Data Protection Information Security
Resume:
Doug Knehr
JD, MBA, BS, CISSP, FIP, CIPM, CIPP/US
* **** ***., ******* ****, NJ 08824
609-***-**** ad4a7h@r.postjobfree.com https://www.linkedin.com/in/doug-knehr/ Portfolio: https://dougknehr.wordpress.com/
Differentiators:
Information Security + Privacy + Governance
CISSP + (IAPP- FIP, CIPM, CIPP + AI Certs -Governance) + (Expertise gained at 8 Multinational orgs)
Of the 5 common CISO archetypes for this role, (Executive, Engineer, GRC Guru, Technician and Builder), I am a GRC / Builder and cross-functional governance driven CISO/DPO/CPO SME. I have a 9-time proven ability to scale cybersecurity, privacy, data protection and AI governance programs in harmony, at scale, across 100+ countries to 36,000+ employees. Whereas most individuals have not had the benefit of learning lessons from working in 9 global enterprises or whereas they have been restricted to interpretation to the detriment of operationalizing, or have had no cross-functional exposure as CISO, CPO, DPO, Sr. Cybersecurity SME, and have been limited by jurisdiction and a single technology footprint, I however have built and matured 8 privacy, information security GRC and AI governance programs without breach, and assisted 1 global enterprise, specifically for post-breach work. My unique cross functional expertise has been delivered for the entirety of the c-suite ( GCs, CPOS, DPOs, CIOs, CTOs, CDOs and CISOs).
Strengths: Operationalizing Cyber Risk, Information Security Governance, Privacy-Data Protection, Insider Threat, Incident Response, AI
prompt engineering and risk identification, Generative AI Model Considerations & Vulnerability reviews
Security & AI framework : NIST AI Risk Management Framework, NIST 800-53, ISO 270**-*****, 27701:2019, NY Shield, NYDFS 500, OWASP,
NERC, Breach and Attack Simulation MITRE ATT&CK framework
Privacy framework expertise: EU(GDPR + EU regs), USA (CCPA, CPRA, VCDPA, UCPA), PCI, CAN-SPAM, TCPA, CASL, Privacy Shield, HIPAA
Privacy Tooling expertise: GRC: Archer, Metric Stream, ZenGRC, Unified Compliance Framework, OneTrust, Nymity TrustArc, DPOrganizer, Integris, BigID
Security & Data Protection Tech:BIGID, Microsoft Cloud Access Security Broker (CASB), QRadar, Radarfirst, Alation, Microsoft O365 Safety & Compliance Center, Azure Rights Management, Microsoft Purview and MS data protection technologies, Splunk, Sumo Logic
EDUCATION
Degree-JD, School-Stetson (Doctoral Degree)
Degree MBA, School-Rutgers Graduate School of Management
Degree-BS, School-Rutgers University Cook College, NJ
Trainings-See Complete list of 260+ security, privacy & AI trainings attached
CERTIFICATIONS & LICENSES
Security Certifications:
Certified Information Security System Professional (CISSP) 2015
Privacy Certifications:
IAPP-Fellow of Information Privacy (FIP) 2017
IAPP-Certified Information Privacy Manager (CIPM) 2014
IAPP-Certified Information Privacy Professional (CIPP/US) 2014
Licensed :
New Jersey Bar (1999)
DC Bar (2019)
Certifications & Training In Progress
OneTrust: Assessment Automation Expert
OneTrust: Consent & Preference Management Expert
OneTrust: Data Mapping Expert
OneTrust: Data Discovery Expert
OneTrust: Assessment Automation Expert
OneTrust: Data Subject Requests Expert
OneTrust Incident Response Expert
Certified Cloud Security Professional (CCSP)
Certified Ethical Hacker (CEH)
SumoLogic Training
AI Certs
AI GOVERNANCE DATA PROTECTION TRAINING AREAS
001.01.00-GEN AI FOUNDATION MODEL CONSIDERATIONS
001.01.01-Generative AI Use Cases
001.01.02-Question About Foundational Model
001.01.03-Privacy or Intellectual Property.
001.01.04-Data Availability.
001.01.05-Quality & Accuracy.
