The Business of Cyber Security:  Strategies for Success

November 2, 2017
Federal Reserve Bank of Boston

Register Here! | Speakers | Sponsorships

Speakers and Bios:

Don Anderson

Senior Vice President and Chief Information Officer, Federal Reserve Bank of Boston

In this capacity, Donis responsible for a diverse portfolio, including the Federal Reserve System’s internet, cyber, and network security services, national financial management technology services, and the Boston Fed’s information technology, real estate, and law enforcement functions.

Don was named the 2017 Boston CIO of the Year ORBIE Award winner by the Boston CIO Leadership Association for his work engaging financial services organizations and banks throughout New England on cybersecurity best practices.

Prior to joining the Federal Reserve, Don was a senior consultant with Hewlett Packard (HP) Enterprise focused on the development and execution of IT transformation strategies for Fortune 500 companies. While at HP, Don successfully managed a number of multi-million dollar international programs.

Don is currently a member of the Bank's Executive Committee and represents the Bank on the System's CIO committee. He is also a founding member of the Advanced Cyber Security Center (ACSC), a Board Member of the Boston CIO Leadership Association and Wall Street Technology Association (WTSA) and is an active member of the Dana Farber Leadership Council (DFLC).


Jen Andre

Senior Director, Orchestration And Automation, Rapid7

 


Carla Brodley

Dean, College of Computer and Information Science, Northeastern University

Carla E. Brodley is the Dean of the College of Computer and Information Science. A Fellow of the Association for the Advancement of Artificial Intelligence (AAAI), Dean Brodley’s interdisciplinary machine learning research has led to advances not only in computer and information science, but in many other areas including remote sensing, neuroscience, digital libraries, astrophysics, content-based image retrieval of medical images, computational biology, chemistry, evidence-based medicine, and predictive medicine.

Dean Brodley’s numerous leadership positions in computer science and her chosen research field of machine learning and data mining include serving as program co-chair of the International Conference on Machine Learning (ICML), co-chair of AAAI, and serving as an associate editor of the Journal of AI Research, the Journal of Machine Learning Research, and Machine Learning. She has served on the Defense Science Study Group, the Computer Research Association Board of Directors, the AAAI Council, and she co-chaired CRA-W from 2008-2011. Currently she is on the editorial boards of JMLR, Machine Learning, DKMD, DARPA’s Information Science and Technology (ISAT) Board and member-at-large of the Information Computing and Communication section of AAAS. Dean Brodley was recently awarded the prestigious NCWIT Harrold and Notkin Research and Graduate Mentoring Award.

Prior to joining Northeastern, she was a professor of the Department of Computer Science and the Clinical and Translational Science Institute at Tufts University (2004-2014), serving as department chair of Computer Science from 2010-2013. Before joining Tufts she was on the faculty of the School of Electrical Engineering at Purdue University (1994-2004). Dean Brodley earned her bachelor’s degree at McGill University in Mathematics and Computer Science, and her MS and PhD in Computer Science from the University of Massachusetts at Amherst.


Sandy Carielli

Security Technologies Director, Entrust Datacard

Sandy Carielli has spent over a dozen years in the cyber security industry, with particular focus on identity, PKI, key management, cryptography and security management. As security technologies director for Entrust Datacard, Sandy guides the organization’s next generation security and technology strategy. Prior to Entrust Datacard, Sandy was Director of Product Management at RSA, where she was responsible for SecurID and data protection. She has also held positions at @stake and BBN. Sandy has been a speaker at RSA Conference, SOURCE Boston, the NYSE Cyber Risk Board Forum and BSides Boston. She has a Sc.B. in Mathematics from Brown University and an M.B.A. from the MIT Sloan School of Management.


