Sean B. Hoar

Partner

Sean Hoar is a partner in the Portland office of Lewis Brisbois and chair of the Data Privacy & Cybersecurity Practice. He has extensive experience managing responses to digital crises and effectively marshaling resources to contain and remediate information security incidents. He served as the lead cyber attorney for the U.S. Attorney’s Office in Oregon, and he worked closely with the Computer Crime & Intellectual Property Section in Washington D.C. He holds the Certified Information Systems Security Professional (CISSP), the Global Information Security Professional (GISP), and the Certified Information Privacy Professional/United States (CIPP/US) credentials. His work on behalf of corporate clients includes:

  • General information security consulting
  • Incident response planning
  • Table-top exercises
  • Incident response services
  • Data breach-related defensive litigation
  • Employee/Board/Senior Executive training
  • Facilitating system vulnerability testing and penetration testing
  • Facilitating digital forensic services
  • Drafting information security policies and procedures
  • Data privacy compliance consulting

As a veteran security and privacy attorney and an accomplished litigator prosecuting cybercrime, identity theft, Internet fraud, and other matters for the U.S. Department of Justice, Sean managed compliance with the Fourth Amendment, the Stored Communications Act, and other constitutional and regulatory frameworks for federal law enforcement. He trained federal investigators and prosecutors about the acquisition and use of digital evidence, and he trained foreign officials, on behalf of the U.S. Department of State, about anti-terrorism and cybercrime awareness. He also taught courses in cybercrime and privacy law and serves as the executive director of the Financial Crimes & Digital Evidence Foundation. A frequent author and speaker on privacy and security matters, Sean has received numerous accolades from the FBI, the Secret Service, the IRS, and the DEA throughout his career.

Legal Experience

General information security consulting

Counsels clients in all business sectors on commercially reasonable practices to enhance their enterprise security posture. This includes reviewing information security practices, facilitating self-assessments, and helping to identify and reduce system vulnerabilities to mitigate the risk and scale of a breach.

Incident response planning

Assists clients to develop and draft an incident response plan. This includes the identification and involvement of key stakeholders, the acquisition of cyber liability insurance, the facilitation and execution of Master Service Agreements with breach response service providers (digital forensics services, consumer notification/call center services, credit monitoring/identity protection services, etc.), and introduction to appropriate law enforcement personnel.

Table top exercises

Assists clients test their incident response plan by facilitating enterprise wide digital crisis response exercises. These exercises involve key stakeholders and assist them identify and experience their roles and responsibilities in responding to a data security incident. The exercises also help identify and resolve gaps in incident response plans.

Incident response services

Manages responses to information security incidents. This includes access to Lewis Brisbois' 24/7 data breach hotline and project management of breach response; initial assessment of problem; facilitation of legal agreements and services to contain, analyze, investigate and remediate a data compromise (which may include digital forensics, crisis management and communications, consumer notification, credit monitoring and/or identity protection services); assessment of consumer and regulatory notification obligations; drafting of consumer and regulatory notification; and responding to inquiries from the media and regulatory officials.

Data breach-related defensive litigation

Assists clients who are subject to third party demands or class action complaints arising from data security incidents. As a former litigator for the U.S. Department of Justice, he works with Lewis Brisbois’ extensive litigation resources across 40 offices in 26 states to ensure clients are well represented in defensive litigation matters.

Employee/Board/Senior Executive training

Assists clients to identify and prioritize employee training needs regarding network security awareness, develop customized training to educate employees about network security awareness, and develop customized presentations for Boards and Executives about information security threats and risks while addressing the business case for information security.

Information system vulnerability testing and penetration testing

Assists clients to identify an appropriate vendor, determine appropriate scope, facilitate and execute pertinent contracts, oversee vulnerability security scans and penetration testing, and review and edit preliminary reports to ensure accuracy and format acceptable for regulators should they ever need to be produced.

Digital forensics services

Assists clients to identify an appropriate vendor, determine appropriate scope, facilitate and execute pertinent contracts, oversee digital forensics investigation, and review and edit preliminary reports to ensure accuracy and format acceptable for regulators should they ever need to be produced.

Information security policies and procedures

Assists clients to identify and develop necessary information security policies and procedures. This includes reviewing existing information security policies and procedures, recommending revisions to existing policies and procedures, and drafting policies and procedures if none exist.

