Biography- Summary Dr. Sarah Lewis Cortes CISSP, FIP, CIPP/E (GDPR), CIPT, CISM, CISA, CRISC has more than 20 years of global-scale technology experience in domains including information security, privacy, and data protection. In Privacy Engineering, in Information Security at Netflix, she is responsible for implementing comprehensive privacy programs. Prior to Netflix, she led security & privacy teams at Salesforce, Cloudflare, Fidelity Investments and other large organizations. She earned degrees at Harvard University and Boston University, studied Forensic Sciences at Boston University Medical School, and holds a PhD in Computer Science, Cybersecurity from Northeastern University. Her research and publications focus on the dark net, anonymous network communications, privacy and privacy law.
Biography - short version
Dr. Sarah Lewis Cortes, CISSP, FIP, CIPP/E (GDPR), CISA, CRISC is in Privacy Engineering at Netflix. She earned her undergraduate degree at Harvard University, studied Forensic Sciences at Boston University Medical School, and holds a PhD in Computer Science, Cybersecurity from Northeastern University. Her research and publications focus on the dark net, privacy and privacy law. She conducts training and research with the FBI, the Alameda County Sheriff’s Office Digital Forensics Crime Lab, and other Law Enforcement Agencies (LEAs).
Prior to undertaking her PhD, Sarah was Senior Vice President for Security, Privacy, GRC and Disaster Recovery at Putnam Investments. She oversaw Putnam’s recovery on 9/11 when then-parent company Marsh & McLennan’s World Trade Center 99th floor data center was destroyed.
In her work to help end cyberstalking and abuse through technology, and create economic empowerment through workforce development, Sarah serves on the Boards of Emerge, a global organization which fights domestic violence and intimate partner abuse (IPV/IPA), and Each1 Teach1, dedicated to training for technology employment.
Biography - long version
Dr. Sarah Lewis Cortes, CISSP, FIP, CIPP/E (GDPR), CISA, CRISC is in Privacy Engineering at Netflix. She earned her undergraduate degree at Harvard University, studied Forensic Sciences at Boston University Medical School, and holds a PhD in Computer Science, Cybersecurity from Northeastern University. Her research and publications focus on the dark net, privacy and privacy law. She conducts training and research with the FBI, the Alameda County Sheriff’s Office Digital Forensics Crime Lab, and other LEAs. She has implemented and overseen major security and privacy programs and operations in regulated industries, helping them achieving compliance in SOC2, SOX, PCI, GDPR, CCPA, and other laws, regulations and control frameworks.
Prior to undertaking her PhD, Sarah was Senior Vice President for Security, IT Audit and Disaster Recovery at Putnam Investments, an investment management firm with over $400 billion in assets under management, and 79 mutual funds. She oversaw Putnam’s recovery on 9/11 when then-parent company Marsh & McLennan’s World Trade Center 99th floor data center was destroyed. She also supervised over and 65 compliance and IT audits per year as well as incident investigations. As a senior executive and later consultant for Putnam and other Fortune 500 firms, Sarah also had responsibility for major applications development, data center and other operations, with over 100+ staff and $50m budgets. Before that, Sarah was a Sr. VP for Data Center and Security Operations and Compliance with BNY Mellon Bank, a global investments company with $1.6 trillion in assets under management, previously a part of Shearson/Lehman/American Express, the giant financial services conglomerate.
Sarah currently serves as an appointed Team Lead for the NIST Privacy Workforce Working Group (PWWG), and has published NIST privacy framework crosswalks. She also serves on the Privacy Engineering Advisory Board of the International Association of Privacy Professionals (IAPP). A former analyst for the US Department of Energy, she led the National Institute for Science and Technology (NIST) Cybersecurity Working Group sub-team as co-author, that created the security and privacy laws section of the 2014 NIST: Guidelines for Smart Grid Cyber Security: Vol. 2, Privacy and the Smart Grid, as well as the 2010 volume. She served on the privacy use cases team for two years and the NIST cybersecurity working group (CSWG) on Smart Grid privacy for seven years. She has co-led Northeastern University Law School Legal Skills in Social Context (LSSC) clinics on surveillance law and online privacy tools and technology, as well as an MIT Co-Design Studio class at MIT Media Lab. She has helped draft data breach laws, and testified before the Massachusetts legislature and regulatory agencies.
In her work to help end cyberstalking and abuse through technology, and create economic empowerment through workforce development, Sarah serves on the Boards of Emerge, a global organization which fights domestic violence and intimate partner abuse (IPV/IPA), and Each One Teach One, dedicated to training for technology employment.