Edward J. McAndrew

Edward J. McAndrew is a counselor, investigator, and trial lawyer who helps clients navigate life in the digital world. He is the Co-Practice Leader of the firm's Privacy and Data Security Group and the Leader of its national Cyber Incident Response Team.

Named a "Cybersecurity and Data Privacy Trailblazer" by The National Law Journal, Ed helps clients manage cyber risk, comply with legal requirements and industry standards, prepare for and respond to cyber incidents, and handle related investigations and litigation. Major substantive areas of his practice include cybersecurity, digital privacy, social media, online speech, commercial, employment, intellectual property, corporate governance, regulatory, and criminal matters. He also advises clients on cyber-based national security issues, as well as governmental demands for data and assistance in investigations. He focuses his pro bono work on assisting individual and nonprofit victims of cybercrimes.

Prior to joining Ballard Spahr, Ed served for nearly a decade as a federal cybercrime prosecutor in the U.S. Attorney's Offices for the Eastern District of Virginia and for the District of Delaware. As a Cybercrime Coordinator and National Security Cyber Specialist, Ed developed extensive experience in investigations and litigation involving hacking and other cyberattacks; digital espionage; cyberstalking; threats and extortion; identity and intellectual property theft; terrorism and domestic extremism; financial, government contracting, and tax fraud; money laundering; export control violations; obstruction of justice; online child exploitation; and human, narcotics, and firearms trafficking. He has handled a multitude of high-profile, complex and sensitive investigations, trials and appeals—many involving cutting-edge legal and technological issues.

Ed serves by appointment as Co-Chair of the Delaware Supreme Court's Commission on Law and Technology, which has developed leading practices and educational programs relating to cybersecurity and digital privacy for lawyers and legal services organizations.

He is an avid commentator, presenter, and author on legal issues related to cybersecurity, digital privacy, cybercrime, computer forensics, and Internet safety.

Representative Matters

• Defense of a global retailer in a data breach class action resulting from a payment card breach.
• Investigation and response to advanced persistent cyberattacks on a global business technology company.
• Representation of an employee benefits organization in the investigation of and response to a web-based, payroll re-direction attack.
• Representation of a large financial institution in a data breach impacting customers in more than 30 states.
• Representation of an online retailer in a malware attack impacting consumers in every state.
• Investigation and response to a ransomware attack on a legal services organization.
• Representation of a financial services company in a data breach impacting consumers in 33 states and resulting in state attorneys general investigations.
• Representation of a multi-national life sciences corporation in a federal criminal investigation and litigation relating to the theft of over $1 billion in intellectual property by internal and external cyber actors located in multiple countries.
• Representation of federal defense contractor in criminal and national security investigations relating to nation-state cyberattacks targeting export-controlled intellectual property.
• Representation of domestic violence and crime victims' rights organizations as amicus in defending the federal cyberstalking statute against First Amendment challenges.
• Counseling financial services, employee benefits, media, manufacturing, technology, nonprofit, and higher education organizations on cybersecurity risk management, regulatory and industry standard compliance, and cyber incident response planning.
• Counseling clients in responding to cyber incidents involving ransomware attacks and business email compromises resulting in fraudulent wire transfers and exposure of sensitive information.
• Defense of an online retailer in computer fraud and intellectual property theft litigation.
• Defense of an online marketing organization in data breach litigation.
• Representation of a manufacturing company in civil litigation and criminal litigation relating to hacking and cyber-theft of intellectual property by a competitor.
• Defense of fraud and breach of fiduciary duty litigation against an international digital entertainment streaming service in the Delaware Court of Chancery.
• Counseling and representation of multiple organizations, officers, and employees relating to technology facilitated defamation, extortion, online threats, and other criminal activity.
• Successfully represented publicly traded media company in arbitrations involving more than $500 million in broadcasting, intellectual property, advertising, and corporate ownership rights relating to digital media technology.
• Secured one of the first decisions under Section 230 of the Communications Decency Act dismissing privacy and defamation claims against a website for publishing third-party content.
• Successfully represented multiple defendants and a prominent private membership organization in high-profile litigation of discrimination, defamation, and related claims by an expelled member associated with domestic extremist groups.
• Litigated through U.S. Supreme Court appeal a successful First Amendment challenge to the federal commercial casino advertising ban.
• Conducted an internal investigation and represented an organization in a government investigation of FCPA issues in the insurance industry.
• Conducted an internal investigation and represented a technology company in a government investigation of export control violations.
• Represented the target of a grand jury investigation relating to a large-scale environmental spill.
• Represented private entities in election fraud litigation relating to a ballot referendum on casino gambling.
• Represented an online advertising business in cybersquatting and trademark infringement actions.
• Conducted an internal investigation relating to government program fraud for a nonprofit organization's board of directors.

