Brandon Graves is a Partner at Centre Law & Consulting focusing on cybersecurity and privacy. He helps clients manage cybersecurity and supply chain crises, operate more securely, and comply with their contractual obligations.
He graduated from the United States Military Academy with a Computer Science degree, and the University of Virginia School of Law. Brandon is focused on bridging the gap between security professionals and clients’ compliance obligations to create practical, compliant security programs.
Career Highlights
Incident Response*
- Coached company with multiple business lines implicating varied regulatory regimes through incident response and breach notification. (2019)
Risk Assessment*
- Conducted risk assessment for companies as part of their regulatory obligations and reasonable security programs. (2018-2019)
Due Diligence*
- Conducted due diligence for acquisition of cybersecurity company. Diligence involved traditional information security topics as well as the technology underlying the business itself. (2018)
NYDFS Examinations*
- Guided multiple clients through NYDFS examinations. (2018)
Breach Investigation*
- Supervised investigation at international company into payment card breach involving thousands of locations and hundreds of acquirers. (2014-2017)
Counseling Financial Technology Service Provider*
- Assisted financial technology service provider in revising IT policies and procedures after FFIEC audit. (2017)
FTC Security Inquiry For Manufacturer*
- Represented manufacturer in response to FTC inquiry on security practices. This resulted in no further action by the FTC despite coverage in national media. (2015-2016)
Cyberattack and Breach Counseling*
- Counseled one of the world’s largest providers of banking and payment services with respect to a significant cyberattack. (2011-2012)
*experience from a prior firm.
Publications
- Panelist, “Cyber Risk Wednesday: A Conversation on the Software Supply Chain,” Atlantic Council, Washington, D.C., 10.09.19
- Co-presenter, “Data Mapping: An Essential Task for Cybersecurity and Compliance,” Lexology Webinar, 09.12.19
- In re LightYear Dealer Technologies d/b/a DealerBuilt, 06.14.19
- Interview, “E-discovery and Beyond: Facing Change in the Age of AI,” Law.com, 04.03.19
- California Enacts the Nation’s First Internet of Things Security Law, 10.03.18
- California Consumer Privacy Act: A Rapid Q&A, 06.29.18
- Co-presenter, “‘Reasonable’ Cybersecurity for Businesses: Developing a Comprehensive Cybersecurity Strategy,” Webinar, myLawCLE/Federal Bar Association, 06.28.18
- New Vermont Data Broker Regulatory Regime Is Enacted, 05.31.18
- “The Hacking Update,” CyberSecure 2017, New York, New York, 2017
- Co-author, “Navigating the Digital Age: The Definitive Cybersecurity Guide for Offices and Directors,” Caxton Business & Legal Inc., 10.2017
Bar Admissions
District of Columbia, 2011
Virginia, 2010
Education
J.D., University of Virginia School of Law, 2009
B.S., Computer Science, United States Military Academy, 2001