Marian Waldmann Agarwal is a partner in the Privacy + Data Security group and one of the co-leads of Morrison Foerster’s Artificial Intelligence group. She has a unique blend of business and legal skills she leverages when counseling clients on various privacy and data security matters. With a background in information systems and business management, and in-house experience as a secondee to two different companies, Marian has firsthand knowledge of the internal business needs required for company initiatives to succeed.
Marian works with companies on designing and building various aspects of their privacy programs, including drafting internal policies, procedures, and guidelines for legal and non-legal audiences that incorporate privacy best practices and legal requirements in daily operations.
Marian also advises clients on complying with U.S. and foreign privacy and data protection laws. She has helped clients develop privacy policies for website visitors, and drafted and negotiated contracts relating to cross-border data transfer and protection obligations. She has assisted clients with completing multijurisdictional surveys of privacy obligations, such as comparing different countries’ requirements for database registration, notice requirements, and marketing communications. Marian also advises clients on privacy issues related to whistleblowing programs.
Marian received her J.D. from University of Pennsylvania Law School in 2004 and her B.S./M.B.A. from the State University of New York at Buffalo in 1999. Prior to attending law school, she worked as an application specialist for a small software company.
Heath is a full-time InfoSec professional and part-time artist/painter. Within Information Security, he has designed security programs for organizations in the Security, Fintech, and Healthtech industries. Helping these technology companies quantify the strategic value of security and resilience investment in their SaaS product offerings.
Starting his career in the Air Force as a developer, Heath quickly transitioned into security and software testing for DoD software programs. Since leaving the military, he has taken his security approach to consult for and build security programs for technology companies that require HITRUST, PCI, or FedRAMP compliant postures in the cloud.
Heath focuses on enforcing controls through CI/CD automation and Policy as Code as one of the core pillars of his cloud security programs to empower developers and IT teams to secure their infrastructure in the cloud.
Tiffany is an experienced Third Party Risk professional with Vendor Risk Management in-house experience in both the public sector and private. In her previous roles she has focused on the vendor lifecycle including procurement, sourcing, contract negotiations, governance and oversight. She has performed quality assurance audits of internal TPRM procedures and due diligence. During her years of working in the public sector, she worked closely with governmental public solicitations and vendor/contract governance standards.
Currently as VP in the Third Party Risk department area at Seacoast Bank, Tiffany is responsible for maturity growth as well as procedure creation and enhancement. She plays a crucial role in assuring contracts remain compliant as well as functionality and continual improvement of the newly implemented VM platform.
She has earned her MBA with concentration in Business Finance allowing her to concentrate on regulatory vendor finance due diligence in her past and current titles. She holds certifications including Certified Third Party Risk Professional (CTPRP), Certified Diversity Professional, and Certified Project Manager (CPM).
She is currently based in Tampa, Florida with forever roots in her hometown in Metro Detroit.
My name is J.S. Bryant and I am a compliance professional with 15 years of varied experience in the field. I am a privacy professional holding the CIPP/US, CIPP/E, CIPM, CIPT, and CPSA certifications, with the AIGP certification in progress. I serve on the IAPP Publications Advisory Board and chair the IAPP Northwest Arkansas KnowledgeNet chapter. I have published multiple articles on privacy and AI governance.
My compliance philosophy seeks win-win solutions that allow stakeholders to achieve their business goals in a safe and compliant manner. I recognize that compliance goes beyond regulations to internal policies and procedures, external contracts, and general best practices. I am a firm believer in going beyond policy to include checklist procedures that help remind operators of all documents and steps necessary to remain compliant. I also have experience in compliance audits, testing, process improvement, and investigations.