Prosecutorial Experience

• First U.S. prosecution of a foreign hacker for theft of trade secrets from American companies. Coordinated multi-national investigations and successful prosecutions of members of international hacking and data theft conspiracy that breached the networks of technology companies and the U.S. Army over a period of three years, stealing tens of thousands of identities and intellectual property valued in the billions of dollars.
• First U.S. prosecution of a Chinese national for cybercrime committed entirely from China. Convicted member of international cybercrime organization of cyber-theft and online distribution of more than $100 million in sensitive, industrial-grade software owned by more than 200 technology companies to buyers in 28 states and more than 60 countries. One of the longest prison sentences in U.S. history for cyber-theft of intellectual property.
• First U.S. convictions for cyberstalking resulting in death. Convicted three members of multi-year cyberstalking conspiracy focused on four children and resulting in the murders of two women in the lobby of Delaware’s largest courthouse.
• Convicted "chief scientist" of defense and law enforcement contractor of cybercrime conspiracy involving use of cracked software obtained from Chinese cybercriminals to design components used in Marine One presidential helicopters, Blackhawk helicopters, Patriot missiles, police radar and breath analysis equipment.
• Convicted NASA scientist of cybercrime conspiracy involving uploading of cracked software obtained from Chinese cybercriminals onto NASA computer network.
• Convicted website operator of cyber-theft and online distribution of more than 24,000 copies of software products manufactured by at least 80 companies to thousands of customers.
• Investigated money laundering and Bank Secrecy Act violations involving the use of stolen intellectual property to unlawfully mine, commoditize, and sell virtual currencies on black markets.
• Investigated and prosecuted numerous individuals for online child exploitation crimes, including:




• United States Secret Service officer stationed at the White House;
  
  
• Teachers, university professors, and other school/university employees;
  
  
• Youth group leaders, camp counselors, football, basketball, baseball, and soccer coaches;
  
  
• Priests, ministers, and other church employees;
  
  
• Health care providers and lawyers in government and private practice;
  
  
• Employees, including senior executives, of various types of companies;
  
  
• Local, state, and federal law enforcement officers and senior managers;
  
  
• Active duty military personnel deployed in Operation Enduring Freedom and Operation Iraqi Freedom; and
  
  
• Senior military and intelligence personnel and contractors stationed at the Pentagon, CIA, Dover Air Force Base, and abroad.

