Resume/CV

Andy leads high-profile cybercrime and data breach investigations and provides digital forensics and incidence response services. As an industry leader and expert in his field, his team provides services and solutions for clients in preparation and in response to matters involving a wide range of information security, privacy assessments, and investigations. His experience includes managing teams responsible for data breach investigations, complex digital forensic collections, network vulnerability and rapid security assessments. Andy has substantial experience providing testimony at deposition, hearings, and bench and jury trials.

 

As a former supervisory forensic analyst and Special US Marshal with the Regional Electronic & Computer Crime Task Force (REACCT), he managed digital-related investigations on all types of media, ensured compliance with accepted computer forensic protocols, and presented testimony for numerous criminal cases related to computer and digital forensics.

 

Andy is a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), former PCI Security Standards Council LLC Qualified Security Assessor (QSA), EnCase® Certified Examiner, (EnCE®) in EnCase® Forensic Edition, SANS GIAC Security Essentials (GSEC) and National Security Agency (NSA) Information Security Professional. He is also a member of numerous professional organizations, including the Information Systems Audit and Control Association (ISACA), International Association of Privacy Professionals (IAPP), High Technology Crime Investigation Association, and High Technology Crime Consortium. He is a former

adjunct professor at Anna Maria College.

Talon Transaction Technologies, Inc. & Nexpay, Inc. v. StoneEagle Services, Inc., United

States District Court, Northern District of Texas, Dallas Division. Case No. 3:13-CV-00902-D. April 2015.

 

KPMG, LLP v. Ronald B. Harvey, State of New York. Arbitration Proceeding. July 2012.

 

Hispano USA, LLC v. Azteca Milling, LP and Gruma Corporation v. Javier Ruiz Galindo, State

of Texas, District Court of Bexar County, 288 Judicial Court. Case No. 2011-CI-01313.

May 2012.

 

Passlogix v. 2FA Technology, et al., United States District Court, Southern District of New

York, New York City. Case No. 08-CV-10986. January 2010.

 

Leor Exploration and Production, et al. v. Guma Aguiar, United States District Court, Southern District of Florida, Miami Division, Florida. Case No. 09-60136-CIVIL-SEITZ. Evidentiary Hearing. December 2009.

Passlogix v. 2FA Technology, et al., United States District Court, Southern District of New

York, New York City. Case No. 08-CV-10986. November 2009.

 

Leor Exploration and Production, et al. v. Guma Aguiar, United States District Court, Southern District of Florida, Miami Division, Florida. Case No. 09-60136-CIVIL-SEITZ. Evidentiary Hearing. October 2009.

​

Skanska USA Building Inc. v. Long Island University, et al., Supreme Court, Kings County,

New York. Index No. 15097/2006. June 2009.

PLUS Annual Conference 2016, “Handling Cross Boarder Data Breaches,” Chicago, Illinois,

November 2016.

 

NetDiligence Annual Cyber Claim Study 2016, “The Real Cost of a Data Breach,” Webinar,

November 2016.

 

Advisen Cyber Risk Insights Conference, “First Party Exposures: Beyond Insuring Data Loss,”

New York, New York, October 2016.

 

IAPP Privacy & Security Forum, Washington DC, October 2016.

 

NetDiligence Cyber Risk & Privacy Liability Forum, “Leveraging Human Stupidity: Hackers’

Approach to Obtaining Crown Jewels,” Santa Monica, California, October 2016.

 

Western States Surplus Lines Conference, “Cyber Nightmares: A Look at Cyber Claims, and

Things Keeping Insureds Awake at Night,” Whistler, Canada, July 2016.

 

Alabama State Bar Annual Meeting, “Data Breach & Incident Response,” June 2016.

 

NetDiligence Cyber Risk & Privacy Liability Forum, “Leveraging Human Stupidity: Hackers’

Approach to Obtaining Crown Jewels,” Philadelphia, Pennsylvania, June 2016.

 

Advisen Cyber Risk Insights Conference, “Extortion,” Chicago, Illinois, May 2016.

 

RIMS Conference, “The Cross-Border Data Breach: How to Handle an Advanced Persistent

Threat,” April 2016.

 

HUB International Non-Profit Roundtable, “Cyber Risk in the Nonprofit Organization: Threats, Laws, and Antidotes,” New York, New York, March 2016.

 

PLUS Annual Conference 2015, “Handling Cross Boarder Data Breaches”, Dallas, Texas,

November 2015.

 

NetDiligence Annual Cyber Claim Study 2015, “The Real Cost of a Data Breach”, Webinar,

November 2015.

 

NetDiligence Cyber Risk & Privacy Liability Forum, “Leveraging Human Stupidity: Hackers’

Approach to Obtaining Crown Jewels,” Santa Monica, California, October 2015.

