She Said Privacy/He Said Security

Roderic Deichler is the Co-founder and Chief Security Officer at AfterDark, a boutique blockchain security company delivering white glove services, such as smart contract advising, pentesting, and security advising. Roderic founded the company to fill the security gap in Web3. Before AfterDark, he led pentesting at Mandiant and smart contract audits at Coinbase and OpenZeppelin. Roderic discovered his enthusiasm for cybersecurity while studying computer science at UC Santa Barbara and competing in Capture the Flag competitions and hackathons. In this episode… Web3 is an extension of cryptocurrency and innovatively uses blockchain. Since a blockchain stores many tokens in a digital wallet, how can cybersecurity professionals fill security gaps on Web3? Risks that threaten Web3 include smart contracts, phishing, scams, and hacks targeting a user’s crypto wallet. According to Roderic Deichler, a veteran cybersecurity professional, there are multiple best practices to mitigate security risks, including applying security strategically, security audits, and multifactor authentication. Security architects use various thought processes when applying security, usually embracing security-by-design principles. Since developers conduct several project tests before and after releasing new code, companies should consider employing internal security teams or consulting security auditors to reveal potential bugs. Social hacking has become a prevalent method for tricking users into revealing their confidential information. To diminish this risk, Roderic suggests using multifactor authentication (MFA), a multi-step process requiring more instruction plus a password. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels interview Roderic Deichler, Co-founder and Chief Security Officer of AfterDark, about cybersecurity risks. Roderic explains security risks in smart contracts, phishing risks in Bitcoin and other digital wallet assets, and AI’s impact on cybersecurity.

Mark Webber is the US Managing Partner of Fieldfisher, a London-based international law firm with offices in Europe, the US, and China. An English lawyer living in the Silicon Valley, Mark oversees the firm’s US operations. As a recognized leader in privacy law with extensive experience working with the world's leading technology companies, Mark is known for finding innovative solutions to complex legal challenges. At Fieldfisher, Mark has been instrumental in establishing, nurturing, and expanding the firm's presence, operations, and services in the US. In this episode… Lawyers endorse the Data Privacy Framework as a valuable tool to mitigate cybersecurity risks. However, many experts argue that protecting businesses from other privacy risks — such as those posed by AI — is not enough. The draft of the European Union AI Act has sparked debate among privacy professionals, with some advocating for a prohibition on the unrestricted use of AI technologies such as biometrics in real time. Mark Webber, a seasoned lawyer with expertise in technology and privacy, disagrees with this approach. He cautions against AI's high-risk threats to transport, infrastructure, and decision-making. To mitigate these risks, Mark suggests that companies conduct an AI impact assessment, such as the one developed by the National Institute of Standards and Technology, before implementing generative AI systems. He also warns that, given the ever-evolving nature of AI, any governing policies will only be effective with proper education and training. In this episode of the She Said Privacy/He Said Security Podcast, Mark Webber, US Managing Partner at Fieldfisher, joins Jodi and Justin Daniels to discuss the US-EU Data Privacy Framework and AI. Mark explains how the framework will impact businesses, the European Union AI Act, the intersection of AI regulation with GDPR, and why organizations should consider implementing AI assessment frameworks.

Riley Hughes is the Co-founder and CEO of Trinsic, a reusable identity infrastructure provider. Riley educates and trains businesses on the benefits of using Trinsic to improve the identity verification processes within their products, improving privacy and the user experience. As a pioneer in the decentralized identity community, Riley has spearheaded privacy-preserving technologies, such as identity wallets and verifiable credentials eligible to the masses. Before Trinsic, he honed his skills in the decentralized identity space as the second employee at the Sovrin Foundation — an international nonprofit that was established to administer the Governance Framework at the Sovrin Network. In this episode… It is a common experience to verify one's identity online only to have the website fail to accept the provided identification. Additionally, many people are uncomfortable sharing their driver's license and other forms of ID, as it contains personal information. With so many technological advances, why is proving one’s identity such an antiquated process? These are the burning questions Riley Hughes had while working for the Sovrin Foundation, a Governance Framework administrator, so he was inspired to develop decentralized identity products such as digital wallets and verifiable credentials. Digital wallets are convenient and secure methods to store payment information on mobile devices, including bank information and debit and credit cards. Like digital wallets, verifiable credentials digitally store information found on physical documents such as driver’s licenses, passports, birth certificates, employee IDs, and educational certificates and can be cryptographically verified. These self-sovereign methods give individuals complete autonomy over their data and allow them to control how it’s shared. Join Jodi and Justin Daniels in today’s episode of the She Said Privacy/He Said Security Podcast, as they welcome Riley Hughes, Co-founder and CEO of Trinsic, to discuss decentralized identity. Riley expounds on self-sovereign identity, how decentralized identity enhances privacy, and how AI impacts the reusable identity infrastructure.

