David Patariu
Partner, The CISO Law Firm; ISC2 CCSP, CISSP
Actions
David Patariu is a Privacy Law Specialist (PLS), Fellow of Information Privacy (FIP) with the International Association of Privacy Professionals (IAPP), and a partner and co-founder of the
CISO Law Firm. His practice is dedicated to helping technology companies navigate complex regulatory landscapes in privacy, artificial intelligence, and cybersecurity. David is admitted to
the bar and licensed to practice law in Washington, D.C.; California; New York; New Jersey; Illinois; Minnesota; and Texas (passed five bar exams).
David has extensive in-house experience at leading technology companies, including Meta, Yahoo, Instacart, and Verizon Media, where he focused on governance, privacy, ad tech, search,
AI, cybersecurity, and international compliance. He holds advanced degrees in computer science and informatics from Cornell University and Stanford Medical School, and a graduate certificate in International Security from Stanford’s Freeman Spogli Institute for International Studies. David has also earned numerous professional certifications, including Certified Information Privacy Manager (CIPM), Certified Information
Privacy Professional for the United States (CIPP/US) and Europe (CIPP/E) from the IAPP, as well as Certified Information Systems Security Professional (CISSP) and Certified Cloud Security
Professional (CCSP) from ISC2.
David notably led the regulatory response to one of the largest fines issued under the Children's Online Privacy Protection Act (COPPA). He was instrumental in conceptualizing and deploying
the first artificial intelligence classifier designed specifically to differentiate child-directed from general-audience publishers to ensure COPPA compliance. At a"dragon" startup, David established and led the company's first AI governance program, setting foundational standards for responsible AI deployment. He also spearheaded one of the first deployments of integrated
Privacy, AI, and Security Controls at a Fortune 100 company, leveraging NIST SP 800-53 Rev. 4 and NOREA's Privacy Control Framework.
David frequently advises startups and established companies on the legal and ethical implications of deploying conversational AI and chatbots. He also advises organizations on the strategic use and compliance considerations related to open-source large language models (LLMs). David is also an internationally recognized speaker on privacy, cybersecurity, and artificial intelligence, frequently presenting at conferences and industry events worldwide.
We Built AI Governance... and All We Got Was This Lousy Bottleneck!
Let's be honest, many AI governance frameworks are now less "governance" and more "glorified project prevention." Year-long reviews? Approvals rarer than a unicorn sighting? "Widget" AI projects with negative ROI? If this sounds familiar, join us! We'll dissect why our well-intentioned AI governance became the bottleneck, and more importantly, how to fix it. This panel delivers no-nonsense strategies to streamline your review process, ditch the widget mentality, and actually align your AI governance with your business objectives. Learn to create an agile, effective process that supports your AI strategy and drives real, high-ROI business value – before innovation completely grinds to a halt.
The Geopolitics of AI Model Selection and Use
Open-source, proprietary, and foreign-developed AI models each offer opportunities and risks, shaped by shifting government priorities. As nations compete to harness AI’s benefits while mitigating risks, companies find themselves navigating complex regulatory landscapes. This session will explore the challenges organizations face in selecting AI models in a complex geopolitical environment.
Scraping for AI: Innovation or Cyber Threat?
As generative AI relies increasingly on scraped data, critical questions emerge at the intersection of copyright law, cybersecurity, and ethical AI governance. This panel explores the growing debate around exempting AI model training from copyright protections, examining the cybersecurity implications of widespread web scraping for model training and other uses. Panelists will discuss arguments that unauthorized scraping constitutes copyright infringement. They will also discuss how unauthorized scraping is an abuse of digital services, raising significant privacy and security risks for companies, including unauthorized access, system vulnerabilities, and data breaches. Attendees will learn actionable strategies to manage scraping threats, navigate evolving legal frameworks, and protect their organizations’ digital infrastructure in an AI-driven world.
Is Red Teaming Now a Cybersecurity Legal Requirement? Some Attorney Perspectives
The idea of employing a “red team” to test the effectiveness of an entity’s cybersecurity posture has been around for several decades in some form. However, with the emergence and widespread adoption of generative AI, red teaming seems to have evolved into a discipline unto itself. All of this raises important questions: Has red teaming now effectively transformed into a legal mandate and, if so, what standards should be used to judge its efficacy? How much exposure to liability can red teaming reduce? Could it potentially decrease the cost of cyber insurance? In this presentation, a panel of cybersecurity and AI attorneys will discuss the emergence of red teaming as a legal mandate for cybersecurity programs and describe its potential for mitigating legal liability.
How to Give the Best Presentation or Pitch of Your Career
Do you have fear of speaking in public? Are your pitches not being well received? Are your presentation skills missing something? Great speakers are made, not born, and so are great presentations and pitches. In this extremely practical session, veteran public speakers from many walks of life will show you how to transform your career, obtain funding for your project or start-up, and promote your cause. We’ll analyze great speeches from history, review what makes a truly great presentation or pitch, and discuss conventional wisdom on public speaking and phenomena such as TED talks. We’ll also share a list of things NOT to do. Finally, we’ll offer advice that you can use immediately.
Digital Due Diligence: Securing Data Through M&A, JVs, and Onboarding
Navigate the complexities of mergers & acquisitions, joint ventures, and customer onboarding with security as your strategic advantage. In this session, leading attorneys specializing in cybersecurity, data privacy, and AI due diligence in business transactions will equip you with actionable best practices to make security a non-negotiable priority. Fortify your contracts to define duties and liabilities for all parties involved and establish a robust foundation for data protection. Learn proven strategies for structuring high-performing, security-first transaction teams and effectively managing the human element to cultivate a proactive security mindset. Gain insights into implementing technical controls for secure data sharing, minimizing vulnerabilities and ensuring data integrity throughout the transaction lifecycle.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top