• Conducted international investigation into a series of DDoS attacks against major financial institutions.
• Investigated data breaches and theft of hundreds of thousands of identities from multiple financial, educational, and governmental computer networks by foreign-based hackers.
• Investigated data breaches of IT enterprise solutions and cloud services provider resulting in the compromise of systems and confidential and proprietary information for at least 50 entities and hundreds of millions of personal users.
• Convicted members of large-scale, Internet-based tax fraud conspiracy centered on electronic submission of more than 450 tax returns using more than 60 different Internet service accounts and 130 financial accounts. Total losses to the United States of approximately $8 million in one year.
• Convicted leader of identity theft and bank fraud conspiracy involving computer-facilitated check fraud using more than 200 stolen identities.
• Investigated entity and individuals for International Traffic in Arms regulatory violations involving Internet-based exports of technology relating to a U.S. Navy contract.
• Convicted individual in witness intimidation and obstruction of justice case involving use of mobile device and Facebook to threaten government witness in murder-for-hire and drug trafficking trial. Arrest made in courtroom during trial.
• Successfully litigated media “right of access” issues relating to courtroom testimony and evidence presentation in cybercrime trials.
• Prosecuted cyberstalking and Internet threat campaign involving e-mail account hijacking and online defamation and dissemination of private, explicit videos.
• Convicted disgruntled employee of domestic terrorism offense for mailing fake anthrax to the headquarters of a prominent media organization.
• Investigated hacking into financial institution servers and theft of millions of dollars in customer funds.
• Investigated hacking and hijacking of retail business website by former third-party vendor.
• Investigated unauthorized access to food supplier’s computer network from shipping port.
• Led international online undercover investigations focused on the infiltration of “dark web” networks.
• Convicted owner and operator of construction company of decade-long tax fraud involving loss of more than $2 million.
• Investigated anonymous online threats to public officials and federal employees.

Judicial Clerkships

Hon. Collins J. Seitz, U.S. Court of Appeals for the Third Circuit, Wilmington, Del., 1996-1997

Professional Activities

Law360 — Member, Cybersecurity & Privacy Editorial Advisory Board

American Bar Association – Member, Litigation, Criminal Justice and Business Law Sections, Communications Law Forum

Supreme Court of Delaware, Commission on Law & Technology – Co-Chair

Delaware Bankers Association, Cybersecurity Committee

The Catholic University of America – Member, Law School Alumni Council

Recognition & Accomplishments

The Legal 500 US, Finance - Financial Services: Regulatory, 2017

Cybersecurity and Data Privacy Trailblazer,The National Law Journal, 2015

Director's Special Recognition Award, Federal Bureau of Investigation, December 2015

Exemplary Partnership Award, U.S. Department of Homeland Security, U.S. Immigration and Customs Enforcement, Homeland Security Investigations, February 2015

Director’s Award, U.S. Department of Homeland Security, U.S. Immigration and Customs Enforcement, November 2013

Assistant Attorney General’s Award for Outstanding Advocacy in Protecting Citizens from Online Crime, U.S. Department of Justice, November 2008

Publications

Co-author, "Pennsylvania Supreme Court Recognizes Common Law Duty to Safeguard Employees' Personal Data," Ballard Spahr alert, November 27, 2018

Co-author, "SEC Special Report: Rampant Business Email Compromises Require Reassessment of Internal Accounting Controls," Ballard Spahr alert, October 22, 2018 

Author, "You've Been Breached! Now What?" SCMagazine, September 18, 2018

"The Hacked & the Hacker-for-Hire: Lessons from the Yahoo Data Breaches (So Far)," Ballard Spahr article, May 11, 2018 

Co-author, "Alabama Becomes 50^th State to Enact Data Breach Notification Law," Ballard Spahr alert, April 2, 2018

"Welcome Back to America! Now Gimme Your Phone," ABA Journal of the Section of Litigation, Spring 2018 

Co-author, "U.S. Supreme Court Rejects Second Bid for Review in Spokeo," Ballard Spahr alert, January 24, 2018

Co-author, "Washington A.G. Sues Uber in First Enforcement Action Under Revised Data Breach Law," Ballard Spahr alert, November 29, 2017 

"Malware Everywhere – What's a Reasonable Lawyer to Do?" Delaware Lawyer, November 2017

Co-author, "FTC Provides Guidance to Social Media Influencers in Live Twitter Chat," Ballard Spahr alert, October 3, 2017

Co-author, "Worldwide Group of Data Privacy Regulators Issues Guidance on Connected-Car Technologies," Ballard Spahr alert, October 2, 2017 

