ADVISORY SERVICES:- Pre-Seed / Seed Stage Advisory Boards (for equity)- Series A+ Stage Advisory Boards- Executive-level advice on setting up Privacy-by-Design strategies, PETs for data sharing and analytics, selecting Privacy Tech vendors, hiring privacy experts, understanding privacy-related product & engineering requirements, how to approach privacy assurance, and where to find technical privacy resourcesCONSULTING SERVICES:- AI Governance- Marketing / Sales Support: guide on go-to-market messaging for privacy tech products or features so that it meets the needs of buyer personas (e.g, CPOs, CISOs, DPO, CTO, CIO, etc.)- Product Privacy Risk Reviews- Privacy Research- Technical Writing for Privacy & Emerging Tech: whitepapers, blog posts, journals- Delivery of Privacy Training: Privacy by Design, Privacy Engineering, Product Privacy, Privacy Enhancing Technologies- Partner with Data Scientists, Product Teams, and Engineering teams to embed privacy into business processes and systemsPROJECTS:(Nov 2023 - Jan 2024) CA DMV Mobile Driver's License Pilot - Privacy Review- Conducted the Privacy Review and Assessment of the California DMV's mDL Pilot (as a subcontractor for Privacy Rescue), with recommendations to meet the minimum privacy requirements across mDL / VC standards, the AAMVA mDL Implementation Guidelines, and privacy requirements on behalf of the CA DMV's Chief Digital Transformation Officer for inclusion in a CA DMV Legislative Report.- Conducting research on Verified Credentials and Verified Data Registries

Shifting Privacy Left features lively discussions on the need for organizations to embed privacy by design into engineering, devops and the product development processes BEFORE code or products are ever shipped. Each Tuesday, we'll publish a new episode that features meaty interviews with privacy engineers, technologists, researchers, ethicists, innovators, market makers, and industry thought leaders. We'll dive deeply into this subject and unpack the exciting elements of emerging technologies and tech stacks that are driving privacy innovation, strategies and tactics that win trust, privacy pitfalls to avoid, privacy tech issues ripped from the headlines, and many other juicy topics of interest.https://shiftingprivacyleft.buzzsprout.com

I reviewed talk submission and promoted the conference to my network of privacy engineers. I also served as a Room Captain, introducing speakers at the conference. I also stepped in to moderate a panel on Privacy Design Patterns in ML/AI when a speaker was no longer able to attend. PEPR is focused on designing and building products and systems with privacy and respect for their users and the societies in which they operate. Our goal is to improve the state of the art and practice of building for privacy and respect and to foster a deeply knowledgeable community of both privacy practitioners and researchers who collaborate towards that goal.For PEPR 2024, I served as moderator for the panel "Privacy Design Patterns for AI Systems: Threats and Protections" (https://www.usenix.org/conference/pepr24/presentation/panel-privacy-design)

PrivacyCheq develops privacy enhancing technologies (PET) for mobile & web.

Privado is a static code scanning tool to find, fix and remediate privacy issues in your products & applications. Our scan discovers what personal data (as defined by GDPR, other laws) your app is processing, third-party integrations, and data flows. With the scan results, Privado generates privacy reports for your apps as mandated by laws like GDPR or platforms like Apple and keep them in-sync with code changes.

The TROPT Privacy Tech Visionaries Circle (or “TROPT Visionaries”) is an exclusive gathering of the privacy profession’s and the privacy tech industry’s innovative and forward-thinking leaders.