Prior Experience

  • Assistant United States Attorney, United States Department of Justice, District of Oregon, Portland, Ore., 1991-2014
  • Adjunct Professor, Cybercrime seminar, Lewis & Clark Law School, Portland, Ore., 2011-present; University of Oregon School of Law, Eugene, Ore., 2003-present
  • Assistant District Attorney, Lane County District Attorney’s Office, Eugene, Ore., 1987-1991

Publications

  • “Reducing the Risk of Cyber Extortion For Health Care Cos.,” Law360, 02.24.16
  • “Cyber Threats: Is the Sky Falling or Is the Threat Real?,” Power Magazine, 08.01.15

Certifications

  • Certified Information Systems Security Professional (CISSP)
  • Global Information Security Professional (GISP)
  • Certified Information Privacy Professional (CIPP/US)

Professional Presentations

Please note that this list covers approximately the last 18 months of Sean’s speaking engagements. For a more comprehensive list, please contact Wendy Cunningham at Wendy.Cunningham@lewisbrisbois.com.

  • Panelist, “Experts Roundtable:  Dinner, Drinks & Incident Response,” CrowdStrike, New York, New York, 03.11.20
  • Panelist, “Cybersecurity Threats Today,” Mortgage Bankers Association Mid-Winter Housing Conference, Bachelor Gulch, Avon, Colorado, 03.10.20
  • Panelist, “Lessons from the Digital Battlefield,” Combined Claims Conference, Garden Grove, California, 03.04.20
  • Panelist, “Son of a Breach! Incident Response Insights, Planning & Practices,” Western Bankers Association 2020 Annual Conference & Directors Forum, Scottsdale, Arizona, 03.02.20
  • Speaker, “The CCPA & Privacy Legislation:  How Can We Mitigate Claims?,” Webinar for GAIG claims counsel and underwriters, 02.19.20
  • Speaker, “Emerging Cyber Threats:  Claims Mitigation ,” 2020 SDAO Annual Conference, Seaside, Oregon, 02.07.20
  • Panelist, “Ransomware and Business Email Compromises,” Incident Response Forum West, Beverly Hills, California, 01.30.20
  • Moderator, “Information Governance & Cybersecurity,” ACC Foundation Cybersecurity Summit, Washington D.C. 01.28.20
  • Panelist, “BIPA, The CCPA, & Data Breaches,” Webinar sponsored by Lewis Brisbois, 01.16.20
  • Speaker, “The GDPR, CCPA & Privacy Legislation:  How Can My Clients Comply?” Oregon State Bar Association Health Law Section, Portland, Oregon, 12.12.19
  • Speaker, “Cyber Risk Concerns of the C-Suite and Understanding the Vendor Breach Ecosystem,” Webinar sponsored by the American Bankers Association, 12.10.19
  • Speaker, “Cybersecurity:  Malicious Trends & Preparation for Zero Day Attacks,” Webinar sponsored by Intel, 12.10.19
  • Presenter, "Cyber Threats: Extortion, Social Engineering & Malicious Intent," LBBS Webinar, 11.21.19
  • Panelist, “Professional Liability & Cyber Liability Update,” AIG Financial Lines Seminar & 2020 Outlook, Los Angeles, California, 11.07.19
  • Panelist, “Professional Liability & Cyber Liability Update,” AIG Financial Lines Seminar & 2020 Outlook, San Francisco, California, 11.06.19
  • Speaker, “Cybersecurity for Administrative Professionals,” Webinar sponsored by Lorman Education Services, 11.01.19
  • Panelist, “Lightning Round – Everything a CISSP Needs to Know About the Cyber Legal Landscape,” 2019 ISC2 Security Congress, Orlando, Florida, 10.30.19
  • Moderator, “Rise of the Mega-Fines: Accounting for Regulatory Action in Cyber Insurance,” Advisen Cyber Risk Insights Conference, New York, 10.24.19
  • Panelist, “HSB CyberSLAM,” Webinar sponsored by HSB, Hartford, Connecticut, 10.16.19
  • Moderator, “The PCI DSS: Security Goals or Revenue Stream?,” NetDiligence, Santa Monica, California, 10.15.19
  • Panelist, “Cyber Risk Claims,” Propel Insurance Annual Sales Meeting, Portland, Oregon, 10.15.19
  • Panelist, “Emerging Trends in Cyber Insurance Claims,” Cyber Immersion Summit, The Hartford, Hartford, Connecticut, 10.11.19
  • Speaker, “Emerging Cybersecurity Threats: Measures to Keep Risk Between the Rails,” 2019 American Short Line and Regional Railroad Association General Counsel Symposium, Columbus, Ohio, 10.10.19
  • Panelist, “Holy @#%&, What Do We Do Now? A Guide to Handling a Ransomware Attack,” AWAC Panel Counsel Summit, Hartford, CT, 9.25.19
  • Speaker, “Cyber Breaches and the Messes They Create,” Community Bankers of Washington Annual Conference, Stevenson, WA, 9.19.19