001.01.06-Effort to build
001.01.07-Security
001.01.08-Costs
001.01.09-Committees
001.03.10-Day-to-day usage
001.05.00-GENAI-SOFTWARE USING GENERATIVE AI
001.05.01-Use Case-Reputation Mgmnt
001.07.00- LIFECYCLE OF GENERATIVE AI PROJECTS
001.07.01-Stages
001.07.02.01-Improvement Processes Highly empirical (experimentative
001.07.02.02-(Improvement Processes)-RAG (Retrieval augmented generation)
001.07.02.03-(Improvement Processes)-Fine Tuning
001.09.00-ALGORITHMIC SYSTEM CONSIDERATIONS (005)
001.09.01-Design Considerations
001.09.03-Data Considerations
001.09.05-Development
001.09.07-Deployment
001.11.00-Task Analysis Of Jobs
001.11.01-Automation opportunity identification
001.11.03-Augmentation vs Automation
001.90.00-TEAMS TO BUILD GENERATIVE AI SYSTEMS
010.00.00-VULNERABILITIES, RISK & MITIGATION CONSIDERATIONS
010.01.00-GENERAL AI RISKS
010.01.01-Data Poisoning:
010.01.02-Model Theft:
010.01.03-Transparency, and Accountability
010.01.041-Bias and Discrimination:
010.01.042-Bias and Discrimination-Possible bias during RLHF (Reinforcement L...
010.01.05-Model Security:
010.01.06-False Results, aka AI “Hallucinations”
010.04.00--LEGAL RISKS
010.04.01-GDPR-Right To Erasure
010.04.02-Algorithmic Disgorgement & Destruction
010.05.00-CYBER SECURITY RISKS
010.05.01-(CyberSec Risks)-PROMPT MODEL VULNERABILITIES
010.05.01.01-Injection Risk
010.05.02-AI Attack Tactics & Techniques
010.07.01-Mitigation -Training Tactics- Reinforcement Learning From Human Fee...
010.90.01-CYBERSECURITY TOOLING
040.00.00-LLMs
040.01.00-LLMS - Generating Text using LLMS
040.02.00-LLM Potential Tasks (Not definitive)
040.03.00-LLM Limitations
040.04.00-How LLMs Follow Instructions
040.05.00-CHOOSING AN LLM MODEL
040.05.01-Model Size
040.05.02-Closed Source or Open Source
040.07.00-TOOL USE AND AGENTS VIA SOFTWARE
040.90.00--PROMPTING TIPS FOR LLMS
050.00.00-Image Generation (Diffusion Model)
060.00.00 Artificial General Intelligence
AWARDS
DPO Group Avanade 2019 Data Protection Officer Rockstar Award
CISO Group Avanade 2019 CISO Incident Response Superhero Award
EXPERIENCE
Position : Cybersecurity Post Incident SME (Contract)
Company: Infosys Ltd
Dates: January 2024 to March 1, 2024
Location: City-Remote, State-NJ
Advising during 3-month period focused on post-breach crisis management
Managing data subject notifications, CISO and enterprise communications, direct client notifications
Advising on cyber litigation and privacy data breach driven SLA and contract claims and notification strategies
Contributing to knowledge needed for attorney general, regulator and securities exchange interactions
Management of forensics reporting artifacts and related disclosure strategies
Position: Cyber Risk, Compliance, and Data Privacy SME To GC, Compliance, CISO (Contract)
Company: Yahoo
Dates: January 2023 to December 2023
Location: City-Remote, State-NJ
Lead 95+ teams over 1 year to mature/establish a data protection controls GRC program via an enterprise-wide impact assessment effort across Yahoo
Developed customized cyber risk reduction and data protection privacy engineering advisory across the Yahoo technical ecosystem with particular emphasis in data science, ML, AI systems
Continuous Improvement SME served as the subject matter expert (SME) collaborating with Legal, Compliance, CISO and AI/Analytics teams to mitigate privacy and data protection engineering control risk.
Position: Data Protection Officer-(Interim)
Company: Lucira Health (Medical Device Startup) Dates: May 2022 to August 2022
Location: City-Remote, State-NJ
Implemented a global information security and data protection privacy program from the foundation.