Tim Lupinacci is the Chairman and CEO at Baker Donelson, one of the largest US law firms — composed of 650 attorneys and public policy advisors — representing over 30 practice areas. Under his tutelage, Tim led the firm through organizational reconstruction, growth, and the COVID-19 pandemic. He chaired the Financial Services Department and the Women’s Pathways to Leadership Committee and was a Diversity & Inclusion Committee board member. A self-professed “leadership junkie,” Tim continuously elevates his leadership skills through studying, reading, and learning from his failures. His passion for leadership inspired him to launch Everybody Leads, a nonprofit dedicated to empowering individuals in underserved communities with essential leadership skills and confidence. In this episode… Cybercriminals target law firms because they store valuable and sensitive information. In a security breach, ransomware could lock down the office’s files for an extended period, making it impossible to perform routine operations. So, how can law firms protect themselves from cyberattacks? Regardless of a firm’s size, all law offices are vulnerable. Tim Lupinacci, a chief leader at one of the most prominent legal firms in the US, advises implementing a strategic cybersecurity plan. Hiring a full-time CISO and security team could spearhead the program and strictly focus on managing cyber risks. Preventive measures like phishing simulations can prevent their colleagues from falling victim to cyberattacks. If a cohort fails the designated tests, they must attend additional training to protect themselves and the office's devices. Tim advises that the best protection is to be vigilant, have mitigation plans, inform staff members of the latest cyber threats, and educate them on “cybersecurity hygiene.” On today's She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels interview Tim Lupinacci, Chairman and CEO at Baker Donelson, about Baker Donelson's strategic cybersecurity planning, the importance of forging relationships between the C-suite and the firm's security team, and his personal experience with being hacked.

Julian Llorente Perdigones is the Director of Data Privacy at Tealium, a customer data platform company with offices in the US, Germany, Singapore, UK, Japan, the Netherlands, France, and Austria. Julian is an experienced data scientist and expert in data privacy. In his role, he analyzes technical challenges while assessing privacy concerns. Before Tealium, he was a Data Scientist at zeroG, a Germany-based company committed to making data work for air travel. He also worked at Lufthansa in the digital analytics and online sales department. Julian holds a MS in Big Data & Business Analytics from SRH University in Heidelberg, Germany. He also holds a BS in International Business Information Systems from the University of Applied Sciences in Frankfurt. In this episode… A customer data plan can be a valuable tool for businesses. It allows businesses to collect and analyze customer data from multiple sources. However, it’s important to be aware of the data privacy implications. Data scientist and CDP professional Julian Llorente Perdigones explains businesses must ensure they have consent from customers to collect and use their data, and they must also take steps to protect customer data from unauthorized access or disclosure. At Tealium, their mission is to establish customer trust in data. According to Julian, companies can establish customer trust using CDP by reducing risk using siloed data, propagating privacy preferences, and enabling operational efficiency. Businesses can be transparent by giving customers control over their data and personalizing the customer experience. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels interview Julian Llorente Perdigones, Director of Data Privacy at Tealium, about data privacy and CDP. Julian explains customer data plans, how companies can use CDPs while adhering to privacy laws, and the common mistakes companies make when working with CDPs.

Michelle Dennedy is the CEO of PrivacyCode, a privacy engineering SaaS platform that translates complex privacy policies for developers. She is also the Co-founder and a Partner at Privatus Consulting, a company that assists clients with privacy engineering and governance, WickedPrivacy leadership solutions, and ESG metrics. Michelle works closely with families, executives, and innovators at all levels and with businesses and organizations at all stages to support the combination of privacy policies, practices, and tools. She has held many leadership roles in data strategy and privacy at Sun Microsystems, McAfee, Intel, and Cisco in addition to various startup companies. Additionally, Michelle wrote and published two books on privacy engineering. She is a graduate of the Fordham University School of Law, where she earned her JD. In this episode… AI privacy is a complex and ever-evolving topic. As AI systems become more sophisticated, it’s essential to ensure technology is used in a way that respects the privacy of individuals.  Michelle Dennedy, a seasoned privacy expert, recommends building smart privacy programs. These programs help organizations identify and mitigate privacy risks and comply with regulations. Companies and organizations can create a curriculum by developing policies and procedures, implementing technical controls, training employees on privacy issues, and conducting privacy risk assessments and regular audits. Join Jodi and Justin Daniels in today’s episode of the She Said Privacy/He Said Security Podcast, where they again interview Michelle Dennedy, CEO of PrivacyCode and Co-founder and Partner at Privatus Consulting, about the surge in privacy tech stack. Michelle addresses privacy and security risks companies face in regard to AI, the current state of tech regulations, and how PrivacyCode advises companies on privacy programs.

