Over the last 20 years, John Reed Stark's name has become synonymous with data breach response, cybersecurity and digital regulatory compliance. As President of John Reed Stark Consulting LLC, Mr. Stark's work emphasizes quarterbacking teams of technical, compliance and legal experts in data breach, cyber-incident response, digital forensics, security science, cyber risk resilience and investigations for a broad range of public and private companies, law firms and government agencies. Mr. Stark’s experience with intrusions and data breach touches upon all aspects of cyber-incident response, especially during early phases of crisis management, forensic analysis, malware reverse engineering, law enforcement/regulatory liaison and containment, as well as the later phases of data-review, remediation and any requisite disclosure and reporting.
On behalf of private companies and on behalf of the U.S. government, Mr. Stark has handled incident response matters involving a broad range of of external cyber attacks. He has also handled data security incidents orchestrated by internal threats within a company and by so called “bad leavers,” disgruntled employees who “leave” a company on “bad” terms and cause deliberate harm before or after they exit, typically in clandestine fashion.
Mr. Stark is a well known cybersecurity expert and the author of The Cybersecurity Due Diligence Handbook, the first and only book of its kind.
Mr. Stark also serves as an expert in engagements pertaining to technological aspects of investigations, prosecutions and enforcement matters conducted by the U.S. Securities and Exchange Commission (SEC), the U.S. Department of Justice (DOJ) and the Financial Industry Regulatory Authority (FINRA) and aids in structuring and running corporate compliance projects for broker-dealers, investment advisers and other regulated entities. Mr. Stark also provides neutral expert testimony in the realm of securities regulation on behalf of individuals, entities and government agencies, including in opposition to, and on behalf of, the SEC and other government agencies.
During Mr. Stark’s 11-year tenure as Founder and Chief of the SEC’s Office of Internet Enforcement, he led an extensive range of substantial and pioneering SEC enforcement actions. During Mr. Stark's 5-year tenure as Managing Director and Washington, D.C. office head at an international digital risk management firm, he gained an unusual breadth of experience in the realm of technology-related law enforcement and regulation; in cyber-incident response and digital risk resilience; and in leading all varieties of technology-related crisis management.
In addition to authoring several dozen articles about cyber-related topics, including regulation, compliance, risk resilience and incident response, Mr. Stark has been a frequent guest commentator in the national media on cybersecurity, securities regulation and other related areas. Mr. Stark also writes a column for Compliance Week magazine and writes his own blog, entitled "Stark on IR," on Cybersecurity Docket (where he is also contributing editor).
Mr. Stark also served for 15 years as an adjunct professor at Georgetown University Law School, where he taught a course on law/regulation/cybercrime and technology and in 2017, as a visiting faculty member at Duke Law School's Winter Session, teaching a course entitled,"Data Breach Response and Cybersecurity Due Diligence." Mr. Stark has also taught a range of in-service sessions on cybercrime at the FBI Academy in Quantico, Virginia, and serves as Co-Chair of the American Bar Association Subcommittee on Securities Law and the Internet.