General Biography

David Cass recently joined Law & Forensics LLC as a Senior Partner. He leads the Cryptocurrency and Digital Banking Practice. David is also a member of the Cyber Security and Forensics Practice. He has extensive experience in financial services regulation, cryptocurrency, digital assets, blockchain, cloud, artificial intelligence, and digital banking. David recently completed serving as a lead regulator for the Federal Reserve Bank of New York where he was a member of the Large Institution Supervision Coordinating Committee (LISCC). Prior to his appointment David was the CISO & Global Partner of Cloud Security Services. In that role, he had global responsibility for all aspects of cloud security practices, processes, and policies across the IBM Security Services Unit. Mr. Cass served as a regulatory SME and an Executive Steering committee member for IBM’s International Banking Customers. David has been an active contributor to the FS-ISAC and the European Banking Federation on Cloud Compliance and Security for financial services firms, and worked closely with U.S., and International Regulators. David and his team have also led large-scale transformation projects at top international financial institutions. He was part of the team that introduced the first financial services blockchain initiative utilizing public cloud supported by ten major international banks.

Previously Mr. Cass served as the SVP & Chief Information Security Officer for Elsevier. Where he led an organization of experienced legal, risk and security professionals that provided data protection, privacy, security, and risk management guidance on a global basis for Elsevier. He also served as the HIPAA officer for Elsevier. David has over 4.5 years of experience running a regulated FTSE 100 enterprise in the cloud.

David has experience in IT security, risk assessment, risk management, business continuity and disaster recovery, developing security policies and procedures. He has played a key role in leading and building corporate risk & governance and information security organizations in the financial sector. As the Senior Director of Information Security Risk and Governance for Freddie Mac, David rebuilt the risk and governance function and developed a team to provide risk assessments, methodologies, tools, services, and training to improve the organization’s capabilities and maturity. Prior to that he was Vice President of Risk Management for JPMorgan Chase and was responsible for providing an accurate assessment of the current risk management state, contributing to the future direction of risk management, continuity, and disaster recovery capabilities for the organization.

David has an MSE from the University of Pennsylvania, and an MBA from MIT. He is also a frequent speaker at high-profile industry conferences and served on the Board of Directors for a public corporation. In addition, David is a member of the editorial board for The Journal of Law & Cyber Warfare and serves as a board member for the UCLA Extension Silicon Beach Innovation Lab. David is a faculty member for the Global Cyber Institute a non-profit organization and an adjunct faculty member for Harvard and Rutgers Law School. He is also a member of the New York City Cyber Critical Services & Infrastructure team organized by the NYPD and the office of the NY District Attorney.

Practice Areas

Blockchain

  • A fintech startup specializing in cross-border payments struggled with high fees and slow transaction times due to traditional banking channels. The engagement focused on leveraging blockchain technology to streamline operations. By developing a decentralized ledger system, the startup achieved near-instantaneous transactions at a fraction of the previous costs, enhancing competitive advantage. This innovation attracted a more extensive customer base and opened new markets, leading to a 50% growth in transaction volume within the first six months
  • A multinational corporation sought to integrate blockchain technology into its operations while ensuring strict compliance with data protection and privacy regulations. Our engagement involved designing and implementing a blockchain compliance solution that addressed critical regulatory concerns, including data anonymization techniques, consent mechanisms, and cross-border data transfer protocols. We provided expert guidance on leveraging blockchain’s inherent transparency and security features while complying with the General Data Protection Regulation (GDPR) and other relevant laws. Our innovative compliance solutions enabled the client to harness the benefits of blockchain technology effectively, ensuring data integrity and regulatory compliance
  • Tasked by a multi-national corporation aiming to expand its blockchain operations into Switzerland, renowned for its “Crypto Valley” in Zug, the consultancy provides an in-depth analysis of the Swiss regulatory environment. The focus is on understanding the Federal Council’s approach to blockchain and cryptocurrency, including tax implications, the legal framework for ICOs as per the Swiss Financial Market Supervisory Authority (FINMA), and navigating the cantonal differences within Switzerland. The consultancy advises on strategic partnerships with local blockchain entities and integration into the Swiss crypto ecosystem, ensuring the client’s expansion is seamless, compliant, and optimized for the Swiss market.