Co-author, "Eighth Circuit Issues Two Class Action Data Breach Rulings," Ballard Spahr alert, September 1, 2017

Co-author, "Delaware Amends Data Breach Statute," Ballard Spahr alert, August 17, 2017  

Co-author, "Maryland Amends Data Breach Notification Law," Ballard Spahr alert, August 3, 2017  

Co-author, "D.C. Circuit Reverses Data Breach Class Action Dismissal on Standing Grounds," Ballard Spahr alert, August 2, 2017

Co-author, "Nevada Becomes the Third State to Enact Website Privacy Notification Law," Ballard Spahr alert, August 1, 2017 

"10 Critical Steps to Create a Culture of Cybersecurity," Dark Reading, July 26, 2017

Co-author, "Colorado District Court Dismisses Data Breach Class Action Against Noodles & Company," Ballard Spahr alert, July 26, 2017

Co-author, "NYDFS Updates FAQs to Clarify Cybersecurity Regulations," Ballard Spahr alert, July 14, 2017 

Co-author, "Ponemon Institute Study on Costs of Data Breaches Highlights Improvement and New Risks for U.S. and Global Companies," Ballard Spahr alert, June 28, 2017  

Co-author, "Colorado Division of Securities Publishes Final Cybersecurity Rules," Ballard Spahr alert, May 23, 2017

Co-author, "Companies Must Prepare for Future Filled with Ransomware Attacks," The Hill, May 20, 2017

Co-author, "White House Issues New Cybersecurity Executive Order," Ballard Spahr alert, May 17, 2017

Co-author, "Is Your Organization Ready for a Systemwide Ransomware Attack?" Ballard Spahr alert, May 16, 2017

Co-author, "New Mexico Becomes 48th State to Enact Data Breach Notification Law," Ballard Spahr alert, April 19, 2017 

Co-author, "It’s ‘Ready, Set, Go’ – Cyber Threats to Lawyers Grow," Delaware Lawyer, March 1, 2017

Co-author, "Bank Whistleblower Litigation Highlights Limits of Employee Confidentiality Agreements to Curb Data Misappropriation," Ballard Spahr alert, February 23, 2017

Co-author, "IRS and Others Renew Warnings About Fraudulent Emails Targeting Employee Tax Information," Ballard Spahr alert, January 30, 2017

Co-author, "Data Breach Class Action Reinstated Against Horizon Healthcare Services Inc.," Ballard Spahr alert, January 23, 2017

Co-author, "EU e-Privacy Regulation Raises Stakes for Compliance," Ballard Spahr alert, January 12, 2017

Co-author, "NYDFS Revises Cybersecurity Regulation, Extends Effective Date to March 1, 2017," Ballard Spahr alert, December 28, 2016

Co-author, "FTC Settles with Targeted Digital Advertising Company over Supercookie Advertising Practices," Ballard Spahr alert, December 23, 2016

Co-author, "Prepare for Compliance with General Data Protection Regulation Checklist," Ballard Spahr alert, December 7, 2016

Co-author, "New York Regulators Drive Cyber Security Accountability for the Financial Sector," Payments & FinTech Lawyer, November 10, 2016

Co-author, "DOT Issues Proposed Cybersecurity Guidance to Automotive Industry," Ballard Spahr alert, October 27, 2016

Co-author, "Federal Banking Agencies Propose New Requirements for Managing Cyber Risk," Ballard Spahr alert, October 20, 2016

Co-author, "Dealing With the Aftermath of a Breach – a Checklist," Health Management Technology, September 27, 2016

Co-author, "FFIEC Provides Concrete Guidance on Setting Up Information Security Programs," Ballard Spahr alert, September 14, 2016

Co-author, "Fending Off and Fighting Cybercriminals," Law Week Colorado, September 12, 2016

