Protecting Personal Information Online Amid World Digitization with James Mottola

In this episode of CHATTINN CYBER, Marc Schein interviews James Mottola, the Vice President of Data Privacy, Investigations, and Security for Porzio Compliance Services. He served 25 years in the United States Secret Service as former Special Agent in charge of the Newark Field Office of the United States Secret Service. Jim discusses how he leverages his experience to advise clients on matters of information security, data privacy, physical security, schools’ safety, internal corporate investigations, incident response management, and other compliance-related matters.

Over his 25-year career, Jim worked on many cases pertaining to financial fraud. In that time, fraud schemes have grown more sophisticated and entered into online spaces. Most businesses are underprepared and under matched to defend against these new tactics, making them easy targets. Jim explains how the greater presence of digital information has made it easier for criminals to commit identity theft.

The digital world continues to grow exponentially, particularly in light of the COIVD-19 pandemic. Jim unpacks how e-commerce giants are influencing user behavior. How we can control the digital world and live normally when it is evident that cybercrime disruptions will increase?

Jim advises people to take control of their information since technology is evolving:

“I think as a society we got to take a hold of our information and we have to, unfortunately, put more obligation on businesses on how they have our information, what they do with our information.”

Jim continues on why there’s a need for public and private co-operation to protect individual rights. “Together we need to figure out what are the threats we need to work on, focus on those, and then collaborate as best as possible.”

What You Will Learn:

  • How the digitization of information is aiding in the facilitation of identity theft cybercrimes.
  • The future of eCommerce in influencing consumer behavior and how it will create cyber disruptions.
  • How to install resilient measures to combat cybercrime
  • Why public and private sectors need to partner to protect individual’s rights.


Cybersecurity: How COVID-19 has Increased the Risk of Cyberattacks with guest, Joe Mann

In this episode of CHATTINN CYBER, Marc Schein interviews Joe Mann, Founder, and CEO of Arete. He is a recognized industry leader in information risk, with over 20+ years of experience serving corporations, government agencies, and nonprofit organizations. Joe has developed information-sharing initiatives across the Financial and Legal sectors to synchronously align the interests of organizations and C-Suite decision-makers to create “win/win” scenarios for complex risk issues.

Joe started Arete 5 years ago to create solutions that bring more impact in investigation matters, an area which was not being provided by big consulting companies. Cybercrime has become an active issue in the last 4-5 years targeting SMEs, the economic impact is alarming, which is why security companies are growing as fast as they can.

Joe explains the difference between organizations that have insurance against cybercrime and those who do not.  He also explains how they track cryptocurrency dealers to understand their behavior and know how to negotiate.

“There is one group that refines its people, processes, and technology every day and other groups that are in business just not in the cybersecurity business.”

Arete doesn’t want to negotiate with criminals and works closely with the FBI and the likes although joe admits the ransom problem is a huge issue and how they follow the set guidelines. Joe explains, “The important thing here is that enforcement, government, and industry work together to develop set of standards that really end in the best fit for these companies that’re being victimized not exacerbating the issue.”

On politics 2020, Joe terms the voting issue as just a way to pull people apart and make them less decisive and compares it to cyberattacks on US companies.

Relevant Links:






“National Cybersecurity” Insights from the U.S. Solarium Commission and more with Cory Simpson

In this episode of CHATTINN CYBER, Marc Schein interviews Cory Simpson, Senior Director and Lead for the U.S. Cyberspace Solarium Commission, Homeland Security Professor at Clemson University & Managing Director at Ankura, with more than 15 years of experience as a U.S. Army officer, federal prosecutor, national security lawyer and strategist.

Cory reports the findings of the U.S. Cyberspace Solarium Commission, an independent, bipartisan, and multisector commission, in which he acted as Senior Director until July. The commission, named for the Solarium Project set up by President Eisenhower, was comprised of fourteen members, including two senators and four house representatives, six internationally recognized experts in cybersecurity, and the FBI director. Together, these members developed legislative proposals as recommendations for Congress. Including Layered Cyber Deterrence

The two goals of the commission were creating a grand strategy for cybersecurity and identifying the policies needed to achieve that strategy. From ensuring secure democratic elections to supply chain security, the commission covered both public and private cybersecurity challenges, including the current COVID-19 pandemic. Of the more than eighty recommendations for both the executive and legislative branches, 29 recommendations involving legislation are already poised to become law.

