Andreas T. Kaltsounis

Partner

Seattle
T +1.206.566.7080
F +1.206.624.7317

Overview

Andreas Kaltsounis advises clients as they prepare for and respond to major security incidents, and finds practical, business-centered solutions to their complex information-security issues. He approaches his work with a unique perspective drawn from his nearly 20 years of experience as a federal agent, technologist, project manager, information security consultant and attorney. Whether Andreas is conducting proactive assessments of clients' risk and security postures, investigating complex network intrusions and insider threats, or responding to regulatory inquiries, clients appreciate his holistic insight when entrusting him with their most challenging privacy and data security issues.

Andreas is certified by Global Information Assurance Certification (GIAC) as an Information Security Professional (GISP), Penetration Tester (GPEN) and Critical Controls Specialist (GCCC). He is also an experienced computer forensics examiner and has been certified as an EnCase Certified Examiner (EnCE) and Seized Computer Evidence Recovery Specialist (SCERS). He is an advisory board member for the SANS Institute and has earned the Certified Information Systems Security Professional (CISSP) designation from the International Information System Security Certification Consortium (ISC2). Andreas is a frequent speaker at industry events and legal-education seminars on cybersecurity, cybercrime investigation, risk management and incident response.

Select Experience

Incident Response
  • Managed the forensic investigation of a data breach involving the theft of more than 1 billion customer records from a technology company by actors affiliated with a nation state. Provided daily briefings and security advisory services to the victim organization’s CEO, Chief Information Security Officer (CISO) and other executives; prepared reports; and coordinated with counsel and public relations on breach notifications and regulatory inquiries.
Advisory and Assessment Services
  • Managed an in-depth technical investigation and security assessment of a major Software-as-a-Service (SaaS) company. Prepared technical findings and prioritized recommendations mapped to ISO27001 standards.
  • Provided ongoing forensic, investigative and risk advisory services to senior managers and C-suite executives at a Fortune 500 company.
Fraud, Identity Theft and Internal Investigations
  • Served on a federal identity-theft working group at the U.S. Attorney’s Office for the Western District of Washington and developed priority cases involving organized criminal groups. Led two complex, multijurisdictional investigations that resulted in the convictions of nine defendants who conspired to commit significant and repeated aggravated identify thefts and bank fraud through the use of malicious insiders at victim businesses and counterfeit identification documents. (United States v. Charles Griffen et al. and United States v. Scott Putnam)
More »

Experience

Incident Response
  • Managed the forensic investigation of a data breach involving the theft of more than 1 billion customer records from a technology company by actors affiliated with a nation state. Provided daily briefings and security advisory services to the victim organization’s CEO, Chief Information Security Officer (CISO) and other executives; prepared reports; and coordinated with counsel and public relations on breach notifications and regulatory inquiries.
  • Led the investigation of a major payment card industry (PCI) network breach at a large national retailer. The breach affected millions of customer card numbers during a multimonth intrusion. Coordinated investigative activities with, and oversight of, an external PCI Forensic Investigator (PFI), resulting in the correction of several inaccurate and overly broad findings the PFI proposed. Provided ongoing CISO advisory and remediation services to the organization following the intrusion incident.
  • Led the investigation into a network intrusion at a healthcare facility by a disgruntled former employee who accessed systems without authorization and destroyed data. Coordinated the recovery of deleted data and completed a risk assessment pursuant to the Health and Human Services (HHS) Breach Notification Rule.
  • Managed a code review and advised on investigative efforts related to the unauthorized decryption and theft of intellectual property from a software developer.
  • Directed a significant PCI network breach investigation involving a Fortune 500 retailer, including coordination with and monitoring of an external PFI.
  • Led the investigation into a breach of personally identifiable information involving millions of customer records at a Fortune 500 company.
  • Directed an incident response involving brute-force and web-application attacks that compromised customer accounts at a Fortune 1000 transportation company.
Advisory and Assessment Services
  • Managed an in-depth technical investigation and security assessment of a major Software-as-a-Service (SaaS) company. Prepared technical findings and prioritized recommendations mapped to ISO27001 standards.
  • Provided ongoing forensic, investigative and risk advisory services to senior managers and C-suite executives at a Fortune 500 company.
  • Provided ongoing network security and incident response advisory services for a biotechnology firm.
  • Managed a security risk assessment at a technology startup in connection with ongoing litigation concerning the corporation's network-security posture.
  • Managed a technical risk assessment, including a comprehensive vulnerability assessment and network modeling exercise, for a Fortune 1000 transportation company.
  • Reviewed search protocols and technical controls implemented by a client organization to identify and block employees’ use of an unwanted application in response to a regulatory inquiry.
Fraud, Identity Theft and Internal Investigations
  • Served on a federal identity-theft working group at the U.S. Attorney’s Office for the Western District of Washington and developed priority cases involving organized criminal groups. Led two complex, multijurisdictional investigations that resulted in the convictions of nine defendants who conspired to commit significant and repeated aggravated identify thefts and bank fraud through the use of malicious insiders at victim businesses and counterfeit identification documents. (United States v. Charles Griffen et al. and United States v. Scott Putnam)
  • Served as a member of the Financial Investigations Review Team at the U.S. Attorney’s Office for the Western District of Washington, responsible for reviewing and investigating Suspicious Activity Reports filed under the Bank Secrecy Act for potential money-laundering violations.
  • Managed an investigation and digital forensics involving the theft of intellectual property by a former developer at a technology firm, resulting in referral to the FBI and the employee's arrest on federal charges.
  • Conducted an internal investigation, on behalf of a credit union’s board of directors, into allegations that the credit union’s president improperly accessed and manipulated data in the credit union’s financial systems. Briefed the board and credit union’s regulator on the results of the investigation and a high-level assessment of the credit union’s security controls.
  • Managed an investigation into a significant embezzlement by an employee of a Fortune 500 company, including controlled purchases of stolen equipment sold on the Internet. Coordinated referral to law enforcement resulting in employee’s arrest and conviction.

