Law Seminars International Presents: A Comprehensive Two-Day Conference on

Cybersecurity: Technology and the Law
From risk identification through implementation of management plans

August 13 & 14, 2015
Portland Marriott Downtown Waterfront in Portland, OR

Who Should Order This Homestudy

Attorneys, business executives, government officials, information security professionals and consultants involved with critical infrastructure and sensitive information needing protection from cyber attacks

Why You Should Order

Massive cyber attacks and data breaches have grabbed headlines, upended companies, and shaken consumer confidence in the safety of their information. Sony, Anthem and Premera are only the most recent companies to that find their names on the front pages and whose breaches have affected tens of millions of consumers. Consumer information, however, is by no means the only data at risk as companies collect, store and mine exabytes of data for purposes ranging from health care monitoring to location tracking for push advertising.

The data itself is not our only concern. Our privacy and anonymity are also called into question by the proliferation of information about all of us that is collected, mined, sifted, traded and sold by thousands of companies, dozens of governments and unknown numbers of criminal syndicates. The explosive growth of the Internet of Things, location services and WiFi enables cyber hackers, online advertising companies and the government to track and record an individual's physical movements as well as their online activity. Hackers may be able to open the door of your house or disable your car if you are accessing them remotely yourself. Companies in this industry may find themselves liable to people suffering physical harm.

The level of risk and severity of potential consequences vary from industry to industry and company to company. The challenge for every company is to accurately assess cybersecurity risks and address them in a cost-effective way.

Some of our speakers have been actively involved in development of the National Institute of Standards and Technology (NIST) Cybersecurity Framework and other aspects of cybersecurity planning. Other speakers know how to leverage industry standards and best practices to protect systems and detect potential problems, including legacy systems, along with processes to keep informed of current threats and be prepared for timely response and recovery. Join us for a stimulating and enlightening discussion of cybersecurity policy, risk management, and practical lessons learned.

~ Sean B. Hoar, Esq., CISSP, CIPP/US, Davis Wright Tremaine LLP amd John Bartho, CISSP, CIO, Hyster-Yale NMHG, Program Co-Chairs

What You Will Learn


Thursday, August 13, 2015

8:00 am

Registration Opens

8:30 am

Introduction & Overview

Sean B. Hoar, Esq., CISSP, CIPP/US, Program Co-Chair
Davis Wright Tremaine LLP / Portland, OR

John Bartho, CISSP, CIO, Program Co-Chair
Hyster-Yale NMHG / Fairview, OR

8:45 am

Update on Federal Policy Developments in Cybersecurity and Breach Law

Cyber information sharing: Requirements for a cyber incident data repository that would help meet the information needs (analysis and otherwise) of insurers, chief information security officers, and other cybersecurity stakeholders

Tom Finan, Esq., Sr. Cybersecurity Strategist & Counsel
Department of Homeland Security / Washington, DC

9:30 am

Update on Legislative and Class Action Developments in Breach and Privacy Law

Legislative update and overview, including unique provisions of Oregon law relating to cybersecurity

Eva Novick, Esq., Senior Assistant Attorney General
Financial Fraud/Consumer Protection Section, OR Dept. of Justice / Salem, OR

Lessons on standing from recent breach and privacy class actions

Lauren R. Wallace, Esq., CIPP
Tonkon Torp LLP / Portland, OR

10:30 am


10:45 am

Lessons from Federal Regulatory Enforcement Actions

What is the Federal Trade Commission teaching data owners about standards of care in cybersecurity?

Charles A. Harwood, Esq., Director, Northwest Region
Federal Trade Commission / Seattle, WA

What are other federal regulatory agencies attempting to teach data owners about standards of care in cybersecurity?

Sean B. Hoar, Esq., CISSP, CIPP/US, Program Co-Chair
Davis Wright Tremaine LLP / Portland, OR

12:00 pm

Lunch (on your own)

1:15 pm

Sector-Specific Cybersecurity Concerns: Healthcare, Higher Education, and Retail

Are there measures that can be taken to better protect PHI and move beyond compliance with HIPAA? What role do risk assessments play in the process?

