John Reed Stark

• 15 years as an SEC enforcement attorney leading cyber-related projects, investigations and broad range of substantial and pioneering SEC enforcement actions;
• 11 years as Founder and Chief of the SEC Office of Internet Enforcement;
• 5 years as Senior Lecturer of Law at Duke University School of Law and 15 years as an Adjunct Professor at Georgetown University Law School teaching a cyber-law course;
• 10 years as a Guest Instructor teaching an annual law enforcement and technology in-service lecture at the FBI Academy;
• 5+ years as Managing Director (three as head of the Washington, D.C. office) of a global digital risk management firm, leading cybersecurity, incident response and digital compliance engagements for corporations and regulated entities; and
• 20 years as a globally recognized data security expert and published author and commentator.

Over the last 35 years, John Reed Stark’s name has become synonymous with data breach response, cybersecurity and digital regulatory compliance. As President of John Reed Stark Consulting LLC, Mr. Stark’s work emphasizes quarterbacking teams of technical, compliance and legal experts in data breach, cyber-incident response, digital forensics, security science, cyber risk resilience and investigations for a broad range of public and private companies, professional service firms (including law firms) and government agencies. Mr. Stark is a well known cybersecurity expert and the author of The Cybersecurity Due Diligence Handbook, the first and only book of its kind.

Mr. Stark also serves as an expert in engagements pertaining to technological aspects of investigations, prosecutions and enforcement matters conducted by the SEC, FINRA and the U.S. Department of Justice (DOJ) and aids in structuring and running corporate compliance projects for broker-dealers, investment advisers and other regulated entities. Mr. Stark also provides neutral expert testimony in the realm of securities regulation on behalf of individuals, entities and government agencies, including in opposition to, and on behalf of, the SEC and other government agencies.

During Mr. Stark’s 11-year tenure as Founder and Chief of the SEC’s Office of Internet Enforcement, he led an extensive range of substantial and pioneering SEC enforcement actions. During Mr. Stark’s 5-year tenure as Managing Director and Washington, D.C. office head at Stroz, Friedberg, an international digital risk management firm, he gained an unusual breadth of experience in the realm of technology-related law enforcement and regulation; in cyber-incident response and digital risk resilience; and in leading all varieties of technology-related crisis management.

In addition to authoring over one hundred articles about cyber-related topics, including regulation, compliance, risk resilience and incident response, Mr. Stark has been a frequent guest commentator in the national media on cybersecurity, securities regulation and other related areas. Mr. Stark also wrote a column for Compliance Week magazine and his own blog, entitled “Stark on IR,” on Cybersecurity Docket (where he is also contributing editor) and a column for Law360.

Mr. Stark also served: 1) For 15 years as an adjunct professor at Georgetown University Law School, where he taught a course on law/regulation/cybercrime and technology; and 2) Since 2017 as Senior Lecturing Fellow at Duke University Law School (Winter Session in 2017 and 2018, Spring and Fall semesters in 2019, 2020, 2021) teaching a course entitled,”Legal Issues of Cybersecurity and Data Breach Response.” Mr. Stark has also taught a range of in-service sessions on cybercrime at the FBI Academy in Quantico, Virginia.

Mr. Stark is also a member of the Duke University School of Law Board of Visitors and the James B. Duke Society.