Dr. Sarah Lewis Cortes - Vice Chairman and Clerk
Dr. Sarah Lewis Cortes, CIPP/E (GDPR), CISA, CRISC is in Privacy Engineering and Assurance at Netflix, with responsibility for implements comprehensive privacy programs. She earned her undergraduate degree at Harvard University, studied Forensic Sciences at Boston University Medical School, and holds a PhD in Computer Science, Cybersecurity from Northeastern University, specializing in the Darknet, Privacy and Privacy Law as well as IT Security, topics on which she has published extensively. She conducts training and research with the FBI, the Alameda County Sheriff’s Office Digital Forensics Crime Lab, and other LEAs. She has implemented and overseen major security and privacy programs and operations in regulated industries, achieving compliance in SOC2, SOX, PCI and GDPR, and other laws and regulation and IT control frameworks.
Prior to undertaking her PhD, Sarah was Senior Vice President for Security, IT Audit and Disaster Recovery at Putnam Investments, an investment management firm with over $400 billion in assets under management, 79 mutual funds, 96 institutional clients, and over seven million shareholders and retirement plan participants. She oversaw Putnam’s recovery on 9/11 when then-parent company Marsh & McLennan’s World Trade Center 99th floor data center was destroyed. She also supervised over and 65 compliance and IT audits per year as well as incident investigations. As a senior executive and later consultant for Putnam and other Fortune 500 firms, Sarah also had responsibility for major applications development, data center and other operations, with over 100+ staff and $50m budgets. Before that, Sarah was a Sr. VP for Data Center and Security Operations and Compliance with BNY Mellon Bank, a global investments company with $1.6 trillion in assets under management, previously a part of Shearson/Lehman/American Express, the giant financial services conglomerate.
Sarah helped draft the first-ever data breach law, in Massachusetts in 2008, and testified before the Massachusetts Legislature on Data Breach Laws, and Massachusetts General Law (MGL) Chapter 93H. She also testified before the Massachusetts Office of Consumer Affairs & Business Regulation (OCABR) on its privacy regulations, 201 CMR 17.00
As part of the NIST Privacy and Security Working Group from 2009-2016, she co-authored the NIST 7628, Smart Grid Security, Privacy Standards in 2010, and the 2014 revision.
Sarah has published extensively on computer security, privacy, mutual criminal legal assistance treaties (MLATs), and the darknet, including MLAT.is World Treaty Cartel Internet Overlay for Darknet and Digital Traffic Analytics for MLAT.is, featured in the 2017 IEEE International Symposium on Technologies for Homeland Security (HST17). She regularly serves as a referee for Computers & Security Journal.
She has implemented numerous computer applications in use today. Together with Department Chair, Boston University School of Medicine, Department of Biomedical Forensic Sciences and former Cellmark lab director Dr. Robin Cotton et al., Sarah implemented the DNA Mixtures online tool, with a grant from the US Department of Justice. DNA Mixtures was highlighted in the Executive Office of the President, President’s Council of Advisors on Science and Technology (PCAST), Report to the President: Forensic Science in Criminal Courts: Ensuring Scientific Validity of Feature-Comparison Methods in 2016.
A former analyst for the US Department of Energy, she led the National Institute for Science and Technology (NIST) Cybersecurity Working Group sub-team, as co-author of the 2014 NIST: Guidelines for Smart Grid Cyber Security: Vol. 2, Privacy and the Smart Grid, as well as the 2010 volume, that created the security and privacy laws section of the report. She served on the privacy use cases team for two years and the NIST cybersecurity working group (CSWG) on Smart Grid privacy for seven years. She has co-led Northeastern University Law School Legal Skills in Social Context (LSSC) clinics on surveillance law and online privacy tools and technology, as well as an MIT Co-Design Studio class at MIT Media Lab. She has helped draft data breach laws, and testified before the Massachusetts legislature and regulatory agencies.