Managed the drafting of global Data Transfer Addendums, Standard Contractual Clauses, Privacy Statements, and Cookie Notices.
Managed multi-country outside counsel and provided product counseling for the multi-country launch, ensuring compliance with NIST, ISO and local data protection security frameworks and alignment with HIPAA, GDPR, CCPA, PIPEDA.
Counseled product security and privacy for multi country launch
Served as the sole data protection security expert, creating budgets, and operationalizing various heavy lift initiatives, including:
DLP (Data Loss Prevention) implementation.
Acting as a Microsoft Data Protection Subject Matter Expert (SME) and utilizing data protection technologies.
Implementing MCAS (Microsoft Cloud App Security) privacy measures.
Conducting data discovery and managing SIEM detection for insider threat data protection.
Establishing GRC (Governance, Risk, and Compliance) foundational programs and a WISP (Written Information Security Program).
Addressing security obligations under Standard Contractual Clauses and distributor agreements.
Conducting HIPAA Security Risk Assessments and utilizing MS and AWS Safety and Compliance technologies.
Providing expert guidance to a 300-person company on NIST, ISO 27001, GDPR, CCPA, CPRA, PIPEDA, HIPAA, and local privacy and data protection laws.
Developing and operationalized privacy program, and budget including:
Incident response program.
ROPA (Records of Processing and Inventory) program.
Cookie technology program.
Consent and preference management program.
Individual Rights Response program, including DSAR (Data Subject Access Request) lookup methodology.
Privacy and data protection research program.
PIA/DPIA (Privacy Impact Assessment/Data Protection Impact Assessment) assessment automation and mitigation efforts.
Data mapping and data flows.
Privacy program product launches.
Established both CPO (Chief Privacy Officer) and DPO (Data Protection Officer) offices.
Ensured accuracy of security representations in global data transfer addendums.
Drafted legal documents for lawful transfer mechanisms, including SCCS (Standard Contractual Clauses), DTA (Data Transfer Agreements), and DPPs (Data Protection Provisions).
Implemented a retention program (technology and methods).
Utilized Trust Arc and OneTrust
Generated Alation data catalog.
Provided guidance to various business groups on privacy concerns.
Utilized Big ID for data discovery and policy generation.
Position: Data Protection Privacy Subject Matter Expert (SME) to CIO & GC (Contract Advisory)
Company: The Clorox Company
Dates: April 2021 to March 2022
Location: City-Remote, State-NJ
Data Protection Privacy
Advised the complete rebuilding of the data protection and privacy program in Target Process Online.
Served as the sole data protection and privacy SME, focusing on maturing the technical implementation and engineering underpinning of privacy and data protection within Target Process models.
Implemented data protection privacy processes as an SME and (effectively as Chief Privacy Officer (CPO) in absence of a CPO), including the Privacy Operating Model.
Drafted policies, standards, and controls that integrate privacy with information security and data protection controls for the CTO, GC, and CISO teams
Position: Cyber Risk Privacy Subject Matter Expert-(SME To CISO (Contract Advisory))
Company: Mondelez International
Dates: July 2020 to February 2021
Location: City-Remote, State-NJ
Cyber Risk
Developed cyber risk governance maturity modeling (COSO) and risk quantification for the CISO and Board of Director committees
Drafted policies, standards, and controls for the security program.
Privacy
Control SME -Advised and participating in the complete rebuilding of the data protection privacy program at the domain and control level.
Matured an international security and privacy program for the CISO by developing innovative standards, controls, procedures, and metrics that implemented a global privacy framework tied to data security frameworks, resulting in a comprehensive program tailored to the organization.
Created innovative Schrems II solutions by leveraging unique security and privacy framework GRC (Governance, Risk, and Compliance) methodologies.
Advised on the launch of a consent and preference management platform and maturing the Incident Response program.
Drafted policies, standards, and controls for the privacy program.
Position: Chief Privacy Officer And Data Protection SME ((Interim)Contract Advisory)
Company: Acoustic (Ad Tech MarTech)
Dates: December 2019 to January 2020
Location: City: New York City, State-NY
Strategized for the post-acquisition design of a global privacy program at a start-up Adtech (purchased by a private equity firm) focusing on drafting and implementing controls aligned with ISO 27001, CCPA (California Consumer Privacy Act) and GDPR (General Data Protection Regulation) requirements.
