John W Woods

Practice Areas

JOHN WOODS is a recognized leader in cybersecurity investigations, national security law, and the intersection of technology and legal risk. He has served as lead investigations counsel in a number of landmark matters since 1999 — including three targeted victims in the NotPetya malware incident, the TJX credit card theft, and three different prepaid card processors in a multi-year coordinated ATM cash-out scheme in which aggregate theft exceeded $65 million. He regularly advises on ransomware and data extortion response, and counsels financial services, defense industry, and critical infrastructure entities on cyber resilience and cybersecurity program development. John currently represents Fortune 100 companies on national security-driven data transfer and cybersecurity compliance, including matters addressing Executive Order 14117 and China's Personal Information Protection Law (PIPL). He is advising a Fortune 500 entity and several major financial institutions on cybersecurity related compliance issues arising from frontier AI models, including Anthropic's Mythos. In the area of technology legal risk, he is advising a major online platform on legal issues arising from AI chatbot outputs in highly regulated product domains. In the national security area, in 2025 he represented a U.S. proxy entity on FOCI, DCSA interactions, and technology compliance issues associated with a large defense industry transaction. He is a Lecturer in Cybersecurity Law at the University of Virginia School of Law.

John provides strategic counsel to clients on the intersection of geopolitical and legal risk in transnational data flows and has led complex data and technology derisking engagements. He also regularly advises financial services, defense industry, and other critical infrastructure entities on cyber resilience issues, and with cybersecurity and data compliance program development.