Matt advises clients on a wide range of cybersecurity issues, including preparing for and responding to cyber incidents and interacting with regulators and law enforcement. He has extensive experience working with critical infrastructure companies to manage cyber risk, and he routinely advises clients on complicated issues involving the intersection of law and emerging technologies. Matt frequently helps clients prepare for and respond to network vulnerabilities, including working with the U.S. Departments of Justice (DOJ) and Homeland Security (DHS) to find creative solutions to challenging security issues.
Matt is a contributing author and an industry source in several publications, including the “Cybersecurity Risk Management Is a Corporate Responsibility” chapter in the American Bar Association’s 2019 publication, The Lawyer’s Corporate Social Responsibility Deskbook.
- Successfully litigated computer hacking cases under the Computer Fraud and Abuse Act (CFAA), both as a federal prosecutor and in civil litigation.
- Frequently advised communications companies on compliance with the Communications Assistance for Law Enforcement Act (CALEA), the Electronic Communications Privacy Act (ECPA), and the Wiretap Act.
- Advised numerous government contractors on compliance with various cybersecurity requirements, with a particular focus on advising U.S. Department of Defense contractors on obligations under DFARS 252.204-7012 and NIST 800-171.
- Advised clients on emerging federal government policy related to the Internet of Things, blockchain, and bug bounty programs as well as the application of technical standards published by the National Institute of Standards and Technology (NIST).
- Successfully litigated over 25 federal jury trials, including prosecuting numerous computer crimes.
- Represented several individuals in deportation litigation, including successfully obtaining a writ of habeas corpus in the Eastern District of Virginia ordering a bond hearing for an individual detained by U.S. Immigration and Customs Enforcement (ICE) for over 15 months without a hearing.
Advised numerous companies on compliance with emerging State cybersecurity regulations, including New York’s Department of Financial Services’ Cybersecurity Regulation and California’s Internet of Things law.
- Assistant U.S. Attorney, U.S. Attorney’s Office for the Eastern District of Virginia (2012-2015) and Southern District of California (2004-2006, 2008-2012)
- Private law practice (2001-2003, 2006-2008)
- New Hampshire Press Secretary, Governor Howard Dean’s Presidential Campaign (2003-2004)
- Recognized by The Legal 500 US in Corporate Investigations and White-Collar Criminal Defense (2020-2021)
- Recognized as one of the nation's top Cybersecurity & Data Privacy Trailblazers by The National Law Journal (2015)
- The California Consumer Privacy Act (CCPA) and the California Consumer Privacy Rights and Enforcement Act (CPRA)
J.D., magna cum laude, Georgetown University Law Center
B.A., Loyola University Maryland
Notes Editor, Georgetown Law Journal
- Law Clerk for the Honorable J. Frederick Motz, U.S. District Court for the District of Maryland (2000-2001)
Bar and Court Memberships
- District of Columbia Bar
- Maryland Bar
- U.S. Court of Appeals for the Fourth and Ninth Circuits
- U.S. District Courts for the District of Maryland, Northern District of California, and Southern District of California
Related News & Insights
- AlertCISA Publishes Cybersecurity Incident Response and Vulnerability Response Playbooks with Intent of Increasing Expectations for the Private SectorJacqueline F. Brown, Megan L. Brown, Kevin B. Muhlendorf, Matthew J. GardnerNovember 18, 2021
- Blog PostDHS/CISA Mandates Fixing Security Vulnerabilities, Warning Companies to be VigilantWiley ConnectJacqueline F. Brown, Megan L. Brown, Matthew J. GardnerNovember 8, 2021
- AlertCyber Developments: DOD Suspends CMMC Version 1.0 and Charts a New Course With “CMMC 2.0”Megan L. Brown, Jon W. Burd, Matthew J. Gardner, Michael L. Diakiwski, Gary S. WardNovember 5, 2021
- Blog PostCyber Proposals Should Reject Impractical Obligations and Victim ShamingWiley ConnectMegan L. Brown, Matthew J. GardnerJune 22, 2021