In addition to her work on various industry standards bodies, Sarah serves on the IEEE (Institute of Electrical and Electronics Engineers) P1912 Privacy and Security Architecture for Consumer Wireless Devices Working Group. Sarah serves as a postdoctoral researcher in Digital & Multimedia evidence at the Alameda County Sheriff’s Office Crime Lab in Digital and Multimedia Evidence, and trains law enforcement in forensic techniques. In her work to help end cyberstalking and abuse through technology, Sarah serves on the Boards of Emerge, the first Abuser Intervention Program (BIP), and Each One Teach One, dedicated to training for technology employment.
Prior to undertaking her PhD, Sarah was Senior Vice President for Security, IT Audit and Disaster Recovery at Putnam Investments, an investment management firm with over $400 billion in assets under management, 79 mutual funds, 96 institutional clients, and over seven million shareholders and retirement plan participants. She oversaw Putnam’s recovery on 9/11 when then-parent company Marsh & McLennan’s World Trade Center 99th floor data center was destroyed. She also supervised over and 65 compliance and IT audits per year as well as incident investigations. As a senior executive and later consultant for Putnam and other Fortune 500 firms, Sarah also had responsibility for major applications development, data center and other operations, with over 100+ staff and $50m budgets. Before that, Sarah was a Sr. VP for Data Center and Security Operations and Compliance with BNY Mellon Bank, a global investments company with $1.6 trillion in assets under management, previously a part of Shearson/Lehman/American Express, the giant financial services conglomerate.
Sarah helped draft the first-ever data breach law, in Massachusetts in 2008, and testified before the Massachusetts Legislature on Data Breach Laws, and Massachusetts General Law (MGL) Chapter 93H. She also testified before the Massachusetts Office of Consumer Affairs & Business Regulation (OCABR) on its privacy regulations, 201 CMR 17.00
As part of the NIST Privacy and Security Working Group from 2009-2016, she co-authored the NIST 7628, Smart Grid Security, Privacy Standards in 2010, and the 2014 revision.
Sarah has published extensively on computer security, privacy, mutual criminal legal assistance treaties (MLATs), and the darknet, including MLAT.is World Treaty Cartel Internet Overlay for Darknet and Digital Traffic Analytics for MLAT.is, featured in the 2017 IEEE International Symposium on Technologies for Homeland Security (HST17). She regularly serves as a referee for Computers & Security Journal.
She has implemented numerous computer applications in use today. Together with Department Chair, Boston University School of Medicine, Department of Biomedical Forensic Sciences and former Cellmark lab director Dr. Robin Cotton et al., Sarah implemented the DNA Mixtures online tool, with a grant from the US Department of Justice. DNA Mixtures was highlighted in the Executive Office of the President, President’s Council of Advisors on Science and Technology (PCAST), Report to the President: Forensic Science in Criminal Courts: Ensuring Scientific Validity of Feature-Comparison Methods in 2016.
A former analyst for the US Department of Energy, she led the National Institute for Science and Technology (NIST) Cybersecurity Working Group sub-team, as co-author of the 2014 NIST: Guidelines for Smart Grid Cyber Security: Vol. 2, Privacy and the Smart Grid, as well as the 2010 volume, that created the security and privacy laws section of the report. She served on the privacy use cases team for two years and the NIST cybersecurity working group (CSWG) on Smart Grid privacy for seven years. She has co-led Northeastern University Law School Legal Skills in Social Context (LSSC) clinics on surveillance law and online privacy tools and technology, as well as an MIT Co-Design Studio class at MIT Media Lab. She has helped draft data breach laws, and testified before the Massachusetts legislature and regulatory agencies.
In addition to her work on various industry standards bodies, Sarah serves on the IEEE (Institute of Electrical and Electronics Engineers) P1912 Privacy and Security Architecture for Consumer Wireless Devices Working Group. Sarah serves as a postdoctoral researcher in Digital & Multimedia evidence at the Alameda County Sheriff’s Office Crime Lab in Digital and Multimedia Evidence, and trains law enforcement in forensic techniques. In her work to help end cyberstalking and abuse through technology, Sarah serves on the Boards of Emerge, the first Abuser Intervention Program (BIP), and Each One Teach One, dedicated to training for technology employment.