JOHN WOODS is a recognized leader in cybersecurity investigations and legal issues. He also regularly advises on legal issues arising from national and economic security matters.
Since 1999, John has served as lead investigations counsel in some of the most impactful cybersecurity incidents — most notably the 2017 NotPetya malware outbreak and multiple matters in which the global ATM network payment system was targeted. He regularly advises organizations on cybersecurity incidents involving ransomware and data extortion responses.
John provides strategic counsel to clients on the intersection of geopolitical and legal risk in transnational data flows and has led complex data and technology derisking engagements. He also regularly advises financial services, defense industry, and other critical infrastructure entities on cyber resilience issues, and with cybersecurity and data compliance program development.
John is consistently ranked among the world’s leading cybersecurity lawyers and is acclaimed for his ability to translate complex technical issues into actionable legal strategies. According to Legal 500, one client notes that he is “the most innovative and solution-oriented lawyer” they have ever worked with. Another client praises his “exceptional knowledge” of cybersecurity resilience, citing his rare combination of technical understanding and legal acumen. Chambers USA has recognized John in multiple categories — most recently for Privacy & Data Security: Cybersecurity (Nationwide, 2024), he is ranked by Chambers Global for Privacy & Data Security: Cybersecurity (USA, 2025), and he has been lauded for his investigative work by Washingtonian magazine.
John is a member of the faculty at the University of Virginia School of Law, where he teaches a course on cybersecurity law.