Dan Ongaro

Dan has been part of incidents involving ransomware, crypto-jacking, third party vendors, etc. and has helped clients respond to regulators, including the FTC, US state attorneys general, and international data protection authorities. He has also coordinated with class-action defense counsel on several class-action cases, including under the California Consumer Privacy Act (CCPA). 

His experience includes a decade as a cybersecurity consultant at a Big Four consulting firm and he is a Certified Information Systems Security Professional (CISSP), Certified Information Privacy Professional (CIPP/US), and a Certified Public Accountant (CPA) licensed in Virginia. This unique background allows him to communicate effectively with clients during these most-challenging events while also having the technical acumen to guide and understand forensic investigations. 

He also advises clients on proactively mitigating risks of an incident or non-compliance with cybersecurity and privacy requirements through structuring commercial agreements (including buy-side and sell-side mergers and acquisitions) to provide adequate protections. Dan regularly assists clients' compliance with laws such as: CCPA, the Health Insurance Portability and Accountability Act (HIPAA), and the General Data Protection Regulation (GDPR). He is also well-versed in various frameworks including: NIST 800-53, NIST 800-171, NIST Cybersecurity Framework (CSF), ISO 27001, FedRAMP, the Payment Card Industry Data Security Standard (PCI DSS), and others.