Co-author, "Plaintiffs Cannot Bring Data Breach Lawsuits Without Evidence That Information Will Be Used To Harm," Ballard Spahr alert, August 17, 2016

Co-author, "Important Lessons for Businesses from FTC's Opinion on LabMD's Data Security Practices," Ballard Spahr alert, August 12, 2016

Co-author, "Court: Stored Communications Act Warrant Cannot Be Used to Seize Data Held Overseas," Ballard Spahr alert, July 19, 2016

Co-author, "Ninth Circuit Vastly Expands Scope of Criminal, Civil Liability for Computer Fraud," Ballard Spahr alert, July 15, 2016

Co-author, "International Regulators Issue Cybersecurity Guidance to the Financial Industry," Ballard Spahr alert, July, 6, 2016

Co-author, "Cybersecurity, Use of Internet of Things Technology Concern Manufacturers," Ballard Spahr alert, June 28, 2016

Co-author, "The Defend Trade Secrets Act Signed into Law," Ballard Spahr alert, May 11, 2016

Co-author, "President Obama Signs Defend Trade Secrets Act into Law," Ballard Spahr alert, May 11, 2016

Co-author, "Class Certification Improper in Data Breach Case, PA Appellate Court Finds," Ballard Spahr alert, May 4, 2016

Co-Author, "FTC Releases "Cheat Sheet" for Developing a Secure Mobile Health Application," Ballard Spahr alert, April 22, 2016

Co-author, "European Parliament Adopts EU General Data Protection Regulation; 12 Steps Businesses Should Take Now," Ballard Spahr alert, April 21, 2016

"How Companies Can Work with the U.S. Government on Cyber Threats," Bloomberg BNA Big Law, April 1, 2016

Co-author, "Federal Reserve Study Highlights Consumer Behavior with Mobile Financial Services," Ballard Spahr alert, April 1, 2016;

"Let's Be 'Reasonable' About Data Security," The Journal of the Delaware State Bar Association, April 2016

Co-author, "FTC Examines Process by which Companies Assess Compliance with PCI DSS," Ballard Spahr alert, March 9, 2016

Co-author, "EU-U.S. Privacy Shield Framework Text Published: Imposes New Obligations on U.S. Entities that Seek Data Transfers from the EU," Ballard Spahr alert, March 8, 2016

Co-author, "CFPB Initiates Its First Data Security Enforcement Action," Ballard Spahr alert, March 3, 2016

Co-author, "California Data Breach Report Defines 'Reasonableness' Standard for Data Protection," Ballard Spahr alert, March 2, 2016

Co-author, "President Obama Gives EU Citizens Judicial Redress for Privacy Violations," Ballard Spahr alert, March 1, 2016 

Co-author, "President Creates Cybersecurity National Action Plan and Commission on Enhancing National Cybersecurity," Ballard Spahr alert, February 24, 2016

Co-author, "DOJ/DHS Issue Interim Guidance on Implementation of Cybersecurity Information Sharing Act," Ballard Spahr alert, February 23, 2016

Co-author, "Former Cardinals Scouting Director Pleads Guilty to Hacking Astros’ Computer Systems," Ballard Spahr alert, January 11, 2016

Co-author, "LifeLock to Pay $100 Million to Settle Charges It Violated 2010 Court Order," Ballard Spahr alert, December 28, 2015

Co-author, "FTC Takes Action against App Developers on COPPA Allegations Involving Persistent Identifiers," Ballard Spahr alert, December 23, 2015

"Organizations Should Focus on Data Sharing Post-Incident, Not Attribution," CSOonline.com, August 4, 2015

"How to Prepare for and Respond to a Cyberattack," Network World, July 8, 2015

"What the Sony Cyberattack Can Teach Lawyers About Data Security," The Journal of the Delaware State Bar Association, April 1, 2015