Crypto Consulting

  •  Recognizing the surge in cyber threats targeting cryptocurrency exchanges, a leading digital asset exchange engaged my consultancy services to conduct a thorough security assessment. The engagement focused on evaluating the exchange’s infrastructure for vulnerabilities, assessing the robustness of its cryptographic protocols, and implementing advanced security measures. We identified potential security gaps by leveraging state-of-the-art penetration testing techniques and blockchain security analytics. We proposed a strategic plan to bolster the exchange’s defenses against sophisticated cyberattacks, ensuring the protection of digital assets and maintaining trust with their users.

Cybersecurity Expert Witness

  • Following a significant cyber-attack on a regional credit union that compromised member data and disrupted services, I was engaged as a cybersecurity expert witness and consultant. My responsibilities included leading the incident response team to mitigate the attack’s impact, conducting a forensic analysis to identify the breach’s source, and developing a recovery plan to restore operations and secure the credit union’s systems against future attacks. Additionally, I worked closely with the credit union’s legal and compliance teams to navigate regulatory reporting obligations and communicated with affected members to rebuild trust. My strategic guidance helped the credit union enhance its cybersecurity posture and implement a proactive incident response strategy.

Incident Response

  • Assisted boards in developing and refining incident response plans. This entails efficiently preparing the organization to detect, respond to, and recover from cybersecurity incidents.
  • Conducted tabletop exercises and simulations to test the effectiveness of incident response plans, ensuring that the board and the organization are well-prepared to manage and mitigate the impact of cyber incidents, minimizing operational disruptions and financial losses
  • Engaged as a cybersecurity expert witness and consultant for a significant cyber-attack on a regional credit union that compromised member data and disrupted services.
  • When a multinational corporation fell victim to a sophisticated crypto-ransomware attack, resulting in the encryption of critical data and demand for a hefty ransom in cryptocurrency, they turned to my consultancy for urgent assistance. This engagement involved a swift incident response to contain the breach, forensic analysis to trace the attack vector, and negotiations with the attackers leveraging cryptocurrency tracing techniques to identify and possibly recover the funds. We also developed a long-term cybersecurity strategy, emphasizing ransomware prevention, employee training, and backup solutions to mitigate future risks.

Risk Management

  • A fintech startup venturing into cryptocurrency services engaged my consultancy to navigate the complex regulatory landscape and implement a robust risk management framework. This comprehensive engagement covered an analysis of applicable regulations, Anti-Money Laundering (AML) and Know-your-customer (KYC) compliance, and the development of a risk assessment model tailored to cryptocurrency transactions. By establishing clear compliance protocols and a risk mitigation strategy, the startup was positioned to operate legally and securely within the dynamic cryptocurrency market, minimizing potential legal and financial exposures.
  • Advised boards on developing and implementing a robust risk management program that identifies, assesses, and mitigates cybersecurity risks. This includes guidance on compliance with regulatory requirements and industry standards, helping companies navigate the complex regulatory landscape and avoid potential fines and reputational damage. I ensure that boards know their risk posture and compliance status through regular risk assessments and audits, facilitating proactive measures to address vulnerabilities and compliance gaps.
  • Engaged by a multinational bank, I led a project to develop and implement a comprehensive business resilience and continuity plan focused on cybersecurity threats. This involved conducting a thorough risk assessment to identify critical assets and vulnerabilities within their digital infrastructure. I then designed a tailored resilience strategy, incorporating advanced cybersecurity measures, employee training programs, and an incident response framework. The successful execution of this plan significantly enhanced the bank’s ability to withstand cyber-attacks, minimizing potential disruptions to their operations and protecting client data. This engagement showcased my ability to fortify business resilience through strategic cybersecurity planning.

