and holistic lawyers—skills that I keep in my toolbox today to help clients deal with intricate problems.”
action,” he says. “And they’re setting up analytics and information ‘fusion centers’ that find and combine all of the information sources available to the enterprise to create a threat picture that enables the institution to better understand its risk profile and more efficiently respond to incidents.”
JOSEPH V. MORENO ’99L, ’00MBA agrees that it’s very gratifying to be a trusted cybersecurity advisor. He handles a range of matters related to data protection and incidents as a partner in the white collar defense and investigations group at Cadwalader, Wickersham & Taft LLP.
Like Ferrillo, LEO TADDEO ’94 believes that his St. John’s legal education prepared him well for a career in cybersecurity that began during his 20-year tenure with the FBI. “St. John’s “Having worked for years with corporate sharpened my ability to analyze and solve While innovation is key to preventing, clients across industries in developing and complex problems,” he says. “While I always combatting, and recovering from cyberattacks, implementing anti-bribery and anti-money knew the value of personal ethics, fairness, laundering programs, cybersecurity was the JUDITH H. GERMANO ’96 recognizes that many and justice, I learned how to advocate for cybercrimes are still relatively unsophisticated. next logical space to develop as a practice those principles as a law student. These skills “Malware attacks launched through phishing area,” he says. Moreno’s practice in this niche have been critically important to me in my emails and similar low-tech schemes remain is also informed by his earlier career in the professional and personal life.” prevalent” she explains. “And they can be U.S. military, as a national security prosecutor prevented by low-cost measures, such as with the U.S. Department of Justice, and Taddeo, a U.S. military veteran, began his using two-factor authentication, limiting as a consultant to the FBI’s 9/11 Review legal career as a criminal investigator with data access, keeping software updated, and Commission. “In these diverse roles, I gained the FBI in New York, and then assumed requiring complex, unique passwords or other subject matter expertise in dealing with a succession of senior roles with greater access credentials.” cyberterrorism conducted by hostile foreign responsibility for FBI operations around the actors,” he shares. world. “Like just about every other FBI agent, Cybersecurity is a focus of Germano’s work I wanted to work the biggest, hardest, and as principal of Germano Law LLC. “I was a His broad base of experience affords most impactful investigations,” he says. “For federal prosecutor for 11 years before starting Moreno a clear view of the current threat the majority of my years as an agent, that my own boutique firm,” she shares. “As chief landscape. “The danger of being hacked was meant organized crime, white collar crime, of economic crimes at the U.S. Attorney’s bad enough when we were dealing solely and terrorism cases. It wasn’t until late in my Office for the District of New Jersey, I was with lone wolf attackers,” he says. “Now FBI career that I recognized the importance involved in, and supervised, cybercrime we have sophisticated, foreign military and of cybercrime and gravitated toward investigations and prosecutions, among other intelligence-backed hacking operations assignments in that field. Given that there responsibilities. I saw how cyberthreats were supported by the likes of China, Iran, Russia, weren’t many senior executives with cyber growing, and that companies needed help and North Korea who act with impunity.” expertise in the FBI, I soon found myself in a handling them.” These ever-growing threats—and constantly small group of experienced investigators who developing cyber regimes like the EU’s GDPR could effectively supervise cyber programs.” Germano also traces her interest in and regulations enacted by California, New cybersecurity back to her time at St. John’s York, and other U.S. states—only add to the Eventually, Taddeo left the FBI and took his Law. “I wanted to earn a law degree so I potent cybersecurity mix that, Moreno says, cybersecurity expertise to the private sector, could guide organizations and executives makes these challenging times for companies. where he now serves as chief information through crisis,” she says. As the research security officer at Cyxtera Technologies. “My and symposium editor of the St. John’s Given these challenges, seasoned primary responsibility is to ensure the security Journal of Legal Commentary—now cybersecurity lawyers have become essential of the critical information assets that Cyxtera the Journal of Civil Rights and Economic to corporate wellbeing. “We’re there to depends on to do business,” he explains. Development—I coordinated a symposium advise clients on regulatory, litigation, and “This includes general IT security, compliance, on Cyberspace and the Law. It was one of public relations matters, and that can go and product security. I also work with the very first conferences of its kind, and it a long way to addressing the merits of a Cyxtera’s developers to improve the features introduced me to the field of cybersecurity cybersecurity breach while also restoring and capabilities of the security products we in all its complexities.” public confidence,” Moreno says. “How offer to our customers.” you handle yourself in the first few hours In addition to working as a cybersecurity following a breach can mean the difference Considering the state of his field today, attorney, Germano engages her expertise between a temporary dustup and a longTaddeo notes that, out of sheer necessity, as a distinguished fellow at the NYU Center term disaster.” financial services companies lead every for Cybersecurity, as a senior fellow at NYU’s other sector in developing and deploying Reiss Center on Law and Security, and as As he weighs what it takes to succeed as a cybersecurity controls. “This lead is the an adjunct professor at NYU Law. “Good cybersecurity attorney, Moreno is clear that result of investments in staff and security cybersecurity starts with a risk assessment St. John’s Law graduates are up to the task. tools internally and external, cross-sector that focuses on the systems and data an “St. John’s lawyers are practical and know how collaboration,” he says. “By sharing and organization has, who has access to them, to handle themselves in the courtroom, the cooperating with each other, financial how they’re protected, and what threats boardroom, or in front of the media,” he says. institutions make the entire sector more they face,” she shares. “I enjoy helping “We are deliberative and thoughtful, but also secure and resilient.” executives and officials develop and test know how to make judgment calls and shift systems, plans, policies, and procedures for gears when faced with fast-changing events. Innovation, Taddeo points out, is fueling this improving cybersecurity in their organizations. Lawyers are generally well trained to handle crisis effort. “Companies are investing heavily in I’m dealing with critically important issues at response, but St. John’s lawyers are especially machine learning and artificial intelligence the intersection of security, technology, and well suited when it comes to reacting under fire that can predict malicious activity and take business. It’s fascinating and rewarding work.” to achieve the best results for our clients.” SPRING 2019 l 17