Recognitions and Memberships

Recognitions

  • International Information System Security Certification Consortium (ISC2)
    • Certified Information Systems Security Professional (CISSP) (valid through September 2020)
  • Global Information Assurance Certification (GIAC)
    • Certified Penetration Tester (GPEN) (valid through 2021)
    • Critical Controls Certification (GCCC) (valid through February 2020)
    • Information Security Professional (GISP) (valid through June 2018)
  • Guidance Software
    • EnCase Certified Examiner (EnCE) (2006 to 2010)
  • U.S. Department of Homeland Security, Federal Law Enforcement Training Center
    • Certified as a Seized Computer Evidence Recovery Specialist (SCERS)
  • U.S. Department of Justice
    • Certificate of Appreciation for Investigative Efforts (2008, 2015)
  • U.S. Federal Bureau of Investigation: Recognition in Priority Investigation (2008)
  • King County Sheriff’s Office, Seattle, Washington
    • Detective of the Year, department-wide (2005)
    • Detective of the Year, north precinct (2007)
  • City of Sammamish: Officer of the Year (2004)
  • Washington State Police Academy
    • Highest Academic Achievement (1999)
    • Highest Overall Achievement (1999)

Memberships

  • Washington State Bar Association
  • SANS Institute: Advisory Board Member
  • High Technology Crime Investigation Association, Washington Chapter

Community

  • American Radio Relay League

Pro Bono

  • Consulted as a member of the plaintiff’s team in a pro bono “cyber civil rights” project that assists victims of “revenge porn.” Testified at jury trial as the plaintiff’s expert witness on internet traffic, Tor anonymization, and internet communication tracing to establish that the defendant was responsible for anonymized internet traffic targeting the plaintiff. The plaintiff was awarded an $8 million verdict.

Prior Positions

  • Stroz Friedberg, LLC, an Aon Company
    • Managing Director (2017)
    • Vice President (2015 to 2017)
  • United States Department of Defense, Office of the Inspector General, Defense Criminal Investigative Service
    • National Cyber Field Office and Seattle FBI Cyber Task Force: Special Agent (2012 to 2015)
    • Seattle Resident Agency: Special Agent (2008 to 2012)
  • King County Sheriff’s Office, Seattle, Washington
    • Detective (2004 to 2008)
    • Deputy Sheriff (1999 to 2004)
  • United States Attorney’s Office, Western District of Washington: Law Clerk (1997)

Admissions

  • U.S. District Court, Western District of Washington
  • U.S. Bankruptcy Court, Western District of Washington
  • Washington

Education

  • M.P.M., Georgetown University McCourt School of Public Policy, 2014; Capstone Project Faculty Award
  • J.D., University of Washington School of Law, 1999
  • B.A., University of Washington, 1996