Securities Consulting

  • Engaged by a leading global investment bank, our objective was to navigate complex securities regulations across multiple jurisdictions. This comprehensive advisory role included developing and implementing a robust regulatory compliance framework to ensure adherence to the evolving securities laws and regulations, including the Dodd-Frank Act and MiFID II. We conducted a thorough risk assessment of the bank’s trading and investment activities, providing strategic recommendations to mitigate compliance risks. Our guidance enabled the bank to refine its compliance policies, enhance internal controls, and establish a continuous monitoring system, ensuring its operations remained compliant while pursuing aggressive growth strategies in volatile financial markets.
  • Tasked by an innovative fintech startup, our mandate was to design a legally compliant Initial Coin Offering (ICO) framework. This engagement required a deep dive into the intersection of securities law and emerging cryptocurrency regulations. We conducted a detailed analysis of SEC guidelines, the Howey Test implications for digital assets, and applicable international regulations. Our deliverables included a comprehensive legal and regulatory assessment, the development of a white paper outlining the ICO process, and strategies for token classification to navigate regulatory complexities. Our advisory ensured the client’s ICO launch was successful, attracting significant investment while adhering to stringent securities regulations.
  • Advised a financial services conglomerate on strategic mergers and acquisitions which required a nuanced understanding of securities laws about M&A activities. The engagement involved conducting due diligence to identify potential regulatory hurdles, advising on structuring transactions to ensure compliance with the Securities Exchange Act of 1934 and facilitating communications with regulatory bodies. We provided strategic counsel on negotiating terms, representation and warranties, and developing integration plans that complied with applicable securities laws. Our advisory supported the client through successful acquisitions, enhancing its market position while ensuring regulatory compliance and minimizing risks associated with securities laws.

Credentials

Education:

  • Massachusetts Institute of Technology, Sloan School of Management – Cambridge, MA – Executive MBA (2012)
  • University of Pennsylvania, The Wharton School & Penn Engineering – Philadelphia, PA – Master of Science in Engineering; Technology Management (2006)
  • Lebanon Valley College – Annville, PA – Bachelor of Science (1993), Biology with a minor in Economics
  • Harvard University – Negotiation for Senior Executives program

Professional History:

  • Senior Partner – Law & Forensics LLC, 2022 to Present
  • Managing Director, Chief Information Security Officer – GSR, 2022 to Present
  • Vice President, Cyber & IT Risk LISCC – Federal Reserve Bank of New York, 2019 to 2022
  • Chief Information Security Officer, Cloud & SaaS Operations Global Partner Cloud Security – IBM, 2015 to 2019
  • Senior Vice President & Chief Information Security Officer – Elsevier, 2011 to 2015
  • Senior Executive Director – Information Security Risk & Governance – Freddie Mac, 2009 to 2011
  • Vice President – Director of Risk Management, Global Technology Infrastructure – JP Morgan Chase, 2005 to 2009
  • Senior Manager / Area Leader U.S. Information Technology – PricewaterhouseCoopers, 2001 to 2005
  • Director of Information Technology & IT Security – Max Blau & Sons, Inc., 1993 to 2001

Certifications and Memberships:

  • Certified Information Systems Security Professional (CISSP)
  • Certified Governance Enterprise Information Technology (CGEIT)
  • Certified Information Security Manager (CISM)
  • Certified Risk and Information Systems Control (CRISC)
  • Certified Information Privacy Professional Europe & US (CIPP/E & CIPP/US)
  • National Security Agency – InfoSec Assessment Methodology
  • Project Management Professional (PMP)
  • Microsoft Certified Systems Engineer (MCSE, retired)
  • AWS Cloud Practitioner
  • Certified Blockchain Professional (IIB Council)

