate their efforts, creating a more secure cyberspace. At a time of growing concern about the vulnerability of our nation’s information systems, it is imperative that we, as a community of scholarly and expert practitioners, engage our exceptional intellectual resources to promote the exchange of ideas and further the pursuit of knowledge.

This year, we are grateful and privileged to have the Honorable David L. Bowdich, deputy director of the Federal Bureau of Investigation, join us at Boston College to discuss the critical issues facing government and private industry in defending against today’s cyberthreats.

We extend heartfelt thanks to our speakers, panelists, volunteers, and sponsors for their time and effort in developing the 2019 BCCS program.

Finally, we want to thank each of you for attending BCCS 2019, and making today’s conference a truly collaborative effort among academia, government, and private industry. All of you, as professionals and leaders, have the vision, the knowledge, and the experience to help us prepare the way into the future of cybersecurity.

Again, thank you for joining us.

Sincerely yours,

David M. Goodman, Interim Dean of the Woods College of Advancing Studies of Boston College

Joseph R. Bonavolonta, Special Agent in Charge, FBI Boston Division

8:00 – 8:45 a.m. registration & continental BreaKFast

Sponsored by Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.

8:45 – 9:15 a.m. welcome & opening remarKs

David Goodman, Interim Dean, Woods College of Advancing Studies, Boston College

Joseph R. Bonavolonta, Special Agent in Charge, FBI, Boston Division

Michael J. Lochhead, Executive Vice President, Boston College

9:15 – 10:00 a.m. Keynote address

The Honorable David L. Bowdich, Deputy Director, FBI

10:00 – 10:15 a.m. BreaK & reFreshments

Sponsored by Raytheon

10:15 – 11:00 a.m. speaKer

Corey E. Thomas, President & Chief Executive Officer, Rapid7

11:00 – 11:45 a.m. speaKer

Christopher Porter, Chief Intelligence Strategist, FireEye

11:45 a.m. – 1:00 p.m. lunch and panel discussion

Sponsored by FireEye

panel discussion (12:10–1:00 p.m.): “You’ve Been Breached; Now What?!”– Cyber Attack Simulation

Moderator: Lisa Ropple, Partner, Cybersecurity, Privacy & Data Protection Group, Jones Day

panel:

Amy Burkart, Assistant U.S. Attorney, Chief Cyber Crime Unit, U.S Attorney’s Office - Boston

Katie Jenkins, Senior Vice President & Chief Information Security Officer, Liberty Mutual Insurance

Cheryl Davis, Senior Director, Strategic Initiatives, Oracle; former Director, Cybersecurity Policy, National Security Council - White House

Nini Donovan, Director, Guidehouse - Boston

Katherine Kountze, Senior Vice President & Chief Information Officer, Eversource

Katherine J. Fick, Senior Counsel, IBM Security/IBM Corporation

Sara Cable, Assistant Attorney General & Director of Data Security & Privacy, Consumer Protection Division of the Massachusetts Attorney General

1:10 – 2:00 p.m.

2:10 – 3:00 p.m.

BreaKout 1 (room 305):

panel discussion: “Data Privacy: GDPR, California, and Everything in Between”

Moderator: Cynthia J. Larose, Esq., Partner and Chair, Privacy & Security Practice Group,Mintz Levin

Panel:

Ultan O'Carroll, Assistant Commissioner & Tech-nology Advisor, Multinationals and Technology, Data Protection Commission - Ireland

Gretchen Swanz Herault, Senior Privacy Counsel, GE Healthcare

Hillary Russell, Senior Vice President & Associate General Counsel, LPL Financial

Thom Shola, Vice President, Retirement Plan Services (RPS) IT Head of Cyber Risk & Security, John Hancock

BreaKout 2 (room 305):

panel discussion: “Cybersecurity: Data Protection, Best Practices & the Blockchain”

Moderator: Kevin Powers, JD, Director, M.S. in Cybersecurity Policy & Governance, Boston College

Panel:

Gus P. Coldebella, General Counsel, Circle; former Acting General Counsel, U.S. Department of Homeland Security

