Alyssa serves as a vice chair of the Constangy Cyber Team and is located in Denver. She has extensive experience managing responses to data security incidents, having focused her practice solely on managing them, as well as on helping clients to anticipate, understand, and proactively mitigate cyber risk, for more than five years. Alyssa has provided fully managed incident response services to hundreds of clients, of all sizes and in all industry sectors. In addition, she has in-depth experience working with cyber insurance carriers and brokers on special programs to benefit internal and external stakeholders, including their insureds businesses. While pragmatically managing responses to data security incidents, Alyssa also provides clients with proactive data privacy and information security resources and training. She has unique insights on the importance of mitigating data privacy and security related liability due to her prior experience defending clients in complex civil litigations and regulatory investigations. In managing responses to data security incidents, Alyssa frequently facilitates digital forensics investigations, network restoration projects, and ransom negotiations. She regularly assesses, and helps clients to fulfill, consumer and regulatory notification obligations, liaises with law enforcement, advises on communications strategies, and helps clients to comply with applicable data privacy regulations. Alyssa is also a frequent featured speaker on cyber insurance, data privacy and security, and risk mitigation through proactive programs.
Alyssa previously worked as a litigation associate at an AmLaw 100 firm in New York, and she began her career with internships at the U.S. Department of State and the U.S. Department of Labor. She earned her Bachelor of Arts degree from the University of Maryland, magna cum laude. Alyssa obtained her law degree from New York University School of Law, where she was a Robert McKay Scholar and worked as an editor on the Annual Survey of American Law.
Coordinated incident response services for hundreds of clients, of all sizes and in all industry sectors (including, for example, healthcare, insurance, financial services, real estate, technology, retail, construction, and manufacturing), to assist them in recovering from, investigating, and responding to cybersecurity and data privacy incidents. Such incidents have included network intrusions, ransomware encryption and data extortion attacks, business email compromises, fraudulent wire transfer schemes, data loss/theft events, and internal threats, among others.
Provided fully managed incident response services to a Colorado municipality that fell victim to a BlackCat ransomware attack. This included, among other things, the identification of resources to assist with network restoration, the facilitation and management of a complex forensic investigation, the provision of strategic guidance with respect to external communications and threat actor negotiations, and the identification and fulfillment of applicable notification/reporting obligations, including to current/former employees, members of the public, and regulators.
Developed and executed strategy for a nonprofit, regional healthcare network to respond to a widespread business email compromise impacting employee personal information and patient-protected health information. This included, among other things, the facilitation and management of a complex forensic investigation, the identification and fulfillment of applicable notification/reporting obligations, the provision of defense services in response to a related class action lawsuit, and the preparation and coordination of responses to follow-on regulatory inquiries.
Guided the incident response efforts of an insurance agency in connection with a business email compromise resulting in the wire transfer of nearly $8,000,000 to a fraudulent bank account in Hong Kong. This included the coordination of funds recovery efforts involving the Federal Bureau of Investigation and relevant banking institutions, as well as the provision of communications guidance with respect to stakeholders associated with the transaction.
Advised a publicly-traded (NYSE) real estate company in connection with its response to, and investigation of, a Lockbit ransomware attack involving significant data exfiltration and subsequent notification to consumers/regulators.
Advised a publicly-traded (Nasdaq) engineering and scientific consulting firm in connection with its response to, and investigation of, a Ryuk ransomware attack involving analysis of Securities and Exchange Commission reporting obligations.
Prepared and facilitated Tabletop Exercises for a wide variety of clients including, for example, a U.S. law firm with approximately 300 attorneys located across 10 offices, an integrated financial services company with 1,800+ associates providing insurance and wealth management solutions, and an international real estate developer and manager with an estimated 20,000 employees.
Defended a provider of all-inclusive care for the elderly in a class action lawsuit stemming from an email spoofing attack resulting in the unauthorized acquisition of employee IRS Tax Form W-2 information.
Conducted an investigation on behalf of a client into allegations that the client's subsidiary allegedly had bribed foreign government officials in order to win business, in violation of the Foreign Corrupt Practices Act.