The Solarium Commission, AI Commission, and the Commission on National Service informed legislators that if we don’t have people to implement these strategies, they’re not going to work. Cybersecurity at a national security level is all of our responsibility, not just the government’s responsibility.

Additionally, Cory dives deep on specific recommendations, including creating a public/private relationship, perhaps scaling a model currently in place in the UK. Beyond the borders of the U.S., he explains digital trade zones should encompass all of the western democracies.

Cory wraps up with some insights into election security, we have security at odds with access. If you want a secure system you limit access which is the opposite of what we are doing when we want Americans to vote. In addition, Cory covers the challenge of an anonymous vote and the importance of a paper-based backbone to voting. Tune in to hear the advantages the U.S. democracy carries in its decentralized system!




From Hacktivists to Million-Dollar Ransoms, John Mullen Has Seen it All in Data Breaches – Hear His Legal Perspective on Cybersecurity

In this episode of CHATTINN CYBER, Marc interviews John Mullen, Managing Partner of Mullen Coughlin, the leading and largest privacy law firm solely dedicated to privacy and cybersecurity law in the U.S.  Focused on providing tailored data privacy and incident response services, John’s firm handles breach response, pre-breach planning and compliance, regulatory investigation and management, and privacy litigation defense under the umbrella of cyber insurance.

John’s friend Mark Greisiger of NetDiligence coined the term “Data Breach Coach” to describe what John and his firm do for companies in helping them during a data breach crisis under an insurance policy. In addition to the services John’s firm provides these companies, they also assist as part of a suite of services provided by insurance in the event of a data breach.

Estimating that the firm handles a third of all breaches in the country under the umbrella of insurance, John is uniquely qualified to share the details of the industry, as well as the evolution of cybersecurity hacks from the early days. It is a story of “hacktivists,” nation states, and rogue employees breaching security to the current-day situation in which bad players leverage ransomware to demand six figures at least – some up to millions of dollars –  from companies.

John expands on their post-breach response, including business interruption, as well as their pre-breach counseling and its limitations. In describing the future of data breaches, he explains that cybersecurity is a niche area that is growing in both law and insurance, both of which don’t have areas of growth outside of this industry. Listen to hear all of this, as well as what John has to say about his firm’s relationship with the FBI.



Distinct Field, Ubiquitous Influence: Cybersecurity and Insurance with Robert Chesler

Today, Marc sits down with prominent insurance lawyer Robert Chesler to discuss the unique yet expansive role that cybersecurity plays in the insurance sector. Drawing from his expansive industry and legal experience, Chesler shares his insight on the current relationship between cybersecruity and insurance claims and how the growing field of cyber-law can learn from the success of other law sectors. Chesler also pulls from current and recent cases to illustrate how insurance companies may evolve on their choices with regarding to filling employee claims.

A trailblazer of insurance coverage litigation for policy holders, Robert Chesler is a shareholder with Anderson Kill and a member of their Cyber Insurance Recovery group. Chesler has seen and participated in the birth of modern insurance law since the 1980’s and is now actively overseeing new areas of coverage such as cyber and privacy insurance. He has represented huge industry clients such as GE, Chrysler, and Unilever as well as many small businesses in pro-bono cases. A prolific author, Robert regularly publishes articles in widespread journals and websites that perk the ears of industry voices and which establish him as a thought leader in his own right. Rob holds his Bar Admissions in New Jersey and received his JD from Harvard Law School. He also holds a Ph.D. from Princeton University.


Gauging Today’s Cyber needs and Projecting Tomorrow’s with Michelle Schaap

On this episode of CHATTIN CYBER, our host sits down with Michelle Schaap to explore the ever-evolving landscape and intersectionality of the cybersecurity field. Schaap currently serves as an Attorney concentrating in Cybersecurity, Construction and Technology Law at Cheisa Shahinian & Giantomasi PC (CSG), where she has advised on privacy & data security practices for over two decades. Michelle specializes on cyber preparedness and IT disaster recovery planning as well as structuring commercial transactions and negotiating project agreements. A diverse strategist with over thirty years of practice, Ms. Schaap has also honed her skills in renewable energy projects, software industry development.