Lawrence Zelvin, Executive Vice President, Head of Financial Crime Group - Cyber, fraud, and Physical Security, Bank of Montreal

Jim Cunha, Senior Vice President, Federal Reserve Bank of Boston

Tara M. Wheeler, Senior Director, Data Trust & Threat and Vulnerability Management, Splunk

Kevin J. Angle, Counsel, Privacy & Cybersecurity Group, Ropes & Gray

BreaKout 1a (room 100):

panel discussion: “Law Enforcement– Information and Data Sharing with the Private Sector”

Moderator: Timothy Russell, Supervisory Special Agent, FBI Boston Division - Cyber Crime Program

Panel:

Ron Ford, Regional Cybersecurity Advisor (New England), U.S. Department of Homeland Security

Jarod Koopman, Director, Cyber Crime, Internal Revenue Service

Christopher Geary, Unit Chief, FBI, CIRFU

Samir C. Jain, Partner, Cybersecurity, Privacy & Data Protection Group, Jones Day; former Senior Director, Cybersecurity Policy, National Security Council - White House

BreaKout 2a (room 100):

panel discussion: “Cybersecurity: National Security–Current Issues & Concerns”

Moderator: Scott T. Lashway, Partner, Cybersecurity and Privacy, Holland & Knight, LLP

Panel:

Brock Dahl, Attorney, Office of General Counsel, National Security Agency

Michael Daly, Chief Technology Officer, Raytheon -

Cybersecurity and Special Missions

Courtney Sullivan, Partner, Commercial Litigation & National Security, Venable, LLP

Jon A. Mellis, Senior Corporate Counsel, VMware, Inc.

Adam Flatley, Global Head of Intelligence Opera-tions/Talos, Cisco

program cont.

BreaK & reFreshments Sponsored by Cisco

3:00 – 3:15 p.m.

3:15 – 4:00 p.m. panel discussion: “Cybersecurity: A View from the Top”

Moderator: Heather Egan Sussman, Partner & Global Co-chair, Cyber, Privacy & Data Innovation Practice, Orrick, Herrington & Sutcliffe LLP

Panel:

Don Anderson, Senior Vice President & Chief Information Officer, Federal Reserve Bank of Boston

John T. Martinez, Vice President and IIS General Counsel, Raytheon Intelligence, Information and Services

Michael Crones, Chief Information Officer, Draper Laboratory

Christopher Leigh, Chief Information Security Officer, Eversource

Colonel Arthur Wunder, Director of Staff, Massachusetts Air National Guard

4:00 – 5:30 p.m. networKing reception

Sponsored by Arbella Insurance, Guidehouse & Splunk

Refreshments and hors dʼoeuvres

David M. GoodmanInterim Dean and Director of Applied Research at the Woods College of Advancing Studies at Boston College

David Goodman is an associate professor of the practice in the philosophy department and director

of applied research in the Woods College of Advancing Studies at Boston College. Director of the

Cambridge-based interdisciplinary consortium Psychology and the Other, he is also a teaching associ-

ate at Harvard Medical School/Cambridge Hospital. Dr. Goodman has written over a dozen articles on

subjects including continental philosophy, Jewish thought, social justice, and psychotherapy. Currently,

he serves as editor for the Routledge Psychology and the Other series. He has written and edited several

books including The Demanded Self: Levinasian Ethics and Identity in Psychology (Duquesne University

Press, 2012), Psychology and the Other: A Dialogue at the Crossroad of an Emerging Field (with Mark

Freeman, Oxford University Press, 2015), and The Ethical Turn: Otherness and Subjectivity in Contem-

porary Psychoanalysis (with Eric Severson, Routledge, 2016). Dr. Goodman is also a licensed clinical

psychologist who maintains a private practice in Cambridge, Massachusetts.