Pilar Caballero is Vice President, Chief Compliance Officer and Chief Privacy Officer at Ryder, a $10B Fortune 500 logistics and transportation company with over 45,000 employees and operations worldwide. She works closely with the Board of Directions and senior executives, and is responsible for the Company’s compliance and ethics, enterprise risk management and data privacy programs. With over 20 years of combined experience as a compliance/privacy professional and practicing lawyer, Pilar has worked as a prosecutor, at national law firms, and at Fortune 500 companies. With the expanding privacy regulatory environment and growing external threats, Pilar has increasingly focused on evolving Ryder’s privacy program.
James Goepel General Counsel and Director of Education and Content
FutureFeed.co
Jim brings a broad range of legal, technical, and business expertise to the FutureFeed team. He is a Founding Director and former Board Treasurer of the CMMC Accreditation Body (now called the CyberAB), a CMMC Provisional Instructor, CMMC Provisional Assessor, Certified CMMC Professional, and the author and instructor for the CyberAB’s initial Registered Practitioner program. Jim regularly speaks at domestic and international cybersecurity conferences and has been called upon as an expert witness on cybersecurity, IT, and government contracts issues. He was a professor of cybersecurity at Drexel University, where he created and taught undergraduate and graduate-level courses. Jim’s research into the application of Enterprise Risk Management techniques to the field of cyber and privacy governance has been published by the Supreme Court of Singapore in their National Law Journal and in two different books published by LexisNexis.
Jim earned a BSECE from Drexel University and JD and LLM degrees from George Mason University. He spent most of his professional career working in the cybersecurity field. Jim has worked for and counseled a variety of organizations, from various portions of the United States government, including the U.S. House of Representatives and United States Coastguard; to government contractors, including Unisys Corporation and The Johns Hopkins University Applied Physics Laboratory; to start-up technology and consulting companies.
Jim and his family live in a suburb of Philadelphia. Jim is a co-founder of the CMMC Information Institute, a non-profit organization helping small businesses to better understand and meet their cybersecurity and data privacy obligations. When he isn’t working, teaching, or volunteering with the Institute, Jim can be found swimming, kayaking, and fishing with his kids.
Julia B. Jacobson is a partner in the Data Privacy, Cybersecurity & Digital Assets Practice of Squire Patton Boggs.
For more than 20 years, national and multinational clients have turned to Julia for practical and tactical advice and counsel on privacy and cybersecurity compliance strategies, data breach response, technology transactions and marketing initiatives.
Julia advises clients on an array of privacy, cybersecurity, data breach and data governance matters. She assists clients to design, develop and implement compliance programs to meet the challenges of the evolving privacy and cybersecurity legal landscape. Julia regularly advises businesses on the privacy and cybersecurity aspects of environmental, social and governance (ESG) programs, ethical data use, machine learning and artificial intelligence deployment, vendor contracting and management, and business sales, combinations and acquisitions. Julia also helps clients maximize the value of their strategic relationships by drafting and negotiating a wide range of commercial contracts, particularly technology-centric agreements. Her practice also involves advising businesses on marketing law matters, particularly digital advertising issues.
David Kessler Vice President & Associate General Counsel
BAE Systems, Inc.
David Kessler is Vice-President and Associate General Counsel, IT & Data Law for BAE Systems, Inc. where he handles IT contracts, cybersecurity, data privacy and supply chain compliance issues. Prior to joining BAE Systems, he was Lead Public Sector Product & Marketing Counsel for Verizon where he oversaw all product-related legal matters for its Federal, State, Local and Public Safety businesses. He was also General Counsel, Managing Attorney & Board Member of McAfee Public Sector LLC, a subsidiary of McAfee LLC (formerly Intel Security). He also served as McAfee’s Chief Compliance Officer and managed a team responsible for all aspects of its worldwide ethics and compliance program. Earlier legal roles included Group Corporate Counsel, Public Sector at Autodesk, Inc., Senior Corporate Counsel – Public Sector at Symantec, and Senior Associate with Greenberg Traurig, LLP. He received his B.A. with honors from the University of Florida and his J.D., summa cum laude, from the American University Washington College of Law. He was the 2020 winner of the Compliance Week Excellence in Compliance – Cybersecurity award, as well as twice a finalist for the Association of Corporate Compliance National Capital Region Outstanding In-House Counsel award.
