John Stark

Senior Lecturing Fellow


John Reed Stark is teaching Data Breach Response and Cybersecurity Due Diligence at Duke Law in the spring 2019 semester.  He is a cybersecurity and data breach response expert and president of John Reed Stark Consulting LLC, where he quarterbacks teams of technical, compliance and legal experts in data breach, cyber-incident response, digital forensics, security science, cyber risk resilience and investigations for a public and private companies, professional service firms and government agencies. He is the author of The Cybersecurity Due Diligence Handbook, and has published numerous articles and comments frequently in the media on cyber-related topics, including regulation, compliance, risk resilience and incident response. He previously wrote a column for Compliance Week magazine and his blog, "Stark on IR," can be found on Cybersecurity Docket (where he is also contributing editor).

Stark also serves as an expert in engagements pertaining to technological aspects of investigations, prosecutions and enforcement matters conducted by the SEC, FINRA and the U.S. Department of Justice (DOJ) and aids in structuring and running corporate compliance projects for broker-dealers, investment advisers and other regulated entities. He provides neutral expert testimony in the realm of technology and securities regulation on behalf of individuals and entities, including in opposition to, and on behalf of, the SEC and other government agencies. 

Stark’s 20 year career at the U.S. Securities and Exchange Commission included an 11-year tenure as founder and chief of its Office of Internet Enforcement, during which he led an extensive range of substantial and pioneering SEC enforcement actions.  During his subsequent tenure as managing director and Washington, D.C. office head at Stroz Friedberg LLC, an international digital risk management firm, he gained an unusual breadth of experience in the realm of technology-related law enforcement and regulation; in cyber-incident response and digital risk resilience; and in leading all varieties of technology-related crisis management. He has received numerous acknowledgements as being among the top securities and enforcement attorneys and data breach response attorneys in the country.

Stark taught a course on law, regulation, cybercrime, and technology at Georgetown University Law School for 15 years and a similar course during Duke Law School's Wintersession in 2017 and 2018. He has also taught a range of in-service sessions on cybercrime at the FBI Academy in Quantico, Va.

Stark received his JD at Duke Law School in 1989 and is a member of the Law School’s Board of Visitors. He received the Law School’s Young Alumni Award in 2004. He received his BA in 1986 from Union College.