Andrew is a seasoned cybersecurity and technology lawyer with over two decades of experience in financial services, technology, government, and national security. With his unique background combining senior in-house and government roles, Andrew brings a deep and first-hand understanding of the challenges clients face navigating cyber legal risk in highly regulated industries. He is a trusted advisor to boards, C-suite executives, general counsels, and CISOs, providing practical and proactive counsel on cyber legal risk management and incident response.
Andrew was the first Chief Cybersecurity Counsel at IBM, where he founded one of the earliest corporate global cyber legal teams, and he was General Counsel for all technology and operations at Barclays, including cyber, data, and artificial intelligence. During a decade in government, Andrew served as Deputy General Counsel of the National Security Agency and held prominent positions in the White House and Department of Justice. He has overseen hundreds of cyber incidents at all levels of severity, and he has led global in-house teams over related areas such as operational resilience, emerging technology, data privacy, intellectual property, investigations, and crisis management.
A recognized thought leader, Andrew teaches cybersecurity, privacy, and government surveillance law at Columbia Law School, has testified before Congress on cybersecurity law, and has written for publications such as The Wall Street Journal and Harvard Business Review.