"The Data Security Imperative for Lawyers," Delaware Lawyer, October 27, 2014

"Leading Practices: Data Security," The Supreme Court of Delaware, Commission on Law and Technology, June 20, 2014

"From the P.R.C. to the F.C.I.—Cracking a Chinese Cybercrime Case," United States Attorneys’ Bulletin/United States Department of Justice, March 30, 2014

"Consensual Searches of Computers and Assumption of Online Identities," United States Attorneys’ Bulletin/United States Department of Justice, January 31, 2014

"Say Hello to My Little Friend: The New and Improved Cyberstalking Statute," United States Attorneys’ Bulletin/United States Department of Justice, January 31, 2014

Speaking Engagements

"The SEC's Special Report on Business Email Compromises: What It Means and What You Should Do," Ballard Spahr webinar, November 2018

"Recent Developments in Data Security and E-Discovery," Delaware State Bar Association CLE, November 2018

"The Weaponization of the Internet," Temple University Law School, Philadelphia, October 2018

"Mission Critical Cybersecurity: Navigating Data Privacy and Cybersecurity Threats from an In-House Perspective," ACC Annual Meeting, Austin, October 2018

"From Carpenter to the GDPR: 2018 Data Privacy and Protection Law Update," Relativity Fest, Chicago, October 2018

"The Internet of Things from a Legal and Regulatory Perspective," Relativity Fest, Chicago, October 2018

"Outside Our Borders: How New Laws Will Affect Businesses," Colorado Cybersecurity Summit, Denver, September 2018

"Technology facilitated Harassment and Stalking," Delaware Judges Conference, Wilmington, September 2018

"Current Issues in Cybercrime and Cybersecurity," Delaware Law School, Wilmington, August 2018 

Panelist, "Key Takeaways from the 2018 ACC State of Cybersecurity Report: An In-House Perspective," ACC Mountain West Lunch and Learn, Salt Lake City, August 2018

"Working with Law Enforcement," American Bar Association's Third National Institute on Cybersecurity Law, New York, June 2018

"Requirements and Best Practices for Staying Ahead of and Responding to Cyber Threats," 13th Annual ABA/FCBA Privacy and Data Security Symposium, Washington, D.C., March 2018 

"Shining a Light on Technology-Facilitated Exploitation," Archdiocese of New Orleans Human Trafficking Summit, March 2018

"Cybercrime & Cybersecurity Law in 2018," Washington & Lee University School of Law, February 2018

"From the Iron Rooster to Amazon Alexa: Mobile Discovery and the Internet of Things," LegalTech New York 2018, January 2018 

"Navigating a Breach & Activating a Proven Incident Response Plan," OpenText webinar, January 2018

"The Two Sides of Cybersecurity: Proactive Planning & Incident Response," Delaware State Bar Association, Wilmington, DE, January 2018

Roundtable Discussion of Law Enforcement Interaction with Organizational Victims of Cybercrime, FBI/U.S. Department of Justice Regional Pharmaceutical Conference, Collegeville, PA, November 2017

"Incident Response on the Down Low," IAPP 3rd Annual Florida Privacy & Cybersecurity Law Symposium, Jacksonville, November 2017 

U.S. Department of Justice, National Security Specialists Conference, Washington, D.C., October 2017

"Internet of Things: Law, Technology & Practice," Relativity Fest, Chicago, October 2017

"Game Planning for Cyber Incidents: Practicing and Executing Effective Cyber Incident Response," Delaware Trust Conference, Wilmington, DE, October 2017

"Cybercrime – Engaging with Law Enforcement," Colorado Cybersecurity Summit, Denver, October 2017

"Cybersecurity: What You Still Need to Know," Georgia Intellectual Property Law Institute, Jacksonville, FL, September 2017

"Cyber Risk Management as an Ongoing Process," Education Finance Council, Washington, D.C., September 2017

"Current Issues in Cybercrime and Cybersecurity," Delaware Law School, Wilmington, August 2017 