Position: Information Security Privacy SME to CISO, DPO, GC
Company: Avanade Inc.
Dates: February 2018 to December 2019
Location: City-Remote, State- NJ
Key Achievements: SME to 24 country privacy data protection program for CISO & GC-1 of 3 privacy and data protection counsel to 36,000 employees
Awards: 2019 Data Protection Officer Rockstar Award
2019 CISO Incident Response Superhero Award
Information Security, Cyber Risk & Incident Response
Advised CISO and GC on security frameworks, risk assurance as a SME and counsel for 24 subsidiary entities
Approved crisis management escalation handling for CISO
Guiding the CISO, GC and DPO to integrate GDPR data protection, privacy and cyber security regulatory operational and risk framework requirements into operations.
Led cyber wargaming tabletop exercise planning
Resolved privacy and organizational cyber risk incidents internationally for incident response / breach response
Provided expert advice across all major departments international data protection events (incidents) across 24 countries
Risk Assurance and GRC
Expert development of 24 country GRC information security program -1 of 3 SMEs (Small Team Greenfield Launch expertise)
Expert in information security GRC and Privacy GRC (ZenGRC, Archer, Metric Stream, UCF)
Policy, standard, control drafting for security program
Leveraged ISO27701-2019 and Microsoft expertise to design jurisdictionally relevant governance rules including the use of Azure rights
management and O365 Safety & Compliance center
Designed privacy and information security by design control sets including within cloud environments
Purple Team type cross functional expert between CISO, DPO, GC (Advised on penetration testing standards and red team / blue team efforts)
Resolved application security control issues and cloud OWASP resolution, especially within incident response handling
Compliance Center controls to effect international data protection governance across 23 countries
Built WISP (written Information Security Program) and data protection plans globally
Threat modeling guidance involving the Mitre Attack framework
Provided guidance on insider threat and detection/deterrents
Recommending technology and technology revisions based on operational, legal and contractual requirements to meet international cyber security and data privacy GRC needs
Implemented technologies as SME (Data Protection, Consent, Encryption, Privacy Tracking)
Privacy Operations & Advisory
Directly advised CISO, GC, DPO and all business units on privacy and data security frameworks – Significant Operational Expertise
Expert development of 24 country Governance Risk Compliance (GRC) privacy program -1 of 3 SMEs (Small Team Greenfield Launch expertise)
Directly advised DPO, GC and CISO on operational privacy initiatives
Expert in GDPR, CCPA, ISO 27701:2019, NIST 800-53, NYDFS and a variety of global privacy and data protection frameworks
Privacy and data protection expert across EU and Americas negotiating and drafting commercial contracts including terms and conditions governing consumer data
Worked daily with product and security engineering teams proactively managing privacy and data protection legal risk
Guiding Data Protection and GDPR (General Data Protection Regulation) strategy implementation teams
ZenGRC, Onetrust, Nymity, TrustArc, SME. Significant expertise across a variety of data protection technologies.
Application of privacy-by-design principles, conducting and documenting privacy assessments, including data privacy impact assessments (DPIAs), legitimate interest assessments (LIAs), international data transfer adequacy assessments, and inbound and outbound privacy and security due diligence.
Created a 24 country jurisdictionally relevant trigger set against GDPR, CCPA, NIST, ISO to effect PIA, DPIA, DPbD
accounting for local country regulation, and the latest jurisdictionally relevant regulatory guidance
Due diligence reviews of regular flow-down assessments within privacy and information security domains to hold processors and sub-processors in compliance against negotiated terms,and served as data privacy expert to ensure flow-downs are current against global regulatory requirements.
Filtered the present state of data protection capabilities with the development of data protection protocols to baseline capabilities and rationalize the same against operating jurisdictions to enhance the speed of the contracting process and reduce compliance risk.
Utilized security monitoring tools, data discovery tooling, data classification tooling to meet privacy regulations and cyber regulatory regulations
Preparation to present security tooling to works councils
Privacy Data Protection & Drafting
Drafted consents, privacy notices, data transfer agreements and other documents for lawful transmission of data.
