Manish Khera is an Associate Partner in Ernst & Young LLP’s Forensic Integrity Services practice. Nationally, he leads Cyber Investigations, Digital Forensics and Fraud Data Analytics for Canada. This group assists clients in responding to, investigating and remediating cyber and security incidents, as well as investigating and solving cybercrime with a focus on strategic consulting, identification, preservation, collection, extraction of electronic records in support of litigation and investigation.
Prior to joining the firm, he was the Vice President, Chief Information Security and Privacy Officer at Sentry Investments. Manish has also led the Merchant Compliance and Data Breach Investigation team for JP Morgan Chase globally, where he oversaw complex high-profile global cyber breaches of large merchant companies involving credit card fraud within the JPMC portfolio. In several situations, Manish was injected in high profile Fortune 500 company breaches where his role was to oversee the crisis and maintain stability in the midst of newsworthy incidents. Manish has led the IT Security program at the post-breach TJX Companies, and earlier in his career, was both a computer forensic and security assessment consultant conducting complex investigations and leading both full penetration tests and vulnerability assessments.
Manish has extensive experience in credit card fraud, while investigating data breaches at JP Morgan Chase, he helped construct an early warning program whereas losses occurring at the acquiring bank’s merchants were mined for data to inform the issuing bank’s fraud prevention programs.
Manish has significant expertise in responding to all forms of computer crimes, attacks and abuses. He has led as well as supported complex cyber investigations involving crisis & incident management, corporate espionage, advanced computer intrusions, denial of service, insider attacks, malware outbreaks, internet fraud and theft of trade secrets.
As a former CISO and CPO in financial services, Manish has a wealth of experience in guiding the protection of computer assets, policies, and intellectual property. He has worked in financial services environments with both automated and manual fraud detection controls and enabled the integration of programmed enforcement mechanisms to disallow the external sharing of fraud data and policies.
Manish has led a large scale Cyber incident investigation at a major US retailer whereas the adversary was able to exfiltrate 3rd party authorized gift cards. The adversary leveraged phishing, Office 365 user and admin credential compromise, and remote connection/control IT admin tools while performing anti-forensics to remove audit trails. Manish and team found the points of entry and persistence, and working with the client, methodically closed the holes and allowed for a return to business as usual while detailing a remediation plan to subvert future nefarious actors and chronicling a client/partner external report for 3rd party concerns.
Manish has also led several social engineering / business email compromise investigations at financial service firms, not for profits and mining firms involving the tracing of malicious actors through the tracking of tactics, adversary IP addresses, and malware types to understand the point of origin of attacks, motives, and lost data elements.