"Hack Yeah! Cybersecurity @ the Ball Park!," Hispanic Bar Association of Pennsylvania, Philadelphia, June, 2017

"Privacy & Data Security: A Simulated Breach & Response Plan," Enfuse Conference, Las Vegas, May, 2017

"From the Lab to the Courtroom: Harnessing Digital Evidence to Win Cases," Keynote Address, Access Data User Summit, San Diego, May, 2017

"Current Issues in Cybercrime and Cybersecurity," Temple University School of Law, Philadelphia, April, 2017

"Learning Lab: Investigating and Prosecuting Cybercrime – Enter the Law Enforcement Trenches," RSA Conference, San Francisco, February, 2017

"Hot Topics on the Internet and Data Privacy," ABA Forum on Communications Law, New Orleans, February, 2017

"E-Discovery for Investigations and Criminal Matters," Legaltech New York, New York City, February, 2017

"An Exercise in Cyber Incident Response," ACC Cybersecurity Summit, Washington, D.C., January, 2017

"General Counsel Issues in Higher Education," Ballard Spahr webinar, January, 2017

"Assessing Cyber Risks in Regulated Industries," Ballard Spahr event, Las Vegas, January, 2017

"Cybersecurity in an Evolving Threat Landscape," PBI Real Estate Institute, Philadelphia, December, 2016

"Cybersecurity Leadership Panel," Life Sciences PA, Valley Forge, PA, December, 2016

"Best Practices for Responding to a Cyberattack and Working with Law Enforcement in the Aftermath," 2016 ISSA International Conference, Information Systems Security Association, Dallas, Texas, November 2016

"United States v. Matusiewicz: A Case Study in Cyberstalking," Conference on the Investigation & Prosecution of Crimes of Stalking, Dover, Delaware, October 2016

"Brexit and Beyond: International Issues and Cross-border e-Discovery," Relativity Fest 2016, Chicago, October 2016

"Cybersecurity: What Every Attorney Needs to Know and Why," Intellectual Property Law Institute, Amelia Island, Florida, September 2016

"Recent Cases in Cyber Liability," ABA Legal Malpractice Conference, Chicago, September 2016

"The Government's Role in Your Cyber Incident: Friend, Foe or Both?," ABA Business Law Section Annual Meeting, Boston, September 2016

"The Law and Business of Social, Mobile and Emerging Technologies," ILTACON 2016, Washington, D.C., August 2016

"Navigating Interactions with Governments in an Evolving Cyber Threat Landscape," American Banker's CyberSec 2016, New York, July 2016

"The Evolving Cybercrime Epidemic," Drexel University School of Law, Philadelphia, June 2016

"Addressing Evolving Cybersecurity Threats," Colorado Health Facilities Authority Conference, Denver, June 2016

"Raising the Stakes – Individual Liability for Corporate Conduct," Ballard Spahr webinar, June 2016

"Working with the U.S. Government on Data Security," CGOC Conference, Washington, D.C., June 2016

"How You (and the Bank of Bangladesh) Get Hacked: Cybercrime Vulnerabilities and Responses in a Risky World," ACFCS Financial Crime Conference, New York, June 2016

"Judicial Perspectives on Current E-Discovery Issues" and "Time Is Not On Your Side When It Comes To Data Security," Enfuse 2016, Guidance Software, Las Vegas, Nevada, May 2016

"Ethical Implications of Technology for Corporations and Law Firms," District of Delaware Bench & Bar Conference, Delaware Chapter of the Federal Bar Association, Wilmington, Delaware, May 2016

"Worst Case Scenario – The State of Cybersecurity and Lessons Learned," ACC Mid-Year Conference, New York City, April 12, 2016

"Social Media, Technology & Data Security," DSBA Small Firms and Solo Practitioners Conference, Rehoboth Beach, April 1, 2016

"HIPAA-Ventilate – New Privacy and Information Security Concerns in Healthcare in the U.S. and Beyond," Philadelphia, March 29, 2016 