Richard Clarke

CEO, Good Harbor LLC

Dick Clarke is CEO of Good Harbor LLC, a boutique cyber security/risk management consultancy. Clarke is a sought-after advisor to leading CEOs, Boards, and C-level executives of Fortune 500 Companies in the US, as well as several state leaders, including the Governors of New York and Virginia, on all issues of cyber-security and risk and crisis management.

Clarke served in the White House for an unprecedented ten years as Special Advisor to the President on Cyber Security, serving under President George H.W. Bush, President Bill Clinton, and President George W. Bush. In this role, Clarke also advised on counter-terrorism and other national security issues. In his role as the nation’s “Cyber-Czar,” Clarke developed the country’s first National Strategy to Defend Cyberspace.  Clarke served on the National Security Council for ten years. Following the Snowden revelations, President Obama asked Clarke to serve on the five-person President’s Review Group on Intelligence and Technology.

On 9/11, Clarke was the national crisis manager.  Previously, Clarke served as Assistant Secretary of State for Political Military Affairs in the first Bush administration and Deputy Assistant Secretary of State for Intelligence under President Ronald Reagan.  

Clarke has served in the White House, the Pentagon, the Intelligence Community, and the State Department. As an Assistant Secretary of State, he was confirmed by the United States Senate. 
Clarke taught crisis management and risk at Harvard’s Kennedy School of Government and is an ABC News-on-Air Commentator, offering expert perspective in crises management, terrorism, and cyber security. 

Clarke is author of eight books. His first book, Against All Enemies: Inside America’s War on Terror (2004) was a New York Times #1 best seller. In 2017, he published Warnings, 14 case studies of experts whose predictions of impending disaster were ignored. His ground-breaking work, Cyber War, was voted by a cyber expert panel as one of the field’s foundational works.

Clarke is Chairman of the Board of Governors of The Middle East Institute. He has been honored with membership in the national Cyber Security Hall of Fame and given the Lifetime Achievement Award for Cybersecurity by the annual RSA Conference. 

Clarke is an advisor to private equity and venture capital firms and has served on the corporate boards of technology companies Veracode, Carbon Black, and Multiplan. Clarke received a B.A. from the University of Pennsylvania in 1972 and a Master of Science (SM) degree from MIT in 1978. He lives in Virginia.


Steve Christey Coley

Principle Information Security Engineer, The MITRE Corporation

 

 

 

 

 


Tim Connelly

Executive Director, Massachusetts Technology Collaborative

Timothy J. Connelly is the Executive Director of the Massachusetts Technology Collaborative, or MassTech. Tim is an experienced leader with distinguished career in financial services, as well as a passion for civic engagement, social impact, workforce development, and regional economic growth.

Tim was most recently employed at Brown Brothers Harriman, where he spent 30 years working as a managing director, and as a General Partner. At Brown Brothers Harriman, he led service delivery enterprise, innovation and product support, and investor services units. He retired from the firm in December, 2014.

He currently serves on the technology advisory board of BDO Consulting. He is a member of the board of directors of the United Way of Massachusetts Bay and Merrimack Valley, and chaired the United Way’s 2014‐2015 development campaign. Connelly is a member of the board of trustees of the Carroll School and New England Disabled Sports, a Corporator of Northeastern University, and he serves on the finance and investment committee at the Cotting School.

Tim has served as part‐time Faculty Member at the Boston College Carroll School of Business and an Executive in Residence at Northeastern’s D’Amore‐McKim School of Business. Tim is a graduate of Williams College, has an MBA from Northeastern University, and holds a Chartered Financial Analyst (CFA) designation.


Greg Dracon

Partner, .406 Ventures

Greg Dracon is a Partner at .406 Ventures with 23+ years of combined venture investing and high tech operating and management experience. Greg co-leads .406’s cybersecurity practice and his current cybersecurity investment portfolio includes AuthAir (sold to LogMeIn), Edgewise, GreatHorn, Onapsis, Pwnie Express, Terbium Labs, ThreatGRID (sold to Cisco), Threat Stack and Vaultive.  Greg is also a Director on the board of the Advanced Cyber Security Center – a non-profit consortium comprised of industry, academic and government leaders establishing New England as a center of excellence for cybersecurity thought leadership. 