 

IAPP Privacy. Security. Risk. Conference. “NetDiligence Cyber Claims Study. The Real Cost of

a Data Breach”, Las Vegas, Nevada, October 2015.

​

Chase Cyber Security Conference, “Data Breach Readiness”, Woburn, Massachusetts,

September 2015.

 

RSM Insurance Industry, “Prevent, detect and correct: Cybersecurity and data breach

preparedness”, Webinar, September 2015.

 

RSM Law Firm CIO Conference, “Security & Privacy Trends,” Chicago, Illinois, June 2015.

 

Net Diligence Cyber Risk & Privacy Liability Forum, “Leveraging Human Stupidity: Hackers’

Approach to Obtaining Crown Jewels,” Philadelphia, Pennsylvania, June 2015.

 

Security & Privacy Trends, “Security Controls, Incident Response, & Mitigating Risk,” London,

United Kingdom, May 2015.

 

Advisen Ltd, “The Changing Face of Cyber Risk,” Webinar, April 2015.

 

E&I Corporate Services, “Lessons from the Dark Side: What We Can Learn from a Data

Breach,” Webinar, March 2015.

 

American Apparel & Footwear Association, “Security & Privacy,” Webinar, March 2015.

 

Microsoft Transparency & Trust in the Cloud, “Cloud Security Best Practices,” Boston,

Massachusetts, March 2015.

 

RSM Cyber Security Series, “Part 3: Corrective Controls,” Webinar, March 2015.

 

Net Diligence Annual Cyber Claim Study 2014, “The Real Cost of a Data Breach,” Webinar,

January 2015.

 

Construction Financial Management Association, “Managing Enterprise Risk for Your Growing Construction Company,” Boston, Massachusetts, January 2015.

 

Law Technology News, “Computer Networks & Business Partnerships: Protecting the

Exchange of Data,” Cybersecurity & Data Protection Legal Summit, New York, New York,

December 2014.

 

Greater Miami Chamber of Commerce, “The Convergence of Technology & Banking: Security & Compliance,” Miami, Florida, November 2014.

 

RSM M&A Learning Exchange, “Addressing IT Risks in the Private Equity Environment,”

Chicago, Illinois, November 2014.

 

RSM CFO Roundtable, “Data Breach Readiness & Response,” New York, New York,

November 2014.

 

Community College of Rhode Island, “Data Breach Readiness and Response Planning,”

Security Awareness Day, Warwick, Rhode Island, October 2014.

 

Massachusetts Bankers Association & Financial Managers Society, “Data Breach Readiness

and Response Plan,” Finance & Accounting Conference, Boston, Massachusetts, October

2014.

 

Infovest Security & Regulatory Issues for Hedge Funds, “Impact of Cyber Security Threats On

the Hedge Fund Industry,” Stamford, Connecticut, October 2014.

​

RSM Financial Services, “What Hedge Funds Need to Know About Cybersecurity Today,”

Online Video Recording, October 2014.

 

RSM 2014 Investment Industry Summit, “Cybersecurity Discussion,” New York, New York,

September 2014.

 

RSM Emerging Technology Conference, “Data Breach Readiness & Response,” Minneapolis,

Minnesota, September 2014.

 

RSM Emerging Technology Conference, “Data Breach Readiness & Response,” Boston,

Massachusetts, September 2014.

 

MHBT, “It’s 3AM - Do you know where your data is?,” Dallas, Texas, September 2014.

 

Beazley, “Data Breach/Information Security Readiness,” Webinar, August 2014.

 

RSM Public Sector Industry, “Security Threats & Remediation Strategies,” Webinar, August

2014.

 

Pennsylvania Bar Institute, “Cybersecurity Law 101—Perspectives from Government and

Academia,” Philadelphia, Pennsylvania, August 2014.

 

Premier Insurance Webinar, “Forensic Investigation Best Practices & Pitfalls,” August 2014.

 

Massachusetts Council of Presidents CFO Joint Meeting, “Data Breach Readiness &

Response,” Hyannis, Massachusetts, June 2014.

 

ISACA New England IT Audit/Security Annual Meeting, “How Organizations Can Stay Relevant

and Secure Through Innovative Technology,” Boston, Massachusetts, June 2014.

 

RSM Tax Controversy Webinar, “IRS Account Problems: Preventing Identity Theft and

Managing IRS Penalties and Interest,” May 2014.

 

FMI Financial Executive & Internal Auditing Conference, “Information Security & Privacy: Are

You Ready For A Data Breach?” San Francisco, California, May 2014.

 

New England Board of Higher Education, “Cyber Defense: Executive and Board Leadership

Strategies for Assessing Threats, Preventing Security Breaches and Promoting University

Awareness,” Boston, Massachusetts, April 2014.

 

Boston Chapter of the Association of Government Accountants, “Data Privacy & Security,”

Greater Boston, Massachusetts, March 2014.