Joseph R. BonavolontaSpecial Agent in Charge, Federal Bureau of Investigation, Boston Division

Appointed by FBI Director Christopher Wray as special agent in charge of the Boston Field Office,

Mr. Bonavolonta has served as deputy assistant director for the FBI’s Counterintelligence Division since

March 2018. He previously helped lead the Boston Field Office, where he served as assistant special

agent in charge from 2013 to 2017, overseeing the counterintelligence and cyber programs. A former

special agent in the New York Field Office, Mr. Bonavolonta received the U.S. Attorney General’s

Director’s Award for Superior Performance in 2005 for his contributions to the Bonanno La Cosa Nostra

Family investigations. He has held a variety of other leadership, operational, and investigative positions

during his FBI career, including serving as program manager in the Organized Crime Section at FBI

Headquarters in Washington, D.C., to being promoted to supervisory special agent of the corporate/

securities fraud squad at the Newark Field Office, and also serving as the section chief for the FBI’s

employee development and selection program.

The Honorable David L. BowdichDeputy Director, Federal Bureau of Investigation

David Bowdich was named the deputy director of the FBI in March 2018. He oversees all FBI domestic

and international investigative and intelligence activities. As associate deputy director of the bureau from

2016 to 2018, he supervised the management of all FBI personnel as well as budget, administration, and

infrastructure. Prior to that appointment, he was assistant director in charge of the FBI’s Los Angeles

Field Office from December 2014 to April 2016, having served as agent in charge of the Counterterrorism

Division in the Los Angeles Field Office from September 2012 to December 2014.

Mr. Bowdich began his career as an FBI special agent in 1995 in the San Diego Field Office, where, as a

SWAT team operator and sniper, he investigated violent crimes and gangs. In 2003, he was promoted

to FBI Headquarters in Washington, D.C., where he served in the Criminal Investigative Division.

He returned to San Diego and supervised a multiagency gang task force before being promoted to

assistant special agent in charge of all non-white-collar-crime criminal violations, the Imperial County

Resident Agency, the SWAT Team, and the Evidence Response Team.

Keynote speaKer conFerence chairs

Kevin R. Powers, J.D.Director, Master of Science in Cybersecurity Policy and Governance Program, Boston College

Kevin is the founding director of Boston College’s M.S. in Cybersecurity Policy and Governance

Program, and an assistant professor of the practice at Boston College Law School and the University's

Carroll School of Management. With a combined 20 years of law enforcement, military, national security,

business, higher education, and teaching experience, he has worked as an analyst and an attorney for

the U.S. Department of Justice, U.S. Navy, and U.S. Department of Defense. He has also worked for law

firms in Boston and Washington, D.C., and as the general counsel for an international software company

based in Seattle, Washington. Kevin is a research affiliate at the MIT Sloan School of Management, and

he has taught courses at the U.S. Naval Justice School and the U.S. Naval Academy, where he was also

the deputy general counsel to the superintendent. From 2016–2017, he was the panel lead for the Colle-

giate Working Group to the U.S. Department of Homeland Security’s National Initiative for Cybersecurity

Education (NICE). Kevin also serves as a board member for the Boston College Law School Business

Advisory Council, a regional bank, and an international software company.

masters oF ceremonies

Doug DominSpecial Agent, Criminal Cyber Squad (CY-2), Federal Bureau of Investigation, Boston Division

Since beginning his career as a special agent with the FBI in 2002, Doug Domin has served in

multiple roles in the Boston division, including in criminal cyber investigations, on the Bulger Fugitive

Task Force, and as a technically trained agent in the Operational Technology Division. In 2012, he was

promoted to supervisory special agent in the Cyber Division, and selected to manage the Cyber Action

Team, a deployable contingent of highly skilled cyber investigators distributed throughout FBI field offices.

