Andreas T. Kaltsounis

Experience

Incident Response

• Managed the forensic investigation of a data breach involving the theft of more than 1 billion customer records from a technology company by actors affiliated with a nation state. Provided daily briefings and security advisory services to the victim organization’s CEO, Chief Information Security Officer (CISO) and other executives; prepared reports; and coordinated with counsel and public relations on breach notifications and regulatory inquiries.
• Led the investigation of a major payment card industry (PCI) network breach at a large national retailer. The breach affected millions of customer card numbers during a multimonth intrusion. Coordinated investigative activities with, and oversight of, an external PCI Forensic Investigator (PFI), resulting in the correction of several inaccurate and overly broad findings the PFI proposed. Provided ongoing CISO advisory and remediation services to the organization following the intrusion incident.
• Led the investigation into a network intrusion at a healthcare facility by a disgruntled former employee who accessed systems without authorization and destroyed data. Coordinated the recovery of deleted data and completed a risk assessment pursuant to the Health and Human Services (HHS) Breach Notification Rule.
• Managed a code review and advised on investigative efforts related to the unauthorized decryption and theft of intellectual property from a software developer.
• Directed a significant PCI network breach investigation involving a Fortune 500 retailer, including coordination with and monitoring of an external PFI.
• Led the investigation into a breach of personally identifiable information involving millions of customer records at a Fortune 500 company.
• Directed an incident response involving brute-force and web-application attacks that compromised customer accounts at a Fortune 1000 transportation company.

Advisory and Assessment Services

• Managed an in-depth technical investigation and security assessment of a major Software-as-a-Service (SaaS) company. Prepared technical findings and prioritized recommendations mapped to ISO27001 standards.
• Provided ongoing forensic, investigative and risk advisory services to senior managers and C-suite executives at a Fortune 500 company.
• Provided ongoing network security and incident response advisory services for a biotechnology firm.
• Managed a security risk assessment at a technology startup in connection with ongoing litigation concerning the corporation's network-security posture.
• Managed a technical risk assessment, including a comprehensive vulnerability assessment and network modeling exercise, for a Fortune 1000 transportation company.
• Reviewed search protocols and technical controls implemented by a client organization to identify and block employees’ use of an unwanted application in response to a regulatory inquiry.

Fraud, Identity Theft and Internal Investigations

• Served on a federal identity-theft working group at the U.S. Attorney’s Office for the Western District of Washington and developed priority cases involving organized criminal groups. Led two complex, multijurisdictional investigations that resulted in the convictions of nine defendants who conspired to commit significant and repeated aggravated identify thefts and bank fraud through the use of malicious insiders at victim businesses and counterfeit identification documents. (United States v. Charles Griffen et al. and United States v. Scott Putnam)
• Served as a member of the Financial Investigations Review Team at the U.S. Attorney’s Office for the Western District of Washington, responsible for reviewing and investigating Suspicious Activity Reports filed under the Bank Secrecy Act for potential money-laundering violations.
• Managed an investigation and digital forensics involving the theft of intellectual property by a former developer at a technology firm, resulting in referral to the FBI and the employee's arrest on federal charges.
• Conducted an internal investigation, on behalf of a credit union’s board of directors, into allegations that the credit union’s president improperly accessed and manipulated data in the credit union’s financial systems. Briefed the board and credit union’s regulator on the results of the investigation and a high-level assessment of the credit union’s security controls.
• Managed an investigation into a significant embezzlement by an employee of a Fortune 500 company, including controlled purchases of stolen equipment sold on the Internet. Coordinated referral to law enforcement resulting in employee’s arrest and conviction.

Memberships

• Washington State Bar Association
• SANS Institute: Advisory Board Member
• High Technology Crime Investigation Association, Washington Chapter
• International Association of Privacy Professionals

Community

• American Radio Relay League

Pro Bono

• Consulted as a member of the plaintiff’s team in a pro bono “cyber civil rights” project that assists victims of “revenge porn.” Testified at jury trial as the plaintiff’s expert witness on internet traffic, Tor anonymization, and internet communication tracing to establish that the defendant was responsible for anonymized internet traffic targeting the plaintiff. The plaintiff was awarded an $8 million verdict.