TROPT Defining the Privacy Tech Landscape Whitepaper 2021:- We start off by defining privacy tech, which requires understanding privacy. - We then categorize privacy tech, introducing the TROPT Privacy Tech Stack. - We also surveyed privacy tech key players to hear about their different pain points, the privacy problems they’re solving for, the solutions they’re building or buying, and the challenges they face at this nascent time in the privacy tech industry.- Lastly, we share insights from the forefront of the privacy tech industry, with recommendations on how we can collectively keep fueling privacy tech and innovation. We outline proposed responses to what we learned from this endeavor. TROPT Privacy Tech Stack Whitepaper 2022:- In this follow-up whitepaper, we continue to fuel privacy tech and innovation by building on top of the TROPT Privacy Tech Stack that we introduced last year. The TROPT Privacy Tech Stack is a living framework for categorizing privacy tech solutions. - As promised, we are updating the TROPT Privacy Tech Stack to categorize the privacy tech landscape as it matures. - We will continue to welcome feedback on the TROPT Privacy Tech Stack, as always. - Lastly, we share insights from the forefront of the privacy domain and the emerging privacy tech industry, with insights from TROPT Innovators, TROPT Visionaries, and the greater TROPT community of founders, investors, buyer-users, and domain experts.

The Rise of Privacy Tech is an initiative to bring together privacy tech innovators, investors, experts, and evangelists. Together, we evangelize and fuel the rise of privacy innovation.

D-ID started out as an anti-facial recognition technology, and has pivoted to become one of the leading GenAI Platforms. D-ID’s generative AI technology elevates video content for professionals in the fields of marketing, learning and development, and CX, as well as for content creators of all sorts.I advised the executive team on how to implement a privacy-first, ethical framework for developing the platform, which you can find here: https://www.d-id.com/ethics/D-ID was established in 2017 and is backed by tier 1 VCs. Over 150 million digital humans have been created using its technology. Recent clients include Warner Brothers Pictures, Publicis, Mondelez, Skilldora, and MyHeritage who have used D-ID’s platform to create extraordinary experiences.

Served as an Overall Hedera Hackathon Judge, where I reviewed and scored hackathon submissions of decentralized application projects built with scalable Solidity Smart Contracts on Hedera.

Hedera Hashgraph is revolutionizing the world of distributed technology by using a few key technologies such as aBFT, proxy staking, virtual voting, and gossip protocol, which enable a fast, fair, and secure network.I delivered external privacy thought leadership via educational social media posts and community engagement, conference talks, Twitter Spaces discussions, webinars, and a whitepaper for Hedera on privacy and data protection considerations when architecting on DLT.

- Drafted and implemented Prime Video's Privacy Standard. - Co-developed and implemented PV's Privacy Strategy.- Oversaw the setting up and management of Prime Video's Privacy by Design program. - Innovated and documented new privacy mechanisms to facilitate compliance with the PV Privacy Standard and our customers' expectations.- Oversaw the onboarding of in-scope PV services to Amazon systems that enable upload & delivery of DSARs and to apply data retention and deletion capabilities. - Consulted with PV product and engineering teams to enable their compliance with PV.- Served as Editor-in-Chief to the Prime Video Security Team's bi-monthly publication, Security Matters.

- Led strategy for privacy assurance at AWS embedded within the AWS Security Assurance team, with cross-functional inputs from engineering, compliance, security, and product.- Responded to customer inquiries regarding privacy.- Supported product leaders shipping privacy features.I transferred within Amazon from AWS to Prime Video when AWS was unwilling to appoint a senior official accountable for privacy across this large org to champion efforts and support my mandate.

Led the U.S. Technical Advisory Group in formulating consensus positions for development of the global ISO "Consumer Protection: Privacy by Design for Consumer Goods & Services" standard (ISO/PC 317).

Review conference submissions and promote the conference to my network of privacy engineers

- Served as Chief Evangelist for BigID to the privacy community. - Represented BigID on numerous privacy and security conference panels and in the press as their privacy expert. - Supercharged sales efforts by facilitating intros, assisting on demo calls, and attending trade show vendor booths. - Drafted marketing materials that demonstrated how BigID meets the strategic privacy needs of CPOs, DPOs, CISOs, CDOs, and regulators.- Evangelized for better, innovative ways to discover personal data across enterprise structured and unscructured data ecosystems; and, led initiatives related to privacy evangelism, industry collaboration, privacy engineering, and product innovation.- Launched Privacy Engineering Meetup Groups in 14 cities across the world to create a community of engineers who were interested in solving for current technical privacy challenges in their organizations.- Represented BigID on the ISO PC/317 Privacy by Design U.S. Technical Advisory Group.