 

Annual Boston Nonprofit Summit, “How Nonprofits Can Stay Relevant and Secure Through

Innovative Technology,” Boston, Massachusetts, March 2014.

 

ISACA Boston Breakfast Meeting, “Information Security & Privacy: Overview of Data Breach

Readiness & Response,” Boston, Massachusetts, March 2014.

 

UHC Web Conference—Best Practices for the “First Responder” IT Professional to a Breach

Incident, “Data Breach Readiness & Response,” March 2014, Webinar.

 

Corporate Counsel & Compliance Exchange, “Strengthening Your Anti-Corruption Compliance Program,” Palm Springs, California, February 2014.

​

Massachusetts Attorney General’s Office, “Search Strategies: Finding What You Want in the

eDiscovery Pile,” Boston, Massachusetts, October 2013.

 

Boston University School of Law, “E-Discovery Law & Practice,” Guest Lecturer, Boston,

Massachusetts, September 2013.

 

RIMS 2013 Florida Chapters 38th Annual Joint Educational Conference, “Network Security &

Privacy—Emerging Trends,” Naples, Florida, July 2013.

 

National Underwriter Property & Casualty, “Got Cyber Coverage? Strategies to Protect Your

Clients,” Property Casualty 360, Online Webinar, May 2013.

 

Premier Insurance Management Services, “Data Encryption—A Critical Loss Mitigation Tool for Healthcare Organizations,” Online Webinar, April 2013.

 

New Jersey Institute for Continuing Legal Education, “Mastering Data Breach, ID Theft &

Privacy Laws,” Rutgers University Law Center, New Brunswick, New Jersey, March 2013.

 

Wyatt & Wells Fargo Seminar, “Network Security, Privacy, & Risk,” Louisville, Kentucky,

January 2013.

 

PLUS 25th Annual Conference, “Privacy & Data Security: The True Impact of Exposures,”

Chicago, Illinois, November 2012.

 

Net Diligence Cyber Risk & Privacy Liability Forum, “Why Can’t We All Just Stop Breaches!”

Marina del Ray, California, October 2012.

 

Beazley Bytes, Connecting the Dots—Forensic Services, Podcast, October 2012.

 

Changes to European Data Privacy Changes Everything, 2012 Connecticut Privacy Forum,

Hartford, Connecticut, October 2012.

 

Cloudy with a Chance of a Perfect Storm: Discovery in the Cloud Computing Age, American

Bar Association, ABA Annual Meeting, Chicago, Illinois, August 2012.

 

Cybercrime Workshop: Computer Investigations 101: No IT Experience Required, ASIS—

Boston Chapter, Boxborough, Massachusetts, April 2012.

 

ALPFA Law—Privacy and Information Security Landscape in the Wake of Wikileaks, ALPFA

Boston and ALPFA Law Board, April 2011.

 

Social Networking, Data Warehouses and Digital Cultures, Ohio Association of Chiefs of Police In-Service Training, Columbus, Ohio, 2010.

​

“What is the cost of reputation harm?” RSM Insight Article, July 2016.

 

“Successfully Vetting Forensic Firm.” APRI CyberPro Magazine, May 2016.

 

“Do You Have Enough Cyber-Security Insurance?” Baseline Magazine, May 2016.

 

“Implementing a proactive data security plan: The 3 stages of a data breach.” GACC Midwest Report 2015, January 2016.

​

“Using Data Analytics to Detect and Prevent Fraudulent Activity.” Risk & Compliance

Magazine, July–September 2015.

 

RSM Incident Response Guide, April 2015.

 

“Successfully Vetting Forensic Firms.” Risk & Compliance Magazine, April–June 2015.

 

“Five Tips to Enhance Your Organization’s Cybersecurity.” Boston Business Journal, March

2015.

 

“Five Tips to Enhance Your Organization’s Cybersecurity.” High Profile Magazine, February

2015.

 

Bookity, “The Art of Data Security for Museums.” February 2015.

 

“Cybersecurity & Hedge Funds.” RSM Investment Industry Insights, October 2014.

 

“Implementing a proactive data security plan: The 3 stages of a data breach.” RSM Insight

Article, September 2014.

 

“Risk Managers, Lawyers, & Information Technology: Three Different Languages, One

Common Goal.” NAVIGANT Experts Corner, November 2012.

 

“Tweet, Post, & Read All About Me: A Discussion on Technology, Social Networking, & the

Workplace.” OACP Magazine, 2010.

 

“Digital Mayhem in Schools.” Author, Omni Publishing Company, 2007.

 

“Email Investigations and Instant Message Tracking.” Author, Omni Publishing Company,

2007.

 

“Preserving Digital Evidence.” Author, Omni Publishing Company, 2007.

 

“Digital Forensic Investigations.” Author, Omni Publishing Company, 2006.