"Cybersecurity for the Future: Breaking the Mold," TechJunction, Tucson, Arizona, March 16, 2016

"The Aftermath of a Breach: Best Practices for Working with Law Enforcement," RSA Conference 2016, San Francisco, March 4, 2016

"Navigating the Digital World in an Evolving Cyber-threat Landscape," University of Delaware Cybersecurity Initiative and the Institute for Public Administration, Newark, Delaware, February 10, 2016

"The Law of Mobile, Social, and Emerging Technologies," LegalTech New York 2016, February 3, 2016

"Translating Cybersecurity Preparedness into a Business Requirement," and "Crystal Ball: What Do You Think the Next Big Cybercrime Will Be?" cyberSecure, New York City, December 2015

"Reducing the Costs and Damage Associated with Data Breaches," Compliance, Governance & Oversight Council, London, December 2015

"Confidentiality in the Age of Cyber(In)Security," Delaware State Bar Association, December 2015

"The Dark Web: The Digital Street Corner of a Global Cybercrime Marketplace," National Association of Attorneys General, Eastern Region Conference, New York City, October 2015

"Cybersecurity and e-Discovery: The Downstream Effects of Upstream Security Decisions," Relativity Fest, Chicago, October 2015

"Mapping the Threat Landscape—Organized Crime, State Actors, Hacktivists and More" and "Investigating a Cyber Attack—Internal and Law Enforcement Perspectives," Association of Certified Financial Crime Specialists, Cyber Financial Crime Summit, October 2015, Washington, D.C.

"Gender and Cyber-based Violence," National Association of Attorneys General, Midwestern Region Meeting, Chicago, October 2015

"You’ve Been Hacked, Now What? Guidance on Data Breach Mitigation, Response and Ethical Conundrums," ACEDS 6th Annual E-Discovery Conference, September 2015

"Jailing Foreign Hackers and Crackers: Case Studies of the First U.S. Convictions of China-based and Other Foreign Cybercriminals" and "The Intersection of Privacy, Security and E-Discovery," CEIC 2015, Las Vegas, May 2015

"Tales from the Front Line in the Fight Against Cybercrime,” Guidance Software CISO/CLO Summit, Las Vegas, May 2015

"Cybersecurity: Risk Management and Incident Response in an Evolving Threat Landscape," Federal Bar Association, District of Delaware Inaugural Bench & Bar Conference, May 2015

"Cybersecurity for Law Firms," Association of Legal Administrators, Seventh Annual Legal Leadership Forum, May 2015

"Protecting Children in a Digital World," Protecting Delaware’s Children Conference, March 2015

"Investigating and Prosecuting Trade Secret Theft by Computer Hackers," National Advocacy Center, February 2015

"Post Breach: Navigating Interactions with the Government as Cyber Victim and Enforcement Target" and "Is There an Ethical Duty to Protect Client Data?" ALM 1st Annual Cybersecurity and Data Protection Legal Summit, New York, December 2014

"Proving Your Case Using Mobile Forensics," National Advocacy Center, June 2014

"The Technology of Today and the Issues of Tomorrow," Delaware Bench & Bar Conference 2014, June 2014

"Why Legal Should Care About Cybersecurity" and "The Intersection of Privacy, Security & E-Discovery," CEIC 2014, Las Vegas, May 2014

"Proactive Threat & Risk Intelligence" and "Cyber Attacks from the Legal Frontlines," Guidance Software CISO/CLO Summit, Las Vegas, May 2014

"A Risk-based Approach to Cybersecurity Threats," Legal Tech 2014, New York, February 2014

Catholic University of America Columbus School of Law (J.D., magna cum laude, 1995)
Editor-in-Chief, Catholic University Law Review

The College of New Jersey (B.A., cum laude, 1992)

Delaware

District of Columbia

New Jersey

Pennsylvania