After serving two years as an assistant legal attaché at the U.S. Consulate in Toronto, Ontario, SA Domin

became a member of the Criminal Cyber Squad (CY-2). His CY-2 investigations are focused exclusively

on criminal computer intrusion matters.

panel moderators

Timothy RussellSupervisory Special Agent, FBI, Boston Division

Mr. Russell joined the FBI in the Miami Field Office in 1999, and was assigned to the Boston Field Office

in 2002. During his time in Boston, he has investigated Internet fraud, intellectual property crimes, and

complex criminal and national security computer intrusion. In 2013, Mr. Russell reported as the acting

Cyber ALAT for the FBI’s London office. The following year, he served as a supervisory special agent

(SSA) in the Asia Cyber Operations Unit at FBI Headquarters, Cyber Division. In 2016, Mr. Russell was

appointed SSA for the Boston Criminal Cyber Squad, with responsibilities for criminal cyber matters in

Rhode Island, Massachusetts, New Hampshire, and Maine.

Cynthia J. LarosePartner and Chair, Privacy & Security Practice Group, Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.

Cynthia Larose, chair of Mintz Levin’s privacy and security practice and a Certified Information Privacy

Professional (CIPP), represents companies in information, communications, and technology. She coun-

sels clients at all stages of the “corporate lifecycle,” and has broad experience in technology and business

law, including online contracting issues, licensing, domain name issues, software development, and

complex outsourcing transactions. Cynthia conducts privacy audits and risk assessments to determine

data and transaction flow and to assess privacy practices.

Corey E. ThomasPresident and Chief Executive Officer, Rapid7

Corey Thomas is president and chief executive officer of Rapid7, a company he joined in 2012, bringing

extensive experience in leading technology companies to the next stage of growth and innovation. Prior

to joining Rapid7, Corey was vice president of marketing at Parallels, Inc., a virtualization technology com-

pany. He was also a group project manager at Microsoft, where he launched SQL Server 2005 worldwide

and drove product planning for Microsoft’s data platform. Corey also spent several years as a consultant

at Deloitte, focusing on technology and operations at large, multinational banks.

Christopher Porter Chief Intelligence Strategist, FireEye

Christopher Porter is the chief intelligence strategist of FireEye, a global cybersecurity company that

protects organizations against malicious software and analyzes IT security risks. As editor-in-chief of

FireEye’s strategic intelligence products, Christopher oversees joint research with partners outside the

company. Before joining FireEye, he served nearly nine years in operations and analysis at the Central

Intelligence Agency, where he won the National Intelligence Analysis Award, coauthored a National

Intelligence Estimate, and was the first analyst to win the Cyber Threats Group Director’s Award for

Innovation. At FireEye, Christopher created and manages operations for Executive Reporting, the organ-

ization’s intelligence subscription service. He also oversees production of Threat Media Highlights,

FireEye’s perspective on breaking cybersecurity news.

speaKers

Lisa RopplePartner, Cybersecurity, Privacy & Data Protection Group, Jones Day

Lisa Ropple is a partner in the Boston office of Jones Day, an international law firm with over 2,500

lawyers around the world. She is a member of the firm’s global Cybersecurity, Privacy & Data Protection

group and serves as the head of litigation for Jones Day’s Boston office. Lisa focuses her practice on

helping companies respond to significant cybersecurity incidents and representing them in connection

with the many legal challenges that often follow, including federal and state regulatory investigations and

litigation. Lisa handles all aspects of data breach incident investigation and response, including direct-

ing privileged forensic investigations, coordinating and supporting internal incident response teams,

engaging with law enforcement authorities, and advising senior management and boards of directors on

response and risk mitigation strategies.

Scott T. LashwayPartner, Cybersecurity and Privacy, Holland & Knight, LLP

Scott T. Lashway is a disputes and investigations partner and co-chair of Holland & Knight's Cybersecu-

rity, Data Breach and Privacy Team. He focuses on the intersection of law and technology, with an empha-

sis on cybersecurity, data privacy, technology-focused litigation, and allegations of misappropriation of

proprietary data and unauthorized access to data or computing systems. Scott has significant experience

conducting investigations and counseling on incident response for clients who have confronted some of

the world’s most sophisticated cyberattacks. His clients represent a range of industries, including finan-

cial services and insurance, technology, life sciences, intelligence, transportation, education, and gaming.