Patricia Van Dyke, Director, Privacy and Information Security
Moda Health / Portland, OR

Are there operational cybersecurity programs to better protect data and move beyond FERPA? What measures can be taken when contracting with third party vendors?

Scott L. David, Esq., Director of Policy, Center for Information Assurance and Cyber-security
University of Washington / Seattle, WA

What is being done in the retail industry to better secure point of sale systems? How effective is the PCI DSS? Are there solutions that better protect both the consumer and the business? What role can encryption play?

Ken Westin, Senior Security Analyst
Tripwire, Inc. / Portland, OR

2:45 pm


3:00 pm

Internet Traffic Analysis and Operational Security

Passive DNS methods as powerful tools to investigate and corroborate

Joe St. Sauver, Ph.D., Distributed System Scientist
Farsight Security, Inc. / Eugene, OR

4:00 pm

Case Studies in Enterprise Security

Lessons from running a state information system; importance of business continuity planning

Alex Z. Pettit, Chief Information Officer
State of Oregon / Salem, OR

Lessons from running a multi-national law firm information system; importance of the human factor?

Matt Beland, Chief Information Security Officer
Davis Wright Tremaine LLP / Seattle, WA

5:00 pm

Continue the Exchange of Ideas: Reception for Faculty and Attendees

Sponsored by Davis Wright Tremaine LLP and Hyster-Yale NMHG


Friday, August 14, 2015

8:30 am

Cloud Security

How should the threats shape your approach to selecting and contracting for cloud services?

Louisa Barash, Esq.
Davis Wright Tremaine LLP / Seattle, WA

John Matthews, Chief Information Officer
ExtraHop Networks, Inc. / Seattle, WA

9:30 am

The Need for an Integrated Approach to Cybersecurity & Privacy

The legal interplay between privacy requirements and cybersecurity; how technological advances are impacting the optimal solutions and raising new legal issues; factoring privacy considerations into cyber risk assessments and business plans

Antony P. Kim, Esq.
Orrick, Herrington & Sutcliffe LLP / Washington, DC

10:15 am


10:30 am

Getting Your House in Order: Pre-Breach Planning Essentials

Leveraging existing disaster recovery to incorporate cyber incidents; coordinating breach response vendors (including forensics, notification, call center, identity theft restoration, public relations and crisis management)

Ian Kelly, CHPC, National Sales Manager
ID Experts / Portland, OR

Effective public/private partnerships; understanding law enforcement capabilities, priorities, and needs from victim information systems; whether and when to get law enforcement involved

George Chamberlin, Supervisory Special Agent
Federal Bureau of Investigation / Portland, OR

Applicability of attorney-client privilege to preserve confidentiality; pros and cons of retaining outside counsel; points in the planning processes where outside counsel is most desirable

Kelly T. Hagan, Esq.
Schwabe Williamson & Wyatt PC / Portland, OR

12:00 pm

Lunch (on your own)

1:15 pm

Pre-Breach Planning (con't)

Risk assessments and vulnerability/penetration test programs are essential and critical to real-time network security: How can these and other measures increase an organizational security posture?

Christopher Apgar, CISSP, CEO & President
Apgar & Associates / Tigard, OR

2:00 pm

Getting Oregon's Cybersecurity House in Order

Tech initiatives and the Oregon Cyber Security Center

JoAnn Lee Kohl, Esq., CIPP, Of Counsel
Schwabe Williamson & Wyatt PC / Portland, OR

Serge Leef, Vice President of New Ventures
Mentor Graphics / Wilsonville, OR

2:45 pm


3:00 pm

Cyber Insurance Coverage: Ensuring That You Have What You Think You Have

Rapidly evolving and usually an add-on product: First vs. third party; remediation, fines and penalties, and/or risk management services coverage; how to become aware of what policies cover, exclusions and limitations

Sean B. Hoar, Esq., Program Co-Chair, Moderator
Davis Wright Tremaine LLP / Portland, OR