From 2015-2017: - Served on Advisory Boards for startups and government. - Advised global organizations on data protection and cybersecurity trends and market strategy.- Acted as CPO-on-demand for several clients (on retainer)- Conducted privacy risk reviews during the M&A due diligence process.- Trained global workforces on privacy and cybersecurity issues.- Represented NotSoSecure at U.S. events and advocate for their security services: 1) high-end penetration testing services and 2) onsite ethical hacking training courses. NotSoSecure's team of Ethical Hackers (who are lead security trainings at BlackHat) produces some of the world’s top application and infrastructure security research. From 2012-2014:- Farber Strategies consultants advised clients on how to build privacy protections into product and service offerings. We have an abundance of privacy strategy and security compliance experience within the healthcare, financial, retail, Internet, and technology industries. - We partnered with TrustArc, Promontory, & IANS to deliver privacy and data protection consulting to larger clients.

As a key member of the Visa Global Public Policy team, I compiled and developed critical insights on a range of public policy topics that impact the electronic payments industry generally and Visa Inc. specifically, with a focus on global issues associated with payment security, cybersecurity /cybercrime, and privacy. Some ares of focus included: authenticating payments via EMV, biometics, risk-based authentication, 3D-secure, etc.; threat intelligence / information sharing; cybercrime / payment fraud disruption; IoT and secure payments (e.g., via smart things, smart homes, and connected cars); and, privacy (e.g., data localization, EU data protection / GDPR, big data, etc.). - Co-led Visa's Cybercrime Task Force- Represented Visa on the 2016 World Economic Forum's Advancing Cyber Resilience Working Group- Represented the Public Policy team on Visa's Blockchain Working Group

Worked with public and private sector cybersecurity policy experts on behalf of Visa to develop a Report, "Principles and Tools for Boards," that includes three sections: 1) Board Principles for Cyber Resilience (toolkit with questions); 2) Board Cyber Risk Framework; and 3) Board Insights on Risk from Emerging Technology. The Report will be published at the WEF 2017 Annual Meeting in January in Davos, Switzerland.

Provided executive-level consulting to CISOs and senior management on a range of security and privacy topics that significantly impact security programs and the associates success of businesses. Also, drafted written faculty insights, led webinars, and spoke at IANS Forums.

As a Senior Consultant at TrustArc (formerly TRUSTe), I was primarily responsible for managing data privacy projects for global clients. I successfully managed and delivered on EU-US Safe Harbor, EU Data Protection Directive, and GAPP assessments; privacy impact assessments ("PIA"​), data classification and categorizations; and, strategic privacy priorities and vendor assessments. In addition, I authored various articles and white papers, presented to privacy and security industry groups at conferences, and led TRUSTe and IAPP webinars with over 400 attendees. My insights on new privacy developments have been quoted in major news outlets, such as The Wall Street Journal, Mashable, Washington Internet Daily, and the IAPP Daily Dashboard. In 2015, I presented at the "2015 IAPP Global Privacy Summit,"​ the "2015 TRUSTe IoT Privacy Summit,"​ the "Privacy, Policy, and Technology Summit: Business of Privacy,"​ and the "2015 MEF Consumer Trust Summit."

Led privacy training workshops for individuals who are preparing for the IAPP Privacy Foundation, CIPP/US, CIPT, and CIPM certification exams. Delivered privacy training, instruction, and education at privacy industry events and private corporate engagements on behalf of IAPP.

