Provide legal advice to information security team on compliance with applicable data security laws, data security frameworks, and industry certifications. Work closely with Privacy Legal Team and Regulatory Compliance on various regulatory requirements and frameworks, including GDPR, CCPA. Provide incident response legal support and guidance for security and privacy incidents, product vulnerabilities, including developing cross-functional playbooks, procedures, templates, and related documents. Review customer and service provider agreements, NDAs, and other documents related to information security requirements and provide guidance on insider risk investigations.

Lead cybersecurity attorney for major financial institution's Information Security Division, encompassing 265k employees and $1.8 trillion in assets. Primary areas of responsibility include global incident response legal lead; data breach notification obligations under GLBA, HIPAA, state, and international laws; government regulatory information security compliance; drafting incident response playbooks, international employee monitoring privacy issues, cybersecurity advertising, and drafting/negotiating information security terms in large financial services contracts and business associate agreements. Lead attorney for CISO, provide analysis and participate with FSR, TCH, SIFMA, and other trade groups on information security regulations, and handle other cybersecurity and privacy related issues.

Lead Stroz Friedberg’s Seattle area office including overseeing the firm’s Seattle operations and key practice areas, including cybercrime and data breach response, digital forensics and ediscovery. Manage on-site digital forensics laboratory, supervise digital forensics, cybercrime and incident response investigations and end-to-end processing for all e-discovery engagements. Provide strategy, analysis and advice to senior executives, in-house lawyers and outside counsel concerning digital risk and investigations, as well as privacy. Data breach and cybercrime response experience includes large and complex investigations, often involving PHI, PCI and PII data. Clients include large Internet companies, public universities, healthcare organizations and online retailers.

Led Microsoft’s Regulatory Affairs domestic criminal compliance program to ensure compliance with data protection laws (including ECPA, FISA, Title III, etc.) concerning disclosure to governments of Microsoft’s online services customer data and communications, including Hotmail. Provided advice concerning data security and privacy laws, and refined Microsoft Online Terms of Use and Privacy statements. Led Microsoft’s Internet Security programs for malicious code, botnets and spyware. Developed strategies and supervise investigations relating to identifying persons suspected of violating criminal and civil laws relating to the distribution of malicious code (worms and viruses), creating and using botnets, and installing spyware. Responsibilities include supervising a 1.5 million dollar budget and managing 5 technical investigators. Team Lead for Microsoft’s Internet Crimes Investigations team, that supports Microsoft’s Security Response Center by building systems to support investigations into malicious code writers/distributor. Manage online investigations and support support internal Network investigations, coordinate with numerous Privacy teams on data breaches and customer notifications, relating to data/account compromises. • Led Microsoft’s investigation into the writer and distributor of the Zotob/Mytob worms and received FBI Exceptional Service Award for the investigation;• Developed concept and project lead for Microsoft's PhotoDNA technology, used to detect, prevent and report distribution of images of containing child pornography.• Created and led Microsoft's investigations resulting in several Law Enforcement sweeps of malware distributors known as BotRoast I and II.

Assistant U.S. Attorney Eastern District of Virginia, Computer Hacking and Intellectual Property Section.Prosecuted and managed federal criminal investigations into network intrusions, intellectual property crimes, Internet fraud and child pornography. Drafted indictments, search warrants, 18 U.S.C. § 2703(d) applications, plea documents, extradition requests and other documents for cases involving computers, networks and seizure of stored electronic records. Responsibilities included trying federal jury trial cases involving computer crime, appearing in various proceedings and using electronic evidence presentation. Researched and drafted documents relating to federal criminal prosecutions.