Led an investigation into whether or not company executives had knowledge of the conditions that led to an accident on company property, in violation of their fiduciary duties to shareholders, on behalf of a Special Litigation Committee established after the accident. Drafted a report and presented findings to the committee.
Represented a multinational corporation under scrutiny by U.S. and foreign antitrust authorities for possible bid-rigging and price-fixing violations.
Represented a client who was under investigation for wrongdoing by the U.S. Securities and Exchange Commission after the bankruptcy of a financial services firm.
Actively researched and analyzed difficult legal issues as part of team investigations and litigations. Drafted related memoranda, pleadings, motions, briefs, and reports of findings.
Interviewed critical fact and expert witnesses and drafted summaries, affidavits, and reports. Participated in and directed depositions in multi-billion dollar securities cases. Presented and argued in open court, and conducted examinations and cross-examinations, in immigration cases.
Managed the logistics of discovery for a number of cases, including several that involved foreign witnesses and documents. Oversaw a team of lawyers, negotiated with opposing counsel, collaborated with co-defense attorneys, and advocated for clients in discovery disputes.
Regularly represented clients pro bono in matters involving applications for Asylum, U-Visas, and T-Visas. Designed a system to regularly represent U-Visa applicants; and was awarded the Sanctuary for Families' 2010 Award for Excellence in Pro Bono Advocacy for the system.
News & Analysis
Speaking Engagements & Industry Publications
- Panelist, "The Nature of the Threats Facing SMBs," Colorado Attorney General's Office, Denver, CO, 1.28.2020
- Speaker, "What Worries You Most When Responding to a Cyber Security Incident?," IG3, Newport Coast, CA, 12.12.19
- Panelist, "Mega-Breaches: Why Are They Still Happening," NetDiligence Cyber Risk Summit, London, UK, 12.3.19
- Presenter, "Cybersecurity: Emerging Threats & Legal Landscape," Colorado Attorney General's Office, 11.12.19
- Speaker, "Anatomy of a Data Breach," 5th Annual Cyber Liability Symposium, Seattle, Washington, 8.21.19
- Speaker, "Cybersecurity: Emerging Threats & Legal Landscape," 5th Annual Cyber Liability Symposium, Seattle, Washington, 8.21.19
- Panelist, "The Future of Cyber Crime and Insurance," IMA Financial Group Techworking, Denver, Colorado, 07.18.19
- Presenter, "Cybersecurity Threats & the Legal Landscape," Network Adjusters, Denver, Colorado, 06.10.19
- Panelist, “The Anatomy of a Cyber Event,” PLUS Southwest Chapter Seminar, Denver, Colorado, 04.18.19
- Panelist, “It’s No Longer IF, It’s WHEN -- Cyber Threat Landscape and Legislative Trends,” Lockton Phoenix Inaugural Cyber Day, Phoenix, Arizona, 02.26.19
- Panelist, “Data Privacy & Cybersecurity 101,” IMA Corp., Kansas City, Kansas, 01.22.19
- Panelist, “Colorado’s New Data Privacy Law: What It Is and Its Impact on You and Your Clients,” Colorado Bar Association Financial Institutions Section, Denver, Colorado, 10.17.18
- Panelist, “How to Implement Best Practices Around Identifying, Protecting, Detecting, Responding and Recovering from a CyberIncident,” Lockton Mountain West Cyber Day, Denver, Colorado,10.04.18
Blogs, Videos & Podcasts
- Constangy Cyber Advisor ,
- Constangy Cyber Advisor ,
New York University School of Law
- J.D., 2007
- Robert McKay Scholar (Top 25%)
- Annual Survey of American Law, Staff Editor
University of Maryland
- B.A., magna cum laude, 2004
- Journalism, Government & Politics
- Phi Beta Kappa; Kappa Tau Alpha (Journalism)
- Dean’s List (All semesters)
- Dean’s Award for Academic Excellence
- College Park Scholars Citation (Media, Self, & Society)
- Diamondback Newspaper, Writer and Beat Reporter
- Phi Sigma Pi National Honor, Fraternity President and Committee Chair
Bar & Court Admissions
- Colorado, 2015
- New York, 2008