Heather Egan SussmanPartner & Global Co-chair, Cyber, Privacy & Data Innovation practice, Orrick, Herrington & Sutcliffe LLP

As leader of Orrick’s Boston office, Heather Egan Sussman focuses her practice on privacy, cyberse curity,

and information management. Chambers USA and the Legal 500 United States have deemed her a

leader in the field. Heather frequently writes on current privacy and information security issues confront-

ing trade and legal organizations. She is quoted regularly in Web news outlets such as MSNBC.com and

ABCNews.com as well as in the New York Times, the Los Angeles Times, Bloomberg BusinessWeek,

the San Francisco Chronicle, Washington Times, and Houston Chronicle.

panel moderators

M.S. in Cybersecurity Policy and Governance Advisory Council

advisory council

Student Workers

Benjamin Twohig, Boston College Class of 2019; Brendan Powers, Boston College Class of 2020; Kelli Powers, Boston College Class of 2021; Erin Powers, St. Mary’s High School Class of 2020

John C. Eckenrode, Chair, Advisory Council, Senior Vice President and Chief Security Officer, State Street

Carolyn Bargoot, Director, Strategic Initiatives & Organizational Effectiveness, Office of the Provost, Boston College

Michael Bourque, Vice President and Chief Information Officer, Boston College

Michael Brown, RADM, USN (ret.), Former Vice Presi-dent and General Manager, Global Public Sector, RSA

Patrick Cain, President, The Cooper-Cain Group, Inc.

Dr. Robert Cherinka, Ph.D., Chief Engineer, Software Engineering, MITRE

Cheryl A. Davis, Senior Director for Strategic Initiatives, Oracle

Sean M. Doherty, Senior Public Policy Analyst, Bank of America Merrill Lynch

David Escalante, Director, Computer Policy and Security, Boston College

David Goodman, Ph.D., Fuller Graduate School of Psychology, Interim Dean, Woods College, Boston College

Cynthia J. Larose, Esq., Partner and Chair, Privacy & Security Practice Group, Mintz Levin

Scott T. Lashway, Esq., Partner, Cybersecurity and Privacy, Holland & Knight, LLP

John T. Martinez, Vice President and IIS General Coun-sel, Raytheon Intelligence, Information and Services

John OʼConnor, President, Birch Meadow Advisors, LLP

David Olson, J.D., Associate Professor, Boston College Law School; Faculty Director, Boston College Law School Program on Innovation and Entrepreneurship

Kevin R. Powers, J.D., Founding Director, M.S. in Cybersecurity Policy and Governance, Boston College; Assistant Professor of the Practice, Boston College Law School; Assistant Professor of the Practice, Carroll School of Management, Boston College

Sam Ransbotham, Ph.D., Georgia Institute of Technol-ogy, Associate Professor, Information Systems Depart-ment, Carroll School of Management, Boston College

Lisa M. Ropple, Partner, Cybersecurity, Privacy, and Data Protection, Jones Day

Timothy Russell, Supervisory Special Agent, FBI Boston Division - Cyber Crime Program

Michael Steinmetz, Cybersecurity Officer, Advisor to the Governor & Office of Homeland Security, the State of Rhode Island

Howard Straubing, Ph.D., University of California at Berkeley, Professor, Computer Science Department, Boston College

Kevin Swindon, Corporate Vice President, Global Secu-rity, Charles River Labs

Don Ulsch, Senior Consultant, Cybersecurity & Foren-sics, Charles River Associates

David Wilkinson, Senior Director, IT Security & Cyber Security Practice, Gartner Inc.

Graham Wright, Senior Vice President, Security and Cyber, Inmarsat

Thank you to the FBI Boston Division - Cyber Program, and our student volunteers from the M.S. in Cybersecurity Policy & Governance Program’s ISACA Student Group; BC Law School’s Internet Law Society; and Boston College High School’s Tech Society.

special thanKs to our conFerence sponsors

St. Mary’s Hall South, Ground Floor, Chestnut Hill, Massachusetts 02467

phone: 617–552–3900 • Fax: 617–552–8404 • e-mail: woodscollege@bc.edu

bc.edu/mscybersecurity

Follow us on Twitter: @BCcybersecurity