Former state and federal law enforcement officer Andreas Kaltsounis brings   more than 18 years of high-profile government and private consulting experience

Information security and law enforcement veteran Andreas Kaltsounis has joined the BakerHostetler privacy and data protection team as a partner in the firm’s Seattle office. Kaltsounis brings to the team a unique perspective drawn from over 18 years of experience as a state and federal law enforcement officer, technologist, program manager, information-security consultant and attorney. He will provide compliance counseling and risk assessment services, help clients prepare for and respond to security incidents, and lead clients through federal and state regulatory inquiries.

Kaltsounis joins BakerHostetler from the international risk management firm Stroz Friedberg, where he oversaw the firm’s Seattle, San Francisco and Los Angeles offices. In that role, he investigated and counseled clients through major data-security incidents, including a network intrusion involving the theft of more than 1 billion customer records from a technology company and a data breach of a national retailer, which compromised millions of customer credit-card numbers. Kaltsounis also worked with clients to proactively assess and improve their security postures and reduce their information-security risk, and he advised clients in privacy investigations and enforcement actions by federal government agencies, including the Federal Trade Commission (FTC) and the Federal Communications Commission (FCC), and inquiries by state attorneys general related to state data breach laws and other regulatory issues.

Prior to his consulting work, Kaltsounis served as a special agent with the U.S. Department of Defense inspector general’s national cyber field office and as a task force officer with the Federal Bureau of Investigation (FBI) Seattle Cyber Task Force. He investigated network intrusions and other cybercrimes by criminal organizations, nation-state actors and malicious insiders. Throughout his law enforcement career, he also investigated white collar crimes, identity theft and major fraud cases, receiving numerous awards for his accomplishments from the Department of Justice, the FBI and other government agencies.

Along with his on-the-ground experience handling complex information-security issues, Kaltsounis holds leading industry certifications in information security and computer forensics. He is credentialed as a certified information systems security professional (CISSP) by the International Information System Security Certification Consortium (ISC2) and is certified as an information-security professional (GISP), penetration tester (GPEN) and critical controls specialist (GCCC) by the Global Information Assurance Certification (GIAC) organization. He is also an experienced computer-forensics examiner and has been certified as an EnCase certified examiner (EnCE) and seized computer evidence recovery specialist (SCERS). He is an advisory board member for the SANS Institute and a frequent speaker at industry events and legal education seminars on cybersecurity, cybercrime investigation, risk management and incident response.

“It’s exciting to join such a well-regarded and highly respected privacy and data protection practice that is known for its services from compliance counseling to rapid incident response,” said Kaltsounis. “The firm offers a perfect platform to help clients meet their regulatory obligations and respond to incidents while also proactively reducing their risk and improving their resilience for major security incidents.”

“We are thrilled that Andreas has joined our team,” said Ted Kobus, leader of the privacy and data protection team. “Cybersecurity compliance and breach investigations are enterprisewide issues. This means we are working heavily with internal audit, IS and IT teams. Adding his deep information security expertise and law enforcement investigation experience positions our team to continue to be a leader in this space and to fully serve our clients as the cybersecurity landscape evolves and becomes even more complex.”

“I’m pleased to welcome Andreas to the rapidly growing Seattle office,” said Timothy D. Casey, partner-in-charge. “Our clients on the West Coast and across the U.S. will benefit from his cybersecurity credentials and deep law enforcement investigation experience.”

Kaltsounis received his J.D. from the University of Washington School of Law in 1999. He earned an MPM in public service from Georgetown University McCourt School of Public Policy in 2014 and his B.A. from the University of Washington in 1996.

BakerHostetler’s award-winning team continues to experience strategic growth, having added high-profile laterals in a number of key markets due to its reputation for effectively managing data security incidents, responding to regulatory investigations, providing risk assessments and compliance counseling, and defending class actions. Renowned advertising and marketing law attorneys Linda Goldstein and Holly Melton joined the firm’s New York City office in March, and Laura Jehl, former chief litigation counsel at America Online Inc., joined the Washington, D.C., office in July.

Ranked in the 2017 edition of Chambers USA – Privacy & Data Security, as well as Chambers Global – USA, Privacy & Data Security, the team is a cross-disciplinary practice of more than 40 attorneys who have counseled clients nationally and internationally through more than 2,000 data breach and ransomware responses. The annual BakerHostetler Data Security Incident Response Report is regarded as one of the industry’s most credible analyses of data security incidents companies face. In its third year, the report helps companies understand potential threats, protect their data and fine-tune their incident response plans. In response to recent ransomware events, the privacy and data protection practice has formed a SWAT team of dedicated on-call privacy and data protection attorneys experienced in the evolution of ransomware. The SWAT team members help clients immediately address whether and how to pay ransom, how to preserve crucial data to ensure business continuity, when to engage with law enforcement, and how to draft crisis communications.