Prior to attending law school, Brian spent more than twenty years working as a consultant, focusing on cybersecurity, information security and IT risk management for US and global companies primarily in regulated industries. He brings extensive knowledge of hacking mechanisms and security controls; IT operations; and information security standards for financial services, healthcare, energy and other industries.
Managing legal aspects of a client’s data breach response including insurance, hiring and directing forensic investigators, discovery, and required consumer and state attorney general notifications
Managing multiple cybersecurity maturity and risk assessments (based on the NIST Cybersecurity Framework) under attorney-client privilege and provide legal analysis and counseling on responding to assessment results
Assisting a tier 1 Payment Industry Card (PCI) merchant in preparation for its Qualified Security Assessor (QSA)-provided Report on Compliance (ROC) by advising on managing significant changes and risks brought about by the COVID-19 pandemic requiring work-from-home conditions
Drafting and editing technology service provider and service recipient agreements and statements of work including typical legal sections (e.g. indemnifications, liability) and draft, edit, and issue spot privacy, technology, and cybersecurity sections, schedules, and exhibits
Assisting government contractor with agreements, and other preparation needed to comply with requirements, such as DFARS 252.204-7012 and the associated NIST SP 800-171 standard, including advice on complying with forthcoming requirements in the NIST SP 800-171 DoD Assessment Methodology and Cybersecurity Maturity Model Certification (CMMC)
Do not send any information or documents that you want to have treated as secret or confidential. Providing information to McDermott via email links on this website or other introductory email communications will not create an attorney-client relationship; will not preclude McDermott from representing any other person or firm in any matter; and will not obligate McDermott to keep confidential the information you provide. McDermott cannot enter into an attorney-client relationship with you until McDermott has determined that doing so will not create a conflict of interest and until you and McDermott have entered into a written agreement or engagement letter that sets forth the terms of our relationship.