After receiving degrees from Cornell University and Rutgers Law School, Ms. Schaap started her career at a law firm that gave her the opportunity to be on rotation and gain a large breath of experience across multiple specialties. Eventually focusing on Land Use law, she credits this with allowing her “to learn what her client’s immediate needs were and potentially long-terms needs” in order to prepare for the future. In practicing general law internationally and at large corporations like Toys R Us, she developed proficiency in many of the aspects that cyber law touches including HR, supply trains, upstream obligations, and more.

In this interview, Michelle uses this vast experience to predict the developments in the field over the next decade. She warns that cyber response has yet to catch up with state-of-the-art software, and suggests that some of the most effective and cost-efficient methods of cyber security have existed long before those technologies came on to the scene. Tune in as she explores how to gauge what level of security is right for your business and a few fast tips to bring your business and personal security up to speed. Catch up on all this and more on this episode of CHATTINN CYBER with Marc Schein!

Cybersecurity’s Irrefutable Role in Reliable Data Privacy – Kenneth Rashbaum

In this episode of CHATTINN CYBER, Marc Schein interviews Kenneth Rashbaum, a Queens native who has led the way in developing and navigating the broad field of cybersecurity and data privacy. Pulling from his diverse portfolio of education and experience, Rashbaum uses his background to involve himself comprehensively within everything that the cybersecurity world touches. Kenneth has served on e-discovery councils advocating for best practices in the exchange of international digital evidence within complex litigation. While making advancements within this field, Rashbaum was appointed to several leadership roles.  He sat as faculty for the Federal Judicial Center and for the Georgetown Advanced E-Discovery Institute, and also acted as a special consultant to the New Jersey Assembly in preparation for the state’s first comprehensive privacy and cybersecurity bill. Additionally, Ken testified before the New Jersey Homeland Security and State Preparedness Committee, using his expertise in cybersecurity and privacy to serve his current home state.

Kenneth Rashbaum’s involvement within the financial field occurs most frequently when the Fordham law professor educates leaders and CEOs concerning the relationship between digital security and information privacy. Rashbaum works with these companies and organizations to ensure that internal policy meets state and national law in addition to client safeguard requirements for data protection and privacy expectations. With an expertise in organizing and negotiating technology contracts, Kenneth has helped many companies gain profitable business opportunities.

In the interview, Rashbaum discusses his approach to a well-implemented cybersecurity plan primarily as an offensive move and secondarily as a defensive one in response to a data incident. A company or organization should assess the potential risk of an attack and implement preventative actions before any red flags appear. In his expert opinion, a mature cybersecurity program includes the following core elements:

  1. Taking inventory of and understanding the reason for current data
  2. Noting where data is stored
  3. Assessing whether it is protected by specific law
  4. Knowing who has access to it
  5. Creating a plan to safeguard the data

While some companies are only beginning to actualize a plan as Rashbaum advises, Marc Schein’s interview reveals that Kenneth has been an eye-witness to the relationship between cybersecurity and data privacy since HIPAA enacted compliance laws decades ago. “HIPAA,” explains Rashbaum “is where privacy and cybersecurity regulation in the United States started. It is the only nationwide comprehensive privacy and cybersecurity law with implementing regulations that we have—[t]he U.S. is very sectoral while the rest of the world has overall privacy and security regulation.”

Marc and Kenneth chat about some of the current political issues that cause a divide on cybersecurity ideology. “[Both Democrats and Republicans] think federal privacy and cybersecurity law is a necessary,” begins Rashbaum. “So there is no debate about the ends, there’s a debate about the means.”

Will the country come to a consensus on universal cybersecurity implementation? Does your company have in place an updated and effective policy for data protection and breach prevention? Consider these questions as you listen to Marc Schein’s interview with Kenneth Rashbaum in this episode of CHATTINN CYBER.


