Who Belongs Where? How to Effectively Integrate Your Company’s Privacy, Legal, & Security Teams

Who Belongs Where? How to Effectively Integrate Your Company’s Privacy, Legal, & Security Teams – Suchismita Pahi, Fred Jennings, Hannah Poteat, Mike Johnson, Marina Spyrou, Moderator: Calli Schroeder


You’ve got a whole pack of privacy lawyers, cybersecurity team members, a CISO, a CTO, a CPO, a General Counsel, privacy engineers, security engineers, and more. Where do you put them? Who reports to who? There is a robust and lively debate going on among CISOs, CPOs, GCs, and others about structuring privacy and security teams efficiently and effectively within an organization. Sit in and listen to that debate here – and maybe take away some recommendations for your own teams.


Suchi is a data privacy and cybersecurity lawyer (@SuchiPahi). She was supposed to be a doctor, but went rogue and wound up in law school arguing about the CFAA. After 4 years of working on some of the most incredible incidents as a cybersecurity lawyer and of helping companies of all sizes set up privacy and security practices, she decided to leave the law firm life so that she could do more tech law things. Hannah (@nsqe) is a data privacy and information security attorney with over 20 years of experience in privacy, security, intellectual property, and internet policy, and did privacy before privacy was cool. Prior to taking on a legal career, Hannah worked in information security for fourteen years. As Twilio’s Senior Privacy Counsel, Hannah advises on the nexus of global and sectoral data protection and telecommunications laws. Marina is a well-established change agent in technology and cyber security with over 15 years of experience developing and delivering cyber security and IT strategy and programs. She has extensive experience aligning cyber strategy with business strategy while executing enterprise wide initiatives. Marina has expertise in risk management, data strategy and governance, security controls, information technology implementation and transformation, training, and project management. As Planned Parenthood Federation of America’s (PPFA) and Planned Parenthood Action Fund’s CISO, she works with senior leadership team to provide technical and cyber security expertise to mature the security posture of the Federation. Mike has over twenty years of experience in the security industry. He’s currently enjoying some well earned time off after a year and a half as Lyft’s first CISO where he had overall responsibility for their cybersecurity efforts. Prior to Lyft, he spent nine years at Salesforce in various roles, ultimately building and growing their world class Detection and Response organization. He started his career prototyping intrusion detection systems for battlefield networks. Fred is yet another privacy and cybersecurity lawyer, with a background in cybercrime defense. As GitHub’s Associate Corporate Counsel, he works closely with their security teams on bug bounty policy, incident response, and breach notifications. When not lawyering, Fred enjoys shell script kludges and improbable vehicles. Calli is a privacy and tech law attorney who has worked at the Federal Trade Commission, the International Association of Privacy Professionals, law firms, and privacy and web security companies. A University of Colorado Law School alumnus, she is a former Lead Student Note Editor of the Colorado Technology Law Journal and a Silicon Flatirons volunteer. She has published articles on IRB laundering in human subject testing and FTC enforcement expansion under unfairness. She is currently writing an article on privacy and surveillance issues in fantasy.