The single most important element to successful cybersecurity incident response is developing a holistic, cross-functional incident response process. Effective coordination and communication requires a clear understanding of departmental priorities, roles, and responsibilities during the incident response life-cycle. Building trust and educating stakeholders on key principles, obligations, and risks must be done as part of the pre-incident planning process. Jennifer Martin shares a framework for commencing that conversation to mitigate against internal confusion and strife during a crisis.
Jennifer Martin has worked at the intersection of law and cybersecurity for the past 15 years. Her expertise in this area has been uniquely honed through her experience managing cyber risks and responding to threats from a variety of perspectives: as the director of cyber incident response and operations and as lead in-house internal investigations counsel at Symantec; as a managing director of a top cybersecurity and forensics consulting firm; and as a federal and local cybercrime prosecutor and policy maker. As both in-house counsel and a private consultant, Jennifer has managed and advised a number of organizations on cyber-risk mitigation and information management and has personally developed the people, processes, and holistic programs necessary for operational excellence, internal investigations, and crisis management. She has supervised countless cyber incident response matters, including data breaches, insider thefts of trade secrets, and intrusions, from initial detection through containment, notification, recovery and remediation. She is recognized for her skill in building effective cross-functional teams comprised of critical stakeholders—impacted business units, and legal, technical, and communications departments. In addition, she has advised executive leadership on programmatic strategies for mitigating cyber risk and on evolving legal, regulatory, and ethical expectations and requirements.
Jennifer’s work as an early federal cybercrime prosecutor, including litigating a high-profile Economic Espionage Act case against foreign software engineers, and as a policy maker within the US Department of Justice’s Computer Crime & Intellectual Property Section, provides her with historical insight into the evolving threat landscape and the consequent law enforcement and regulatory responses. Through her work negotiating the Council of Europe Convention on Cyber Crime, with the European Union, the Organization of American States, the Organization for Economic Co-operation and Development (OECD), and bilaterally with other countries on the multinational aspects of cybercrime and privacy, she has gained significant knowledge about the difficult jurisdictional and cultural issues associated with technological innovation. Jennifer is a frequent lecturer and panelist on cybersecurity regulation and corporate governance, incident response, online fraud and abuse, economic espionage, digital forensics, and electronic discovery in a variety of legal forums, including the San Francisco Bar Association, the American Bar Association, the East-West Institute, the New York State Bar, the New York City Bar, LegalTech, the Practicing Law Institute, and law firm and industry CLE programs.
©2016, O’Reilly UK Ltd • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org