Cybersecurity and Economic Stability: An interview with former NYDFS Superintendent, Maria Vullo

Marc Schein spends this episode of CHATTINN CYBER introducing podcast listeners to the former Superintendent of New York State Department of Financial Services, Maria Vullo.  From 2016-2019, Ms. Vullo spent her years in service working to implement DFS cybersecurity regulations in an effort to prevent economic turmoil that could result from a data incident within financial services. Maria Vullos’ drive to enact NY state-wide cybersecurity regulation was, in part, realized from the devastating effects of the 2008 financial crisis. At a time where our nation’s economy experienced the biggest downturn since the Great Depression, both the private and public sectors felt the crushing effects of recession.   

Ms. Vullo’s career first began after graduating from NYU’s School of Law. Obtaining a federal clerkship with Paul, Weiss, Rifkind, Wharton & Garrison LLP in 1988, Ms. Vullo was promptly asked to return as a litigation partner where she continued to work in the private sector for 27 years. While invested in cases concerning civil, criminal, and regulatory matters (many of which involved financial services), Ms. Vullo also devoted herself to women’s and human rights through pro bono litigations and leadership roles in NPOs. 

But the pinnacle of Maria’s professional career so far is found in the 23 NYCRR 500 regulation, also known as part 500. In March of 2017, the state of New York enacted a series of policies specific to all DFS-regulated institutions, including state-chartered banks, certain money transmitters, and all insurance companies and agents licensed to do business in NY.  Part 500 requires entities to meet standards for cybersecurity protection in areas such as policy, programs risk assessment, and incident response. 

“I did it because my job as Superintendent was the protection of the safety and soundness and the fiscal health of the institutions that I was responsible for overseeing. Cybersecurity is such a risk that I thought it was important to set out certain minimum standards that they all have to comply with.” 

Since many New York insurance companies and banks operate throughout the nation as well, the country has seen a spread of cybersecurity regulations across states, making strides towards a national model. 

“We went through a very elaborate process and had a lot of professionals looking at what was the best regulation to do and I think we accomplished that, and I also think it’s important for these principles to be more widely dispersed both for the protection of the industry and also to provide a consistent framework for companies to have to follow.” 

Retired from the DFS and now consulting at her own firm, Maria Vullo sees that there is a lot of work still to be done within the country. She believes that a lot of good can come out of both the private and public sector as long as people and their welfare are always the compass that drives endeavors. To learn more about Ms. Vullo’s impact throughout the decades and how she believes the field of cybersecurity still needs to advance, listen in to this episode of CHATTIN CYBER with Marc Schein.



Cyber Security: An Invisible War Fought From the Home Front

In this episode, Marc Schein interviews former Congressman Patrick Murphy. Beginning as a Division 1 athlete turned West Point faculty member, the Pennsylvania native eventually entered into a multi-tour deployment after 9/11 and then returned to the U.S. to serve in Congress. Accomplishing much more than the average American within just a few short decades, Murphy has experienced and witnessed some of the major formational moments that have rocked our country both for better and for worse.

Following in the footsteps of many war veterans like Sam Walton of Walmart, Ralph Roberts of Comcast, Phil Knight and Bill Bowerman of Nike, and Frederick Smith of FedEX, Patrick Murphy’s commitment to bolstering the success and advancement of our country did not end upon leaving the field or the office. Years later, this “soldier for life” finds himself once again serving the American people, this time in the form of cyber security.

Murphy explains, “In warfare, we [say that] the first four domains are air, sea, space, and land. The fifth domain is cyber. That fifth domain isn’t just in the battlefield. It’s here.” Schein and Murphy discuss how U.S. cyber safety is not a hypothetical, distant threat but an active, invisible war that exists both nationally and internationally. Financial institutions, energy grids, the telecom industry, and personal data are all at risk for a breach at any moment. “That war,” begins Murphy, “is being fought on your iphone and on your desktop at home…and at your workplace.”

Serving as a member of the Cyberspace Solarium Commission, Murphy meets weekly with other public and private sector leaders who, in part, are in charge of creating recommendation reports that detail a national approach toward cyber threats. Believing that these threats will only increase as we move into this new decade, Murphy advocates that we all need to participate in the cyber battle. Both public and private sectors should adhere to the recommendations released this March and learn to practice “proper cyber hygiene.” Listen in to this episode to gain an understanding of basic cyber issues and what you can do to be a part of the solution.