EXPERIENCE

Appointed Acting Deputy Attorney General and then Principal Associate Deputy Attorney General, John occupied “one of the most powerful and under-the-radar posts in the Justice Department,” according to The New York Times, advising on major prosecutions and top DOJ priorities, including FBI oversight, cryptocurrency theft and investigations of actors known to have helped Russia evade sanctions. He also played a pivotal role in instituting the DOJ’s current approach to cybersecurity, national security and corporate criminal enforcement.

John’s practice focuses on advising companies in responding to a variety of urgent global, national security and cyber threats and he advises clients across all industries on crisis management, company-crippling cyber incidents, regulatory strategy and CFIUS issues.

John’s experience includes:

Cybersecurity:

• OpenAI in enhancing the company’s security and AI safety programs by providing cybersecurity advice and developing recommendations for its newly established Safety and Security Committee;
• a Fortune 10 Company in matters involving long-running regulatory attention on core components of the company’s business and data privacy practices and in its response to a regulatory inquiry stemming from a complex data security incident involving a third-party service provider;
• a Fortune 5 company regarding compliance of new products with U.S. and international regulatory requirements;
• a telecommunications company in relation to one of the largest cybersecurity incidents ever, including coordinating with senior U.S. government officials and high-profile law enforcement engagement;
• a health insurance company in responding to a cyberattack on a healthcare technology company—one of the largest breaches in the healthcare industry;
• The Kraft Group /New England Patriots in a putative class action involving alleged sharing of customer app usage data with third parties;
• an aerospace manufacturing company in relation to a cybersecurity incident in which malware affected several business units and company data was exposed. The response included overseeing remediation for affected systems, corresponding with applicable government authorities and developing a communications strategy;
• an animal health company in relation to a cybersecurity incident that exposed employee and partner information in the United States and other international jurisdictions;
• a building materials supplier in connection with a ransomware incident at a service provider that resulted in business disruption and unavailability of certain data;
• a car rental agency in connection with ransomware and incident response advice;
• a fast-growing enterprise software company regarding cybersecurity matters;
• a global financial institution regarding a legal tabletop exercise and various cybersecurity matters;
• a global energy company in relation to a ransomware incident that resulted in business disruption and the exposure of customer data;
• a private equity firm in connection with managing cybersecurity risk for the firm’s portfolio companies, including counselling on cyber incident response and governance best practices, and conducting an education session regarding cybersecurity risk management;
• a private equity firm in connection with a business email compromise incident that involved access to certain internal company data. John coordinated the forensic investigation and analyzed regulatory obligations related to the affected data;
• a subcommittee of the board of directors of a technology solutions provider in cybersecurity and other digital matters; and
• a U.S.-based trading firm in relation to a cybersecurity incident in which malware affected several business units and company data was exposed. The response included overseeing remediation for affected systems, corresponding with applicable government authorities and developing a communications strategy.

National Security, CFIUS & FARA:

• Sandvine Corporation in a significant resolution when the U.S. government took the extremely rare step of removing the company from the highly restrictive Entity List, where it had been placed due to accusations that its products were misused by foreign governments to infringe on civil liberties and other rights;
• an American corporation in responding to requests from the House Select Committee on China in relation to the sourcing of materials from the Uyghur Region;
• a U.S. professional sports team in connection with reviewing FARA risk related to international partnerships;
• a U.S. private equity firm on compliance with the Foreign Agents Registration Act in connection with international partnership opportunities;
• an American computer networking company on national security matters;
• a major sports association in submitting license applications with the U.S. Department of Treasury’s Office of Foreign Assets Controls seeking OFAC approval to interact with certain sanctioned persons and jurisdictions that may participate in related events or interact with the company’s legal and compliance team;
• a major U.S. private equity firm on a variety of CFIUS and U.S. national security issues related to onshore and offshore investments and acquisition structures;
• a manufacturing and biotechnology company regarding national security issues, including engaging with CFIUS;
• a multinational manufacturing company as lead counsel regarding economic sanctions and foreign direct investment matters in connection with the cross-border acquisition of a multinational company;
• a non-U.S. steel manufacturer in connection with its acquisition of a U.S. company; and
• a U.S. investment manager in obtaining CFIUS approval of the sale of a minority stake in its business to an Asian company.

John has deep experience leading high-profile national security and criminal enforcement matters. He previously served as Assistant Attorney General for the DOJ’s National Security Division, making him the Department’s highest-ranking national security lawyer. In this role, he supervised 400 employees responsible for protecting the nation against terrorism, espionage, cyber and other national security threats. During his tenure, he oversaw the prosecution of the Boston Marathon bomber, the indictment of five Chinese military members on economic espionage charges, and the DOJ’s foreign investment review program, which includes the review of foreign acquisitions through CFIUS, Federal Communications Commission (FCC) reviews and other emerging technology matters and related litigation.

During his most recent tour at the DOJ, John worked with the U.S. Attorney General and Deputy Attorney General to oversee all aspects of the department.

Prior to that, John served as chief of staff and senior counsel to former FBI Director, helping lead the FBI’s evolution to meet growing and changing national security threats, including cyber threats. He also served as national coordinator of DOJ’s Computer Hacking and Intellectual Property Program. John began his legal career as an Assistant United States Attorney for the District of Columbia, where he tried more than 40 cases to verdict.

AWARDS & RECOGNITIONS

John, who joined the DOJ through the Attorney General’s Honors Program, is a five-time recipient of the DOJ’s Award for Special Achievement; was awarded the National Intelligence Superior Public Service medal by the Director of National Intelligence; and has drawn bipartisan praise. He is also the recipient of the DOJ’s highest award, the Edmund J. Randolph Award for outstanding contributions to the Department’s mission.

Since returning to private practice, John has been recognized as a leading lawyer by Chambers USA for Privacy & Data Security: Cybersecurity, named to Cybersecurity Docket's “Incident Response 50,” an annual list of the best data breach response lawyers in the industry in 2023 and 2024, and named one of the 500 Leading Global Cyber and 500 Leading Global Litigators by Lawdragon in 2024. One of the country’s most sought-after commentators on cyberwarfare prior to his stint at the DOJ, John is co-author of Dawn of the Code War, a sobering analysis of American efforts to defend against cyberattacks by foreign powers. John also co-authored the recently released second edition of Cybersecurity Law Fundamentals, a primer and a reference volume on the latest developments in U.S. cybersecurity. John has been featured or cited by numerous major media outlets, including The Los Angeles Times, USA Today, NBC’s Meet the Press, PBS’ NewsHour, ABC’s Nightline and Good Morning America, NPR, CNN and Vanity Fair, among others. He was an inaugural Fellow of the Harvard Kennedy School’s Belfer Center for Science and International Affairs’ Homeland Security Project, focused on the unique challenges of protecting the American homeland. John is the Founding Chair (now Chair Emeritus and Strategic Advisor) of the Aspen Institute’s Cybersecurity and Technology program, a cross-disciplinary forum for industry, government and media to address emerging digital threats and craft policy solutions.