Over the last 25 years, John Reed Stark's name has become synonymous with data breach response, cybersecurity and digital regulatory compliance. As President of John Reed Stark Consulting LLC, Mr. Stark's work emphasizes quarterbacking teams of technical, compliance and legal experts in data breach, cyber-incident response, digital forensics, security science, cyber risk resilience and investigations for a broad range of public and private companies, professional service firms (including law firms) and government agencies. Mr. Stark is a well known cybersecurity expert and the author of The Cybersecurity Due Diligence Handbook, the first and only book of its kind. Mr. Stark’s experience with data security incidents includes:
Pre-Data Security Incident:
- Creating and enhancing policies, practices and procedures concerning data security;
- Developing cybersecurity preparedness, including conducting risk and security assesments, running tabletop exercises and providing c-suite and board presentations;
- Navigating cybersecurity-related regulatory compliance with various international, federal and state rules and regulations, including: U.S. Securities and Exchange Commission (SEC); Financial Industry Regulatory Authority (FINRA); New York State Department of Financial Services (DFS) Cybersecurity Regulation (23 NYCRR 500); General Data Protection Regulation (GDPR); and Health Insurance Portability and Accountability Act of 1996 (HIPAA);
- Counseling regarding FinTech-related issues pertaining to emerging technologies, including cryptocurrency-related issues and blockchain; and
- Conducting cybersecurity due diligence of vendors, partners, customers as well as acquisition and merger candidates/targets.
- Conducting all aspects of incident response for: data breaches, cyber-attacks, ransomware demands, data theft, cyber-espionage, inadvertent disclosures, and data security incidents and thefts orchestrated by internal threats within a company as well as threats from former employees, vendors or consultants;
- Managing all aspects of data breach response including containment, root cause analysis, malware-reverse engineering, exfiltration-review, digital forensics, public relations and overall damage mitigation;
- Acting as data security/incident liaison with: employees, vendors, partners, customers, board of directors, law enforcement (including Federal Bureau of Investigation (FBI), U.S. Secret Service (USSS), U.S. Air Force (USAF), Department of Homeland Security (DHS)); and insurance companies (including assisting with claims adjustment and other coverage issues); and
- Providing technical and compliance support with responses to inquiries and investigations from U.S. federal and state regulators.
Post Data Security Incident:
- Quarterbacking all aspects of consumer notification, government reporting, constituency briefings (including vendors, partners and customers) and public relations (including federal Congressional inquiries);
- Assisting companies with all aspects of data security-related litigation/class actions and other technology-related disputes; and
- Coordinating and supervising all aspects of remediation including: endpoint detection and response (EDR) tool implementation; overall hardening of systems; and improvement of data security governance.
Mr. Stark also serves as an expert in engagements pertaining to technological aspects of investigations, prosecutions and enforcement matters conducted by the SEC, FINRA and the U.S. Department of Justice (DOJ) and aids in structuring and running corporate compliance projects for broker-dealers, investment advisers and other regulated entities. Mr. Stark also provides neutral expert testimony in the realm of securities regulation on behalf of individuals, entities and government agencies, including in opposition to, and on behalf of, the SEC and other government agencies.
During Mr. Stark’s 11-year tenure as Founder and Chief of the SEC’s Office of Internet Enforcement, he led an extensive range of substantial and pioneering SEC enforcement actions. During Mr. Stark's 5-year tenure as Managing Director and Washington, D.C. office head at an international digital risk management firm, he gained an unusual breadth of experience in the realm of technology-related law enforcement and regulation; in cyber-incident response and digital risk resilience; and in leading all varieties of technology-related crisis management.
In addition to authoring close to one hundred articles about cyber-related topics, including regulation, compliance, risk resilience and incident response, Mr. Stark has been a frequent guest commentator in the national media on cybersecurity, securities regulation and other related areas. Mr. Stark also wrote a column for Compliance Week magazine and writes his own blog, entitled "Stark on IR," on Cybersecurity Docket (where he is also contributing editor).
Mr. Stark also served: 1) for 15 years as an adjunct professor at Georgetown University Law School, where he taught a course on law/regulation/cybercrime and technology; and 2) since 2017 as Senior Lecturing Fellow at Duke University Law School (Winter Session in 2017 and 2018, Spring and Fall semesters in 2019, 2020) teaching a course entitled,"Legal Issues of Cybersecurity and Data Breach Response." Mr. Stark has also taught a range of in-service sessions on cybercrime at the FBI Academy in Quantico, Virginia.
Mr. Stark is also a member of the Duke University School of Law Board of Visitors and the James B. Duke Society.
- Stroz Friedberg LLC
Managing Director | 2009-2015 (Head of Washington, D.C. Office 2009 - 2012)
- Duke University School of Law
Senior Lecturing Fellow | (Winter Session, 2017 and 2018) (Spring and Fall Semesters 2019, 2020)
- Georgetown University Law Center
Adjunct Professor of Law | 1996-2010
- United States Securities and Exchange Commission
Chief, Office of Internet Enforcement | 1998-2009
Counselor to the Director | 2004-2006 (concurrent with Chief)
Special Counsel for Internet Projects | 1994-1998
Staff Attorney/Senior Counsel | 1991-1994
- United States Attorney's Office for the District of Columbia
Special Assistant United States Attorney | 1994
- Arent Fox
Associate, Litigation and Corporate Group | 1989-1991
- Duke University School of Law, J.D. | 1989
- Union College, B.A., Political Science, cum laude | 1986
- Cybersecurity Docket Incident Response 30 | 2016; 2018; 2019
Recognizing the 30 "best and brightest" data breach response attorneys (list created annually, though not in 2017).
- Securities Docket Enforcement 40 | 2013; 2017
Recognizing the 40 "best and brightest" securities enforcement attorneys (list created every five years).
- Stanley Sporkin Award | 2007
Granted to SEC staff member for tenacious and insightful contribution to SEC Enforcement.
- Duke University School of Law Young Alumni Award | 2004
Granted to one Duke Law graduate each year for his or her significant contributions of leadership and service both professionally and to Duke Law School.
- Online Finance Forty | 2002
- SEC Supervisory Excellence Award | 2001
- Ten to Watch in 1999: The People and the Companies Bringing Business to the Net
The Industry Standard.
- 20 Most Important Players on Financial Web in 1997
- Top Regulator of 1997
Internet Compliance Alert.
- Internet Compliance Person of the Year, Runner-up | 1997
Internet Compliance Alert.