Drafted Legitimate Interest Tests, PIAs(Privacy Impact), DPIAs (Data Protection Impact Assessments)(including multi country implementing law compliance)
Policy, standard, control drafting for privacy program
Advised on BCR (Binding Corporate Rules), SCC (Std Contractual Clauses)
Modifying legal agreements (DTAs, Model Clauses, Contract Addendums, Notices, Policy)
Contract drafting of data protection protocols, MSA clauses with focus on privacy and security
Creating technologies internally to effect compliance and data protection regulation globally within the organization
Position: Chief Information Security Officer(CISO) and Director Information Security Governance (Dual Interim)
Company: Santander Holdings USA & Santander Securities LLC
Dates: August 2017 to January 2018
Location: City-Holmdel, State-NJ
DUAL INTERIM ROLES
Designed an information security governance, risk, and compliance program embedded into the 1st Line of Defense for six entities across the USA.
Presented information security governance findings to the Board of Directors at the holding company.
Operationalized data protection efforts within the 1st Line of Defense.
Embedded NYDFS (New York Department of Financial Services) regulations, Privacy by Design principles, and data protection regulations such as GDPR (General Data Protection Regulation), GLBA (Gramm-Leach-Bliley Act), DPbD (Data Protection by Design), state data protection laws, breach notification requirements, data destruction regulations, financial health industry security, and privacy regulations into the 1st Line of Defense.
Served as the Interim CISO for Santander Securities LLC.
Position: Information Security Privacy SME to CISO, DPO, GC
Company: Avanade Inc.
Dates: May 2016 to August 2017
Location: City-Remote, State-NJ
Key Achievements:
Implemented and matured incident response platform to integrate privacy and information security.
Implemented and matured a GRC platform
Implemented and matured a Written Information Security Program
Designed a privacy program based on GDPR capable of meeting international data privacy regulatory changes across 23 countries.
Implemented from green fields a GDPR and International Data Protection privacy program advising across 23 countries
Matured SDLC and security assurance efforts (emphasis on pen testing standards)
Led CISO audits across ISO 270**-*****, NIST 800-53 and various NIST control docs, Sans CSC, HIPAA security and privacy controls
Served in both a privacy counsel and senior information security officer capacity for the CISO and GC depts across 23 countries
Advised on technology, privacy and information security aspects for contract matters including Master Services Agreements, Vendor Agreements, Professional Services Agreements, Work Orders / SOW's, Software Licensing Agreements, Non-Disclosure Agreements
Reviewed and reduced cyber risk internationally across WISP (written Information Security Program) including but not limited to SOC, breach management, pen testing procedure review, Disaster Recovery, NIST/ISO framework audit and cyber risk review of broad CISO activities
Designed 23 country GDPR program
Advised on Penetration testing standards
Assessed privacy and information security controls, including BCR (Binding Corporate Rules), SCC (Standard Contractual Clauses), security monitoring tools, security tools legal requirements, privacy regulations, and cyber regulatory regulations, and rationalized them against works council requirements, international and domestic laws, and operational requirements.
Implemented international privacy and cyber regulatory requirements for international incident and breach response
Recommended based on operational, legal and contractual requirements the technology to meet international cyber security data privacy
Guided the CISO and GC suite to integrate GDPR privacy and cyber security regulatory operational and frameworks into operations.
Provided expert advice across all major departments regarding cyber regulatory risk
Position: Information Security Privacy SME (Contract )
Company: DTCC
Dates: July 2015 to December 2015
Location: City-Jersey City, State-NJ
Consultant and counsel providing advice on information security, data privacy, and cyber risk across more than 18 foreign jurisdictions, including the European Economic Area (EEA) and the USA.
Generated technical cyber risk and information security metrics, Key Performance Indicator (KPI) reports, risk data, and enterprise-wide cyber risk reduction strategies.
Provided consultation and counsel on cyber IT controls and data privacy controls.
Supported the development of a data privacy strategy, data transformation roadmap, and long-term strategic priorities for cyber risk reduction through information security and data privacy data transfer initiatives.
Consulted on the revamp of a multi-organization, multi-country information protection and data privacy department, including areas such as vendor management, privacy policy, charter, and daily privacy counseling.