Eduardo Ortiz is the Manager of Data Privacy and Information Governance at Carnival Cruise Line, an international cruise line that offers packages to popular destinations like The Bahamas, Caribbean, Alaska, and Mexico. He is passionate about privacy and leads vital data privacy and protection programs. Before joining Carnival, Eduardo worked as a Senior Analyst of Data Privacy and Integrated Records and Information Management at CenterPoint Energy, where he gained five years of experience in data privacy and records and information management. In this episode… Cruising is a delightful way to see the world without the hassles of air travel. However, there are potential risks to be aware of, such as protecting your personal data. So, how do cruise lines ensure the security and privacy of their customers' data? Cruise ships offer a variety of entertainment options that require the exchange of personal information. Eduardo Ortiz, a data privacy expert, explains that parameters adhering to US, state, and global privacy laws are in place to combat identity theft. Additionally, global standards and company procedures and processes are continuously updated to align with global laws. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels welcome Eduardo Ortiz, Manager of Data Privacy and Information Governance at Carnival Cruise Line, to discuss regulations and compliance in the cruise line industry. Eduardo discusses how to organize a global security team, the steps cruise ships take to manage customers' data information, and tips for protecting your personal information when traveling.

Officer David Gomez is a Police Officer for the Boise County Sheriff’s Office in Idaho City, Idaho and a School Resource Officer at Idaho City High School. He has a background in electronics engineering, which he integrates in schools to educate parents on the dangers of social media. Officer Gomez also educates parents on how predators attempt to contact and entice kids into meeting or sending compromising photos. In this episode… In the early days of social networking, when notable platforms such as MySpace and Facebook were introduced, it was a tool for reconnecting friends and family. As these platforms and other social media outlets exploded in popularity, they also became a forum for predators to prey upon children Though parents can utilize the security controls on their kids’ phones, Officer David Gomez, a school resource officer, warns parents to use more precautions. As a resource officer, he’s been able to build relationships with students and monitor their careless social media behaviors. To educate parents on navigating the temptations teenagers face, he created a Facebook page that now garners nearly 200,000 followers. On his platform, Officer Gomez recommends topics of conversation, alternative phone options, and methods for reducing childrens’ screen time. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels welcome Officer David Gomez, Idaho City School Resource Officer, to discuss the dangers social media poses for children. Officer Gomez shares tips on how parents can monitor their children’s social media accounts, the importance of instilling family values, and giving your children the tools to protect themselves from potential predators.

Jason Sarfati is the Chief Privacy Officer and VP of Legal at Gravy Analytics, a location intelligence company providing real-world consumer intelligence to help organizations overcome today’s biggest challenges. Before joining Gravy Analytics, he was a Privacy Associate at Arent Fox and the Director of Privacy & Data Ethics at Treliant, a consulting firm serving financial institutions.  Jason earned his JD from George Mason University and holds a Certified Information Privacy Professional certification with a US concentration, making him an expert in the data privacy laws that govern US private sectors. He’s a member of the International Association of Privacy Professionals, a thought leader on trending privacy issues, and a frequent contributor to legal publications. In this episode… Geographic information, or location data, is intelligence about the geographical whereabouts of a device, such as a smartphone. Companies like Gravy Analytics use mobile location data to gain insight into individuals’ movement patterns to understand market trends and consumer behaviors. The issue with this type of tracking is that sensitive materials like health data become vulnerable. There’s also the risk of unsolicited advertising, physical assaults, and other various attacks. So, how do companies like Gravy Analytics use data for the betterment of society without further harming society? Jason Sarfati, head of privacy at Gravy Analytics, explains how they integrate privacy controls into their products. While the company strives to provide accurate sources of usable and trusted data, privacy is at the forefront during development. With its privacy-enhancing technology, the privacy team can identify the collection of location data at sensitive places. Once detected, it’s deleted from all systems. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels interview Jason Sarfati, Chief Privacy Officer and VP of Legal at Gravy Analytics, to discuss location data privacy. Jason talks about Gravy Analytics and the services the company offers, how privacy considerations are included during product development, using location data to identify individuals, and privacy and security best practices for parents of teenagers. 

Rohan Massey is a Partner at Ropes & Gray, a global law firm operating in the US, Asia, and Europe providing counsel in labor and employment issues, tax and benefits, and creditors’ rights. Rohan advises on complex global data and security compliance programs covering asset management and financial services, life sciences and clinical trials, and marketing. He’s an expert on the intersection of the extraterritorial scope of national data protection laws and data transfer issues for global organizations. In this episode… Cross-border data transfer is the exchange of electronic personal information across international borders. The European Union governs these transactions through a protection law known as the General Data Protection Regulation. Many large corporations operate in multiple countries, so acceptable contract agreements between partnering companies must be heavily enforced using a data privacy framework.  Data and cybersecurity experts like Rohan Massey work to implement and educate organizations about data privacy frameworks. These tools provide immediate support when concerns such as data breaches pose a threat to data privacy. DPFs are designed to adjust as events unfold. In regard to compliance, decision-making, and communication, corporations should consider adopting a data privacy framework.  In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels welcome Rohan Massey, Partner at Ropes & Gray, for an in-depth conversation about the data privacy framework in relation to cross-border transfers. Rohan explains how the data privacy framework affects international corporations, the treatment of HR data versus “regular” data under DPF, and when companies should consider using standard contractual clauses.