Served as privacy and security advisor for Numera Social, Numera Net, and projects in development. Set up and institutionalized an effective agile with scrum product management process, serving as the first Product Owner for Numera Social, a social health and wellness mobile app that is available via Facebook on iPhone and Android. Set strategy, defined feature sets, and wrote/prioritized user stories with detailed acceptance criteria. Worked closely with Design, Marketing, Advertising, and Business Development teams to influence user experience, responsible information governance, and mobile privacy best practices. Set strategy to respect online privacy, advertising, HIPAA, HITECH, and US-EU Safe Harbor requirements. Successfully launched the Numera Social (beta) applications at the 2011 Health 2.0 Conference in San Francisco. Oversaw various legal projects, including the successful filing of our software patent application, review of technology contracts, policy development, and breach risk mitigation.

Stood up the company’s first privacy program, reporting to General Counsel, for this boutique consulting and business intelligence firm. Oversaw all privacy and security strategy, policy, and training for the organization, until a Chief Security Officer was put in place. Worked with Product, Services, and Acquisition teams to provide requirements for appropriate use and disclosure. Stood up an effective program for data masking (during QA) and data de-identification (for sharing data sets). Interfaced with members, presented at industry conferences, assessed risk, and negotiated contracts. Helped close sales and business development deals by serving as privacy and security subject-matter expert. Developed key info governance initiatives around de-identification, vendor management, privacy incident response, data classification, information lifecycle management and privacy risk identification and mitigation. Managed a team, including a direct report and several security contractors, who assisted with firm-wide risk assessments, policy development, training and awareness, and program management. Oversaw and implemented firm-wide privacy and security training and awareness efforts. Developed and operationalized data protection strategy and policies to comport with breach notification, HIPAA/HITECH, FERPA, Safe Harbor and Australian Data Protection legislation.

Consulted public sector organizations on privacy and security strategy. Managed projects that balanced the needs for privacy and needs for access to and sharing of records, applying balanced protections and controls to nascent government initiatives. For example, served as an IBM privacy lead for the $500 million transformation effort to overhaul the Department of Homeland Security's paper-based USCIS agency and informed requirements for the design of systems/business processes that granted benefits electronically.Earned two quarterly 2008 Service Excellence Awards for delivery excellence and efforts to grow the practice.

Evangalized privacy practices within all product groups to protect consumers, earn trust and build the brand, at this now defunct social health startup led by Steve Case. Drafted internal and customer-facing policies and worked closely with the product and development teams throughout the software development life cycle. Benchmarked policies and standards based on law, competition, and best practices. Worked closely with legal, engineering, design, product, and marketing teams to understand business needs and to inform on policy.Reviewed contracts, identified privacy gaps and drafted consumer-facing disclaimers for transparency and consumer protection. Reviewed products and advised on appropriate protections and controls regarding certain areas of the platform: Community, Moderation, Online Communication, Data Collection and Use, Advertising, and Personalization. Chaired the E-Communications Team Committee and served as Privacy Lead to the Compliance Committee.

Drove American Express' online privacy initiatives on a global basis, working as part of the Global Privacy Office. This included enterprise-wide online privacy policy creation and implementation of privacy policy for the company's websites, 3rd-party branded initiatives and any related web-based applications. Advised on new product development for online products and co-branded initiatives. Represented the Privacy Office for all online-related marketing and servicing projects. Worked very closely with our E-Communications teams to provide guidance on enterprise email initiatives, cross-site personalization experience, and new channel development. Assisted with GLBA, FCRA, FACTA, CAN-SPAM, direct mail, telemarketing privacy policy development, and implementation.

Researched legal issues regarding privacy concerns affecting businesses and consumers. Updated privacy litigation report, collected statistics, and contributed to Privacy & American Business, a privacy industry newsletter. Reviewed current state and federal privacy, security and technology statutes, tracked pending legislation and summarized trends. Researched trademark issues for new product registration. Wrote sections of the Center's privacy information guide regarding business' storage of customer data, web site privacy policies & online seals, and SSL & other secure information transfer technology.

Assisted JAG attorneys defend the United States in cases pending before the Court of Federal Claims and the United States District Courts. Coordinated joint legal defense strategies between the U.S. Army and the Department of Justice for Freedom of Information Act (FOIA) litigation. Deepened knowledge of compliance with U.S. Privacy Act, FOIA and other open government laws.