Andreas Kaltsounis, Michael Montoya, Leonard Bailey

Uber’s former Chief Security Officer was charged with two federal felonies in connection with the company’s 2016 data breach. We’ll explore and explain the obstruction of justice and misprision of a felony charges brought in that case. When are organizations required to report to law enforcement, and when does an organization or its employees cross the line into criminal territory? The Uber case also raises questions about how organizations should run vulnerability disclosure programs; what it means for organizations without a formal disclosure program that receive unsolicited disclosures; and whether organizations should consider reporting to law enforcement in some circumstances. The session will end with recommendations for responsible disclosure requirements and bug bounty programs.

Andreas Kaltsounis, Partner, BakerHostetler
Michael Montoya, Chief Information Security Officer, Equinix
Leonard Bailey, Head of the Cybersecurity Unit & Special Counsel for National Security, U.S. Department of Justice

Andreas Kaltsounis


Leonard Bailey

Head of the Cybersecurity Unit and Special Counsel for National Security
U.S. Department of Justice

Michael Montoya

Chief Information Security Officer