Paul Kurtz Director of Third-Party Risk Management
Merchante
Paul Kurtz is the Director of Third-Party Risk Management (TPRM) at MerchantE, an end-to-end payment platform leader that provides flexible, secure payment processing for in-person and online payment acceptance. With three decades of experience in financial services, Paul’s Third-Party Risk experience dates to 2012 when he was asked to help build the TPRM program at SunTrust Bank, now Truist. Paul has held first and second line of defense TPRM roles with banks and financial service providers serving clients and financial institutions worldwide. Additionally, Paul has experience in card issuing and merchant services in both the private and public sectors with prior responsibilities in both client and vendor relationship management, loss prevention, fraud investigation and program management, including oversite of the State of Georgia’s purchasing card program. Paul holds a bachelor’s degree from the University of Georgia, and he and his wife live in metro Atlanta and have a son at The University of North Carolina at Charlotte.
Shubha Lakshmanan Senior Director of Compliance and Privacy
Waud Capital Partners
Shubha joined WCP to provide strategic and operational support on compliance and privacy matters to its healthcare portfolio companies. In addition to corporate compliance and privacy, her core areas of expertise include OSHA, safety, and training and communication.
Prior to joining Waud Capital, Shubha worked in compliance at Eastern Dental, where she oversaw the implementation of an enterprise-wide compliance program. Her prior experience also includes administering the Environment of Care (EOC) compliance program for Valley Presbyterian Hospital. Shubha holds a Master of Public Health from the Tata Institute of Social Sciences, India, and a Bachelor of Dental Surgery from Tamil Nadu Dr. MGR Medical University, India. She is certified in Healthcare Privacy Compliance (CHPC) by the Compliance Certification Board and is an active member of the Health Care Compliance Association and the Society of Corporate Compliance and Ethics.
Shubha loves baking, biking, and going on spontaneous road trips and hikes with her son.
Karen Moore is an adjunct professor at Fordham Law School, where she teaches a foundationalcourse in corporate compliance for MSL and LLM students. She has held senior legal,compliance and privacy positions in multinational companies, including Philip MorrisInternational, Nasdaq and Inchcape Shipping Services. Most recently she served as theChief Compliance and Privacy Officer at Unisys, a global technology service and solutionscompany, responsible for the design and implementation of the company’s global complianceprogram and oversight of the cross-functional privacy program. Prior to moving in house, Mrs.Moore served as a judicial clerk to the Hon. Thomas J. Aquilino, Jr. at the US Court ofInternational Trade, and in private practice with Baker & McKenzie.
Currently based in the Washington DC metro area, Mrs. Moore has also lived and worked inMoscow, Russia, and Lausanne, Switzerland. A member of the New York Bar, she holds a BAfrom Middlebury College, a JD from Emory University, and a certificate of European legalstudies from Leiden University (Netherlands).
Mrs. Moore is a frequent speaker on compliance and privacy matters. An avid skier, she teaches beginner level skiing at a local resort during the winter season.
William joined the IAA in 2021 after serving as assistant general counsel at CFP Board, where he was responsible for assisting with the development of theirCode of Ethics and Standards of Conduct,Sanction Guidelines,Fitness Standards, andProcedural Rules.
Prior to joining CFP Board, William served as chief compliance officer for Mercer Advisors, where he redesigned the firm’s entire compliance program, served as legal advisor to Mercer Advisors’ Investment and ERISA Committees, was a subject matter expert on legal and regulatory compliance.
William previously served as the public policy counsel for CFP Board, where he drafted Amicus briefs in DOL fiduciary cases and regulatory comment letters in support of investor protection issues. He has also held multiple roles as an attorney with both the U.S. Departments of Justice and Veterans Affairs.