In addition to cybersecurity, Greg leads .406’s cloud infrastructure practice and currently serves on the boards of Ambient Devices, CloudHealth, Jisto, Kaltura, MineralTree and Revmetrix.
 
Prior to .406, Greg was a Vice President at the venture capital firm, Core Capital Partners, and, previously, spent a dozen years in a variety of operating and management roles within the high tech industry.

Greg received his BS in Electrical Engineering from Penn State and his MBA from Wharton.


Timothy Edgar

Senior Fellow, Watson Institute, Brown University

Timothy H. Edgar defended privacy as an ACLU lawyer before going inside America’s growing surveillance state as an intelligence official in both the Bush and Obama administrations – a story he tells in Beyond Snowden: Privacy, Mass Surveillance and the Struggle to Reform the NSA.  In 2013, Edgar left government to become a Senior Fellow at Brown University’s Watson Institute and helped put together Brown’s Executive Master in Cybersecurity. Edgar also serves on the advisory board of Virtru, an encryption software company. He is a contributing editor to Lawfare and his work has also appeared in the Wall Street Journal, the Guardian, Foreign Affairs, and Wired. Edgar is a graduate of Harvard Law School and Dartmouth College.


Michael Figueroa

Executive Director, Advanced Cyber Security Center

Michael Figueroa is the Executive Director of the Advanced Cyber Security Center (ACSC), a Boston-based 501(c)(3) non-profit and federally registered Information Sharing and Analysis Organization (ISAO) that is committed to helping New England organizations establish a new baseline for cyber security excellence through enhanced, objective-driven collaboration. Michael has a diverse cyber security background, serving at times as an executive technology strategist, chief architect, product manager, and disruptive technology champion. He promotes an optimistic security approach that emphasizes the need to better assist the users, operators, and business owners in protecting their critical assets versus blaming them for being unable to properly configure and maintain complex technologies. Rather than focus on external influencers that business and mission owners have no control over, he encourages organizations to prioritize what they should do against what they are able to do, without judgement.


Kasha Gauthier

Director-In-Residence for Community Engagement, Advanced Cyber Security Center

At ACSC, Kasha focuses on strengthening the regional Information Security community and furthering ACSC’s education and thought leadership programs. Prior to the ACSC, she served as CFO/COO at Pwnie Express, an Infosec startup.  Previously, she worked at RSA Security, where she held a series of roles across marketing, operations, and finance. Since experiencing firsthand the effects of a security breach, she has dedicated herself for the past 8 years to Cybersecurity and its mission.  She previously worked at EMC, where she led operations for the NY/NJ division, and implemented risk control and management frameworks. She began her career in public accounting, where she earned her CPA and performed forensic audits and consulting for distressed companies.  Kasha holds a BBA in Accounting and Information Systems from the University of Massachusetts of Amherst.


William Guenther

CEO and Founder, Mass Insight Global Partnerships

Bill Guenther founded Mass Insight Global Partnerships in 1989 as a consulting and research firm to organize industry leadership collaborations for regional technology and policy opportunities with universities and government.  

Guenther launched and spun off two collaborative nonprofits.  Mass Insight Education is an education reform group started in 1997 and is now a leading MA and national reform partner.  In 2011, the Advanced Cyber Security Center (ACSC) was launched as a regional cyber security threat sharing and effective practice membership group, led by MITRE and the Boston Federal Reserve Bank, and cited by the White House as a model for regional collaboration.  Guenther chairs the ACSC Board, and Mass Insight Global Partnerships continues to provide program support for the organization, including as a partner with McKinsey & Co. for the Collaborative Defense Benchmarking project.

For over 25 years, Guenther has also led the Survey Research Group, a membership organization that collaboratively conducts public opinion surveys and briefings, including state economic and budget updates.


