Some highlights from my career thus far: Prior to joining the firm in 2021, I was an Assistant US Attorney in the US Attorney’s Office in the Northern District of Illinois for more than 11 years. Among my significant trials, I prosecuted a computer intrusion of a Fortune 500 company and a federal defense contractor for illegally exporting technical data to China.
While serving in the USAO’s National Security and Cybercrime Section, I developed substantial experience supervising and managing complex investigations and prosecutions involving cybercrime, complex fraud, export control and international sanctions violations, theft of trade secrets, terrorism, and espionage. I am also recognised as a thought leader in the cybersecurity community, having taught a cybersecurity law school course as an adjunct professor at the University of Illinois for the last seven years.
Today, I enjoy serving as a co-chair of Jenner & Block’s data privacy and cybersecurity practice, where I assist clients with understanding, preparing for, investigating, and litigating a range of threats. In particular, I am grateful for the opportunity to provide clients with comfort and security as they navigate the rapidly evolving cybersecurity landscape. Since joining the firm, some of my career highlights in the cybersecurity space include guiding clients’ responses to ransomware incidents. I have, for example, managed partnerships with cybersecurity forensics and strategic communications vendors and managed communications with law enforcement, regulators, and interested federal agencies, all while mitigating my clients’ risk in anticipation of litigation.
Unlike most litigation or investigation practices, the cybersecurity sector requires real-time crisis management in the wake of a company being the victim of a crime. As a cybersecurity practitioner, I provide a steady hand through the crisis, while counseling my clients to mitigate risk in anticipation of the future regulatory enforcement actions and class action litigation. The scope of the practice is significant. I use my technical acumen, national security experience, and understanding of the threat landscape to provide clients with advice on preparing for a cybersecurity incident, managing and navigating the aftermath, and handling regulatory compliance and litigation. With the proliferation of legal regimes governing data processing and threat actors targeting data, I provide holistic, proactive advice to clients. As an example of the breadth of my practice, in addition to incident response, I regularly guide clients on federal information-sharing mandates, critical infrastructure cybersecurity mandates, cybersecurity incident-reporting requirements under federal and state regulatory regimes, and sanctions risks.
The biggest challenges are the scope and breadth of the risk that clients face. Cybersecurity practitioners must stay on top of an ever-evolving and fast-paced sector. Jenner & Block’s data privacy and cybersecurity practice includes an interdisciplinary team of lawyers who counsel, investigate, and litigate across an array of privacy and data security issues in the United States and Europe. I make it a point to address and understand these challenges, and I share my insight frequently as a speaker and author. Last fall, as one example, I discussed enforcement trends under the Biden administration, digital currency enforcement actions, and cybersecurity incidents and disclosures during a panel at the 41st Ray Garrett Jr. Corporate & Securities Law CLE. In another example of my thought-leadership, I led a webinar geared to small businesses last fall. I discussed the range of cybercrime tools available to threat actors, the risks associated with a cybersecurity incident, and what business cases do to mitigate the risk of cybercrime exposure. One particular area of focus and experience – leveraging my background as a prosecutor and involvement in the firm’s culture risk and sensitive investigations practice – is helping companies consider the human aspect of cyber risk. Although a deep understanding of the mechanics of a cyber breach is critical to prevention, so is having a robust strategy to engage employees in protecting the company’s systems and data. This ultimately comes back to helping the client develop and sustain a strong corporate culture, where employees are empowered and encouraged to speak up when they see or experience attacks using phishing, social engineering, malware, and other malicious techniques.
I suggest that organisations can adapt to these challenges by fostering a collaborative, cooperative environment: We grow and we learn as a team. With others on the firm’s data team, I regularly collaborate with lawyers in other practices whose clients experience cybersecurity issues. In doing so, the client is provided the best possible advice and counsel to steer through these challenging moments. I also lend my expertise to many cross-disciplinary, cross-office teams. As one example, I provided cybersecurity counsel last fall when a firm client acquired a provider of artificial intelligence-powered Software-as-a-Service solutions.
I am closely following the uptick in extortion schemes involving theft, as opposed to encryption. The trend represents a change in the risk profile for a client. Stealing is more lucrative. I am also tracking the evolving cybersecurity regulatory regime, particularly as it relates to critical infrastructure and national security threats, particularly in light of the expanding nation-state and international organized crime cybercrime regimes.
The biggest challenge to gender equity in the field is the expectation that women cannot be vital members of a practice rooted in technical skills. I have experienced firsthand the assumption that women cannot be experts in this sector.
A piece of advice I would give aspiring data lawyers and professionals is to learn the field. The practice changes so fast that it is incumbent on aspiring professionals to be proactive so they can assure clients that they are at the forefront of the latest movement. I receive cyber alerts from a litany of news outlets and technical resources each day. I start my day reading these alerts so I can be prepared for what I’ll need for the day ahead.