Selected Memberships

  • Speaker & Contributor – World Economic Forum Information Systems Security Association
  • International Information Systems Security Certification Consortium (isc2) MIT Media Lab – Cryptocurrency and Blockchain
  • Project Management Institute Wharton Club of New York
  • Adjunct Faculty – Harvard
  • Served as Chairman for the ISSA to develop international Generally Accepted Information Security principles SME on IT Security and Project Management for CompTIA in the development of related certifications
  • New York State Bar Association – Cybersecurity Subcommittee Member Volunteer Mentor for Techstars Female Founders First program
  • Frequent speaker at high profile industry conferences; list of presentations available on request Volunteer Firefighter & Rescue Swimmer – New Hope Eagle Fire Department

Financial Services Company, Chief Risk Officer:

Law & Forensics’ guidance in board-level consulting has been transformative for our organization. Their expertise in integrating cybersecurity into our business strategy has not only enhanced our risk management but also improved our overall governance approach. Their team’s ability to explain complex cyber issues in a comprehensible manner has been invaluable.
 

Technology Startup, CEO:

The strategic advice from Law & Forensics on cybersecurity governance has been pivotal for our executive decision-making. Their team’s insights into emerging cyber threats and regulatory changes have helped us stay ahead of potential risks. Their contribution to our digital transformation journey has been outstanding.
 

Law Firm, Partner:

Law & Forensics’ digital forensics team played a crucial role in a high-stakes litigation case for us. Their detailed analysis and clear presentation of digital evidence were key in our success. Their professionalism and thoroughness set them apart.
 

Retail Corporation, Director of IT Security:

We turned to Law & Forensics for a complex internal investigation involving cybercrime. Their cutting-edge forensic techniques and meticulous attention to detail were impressive. The comprehensive forensic reports provided were critical in resolving our security issues.
 

Healthcare Organization, Chief Information Security Officer:

The cybersecurity audit and risk assessment provided by Law & Forensics were incredibly thorough. They helped us identify and address several critical vulnerabilities. Their recommendations have significantly enhanced our security posture.
 

Manufacturing Company, IT Manager:

Law & Forensics delivered an extensive cybersecurity assessment for our organization, aligning perfectly with industry standards. Their actionable insights have been instrumental in improving our cybersecurity defenses and compliance.
 

Law Firm, Senior Litigator:

In a complex cybersecurity legal case, the expert witness testimony provided by Law & Forensics was pivotal. Their ability to simplify technical evidence for the court was remarkable and influenced the case’s outcome positively.
 

Corporate Legal Department, General Counsel:

The expert testimony from Law & Forensics in a digital forensics dispute was invaluable. Their clear, concise, and unbiased presentation helped immensely in clarifying the technical aspects of the case for the jury.
 

Legal Services Provider, Head of Litigation Support:

Law & Forensics’ expertise in eDiscovery was evident in their handling of a large-scale project for us. Their strategic guidance on data management and technological solutions greatly enhanced our process efficiency and compliance.
 

Financial Institution, Director of Compliance:

The eDiscovery strategies developed by Law & Forensics were game-changers for our regulatory inquiries. Their ability to manage large volumes of data efficiently while reducing costs was exactly what we needed.
 

Telecommunications Company, Director of Cybersecurity:

During a major cybersecurity incident, Law & Forensics’ incident response team was exceptional. Their swift and effective management minimized the impact and expedited our recovery process.
 

Educational Institution, IT Security Head:

Law & Forensics provided expert leadership and coordination during a critical breach at our institution. Their tailored incident response plan and ability to work with various stakeholders were crucial in restoring our operations quickly.
Lorem ipsum dolor sit amet, consectetur adipisicing elit. Optio, neque qui velit. Magni dolorum quidem ipsam eligendi, totam, facilis laudantium cum accusamus ullam voluptatibus commodi numquam, error, est. Ea, consequatur.