  • Speaker, “A Day in the Life of a Breach Coach,” Hanover Cyber Summit, Worchester, MA, 9.11.2019
  • Panelist, “Emerging Online Trends,” Hanover Cyber Summit, Worchester, MA, 9.11.19
  • Speaker, “Mitigating the Risk and Expense of Cyber Claims,” GAIG Claims Training, Cincinnati, OH, 9.9.19
  • Panelist, “Critical Guidance for Mitigating Business Cyber Risk,” Oregon Association of School Business Officers, Bend, OR, 7.24.19
  • Presenter, “Cyber Trends”, Advisen Quarterly Events Webinar, 7.24.19
  • Presenter, “Well, It’s Too Late Now: Being Properly Prepared for a Data Breach,” 2019 CLM Cyber, Management & Liability Conference, 7.11.19
  • Presenter, “Incident Response: Lessons on Claims from the Digital Battlefield,” The Hartford Webinar, 06.07.19
  • Panelist, “The Next Big Thing: Keep Track of Emerging Threats,” Advisen Cyber Risk Insights Conference, Chicago, IL, 05.16.19
  • Panelist, “Cybersecurity for Attorneys: Protecting Your Clients & Your License,” National Creditors Bar Association 2019 Spring Conference, Minneapolis, MN, 05.15.19
  • Presenter, “Cyber Breaches and the Messes They Create,” American Association of Insurance Management Consultants Annual Conference, Charleston, South Carolina, 5.03.19
  • Presenter, “Lessons from the Digital Battlefield,” American IT Symposium, New Orleans, LA, 4.24.19
  • Presenter, “Lessons from Thousands of Incidents,” Special Districts Association of Oregon PACE Day, Salem, Oregon, 4.18.19
  • Moderator, “Cyber Insurance: How to Work with Insurance Companies, Battleground Issues and How to get Paid,” Incident Response Forum, Washington, D.C., 4.10.19
  • Presenter, “Cybersecurity Trends Webinar (CISOs),” Fairfax Family of Companies, 03.28.19
  • Panelist, “Privacy Regulation Goes Global: Compliance and Insurance Coverage Issues,” Advisen Cyber Risk Insights Conference, London, England, 03.19.19
  • Moderator, “Creating a Breach Response PLAN – Strategies for Prevention, Logistics, Action and Notification,”  CLM Annual Conference, Orlando, Florida, 03.14.19
  • Speaker, “Enterprise Risk Assessment – A Case Study,” CyberCONNECT, Portland, Oregon, 03.06.19
  • Panelist, “Privacy Compliancy – GDPR and Beyond,” CyberCONNECT Portland, Oregon, 03.06.19
  • Moderator, “Outage of Cloud Services Providers – Systemic Risk for Cyber Underwriters,” Advisen Cyber Risk Insights Conference, San Francisco, California, 02.21.19
  • Moderator, “Counseling a Corporation Before the Inevitable Data Security Incident,” Incident Response Forum West, Beverly Hills, California, 02.06.19
  • Panelist, “Cyber Insurance:  From Risk Transfer to Cyber Threat Response – Is It Covered?,” University of San Diego Cyber Law, Risk and Policy Symposium, San Diego, California, 11.15.18
  • Speaker, “Enterprise Risk Assessment - A Case Study,” EDGE 2018 Cyber Summit, Vancouver, Washington, 11.13.18
  • Panelist, “Privacy Compliance - GDPR and Beyond,” EDGE 2018 Cyber Summit, Vancouver, Washington, 11.13.18
  • Speaker, “Cybersecurity and the Petroleum Distribution Industry,” SIGMA 2018 Annual Conference, San Francisco, California, 11.06.18
  • Panelist, “Mapping the Cyber Threat Landscape,” Advisen Cyber Risks Insights Conference, New York, New York, 10.25.18
  • Speaker, “Cybersecurity in the Hospitality Industry,” Academy of Hospitality Industry Attorneys Fall Meeting, Portland, Oregon, 10/18/18
  • Speaker, “New Laws Make Cyber Insurance For Small and Medium Sized Businesses More Critical Than Ever,” Webinar sponsored by Hartford Steam Boiler, 10.16.18
  • Panelist, “Preparing for the Worst – The Importance of Cyber Liability Insurance and a Cyber Security Plan,” 96th Annual Conference for the National Council on Teacher Retirement, Washington, D.C., 10.09.18
  • Speaker, “Emerging Trends in Cybersecurity,” Travelers Annual Business Torts Meeting, St. Paul, Minnesota, 10.01.18
  • Participant, “Cybersecurity Industry Roundtable: Challenges in Data Breach Cases,” U.S. Department of Justice, Washington D.C., 09.27.18
  • Participant, “Executive Roundtable on Cybersecurity,” sponsored by Envista Forensics, New York, New York, 09.26.18
  • Keynote speaker, “Cybersecurity: Keeping the Bad Guys Out,” Willamette Education Service District All Staff Kick Off in Salem, Oregon, 08.27.18
  • Speaker, “General Data Protection Regulation,” Webinar sponsored by EPIC Insurance Brokers and Consultants, 05.15.18