He has served as an adjunct professor at both the University of Denver Sturm College of Law and George Washington University Law School. He has been published in several scholarly law journals and his work has been cited in legal treatises and state and federal court decisions.
William received his undergraduate degree from the University of Tulsa, his J.D. with Honors from the University of Tulsa College of Law, and his LL.M. from the George Washington University Law School.
Gregory is the author of the books “Cybersecurity & Third-Party Risk: Third-Party Threat Hunting” (Wiley, 2021) and “Zero Trust and Third-Party Risk” (Wiley, 2023); and the content creator of training and certification program “Third-Party Cyber Risk Assessor” (Third Party Risk Association, 2023). He is a frequent keynote and panelist on cybersecurity and risk management topics, along with frequent blogs, podcasts, and online articles.
Jessica Sanderson, Founding Member of The Sanderson Law Firm LLC, provides litigation, investigation, and legal and compliance advisory services to clients primarily in the areas of anticorruption, trade sanctions, export controls, and white-collar crimes. Ms. Sanderson has nearly 30 years’ experience in private practice, as a litigator and as a leader on ethics and compliance monitorships. Ms. Sanderson has devoted a significant portion of her practice to anti-corruption compliance (FCPA, UK Bribery Act) and export controls and trade sanction compliance (OFAC, DDTC, BIS). When she is not litigating complex civil lawsuits (including False Claim Act cases) or conducting internal investigations, she regularly performs compliance risk assessments and compliance program audits (for clients and their third parties); designs or enhances compliance programs; drafts compliance policies and procedures; advises clients on trade sanctions and export controls (including product classification under the ITAR or EAR); and develops and delivers bespoke compliance training.
Before recently forming her own law firm, Ms. Sanderson was a Partner at The Volkov Law Group, where she provided legal and compliance advice and services to clients from varied industries and of all sizes, public, private, and non-profit. Many of her clients were government contractors, government grant recipients (e.g., of USAID funds) and healthcare companies that required legal and compliance advice regarding the False Claims Act, Federal Acquisition Regulations, FedRAMP certification, and/or HHS OIG guidance.
Before she joined the Volkov Law Group in 2019, Ms. Sanderson spent five years as in-house counsel at Innospec Inc. (NASDQ: IOSP) a publicly traded, global specialty chemicals company under an FCPA and UKBA monitorship. Among other things, at the Monitor’s insistence, Ms. Sanderson spearheaded a project to classify hundreds of products (chemicals) under U.S. and EU export control laws, and to substantially revise the Company’s compliance policies and program. Before that, Ms. Sanderson was a litigator at Gibson Dunn, where she represented clients in complex white collar and securities fraud investigations and litigation and served on FCPA compliance monitorships, including the Siemens AG monitorship, which, at the time, resulted from the largest FCPA resolution ever.
Having practiced at Big Law and served as in-house counsel, Ms. Sanderson has developed a uniquely practical, collaborative, and cost-effective approach to serving her clients’ needs.
David Sherman helps clients anticipate, understand and proactively mitigate cyber risk. He leverages insights developed from hundreds of security incidents to deliver pragmatic, risk-informed legal counsel to key stakeholders across an organization. David is sought after for his creative, reasonable and clear approach to incident response preparedness; his ability to enhance an organization's enterprise security posture; and his skill in crafting security assessments and policies tailored to an organization's legal and business objectives.
As a member of the firm's Digital Assets and Data Management group, David works closely with clients to proactively assess and mitigate cyber risk, facilitate incident response preparedness and develop privacy and information security policies that comply with state, federal and international privacy and cybersecurity laws, including the California Consumer Privacy Act (CCPA) and E.U. General Data Protection Regulation (GDPR). He also works with clients to enhance enterprise security posture and manage responses to any digital crisis that may be present.
David also has substantial experience drafting and negotiating service provider agreements on behalf of customers and vendors and analyzing clients' existing agreements to evaluate and optimize contractual allocation of risks, rights and obligations in the event of a security incident.