Joel Jacobs

VP, Chief Information Officer, & Chief Security Officer, The MITRE Corporation

Mr. Joel Jacobs is vice president, chief information officer (CIO), and chief security officer (CSO) of The MITRE Corporation. As CIO/CSO, Mr. Jacobs is responsible for advancing information technology (IT) services, infrastructure operations, and the innovative use of information technologies that enable MITRE staff to effectively serve the company's government sponsors. He leads the Enterprise Computing, Information, and Security organization, which provides comprehensive information technology, knowledge management, enterprise technical computing, information security, and global security services to the corporation.

As CSO, Mr. Jacobs oversees the integration and coordination among information security, global security services, and information systems. He sits on the board for the Advanced Cyber Security Center.

Under Mr. Jacobs’ leadership, MITRE has drawn recognition for its innovative IT practices and for its outstanding work environment for technology professionals from publications including Innovation Week, Computerworld, and CIO Magazine. The company has been among North American Most Admired Knowledge Enterprises (MAKE) award winner in 2009, 2011, 2015, and 2016. Also in 2016, MITRE was named to the InformationWeek Elite 100 list, which recognizes organizations for innovative applications of business technology. In 2017, MITRE placed second in the InformationWeek IT Excellence in Infrastructure awards program, and its corporate IT help desk received HDI's prestigious Team Excellence Award, which recognizes the team that has set and achieved the highest standards of excellence in customer service.

Mr. Jacobs was honored as a Computerworld Premier 100 IT Leader in 2011 and as a Boston Business Journal/Mass High Tech CIO of the Year in 2012. In 2015, STEMconnector® named Mr. Jacobs among its 100 CIO/CTO Leaders in STEM in recognition of MITRE’s dedication to supporting STEM initiatives. He was also a 2015 Federal Computer Week Federal 100 Award winner. 

He holds a bachelor’s degree in psychology and natural science from the University of Pennsylvania. In 2004, he completed the Program for Management Development at Harvard Business School.


Cort Johnson

Co-founder and Partner, Reverb Advisors

Reverb Advisors is an advisory firm investing-in early stage cyber security and data science companies.

Prior to Reverb, Cort co-founded Komand, a security orchestration and automation platform that gives security teams the power to quickly automate and streamline security operations, with no need for code. The company was bought by Rapid7 in 2017.

Before Komand, Cort was a venture partner with Accomplice (formerly Atlas Venture), an early stage venture capital firm, where he invested in cyber security and data science companies. While at Accomplice, Cort co-founded Hack Secure, a syndicate of the top cyber security minds investing in the next generation of cyber security entrepreneurs.

Prior to joining Accomplice, Cort co-founded Terrible Labs. Terrible Labs was a leading developer of custom enterprise software solutions for Fortune 1,000 companies. The company was bought by Autodesk in 2014.

Cort initially got involved in the technology startup community founding DartBoston, an organization focused on enabling early stage entrepreneurs to found and grow technology companies. DartBoston hosted hundreds of events, connecting thousands of people and helped launch many early stage startups including Crashlytics which sold to Twitter for over $100mm in 2013.

Cort earned a BS in Economics and Finance from Bentley University.


Scott Mancini

Information Security Manager, MIT Lincoln Laboratory

Scott Mancini is the Information Security Manager at the MIT Lincoln Laboratory, where he manages all aspects of the laboratory’s Information Security program functions and assigned personnel for the Security Services Department. He leads a large team of dedicated professional staff, focusing on cybersecurity issues in support of National Security. Scott joined Lincoln Laboratory in 2008 after a twenty-one year career in law enforcement, focusing on Computer Forensics.  He also teaches Critical Infrastructure Protection for the Master of Science in Information Assurance and Cybersecurity Program at Northeastern University’s College of Computer and Information Science. Scott’s experience includes incident response, computer network defense, enterprise forensics, risk management and IT security policy and compliance. Scott holds a Master of Science degree in Information Assurance from Northeastern University. He completed his undergraduate work at Roger Williams University, obtaining a BS in Administration of Justice.