Advanced global cyber security governance by conducting security risk assessments, identifying threats, establishing global reporting systems and procedures for risk, creating training and awareness plans, and integrating risk reporting matrices.
Contributed to cyber investigations, forensics, risk trend analysis, vulnerability exercises, and addressing security operations center (SOC) issues that filtered into the General Counsel's office.
Addressed security awareness, encryption concerns, network security, vendor protection, data protection, and privacy matters.
Engaged in significant international cyber security and data privacy work for numerous business units, from framework development to risk assessment, and provided board-level recommendations.
MEMBERSHIPS / ASSOCIATIONS: ISC, IAPP, RUTGERS MBA, STETSON
Douglas S. Knehr,JD, MBA, BS, CISSP,FIP, CIPM, CIPP
ad4a7h@r.postjobfree.com M: 609-***-****
CISSP -2015 CERTIFIED INFORMATION SECURITY SYSTEM PROFESSIONAL
FIP -2017 FELLOW OF INFORMATION PRIVACY
CIPM -2014 – CERTIFIED INFORMATION PRIVACY MANAGER
CIPP – 2014 – CERTIFIED INFORMATION PRIVACY PROFESSIONAL
JD – 1999 - STETSON LAW ALUMNI
MBA – 1994 - RUTGERS GRADUATE SCHOOL OF MANAGEMENT ALUMNI
BS- 1992 RUTGERS
https://www.linkedin.com/in/doug-knehr/ https://www.DougKnehr.Wordpress.com
Training Outside of work
2014-2024
1
CIPM Certified thru IAPP
2014
2
CIPP Certified thru IAPP
2014
3
Certified Information System Security Professional
15-Jul-15
4
Internet of things – Data Privacy Considerations
5
Everything you need to know about HIPAA
10/1/2014
6
Online Practice Management – Online Marketing Bootcamp
6/3/2015
7
Extensive online privacy and related information security training as found at my portfolio site at:
5/1/2015
8
MCBA: Online Marketing Boot Camp
6/3/2015
9
MCBA: Special Education Rights
6/16/2015
10
The Internet of Things: Data Privacy Considerations
6/30/2015
11
A Practical Guide to Meeting Cyber Security Requirements
7/1/2015
12
Security Lessons Learned from Target, Niemen Marcus, Sony and Other Breaches (Ultimate Windows Security.com and LogRhythm 7-28-201*-*** min Seminar)
7/28/2015
13
Cutting Edge Etch for Sole Practitioners
2/6/2016
14
Top Security Trends for 2014-2015
9/21/2015
15
Lessons Learned from 2015 Verizon Data Breach
9/24/2015
16
US-EU Safe Harbor What Now
10/9/2015
17
Cyber Security Future Threats To Financial Industry
10/15/2015
18
Top 5 Things The CISO needs to know about data privacy
10/15/2015
19
Cyber Threats - Focusing on Home User Security
10/21/2015
20
Managing Innovation Risk
10/28/2015
21
Aligning your hr practices w evolving privacy rules in Latin America
10/29/2015
22
Vendor Risk Data Breach and its business
11/4/2015
23
Penetration testing - Keeping It Real
12/1/2015
24
Phish Me
12/2/2015
25
Beyond Buzzwords - defense in depth
12/2/2015
26
Nymity: Demonstrating compliance
12/16/2015
27
Safe Harbor Data Transfer
12/19/2015
28
Kapersky GoToWebinar - Cybersecurity Forecast: What’s on the Horizon?
