John Reed Stark

John Reed Stark's Profile Image

John Reed Stark

Phone: (301) 335-8387
Fax: (301) 657-8415

Over the last 20 years, John Reed Stark's name has become synonymous with data breach response, cybersecurity and digital regulatory compliance. As President of John Reed Stark Consulting LLC, Mr. Stark's work emphasizes quarterbacking teams of technical, compliance and legal experts in data breach, cyber-incident response, digital forensics, security science, cyber risk resilience and investigations for a broad range of public and private companies, law firms and government agencies. Mr. Stark’s experience with intrusions and data breach touches upon all aspects of cyber-incident response, especially during early phases of crisis management, forensic analysis, malware reverse engineering, law enforcement/regulatory liaison and containment, as well as the later phases of data-review, remediation and any requisite disclosure and reporting.

On behalf of private companies and on behalf of the U.S. government, Mr. Stark has handled incident response matters involving a broad range of of external cyber attacks.  He has also handled data security incidents orchestrated by internal threats within a company and by so called “bad leavers,” disgruntled employees who “leave” a company on “bad” terms and cause deliberate harm before or after they exit, typically in clandestine fashion.  

Mr. Stark is a well known cybersecurity expert and the author of The Cybersecurity Due Diligence Handbook, the first and only book of its kind. johnreedstark3d

Mr. Stark also serves as an expert in engagements pertaining to technological aspects of investigations, prosecutions and enforcement matters conducted by the U.S. Securities and Exchange Commission (SEC), the U.S. Department of Justice (DOJ) and the Financial Industry Regulatory Authority (FINRA) and aids in structuring and running corporate compliance projects for broker-dealers, investment advisers and other regulated entities. Mr. Stark also provides neutral expert testimony in the realm of securities regulation on behalf of individuals, entities and government agencies, including in opposition to, and on behalf of, the SEC and other government agencies. 

During Mr. Stark’s 11-year tenure as Founder and Chief of the SEC’s Office of Internet Enforcement, he led an extensive range of substantial and pioneering SEC enforcement actions.  During Mr. Stark's 5-year tenure as Managing Director and Washington, D.C. office head at an international digital risk management firm, he gained an unusual breadth of experience in the realm of technology-related law enforcement and regulation; in cyber-incident response and digital risk resilience; and in leading all varieties of technology-related crisis management.

In addition to authoring several dozen articles about cyber-related topics, including regulation, compliance, risk resilience and incident response, Mr. Stark has been a frequent guest commentator in the national media on cybersecurity, securities regulation and other related areas.  Mr. Stark also writes a column for Compliance Week magazine and writes his own blog, entitled "Stark on IR," on Cybersecurity Docket (where he is also contributing editor).

Mr. Stark also served for 15 years as an adjunct professor at Georgetown University Law School, where he taught a course on law/regulation/cybercrime and technology and as a visiting faculty member and Senior Lecturing Fellow at Duke Law School's Winter Session in 2017 and 2018 (and full semester in Spring 2019), teaching a course entitled,"Data Breach Response and Cybersecurity Due Diligence."  Mr. Stark has also taught a range of in-service sessions on cybercrime at the FBI Academy in Quantico, Virginia, and serves as Co-Chair of the American Bar Association Subcommittee on Securities Law and the Internet.

Prior Affiliations

  • Stroz Friedberg LLC
    Managing Director | 2009-2015 (Head of Washington, D.C. Office 2009 - 2012)
  • Duke University School of Law
    Senior Lecturing Fellow | (Winter Session, 2017 and 2018) (Spring 2019)
  • Georgetown University Law Center
    Adjunct Professor of Law | 1996-2010
  • United States Securities and Exchange Commission
    Chief, Office of Internet Enforcement | 1998-2009
    Counselor to the Director | 2004-2006 (concurrent with Chief)
    Special Counsel for Internet Projects | 1995-1998
    StaffAttorney/Senior Counsel | 1991-1994
  • United States Attorney's Office for the District of Columbia
    Special Assistant United States Attorney | 1994
  • Arent Fox 
    Associate, Litigation and Corporate Group | 1989-1991


  • Duke University School of Law, J.D. | 1989
  • Union College, B.A., Political Science, cum laude | 1986


  • Cybersecurity Docket Incident Response 30 | 2016
    Recognizing the 30 best data breach response attorneys in the country.
  • Securities Docket Enforcement 402013 and 2017
    Named as one of the inaugural "Enforcement 40," recognizing the "best and brightest" securities enforcement attorneys in the country.
  • Stanley Sporkin Award | 2007
    Granted to SEC staff member for tenacious and insightful contribution to SEC Enforcement.
  • Duke University School of Law Young Alumni Award | 2004
    Granted to one Duke Law graduate each year for his or her significant contributions of leadership and service both professionally and to Duke Law School.
  • Online Finance Forty | 2002
    Institutional Investor.
  • SEC Supervisory Excellence Award | 2001
  • Ten to Watch in 1999: The People and the Companies Bringing Business to the Net
    The Industry Standard.
  • 20 Most Important Players on Financial Web in 1997
    Institutional Investor.
  • Top Regulator of 1997
    Internet Compliance Alert.
  • Internet Compliance Person of the Year, Runner-up | 1997
    Internet Compliance Alert.