The Cyber Threat Landscape: Preparation and Remediation

Michael has been an internationally recognized privacy, cybersecurity and national security attorney for over twenty-five years. Beginning in 1997 as a cybercrime prosecutor at the U.S. Department of Justice (DOJ), Michael was one of the earliest leaders in this field.
After eight years of investigating and prosecuting computer intrusions and other internet-related crimes for the DOJ, Michael spent sixteen years building the privacy & data security practice at Perkins Coie LLP, serving as a trusted advisor to industry leaders and their Boards of Directors. During this time, clients relied on Michael for counsel on a range of sophisticated and high-stakes matters, including unprecedented state-sponsored network intrusions and data breaches, sensitive government investigations, and other bet-the-company representations.
One of Michael's more notable cases was his representation of the Democratic National Committee in its response to Russian hacking in the 2016 presidential election. This high-profile work went on to be detailed in the bestselling books The Apprentice (2018), The Perfect Weapon (2018), Russian Roulette (2018), and Hacks (2017). Investigative reporters have written about additional notable work Michael has done in two other important books: Power Wars(2015) and Dragnet Nation (2015).
With each new advance in communications and data sharing, clients trust Michael to help them navigate laws related to data collection and data access by governments; use and sharing by private entities such as communications providers, cloud platforms, and social media; and the legal risks and protections presented in an evolving and intensifying landscape.
Michael is trusted for extensive corporate privacy and cybersecurity reviews and for representing Fortune 100 companies before the DOJ, FTC, FCC, state attorneys general and Congressional committees. He has litigated prominent national security cases in federal court, and he counsels clients regarding classified government programs, foreign-based investments in or threats to U.S. infrastructure, and the handling of classified information.
Michael has provided Congressional testimony in public and nonpublic hearings on a number of pressing issues, and is frequently quoted in The New York Times, The Washington Post, The Wall Street Journal and other national media. Ranked as a leading privacy and data security lawyer in Chambers Global and Chambers USA, and listed among the Cybersecurity Docket’s Incident Response 40, he is regarded among “the best data breach response lawyers in the business.”
Prior to entering private practice, Michael spent twelve years in several positions within the DOJ. He joined the Department in 1993 as Special Assistant to the Assistant Attorney General for DOJ’s Criminal Division; he prosecuted white-collar and violent crimes at the U.S. Attorney’s Office for the Eastern District of Virginia; and his government service concluded with his eight years in DOJ’s Computer Crime & Intellectual Property Section. Michael was a contributing author to DOJ’s manuals on Prosecuting Computer Crimes, Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations, and Prosecuting Intellectual Property Crimes.
Michael began his career in New York as an associate in the litigation department of Proskauer Rose LLP.

Sunil Shenoi is a partner in the Government & Internal Investigations Group in the Chicago office of Kirkland & Ellis LLP. He focuses his practice on advising clients on data security and data privacy matters, with a particular focus on responding to data breaches and defending against data breach litigation. Sunil regularly advises clients on compliance with laws and regulatory guidance relating to data security and data privacy issues. Sunil also represents multinational organizations and individuals in a wide variety of U.S. DOJ and SEC investigations, including many investigations for private equity, medical device, retail, and other clients involving the U.S. Foreign Corrupt Practices Act, financial statement and disclosure issues, insider trading and other securities enforcement issues.

Craig Hoffman is a digital risk advisor engaged to guide clients on issues related to use of technology and data. He is well known for using his litigation experience and insights from helping entities address thousands of security incidents to develop prioritized privacy and cybersecurity strategies and effectively respond to security incidents. Visibility to what allows incidents to occur, outcomes of decisions made and measures taken to improve going forward from security incidents of all sizes enables Craig to immediately forecast what is coming, offer prioritized recommendations and then operationalize decisions into actions.
Craig co-leads the Digital Risk Advisory and Cybersecurity team – a team that helps entities address hundreds of security incidents a year and the resulting regulatory and litigation matters that follow. Clients turn to Craig to address the privacy compliance, operational and security related enterprise risks generated by their use of technology, such as data security incidents, post-incident regulatory defense and litigation, payment card network assessments, post-incident security enhancements, incident response preparedness, security and risk assessments, technology contracts and due diligence related to transactions.
In particular, Craig is internationally known as a go-to attorney for payment card security incidents after leading over 200 entities through payment card security incidents and the resulting PCI DSS revalidation process and payment card network liability assessments. Additionally, he has extensive experience with retail, restaurant, hospitality, financial services and technology companies.
Craig has conducted hundreds of incident response training and cybersecurity exercises for incident response teams, executive teams and boards of directors. These sessions help clients contextualize the critical issues and decisions they will face in an incident so they can identity how to build plans that will allow them to respond in a way that meets organizational goals, minimizes risk and protects key relationships.
Craig is ranked in Chambers USA: America’s Leading Lawyers for Business and the Legal 500, was chosen for the Cybersecurity Docket “Incident Response 30” and has been selected multiple times as an Acritas Star and BTI Client Service All-Star. He is a featured speaker on topics such as reasonable security, incident response and other digital risk areas.

Innovative cyber professional with legal, business, government, and grassroots expertise, bringing a strategic perspective to the complex intersection of government, technology, law, policy and community. Critical thinker and problem solver using a multifaceted approach to think about how to connect technical and non-technical matters to resolve complex problems.
Attorney experienced in litigation, prosecution, contracts, policy revision and development, as well as other transactional matters.