John McKenna

Senior Vice President and Chief Information Security Officer, Liberty Mutual Insurance

John has enterprise-wide responsibility for Liberty Mutual’s global information security strategies and programs.  John joined Liberty Mutual in 1979. His career in Information Technology has included assignments as a software developer, data baseanalyst, program manager of enterprise data strategies and strategic development initiatives, Division CIO, and VP of IT Strategy and Planning. John holds a B.S. degree from the University of New Hampshire.   

 


David McSweeney

Vice President of Digital Forensics, Stroz Friedberg

David McSweeney, a Vice President of Digital Forensics in Stroz Friedberg’s Boston office, is responsible for managing the office’s digital forensics lab personnel and operations. Mr. McSweeney oversees technical operations involving the response to technical incidents, data acquisitions, and forensic examinations involving criminal and civil matters.

Mr. McSweeney joined Stroz Friedberg following a twenty-four year career with the Massachusetts State Police, most recently assigned as the Executive Officer in the agency’s Computer Crimes Unit. During his career in law enforcement, Mr. McSweeney spent twenty years primarily focused in the areas of cyber investigations, digital forensics, and technical incident management. Mr. McSweeney has extensive experience building and maintaining cyber investigative and forensic teams, as well as digital forensic lab operations. He was a founding member of the Commonwealth’s first statewide cybercrimes unit at the Massachusetts Attorney General’s Office. Mr. McSweeney also spent fourteen years assigned to the Norfolk County District Attorney’s Office where he founded the digital forensics section and was responsible for directing all personnel and operations for cases involving complex technical investigations, the search and seizure of digital evidence, and digital forensics analysis.

Mr. McSweeney has conducted and managed forensic examinations of computers, networks, storage media, and mobile devices. He has provided expert testimony related to the digital forensic process and findings. Mr. McSweeney has taken part in several professional initiatives that have resulted in the development and release of best practice documents for the search and seizure of electronic evidence and digital evidence handling for law enforcement. Mr. McSweeney has also been a frequent guest lecturer, accomplished in organizing, developing, and delivering instructional presentations to audiences across multiple industries and sectors on topics spanning cybercrime, incident response, search and seizure protocols, investigations, and forensic analysis of digital and multimedia evidence.

Mr. McSweeney is a Certified Information Systems Security Professional (CISSP) with the ISC2, a GIAC Certified Forensics Analyst (GCFA), and an Encase Certified Examiner (EnCE).


Kenneth C. Montgomery

First Vice President and Chief Operating Officer, Federal Reserve Bank of Boston

Kenneth Montgomery

Kenneth C. Montgomery has responsibility for the Bank’s financial and Treasury services, information technology, regional outreach and community development, strategic planning, human resources, corporate support and administrative activities. Mr. Montgomery is the Function Director for the Federal Reserve System’s Financial Support Office and in this capacity has national leadership responsibilities for the Federal Reserve System’s financial management strategies and operations. He is also Chair of the Federal Reserve System’s Conference of Chief Operating Officers and a member of the Financial Services Policy Committee, which sets the strategic direction and oversees the evolving U.S. payment system.


Hans Olson

Assistant Undersecretary for Homeland Security, and the Senior Advisor for Antiterrorism and Cybersecurity, Executive Office of Public Safety & Security, Commonwealth of Massachusetts. 

In this role, Hans oversees multiple agencies and the Homeland Security Grant Process for the state, as well as develops comprehensive antiterrorism and cybersecurity policies.Prior to his role with the Commonwealth of Massachusetts, Hans was the CEO of SubSea Energy North America, an innovative energy company that developed micro-hydropower systems for the Department of Defense.  Prior to this, Hans was a civilian intelligence officer with the Department of Defense and a Navy Reserve intelligence officer working primarily with joint special operations community. He has multiple overseas tours, including two deployments to Afghanistan.