Admissions

  • State Bar Admissions
    • District of Columbia
    • Oregon
    • Washington
  • United States District Courts
    • United States District Court for the District of Oregon
  • United States Courts of Appeals
    • United States Court of Appeals for the Ninth Circuit
  • United States Supreme Court

Admissions

Oregon, 1987

Washington, 2015

District of Columbia, 2015

U.S. Supreme Court, 1997

U.S. Court of Appeals 9th Circuit, 1991

U.S. District Court District of Oregon, 1991

Associations

  • International Information System Security Certification Consortium (ISC2)
  • Information Systems and Audit Control Association (ISACA)
  • International Association of Privacy Professionals (IAPP)

Awards & Honors

  • Incident Response 30 for 2019, selected by Cybersecurity Docket as one of the 30 best and brightest data breach response lawyers in the United States
  • Incident Response 30 for 2018, selected by Cybersecurity Docket as one of the 30 best and brightest data breach response lawyers in the United States
  • Outstanding Support, Dedication, and Contribution to Federal Law Enforcement in the District of Oregon, Federal Law Enforcement Officers Association, Portland, Ore., 2014
  • Outstanding Prosecutive Skills and Assistance to the FBI, FBI Director James B. Comey, 2014
  • Outstanding Assistance and Support on Behalf of the Investigative and Protective Responsibilities of the Secret Service, United States Secret Service Director Julia A. Pierson, 2014
  • Exemplary Efforts on Defense Criminal Investigative Service Investigations, Defense Criminal Investigative Service Office of Inspector General, 2014
  • Outstanding Efforts In Support of the U.S. Postal Inspection Service’s Mission of Protecting the U.S. Mails from Criminal Activity, United States Postal Inspection Service, 2014
  • Appreciation for Protecting the Integrity of the Social Security Number, Social Security Administration Office of Inspector General, 2014
  • Outstanding Dedication and Exemplary Service to the United States Attorney’s Office, District of Oregon, 2014
  • Outstanding Prosecutive Skills and Assistance to the FBI, FBI Director Robert S. Mueller, III, 2010
  • Assistant Attorney General’s Award for Intra-Departmental Cooperation, Assistant Attorney General Matthew Friedrich, 2008
  • Superior Contributions to the Law Enforcement Responsibilities of the United States Secret Service, United States Secret Service, 2007
  • Dedication and Commitment to the Prosecution of Complex Financial Crimes, Internal Revenue Service Criminal Investigation Division, Portland Field Office, 2005
  • Director’s Award, Executive Office for United States Attorneys (EOUSA), 2004
  • Outstanding Assistance to the FBI, FBI Director Robert S. Mueller, III, 2002
  • Outstanding Prosecutive Skills and Assistance to the FBI, FBI Director Louis J. Freeh, 2001
  • Achievements and Contributions to the Department of Justice, Attorney General Janet Reno, 2000
  • Director’s Award, EOUSA,1997
  • Outstanding Contributions in the Field of Drug Law Enforcement, DEA, 1997

Education

University of Oregon School of Law

Juris Doctor, 1987

  • Moot Court Board
  • National Mock Trial Team
  • President, Student Bar Association
  • Centurion Award

Florida State University

Master of Science, Higher Education Administration, 1981

Linfield College

Bachelor of Arts, English and Psychology, 1980

  • President, Associated Students of Linfield College

arrow Back to Attorneys