Overview
Brian Long focuses his practice on transactional and regulatory matters in the technology and cybersecurity sectors. He advises clients on technology contracts, cybersecurity compliance programs, audit readiness, and risk management frameworks, including the NIST Cybersecurity Framework, the Payment Card Industry Data Security Standard (PCI DSS), the Cybersecurity Maturity Model Certification (CMMC), ISO 27001, and System and Organization Controls (SOC) 2. He also supports clients in cybersecurity investigations, contract disputes, and vendor risk reviews.
With more than two decades of experience in cybersecurity consulting, Brian brings practical, operational insights to his legal counsel and translates complex technical requirements into actionable, business-aligned legal strategies. He has advised US and global companies across regulated industries, including financial services, healthcare, and energy, on the implementation of security controls, incident response, and information security standards.
During law school, Brian served as lead articles editor of the SMU Law Review.
Results
- Managing legal aspects of a client’s data breach response including insurance, hiring and directing forensic investigators, discovery, and required consumer and state attorney general notifications
- Managing multiple cybersecurity maturity and risk assessments (based on the NIST Cybersecurity Framework) under attorney-client privilege and provide legal analysis and counseling on responding to assessment results
- Assisting a tier 1 Payment Industry Card (PCI) merchant in preparation for its Qualified Security Assessor (QSA)-provided Report on Compliance (ROC) by advising on managing significant changes and risks brought about by the COVID-19 pandemic requiring work-from-home conditions
- Drafting and editing technology service provider and service recipient agreements and statements of work including typical legal sections (e.g. indemnifications, liability) and draft, edit, and issue spot privacy, technology, and cybersecurity sections, schedules, and exhibits
- Assisting government contractor with agreements, and other preparation needed to comply with requirements, such as DFARS 252.204-7012 and the associated NIST SP 800-171 standard, including advice on complying with forthcoming requirements in the NIST SP 800-171 DoD Assessment Methodology and Cybersecurity Maturity Model Certification (CMMC)
- Contributing cybersecurity, privacy, and export controls updates to Outsourcing: Business and Law, See, https://books.google.com/books/about/Outsourcing.html?id=72T0ygAACAAJ
Credentials
Education
SMU Dedman School of Law, JD, summa cum laude, valedictorian, 2019
University of Texas at Dallas, BA, cum laude, 1998
Admissions
Texas