Hans holds an MBA from Babson College, an MPA and a BA from the University of New Hampshire, and has studied at Harvard University’s Kennedy School of Government.


Chris Rezek

Senior Expert Consultant with McKinsey & Company, Risk Management and Business Technology Practices

He is a core leader of McKinsey's cybersecurity practice serving banks, manufacturers, and other enterprises managing information risk as well as investors and technology companies on cybersecurity product‐market strategy. Chris has helped define best practices on cloud risk management with the Cloud Security Alliance and risk technology and operations with the Institute of International Finance. "Beyond Cybersecurity: Protecting Your Digital Business" was published by Wiley in April 2015. He has a BS from MIT and an MBA from Yale.


Jothy Rosenberg

CEO, Dover Microsystems

Jothy Rosenberg has a PhD in Computer Science from Duke University where he remained as CS professor for five years. He left academia and went on to found eight high tech startups in areas ranging from parallel supercomputers to internet security with some internet infrastructure, web services, and document management startups in between. Two of his startups had exits over $100M. In the middle of his string of startups, Jothy did a stint at Borland International where he ran the languages division. Borland moved him to Boston for an acquisition where he has lived for 21 years. In 2009 Jothy joined BAE Systems, a defense contractor and helped lead the DARPA CRASH program to develop a processor immune to cyber attacks. Subsequently in 2015 he moved the project to Draper to further develop it and in 2017 he spun it out of Draper as a commercial spinout and founded Dover Microsystems which he now runs. Jothy has numerous patents, has authored four books, and is the founder of the non-profit The Who Says I Can’t Foundation to help those with disabilities regain their self-esteem through success at high-challenge athletics.


Dr. Michael Siegel

Principal Research Scientist, Sloan School of Management, Massachusetts Institute of Technology. Co-Director, MIT’s Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity (IC)3.

Dr. Siegel’s research focuses on the management, strategy, technology, and organizational issues related to cybersecurity, the intelligent integration of information systems, risk management, insurgency and state stability, data analytics, systems modeling, and security researchers (aka hackers).  Dr. Siegel has published articles on such topics as simulation modeling for cyber resilience, cyber vulnerability markets, insurgencies and state stability, data management strategy, architecture for practical metadata integration, heterogeneous database systems, and managing and valuing a corporate IT portfolio using dynamic modeling of software development and maintenance processes. Dr. Siegel has been at MIT for over 27 years and his experience includes a wide range of publications, patents and teaching accomplishments.

He received his BS in engineering from Trinity College (1977), an MS in engineering from the Solar Energy Laboratory at the University of Wisconsin-Madison (1980), and an MA and PhD in computer science from Boston University (1989).


Yolonda Smith

Director of Product Management, Pwnie Express

Yolonda Smith is the Director of Product Management at Pwnie Express, where she is responsible for the development and launch of capabilities which allow security professionals to prevent IoT based threats from disrupting business operations. A security professional herself, she spent 8 years in the United States Air Force as a Cyberspace Operations Officer with duties and responsibilities varying from Mission Commander, Advanced Network Operations--where her team developed & orchestrated the first DoD Cyber Hunting missions--to Flight Commander, Cyber Defense Capabilities Development where her team developed the first and only malware neutralization tool for Predator Drones.