Rapidly evolving and usually an add-on product: First vs. third party; remediation, fines and penalties, and/or risk management services coverage; how to become aware of what its policies cover, exclusions and limitations

Gary Githens, CIC, ARM, CRIS, RMA, CLCS, CITRMS, Data Breach Practice Leader
Brown & Brown Northwest / Bend, OR

Derek Thomas, Director, Risk, Compliance & Security
Columbia Sportswear Company / Portland, OR

Andrew Nelson, Assistant Vice President
Woodruff-Sawyer & Co. / Portland, OR

4:00 pm

Managing Cybersecurity Risk: Roles for Senior Management and the Board

Regulatory agencies emphasize that corporate management should become actively involved in managing cybersecurity risk: Appropriate roles for legal, management and the Board; tips for effective communication with senior management and the Board

John Bartho, Program Co-Chair, Moderator
Hyster-Yale NMHG / Fairview, OR

Eva M. Kripalani, Esq., Senior Corporate Counsel
FEI Company / Hillsboro, OR

Elizabeth J. M. Large, Esq., Executive Vice President & General Counsel
Knowledge Universe / Portland, OR

5:00 pm

Evaluations and Adjourn



Regular tuition for in-person or live webcast attendance is $1245 with a group rate of $935 each for two or more registrants from the same firm. For government employees, we offer a special rate of $830. For students, people in their job for less than a year, and public interest NGO's, our rate is $622.50. All rates include admission to all seminar sessions, food and beverages at breaks, and all course materials. Make checks payable to Law Seminars International.

Financial aid is available to those who qualify. Contact our office for more information.

Continuing Education Credits

Live credits: This program qualifies for 14.25 OR CLE credits. Upon request, we will apply for, or help you apply for, CLE credits in other states and other types of credits.


There is a $25 cancellation fee for Course Materials orders and $50 for Homestudy orders

Faculty Bios

John Bartho, CISSP, Chief Information Officer, Program Co-Chair, Hyster-Yale NMHG, is responsible for Information Technology, including the company's cyber security strengthening program.

Sean B. Hoar, CISSP, CIPP/US, partner, Program Co-Chair, Davis Wright Tremaine LLP, is experienced with prosecuting cybercrime, identity theft, internet fraud for the U.S. Dept. of Justice. He counsels businesses and organizations on information security and cyber security threats and assists them in preparing for security incidents.
Full bio and contact info for Sean B. Hoar at Davis Wright Tremaine LLP

Tom Finan, Senior Cybersecurity Strategist & Counsel, US Department of Homeland Security, is experienced in establishing and integrating risk analysis strategies with enterprise-wide risk management programs that meet business goals, and skilled at leading internal teams and collaborating with key stakeholders across government and diverse industry sectors.

Louisa Barash, partner, Davis Wright Tremaine LLP, focuses on technology transactions, intellectual property commercialization, and IP counseling, including, proprietary and open source software licensing and services; and Cloud computing.
Full bio and contact info for Louisa Barash at Davis Wright Tremaine LLP

Matt Beland, Chief Information Security Officer, Davis Wright Tremaine LLP, is an information security professional in the legal technology industry, specializing in all physical and information security operations, policy, regulatory compliance, incident response, training and awareness.

George Chamberlin, Supervisory Special Agent (SSA) leads the Cyber Program and the Oregon Cyber Task Force for the FBI, Portland Field Office. He has investigated transnational organized crime, criminal computer intrusions and cyber national security matters, and served as a Cyber Threat Manager at the National Cyber Investigative Joint Task Force (NCIJTF).

Scott L. David, Director of Policy at the University of Washington Center for Information Assurance and Cybersecurity, focuses on data security, privacy and networked technology counseling and transactions.

Gary Githens, CIC, ARM, CRIS, RMA, CLCS, CITRMS, Data Breach Practice Leader, Brown & Brown Northwest, focuses on cyber-data security-data breach coverage. He advises on coverage options, giving claim scenarios and reviewing contract requirements with CEO's, CFO's, COO's, CIO's Compliance Officers, IT and attorneys.

