Law and Forensics
Daniel Garrie, Esq., is a distinguished neutral with JAMS, an arbitrator, mediator, and special master with expertise in cybersecurity, data privacy, e-discovery, and intellectual property. He is the Founder and Managing Partner of Law & Forensics LLC, where he leads the cyber security and forensic practice teams and frequently testifies as an expert witness on e-discovery, cybersecurity, and computer forensics. Daniel is also a Fellow of the Academy of Court-Appointed Neutrals and an Adjunct Professor at Harvard in the School of Continuing Education, teaching Information Security, Computer Forensics, and Cybersecurity Law. Recently, Daniel was notably retained as the designated cybersecurity expert for the U.S. Government in U.S. v. Joseph Sullivan (N.D. Cal. No. 20-cr-00337-WHO), although he was not ultimately called to testify.
Daniel Garrie's presentation at the 2024 Converge Security Conference will serve as a crucial guide for technology professionals navigating the new terrain of cybersecurity regulation. This presentation will address the complex interplay between heightened regulatory scrutiny, executive liability, and the strategic response required within organizations.
The discussion will begin with an exploration of the recent developments in cyber regulation, notably underlined by the U.S. Securities and Exchange Commission's (SEC) enhanced enforcement. Garrie will dissect cases like the SEC's action against SolarWinds' CISO, and the profound implications of the SEC's 2023 rules on "Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure". These developments have broadened the accountability scope, affecting not just technology executives but also board members, marking a significant escalation in the liabilities faced at the highest organizational levels.
Garrie will argue for a fundamental change in perspective: cybersecurity must evolve from being a technical issue to an integral aspect of an organization’s strategic planning. He will stress the necessity for cybersecurity to be recognized and managed as a cross-functional, enterprise-wide concern, involving all tiers of an organization.
The presentation will offer actionable strategies for achieving this integrative approach. Garrie will highlight the pivotal role of thorough risk assessments and comprehensive tabletop exercises. These are not just tools for technical analysis; they are essential for testing an organization's overall preparedness and resilience against cyber threats. He will emphasize how these exercises can reveal vulnerabilities and foster a culture of proactive cybersecurity awareness throughout the organization.
Additionally, Garrie will focus on the critical need for consistent and effective communication between security leaders and other senior executives. This communication is key to ensuring that cybersecurity considerations are understood and integrated into the broader business context. He will offer insights into developing these communication channels, bridging the gap between technical and strategic domains.
In conclusion, this talk promises to equip attendees with a nuanced understanding of the current regulatory landscape and its implications for technology leaders and board members. It will provide practical strategies for embedding a holistic approach to cybersecurity within their organizations, emphasizing the importance of comprehensive risk management and strong executive communication. This knowledge is essential for adapting to the evolving landscape of cyber regulations, ensuring organizational compliance, and enhancing overall resilience against cyber threats.