Brian Craig is one of the BakerHostetler attorneys dedicated to clients in the government contracting sector. He provides advice and counsel to government contractors and has an in-depth knowledge of the rules and regulations that drive the government contracts industry. In his practice, Brian counsels and represents contractors in a wide range of matters involving all aspects of federal government contracting. Brian has particular experience in the challenges cybersecurity presents for government contractors, including cyber incident response reporting and responding to government, prime-contractor and supply chain inquiries. His work in this area includes drafting system security plans and the preparation of cybersecurity self-assessments. He also assists clients evaluating DoD Cybersecurity Maturity Model Certification (CMMC), security obligations under FAR 52.204-21, NIST SP 800-171 and other standards. Brian’s information technology transactional experience in this area includes cloud service provider agreements and associated cybersecurity obligations.
Previously, Brian led the cybersecurity and data privacy practice at a large U.K. law firm where he advised clients on national security matters and compliance with the General Data Protection Regulation (GDPR). He has led cybersecurity breach response, managed forensic investigations and provided legal advice on response requirements, ransomware attacks and any compromise or fraud that occurs as a result. Brian recommends proactive policies and cybersecurity standards in order to deter such attacks. He has also worked with cybersecurity startups offering managed services, public key infrastructure technology and mobile facial recognition solutions. Brian is a former Army officer and sought-after speaker and writer who routinely advises boards of directors and senior executives and staff on cybersecurity and privacy issues.
Drawing from his time as senior in-house counsel in roles at the largest multinational aerospace and defense contractors, Brian provides clients with comprehensive legal and business advice while assisting in developing data security procedures, protections and breach response governance that fit their unique goals. He is currently teaching "Selected Topics in Cybersecurity Law (Cybersecurity-Risk Mitigation and Incident Response: Legal Approaches)" as an adjunct professor at George Washington University Law School.