Kelly Hagan, partner, Schwabe Williamson & Wyatt PC, practices in the healthcare industry, privacy and security compliance, and data breach response.
Full bio and contact info for Kelly T. Hagan at Schwabe Williamson & Wyatt PC

Charles A. Harwood, Deputy Director, U.S. Federal Trade Commission. Previously, he was the Acting Director of the Bureau.

Ian Kelly, National Sales Manager, ID Experts, a Portland-based Data Breach Prevention and Remediation firm, where he establishes and maintains ID Experts' relationships with many of the nation's largest organizations in the healthcare, higher education and government sectors.

Antony P. Kim, partner, Orrick, Herrington & Sutcliffe LLP, Washington, D.C., member of the Antitrust & Competition practice group, and co-chair of the firm's Cybersecurity & Data Privacy team, which is nationally ranked by The Legal 500 for "high-level practical experience and understanding of the law" in cybercrime matters.
Full bio and contact info for Antony P. Kim at Orrick, Herrington & Sutcliffe LLP

JoAnn Kohl, CIPP, of counsel, Schwabe Williamson & Wyatt PC, and member of the Advocacy Committee of the Technology Association of Oregon. She specializes in intellectual property transactions and information privacy and data security law.

Eva M. Kripalani, Senior Corporate Counsel, FEI Company. FEI is a leading supplier of scientific instruments for nanoscale applications and solutions in industry and science, based in Hillsboro, Oregon.

Elizabeth J.M. Large, Executive Vice President and General Counsel, Knowledge Universe, oversees the operations of the legal department, providing strategic and tactical advice designed to advance the business goals while operating within legal and ethical boundaries.

Serge Leef, Vice President of New Ventures and General Manager of the System-Level Engineering Division, Mentor Grahics. He is responsible for identifying and developing product opportunities for EDA in adjacent, systems-oriented markets.

John Matthews, Chief Information Officer, ExtraHop Networks, oversees the continuous expansion of its IT environment and counsels the company's enterprise customers as they evolve their IT operations. Previously he led IT strategy at F5 Network.

Andrew Nelson, Assistant Vice President, Woodruff-Sawyer Oregon.

Eva Novick, Senior Assistant Attorney General in the Financial Fraud/Consumer Protection Section of the Oregon Department of Justice, focuses on cases related to the auto industry, and enforces the Unlawful Trade Practices Act (Oregon's consumer protection statute) against various other industries including marketing/ advertising companies, retail stores, door-to-door sellers, debt collectors and towers. She also works on topics such as privacy issues and scams.

Alex Pettit, Chief Information Officer, State of Oregon, is in charge of supporting the IT services across all 142 state agencies and 1,800 IT employees.

Joe St. Sauver, Ph.D., is a Distributed System Scientist, Farsight Security, Inc. He came from the University of Oregon, Computing Center/Information Services, and Internet2/ InCommon, where he was Internet2's Nationwide Security Programs Manager.

Derek Thomas, Director of Columbia Sportswear's risk, compliance, and security, is responsible for the design/monitoring of the internal controls over SOX financial reporting and payment card compliance, reporting to the CFO.

Patricia Van Dyke is the Oregon Director of Privacy and Information Security at Moda Health (formerly The ODS Companies).

Lauren R. Wallace, CIPP, attorney, Tonkon Torp, LLP, focuses on privacy, technology and intellectual property law. Prior to this, she was principal of Wallace Tech/Law LLC, advising tech companies on data privacy, intellectual property protection, fundraising and scalability strategies.
Full bio and contact info for Lauren R. Wallace at Tonkon Torp LLP

Ken Westin, Senior Security Analyst, Tripwire, Inc., focuses on building and breaking things through the use/misuse of technology. His work has been featured in Forbes, Good Morning America, Dateline, New York Times, The Economist and has won awards from MIT, CTIA, Oregon Technology Awards, SXSW, Entrepreneur and named in Portland Business Journal's 2013 "40 Under 40".

Firm Links