Brandon focuses his practice on cybersecurity incident response and data privacy. He counsels clients through all phases of cyber incidents, including ransomware attacks, business email compromises, insider threats and data breaches involving sensitive personal and protected health information.

Brandon serves as a primary point of contact for clients navigating active cyber incidents, providing practical, real-time guidance in high-pressure situations. He coordinates incident response efforts across multidisciplinary teams, including forensic investigators, threat actor negotiators and public relations professionals. His experience includes managing vendor workstreams, advising on legal and operational risk and developing communication strategies. He completed a ten-month secondment with a cyber insurance carrier where he guided their insureds through cybersecurity incidents.

He regularly advises on breach notification obligations under state, federal, international and industry-specific frameworks, including HIPAA and GLBA. Brandon drafts consumer and regulatory notifications, defends regulatory proceedings and interfaces with regulators and law enforcement, including the FBI.

In addition to incident response, Brandon advises clients on privacy compliance and risk mitigation. He has experience developing and implementing privacy programs for organizations subject to new and evolving legal requirements, including comprehensive state privacy laws. His work includes helping clients build privacy frameworks from the ground up, including through a client secondment supporting the development of an organization’s privacy program. Brandon also advises on international data protection issues, including the GDPR. He further helps organizations prepare for cybersecurity incidents by developing and refining incident response plans and conducting tabletop exercises to test and strengthen internal response capabilities.

Brandon frequently works with clients in the healthcare and financial services sectors, including credit unions, providing both incident response support and ongoing privacy guidance. He also advises clients on potential litigation exposure and downstream risks arising from cybersecurity incidents.

Brandon briefly lived in England where he earned a qualifying law degree from the University of Birmingham (U.K.). He then earned an LL.M. from the University of Missouri–Kansas City and was admitted to the Missouri bar. He is a Certified Information Privacy Professional/Europe (CIPP/E).