John Reed Stark is President of John Reed Stark Consulting LLC.
Over the last 20 years, Mr. Stark’s name has become synonymous with cybersecurity, cyber incident response and digital regulatory compliance. As President of John Reed Stark Consulting LLC, Mr. Stark’s work emphasizes quarterbacking teams of attorneys and other experts in data breach, cyber-incident response, digital forensics, security science, cyber risk management and investigations for financial institutions as well as public and private companies, law firms and government agencies. Mr. Stark’s experience with intrusions and data breach touches upon all aspects of cyber-incident response, especially during early phases of crisis management, forensic analysis, malware reverse engineering, law enforcement/regulatory liaison and containment, as well as the later phases of data-review, remediation and any requisite disclosure and reporting.
Mr. Stark has handled incident response matters involving all types of cyber attacks, including attacks involving Advanced Persistent Threat, SQL Injections, phishing schemes, denial of service (DOS) and unpatched software. He has also managed cyber attacks orchestrated by internal threats within a company as well as attacks coordinated by so called “bad leavers,” disgruntled employees who “leave” a company on “bad” terms and cause deliberate harm before or after they exit, typically in clandestine fashion. Under Mr. Stark’s 11-year tenure as Founder and Chief of the SEC’s Office of Internet Enforcement, Mr. Stark led a broad range of substantial and pioneering SEC enforcement actions.
Mr. Stark has also served as an expert in engagements pertaining to technological aspects of investigations, prosecutions and enforcement matters conducted by the SEC, US DOJ and FINRA and aids in structuring and running corporate compliance projects for broker-dealers, investment advisers and other SEC-regulated entities. Mr. Stark also provides neutral expert testimony in the realm of securities regulation on behalf of individuals, entities and government agencies, including in opposition to, and on behalf of, the U.S. Securities Exchange Commission and other government agencies.
As a former Managing Director and Washington, D.C. office head at an international digital risk management firm, Mr. Stark offers an unusual breadth of experience in the realm of technology-related law enforcement and regulation, in cyber-incident response and digital risk management, and in leading all varieties of technology-related crisis management. In addition to authoring several dozen articles along those lines, he has been a frequent guest commentator in the national media on cybersecurity, securities regulation and other related areas.
Mr. Stark also served for 15 years as an adjunct professor at Georgetown University Law School, where he taught a course on law/regulation/cybercrime and technology. Mr. Stark has also taught a range of in-service sessions on cybercrime at the FBI Academy in Quantico, Virginia, and serves as Co-Chair of the American Bar Association Subcommittee on Securities Law and the Internet.