1/28/2016
29
NJAJ New Brunswick Cutting Edge Technology for sole practitioners
2/6/2016
30
Cyber Security For Financial Services Industry
3/2/2016
31
Dude Where's My data - Inside the internal security Data exfiltration study
3/17/2016
32
ACC: Negotiating the Cloud: An Overview of Key Issues in the Cloud
3/24/2016
33
The only constant is change - GDPR and Data Privacy
4/14/2016
34
Flipping the Economics of Cyber Attacks
4/19/2016
35
Global Mobility Issues and Challenges for Employers
4/20/2016
36
Cloud Security Threats and resolutions: A Meeting of The Minds
4/27/2016
37
ACC Webcast CLE/CPD Fees: Relationship Between Cyber Breaches and IG
4/28/2016
38
Pre and post-trial motions
5/9/2016
39
GoToWebinar - Don't be Afraid of the Dark III: Solving Data Security with File Analysis -ZL Technologies' Dark Data Webinar series will focus on the security portion of file analysis
5/9/2016
40
GDPR Comprehensive: New York
5/17/2016
41
Studying For Certified Ethical Hacker
4/12/2016
42
Metric Stream 63 minutes -Role of Audit in CISO dept
6/10/2016
43
Privacy Shield Is Here - What You Need TO Know
7/21/2016
44
New Technology that revolutionizes vendor risk management
7/21/2016
45
Avanade - Information Security Brown Bag
7/26/2016
46
Tenable - 13 essential steps to address the security req of the new general data protection regulation
7/27/2016
47
Sans Data Breach Summit: assessment, Compliance & Communication
8/18/2016
48
Device Fingerprinting
9/9/2016
49
PLI: Privacy Shield Boot Camp 2016
9/12/2016
50
Cybersecurity 2016: Managing Cybersecurity Incidents
9/20/2016
51
Changing The role of the cpo in today’s privacy eco system
9/22/2016
52
Tracking Targeting Customers Online, on mobile and social media
10/20/2016
53
Encryption: A Gathering Global Storm
11/1/2016
54
cybersecurity regulation in US governing frameworks
11/10/2016
55
EU Privacy Dawn Raids
11/29/2016
56
Splunk ransomware endpoint
12/13/2016
57
Client data protection community of practice
12/14/2016
58
FARS DFARS req for fed govt contractors - coal fire
12/5/2016
59
Splunk Ransomware
12/19/2017
60
Ethics of electronic info 2016
12/30/2016
61
Privacy Data Security Litigation-PLI
12/31/2016
62
California Privacy Law
12/31/2016
63
Evolving legal ethics
12/31/2016
64
Cyber Security Best practices for legal serv providers
1/18/2017
65
Adv Data Privacy, Cyber Security Breach and TCPA class action litigation
1/20/2017
66
Best Practices to create data inventory to meet GDPR compliance
1/24/2017
67
Best Practices for GDPR compliant privacy notices
1/30/2017
68
NY Cyber security reg
1/31/2017
69
Data Visualization
2/8/2017
70
High Performing Compliance & Ethics Programs
2/21/2017
71
Govt Investigations 2017 - inv arising from data breach
2/24/2017
72
The New Cybersecurity Landscape - What the NYDFS Regs really mean for your business
3/9/2017
73
Successful Audits
3/6/2017
74
China's Cyber Security Law
3/7/2017
75
Privacy Issues on Mobile
3/14/2017
76
Operationalizing legitimate interests
3/16/2017
77
Data Mapping
3/23/2017
78
Data Protection Masterclass: Cyber security trends to watch
3/29/2017
79
Iso compliant risk - mind manager
4/5/2017
80
Managing Privacy & Data Security Risks in M&A
4/5/2017
81
Managing Privacy Risk
4/20/2017
82
Cracking Chinas cyber security law - how an audit can help your business prepare for compliance
4/27/2017
83
Financial Services Tech 2017 Avoidance of Risk
5/5/2017
84
Integrated business continuity management, pathway to resilience
5/10/2017
85
Ransomware
5/18/2017
86
Cloud Computing 2017 - key issues and practical guidance
5/22/2017
87
Traditional PIA to DPIA
5/23/2017
88
Using safety act to demonstrate reasonable cybersecurity plans
5/24/2017
89
Resilient on GDPR
5/24/2017
90
Microsoft on Data Protection tools to implement
5/24/2017
91
UCF Mapping
5/25/2017
92
Consent events
5/25/2017
93
18th annual institute on privacy and data security law
94
GDPR Is Less Than A Year Away: Are You On Track
6/6/2017
95
SANS - Practical threat Modeling for Financial Orgs
6/6/2017
96
Consent Issues
6/20/2017
97
Is a personal data inventory required
6/22/2017
98
Is a PI Necessary
6/29/2017
99
The human Side of GDPR
7/11/2017
100
3 steps to stop data protection sprawl
11/7/2017
101
The Future is Here,
Contact this candidate