Richard Mark Soley

Chairman and Chief Executive Officer of OMG®, Executive Director of the Cloud Standards Customer Council, and Executive Director of the Industrial Internet Consortium

As Chairman and CEO of OMG, Dr. Soley is responsible for the vision and direction of the world's largest consortium of its type. Dr. Soley joined the nascent OMG as Technical Director in 1989, leading the development of OMG's world-leading standardization process and the original CORBA® specification. In 1996, he led the effort to move into vertical market standards (starting with healthcare, finance, telecommunications and manufacturing) and modeling, leading first to the Unified Modeling Language TM (UML®) and later the Model Driven Architecture® (MDA®). He also led the effort to establish the SOA Consortium in January 2007, leading to the launch of the Business Ecology Initiative (BEI) in 2009. The Initiative focuses on the management imperative to make business more responsive, effective, sustainable and secure in a complex, networked world, through practice areas including Business Design, Business Process Excellence, Intelligent Business, Sustainable Business and Secure Business.  In addition, Dr. Soley is the Executive Director of the Cloud Standards Customer Council, helping end-users transition to cloud computing and direct requirements and priorities for cloud standards throughout the industry. In 2014, Dr. Soley helped found the Industrial Internet Consortium and (IIC) serves as Executive Director of the organization. The IIC was formed to accelerate the development, adoption and wide-spread use of interconnected machines and devices, intelligent analytics, and people at work. The members of the IIC catalyze and coordinate the priorities and enabling technologies of the Industrial Internet. 

Dr. Soley also serves on numerous industrial, technical and academic conference program committees, and speaks all over the world on issues relevant to standards, the adoption of new technology and creating successful companies.  He is an active angel investor, and was involved in the creation of both the Eclipse Foundation and Open Health Tools.


Roberta G. Stempfley

Director, Software Engineering Institute, CERT Division, Carnegie Mellow University

Roberta G. (Bobbie) Stempfley is Director of the Software Engineering Institute, CERT Division at Carnegie Mellon University. A federally funded research and development center, SEI helps government and industry organizations develop and operate software systems that are secure and reliable. The CERT Coordination Center was founded at the SEI in 1988 as the world's first computer security incident response team.  Bobbie previously served as director of cyber strategy implementation at MITRE Corp. and as acting assistant secretary and deputy assistant secretary, Office of Cyber Security and Communications, Department of Homeland Security. In addition to her work at DHS, Bobbie previously worked in the DoD as CIO of the Defense Information Systems Agency and as chief of the DoD Computer Emergency Response Team, which she established.


Colin Zick

Partner and Chair, Privacy and Data Security Practice Group, Foley Hoag, LLP

Colin J. Zick is a partner with Foley Hoag LLP, where he serves as Chair of its Data Privacy & Security practice group.  He counsels clients ranging from the Fortune 1000 to start-ups on issues involving information privacy and security, including compliance with state, federal and international data privacy and security laws and government enforcement actions.  He also frequently counsels technology and consumer-facing clients on issues involving information privacy and security (including the GDPR and Privacy Shield, HIPAA and other U.S. federal and state data privacy and security laws, privacy policies, cloud security, cyber insurance, the Internet of Things, and data breach response). 

Colin co-founded the firm's Data Security and Privacy Practice Group and regularly contributes to its "Security, Privacy and the Law" blog, www.securityprivacyandthelaw.com.  He speaks regularly on a variety of subjects relating to privacy and security, including to the Association for Corporate Counsel on breach response, on cyber risk and insurance at the New York Stock Exchange, to the Mass Technology Leadership Council, the French-American Chamber of Commerce, and to the members of the Massachusetts Hospital Association, the Massachusetts Medical Society and the Boston Bar Association, and with representatives of the Office of the Attorney General of the Commonwealth of Massachusetts and the Office of Civil Rights of the Department of Health and Human Services.  He is the editor of the two most recent editions of the Massachusetts Health Information Management Association’s Medicolegal Guide to Health Record Information.

Colin has been ranked as one of the Best Lawyers in America® since 2015, ranked by CHAMBERS USA as one of Massachusetts' leading health care lawyers since 2010, and he has been selected by his peers as a Massachusetts “Super Lawyer” since 2004.  Colin also serves as a member of Law360’s Privacy & Consumer Protection editorial advisory board.